1 /* $OpenBSD: blowfish.c,v 1.20 2021/11/29 01:04:45 djm Exp $ */
2 /*
3 * Blowfish block cipher for OpenBSD
4 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5 * All rights reserved.
6 *
7 * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. The name of the author may not be used to endorse or promote products
18 * derived from this software without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 /*
33 * This code is derived from section 14.3 and the given source
34 * in section V of Applied Cryptography, second edition.
35 * Blowfish is an unpatented fast block cipher designed by
36 * Bruce Schneier.
37 */
38
39 #include "includes.h"
40
41 #if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
42 !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC))
43
44 #if 0
45 #include <stdio.h> /* used for debugging */
46 #include <string.h>
47 #endif
48
49 #include <sys/types.h>
50 #ifdef HAVE_BLF_H
51 #include <blf.h>
52 #endif
53
54 #undef inline
55 #ifdef __GNUC__
56 #define inline __inline
57 #else /* !__GNUC__ */
58 #define inline
59 #endif /* !__GNUC__ */
60
61 /* Function for Feistel Networks */
62
63 #define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
64 + (s)[0x100 + (((x)>>16)&0xFF)]) \
65 ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
66 + (s)[0x300 + ( (x) &0xFF)])
67
68 #define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
69
70 void
Blowfish_encipher(blf_ctx * c,u_int32_t * xl,u_int32_t * xr)71 Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
72 {
73 u_int32_t Xl;
74 u_int32_t Xr;
75 u_int32_t *s = c->S[0];
76 u_int32_t *p = c->P;
77
78 Xl = *xl;
79 Xr = *xr;
80
81 Xl ^= p[0];
82 BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
83 BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
84 BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
85 BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
86 BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
87 BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
88 BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
89 BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
90
91 *xl = Xr ^ p[17];
92 *xr = Xl;
93 }
94
95 void
Blowfish_decipher(blf_ctx * c,u_int32_t * xl,u_int32_t * xr)96 Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
97 {
98 u_int32_t Xl;
99 u_int32_t Xr;
100 u_int32_t *s = c->S[0];
101 u_int32_t *p = c->P;
102
103 Xl = *xl;
104 Xr = *xr;
105
106 Xl ^= p[17];
107 BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
108 BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
109 BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
110 BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
111 BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
112 BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
113 BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
114 BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
115
116 *xl = Xr ^ p[0];
117 *xr = Xl;
118 }
119
120 void
Blowfish_initstate(blf_ctx * c)121 Blowfish_initstate(blf_ctx *c)
122 {
123 /* P-box and S-box tables initialized with digits of Pi */
124
125 static const blf_ctx initstate =
126 { {
127 {
128 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
129 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
130 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
131 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
132 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
133 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
134 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
135 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
136 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
137 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
138 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
139 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
140 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
141 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
142 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
143 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
144 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
145 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
146 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
147 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
148 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
149 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
150 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
151 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
152 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
153 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
154 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
155 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
156 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
157 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
158 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
159 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
160 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
161 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
162 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
163 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
164 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
165 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
166 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
167 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
168 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
169 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
170 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
171 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
172 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
173 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
174 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
175 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
176 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
177 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
178 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
179 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
180 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
181 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
182 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
183 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
184 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
185 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
186 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
187 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
188 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
189 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
190 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
191 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
192 {
193 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
194 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
195 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
196 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
197 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
198 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
199 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
200 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
201 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
202 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
203 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
204 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
205 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
206 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
207 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
208 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
209 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
210 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
211 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
212 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
213 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
214 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
215 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
216 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
217 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
218 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
219 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
220 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
221 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
222 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
