1 /* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
2 /*
3 * Blowfish block cipher for OpenBSD
4 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5 * All rights reserved.
6 *
7 * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Niels Provos.
20 * 4. The name of the author may not be used to endorse or promote products
21 * derived from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 /*
36 * This code is derived from section 14.3 and the given source
37 * in section V of Applied Cryptography, second edition.
38 * Blowfish is an unpatented fast block cipher designed by
39 * Bruce Schneier.
40 */
41
42 #include "includes.h"
43
44 #if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
45 !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC))
46
47 #if 0
48 #include <stdio.h> /* used for debugging */
49 #include <string.h>
50 #endif
51
52 #include <sys/types.h>
53 #ifdef HAVE_BLF_H
54 #include <blf.h>
55 #endif
56
57 #undef inline
58 #ifdef __GNUC__
59 #define inline __inline
60 #else /* !__GNUC__ */
61 #define inline
62 #endif /* !__GNUC__ */
63
64 /* Function for Feistel Networks */
65
66 #define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
67 + (s)[0x100 + (((x)>>16)&0xFF)]) \
68 ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
69 + (s)[0x300 + ( (x) &0xFF)])
70
71 #define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
72
73 void
Blowfish_encipher(blf_ctx * c,u_int32_t * xl,u_int32_t * xr)74 Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
75 {
76 u_int32_t Xl;
77 u_int32_t Xr;
78 u_int32_t *s = c->S[0];
79 u_int32_t *p = c->P;
80
81 Xl = *xl;
82 Xr = *xr;
83
84 Xl ^= p[0];
85 BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
86 BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
87 BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
88 BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
89 BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
90 BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
91 BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
92 BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
93
94 *xl = Xr ^ p[17];
95 *xr = Xl;
96 }
97
98 void
Blowfish_decipher(blf_ctx * c,u_int32_t * xl,u_int32_t * xr)99 Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
100 {
101 u_int32_t Xl;
102 u_int32_t Xr;
103 u_int32_t *s = c->S[0];
104 u_int32_t *p = c->P;
105
106 Xl = *xl;
107 Xr = *xr;
108
109 Xl ^= p[17];
110 BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
111 BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
112 BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
113 BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
114 BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
115 BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
116 BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
117 BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
118
119 *xl = Xr ^ p[0];
120 *xr = Xl;
121 }
122
123 void
Blowfish_initstate(blf_ctx * c)124 Blowfish_initstate(blf_ctx *c)
125 {
126 /* P-box and S-box tables initialized with digits of Pi */
127
128 static const blf_ctx initstate =
129 { {
130 {
131 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
132 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
133 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
134 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
135 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
136 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
137 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
138 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
139 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
140 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
141 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
142 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
143 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
144 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
145 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
146 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
147 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
148 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
149 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
150 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
151 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
152 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
153 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
154 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
155 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
156 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
157 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
158 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
159 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
160 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
161 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
162 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
163 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
164 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
165 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
166 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
167 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
168 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
169 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
170 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
171 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
172 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
173 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
174 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
175 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
176 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
177 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
178 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
179 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
180 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
181 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
182 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
183 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
184 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
185 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
186 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
187 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
188 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
189 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
190 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
191 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
192 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
193 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
194 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
195 {
196 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
197 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
198 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
199 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
200 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
201 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
202 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
203 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
204 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
205 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
206 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
207 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
208 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
209 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
210 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
211 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
212 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
213 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
214 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
215 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
216 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
217 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
218 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
219 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
220 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
221 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
222 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
223 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
224 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
225 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
