xref: /openbsd/lib/libc/crypt/blowfish.c (revision 264ca280) 
1 /* $OpenBSD: blowfish.c,v 1.19 2015/09/11 09:18:27 guenther Exp $ */
2 /*
3  * Blowfish block cipher for OpenBSD
4  * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5  * All rights reserved.
6  *
7  * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. All advertising materials mentioning features or use of this software
18  *    must display the following acknowledgement:
19  *      This product includes software developed by Niels Provos.
20  * 4. The name of the author may not be used to endorse or promote products
21  *    derived from this software without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33  */
34 
35 /*
36  * This code is derived from section 14.3 and the given source
37  * in section V of Applied Cryptography, second edition.
38  * Blowfish is an unpatented fast block cipher designed by
39  * Bruce Schneier.
40  */
41 
42 #if 0
43 #include <stdio.h>		/* used for debugging */
44 #include <string.h>
45 #endif
46 
47 #include <sys/types.h>
48 #include <blf.h>
49 
50 #undef inline
51 #ifdef __GNUC__
52 #define inline __inline
53 #else				/* !__GNUC__ */
54 #define inline
55 #endif				/* !__GNUC__ */
56 
57 /* Function for Feistel Networks */
58 
59 #define F(s, x) ((((s)[        (((x)>>24)&0xFF)]  \
60 		 + (s)[0x100 + (((x)>>16)&0xFF)]) \
61 		 ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
62 		 + (s)[0x300 + ( (x)     &0xFF)])
63 
64 #define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
65 
66 void
67 Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
68 {
69 	u_int32_t Xl;
70 	u_int32_t Xr;
71 	u_int32_t *s = c->S[0];
72 	u_int32_t *p = c->P;
73 
74 	Xl = *xl;
75 	Xr = *xr;
76 
77 	Xl ^= p[0];
78 	BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
79 	BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
80 	BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
81 	BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
82 	BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
83 	BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
84 	BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
85 	BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
86 
87 	*xl = Xr ^ p[17];
88 	*xr = Xl;
89 }
90 DEF_WEAK(Blowfish_encipher);
91 
92 void
93 Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
94 {
95 	u_int32_t Xl;
96 	u_int32_t Xr;
97 	u_int32_t *s = c->S[0];
98 	u_int32_t *p = c->P;
99 
100 	Xl = *xl;
101 	Xr = *xr;
102 
103 	Xl ^= p[17];
104 	BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
105 	BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
106 	BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
107 	BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
108 	BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
109 	BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
110 	BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
111 	BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
112 
113 	*xl = Xr ^ p[0];
114 	*xr = Xl;
115 }
116 DEF_WEAK(Blowfish_decipher);
117 
118 void
119 Blowfish_initstate(blf_ctx *c)
120 {
121 	/* P-box and S-box tables initialized with digits of Pi */
122 
123 	static const blf_ctx initstate =
124 	{ {
125 		{
126 			0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
127 			0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
128 			0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
129 			0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
130 			0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
131 			0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
132 			0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
133 			0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
134 			0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
135 			0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
136 			0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
137 			0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
138 			0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
139 			0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
140 			0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
141 			0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
142 			0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
143 			0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
144 			0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
145 			0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
146 			0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
147 			0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
148 			0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
149 			0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
150 			0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
151 			0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
152 			0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
153 			0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
154 			0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
155 			0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
156 			0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
157 			0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
158 			0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
159 			0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
160 			0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
161 			0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
162 			0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
163 			0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
164 			0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
165 			0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
166 			0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
167 			0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
168 			0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
169 			0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
170 			0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
171 			0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
172 			0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
173 			0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
174 			0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
175 			0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
176 			0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
177 			0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
178 			0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
179 			0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
180 			0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
181 			0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
