1 /* ===================================================================
2  *
3  * Copyright (c) 2019, Helder Eijs <helderijs@gmail.com>
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in
14  *    the documentation and/or other materials provided with the
15  *    distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
20  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21  * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
22  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
23  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
24  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
25  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
27  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28  * POSSIBILITY OF SUCH DAMAGE.
29  * ===================================================================
30  */
31 
32 #include "common.h"
33 #include "endianess.h"
34 #include "block_base.h"
35 
36 #include "blowfish_init.c"
37 
38 #ifdef EKS
39 #define NON_STANDARD_START_OPERATION
40 #define MODULE_NAME EKSBlowfish
41 FAKE_INIT(raw_eksblowfish)
42 #else
43 #define MODULE_NAME Blowfish
44 FAKE_INIT(raw_blowfish)
45 #endif
46 
47 #define BLOCK_SIZE  8
48 #define KEY_SIZE    0
49 
50 struct block_state {
51     uint32_t S[4][256];
52     uint32_t P[18];
53 };
54 
swap(uint32_t * L,uint32_t * R)55 static inline void swap(uint32_t *L, uint32_t *R)
56 {
57     uint32_t tmp;
58 
59     tmp = *L;
60     *L = *R;
61     *R = tmp;
62 }
63 
F(const struct block_state * ctx,uint32_t x)64 static inline uint32_t F(const struct block_state *ctx, uint32_t x)
65 {
66     uint8_t a, b, c, d;
67     uint32_t res;
68 
69     a = (x >> 24) & 0xFF;
70     b = (x >> 16) & 0xFF;
71     c = (x >> 8)  & 0xFF;
72     d = (x >> 0)  & 0xFF;
73 
74     res =  ctx->S[0][a] + ctx->S[1][b];
75     res ^= ctx->S[2][c];
76     res += ctx->S[3][d];
77 
78     return res;
79 }
80 
bf_encrypt(const struct block_state * state,uint32_t * Lx,uint32_t * Rx)81 static void bf_encrypt(const struct block_state *state, uint32_t *Lx, uint32_t *Rx)
82 {
83     unsigned i;
84     uint32_t L, R;
85 
86     L = *Lx;
87     R = *Rx;
88 
89     for (i=0; i<16; i++) {
90         L ^= state->P[i];
91         R ^= F(state, L);
92         swap(&L, &R);
93     }
94 
95     swap(&L, &R);
96     R ^= state->P[16];
97     L ^= state->P[17];
98 
99     *Lx = L;
100     *Rx = R;
101 }
102 
bf_decrypt(const struct block_state * state,uint32_t * Lx,uint32_t * Rx)103 static void bf_decrypt(const struct block_state *state, uint32_t *Lx, uint32_t *Rx)
104 {
105     unsigned i;
106     uint32_t L, R;
107 
108     L = *Lx;
109     R = *Rx;
110 
111     L ^= state->P[17];
112     R ^= state->P[16];
113     swap(&L, &R);
114 
115     for (i=0; i<16; i++) {
116         swap(&L, &R);
117         R ^= F(state, L);
118         L ^= state->P[15-i];
119     }
120 
121     *Lx = L;
122     *Rx = R;
123 }
124 
xorP(uint32_t P[18],const uint8_t * key,size_t keylength)125 static inline void xorP(uint32_t P[18], const uint8_t *key, size_t keylength)
126 {
127     uint8_t P_buf[4*18];
128     size_t P_idx;
129     unsigned i;
130 
131     P_idx = 0;
132     while (P_idx < sizeof(P_buf)) {
133         size_t tc;
134 
135         tc = MIN(keylength, sizeof(P_buf) - P_idx);
136         memcpy(P_buf + P_idx, key, tc);
137 
138         P_idx += tc;
139     }
140 
141     P_idx = 0;
142     for (i=0; i<18; i++) {
143         P[i] ^= LOAD_U32_BIG(P_buf + P_idx);
144         P_idx += 4;
145     }
146 }
147 
encryptState(struct block_state * state,const uint8_t * key,size_t keylength)148 static inline void encryptState(struct block_state *state, const uint8_t *key, size_t keylength)
149 {
150     unsigned i, j;
151     uint32_t L, R;
152 
153     xorP(state->P, key, keylength);
154 
155     L = R = 0;
156     for (i=0; i<18; i+=2) {
157         bf_encrypt(state, &L, &R);
158         state->P[i] = L;
159         state->P[i+1] = R;
160     }
161     for (j=0; j<4; j++) {
162         for (i=0; i<256; i+=2) {
163             bf_encrypt(state, &L, &R);
164             state->S[j][i] = L;
165             state->S[j][i+1] = R;
166         }
167     }
168 }
169 
170 #ifndef EKS
171 
block_init(struct block_state * state,const uint8_t * key,size_t keylength)172 static int block_init(struct block_state *state, const uint8_t *key, size_t keylength)
173 {
174     /* Allowed key length: 32 to 448 bits */
175     if (keylength < 4 || keylength > 56) {
176         return ERR_KEY_SIZE;
177     }
178 
179     memcpy(state->S, S_init, sizeof S_init);
180     memcpy(state->P, P_init, sizeof P_init);