226 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
227 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
228 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
229 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
230 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
231 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
232 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
233 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
234 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
235 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
236 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
237 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
238 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
239 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
240 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
241 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
242 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
243 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
244 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
245 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
246 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
247 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
248 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
249 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
250 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
251 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
252 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
253 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
254 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
255 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
256 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
257 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
258 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
259 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
260 {
261 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
262 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
263 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
264 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
265 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
266 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
267 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
268 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
269 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
270 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
271 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
272 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
273 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
274 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
275 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
276 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
277 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
278 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
279 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
280 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
281 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
282 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
283 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
284 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
285 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
286 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
287 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
288 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
289 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
290 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
291 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
292 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
293 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
294 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
295 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
296 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
297 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
298 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
299 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
300 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
301 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
302 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
303 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
304 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
305 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
306 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
307 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
308 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
309 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
310 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
311 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
312 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
313 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
314 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
315 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
316 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
317 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
318 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
319 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
320 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
321 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
322 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
323 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
324 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
325 {
326 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
327 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
328 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
329 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
330 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
331 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
332 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
333 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
334 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
335 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
336 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
337 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
338 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
339 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
340 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
341 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
342 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
343 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
344 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
345 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
346 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
347 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
348 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
349 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
350 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
351 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
352 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
353 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
354 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
355 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
356 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
357 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
358 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
359 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
360 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
361 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
362 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
363 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
364 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
365 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
366 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
367 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
368 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
369 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
370 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
371 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
372 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
373 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
374 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
375 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
376 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