182 			0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
183 			0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
184 			0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
185 			0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
186 			0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
187 			0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
188 			0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
189 		0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
190 		{
191 			0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
192 			0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
193 			0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
194 			0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
195 			0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
196 			0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
197 			0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
198 			0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
199 			0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
200 			0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
201 			0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
202 			0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
203 			0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
204 			0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
205 			0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
206 			0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
207 			0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
208 			0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
209 			0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
210 			0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
211 			0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
212 			0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
213 			0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
214 			0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
215 			0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
216 			0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
217 			0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
218 			0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
219 			0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
220 			0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
221 			0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
222 			0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
223 			0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
224 			0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
225 			0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
226 			0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
227 			0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
228 			0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
229 			0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
230 			0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
231 			0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
232 			0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
233 			0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
234 			0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
235 			0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
236 			0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
237 			0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
238 			0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
239 			0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
240 			0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
241 			0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
242 			0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
243 			0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
244 			0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
245 			0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
246 			0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
247 			0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
248 			0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
249 			0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
250 			0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
251 			0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
252 			0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
253 			0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
254 		0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
255 		{
256 			0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
257 			0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
258 			0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
259 			0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
260 			0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
261 			0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
262 			0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
263 			0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
264 			0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
265 			0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
266 			0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
267 			0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
268 			0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
269 			0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
270 			0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
271 			0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
272 			0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
273 			0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
274 			0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
275 			0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
276 			0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
277 			0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
278 			0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
279 			0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
280 			0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
281 			0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
282 			0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
283 			0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
284 			0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
285 			0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
286 			0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
287 			0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
288 			0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
289 			0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
290 			0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
291 			0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
