projects / u / mdw / putty / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix off-by-one in selection update while scrolling. Thanks Richard B.
[u/mdw/putty] / sshblowf.c
CommitLineData
840de66d 1/*
2 * Blowfish implementation for PuTTY.
3 *
54eb0b3e 4 * Coded from scratch from the algorithm description.
840de66d 5 */
6
7#include <assert.h>
8#include <stdio.h>
9#include "ssh.h"
10
11typedef struct {
12 word32 S0[256], S1[256], S2[256], S3[256], P[18];
13 word32 iv0, iv1; /* for CBC mode */
14} BlowfishContext;
15
16#define GET_32BIT_LSB_FIRST(cp) \
17 (((unsigned long)(unsigned char)(cp)[0]) | \
18 ((unsigned long)(unsigned char)(cp)[1] << 8) | \
19 ((unsigned long)(unsigned char)(cp)[2] << 16) | \
20 ((unsigned long)(unsigned char)(cp)[3] << 24))
21
22#define PUT_32BIT_LSB_FIRST(cp, value) do { \
23 (cp)[0] = (value); \
24 (cp)[1] = (value) >> 8; \
25 (cp)[2] = (value) >> 16; \
26 (cp)[3] = (value) >> 24; } while (0)
27
5e8358ad 28#define GET_32BIT_MSB_FIRST(cp) \
29 (((unsigned long)(unsigned char)(cp)[0] << 24) | \
30 ((unsigned long)(unsigned char)(cp)[1] << 16) | \
31 ((unsigned long)(unsigned char)(cp)[2] << 8) | \
32 ((unsigned long)(unsigned char)(cp)[3]))
33
34#define PUT_32BIT_MSB_FIRST(cp, value) do { \
35 (cp)[0] = (value) >> 24; \
36 (cp)[1] = (value) >> 16; \
37 (cp)[2] = (value) >> 8; \
38 (cp)[3] = (value); } while (0)
39
840de66d 40/*
54eb0b3e 41 * The Blowfish init data: hex digits of the fractional part of pi.
42 * (ie pi as a hex fraction is 3.243F6A8885A308D3...)
840de66d 43 */
54eb0b3e 44static const word32 parray[] = {
45 0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0,
46 0x082EFA98, 0xEC4E6C89, 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C,
47 0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917, 0x9216D5D9, 0x8979FB1B,
48};
840de66d 49
54eb0b3e 50static const word32 sbox0[] = {
51 0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, 0xB8E1AFED, 0x6A267E96,
52 0xBA7C9045, 0xF12C7F99, 0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16,
53 0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, 0x0D95748F, 0x728EB658,
54 0x718BCD58, 0x82154AEE, 0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013,
55 0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF, 0x8E79DCB0, 0x603A180E,
56 0x6C9E0E8B, 0xB01E8A3E, 0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60,
57 0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, 0x55CA396A, 0x2AAB10B6,
58 0xB4CC5C34, 0x1141E8CE, 0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A,
59 0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, 0xAFD6BA33, 0x6C24CF5C,
60 0x7A325381, 0x28958677, 0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193,
61 0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032, 0xEF845D5D, 0xE98575B1,
62 0xDC262302, 0xEB651B88, 0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239,
63 0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, 0x21C66842, 0xF6E96C9A,
64 0x670C9C61, 0xABD388F0, 0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3,
65 0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, 0xA1F1651D, 0x39AF0176,
66 0x66CA593E, 0x82430E88, 0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE,
67 0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6, 0x4ED3AA62, 0x363F7706,
68 0x1BFEDF72, 0x429B023D, 0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B,
69 0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, 0xE3FE501A, 0xB6794C3B,
70 0x976CE0BD, 0x04C006BA, 0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463,
71 0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, 0x6DFC511F, 0x9B30952C,
