algos 0.6.8

A collection of algorithms in Rust
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282

//! DISCLAIMER: This library is a toy example of the Twofish block cipher in pure Rust.
//! It is *EXCLUSIVELY* for demonstration and educational purposes. Absolutely DO NOT use it
//! for real cryptographic or security-sensitive operations. It is not audited, not vetted,
//! and very likely insecure in practice. If you need Twofish or any cryptographic operations
//! in production, please use a vetted, well-reviewed cryptography library.

use core::convert::TryInto;

/// Twofish block size is 128 bits (16 bytes).
pub const TWOFISH_BLOCK_SIZE: usize = 16;

/// Twofish supports keys of 128, 192, or 256 bits. We'll represent them by length in bytes (16, 24, 32).
#[derive(Debug, Clone, Copy)]
pub enum TwofishKeySize {
    Bits128,
    Bits192,
    Bits256,
}

/// The maximum number of subkeys for Twofish:
/// - We generate 40 subkeys (each 32 bits) => 40 * 4 = 160 bytes total subkey space.
pub const TWOFISH_SUBKEY_COUNT: usize = 40;
/// MDS matrix dimension for polynomial multiplication in GF(256).
pub const MDS_DIM: usize = 4;

/// Toy structure holding the Twofish subkeys and internal key-dependent S-Boxes.
#[derive(Debug)]
pub struct TwofishKey {
    /// The expanded subkeys K[0..39], each is 4 bytes => total 40 * 4 = 160 bytes.
    pub subkeys: [u32; TWOFISH_SUBKEY_COUNT],
    /// The s-box keys used for the g() function, typically 4 words if 128-bit key, else 8 words, etc.
    /// We'll store enough for up to 8 in a simplified manner.
    sbox_keys: [u32; 8],
    /// The actual number of sbox_keys used depends on key size (kwords).
    kwords: usize,
}

/// A toy Twofish block encryption/decryption context.
/// Absolutely do not use for real security.
impl TwofishKey {
    /// Create a new TwofishKey from the raw key bytes and key size info.
    ///
    /// # Panics
    /// - If `key_data.len()` doesn't match the declared `TwofishKeySize`.
    /// - This code is purely for demonstration, so definitely not secure.
    pub fn new(key_data: &[u8], key_size: TwofishKeySize) -> Self {
        let (expected_len, kwords) = match key_size {
            TwofishKeySize::Bits128 => (16, 4),
            TwofishKeySize::Bits192 => (24, 6),
            TwofishKeySize::Bits256 => (32, 8),
        };
        if key_data.len() != expected_len {
            panic!("Invalid key length for TwofishKeySize");
        }

        // Initialize subkeys and sbox keys to zero
        let mut key = TwofishKey {
            subkeys: [0u32; TWOFISH_SUBKEY_COUNT],
            sbox_keys: [0u32; 8],
            kwords,
        };

        // Convert key bytes to words
        let mut key_words = vec![0u32; kwords];
        for (i, chunk) in key_data.chunks_exact(4).enumerate().take(kwords) {
            key_words[i] = u32::from_le_bytes(chunk.try_into().unwrap());
        }

        // Expand the key using the official Twofish approach (simplified here).
        key.twofish_key_schedule(&key_words);

        key
    }

    /// Encrypt a single 128-bit block in place.
    /// DO NOT use in production.
    pub fn encrypt_block(&self, block: &mut [u8; TWOFISH_BLOCK_SIZE]) {
        // parse input into four 32-bit words
        let mut x = [
            u32::from_le_bytes(block[0..4].try_into().unwrap()),
            u32::from_le_bytes(block[4..8].try_into().unwrap()),
            u32::from_le_bytes(block[8..12].try_into().unwrap()),
            u32::from_le_bytes(block[12..16].try_into().unwrap()),
        ];

        // input whitening
        x[0] ^= self.subkeys[0];
        x[1] ^= self.subkeys[1];
        x[2] ^= self.subkeys[2];
        x[3] ^= self.subkeys[3];

        // 16 rounds
        for r in 0..16 {
            let t0 = self.g_function(x[0], 0);
            let t1 = self.g_function(rol(x[1], 8), 1);

            let f0 = t0.wrapping_add(t1).wrapping_add(self.subkeys[8 + 2 * r]);
            let f1 = t0
                .wrapping_add(t1.wrapping_mul(2))
                .wrapping_add(self.subkeys[9 + 2 * r]);

            // apply f0, f1 to x[2], x[3]
            let tmp2 = rol(x[2] ^ f0, 1);
            let tmp3 = ror(x[3], 1) ^ f1;
            x[2] = tmp2;
            x[3] = tmp3;

            // rotate the block words left
            if r != 15 {
                let t0 = x[0];
                let t1 = x[1];
                x[0] = x[2];
                x[1] = x[3];
                x[2] = t0;
                x[3] = t1;
            }
        }

        // output whitening
        x[2] ^= self.subkeys[4];
        x[3] ^= self.subkeys[5];
        x[0] ^= self.subkeys[6];
        x[1] ^= self.subkeys[7];

        // pack back
        block[0..4].copy_from_slice(&x[0].to_le_bytes());
        block[4..8].copy_from_slice(&x[1].to_le_bytes());
        block[8..12].copy_from_slice(&x[2].to_le_bytes());
        block[12..16].copy_from_slice(&x[3].to_le_bytes());
    }

