/src/libgcrypt/cipher/blowfish.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* blowfish.c - Blowfish encryption |
2 | | * Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc. |
3 | | * |
4 | | * This file is part of Libgcrypt. |
5 | | * |
6 | | * Libgcrypt is free software; you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser general Public License as |
8 | | * published by the Free Software Foundation; either version 2.1 of |
9 | | * the License, or (at your option) any later version. |
10 | | * |
11 | | * Libgcrypt is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public |
17 | | * License along with this program; if not, write to the Free Software |
18 | | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA |
19 | | * |
20 | | * For a description of the algorithm, see: |
21 | | * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. |
22 | | * ISBN 0-471-11709-9. Pages 336 ff. |
23 | | */ |
24 | | |
25 | | /* Test values: |
26 | | * key "abcdefghijklmnopqrstuvwxyz"; |
27 | | * plain "BLOWFISH" |
28 | | * cipher 32 4E D0 FE F4 13 A2 03 |
29 | | * |
30 | | */ |
31 | | |
32 | | #include <config.h> |
33 | | #include <stdio.h> |
34 | | #include <stdlib.h> |
35 | | #include <string.h> |
36 | | #include "types.h" |
37 | | #include "g10lib.h" |
38 | | #include "cipher.h" |
39 | | #include "bufhelp.h" |
40 | | #include "cipher-internal.h" |
41 | | |
42 | 0 | #define BLOWFISH_BLOCKSIZE 8 |
43 | 0 | #define BLOWFISH_KEY_MIN_BITS 8 |
44 | 0 | #define BLOWFISH_KEY_MAX_BITS 576 |
45 | | |
46 | | |
47 | | /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */ |
48 | | #undef USE_AMD64_ASM |
49 | | #if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \ |
50 | | defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) |
51 | | # define USE_AMD64_ASM 1 |
52 | | #endif |
53 | | |
54 | | /* USE_ARM_ASM indicates whether to use ARM assembly code. */ |
55 | | #undef USE_ARM_ASM |
56 | | #if defined(__ARMEL__) |
57 | | # if defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS) |
58 | | # define USE_ARM_ASM 1 |
59 | | # endif |
60 | | #endif |
61 | | |
62 | | typedef struct { |
63 | | u32 s0[256]; |
64 | | u32 s1[256]; |
65 | | u32 s2[256]; |
66 | | u32 s3[256]; |
67 | | u32 p[16+2]; |
68 | | } BLOWFISH_context; |
69 | | |
70 | | static gcry_err_code_t bf_setkey (void *c, const byte *key, unsigned keylen, |
71 | | cipher_bulk_ops_t *bulk_ops); |
72 | | static unsigned int encrypt_block (void *bc, byte *outbuf, const byte *inbuf); |
73 | | static unsigned int decrypt_block (void *bc, byte *outbuf, const byte *inbuf); |
74 | | |
75 | | |
76 | | /* precomputed S boxes */ |
77 | | static const u32 ks0[256] = { |
78 | | 0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96, |
79 | | 0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16, |
80 | | 0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658, |
81 | | 0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013, |
82 | | 0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E, |
83 | | 0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60, |
84 | | 0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6, |
85 | | 0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A, |
86 | | 0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C, |
87 | | 0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193, |
88 | | 0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1, |
89 | | 0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239, |
90 | | 0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A, |
91 | | 0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3, |
92 | | 0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176, |
93 | | 0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE, |
94 | | 0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706, |
95 | | 0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B, |
96 | | 0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B, |
97 | | 0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463, |
98 | | 0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C, |
99 | | 0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3, |
100 | | 0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A, |
101 | | 0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8, |
102 | | 0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760, |
103 | | 0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB, |
104 | | 0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8, |
105 | | 0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B, |
106 | | 0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33, |
107 | | 0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4, |
108 | | 0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0, |
109 | | 0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C, |
110 | | 0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777, |
111 | | 0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299, |
112 | | 0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705, |
113 | | 0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF, |
114 | | 0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E, |
115 | | 0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA, |
116 | | 0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9, |