72 0xCC814544, 0xAF5EBD09, 0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3,
73 0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB, 0x5579C0BD, 0x1A60320A,
74 0xD6A100C6, 0x402C7279, 0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8,
75 0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, 0x323DB5FA, 0xFD238760,
76 0x53317B48, 0x3E00DF82, 0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB,
77 0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, 0x695B27B0, 0xBBCA58C8,
78 0xE1FFA35D, 0xB8F011A0, 0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B,
79 0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790, 0xE1DDF2DA, 0xA4CB7E33,
80 0x62FB1341, 0xCEE4C6E8, 0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4,
81 0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, 0xD08ED1D0, 0xAFC725E0,
82 0x8E3C5B2F, 0x8E7594B7, 0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C,
83 0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, 0x2F2F2218, 0xBE0E1777,
84 0xEA752DFE, 0x8B021FA1, 0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299,
85 0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9, 0x165FA266, 0x80957705,
86 0x93CC7314, 0x211A1477, 0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF,
87 0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, 0x00250E2D, 0x2071B35E,
88 0x226800BB, 0x57B8E0AF, 0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA,
89 0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, 0x83260376, 0x6295CFA9,
90 0x11C81968, 0x4E734A41, 0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915,
91 0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400, 0x08BA6FB5, 0x571BE91F,
92 0xF296EC6B, 0x2A0DD915, 0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664,
93 0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A,
94};
840de66d 95
54eb0b3e 96static const word32 sbox1[] = {
97 0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623, 0xAD6EA6B0, 0x49A7DF7D,
98 0x9CEE60B8, 0x8FEDB266, 0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1,
99 0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E, 0x3F54989A, 0x5B429D65,
100 0x6B8FE4D6, 0x99F73FD6, 0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1,
101 0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E, 0x09686B3F, 0x3EBAEFC9,
102 0x3C971814, 0x6B6A70A1, 0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737,
103 0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8, 0xB03ADA37, 0xF0500C0D,
104 0xF01C1F04, 0x0200B3FF, 0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD,
105 0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701, 0x3AE5E581, 0x37C2DADC,
106 0xC8B57634, 0x9AF3DDA7, 0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41,
107 0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331, 0x4E548B38, 0x4F6DB908,
108 0x6F420D03, 0xF60A04BF, 0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF,
109 0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E, 0x5512721F, 0x2E6B7124,
110 0x501ADDE6, 0x9F84CD87, 0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C,
111 0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2, 0xEF1C1847, 0x3215D908,
112 0xDD433B37, 0x24C2BA16, 0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD,
113 0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B, 0x043556F1, 0xD7A3C76B,
114 0x3C11183B, 0x5924A509, 0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E,
115 0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3, 0x771FE71C, 0x4E3D06FA,
116 0x2965DCB9, 0x99E71D0F, 0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A,