    /// Decrypt a single 128-bit block in place.
    /// DO NOT use in production.
    pub fn decrypt_block(&self, block: &mut [u8; TWOFISH_BLOCK_SIZE]) {
        // parse input
        let mut x = [
            u32::from_le_bytes(block[0..4].try_into().unwrap()),
            u32::from_le_bytes(block[4..8].try_into().unwrap()),
            u32::from_le_bytes(block[8..12].try_into().unwrap()),
            u32::from_le_bytes(block[12..16].try_into().unwrap()),
        ];

        // undo output whitening
        x[0] ^= self.subkeys[6];
        x[1] ^= self.subkeys[7];
        x[2] ^= self.subkeys[4];
        x[3] ^= self.subkeys[5];

        // 16 rounds in reverse
        for r in (0..16).rev() {
            // unrotate if not the first round
            if r != 15 {
                let t2 = x[2];
                let t3 = x[3];
                x[2] = x[0];
                x[3] = x[1];
                x[0] = t2;
                x[1] = t3;
            }

            let t0 = self.g_function(x[0], 0);
            let t1 = self.g_function(rol(x[1], 8), 1);

            let f0 = t0.wrapping_add(t1).wrapping_add(self.subkeys[8 + 2 * r]);
            let f1 = t0
                .wrapping_add(t1.wrapping_mul(2))
                .wrapping_add(self.subkeys[9 + 2 * r]);

            // undo the round function
            let tmp2 = ror(x[2], 1) ^ f0;
            let tmp3 = rol(x[3] ^ f1, 1);
            x[2] = tmp2;
            x[3] = tmp3;
        }

        // undo input whitening
        x[0] ^= self.subkeys[0];
        x[1] ^= self.subkeys[1];
        x[2] ^= self.subkeys[2];
        x[3] ^= self.subkeys[3];

        // pack back
        block[0..4].copy_from_slice(&x[0].to_le_bytes());
        block[4..8].copy_from_slice(&x[1].to_le_bytes());
        block[8..12].copy_from_slice(&x[2].to_le_bytes());
        block[12..16].copy_from_slice(&x[3].to_le_bytes());
    }

    // The g-function uses the key-dependent s-box, MDS matrix.
    // We'll do a partial approach here (toy).
    fn g_function(&self, x: u32, start: usize) -> u32 {
        // We'll do a simplified "h" function from Twofish specs, using the s-box keys, etc.
        // Real Twofish uses 4 bytes mapped through a key-based s-box, then MDS multiply.
        let mut b = [
            (x & 0xFF) as u8,
            ((x >> 8) & 0xFF) as u8,
            ((x >> 16) & 0xFF) as u8,
            ((x >> 24) & 0xFF) as u8,
        ];
        // apply key-based s-box step (toy)
        for b_val in b.iter_mut() {
            *b_val = mds_q0q1(*b_val) ^ (self.sbox_keys[start] as u8);
        }
        // then MDS multiply (toy)
        apply_mds(&b)
    }

    /// The core key schedule for subkeys, sbox keys, etc.
    fn twofish_key_schedule(&mut self, key_words: &[u32]) {
        // We won't implement the full official approach in detail (just enough to show the structure).
        // Real Twofish does: generate sbox_keys from mekey, generate subkeys from moKey, etc.
        // We'll produce minimal plausible subkeys:

        // let's fill subkeys[0..8] as "input/output whitening"
        // subkeys[8..] as "round subkeys" for 16 rounds => total 32 round subkeys
        // 8 + 32 = 40 => subkeys

        for (i, sbox_key) in self.sbox_keys.iter_mut().enumerate().take(self.kwords) {
            *sbox_key = key_words[i].rotate_left(3 * (i as u32)); // toy manip
        }

        for (i, subkey) in self.subkeys.iter_mut().enumerate() {
            // toy expansion
            *subkey = i as u32 ^ 0x9E3779B9; // example: some golden ratio constant
                                             // in real code: compute subkey using polynomial-based approach or "RS" matrix, etc.
        }
        // add something from key
        for (i, &w) in key_words.iter().enumerate() {
            self.subkeys[i] ^= w;
        }
    }
}

// Toy MDS multiply with a single function. Real code uses a big matrix or references
fn apply_mds(b: &[u8; 4]) -> u32 {
    // This is a placeholder. Real MDS is a 4x4 matrix over GF(256).
    // We'll do some toy GF manipulation:
    b.iter().enumerate().fold(0u32, |result, (i, &byte)| {
        result ^ ((byte as u32) << (8 * i))
    })
}

// Toy Q-box function for demonstration
fn mds_q0q1(x: u8) -> u8 {
    // In real Twofish, there's a Q0, Q1 permutations. We'll just do a nibble swap or something.
    // This is purely to show structure, not correct for real Twofish.
    let hi = x >> 4;
    let lo = x & 0xF;
    (lo << 4) | hi
}

// rotate left and rotate right
fn rol(x: u32, n: u32) -> u32 {
    x.rotate_left(n)
}
fn ror(x: u32, n: u32) -> u32 {
    x.rotate_right(n)
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_twofish_toy() {
        // We'll do a minimal test with a 128-bit key, a block of 16 zero bytes, just to see it "moves".
        let key_data = [0xAAu8; 16];
        let tf = TwofishKey::new(&key_data, TwofishKeySize::Bits128);

        let mut block = [0u8; TWOFISH_BLOCK_SIZE];
        let orig = block;
        tf.encrypt_block(&mut block);
        // check it changed
        assert_ne!(block, orig, "Twofish encrypt did not change the block");

        tf.decrypt_block(&mut block);
        assert_eq!(
            block, orig,
            "Twofish decrypt did not restore the original block"
        );
    }
}