117 | | 0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915, |
118 | | 0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F, |
119 | | 0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664, |
120 | | 0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A }; |
121 | | |
122 | | static const u32 ks1[256] = { |
123 | | 0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D, |
124 | | 0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1, |
125 | | 0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65, |
126 | | 0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1, |
127 | | 0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9, |
128 | | 0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737, |
129 | | 0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D, |
130 | | 0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD, |
131 | | 0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC, |
132 | | 0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41, |
133 | | 0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908, |
134 | | 0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF, |
135 | | 0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124, |
136 | | 0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C, |
137 | | 0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908, |
138 | | 0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD, |
139 | | 0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B, |
140 | | 0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E, |
141 | | 0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA, |
142 | | 0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A, |
143 | | 0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D, |
144 | | 0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66, |
145 | | 0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5, |
146 | | 0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84, |
147 | | 0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96, |
148 | | 0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14, |
149 | | 0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA, |
150 | | 0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7, |
151 | | 0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77, |
152 | | 0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99, |
153 | | 0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054, |
154 | | 0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73, |
155 | | 0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA, |
156 | | 0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105, |
157 | | 0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646, |
158 | | 0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285, |
159 | | 0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA, |
160 | | 0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB, |
161 | | 0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E, |
162 | | 0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC, |
163 | | 0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD, |
164 | | 0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20, |
165 | | 0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 }; |
166 | | |
167 | | static const u32 ks2[256] = { |
168 | | 0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7, |
169 | | 0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF, |
170 | | 0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF, |
171 | | 0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504, |
172 | | 0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4, |
173 | | 0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE, |
174 | | 0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC, |
175 | | 0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B, |
176 | | 0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332, |
177 | | 0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527, |
178 | | 0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58, |
179 | | 0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C, |
180 | | 0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22, |
181 | | 0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17, |
182 | | 0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60, |
183 | | 0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115, |
184 | | 0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99, |
185 | | 0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0, |
186 | | 0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74, |
187 | | 0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D, |
188 | | 0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3, |
189 | | 0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3, |
190 | | 0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979, |
191 | | 0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C, |
192 | | 0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA, |
193 | | 0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A, |
194 | | 0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086, |
195 | | 0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC, |
196 | | 0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24, |
197 | | 0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2, |