292 			0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
293 			0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
294 			0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
295 			0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
296 			0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
297 			0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
298 			0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
299 			0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
300 			0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
301 			0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
302 			0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
303 			0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
304 			0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
305 			0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
306 			0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
307 			0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
308 			0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
309 			0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
310 			0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
311 			0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
312 			0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
313 			0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
314 			0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
315 			0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
316 			0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
317 			0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
318 			0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
319 		0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
320 		{
321 			0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
322 			0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
323 			0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
324 			0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
325 			0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
326 			0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
327 			0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
328 			0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
329 			0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
330 			0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
331 			0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
332 			0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
333 			0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
334 			0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
335 			0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
336 			0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
337 			0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
338 			0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
339 			0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
340 			0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
341 			0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
342 			0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
343 			0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
344 			0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
345 			0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
346 			0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
347 			0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
348 			0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
349 			0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
350 			0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
351 			0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
352 			0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
353 			0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
354 			0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
355 			0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
356 			0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
357 			0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
358 			0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
359 			0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
360 			0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
361 			0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
362 			0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
363 			0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
364 			0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
365 			0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
366 			0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
367 			0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
368 			0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
369 			0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
370 			0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
371 			0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
372 			0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
373 			0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
374 			0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
375 			0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
376 			0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
377 			0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
378 			0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
379 			0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
380 			0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
381 			0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
382 			0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
383 			0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
384 		0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
385 	},
386 	{
387 		0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
388 		0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
389 		0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
390 		0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
391 		0x9216d5d9, 0x8979fb1b
392 	} };
393 
394 	*c = initstate;
395 }
396 DEF_WEAK(Blowfish_initstate);
397 
398 u_int32_t
399 Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
400     u_int16_t *current)
401 {
402 	u_int8_t i;
403 	u_int16_t j;
404 	u_int32_t temp;
405 
406 	temp = 0x00000000;
407 	j = *current;
408 
409 	for (i = 0; i < 4; i++, j++) {
410 		if (j >= databytes)
411 			j = 0;
412 		temp = (temp << 8) | data[j];
413 	}
414 
415 	*current = j;
416 	return temp;
417 }
418 DEF_WEAK(Blowfish_stream2word);
419 
420 void
421 Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
422 {
423 	u_int16_t i;
424 	u_int16_t j;
425 	u_int16_t k;
426 	u_int32_t temp;
427 	u_int32_t datal;
428 	u_int32_t datar;
429 
430 	j = 0;