117 0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4, 0xF2F74EA7, 0x361D2B3D,
118 0x1939260F, 0x19C27960, 0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66,
119 0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28, 0xC332DDEF, 0xBE6C5AA5,
120 0x65582185, 0x68AB9802, 0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84,
121 0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510, 0x13CCA830, 0xEB61BD96,
122 0x0334FE1E, 0xAA0363CF, 0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14,
123 0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E, 0x648B1EAF, 0x19BDF0CA,
124 0xA02369B9, 0x655ABB50, 0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7,
125 0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8, 0xF837889A, 0x97E32D77,
126 0x11ED935F, 0x16681281, 0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99,
127 0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696, 0xCDB30AEB, 0x532E3054,
128 0x8FD948E4, 0x6DBC3128, 0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73,
129 0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0, 0x45EEE2B6, 0xA3AAABEA,
130 0xDB6C4F15, 0xFACB4FD0, 0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105,
131 0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250, 0xCF62A1F2, 0x5B8D2646,
132 0xFC8883A0, 0xC1C7B6A3, 0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285,
133 0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00, 0x58428D2A, 0x0C55F5EA,
134 0x1DADF43E, 0x233F7061, 0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB,
135 0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E, 0xA6078084, 0x19F8509E,
136 0xE8EFD855, 0x61D99735, 0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC,
137 0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9, 0xDB73DBD3, 0x105588CD,
138 0x675FDA79, 0xE3674340, 0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20,
139 0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7,
140};
840de66d 141
54eb0b3e 142static const word32 sbox2[] = {
143 0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, 0x411520F7, 0x7602D4F7,
144 0xBCF46B2E, 0xD4A20068, 0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF,
145 0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, 0x4D95FC1D, 0x96B591AF,
146 0x70F4DDD3, 0x66A02F45, 0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504,
147 0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A, 0x28507825, 0x530429F4,
148 0x0A2C86DA, 0xE9B66DFB, 0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE,
149 0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, 0xAACE1E7C, 0xD3375FEC,
150 0xCE78A399, 0x406B2A42, 0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B,
151 0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, 0x3A6EFA74, 0xDD5B4332,
152 0x6841E7F7, 0xCA7820FB, 0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527,
153 0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B, 0x55A867BC, 0xA1159A58,
154 0xCCA92963, 0x99E1DB33, 0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C,
155 0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, 0x95C11548, 0xE4C66D22,
156 0x48C1133F, 0xC70F86DC, 0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17,
157 0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, 0x257B7834, 0x602A9C60,
158 0xDFF8E8A3, 0x1F636C1B, 0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115,
159 0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922, 0x85B2A20E, 0xE6BA0D99,
160 0xDE720C8C, 0x2DA2F728, 0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0,
161 0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, 0x0A476341, 0x992EFF74,