198 | | 0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84, |
199 | | 0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C, |
200 | | 0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09, |
201 | | 0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10, |
202 | | 0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE, |
203 | | 0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027, |
204 | | 0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0, |
205 | | 0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634, |
206 | | 0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188, |
207 | | 0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC, |
208 | | 0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8, |
209 | | 0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837, |
210 | | 0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 }; |
211 | | |
212 | | static const u32 ks3[256] = { |
213 | | 0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742, |
214 | | 0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B, |
215 | | 0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79, |
216 | | 0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6, |
217 | | 0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A, |
218 | | 0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4, |
219 | | 0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1, |
220 | | 0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59, |
221 | | 0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797, |
222 | | 0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28, |
223 | | 0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6, |
224 | | 0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28, |
225 | | 0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA, |
226 | | 0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A, |
227 | | 0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5, |
228 | | 0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F, |
229 | | 0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE, |
230 | | 0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680, |
231 | | 0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD, |
232 | | 0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB, |
233 | | 0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB, |
234 | | 0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370, |
235 | | 0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC, |
236 | | 0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048, |
237 | | 0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC, |
238 | | 0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9, |
239 | | 0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A, |
240 | | 0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F, |
241 | | 0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A, |
242 | | 0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1, |
243 | | 0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B, |
244 | | 0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E, |
245 | | 0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E, |
246 | | 0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F, |
247 | | 0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623, |
248 | | 0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC, |
249 | | 0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A, |
250 | | 0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6, |
251 | | 0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3, |
252 | | 0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060, |
253 | | 0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C, |
254 | | 0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F, |
255 | | 0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 }; |
256 | | |
257 | | static const u32 ps[16+2] = { |
258 | | 0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0, |
259 | | 0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C, |
260 | | 0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B }; |
261 | | |
262 | | |
263 | | #ifdef USE_AMD64_ASM |
264 | | |
265 | | /* Assembly implementations of Blowfish. */ |
266 | | extern void _gcry_blowfish_amd64_do_encrypt(BLOWFISH_context *c, u32 *ret_xl, |
267 | | u32 *ret_xr); |
268 | | |
269 | | extern void _gcry_blowfish_amd64_encrypt_block(BLOWFISH_context *c, byte *out, |
270 | | const byte *in); |
271 | | |
272 | | extern void _gcry_blowfish_amd64_decrypt_block(BLOWFISH_context *c, byte *out, |
273 | | const byte *in); |
274 | | |
275 | | /* These assembly implementations process four blocks in parallel. */ |
276 | | extern void _gcry_blowfish_amd64_ctr_enc(BLOWFISH_context *ctx, byte *out, |
277 | | const byte *in, byte *ctr); |
278 | | |
279 | | extern void _gcry_blowfish_amd64_cbc_dec(BLOWFISH_context *ctx, byte *out, |
280 | | const byte *in, byte *iv); |
281 | | |
282 | | extern void _gcry_blowfish_amd64_cfb_dec(BLOWFISH_context *ctx, byte *out, |
283 | | const byte *in, byte *iv); |
284 | | |
285 | | static void |
286 | | do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr ) |
287 | 0 | { |
288 | 0 | _gcry_blowfish_amd64_do_encrypt (bc, ret_xl, ret_xr); |
289 | 0 | } |
290 | | |
291 | | static void |