431 	for (i = 0; i < BLF_N + 2; i++) {
432 		/* Extract 4 int8 to 1 int32 from keystream */
433 		temp = Blowfish_stream2word(key, keybytes, &j);
434 		c->P[i] = c->P[i] ^ temp;
435 	}
436 
437 	j = 0;
438 	datal = 0x00000000;
439 	datar = 0x00000000;
440 	for (i = 0; i < BLF_N + 2; i += 2) {
441 		Blowfish_encipher(c, &datal, &datar);
442 
443 		c->P[i] = datal;
444 		c->P[i + 1] = datar;
445 	}
446 
447 	for (i = 0; i < 4; i++) {
448 		for (k = 0; k < 256; k += 2) {
449 			Blowfish_encipher(c, &datal, &datar);
450 
451 			c->S[i][k] = datal;
452 			c->S[i][k + 1] = datar;
453 		}
454 	}
455 }
456 DEF_WEAK(Blowfish_expand0state);
457 
458 
459 void
460 Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
461     const u_int8_t *key, u_int16_t keybytes)
462 {
463 	u_int16_t i;
464 	u_int16_t j;
465 	u_int16_t k;
466 	u_int32_t temp;
467 	u_int32_t datal;
468 	u_int32_t datar;
469 
470 	j = 0;
471 	for (i = 0; i < BLF_N + 2; i++) {
472 		/* Extract 4 int8 to 1 int32 from keystream */
473 		temp = Blowfish_stream2word(key, keybytes, &j);
474 		c->P[i] = c->P[i] ^ temp;
475 	}
476 
477 	j = 0;
478 	datal = 0x00000000;
479 	datar = 0x00000000;
480 	for (i = 0; i < BLF_N + 2; i += 2) {
481 		datal ^= Blowfish_stream2word(data, databytes, &j);
482 		datar ^= Blowfish_stream2word(data, databytes, &j);
483 		Blowfish_encipher(c, &datal, &datar);
484 
485 		c->P[i] = datal;
486 		c->P[i + 1] = datar;
487 	}
488 
489 	for (i = 0; i < 4; i++) {
490 		for (k = 0; k < 256; k += 2) {
491 			datal ^= Blowfish_stream2word(data, databytes, &j);
492 			datar ^= Blowfish_stream2word(data, databytes, &j);
493 			Blowfish_encipher(c, &datal, &datar);
494 
495 			c->S[i][k] = datal;
496 			c->S[i][k + 1] = datar;
497 		}
498 	}
499 
500 }
501 DEF_WEAK(Blowfish_expandstate);
502 
503 void
504 blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
505 {
506 	/* Initialize S-boxes and subkeys with Pi */
507 	Blowfish_initstate(c);
508 
509 	/* Transform S-boxes and subkeys with key */
510 	Blowfish_expand0state(c, k, len);
511 }
512 DEF_WEAK(blf_key);
513 
514 void
515 blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
516 {
517 	u_int32_t *d;
518 	u_int16_t i;
519 
520 	d = data;
521 	for (i = 0; i < blocks; i++) {
522 		Blowfish_encipher(c, d, d + 1);
523 		d += 2;
524 	}
525 }
526 DEF_WEAK(blf_enc);
527 
528 void
529 blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
530 {
531 	u_int32_t *d;
532 	u_int16_t i;
533 
534 	d = data;
535 	for (i = 0; i < blocks; i++) {
536 		Blowfish_decipher(c, d, d + 1);
537 		d += 2;
538 	}
539 }
540 DEF_WEAK(blf_dec);
541 
542 void
543 blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
544 {
545 	u_int32_t l, r;
546 	u_int32_t i;
547 
548 	for (i = 0; i < len; i += 8) {
549 		l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
550 		r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
551 		Blowfish_encipher(c, &l, &r);
552 		data[0] = l >> 24 & 0xff;
553 		data[1] = l >> 16 & 0xff;
554 		data[2] = l >> 8 & 0xff;
555 		data[3] = l & 0xff;
556 		data[4] = r >> 24 & 0xff;
557 		data[5] = r >> 16 & 0xff;
558 		data[6] = r >> 8 & 0xff;
559 		data[7] = r & 0xff;
560 		data += 8;
561 	}
562 }
563 DEF_WEAK(blf_ecb_encrypt);
564 
565 void
566 blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
567 {
568 	u_int32_t l, r;
569 	u_int32_t i;
570 
571 	for (i = 0; i < len; i += 8) {
572 		l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
573 		r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
574 		Blowfish_decipher(c, &l, &r);
575 		data[0] = l >> 24 & 0xff;
576 		data[1] = l >> 16 & 0xff;
577 		data[2] = l >> 8 & 0xff;
578 		data[3] = l & 0xff;
579 		data[4] = r >> 24 & 0xff;
580 		data[5] = r >> 16 & 0xff;
581 		data[6] = r >> 8 & 0xff;
582 		data[7] = r & 0xff;
583 		data += 8;
584 	}
585 }
586 DEF_WEAK(blf_ecb_decrypt);
587 
588 void
589 blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
590 {
591 	u_int32_t l, r;
592 	u_int32_t i, j;
593 
594 	for (i = 0; i < len; i += 8) {
595 		for (j = 0; j < 8; j++)
596 			data[j] ^= iv[j];
597 		l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
598 		r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
599 		Blowfish_encipher(c, &l, &r);
600 		data[0] = l >> 24 & 0xff;
601 		data[1] = l >> 16 & 0xff;
602 		data[2] = l >> 8 & 0xff;
603 		data[3] = l & 0xff;
604 		data[4] = r >> 24 & 0xff;
605 		data[5] = r >> 16 & 0xff;
606 		data[6] = r >> 8 & 0xff;
607 		data[7] = r & 0xff;
608 		iv = data;
609 		data += 8;
610 	}
611 }
612 DEF_WEAK(blf_cbc_encrypt);
613 
614 void
615 blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
616 {
617 	u_int32_t l, r;
618 	u_int8_t *iv;
619 	u_int32_t i, j;
620 
621 	iv = data + len - 16;
622 	data = data + len - 8;
623 	for (i = len - 8; i >= 8; i -= 8) {
624 		l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
625 		r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
626 		Blowfish_decipher(c, &l, &r);
627 		data[0] = l >> 24 & 0xff;
628 		data[1] = l >> 16 & 0xff;
629 		data[2] = l >> 8 & 0xff;
630 		data[3] = l & 0xff;
631 		data[4] = r >> 24 & 0xff;
632 		data[5] = r >> 16 & 0xff;
633 		data[6] = r >> 8 & 0xff;
634 		data[7] = r & 0xff;
635 		for (j = 0; j < 8; j++)
636 			data[j] ^= iv[j];
637 		iv -= 8;
638 		data -= 8;
639 	}
640 	l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
641 	r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
642 	Blowfish_decipher(c, &l, &r);
643 	data[0] = l >> 24 & 0xff;
644 	data[1] = l >> 16 & 0xff;
645 	data[2] = l >> 8 & 0xff;
646 	data[3] = l & 0xff;
647 	data[4] = r >> 24 & 0xff;
648 	data[5] = r >> 16 & 0xff;
649 	data[6] = r >> 8 & 0xff;
650 	data[7] = r & 0xff;
651 	for (j = 0; j < 8; j++)
652 		data[j] ^= iva[j];
653 }
654 DEF_WEAK(blf_cbc_decrypt);
655 
656 #if 0
657 void
658 report(u_int32_t data[], u_int16_t len)
659 {
660 	u_int16_t i;
661 	for (i = 0; i < len; i += 2)
662 		printf("Block %0hd: %08lx %08lx.\n",
663 		    i / 2, data[i], data[i + 1]);
664 }
665 void
666 main(void)
667 {
668 
669 	blf_ctx c;
670 	char    key[] = "AAAAA";
671 	char    key2[] = "abcdefghijklmnopqrstuvwxyz";
672 
673 	u_int32_t data[10];
674 	u_int32_t data2[] =
675 	{0x424c4f57l, 0x46495348l};
676 
677 	u_int16_t i;
678 
679 	/* First test */
680 	for (i = 0; i < 10; i++)
681 		data[i] = i;
682 
683 	blf_key(&c, (u_int8_t *) key, 5);
684 	blf_enc(&c, data, 5);
685 	blf_dec(&c, data, 1);
686 	blf_dec(&c, data + 2, 4);
687 	printf("Should read as 0 - 9.\n");
688 	report(data, 10);
689 
690 	/* Second test */
691 	blf_key(&c, (u_int8_t *) key2, strlen(key2));
692 	blf_enc(&c, data2, 1);
693 	printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
694 	report(data2, 2);
695 	blf_dec(&c, data2, 1);
696 	report(data2, 2);
697 }
698 #endif
699