223 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
224 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
225 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
226 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
227 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
228 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
229 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
230 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
231 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
232 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
233 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
234 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
235 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
236 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
237 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
238 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
239 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
240 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
241 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
242 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
243 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
244 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
245 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
246 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
247 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
248 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
249 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
250 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
251 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
252 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
253 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
254 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
255 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
256 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
257 {
258 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
259 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
260 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
261 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
262 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
263 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
264 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
265 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
266 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
267 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
268 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
269 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
270 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
271 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
272 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
273 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
274 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
275 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
276 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
277 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
278 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
279 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
280 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
281 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
282 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
283 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
284 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
285 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
286 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
287 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
288 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
289 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
290 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
291 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
292 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
293 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
294 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
295 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
296 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
297 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
298 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
299 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
300 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
301 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
302 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
303 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
304 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
305 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
306 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
307 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
308 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
309 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
310 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
311 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
312 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
313 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
314 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
315 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
316 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
317 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
318 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
319 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
320 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
321 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
322 {
323 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
324 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
325 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
326 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
327 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
328 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
329 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
330 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
331 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
332 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
333 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
334 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
335 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
336 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
337 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
338 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
339 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
340 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
341 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
342 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
343 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
344 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
345 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
346 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
347 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
348 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
349 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
350 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
351 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
352 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
353 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
354 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
355 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
356 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
357 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
358 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
359 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
360 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
361 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
362 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
363 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
364 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
365 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
366 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
367 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
368 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
369 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
370 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
371 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
372 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