292 | | do_encrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf) |
293 | 0 | { |
294 | 0 | _gcry_blowfish_amd64_encrypt_block (context, outbuf, inbuf); |
295 | 0 | } |
296 | | |
297 | | static void |
298 | | do_decrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf) |
299 | 0 | { |
300 | 0 | _gcry_blowfish_amd64_decrypt_block (context, outbuf, inbuf); |
301 | 0 | } |
302 | | |
303 | | static inline void |
304 | | blowfish_amd64_ctr_enc(BLOWFISH_context *ctx, byte *out, const byte *in, |
305 | | byte *ctr) |
306 | 0 | { |
307 | 0 | _gcry_blowfish_amd64_ctr_enc(ctx, out, in, ctr); |
308 | 0 | } |
309 | | |
310 | | static inline void |
311 | | blowfish_amd64_cbc_dec(BLOWFISH_context *ctx, byte *out, const byte *in, |
312 | | byte *iv) |
313 | 0 | { |
314 | 0 | _gcry_blowfish_amd64_cbc_dec(ctx, out, in, iv); |
315 | 0 | } |
316 | | |
317 | | static inline void |
318 | | blowfish_amd64_cfb_dec(BLOWFISH_context *ctx, byte *out, const byte *in, |
319 | | byte *iv) |
320 | 0 | { |
321 | 0 | _gcry_blowfish_amd64_cfb_dec(ctx, out, in, iv); |
322 | 0 | } |
323 | | |
324 | | static unsigned int |
325 | | encrypt_block (void *context , byte *outbuf, const byte *inbuf) |
326 | 0 | { |
327 | 0 | BLOWFISH_context *c = (BLOWFISH_context *) context; |
328 | 0 | do_encrypt_block (c, outbuf, inbuf); |
329 | 0 | return /*burn_stack*/ (2*8); |
330 | 0 | } |
331 | | |
332 | | static unsigned int |
333 | | decrypt_block (void *context, byte *outbuf, const byte *inbuf) |
334 | 0 | { |
335 | 0 | BLOWFISH_context *c = (BLOWFISH_context *) context; |
336 | 0 | do_decrypt_block (c, outbuf, inbuf); |
337 | 0 | return /*burn_stack*/ (2*8); |
338 | 0 | } |
339 | | |
340 | | #elif defined(USE_ARM_ASM) |
341 | | |
342 | | /* Assembly implementations of Blowfish. */ |
343 | | extern void _gcry_blowfish_arm_do_encrypt(BLOWFISH_context *c, u32 *ret_xl, |
344 | | u32 *ret_xr); |
345 | | |
346 | | extern void _gcry_blowfish_arm_encrypt_block(BLOWFISH_context *c, byte *out, |
347 | | const byte *in); |
348 | | |
349 | | extern void _gcry_blowfish_arm_decrypt_block(BLOWFISH_context *c, byte *out, |
350 | | const byte *in); |
351 | | |
352 | | /* These assembly implementations process two blocks in parallel. */ |
353 | | extern void _gcry_blowfish_arm_ctr_enc(BLOWFISH_context *ctx, byte *out, |
354 | | const byte *in, byte *ctr); |
355 | | |
356 | | extern void _gcry_blowfish_arm_cbc_dec(BLOWFISH_context *ctx, byte *out, |
357 | | const byte *in, byte *iv); |
358 | | |
359 | | extern void _gcry_blowfish_arm_cfb_dec(BLOWFISH_context *ctx, byte *out, |
360 | | const byte *in, byte *iv); |
361 | | |
362 | | static void |
363 | | do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr ) |
364 | | { |
365 | | _gcry_blowfish_arm_do_encrypt (bc, ret_xl, ret_xr); |
366 | | } |
367 | | |
368 | | static void |
369 | | do_encrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf) |
370 | | { |
371 | | _gcry_blowfish_arm_encrypt_block (context, outbuf, inbuf); |
372 | | } |
373 | | |
374 | | static void |
375 | | do_decrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf) |
376 | | { |
377 | | _gcry_blowfish_arm_decrypt_block (context, outbuf, inbuf); |
378 | | } |
379 | | |
380 | | static unsigned int |
381 | | encrypt_block (void *context , byte *outbuf, const byte *inbuf) |
382 | | { |
383 | | BLOWFISH_context *c = (BLOWFISH_context *) context; |
384 | | do_encrypt_block (c, outbuf, inbuf); |
385 | | return /*burn_stack*/ (10*4); |
386 | | } |
387 | | |
388 | | static unsigned int |
389 | | decrypt_block (void *context, byte *outbuf, const byte *inbuf) |
390 | | { |
391 | | BLOWFISH_context *c = (BLOWFISH_context *) context; |
392 | | do_decrypt_block (c, outbuf, inbuf); |
393 | | return /*burn_stack*/ (10*4); |
394 | | } |
395 | | |
396 | | #else /*USE_ARM_ASM*/ |
397 | | |
398 | | |
399 | | #define F(x) ((( s0[(x)>>24] + s1[((x)>>16)&0xff]) \ |
400 | | ^ s2[((x)>>8)&0xff]) + s3[(x)&0xff] ) |
401 | | #define R(l,r,i) do { l ^= p[i]; r ^= F(l); } while(0) |
402 | | #define R3(l,r,i) do { R(l##0,r##0,i);R(l##1,r##1,i);R(l##2,r##2,i);} while(0) |
403 | | |
404 | | |
405 | | static void |
406 | | do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr ) |
407 | | { |
408 | | u32 xl, xr, *s0, *s1, *s2, *s3, *p; |
409 | | |
410 | | xl = *ret_xl; |
411 | | xr = *ret_xr; |
412 | | p = bc->p; |
413 | | s0 = bc->s0; |
414 | | s1 = bc->s1; |
415 | | s2 = bc->s2; |
416 | | s3 = bc->s3; |
417 | | |
418 | | R( xl, xr, 0); |
419 | | R( xr, xl, 1); |
420 | | R( xl, xr, 2); |
421 | | R( xr, xl, 3); |
422 | | R( xl, xr, 4); |
423 | | R( xr, xl, 5); |
424 | | R( xl, xr, 6); |
425 | | R( xr, xl, 7); |
426 | | R( xl, xr, 8); |
427 | | R( xr, xl, 9); |
428 | | R( xl, xr, 10); |
429 | | R( xr, xl, 11); |
430 | | R( xl, xr, 12); |
431 | | R( xr, xl, 13); |
432 | | R( xl, xr, 14); |
433 | | R( xr, xl, 15); |
434 | | |
435 | | xl ^= p[16]; |
436 | | xr ^= p[16+1]; |
437 | | |
438 | | *ret_xl = xr; |
439 | | *ret_xr = xl; |
440 | | } |
441 | | |
442 | | |
443 | | static void |
444 | | do_encrypt_3 ( BLOWFISH_context *bc, byte *dst, const byte *src ) |
445 | | { |
446 | | u32 xl0, xr0, xl1, xr1, xl2, xr2, *s0, *s1, *s2, *s3, *p; |
447 | | |
448 | | xl0 = buf_get_be32(src + 0); |
449 | | xr0 = buf_get_be32(src + 4); |
450 | | xl1 = buf_get_be32(src + 8); |