162 0x3A6F6EAB, 0xF4F8FD37, 0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D,
163 0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, 0xF1290DC7, 0xCC00FFA3,
164 0xB5390F92, 0x690FED0B, 0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3,
165 0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB, 0x37392EB3, 0xCC115979,
166 0x8026E297, 0xF42E312D, 0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C,
167 0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, 0x1A6B1018, 0x11CAEDFA,
168 0x3D25BDD8, 0xE2E1C3C9, 0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A,
169 0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, 0x9DBC8057, 0xF0F7C086,
170 0x60787BF8, 0x6003604D, 0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC,
171 0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F, 0x77A057BE, 0xBDE8AE24,
172 0x55464299, 0xBF582E61, 0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2,
173 0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, 0x7AEB2661, 0x8B1DDF84,
174 0x846A0E79, 0x915F95E2, 0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C,
175 0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, 0xB77F19B6, 0xE0A9DC09,
176 0x662D09A1, 0xC4324633, 0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10,
177 0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169, 0xDCB7DA83, 0x573906FE,
178 0xA1E2CE9B, 0x4FCD7F52, 0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027,
179 0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, 0xF0177A28, 0xC0F586E0,
180 0x006058AA, 0x30DC7D62, 0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634,
181 0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, 0x6F05E409, 0x4B7C0188,
182 0x39720A3D, 0x7C927C24, 0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC,
183 0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4, 0x1E50EF5E, 0xB161E6F8,
184 0xA28514D9, 0x6C51133C, 0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837,
185 0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0,
186};
840de66d 187
54eb0b3e 188static const word32 sbox3[] = {
189 0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, 0x5CB0679E, 0x4FA33742,
190 0xD3822740, 0x99BC9BBE, 0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B,
191 0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, 0x5748AB2F, 0xBC946E79,
192 0xC6A376D2, 0x6549C2C8, 0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6,
193 0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304, 0xA1FAD5F0, 0x6A2D519A,
194 0x63EF8CE2, 0x9A86EE22, 0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4,
195 0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, 0x2826A2F9, 0xA73A3AE1,
196 0x4BA99586, 0xEF5562E9, 0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59,
197 0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, 0xE990FD5A, 0x9E34D797,
198 0x2CF0B7D9, 0x022B8B51, 0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28,
199 0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C, 0xE029AC71, 0xE019A5E6,
200 0x47B0ACFD, 0xED93FA9B, 0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28,
201 0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, 0x15056DD4, 0x88F46DBA,
202 0x03A16125, 0x0564F0BD, 0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A,
203 0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, 0x7533D928, 0xB155FDF5,
204 0x03563482, 0x8ABA3CBB, 0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F,
205 0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991, 0xEA7A90C2, 0xFB3E7BCE,
206 0x5121CE64, 0x774FBE32, 0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680,
