DESCRIPTION
libtwofish is a small library to encrypt and decrypt data using the Twofish cryptographic algorithm.
FUNCTIONS
- void Twofish_initialise(void);
This function must be called before any other function in the Twofish implementation is called upon. The call needs only be made once in each application program.
Apart from initialising the engine, the call also performs a self test.
- void Twofish_prepare_key(Twofish_Byte key[], int key_len, Twofish_key *xkey);
The cipher key is an array of bytes. The type Twofish_Byte is internally defined to a type suitable for your platform.
Any key must be converted to the internal representation xkey as a Twofish_key structure before it can be used. The encryption and decryption functions only work with the internal form. The conversion to internal form need only be done once for each key value.
Be sure to wipe all key storage, including the Twofish_key structure, once you are done with the key data. A simple call
-
memset(xkey, 0, sizeof(Twofish_key));
will do just fine.
Unlike most implementations, the present one allows any key size from zero bytes to 32 bytes. According to the Twofish specifications, irregular key sizes are handled by padding the key with zeroes at the end until the key size is 16, 24, or 32 bytes, whichever comes first. Note that each key of irregular size is equivalent to exactly one key of 16, 24, or 32 bytes.
The key length argument key_len must be in the proper range. If key_len is not in the range 0,...,32, this routine attempts to generate a fatal error (depending on the code environment), and at best (or worst) returns without having done anything.
- void Twofish_encrypt(Twofish_key *xkey, Twofish_Byte plain[16], Twofish_Byte crypto[16]);
This function encrypts a single block of 16 bytes of data. If you want to encrypt a larger or variable-length message, you will have to use a cipher mode, such as CBC or CTR. These are outside the scope of this implementation.
The xkey structure is not modified by this routine, and can be used for further encryption and decryption operations.
- void Twofish_decrypt(Twofish_key *xkey, Twofish_Byte crypto[16], Twofish_Byte plain[16]);
This function decrypts a single block of 16 bytes of data. If you want to decrypt a larger or variable-length message, you will have to use a cipher mode, such as CBC or CTR. These are outside the scope of this implementation.
The xkey structure is not modified by this routine, and can be used for further encryption and decryption operations.
EXAMPLE
-
/* * catwo.c * * A simple-minded encryptor and decryptor application. * * Usage: catwo {[-e] | -d} key-string < infile > outfile * * The switch "-d" calls for decryption, whereas the optional * switch "-e" entails encryption. * * The argument "key-string" is required to contain at least * two characters, and will be truncated at 32 characters. * The program reads from STDIN and writes to STDOUT. * * Of technical reasons, the encrypted output will be increased * to a size of the nearest multiple of 16. Likewise, any decrypted * output will be padded with NUL until the same size condition holds. */ #include <stdio.h> #include <string.h> #include <stdlib.h> #include <unistd.h> #include <twofish.h> #define MIN_KEYLEN 2 int main(int argc, char * argv[]) { size_t keylen; int shift = 1, encrypt = 1; Twofish_Byte key[32]; Twofish_key xkey; Twofish_Byte inblock[16], outblock[16]; memset(key, 0, sizeof(key)); if (argc < 2) return 1; /* No key is possible. */ if (strcmp(argv[1], "-d") == 0) encrypt = 0; else if (strcmp(argv[1], "-e") != 0) shift = 0; if (argc - shift < 2) return 1; /* No key is possible. */ keylen = strlen(argv[1 + shift]); if (keylen < MIN_KEYLEN) { fprintf(stderr, "Key material too short.\n"); return 1; } if (keylen > sizeof(key)) keylen = sizeof(key); Twofish_initialise(); strncpy((char *) key, argv[1 + shift], sizeof(key)); memset(inblock, 0, sizeof(inblock)); Twofish_prepare_key(key, keylen, &xkey); while (read(STDIN_FILENO, inblock, sizeof(inblock)) > 0) { if (encrypt) Twofish_encrypt(&xkey, inblock, outblock); else Twofish_decrypt(&xkey, inblock, outblock); write(STDOUT_FILENO, outblock, sizeof(outblock)); memset(inblock, 0, sizeof(inblock)); } return 0; }
AUTHOR
This text was written by Mats Erik Andersson for the Debian GNU/Linux system, but may be used by others. It is mainly collected from the source header file twofish.h. Permission is granted to copy, distribute and/or modify this document under the same terms as libtwofish itself.
COPYRIGHT
Copyright © 2010 Mats Erik Andersson