ViewVC Help
View File | Revision Log | Show Annotations | Download File
/cvs/Crypt-Twofish2/table.h
Revision: 1.2
Committed: Wed Dec 1 02:12:30 2010 UTC (14 years ago) by root
Content type: text/plain
Branch: MAIN
CVS Tags: rel-1_02, rel-1_03, HEAD
Changes since 1.1: +1 -1 lines
Log Message:
1.02

File Contents

# User Rev Content
1 root 1.1 /***************************************************************************
2     TABLE.H -- Tables, macros, constants for Twofish S-boxes and MDS matrix
3    
4     Submitters:
5     Bruce Schneier, Counterpane Systems
6     Doug Whiting, Hi/fn
7     John Kelsey, Counterpane Systems
8     Chris Hall, Counterpane Systems
9     David Wagner, UC Berkeley
10    
11     Code Author: Doug Whiting, Hi/fn
12    
13     Version 1.00 April 1998
14    
15     Copyright 1998, Hi/fn and Counterpane Systems. All rights reserved.
16    
17     Notes:
18     * Tab size is set to 4 characters in this file
19     * These definitions should be used in optimized and unoptimized
20     versions to insure consistency.
21    
22     ***************************************************************************/
23    
24     /* for computing subkeys */
25     #define SK_STEP 0x02020202u
26     #define SK_BUMP 0x01010101u
27     #define SK_ROTL 9
28    
29     /* Reed-Solomon code parameters: (12,8) reversible code
30     g(x) = x**4 + (a + 1/a) x**3 + a x**2 + (a + 1/a) x + 1
31     where a = primitive root of field generator 0x14D */
32     #define RS_GF_FDBK 0x14D /* field generator */
33     #define RS_rem(x) \
34     { BYTE b = (BYTE) (x >> 24); \
35     DWORD g2 = ((b << 1) ^ ((b & 0x80) ? RS_GF_FDBK : 0 )) & 0xFF; \
36     DWORD g3 = ((b >> 1) & 0x7F) ^ ((b & 1) ? RS_GF_FDBK >> 1 : 0 ) ^ g2 ; \
37     x = (x << 8) ^ (g3 << 24) ^ (g2 << 16) ^ (g3 << 8) ^ b; \
38     }
39    
40     /* Macros for the MDS matrix
41     * The MDS matrix is (using primitive polynomial 169):
42     * 01 EF 5B 5B
43     * 5B EF EF 01
44     * EF 5B 01 EF
45     * EF 01 EF 5B
46     *----------------------------------------------------------------
47     * More statistical properties of this matrix (from MDS.EXE output):
48     *
49     * Min Hamming weight (one byte difference) = 8. Max=26. Total = 1020.
50     * Prob[8]: 7 23 42 20 52 95 88 94 121 128 91
51     * 102 76 41 24 8 4 1 3 0 0 0
52     * Runs[8]: 2 4 5 6 7 8 9 11
53     * MSBs[8]: 1 4 15 8 18 38 40 43
54     * HW= 8: 05040705 0A080E0A 14101C14 28203828 50407050 01499101 A080E0A0
55     * HW= 9: 04050707 080A0E0E 10141C1C 20283838 40507070 80A0E0E0 C6432020 07070504
56     * 0E0E0A08 1C1C1410 38382820 70705040 E0E0A080 202043C6 05070407 0A0E080E
57     * 141C101C 28382038 50704070 A0E080E0 4320C620 02924B02 089A4508
58     * Min Hamming weight (two byte difference) = 3. Max=28. Total = 390150.