377 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
378 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
379 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
380 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
381 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
382 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
383 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
384 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
385 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
386 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
387 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
388 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
389 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
390 },
391 {
392 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
393 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
394 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
395 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
396 0x9216d5d9, 0x8979fb1b
397 } };
398
399 *c = initstate;
400 }
401
402 u_int32_t
Blowfish_stream2word(const u_int8_t * data,u_int16_t databytes,u_int16_t * current)403 Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
404 u_int16_t *current)
405 {
406 u_int8_t i;
407 u_int16_t j;
408 u_int32_t temp;
409
410 temp = 0x00000000;
411 j = *current;
412
413 for (i = 0; i < 4; i++, j++) {
414 if (j >= databytes)
415 j = 0;
416 temp = (temp << 8) | data[j];
417 }
418
419 *current = j;
420 return temp;
421 }
422
423 void
Blowfish_expand0state(blf_ctx * c,const u_int8_t * key,u_int16_t keybytes)424 Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
425 {
426 u_int16_t i;
427 u_int16_t j;
428 u_int16_t k;
429 u_int32_t temp;
430 u_int32_t datal;
431 u_int32_t datar;
432
433 j = 0;
434 for (i = 0; i < BLF_N + 2; i++) {
435 /* Extract 4 int8 to 1 int32 from keystream */
436 temp = Blowfish_stream2word(key, keybytes, &j);
437 c->P[i] = c->P[i] ^ temp;
438 }
439
440 j = 0;
441 datal = 0x00000000;
442 datar = 0x00000000;
443 for (i = 0; i < BLF_N + 2; i += 2) {
444 Blowfish_encipher(c, &datal, &datar);
445
446 c->P[i] = datal;
447 c->P[i + 1] = datar;
448 }
449
450 for (i = 0; i < 4; i++) {
451 for (k = 0; k < 256; k += 2) {
452 Blowfish_encipher(c, &datal, &datar);
453
454 c->S[i][k] = datal;
455 c->S[i][k + 1] = datar;
456 }
457 }
458 }
459
460
461 void
Blowfish_expandstate(blf_ctx * c,const u_int8_t * data,u_int16_t databytes,const u_int8_t * key,u_int16_t keybytes)462 Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
463 const u_int8_t *key, u_int16_t keybytes)
464 {
465 u_int16_t i;
466 u_int16_t j;
467 u_int16_t k;
468 u_int32_t temp;
469 u_int32_t datal;
470 u_int32_t datar;
471
472 j = 0;
473 for (i = 0; i < BLF_N + 2; i++) {
474 /* Extract 4 int8 to 1 int32 from keystream */
475 temp = Blowfish_stream2word(key, keybytes, &j);
476 c->P[i] = c->P[i] ^ temp;
477 }
478
479 j = 0;
480 datal = 0x00000000;
481 datar = 0x00000000;
482 for (i = 0; i < BLF_N + 2; i += 2) {
483 datal ^= Blowfish_stream2word(data, databytes, &j);
484 datar ^= Blowfish_stream2word(data, databytes, &j);
485 Blowfish_encipher(c, &datal, &datar);
486
487 c->P[i] = datal;
488 c->P[i + 1] = datar;
489 }
490
491 for (i = 0; i < 4; i++) {
492 for (k = 0; k < 256; k += 2) {
493 datal ^= Blowfish_stream2word(data, databytes, &j);
494 datar ^= Blowfish_stream2word(data, databytes, &j);
495 Blowfish_encipher(c, &datal, &datar);
496
497 c->S[i][k] = datal;
498 c->S[i][k + 1] = datar;
499 }
500 }
501
502 }
503
504 void
blf_key(blf_ctx * c,const u_int8_t * k,u_int16_t len)505 blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
506 {
507 /* Initialize S-boxes and subkeys with Pi */
508 Blowfish_initstate(c);
509
510 /* Transform S-boxes and subkeys with key */
511 Blowfish_expand0state(c, k, len);
512 }
513
514 void
blf_enc(blf_ctx * c,u_int32_t * data,u_int16_t blocks)515 blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
516 {
517 u_int32_t *d;
518 u_int16_t i;
519
520 d = data;
521 for (i = 0; i < blocks; i++) {
522 Blowfish_encipher(c, d, d + 1);
523 d += 2;
524 }
525 }
526
527 void
blf_dec(blf_ctx * c,u_int32_t * data,u_int16_t blocks)528 blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
529 {
530 u_int32_t *d;
531 u_int16_t i;
532
533 d = data;
534 for (i = 0; i < blocks; i++) {
535 Blowfish_decipher(c, d, d + 1);
536 d += 2;
537 }
538 }
539
540 void
blf_ecb_encrypt(blf_ctx * c,u_int8_t * data,u_int32_t len)541 blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
542 {
543 u_int32_t l, r;
544 u_int32_t i;
545
546 for (i = 0; i < len; i += 8) {
547 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
548 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
549 Blowfish_encipher(c, &l, &r);
550 data[0] = l >> 24 & 0xff;
551 data[1] = l >> 16 & 0xff;
552 data[2] = l >> 8 & 0xff;
553 data[3] = l & 0xff;
554 data[4] = r >> 24 & 0xff;
555 data[5] = r >> 16 & 0xff;
556 data[6] = r >> 8 & 0xff;
557 data[7] = r & 0xff;
558 data += 8;
559 }
560 }
561
562 void
blf_ecb_decrypt(blf_ctx * c,u_int8_t * data,u_int32_t len)563 blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
564 {
565 u_int32_t l, r;
566 u_int32_t i;
567
568 for (i = 0; i < len; i += 8) {
569 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
570 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
571 Blowfish_decipher(c, &l, &r);
572 data[0] = l >> 24 & 0xff;
573 data[1] = l >> 16 & 0xff;
574 data[2] = l >> 8 & 0xff;
575 data[3] = l & 0xff;
576 data[4] = r >> 24 & 0xff;
577 data[5] = r >> 16 & 0xff;
578 data[6] = r >> 8 & 0xff;
579 data[7] = r & 0xff;
580 data += 8;
581 }
582 }
583
584 void
blf_cbc_encrypt(blf_ctx * c,u_int8_t * iv,u_int8_t * data,u_int32_t len)585 blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
586 {
587 u_int32_t l, r;
588 u_int32_t i, j;
589
590 for (i = 0; i < len; i += 8) {
591 for (j = 0; j < 8; j++)
592 data[j] ^= iv[j];
593 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
594 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
595 Blowfish_encipher(c, &l, &r);
596 data[0] = l >> 24 & 0xff;
597 data[1] = l >> 16 & 0xff;
598 data[2] = l >> 8 & 0xff;
599 data[3] = l & 0xff;
600 data[4] = r >> 24 & 0xff;
601 data[5] = r >> 16 & 0xff;
602 data[6] = r >> 8 & 0xff;
603 data[7] = r & 0xff;
604 iv = data;
605 data += 8;
606 }
607 }
608
609 void
blf_cbc_decrypt(blf_ctx * c,u_int8_t * iva,u_int8_t * data,u_int32_t len)610 blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
611 {
612 u_int32_t l, r;
613 u_int8_t *iv;
614 u_int32_t i, j;
615
616 iv = data + len - 16;
617 data = data + len - 8;
618 for (i = len - 8; i >= 8; i -= 8) {
619 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
620 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
621 Blowfish_decipher(c, &l, &r);
622 data[0] = l >> 24 & 0xff;
623 data[1] = l >> 16 & 0xff;
624 data[2] = l >> 8 & 0xff;
625 data[3] = l & 0xff;
626 data[4] = r >> 24 & 0xff;
627 data[5] = r >> 16 & 0xff;
628 data[6] = r >> 8 & 0xff;
629 data[7] = r & 0xff;
630 for (j = 0; j < 8; j++)
631 data[j] ^= iv[j];
632 iv -= 8;
633 data -= 8;
634 }
635 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
636 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
637 Blowfish_decipher(c, &l, &r);
638 data[0] = l >> 24 & 0xff;
639 data[1] = l >> 16 & 0xff;
640 data[2] = l >> 8 & 0xff;
641 data[3] = l & 0xff;
642 data[4] = r >> 24 & 0xff;
643 data[5] = r >> 16 & 0xff;
644 data[6] = r >> 8 & 0xff;
645 data[7] = r & 0xff;
646 for (j = 0; j < 8; j++)
647 data[j] ^= iva[j];
648 }
649
650 #if 0
651 void
652 report(u_int32_t data[], u_int16_t len)
653 {
654 u_int16_t i;
655 for (i = 0; i < len; i += 2)
656 printf("Block %0hd: %08lx %08lx.\n",
657 i / 2, data[i], data[i + 1]);
658 }
659 void
660 main(void)
661 {
662
663 blf_ctx c;
664 char key[] = "AAAAA";
665 char key2[] = "abcdefghijklmnopqrstuvwxyz";
666
667 u_int32_t data[10];
668 u_int32_t data2[] =
669 {0x424c4f57l, 0x46495348l};
670
671 u_int16_t i;
672
673 /* First test */
674 for (i = 0; i < 10; i++)
675 data[i] = i;
676
677 blf_key(&c, (u_int8_t *) key, 5);
678 blf_enc(&c, data, 5);
679 blf_dec(&c, data, 1);
680 blf_dec(&c, data + 2, 4);
681 printf("Should read as 0 - 9.\n");
682 report(data, 10);
683
684 /* Second test */
685 blf_key(&c, (u_int8_t *) key2, strlen(key2));
686 blf_enc(&c, data2, 1);
687 printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
688 report(data2, 2);
689 blf_dec(&c, data2, 1);
690 report(data2, 2);
691 }
692 #endif
693
694 #endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
695 !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */
696
697