373 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
374 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
375 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
376 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
377 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
378 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
379 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
380 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
381 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
382 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
383 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
384 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
385 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
386 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
387 },
388 {
389 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
390 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
391 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
392 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
393 0x9216d5d9, 0x8979fb1b
394 } };
395
396 *c = initstate;
397 }
398
399 u_int32_t
Blowfish_stream2word(const u_int8_t * data,u_int16_t databytes,u_int16_t * current)400 Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
401 u_int16_t *current)
402 {
403 u_int8_t i;
404 u_int16_t j;
405 u_int32_t temp;
406
407 temp = 0x00000000;
408 j = *current;
409
410 for (i = 0; i < 4; i++, j++) {
411 if (j >= databytes)
412 j = 0;
413 temp = (temp << 8) | data[j];
414 }
415
416 *current = j;
417 return temp;
418 }
419
420 void
Blowfish_expand0state(blf_ctx * c,const u_int8_t * key,u_int16_t keybytes)421 Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
422 {
423 u_int16_t i;
424 u_int16_t j;
425 u_int16_t k;
426 u_int32_t temp;
427 u_int32_t datal;
428 u_int32_t datar;
429
430 j = 0;
431 for (i = 0; i < BLF_N + 2; i++) {
432 /* Extract 4 int8 to 1 int32 from keystream */
433 temp = Blowfish_stream2word(key, keybytes, &j);
434 c->P[i] = c->P[i] ^ temp;
435 }
436
437 j = 0;
438 datal = 0x00000000;
439 datar = 0x00000000;
440 for (i = 0; i < BLF_N + 2; i += 2) {
441 Blowfish_encipher(c, &datal, &datar);
442
443 c->P[i] = datal;
444 c->P[i + 1] = datar;
445 }
446
447 for (i = 0; i < 4; i++) {
448 for (k = 0; k < 256; k += 2) {
449 Blowfish_encipher(c, &datal, &datar);
450
451 c->S[i][k] = datal;
452 c->S[i][k + 1] = datar;
453 }
454 }
455 }
456
457
458 void
Blowfish_expandstate(blf_ctx * c,const u_int8_t * data,u_int16_t databytes,const u_int8_t * key,u_int16_t keybytes)459 Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
460 const u_int8_t *key, u_int16_t keybytes)
461 {
462 u_int16_t i;
463 u_int16_t j;
464 u_int16_t k;
465 u_int32_t temp;
466 u_int32_t datal;
467 u_int32_t datar;
468
469 j = 0;
470 for (i = 0; i < BLF_N + 2; i++) {
471 /* Extract 4 int8 to 1 int32 from keystream */
472 temp = Blowfish_stream2word(key, keybytes, &j);
473 c->P[i] = c->P[i] ^ temp;
474 }
475
476 j = 0;
477 datal = 0x00000000;
478 datar = 0x00000000;
479 for (i = 0; i < BLF_N + 2; i += 2) {
480 datal ^= Blowfish_stream2word(data, databytes, &j);
481 datar ^= Blowfish_stream2word(data, databytes, &j);
482 Blowfish_encipher(c, &datal, &datar);
483
484 c->P[i] = datal;
485 c->P[i + 1] = datar;
486 }
487
488 for (i = 0; i < 4; i++) {
489 for (k = 0; k < 256; k += 2) {
490 datal ^= Blowfish_stream2word(data, databytes, &j);
491 datar ^= Blowfish_stream2word(data, databytes, &j);
492 Blowfish_encipher(c, &datal, &datar);
493
494 c->S[i][k] = datal;
495 c->S[i][k + 1] = datar;
496 }
497 }
498
499 }
500
501 void
blf_key(blf_ctx * c,const u_int8_t * k,u_int16_t len)502 blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
503 {
504 /* Initialize S-boxes and subkeys with Pi */
505 Blowfish_initstate(c);
506
507 /* Transform S-boxes and subkeys with key */
508 Blowfish_expand0state(c, k, len);
509 }
510
511 void
blf_enc(blf_ctx * c,u_int32_t * data,u_int16_t blocks)512 blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
513 {
514 u_int32_t *d;
515 u_int16_t i;
516
517 d = data;
518 for (i = 0; i < blocks; i++) {
519 Blowfish_encipher(c, d, d + 1);
520 d += 2;
521 }
522 }
523
524 void
blf_dec(blf_ctx * c,u_int32_t * data,u_int16_t blocks)525 blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
526 {
527 u_int32_t *d;
528 u_int16_t i;
529
530 d = data;
531 for (i = 0; i < blocks; i++) {
532 Blowfish_decipher(c, d, d + 1);
533 d += 2;
534 }
535 }
536
537 void
blf_ecb_encrypt(blf_ctx * c,u_int8_t * data,u_int32_t len)538 blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
539 {
540 u_int32_t l, r;
541 u_int32_t i;
542
543 for (i = 0; i < len; i += 8) {
544 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
545 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
546 Blowfish_encipher(c, &l, &r);
547 data[0] = l >> 24 & 0xff;
548 data[1] = l >> 16 & 0xff;
549 data[2] = l >> 8 & 0xff;
550 data[3] = l & 0xff;
551 data[4] = r >> 24 & 0xff;
552 data[5] = r >> 16 & 0xff;
553 data[6] = r >> 8 & 0xff;
554 data[7] = r & 0xff;
555 data += 8;
556 }
557 }
558
559 void
blf_ecb_decrypt(blf_ctx * c,u_int8_t * data,u_int32_t len)560 blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
561 {
562 u_int32_t l, r;
563 u_int32_t i;
564
565 for (i = 0; i < len; i += 8) {
566 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
567 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
568 Blowfish_decipher(c, &l, &r);
569 data[0] = l >> 24 & 0xff;
570 data[1] = l >> 16 & 0xff;
571 data[2] = l >> 8 & 0xff;
572 data[3] = l & 0xff;
573 data[4] = r >> 24 & 0xff;
574 data[5] = r >> 16 & 0xff;
575 data[6] = r >> 8 & 0xff;
576 data[7] = r & 0xff;
577 data += 8;
578 }
579 }
580
581 void
blf_cbc_encrypt(blf_ctx * c,u_int8_t * iv,u_int8_t * data,u_int32_t len)582 blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
583 {
584 u_int32_t l, r;
585 u_int32_t i, j;
586
587 for (i = 0; i < len; i += 8) {
588 for (j = 0; j < 8; j++)
589 data[j] ^= iv[j];
590 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
591 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
592 Blowfish_encipher(c, &l, &r);
593 data[0] = l >> 24 & 0xff;
594 data[1] = l >> 16 & 0xff;
595 data[2] = l >> 8 & 0xff;
596 data[3] = l & 0xff;
597 data[4] = r >> 24 & 0xff;
598 data[5] = r >> 16 & 0xff;
599 data[6] = r >> 8 & 0xff;
600 data[7] = r & 0xff;
601 iv = data;
602 data += 8;
603 }
604 }
605
606 void
blf_cbc_decrypt(blf_ctx * c,u_int8_t * iva,u_int8_t * data,u_int32_t len)607 blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
608 {
609 u_int32_t l, r;
610 u_int8_t *iv;
611 u_int32_t i, j;
612
613 iv = data + len - 16;
614 data = data + len - 8;
615 for (i = len - 8; i >= 8; i -= 8) {
616 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
617 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
618 Blowfish_decipher(c, &l, &r);
619 data[0] = l >> 24 & 0xff;
620 data[1] = l >> 16 & 0xff;
621 data[2] = l >> 8 & 0xff;
622 data[3] = l & 0xff;
623 data[4] = r >> 24 & 0xff;
624 data[5] = r >> 16 & 0xff;
625 data[6] = r >> 8 & 0xff;
626 data[7] = r & 0xff;
627 for (j = 0; j < 8; j++)
628 data[j] ^= iv[j];
629 iv -= 8;
630 data -= 8;
631 }
632 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
633 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
634 Blowfish_decipher(c, &l, &r);
635 data[0] = l >> 24 & 0xff;
636 data[1] = l >> 16 & 0xff;
637 data[2] = l >> 8 & 0xff;
638 data[3] = l & 0xff;
639 data[4] = r >> 24 & 0xff;
640 data[5] = r >> 16 & 0xff;
641 data[6] = r >> 8 & 0xff;
642 data[7] = r & 0xff;
643 for (j = 0; j < 8; j++)
644 data[j] ^= iva[j];
645 }
646
647 #if 0
648 void
649 report(u_int32_t data[], u_int16_t len)
650 {
651 u_int16_t i;
652 for (i = 0; i < len; i += 2)
653 printf("Block %0hd: %08lx %08lx.\n",
654 i / 2, data[i], data[i + 1]);
655 }
656 void
657 main(void)
658 {
659
660 blf_ctx c;
661 char key[] = "AAAAA";
662 char key2[] = "abcdefghijklmnopqrstuvwxyz";
663
664 u_int32_t data[10];
665 u_int32_t data2[] =
666 {0x424c4f57l, 0x46495348l};
667
668 u_int16_t i;
669
670 /* First test */
671 for (i = 0; i < 10; i++)
672 data[i] = i;
673
674 blf_key(&c, (u_int8_t *) key, 5);
675 blf_enc(&c, data, 5);
676 blf_dec(&c, data, 1);
677 blf_dec(&c, data + 2, 4);
678 printf("Should read as 0 - 9.\n");
679 report(data, 10);
680
681 /* Second test */
682 blf_key(&c, (u_int8_t *) key2, strlen(key2));
683 blf_enc(&c, data2, 1);
684 printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
685 report(data2, 2);
686 blf_dec(&c, data2, 1);
687 report(data2, 2);
688 }
689 #endif
690
691 #endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
692 !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */
693
694