59     * Prob[3]: 7 18 55 149 270 914 2185 5761 11363 20719 32079
60     * 43492 51612 53851 52098 42015 31117 20854 11538 6223 2492 1033
61     * MDS OK, ROR: 6+ 7+ 8+ 9+ 10+ 11+ 12+ 13+ 14+ 15+ 16+
62     * 17+ 18+ 19+ 20+ 21+ 22+ 23+ 24+ 25+ 26+
63     */
64     #define MDS_GF_FDBK 0x169 /* primitive polynomial for GF(256) */
65     #define LFSR1(x) ( ((x) >> 1) ^ (((x) & 0x01) ? MDS_GF_FDBK/2 : 0))
66     #define LFSR2(x) ( ((x) >> 2) ^ (((x) & 0x02) ? MDS_GF_FDBK/2 : 0) \
67     ^ (((x) & 0x01) ? MDS_GF_FDBK/4 : 0))
68    
69     #define Mx_1(x) ((DWORD) (x)) /* force result to dword so << will work */
70     #define Mx_X(x) ((DWORD) ((x) ^ LFSR2(x))) /* 5B */
71     #define Mx_Y(x) ((DWORD) ((x) ^ LFSR1(x) ^ LFSR2(x))) /* EF */
72    
73     #define M00 Mul_1
74     #define M01 Mul_Y
75     #define M02 Mul_X
76     #define M03 Mul_X
77    
78     #define M10 Mul_X
79     #define M11 Mul_Y
80     #define M12 Mul_Y
81     #define M13 Mul_1
82    
83     #define M20 Mul_Y
84     #define M21 Mul_X
85     #define M22 Mul_1
86     #define M23 Mul_Y
87    
88     #define M30 Mul_Y
89     #define M31 Mul_1
90     #define M32 Mul_Y
91     #define M33 Mul_X
92    
93     #define Mul_1 Mx_1
94     #define Mul_X Mx_X
95     #define Mul_Y Mx_Y
96    
97     /* Define the fixed p0/p1 permutations used in keyed S-box lookup.
98     By changing the following constant definitions for P_ij, the S-boxes will
99     automatically get changed in all the Twofish source code. Note that P_i0 is
100     the "outermost" 8x8 permutation applied. See the f32() function to see
101     how these constants are to be used.
102     */
103     #define P_00 1 /* "outermost" permutation */
104     #define P_01 0
105     #define P_02 0
106     #define P_03 (P_01^1) /* "extend" to larger key sizes */
107     #define P_04 1
108    
109     #define P_10 0
110     #define P_11 0
111     #define P_12 1
112     #define P_13 (P_11^1)
113     #define P_14 0
114    
115     #define P_20 1
116     #define P_21 1
117     #define P_22 0
118     #define P_23 (P_21^1)
119     #define P_24 0
120    
121     #define P_30 0
122     #define P_31 1
123     #define P_32 1
124     #define P_33 (P_31^1)
125     #define P_34 1
126    
127     #define p8(N) P8x8[P_##N] /* some syntax shorthand */
128    
129     /* fixed 8x8 permutation S-boxes */
130    
131     /***********************************************************************
132     * 07:07:14 05/30/98 [4x4] TestCnt=256. keySize=128. CRC=4BD14D9E.
133     * maxKeyed: dpMax = 18. lpMax =100. fixPt = 8. skXor = 0. skDup = 6.
134     * log2(dpMax[ 6..18])= --- 15.42 1.33 0.89 4.05 7.98 12.05
135     * log2(lpMax[ 7..12])= 9.32 1.01 1.16 4.23 8.02 12.45
136     * log2(fixPt[ 0.. 8])= 1.44 1.44 2.44 4.06 6.01 8.21 11.07 14.09 17.00
137     * log2(skXor[ 0.. 0])
138     * log2(skDup[ 0.. 6])= --- 2.37 0.44 3.94 8.36 13.04 17.99
139     ***********************************************************************/
140 root 1.2 static CONST BYTE P8x8[2][256] =
141 root 1.1 {
142     /* p0: */
143     /* dpMax = 10. lpMax = 64. cycleCnt= 1 1 1 0. */
144     /* 817D6F320B59ECA4.ECB81235F4A6709D.BA5E6D90C8F32471.D7F4126E9B3085CA. */
145     /* Karnaugh maps:
146     * 0111 0001 0011 1010. 0001 1001 1100 1111. 1001 1110 0011 1110. 1101 0101 1111 1001.
147     * 0101 1111 1100 0100. 1011 0101 0010 0000. 0101 1000 1100 0101. 1000 0111 0011 0010.
148     * 0000 1001 1110 1101. 1011 1000 1010 0011. 0011 1001 0101 0000. 0100 0010 0101 1011.
149     * 0111 0100 0001 0110. 1000 1011 1110 1001. 0011 0011 1001 1101. 1101 0101 0000 1100.