181 
182     encryptState(state, key, keylength);
183 
184     return 0;
185 }
186 
187 #else
188 
read_u32_circ(const uint8_t * base,size_t len,size_t * idx)189 static inline uint32_t read_u32_circ(const uint8_t *base, size_t len, size_t *idx)
190 {
191     uint8_t buf[4];
192     unsigned i;
193 
194     for (i=0; i<4; i++) {
195         buf[i] = base[*idx];
196         (*idx)++;
197         if (len == *idx)
198             *idx = 0;
199     }
200 
201     return LOAD_U32_BIG(buf);
202 }
203 
encryptStateWithSalt(struct block_state * state,const uint8_t * key,size_t keylength,const uint8_t * salt,size_t saltlength)204 static int encryptStateWithSalt(struct block_state *state, const uint8_t *key, size_t keylength, const uint8_t *salt, size_t saltlength)
205 {
206     uint32_t L, R;
207     unsigned i, j;
208     size_t idx;
209 
210     xorP(state->P, key, keylength);
211 
212     L = R = 0;
213     idx = 0;
214     for (i=0; i<18; i+=2) {
215         L ^= read_u32_circ(salt, saltlength, &idx);
216         R ^= read_u32_circ(salt, saltlength, &idx);
217         bf_encrypt(state, &L, &R);
218         state->P[i] = L;
219         state->P[i+1] = R;
220     }
221 
222     for (j=0; j<4; j++) {
223         for (i=0; i<256; i+=2) {
224             L ^= read_u32_circ(salt, saltlength, &idx);
225             R ^= read_u32_circ(salt, saltlength, &idx);
226             bf_encrypt(state, &L, &R);
227             state->S[j][i] = L;
228             state->S[j][i+1] = R;
229         }
230     }
231 
232     return 0;
233 }
234 
block_init(struct block_state * state,const uint8_t * key,size_t keylength,const uint8_t * salt,size_t saltlength,unsigned cost,unsigned invert)235 static int block_init(struct block_state *state, const uint8_t *key, size_t keylength, const uint8_t *salt, size_t saltlength, unsigned cost, unsigned invert)
236 {
237     unsigned i;
238     unsigned iterations;
239 
240     if (keylength > 72) {
241         return ERR_KEY_SIZE;
242     }
243 
244     /* InitState */
245     memcpy(state->S, S_init, sizeof S_init);
246     memcpy(state->P, P_init, sizeof P_init);
247 
248     encryptStateWithSalt(state, key, keylength, salt, saltlength);
249 
250     iterations = 1U << cost;
251     if (!invert) {
252         for (i=0; i<iterations; i++) {
253             encryptState(state, salt, saltlength);
254             encryptState(state, key, keylength);
255         }
256     } else {
257         for (i=0; i<iterations; i++) {
258             encryptState(state, key, keylength);
259             encryptState(state, salt, saltlength);
260         }
261     }
262 
263     return 0;
264 }
265 
266 #endif
267 
block_finalize(struct block_state * state)268 static void block_finalize(struct block_state* state)
269 {
270 }
271 
block_encrypt(struct block_state * state,const uint8_t * in,uint8_t * out)272 static inline void block_encrypt(struct block_state *state, const uint8_t *in, uint8_t *out)
273 {
274     uint32_t L, R;
275 
276     L = LOAD_U32_BIG(in);
277     R = LOAD_U32_BIG(in + 4);
278     bf_encrypt(state, &L, &R);
279     STORE_U32_BIG(out, L);
280     STORE_U32_BIG(out + 4, R);
281 }
282 
block_decrypt(struct block_state * state,const uint8_t * in,uint8_t * out)283 static inline void block_decrypt(struct block_state *state, const uint8_t *in, uint8_t *out)
284 {
285     uint32_t L, R;
286 
287     L = LOAD_U32_BIG(in);
288     R = LOAD_U32_BIG(in + 4);
289     bf_decrypt(state, &L, &R);
290     STORE_U32_BIG(out, L);
291     STORE_U32_BIG(out + 4, R);
292 }
293 
294 #include "block_common.c"
295 
296 #ifdef EKS
CIPHER_START_OPERATION(const uint8_t key[],size_t key_len,const uint8_t salt[],size_t salt_len,unsigned cost,unsigned invert,CIPHER_STATE_TYPE ** pResult)297 EXPORT_SYM int CIPHER_START_OPERATION(const uint8_t key[], size_t key_len, const uint8_t salt[], size_t salt_len, unsigned cost, unsigned invert, CIPHER_STATE_TYPE **pResult)
298 {
299     BlockBase *block_base;
300 
301     if ((key == NULL) || (salt == NULL) || (pResult == NULL))
302         return ERR_NULL;
303 
304     *pResult = calloc(1, sizeof(CIPHER_STATE_TYPE));
305     if (NULL == *pResult)
306         return ERR_MEMORY;
307 
308     block_base = &((*pResult)->base_state);
309     block_base->encrypt = &CIPHER_ENCRYPT;
310     block_base->decrypt = &CIPHER_DECRYPT;
311     block_base->destructor = &CIPHER_STOP_OPERATION;
312     block_base->block_len = BLOCK_SIZE;
313 
314     return block_init(&(*pResult)->algo_state, (unsigned char*)key, key_len, salt, salt_len, cost, invert);
315 }
316 #endif
317