207 0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, 0xB39A460A, 0x6445C0DD,
208 0x586CDECF, 0x1C20C8AE, 0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB,
209 0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, 0x72EACEA8, 0xFA6484BB,
210 0x8D6612AE, 0xBF3C6F47, 0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370,
211 0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D, 0x4040CB08, 0x4EB4E2CC,
212 0x34D2466A, 0x0115AF84, 0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048,
213 0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, 0x611560B1, 0xE7933FDC,
214 0xBB3A792B, 0x344525BD, 0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9,
215 0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, 0x1A908749, 0xD44FBD9A,
216 0xD0DADECB, 0xD50ADA38, 0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F,
217 0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C, 0xBF97222C, 0x15E6FC2A,
218 0x0F91FC71, 0x9B941525, 0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1,
219 0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, 0xE0EC6E0E, 0x1698DB3B,
220 0x4C98A0BE, 0x3278E964, 0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E,
221 0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, 0xDF359F8D, 0x9B992F2E,
222 0xE60B6F47, 0x0FE3F11D, 0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F,
223 0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299, 0xF523F357, 0xA6327623,
224 0x93A83531, 0x56CCCD02, 0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC,
225 0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, 0xE6C6C7BD, 0x327A140A,
226 0x45E1D006, 0xC3F27B9A, 0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6,
227 0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, 0x53113EC0, 0x1640E3D3,
228 0x38ABBD60, 0x2547ADF0, 0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060,
229 0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E, 0x1948C25C, 0x02FB8A8C,
230 0x01C36AE4, 0xD6EBE1F9, 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F,
231 0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6,
232};
840de66d 233
234#define Fprime(a,b,c,d) ( ( (S0[a] + S1[b]) ^ S2[c] ) + S3[d] )
235#define F(x) Fprime( ((x>>24)&0xFF), ((x>>16)&0xFF), ((x>>8)&0xFF), (x&0xFF) )
236#define ROUND(n) ( xL ^= P[n], t = xL, xL = F(xL) ^ xR, xR = t )
237
32874aea 238static void blowfish_encrypt(word32 xL, word32 xR, word32 * output,
239 BlowfishContext * ctx)
240{
840de66d 241 word32 *S0 = ctx->S0;
242 word32 *S1 = ctx->S1;
243 word32 *S2 = ctx->S2;
244 word32 *S3 = ctx->S3;
245 word32 *P = ctx->P;
246 word32 t;
247
248 ROUND(0);
249 ROUND(1);
250 ROUND(2);
251 ROUND(3);
252 ROUND(4);
253 ROUND(5);
254 ROUND(6);
255 ROUND(7);
256 ROUND(8);
257 ROUND(9);
258 ROUND(10);
259 ROUND(11);
260 ROUND(12);
261 ROUND(13);
262 ROUND(14);
263 ROUND(15);
264 xL ^= P[16];
265 xR ^= P[17];
266
267 output[0] = xR;
268 output[1] = xL;
269}
270
32874aea 271static void blowfish_decrypt(word32 xL, word32 xR, word32 * output,
272 BlowfishContext * ctx)
273{
840de66d 274 word32 *S0 = ctx->S0;
275 word32 *S1 = ctx->S1;
276 word32 *S2 = ctx->S2;
277 word32 *S3 = ctx->S3;
278 word32 *P = ctx->P;
279 word32 t;
280
281 ROUND(17);
282 ROUND(16);
283 ROUND(15);
284 ROUND(14);
285 ROUND(13);
286 ROUND(12);
287 ROUND(11);
288 ROUND(10);
289 ROUND(9);
290 ROUND(8);
291 ROUND(7);
292 ROUND(6);
293 ROUND(5);
294 ROUND(4);
295 ROUND(3);
296 ROUND(2);
297 xL ^= P[1];
298 xR ^= P[0];
299
300 output[0] = xR;
301 output[1] = xL;
302}
303
5e8358ad 304static void blowfish_lsb_encrypt_cbc(unsigned char *blk, int len,
32874aea 305 BlowfishContext * ctx)