451 | | xr1 = buf_get_be32(src + 12); |
452 | | xl2 = buf_get_be32(src + 16); |
453 | | xr2 = buf_get_be32(src + 20); |
454 | | p = bc->p; |
455 | | s0 = bc->s0; |
456 | | s1 = bc->s1; |
457 | | s2 = bc->s2; |
458 | | s3 = bc->s3; |
459 | | |
460 | | R3( xl, xr, 0); |
461 | | R3( xr, xl, 1); |
462 | | R3( xl, xr, 2); |
463 | | R3( xr, xl, 3); |
464 | | R3( xl, xr, 4); |
465 | | R3( xr, xl, 5); |
466 | | R3( xl, xr, 6); |
467 | | R3( xr, xl, 7); |
468 | | R3( xl, xr, 8); |
469 | | R3( xr, xl, 9); |
470 | | R3( xl, xr, 10); |
471 | | R3( xr, xl, 11); |
472 | | R3( xl, xr, 12); |
473 | | R3( xr, xl, 13); |
474 | | R3( xl, xr, 14); |
475 | | R3( xr, xl, 15); |
476 | | |
477 | | xl0 ^= p[16]; |
478 | | xr0 ^= p[16+1]; |
479 | | xl1 ^= p[16]; |
480 | | xr1 ^= p[16+1]; |
481 | | xl2 ^= p[16]; |
482 | | xr2 ^= p[16+1]; |
483 | | |
484 | | buf_put_be32(dst + 0, xr0); |
485 | | buf_put_be32(dst + 4, xl0); |
486 | | buf_put_be32(dst + 8, xr1); |
487 | | buf_put_be32(dst + 12, xl1); |
488 | | buf_put_be32(dst + 16, xr2); |
489 | | buf_put_be32(dst + 20, xl2); |
490 | | } |
491 | | |
492 | | |
493 | | static void |
494 | | decrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr ) |
495 | | { |
496 | | u32 xl, xr, *s0, *s1, *s2, *s3, *p; |
497 | | |
498 | | xl = *ret_xl; |
499 | | xr = *ret_xr; |
500 | | p = bc->p; |
501 | | s0 = bc->s0; |
502 | | s1 = bc->s1; |
503 | | s2 = bc->s2; |
504 | | s3 = bc->s3; |
505 | | |
506 | | R( xl, xr, 17); |
507 | | R( xr, xl, 16); |
508 | | R( xl, xr, 15); |
509 | | R( xr, xl, 14); |
510 | | R( xl, xr, 13); |
511 | | R( xr, xl, 12); |
512 | | R( xl, xr, 11); |
513 | | R( xr, xl, 10); |
514 | | R( xl, xr, 9); |
515 | | R( xr, xl, 8); |
516 | | R( xl, xr, 7); |
517 | | R( xr, xl, 6); |
518 | | R( xl, xr, 5); |
519 | | R( xr, xl, 4); |
520 | | R( xl, xr, 3); |
521 | | R( xr, xl, 2); |
522 | | |
523 | | xl ^= p[1]; |
524 | | xr ^= p[0]; |
525 | | |
526 | | *ret_xl = xr; |
527 | | *ret_xr = xl; |
528 | | } |
529 | | |
530 | | |
531 | | static void |
532 | | do_decrypt_3 ( BLOWFISH_context *bc, byte *dst, const byte *src ) |
533 | | { |
534 | | u32 xl0, xr0, xl1, xr1, xl2, xr2, *s0, *s1, *s2, *s3, *p; |
535 | | |
536 | | xl0 = buf_get_be32(src + 0); |
537 | | xr0 = buf_get_be32(src + 4); |
538 | | xl1 = buf_get_be32(src + 8); |
539 | | xr1 = buf_get_be32(src + 12); |
540 | | xl2 = buf_get_be32(src + 16); |
541 | | xr2 = buf_get_be32(src + 20); |
542 | | p = bc->p; |
543 | | s0 = bc->s0; |
544 | | s1 = bc->s1; |
545 | | s2 = bc->s2; |
546 | | s3 = bc->s3; |
547 | | |
548 | | R3( xl, xr, 17); |
549 | | R3( xr, xl, 16); |
550 | | R3( xl, xr, 15); |
551 | | R3( xr, xl, 14); |
552 | | R3( xl, xr, 13); |
553 | | R3( xr, xl, 12); |
554 | | R3( xl, xr, 11); |
555 | | R3( xr, xl, 10); |
556 | | R3( xl, xr, 9); |
557 | | R3( xr, xl, 8); |
558 | | R3( xl, xr, 7); |
559 | | R3( xr, xl, 6); |
560 | | R3( xl, xr, 5); |
561 | | R3( xr, xl, 4); |
562 | | R3( xl, xr, 3); |
563 | | R3( xr, xl, 2); |
564 | | |
565 | | xl0 ^= p[1]; |
566 | | xr0 ^= p[0]; |
567 | | xl1 ^= p[1]; |
568 | | xr1 ^= p[0]; |
569 | | xl2 ^= p[1]; |
570 | | xr2 ^= p[0]; |
571 | | |
572 | | buf_put_be32(dst + 0, xr0); |
573 | | buf_put_be32(dst + 4, xl0); |
574 | | buf_put_be32(dst + 8, xr1); |
575 | | buf_put_be32(dst + 12, xl1); |
576 | | buf_put_be32(dst + 16, xr2); |
577 | | buf_put_be32(dst + 20, xl2); |
578 | | } |
579 | | |
580 | | #undef F |
581 | | #undef R |
582 | | #undef R3 |
583 | | |
584 | | static void |
585 | | do_encrypt_block ( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf ) |
586 | | { |
587 | | u32 d1, d2; |
588 | | |
589 | | d1 = buf_get_be32(inbuf); |
590 | | d2 = buf_get_be32(inbuf + 4); |
591 | | do_encrypt( bc, &d1, &d2 ); |
592 | | buf_put_be32(outbuf, d1); |
593 | | buf_put_be32(outbuf + 4, d2); |
594 | | } |
595 | | |
596 | | static unsigned int |
597 | | encrypt_block (void *context, byte *outbuf, const byte *inbuf) |
598 | | { |
599 | | BLOWFISH_context *bc = (BLOWFISH_context *) context; |
600 | | do_encrypt_block (bc, outbuf, inbuf); |
601 | | return /*burn_stack*/ (64); |
602 | | } |
603 | | |
604 | | |
605 | | static void |
606 | | do_decrypt_block (BLOWFISH_context *bc, byte *outbuf, const byte *inbuf) |
607 | | { |
608 | | u32 d1, d2; |
609 | | |
610 | | d1 = buf_get_be32(inbuf); |
611 | | d2 = buf_get_be32(inbuf + 4); |
612 | | decrypt( bc, &d1, &d2 ); |
613 | | buf_put_be32(outbuf, d1); |
614 | | buf_put_be32(outbuf + 4, d2); |
615 | | } |
616 | | |
617 | | static unsigned int |
618 | | decrypt_block (void *context, byte *outbuf, const byte *inbuf) |
619 | | { |
620 | | BLOWFISH_context *bc = (BLOWFISH_context *) context; |
621 | | do_decrypt_block (bc, outbuf, inbuf); |
622 | | return /*burn_stack*/ (64); |
623 | | } |
624 | | |
625 | | #endif /*!USE_AMD64_ASM&&!USE_ARM_ASM*/ |
626 | | |
627 | | |
628 | | /* Bulk encryption of complete blocks in CTR mode. This function is only |
629 | | intended for the bulk encryption feature of cipher.c. CTR is expected to be |
630 | | of size BLOWFISH_BLOCKSIZE. */ |
631 | | static void |
632 | | _gcry_blowfish_ctr_enc(void *context, unsigned char *ctr, void *outbuf_arg, |
633 | | const void *inbuf_arg, size_t nblocks) |
634 | 0 | { |
635 | 0 | BLOWFISH_context *ctx = context; |
636 | 0 | unsigned char *outbuf = outbuf_arg; |
