I'm implementing the Twofish algorithm for use in educational software. Im using QT for UI and using research from Wikipedia and the Twofish paper of Bruce Schneier, but Im stuck on generating the whitening subkeys. I've successfuly understood how to generate round subkeys, but haven't found the way to generate whitening ones.
I'm taking k = 2 (128 bit key, 128/64 = 2), so, 2k = 4; size of M_e and M_0 is 2, I'm filling them from original key and calculating round keys for 16 rounds, 2 key per each.
So, instead of 40 subkeys I'm getting only 32.
Where I've missed the 8 for whitening? I've re-read the paper and didn't find an algorithm for them, or suggestion's on how they're generated like first or last N keys before or after the round ones.
How do i generate the whitening keys?
From the twofish paper:
Page 5:
Twofish xors 128 bits of subkey before the first Feistel round, and another 128 bits after the last Feistel round. These subkeys are calculated in the same manner as the round subkeys, but are not used any- where else in the cipher.
The equations on page 7 show that the input whitening is done with the first 4 Ki, and the output whitening with the next 4 Ki.
The function F (used in the main rounds) uses keys K_(2r+8) and K_(2r+9). The +8 and +9 are added in order to skip over the 8 keys used for whitening.
In summary, you need to generate keys for an additional 4 rounds (making 8 extra keys). The first 4 keys are used for input, and the next 4 for output.