306{
840de66d 307 word32 xL, xR, out[2], iv0, iv1;
308
309 assert((len & 7) == 0);
310
32874aea 311 iv0 = ctx->iv0;
312 iv1 = ctx->iv1;
840de66d 313
314 while (len > 0) {
32874aea 315 xL = GET_32BIT_LSB_FIRST(blk);
316 xR = GET_32BIT_LSB_FIRST(blk + 4);
317 iv0 ^= xL;
318 iv1 ^= xR;
319 blowfish_encrypt(iv0, iv1, out, ctx);
320 iv0 = out[0];
321 iv1 = out[1];
322 PUT_32BIT_LSB_FIRST(blk, iv0);
323 PUT_32BIT_LSB_FIRST(blk + 4, iv1);
324 blk += 8;
325 len -= 8;
840de66d 326 }
327
32874aea 328 ctx->iv0 = iv0;
329 ctx->iv1 = iv1;
840de66d 330}
331
5e8358ad 332static void blowfish_lsb_decrypt_cbc(unsigned char *blk, int len,
32874aea 333 BlowfishContext * ctx)
334{
840de66d 335 word32 xL, xR, out[2], iv0, iv1;
336
337 assert((len & 7) == 0);
338
32874aea 339 iv0 = ctx->iv0;
340 iv1 = ctx->iv1;
840de66d 341
342 while (len > 0) {
32874aea 343 xL = GET_32BIT_LSB_FIRST(blk);
344 xR = GET_32BIT_LSB_FIRST(blk + 4);
345 blowfish_decrypt(xL, xR, out, ctx);
346 iv0 ^= out[0];
347 iv1 ^= out[1];
348 PUT_32BIT_LSB_FIRST(blk, iv0);
349 PUT_32BIT_LSB_FIRST(blk + 4, iv1);
350 iv0 = xL;
351 iv1 = xR;
352 blk += 8;
353 len -= 8;
840de66d 354 }
355
32874aea 356 ctx->iv0 = iv0;
357 ctx->iv1 = iv1;
840de66d 358}
359
5e8358ad 360static void blowfish_msb_encrypt_cbc(unsigned char *blk, int len,
32874aea 361 BlowfishContext * ctx)
362{
5e8358ad 363 word32 xL, xR, out[2], iv0, iv1;
364
365 assert((len & 7) == 0);
366
32874aea 367 iv0 = ctx->iv0;
368 iv1 = ctx->iv1;
5e8358ad 369
370 while (len > 0) {
32874aea 371 xL = GET_32BIT_MSB_FIRST(blk);
372 xR = GET_32BIT_MSB_FIRST(blk + 4);
373 iv0 ^= xL;
374 iv1 ^= xR;
375 blowfish_encrypt(iv0, iv1, out, ctx);
376 iv0 = out[0];
377 iv1 = out[1];
378 PUT_32BIT_MSB_FIRST(blk, iv0);
379 PUT_32BIT_MSB_FIRST(blk + 4, iv1);
380 blk += 8;
381 len -= 8;
5e8358ad 382 }
383
32874aea 384 ctx->iv0 = iv0;
385 ctx->iv1 = iv1;
5e8358ad 386}
387
388static void blowfish_msb_decrypt_cbc(unsigned char *blk, int len,
32874aea 389 BlowfishContext * ctx)
390{
5e8358ad 391 word32 xL, xR, out[2], iv0, iv1;
392
393 assert((len & 7) == 0);
394
32874aea 395 iv0 = ctx->iv0;
396 iv1 = ctx->iv1;
5e8358ad 397
398 while (len > 0) {
32874aea 399 xL = GET_32BIT_MSB_FIRST(blk);
400 xR = GET_32BIT_MSB_FIRST(blk + 4);
401 blowfish_decrypt(xL, xR, out, ctx);
402 iv0 ^= out[0];
403 iv1 ^= out[1];
404 PUT_32BIT_MSB_FIRST(blk, iv0);
405 PUT_32BIT_MSB_FIRST(blk + 4, iv1);
406 iv0 = xL;
407 iv1 = xR;
408 blk += 8;
409 len -= 8;
5e8358ad 410 }
411
32874aea 412 ctx->iv0 = iv0;
413 ctx->iv1 = iv1;
5e8358ad 414}
415
32874aea 416static void blowfish_setkey(BlowfishContext * ctx,
417 const unsigned char *key, short keybytes)
418{
840de66d 419 word32 *S0 = ctx->S0;
420 word32 *S1 = ctx->S1;
421 word32 *S2 = ctx->S2;
422 word32 *S3 = ctx->S3;
423 word32 *P = ctx->P;
424 word32 str[2];
425 int i;
426
427 for (i = 0; i < 18; i++) {
32874aea 428 P[i] = parray[i];
429 P[i] ^=
430 ((word32) (unsigned char) (key[(i * 4 + 0) % keybytes])) << 24;
431 P[i] ^=
432 ((word32) (unsigned char) (key[(i * 4 + 1) % keybytes])) << 16;
433 P[i] ^=
434 ((word32) (unsigned char) (key[(i * 4 + 2) % keybytes])) << 8;
435 P[i] ^= ((word32) (unsigned char) (key[(i * 4 + 3) % keybytes]));
840de66d 436 }
437
438 for (i = 0; i < 256; i++) {
32874aea 439 S0[i] = sbox0[i];
440 S1[i] = sbox1[i];
441 S2[i] = sbox2[i];
442 S3[i] = sbox3[i];
840de66d 443 }
444
445 str[0] = str[1] = 0;
446
447 for (i = 0; i < 18; i += 2) {
32874aea 448 blowfish_encrypt(str[0], str[1], str, ctx);
449 P[i] = str[0];
450 P[i + 1] = str[1];
840de66d 451 }
452
453 for (i = 0; i < 256; i += 2) {
32874aea 454 blowfish_encrypt(str[0], str[1], str, ctx);