150     */
151     {
152     0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76,
153     0x9A, 0x92, 0x80, 0x78, 0xE4, 0xDD, 0xD1, 0x38,
154     0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
155     0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48,
156     0xF2, 0xD0, 0x8B, 0x30, 0x84, 0x54, 0xDF, 0x23,
157     0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
158     0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C,
159     0xA6, 0xEB, 0xA5, 0xBE, 0x16, 0x0C, 0xE3, 0x61,
160     0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
161     0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1,
162     0xE1, 0xE6, 0xBD, 0x45, 0xE2, 0xF4, 0xB6, 0x66,
163     0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
164     0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA,
165     0xEA, 0x77, 0x39, 0xAF, 0x33, 0xC9, 0x62, 0x71,
166     0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
167     0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7,
168     0xA1, 0x1D, 0xAA, 0xED, 0x06, 0x70, 0xB2, 0xD2,
169     0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
170     0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB,
171     0x9E, 0x9C, 0x52, 0x1B, 0x5F, 0x93, 0x0A, 0xEF,
172     0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
173     0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64,
174     0x2A, 0xCE, 0xCB, 0x2F, 0xFC, 0x97, 0x05, 0x7A,
175     0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
176     0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02,
177     0xB8, 0xDA, 0xB0, 0x17, 0x55, 0x1F, 0x8A, 0x7D,
178     0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
179     0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34,
180     0x6E, 0x50, 0xDE, 0x68, 0x65, 0xBC, 0xDB, 0xF8,
181     0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
182     0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00,
183     0x6F, 0x9D, 0x36, 0x42, 0x4A, 0x5E, 0xC1, 0xE0
184     },
185     /* p1: */
186     /* dpMax = 10. lpMax = 64. cycleCnt= 2 0 0 1. */
187     /* 28BDF76E31940AC5.1E2B4C376DA5F908.4C75169A0ED82B3F.B951C3DE647F208A. */
188     /* Karnaugh maps:
189     * 0011 1001 0010 0111. 1010 0111 0100 0110. 0011 0001 1111 0100. 1111 1000 0001 1100.
190     * 1100 1111 1111 1010. 0011 0011 1110 0100. 1001 0110 0100 0011. 0101 0110 1011 1011.
191     * 0010 0100 0011 0101. 1100 1000 1000 1110. 0111 1111 0010 0110. 0000 1010 0000 0011.
192     * 1101 1000 0010 0001. 0110 1001 1110 0101. 0001 0100 0101 0111. 0011 1011 1111 0010.
193     */
194     {
195     0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8,
196     0x4A, 0xD3, 0xE6, 0x6B, 0x45, 0x7D, 0xE8, 0x4B,
197     0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
198     0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F,
199     0x5E, 0xBA, 0xAE, 0x5B, 0x8A, 0x00, 0xBC, 0x9D,
200     0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
201     0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3,
202     0xB2, 0x73, 0x4C, 0x54, 0x92, 0x74, 0x36, 0x51,
203     0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
204     0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C,
205     0x13, 0x95, 0x9C, 0xC7, 0x24, 0x46, 0x3B, 0x70,
206     0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
207     0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC,
208     0x03, 0x6F, 0x08, 0xBF, 0x40, 0xE7, 0x2B, 0xE2,
209     0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
210     0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17,
211     0x66, 0x94, 0xA1, 0x1D, 0x3D, 0xF0, 0xDE, 0xB3,
212     0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
213     0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49,
214     0x81, 0x88, 0xEE, 0x21, 0xC4, 0x1A, 0xEB, 0xD9,
215     0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
216     0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48,
217     0x4F, 0xF2, 0x65, 0x8E, 0x78, 0x5C, 0x58, 0x19,
218     0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
219     0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5,
220     0xCE, 0xE9, 0x68, 0x44, 0xE0, 0x4D, 0x43, 0x69,
221     0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
222     0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC,
223     0x22, 0xC9, 0xC0, 0x9B, 0x89, 0xD4, 0xED, 0xAB,
224     0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
225     0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2,
226     0x16, 0x25, 0x86, 0x56, 0x55, 0x09, 0xBE, 0x91
227     }
228     };