637 | 0 | const unsigned char *inbuf = inbuf_arg; |
638 | 0 | unsigned char tmpbuf[BLOWFISH_BLOCKSIZE * 3]; |
639 | 0 | int burn_stack_depth = (64) + 4 * BLOWFISH_BLOCKSIZE; |
640 | |
|
641 | 0 | #ifdef USE_AMD64_ASM |
642 | 0 | { |
643 | 0 | if (nblocks >= 4) |
644 | 0 | burn_stack_depth += 5 * sizeof(void*); |
645 | | |
646 | | /* Process data in 4 block chunks. */ |
647 | 0 | while (nblocks >= 4) |
648 | 0 | { |
649 | 0 | blowfish_amd64_ctr_enc(ctx, outbuf, inbuf, ctr); |
650 | |
|
651 | 0 | nblocks -= 4; |
652 | 0 | outbuf += 4 * BLOWFISH_BLOCKSIZE; |
653 | 0 | inbuf += 4 * BLOWFISH_BLOCKSIZE; |
654 | 0 | } |
655 | | |
656 | | /* Use generic code to handle smaller chunks... */ |
657 | 0 | } |
658 | | #elif defined(USE_ARM_ASM) |
659 | | { |
660 | | /* Process data in 2 block chunks. */ |
661 | | while (nblocks >= 2) |
662 | | { |
663 | | _gcry_blowfish_arm_ctr_enc(ctx, outbuf, inbuf, ctr); |
664 | | |
665 | | nblocks -= 2; |
666 | | outbuf += 2 * BLOWFISH_BLOCKSIZE; |
667 | | inbuf += 2 * BLOWFISH_BLOCKSIZE; |
668 | | } |
669 | | |
670 | | /* Use generic code to handle smaller chunks... */ |
671 | | } |
672 | | #endif |
673 | |
|
674 | | #if !defined(USE_AMD64_ASM) && !defined(USE_ARM_ASM) |
675 | | for ( ;nblocks >= 3; nblocks -= 3) |
676 | | { |
677 | | /* Prepare the counter blocks. */ |
678 | | cipher_block_cpy (tmpbuf + 0, ctr, BLOWFISH_BLOCKSIZE); |
679 | | cipher_block_cpy (tmpbuf + 8, ctr, BLOWFISH_BLOCKSIZE); |
680 | | cipher_block_cpy (tmpbuf + 16, ctr, BLOWFISH_BLOCKSIZE); |
681 | | cipher_block_add (tmpbuf + 8, 1, BLOWFISH_BLOCKSIZE); |
682 | | cipher_block_add (tmpbuf + 16, 2, BLOWFISH_BLOCKSIZE); |
683 | | cipher_block_add (ctr, 3, BLOWFISH_BLOCKSIZE); |
684 | | /* Encrypt the counter. */ |
685 | | do_encrypt_3(ctx, tmpbuf, tmpbuf); |
686 | | /* XOR the input with the encrypted counter and store in output. */ |
687 | | buf_xor(outbuf, tmpbuf, inbuf, BLOWFISH_BLOCKSIZE * 3); |
688 | | outbuf += BLOWFISH_BLOCKSIZE * 3; |
689 | | inbuf += BLOWFISH_BLOCKSIZE * 3; |
690 | | } |
691 | | #endif |
692 | |
|
693 | 0 | for ( ;nblocks; nblocks-- ) |
694 | 0 | { |
695 | | /* Encrypt the counter. */ |
696 | 0 | do_encrypt_block(ctx, tmpbuf, ctr); |
697 | | /* XOR the input with the encrypted counter and store in output. */ |
698 | 0 | cipher_block_xor(outbuf, tmpbuf, inbuf, BLOWFISH_BLOCKSIZE); |
699 | 0 | outbuf += BLOWFISH_BLOCKSIZE; |
700 | 0 | inbuf += BLOWFISH_BLOCKSIZE; |
701 | | /* Increment the counter. */ |
702 | 0 | cipher_block_add (ctr, 1, BLOWFISH_BLOCKSIZE); |
703 | 0 | } |
704 | |
|
705 | 0 | wipememory(tmpbuf, sizeof(tmpbuf)); |
706 | 0 | _gcry_burn_stack(burn_stack_depth); |
707 | 0 | } |
708 | | |
709 | | |
710 | | /* Bulk decryption of complete blocks in CBC mode. This function is only |
711 | | intended for the bulk encryption feature of cipher.c. */ |
712 | | static void |
713 | | _gcry_blowfish_cbc_dec(void *context, unsigned char *iv, void *outbuf_arg, |
714 | | const void *inbuf_arg, size_t nblocks) |
715 | 0 | { |
716 | 0 | BLOWFISH_context *ctx = context; |
717 | 0 | unsigned char *outbuf = outbuf_arg; |
718 | 0 | const unsigned char *inbuf = inbuf_arg; |
719 | 0 | unsigned char savebuf[BLOWFISH_BLOCKSIZE * 3]; |
720 | 0 | int burn_stack_depth = (64) + 4 * BLOWFISH_BLOCKSIZE; |
721 | |
|
722 | 0 | #ifdef USE_AMD64_ASM |
723 | 0 | { |
724 | 0 | if (nblocks >= 4) |
725 | 0 | burn_stack_depth += 5 * sizeof(void*); |
726 | | |
727 | | /* Process data in 4 block chunks. */ |
728 | 0 | while (nblocks >= 4) |
729 | 0 | { |
730 | 0 | blowfish_amd64_cbc_dec(ctx, outbuf, inbuf, iv); |
731 | |
|
732 | 0 | nblocks -= 4; |
733 | 0 | outbuf += 4 * BLOWFISH_BLOCKSIZE; |
734 | 0 | inbuf += 4 * BLOWFISH_BLOCKSIZE; |
735 | 0 | } |
736 | | |
737 | | /* Use generic code to handle smaller chunks... */ |
738 | 0 | } |
739 | | #elif defined(USE_ARM_ASM) |
740 | | { |
741 | | /* Process data in 2 block chunks. */ |
742 | | while (nblocks >= 2) |
743 | | { |
744 | | _gcry_blowfish_arm_cbc_dec(ctx, outbuf, inbuf, iv); |
745 | | |
746 | | nblocks -= 2; |
747 | | outbuf += 2 * BLOWFISH_BLOCKSIZE; |
748 | | inbuf += 2 * BLOWFISH_BLOCKSIZE; |
749 | | } |
750 | | |
751 | | /* Use generic code to handle smaller chunks... */ |
752 | | } |
753 | | #endif |
754 | |
|
755 | | #if !defined(USE_AMD64_ASM) && !defined(USE_ARM_ASM) |
756 | | for ( ;nblocks >= 3; nblocks -= 3) |
757 | | { |
758 | | /* INBUF is needed later and it may be identical to OUTBUF, so store |
759 | | the intermediate result to SAVEBUF. */ |
760 | | do_decrypt_3 (ctx, savebuf, inbuf); |
761 | | |
762 | | cipher_block_xor_1 (savebuf + 0, iv, BLOWFISH_BLOCKSIZE); |
763 | | cipher_block_xor_1 (savebuf + 8, inbuf, BLOWFISH_BLOCKSIZE * 2); |
764 | | cipher_block_cpy (iv, inbuf + 16, BLOWFISH_BLOCKSIZE); |
765 | | buf_cpy (outbuf, savebuf, BLOWFISH_BLOCKSIZE * 3); |
766 | | inbuf += BLOWFISH_BLOCKSIZE * 3; |
767 | | outbuf += BLOWFISH_BLOCKSIZE * 3; |
768 | | } |
769 | | #endif |
770 | |
|
771 | 0 | for ( ;nblocks; nblocks-- ) |
772 | 0 | { |
773 | | /* INBUF is needed later and it may be identical to OUTBUF, so store |
774 | | the intermediate result to SAVEBUF. */ |
775 | 0 | do_decrypt_block (ctx, savebuf, inbuf); |
776 | |
|
777 | 0 | cipher_block_xor_n_copy_2(outbuf, savebuf, iv, inbuf, BLOWFISH_BLOCKSIZE); |
778 | 0 | inbuf += BLOWFISH_BLOCKSIZE; |
