Notes to those wishing to use our Twofish code

(from commonly asked questions)

The AES submission process required an implementation of Twofish in C, as well as a test module to generate Known Answer Tests (KATs). The test module is TST2FISH.C. This module was not designed for general use, so you should use it only as an illustration of how the Twofish functions are used. The main optimized C module is TWOFISH2.C, which includes several header files. The 386 assembly version is 2FISH_86.ASM.

The AES API, defined somewhat superficially in AES.H, is not the cleanest or simplest possible API. It can be a bit confusing and inefficient, particularly with regard to key setup. You may need to study the code for a while to understand how the key setup functions actually work; in particular, note that makeKey() takes the key material as an ASCIIZ hex string. Using reKey() is a simpler interface, but you should call makeKey() at least once (e.g., with dummy arguments) for each keyInstance to ensure that all initialization is completed. Note also that all block lengths given for encrypt and decrypt are in bits, not bytes. Thus, for example, to encrypt two blocks, the inputLen parameter to blockEncrypt() would be 256, while a single block would have inputLen == 128.

Porting the Twofish code to different platforms requires ensuring that the LittleEndian define in PLATFORM.H is correct. It is set to 1 for Intel platforms, but may need to be forced to 0 or 1, depending on which platform you are targeting. Also note that the typedef for DWORD in AES.H may need to be changed to ensure that it denotes a 32-bit quantity, particularly on 64-bit CPU platforms such as Alpha, where "unsigned long" may indicate a 64-bit value.

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..