455 S0[i] = str[0];
456 S0[i + 1] = str[1];
840de66d 457 }
458 for (i = 0; i < 256; i += 2) {
32874aea 459 blowfish_encrypt(str[0], str[1], str, ctx);
460 S1[i] = str[0];
461 S1[i + 1] = str[1];
840de66d 462 }
463 for (i = 0; i < 256; i += 2) {
32874aea 464 blowfish_encrypt(str[0], str[1], str, ctx);
465 S2[i] = str[0];
466 S2[i + 1] = str[1];
840de66d 467 }
468 for (i = 0; i < 256; i += 2) {
32874aea 469 blowfish_encrypt(str[0], str[1], str, ctx);
470 S3[i] = str[0];
471 S3[i + 1] = str[1];
840de66d 472 }
473}
474
475/* -- Interface with PuTTY -- */
476
477#define SSH_SESSION_KEY_LENGTH 32
840de66d 478
371e569c 479static void *blowfish_make_context(void)
d39f364a 480{
371e569c 481 return smalloc(sizeof(BlowfishContext));
d39f364a 482}
483
371e569c 484static void *blowfish_ssh1_make_context(void)
d39f364a 485{
371e569c 486 /* In SSH1, need one key for each direction */
487 return smalloc(2*sizeof(BlowfishContext));
d39f364a 488}
489
371e569c 490static void blowfish_free_context(void *handle)
d39f364a 491{
371e569c 492 sfree(handle);
d39f364a 493}
494
371e569c 495static void blowfish_key(void *handle, unsigned char *key)
d39f364a 496{
371e569c 497 BlowfishContext *ctx = (BlowfishContext *)handle;
498 blowfish_setkey(ctx, key, 16);
d39f364a 499}
500
371e569c 501static void blowfish_iv(void *handle, unsigned char *key)
840de66d 502{
371e569c 503 BlowfishContext *ctx = (BlowfishContext *)handle;
504 ctx->iv0 = GET_32BIT_MSB_FIRST(key);
505 ctx->iv1 = GET_32BIT_MSB_FIRST(key + 4);
840de66d 506}
507
371e569c 508static void blowfish_sesskey(void *handle, unsigned char *key)
840de66d 509{
371e569c 510 BlowfishContext *ctx = (BlowfishContext *)handle;
511 blowfish_setkey(ctx, key, SSH_SESSION_KEY_LENGTH);
512 ctx->iv0 = 0;
513 ctx->iv1 = 0;
514 ctx[1] = ctx[0]; /* structure copy */
840de66d 515}
516
371e569c 517static void blowfish_ssh1_encrypt_blk(void *handle, unsigned char *blk,
518 int len)
840de66d 519{
371e569c 520 BlowfishContext *ctx = (BlowfishContext *)handle;
521 blowfish_lsb_encrypt_cbc(blk, len, ctx);
840de66d 522}
523
371e569c 524static void blowfish_ssh1_decrypt_blk(void *handle, unsigned char *blk,
525 int len)
5e8358ad 526{
371e569c 527 BlowfishContext *ctx = (BlowfishContext *)handle;
528 blowfish_lsb_decrypt_cbc(blk, len, ctx+1);
5e8358ad 529}
530
371e569c 531static void blowfish_ssh2_encrypt_blk(void *handle, unsigned char *blk,
532 int len)
5e8358ad 533{
371e569c 534 BlowfishContext *ctx = (BlowfishContext *)handle;
535 blowfish_msb_encrypt_cbc(blk, len, ctx);
536}
537
538static void blowfish_ssh2_decrypt_blk(void *handle, unsigned char *blk,
539 int len)
540{
541 BlowfishContext *ctx = (BlowfishContext *)handle;
542 blowfish_msb_decrypt_cbc(blk, len, ctx);
5e8358ad 543}
544
65a22376 545const struct ssh_cipher ssh_blowfish_ssh1 = {
371e569c 546 blowfish_ssh1_make_context, blowfish_free_context, blowfish_sesskey,
547 blowfish_ssh1_encrypt_blk, blowfish_ssh1_decrypt_blk,
548 8, "Blowfish"
5e8358ad 549};
550
65a22376 551static const struct ssh2_cipher ssh_blowfish_ssh2 = {
371e569c 552 blowfish_make_context, blowfish_free_context, blowfish_iv, blowfish_key,
553 blowfish_ssh2_encrypt_blk, blowfish_ssh2_decrypt_blk,
e5574168 554 "blowfish-cbc",
371e569c 555 8, 128, "Blowfish"
840de66d 556};
0a3f1d48 557
65a22376 558static const struct ssh2_cipher *const blowfish_list[] = {
0a3f1d48 559 &ssh_blowfish_ssh2
560};
561
65a22376 562const struct ssh2_ciphers ssh2_blowfish = {
0a3f1d48 563 sizeof(blowfish_list) / sizeof(*blowfish_list),
564 blowfish_list
565};
Local modifications for Simon Tatham's `PuTTY' SSH client and terminal emulator