779 | 0 | outbuf += BLOWFISH_BLOCKSIZE; |
780 | 0 | } |
781 | |
|
782 | 0 | wipememory(savebuf, sizeof(savebuf)); |
783 | 0 | _gcry_burn_stack(burn_stack_depth); |
784 | 0 | } |
785 | | |
786 | | |
787 | | /* Bulk decryption of complete blocks in CFB mode. This function is only |
788 | | intended for the bulk encryption feature of cipher.c. */ |
789 | | static void |
790 | | _gcry_blowfish_cfb_dec(void *context, unsigned char *iv, void *outbuf_arg, |
791 | | const void *inbuf_arg, size_t nblocks) |
792 | 0 | { |
793 | 0 | BLOWFISH_context *ctx = context; |
794 | 0 | unsigned char *outbuf = outbuf_arg; |
795 | 0 | const unsigned char *inbuf = inbuf_arg; |
796 | 0 | unsigned char tmpbuf[BLOWFISH_BLOCKSIZE * 3]; |
797 | 0 | int burn_stack_depth = (64) + 4 * BLOWFISH_BLOCKSIZE; |
798 | |
|
799 | 0 | #ifdef USE_AMD64_ASM |
800 | 0 | { |
801 | 0 | if (nblocks >= 4) |
802 | 0 | burn_stack_depth += 5 * sizeof(void*); |
803 | | |
804 | | /* Process data in 4 block chunks. */ |
805 | 0 | while (nblocks >= 4) |
806 | 0 | { |
807 | 0 | blowfish_amd64_cfb_dec(ctx, outbuf, inbuf, iv); |
808 | |
|
809 | 0 | nblocks -= 4; |
810 | 0 | outbuf += 4 * BLOWFISH_BLOCKSIZE; |
811 | 0 | inbuf += 4 * BLOWFISH_BLOCKSIZE; |
812 | 0 | } |
813 | | |
814 | | /* Use generic code to handle smaller chunks... */ |
815 | 0 | } |
816 | | #elif defined(USE_ARM_ASM) |
817 | | { |
818 | | /* Process data in 2 block chunks. */ |
819 | | while (nblocks >= 2) |
820 | | { |
821 | | _gcry_blowfish_arm_cfb_dec(ctx, outbuf, inbuf, iv); |
822 | | |
823 | | nblocks -= 2; |
824 | | outbuf += 2 * BLOWFISH_BLOCKSIZE; |
825 | | inbuf += 2 * BLOWFISH_BLOCKSIZE; |
826 | | } |
827 | | |
828 | | /* Use generic code to handle smaller chunks... */ |
829 | | } |
830 | | #endif |
831 | |
|
832 | | #if !defined(USE_AMD64_ASM) && !defined(USE_ARM_ASM) |
833 | | for ( ;nblocks >= 3; nblocks -= 3 ) |
834 | | { |
835 | | cipher_block_cpy (tmpbuf + 0, iv, BLOWFISH_BLOCKSIZE); |
836 | | cipher_block_cpy (tmpbuf + 8, inbuf + 0, BLOWFISH_BLOCKSIZE * 2); |
837 | | cipher_block_cpy (iv, inbuf + 16, BLOWFISH_BLOCKSIZE); |
838 | | do_encrypt_3 (ctx, tmpbuf, tmpbuf); |
839 | | buf_xor (outbuf, inbuf, tmpbuf, BLOWFISH_BLOCKSIZE * 3); |
840 | | outbuf += BLOWFISH_BLOCKSIZE * 3; |
841 | | inbuf += BLOWFISH_BLOCKSIZE * 3; |
842 | | } |
843 | | #endif |
844 | |
|
845 | 0 | for ( ;nblocks; nblocks-- ) |
846 | 0 | { |
847 | 0 | do_encrypt_block(ctx, iv, iv); |
848 | 0 | cipher_block_xor_n_copy(outbuf, iv, inbuf, BLOWFISH_BLOCKSIZE); |
849 | 0 | outbuf += BLOWFISH_BLOCKSIZE; |
850 | 0 | inbuf += BLOWFISH_BLOCKSIZE; |
851 | 0 | } |
852 | |
|
853 | 0 | wipememory(tmpbuf, sizeof(tmpbuf)); |
854 | 0 | _gcry_burn_stack(burn_stack_depth); |
855 | 0 | } |
856 | | |
857 | | |
858 | | static const char* |
859 | | selftest(void) |
860 | 0 | { |
861 | 0 | BLOWFISH_context c; |
862 | 0 | cipher_bulk_ops_t bulk_ops; |
863 | 0 | byte plain[] = "BLOWFISH"; |
864 | 0 | byte buffer[8]; |
865 | 0 | static const byte plain3[] = |
866 | 0 | { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 }; |
867 | 0 | static const byte key3[] = |
868 | 0 | { 0x41, 0x79, 0x6E, 0xA0, 0x52, 0x61, 0x6E, 0xE4 }; |
869 | 0 | static const byte cipher3[] = |
870 | 0 | { 0xE1, 0x13, 0xF4, 0x10, 0x2C, 0xFC, 0xCE, 0x43 }; |
871 | |
|
872 | 0 | bf_setkey( (void *) &c, |
873 | 0 | (const unsigned char*)"abcdefghijklmnopqrstuvwxyz", 26, |
874 | 0 | &bulk_ops ); |
875 | 0 | encrypt_block( (void *) &c, buffer, plain ); |
876 | 0 | if( memcmp( buffer, "\x32\x4E\xD0\xFE\xF4\x13\xA2\x03", 8 ) ) |
877 | 0 | return "Blowfish selftest failed (1)."; |
878 | 0 | decrypt_block( (void *) &c, buffer, buffer ); |
879 | 0 | if( memcmp( buffer, plain, 8 ) ) |
880 | 0 | return "Blowfish selftest failed (2)."; |
881 | | |
882 | 0 | bf_setkey( (void *) &c, key3, 8, &bulk_ops ); |
883 | 0 | encrypt_block( (void *) &c, buffer, plain3 ); |
884 | 0 | if( memcmp( buffer, cipher3, 8 ) ) |
885 | 0 | return "Blowfish selftest failed (3)."; |
886 | 0 | decrypt_block( (void *) &c, buffer, buffer ); |
887 | 0 | if( memcmp( buffer, plain3, 8 ) ) |
888 | 0 | return "Blowfish selftest failed (4)."; |
889 | | |
890 | 0 | return NULL; |
891 | 0 | } |
892 | | |
893 | | |
894 | | struct hashset_elem { |
895 | | u32 val; |
896 | | short nidx; |
897 | | char used; |
898 | | }; |
899 | | |
900 | | static inline byte |
901 | | val_to_hidx(u32 val) |
902 | 0 | { |
903 | | /* bf sboxes are quite random already. */ |
904 | 0 | return (val >> 24) ^ (val >> 16) ^ (val >> 8) ^ val; |
905 | 0 | } |
906 | | |
907 | | static inline int |
908 | | add_val(struct hashset_elem hset[256], u32 val, int *midx, |
909 | | struct hashset_elem *mpool) |
910 | 0 | { |
911 | 0 | struct hashset_elem *elem; |
912 | 0 | byte hidx; |
913 | |
|
914 | 0 | hidx = val_to_hidx(val); |
915 | 0 | elem = &hset[hidx]; |
916 | | |
917 | | /* Check if first is in use. */ |
918 | 0 | if (elem->used == 0) |
919 | 0 | { |
920 | 0 | elem->val = val; |
921 | 0 | elem->nidx = -1; |
922 | 0 | elem->used = 1; |
923 | 0 | return 0; |
924 | 0 | } |
925 | | |
926 | | /* Check if first matches. */ |
927 | 0 | if (elem->val == val) |
928 | 0 | return 1; |
929 | | |
930 | 0 | for (; elem->nidx >= 0; elem = &mpool[elem->nidx]) |
931 | 0 | { |
932 | | /* Check if elem matches. */ |
933 | 0 | if (elem->val == val) |
