A C# implementation of the Twofish cipher

Download library and test harness in a signed installer - 49 Kb

Preface

This article is about using the .NET framework to create an encryption provider and integrate it using the same mechanism provided by the .NET platform. This article is not about the Twofish cipher itself but is used as an example cipher that can can be integrated in such a manner.

Introduction

The .NET framework supports various encryption providers such as the AES winner Rijndael. But it is possible to use the same framework to add custom encryption providers and use them in the same manner as the .NET provided ones. It is not necessary to just use it for encryption as the same framework can also be used for any form of encoding mechanism such as compression or MIME encoding. Also these transformations can be connected together via the streams so that it is possible to cascade these transformations i.e. memory -> compress -> encrypt -> encode, in a very simple manner. This technique will be familiar to people who have used Crypto++. For this purpose the .NET framework provides a base class SymmetricAlgorithm and an interface ICryptoTransform.

Investigation

To investigate how the .NET framework used the SymmetricAlgorithm class and ICryptoTransform interface I created a simple class XOR which does a byte by byte eXclusiveOR on a block of data. A very basic and very poor encryption system but it at least lets one work out if we are using the supplied classes and interfaces correctly. I have also included this in the install but it is just a bunch of methods/properties and lots of trace statements.

Discovery

byte[] ICryptoTransform.TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount); - This method does not like when you return null, throws an exception, when there is no data to return. You will usually have this case when this method is called but inputCount is 0, instead you have to return new byte[0]. This is not documented in the help files (yet).

public virtual SymmetricAlgorithm.CipherMode Mode {get; set;} - The framework does not use this property itself to implement the various cipher modes - you must read this property when you are transforming data and act accordingly.

Twofish

Now armed with the new found knowledge I proceeded to implement the Twofish cipher in C#. I based my implementation on the reference C implementation of the Twofish cipher which can be found at Counterpane Internet Security as I do not think the optimised C implementation would port as well. I have tested the code so that it works in EBC mode and I have also implemented CBC mode as well.

Cascade

As I mentioned before it is possible to cascade these transforms such that with one call you can compress -> encrypt -> encode. In the install I have shown how one may cascade the Twofish cipher and the .NET provided Base64 transforms FromBase64Transform and ToBase64Transform. I haven't shown the compression step as I have yet to implement that transform.

Twofish fish = new Twofish();
System.IO.MemoryStream ms = new System.IO.MemoryStream();

// create an encoder
ICryptoTransform encode = new ToBase64Transform();

//create Twofish Encryptor from this instance
ICryptoTransform encrypt = fish.CreateEncryptor( Key, IV);
// both Key and IV are byte[] types 

// we have to work backwards defining the last link in the chain first
CryptoStream cryptostreamEncode = new CryptoStream( ms, encode, 
                                                    CryptoStreamMode.Write);
CryptoStream cryptostream = new CryptoStream( cryptostreamEncode, encrypt, 
                                              CryptoStreamMode.Write);

// or we could do this as we don't need to use cryptostreamEncode
CryptoStream cryptostream = new 
  CryptoStream(new CryptoStream( ms,encode, CryptoStreamMode.Write), 
  encrypt, CryptoStreamMode.Write);

Outstanding Issues

I have not created any random key or IV mechanism that would normally be implemented in the GenerateIV() and GenerateKey() overrides.
Need further testing to test the CBC mode and to add other cipher modes.
Integrate a compression algorithm into a class that supports ICryptoTransform interface
Optimise the code. As I mentioned before I am not too sure how to go about optimising C# code so any tips appreciated.
The uninstall does not remove any produced files due to compilation.

History

First revision - 17 July 2002

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

About the Author

Shaun Wilde

Software Developer (Senior) MYOB

Australia

Member

Follow on Twitter

All articles are supplied as-is, as a howto on a particular task that worked for me in the past. None of the articles are supposed to be out-of-the-box freeware controls and nor should they be treated as such. Caveat emptor.

Now living and working in Australia, trying to be involved in the local .NET and Agile communities when I can.

I spend a good chunk of my spare time building OpenCover and maintaining PartCover both of which are Code Coverage utilities for .NET.

Article Top