934 | 0 | return 1; |
935 | 0 | } |
936 | | |
937 | 0 | elem->nidx = (*midx)++; |
938 | 0 | elem = &mpool[elem->nidx]; |
939 | |
|
940 | 0 | elem->val = val; |
941 | 0 | elem->nidx = -1; |
942 | 0 | elem->used = 1; |
943 | |
|
944 | 0 | return 0; |
945 | 0 | } |
946 | | |
947 | | static gcry_err_code_t |
948 | | do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen) |
949 | 0 | { |
950 | 0 | struct hashset_elem mempool[4 * 255]; /* Enough entries for the worst case. */ |
951 | 0 | struct hashset_elem hset[4][256]; |
952 | 0 | int memidx = 0; |
953 | 0 | int weak = 0; |
954 | 0 | int i, j, ret; |
955 | 0 | u32 data, datal, datar; |
956 | 0 | static int initialized; |
957 | 0 | static const char *selftest_failed; |
958 | |
|
959 | 0 | if( !initialized ) |
960 | 0 | { |
961 | 0 | initialized = 1; |
962 | 0 | selftest_failed = selftest(); |
963 | 0 | if( selftest_failed ) |
964 | 0 | log_error ("%s\n", selftest_failed ); |
965 | 0 | } |
966 | 0 | if( selftest_failed ) |
967 | 0 | return GPG_ERR_SELFTEST_FAILED; |
968 | | |
969 | 0 | if (keylen < BLOWFISH_KEY_MIN_BITS / 8 || |
970 | 0 | keylen > BLOWFISH_KEY_MAX_BITS / 8) |
971 | 0 | return GPG_ERR_INV_KEYLEN; |
972 | | |
973 | 0 | memset(hset, 0, sizeof(hset)); |
974 | |
|
975 | 0 | for(i=0; i < 16+2; i++ ) |
976 | 0 | c->p[i] = ps[i]; |
977 | 0 | for(i=0; i < 256; i++ ) |
978 | 0 | { |
979 | 0 | c->s0[i] = ks0[i]; |
980 | 0 | c->s1[i] = ks1[i]; |
981 | 0 | c->s2[i] = ks2[i]; |
982 | 0 | c->s3[i] = ks3[i]; |
983 | 0 | } |
984 | |
|
985 | 0 | for(i=j=0; i < 16+2; i++ ) |
986 | 0 | { |
987 | 0 | data = ((u32)key[j] << 24) | |
988 | 0 | ((u32)key[(j+1)%keylen] << 16) | |
989 | 0 | ((u32)key[(j+2)%keylen] << 8) | |
990 | 0 | ((u32)key[(j+3)%keylen]); |
991 | 0 | c->p[i] ^= data; |
992 | 0 | j = (j+4) % keylen; |
993 | 0 | } |
994 | |
|
995 | 0 | datal = datar = 0; |
996 | 0 | for(i=0; i < 16+2; i += 2 ) |
997 | 0 | { |
998 | 0 | do_encrypt( c, &datal, &datar ); |
999 | 0 | c->p[i] = datal; |
1000 | 0 | c->p[i+1] = datar; |
1001 | 0 | } |
1002 | 0 | for(i=0; i < 256; i += 2 ) |
1003 | 0 | { |
1004 | 0 | do_encrypt( c, &datal, &datar ); |
1005 | 0 | c->s0[i] = datal; |
1006 | 0 | c->s0[i+1] = datar; |
1007 | | |
1008 | | /* Add values to hashset, detect duplicates (weak keys). */ |
1009 | 0 | ret = add_val (hset[0], datal, &memidx, mempool); |
1010 | 0 | weak = ret ? 1 : weak; |
1011 | 0 | ret = add_val (hset[0], datar, &memidx, mempool); |
1012 | 0 | weak = ret ? 1 : weak; |
1013 | 0 | } |
1014 | 0 | for(i=0; i < 256; i += 2 ) |
1015 | 0 | { |
1016 | 0 | do_encrypt( c, &datal, &datar ); |
1017 | 0 | c->s1[i] = datal; |
1018 | 0 | c->s1[i+1] = datar; |
1019 | | |
1020 | | /* Add values to hashset, detect duplicates (weak keys). */ |
1021 | 0 | ret = add_val (hset[1], datal, &memidx, mempool); |
1022 | 0 | weak = ret ? 1 : weak; |
1023 | 0 | ret = add_val (hset[1], datar, &memidx, mempool); |
1024 | 0 | weak = ret ? 1 : weak; |
1025 | 0 | } |
1026 | 0 | for(i=0; i < 256; i += 2 ) |
1027 | 0 | { |
1028 | 0 | do_encrypt( c, &datal, &datar ); |
1029 | 0 | c->s2[i] = datal; |
1030 | 0 | c->s2[i+1] = datar; |
1031 | | |
1032 | | /* Add values to hashset, detect duplicates (weak keys). */ |
1033 | 0 | ret = add_val (hset[2], datal, &memidx, mempool); |
1034 | 0 | weak = ret ? 1 : weak; |
1035 | 0 | ret = add_val (hset[2], datar, &memidx, mempool); |
1036 | 0 | weak = ret ? 1 : weak; |
1037 | 0 | } |
1038 | 0 | for(i=0; i < 256; i += 2 ) |
1039 | 0 | { |
1040 | 0 | do_encrypt( c, &datal, &datar ); |
1041 | 0 | c->s3[i] = datal; |
1042 | 0 | c->s3[i+1] = datar; |
1043 | | |
1044 | | /* Add values to hashset, detect duplicates (weak keys). */ |
1045 | 0 | ret = add_val (hset[3], datal, &memidx, mempool); |
1046 | 0 | weak = ret ? 1 : weak; |
1047 | 0 | ret = add_val (hset[3], datar, &memidx, mempool); |
1048 | 0 | weak = ret ? 1 : weak; |
1049 | 0 | } |
1050 | | |
1051 | | /* Clear stack. */ |
1052 | 0 | wipememory(hset, sizeof(hset)); |
1053 | 0 | wipememory(mempool, sizeof(mempool[0]) * memidx); |
1054 | |
|
1055 | 0 | _gcry_burn_stack (64); |
1056 | | |
1057 | | /* Check for weak key. A weak key is a key in which a value in |
1058 | | the P-array (here c) occurs more than once per table. */ |
1059 | 0 | if (weak) |
1060 | 0 | return GPG_ERR_WEAK_KEY; |
1061 | | |
1062 | 0 | return GPG_ERR_NO_ERROR; |
1063 | 0 | } |
1064 | | |
1065 | | |
1066 | | static gcry_err_code_t |
1067 | | bf_setkey (void *context, const byte *key, unsigned keylen, |
1068 | | cipher_bulk_ops_t *bulk_ops) |
1069 | 0 | { |
1070 | 0 | BLOWFISH_context *c = (BLOWFISH_context *) context; |
1071 | 0 | gcry_err_code_t rc = do_bf_setkey (c, key, keylen); |
1072 | | |
1073 | | /* Setup bulk encryption routines. */ |
1074 | 0 | memset (bulk_ops, 0, sizeof(*bulk_ops)); |
1075 | 0 | bulk_ops->cfb_dec = _gcry_blowfish_cfb_dec; |
1076 | 0 | bulk_ops->cbc_dec = _gcry_blowfish_cbc_dec; |
1077 | 0 | bulk_ops->ctr_enc = _gcry_blowfish_ctr_enc; |
1078 | |
|
1079 | 0 | return rc; |
1080 | 0 | } |
1081 | | |
1082 | | |
1083 | | gcry_cipher_spec_t _gcry_cipher_spec_blowfish = |
1084 | | { |
1085 | | GCRY_CIPHER_BLOWFISH, {0, 0}, |
1086 | | "BLOWFISH", NULL, NULL, BLOWFISH_BLOCKSIZE, 128, |
1087 | | sizeof (BLOWFISH_context), |
1088 | | bf_setkey, encrypt_block, decrypt_block |
1089 | | }; |