mdw@git.distorted.org.uk Git - become/blob - src/blowfish.c

   1 /* -*-c-*-
   2  *
   3  * $Id: blowfish.c,v 1.4 1997/12/08 15:29:50 mdw Exp $
   4  *
   5  * Blowfish encryption routines
   6  *
   7  * (c) 1997 Mark Wooding
   8  */
   9
  10 /*----- Licencing notice --------------------------------------------------*
  11  *
  12  * This file is part of `become'
  13  *
  14  * `Become' is free software; you can redistribute it and/or modify
  15  * it under the terms of the GNU General Public License as published by
  16  * the Free Software Foundation; either version 2 of the License, or
  17  * (at your option) any later version.
  18  *
  19  * `Become' is distributed in the hope that it will be useful,
  20  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  22  * GNU General Public License for more details.
  23  *
  24  * You should have received a copy of the GNU General Public License
  25  * along with `become'; if not, write to the Free Software Foundation,
  26  * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  27  */
  28
  29 /*----- Revision history --------------------------------------------------*
  30  *
  31  * $Log: blowfish.c,v $
  32  * Revision 1.4  1997/12/08 15:29:50  mdw
  33  * Formatting fixes.  Very boring.
  34  *
  35  * Revision 1.3  1997/08/07 09:42:58  mdw
  36  * Fix address of the FSF.
  37  *
  38  * Revision 1.2  1997/08/04 10:24:20  mdw
  39  * Sources placed under CVS control.
  40  *
  41  * Revision 1.1  1997/07/21  13:47:53  mdw
  42  * Initial revision
  43  *
  44  */
  45
  46 /*----- Header files ------------------------------------------------------*/
  47
  48 /* --- ANSI headers --- */
  49
  50 #include <stdio.h>
  51
  52 /* --- Local headers --- */
  53
  54 #include "config.h"
  55 #include "blowfish.h"
  56 #include "utils.h"
  57
  58 /*----- Define the initial S-box values -----------------------------------*/
  59
  60 #include "blowfish-sbox.h"
  61
  62 /*----- Useful macros -----------------------------------------------------*/
  63
  64 /* --- The Blowfish round function --- *
  65  *
  66  * This is why I like this cipher.  The round function is microscopic.  And
  67  * very fast.
  68  */
  69
  70 #define ROUND(L, R, K)                                                  \
  71   ((L) ^= k->p[K],                                                      \
  72    (R) ^= ((((k->s0[((L) >> 24) & 0xFF]) +                              \
  73               k->s1[((L) >> 16) & 0xFF]) ^                              \
  74               k->s2[((L) >>  8) & 0xFF]) +                              \
  75               k->s3[((L) >>  0) & 0xFF]))
  76
  77 /*----- Main code ---------------------------------------------------------*/
  78
  79 /* --- @blowfish_encrypt@ --- *
  80  *
  81  * Arguments:   @const blowfish_key *k@ = pointer to key block
  82  *              @const void *from@ = block to encrypt from
  83  *              @void *to@ = block to encrypt to
  84  *
  85  * Returns:     ---
  86  *
  87  * Use:         Encrypts a block using the Blowfish algorithm.
  88  */
  89
  90 void blowfish_encrypt(const blowfish_key *k, const void *from, void *to)
  91 {
  92   uint_32 l, r;
  93   const unsigned char *f = from;
  94   unsigned char *t = to;
  95
  96   /* --- Extract left and right block halves --- */
  97
  98   l = load32(f + 0);
  99   r = load32(f + 4);
 100
 101   /* --- Now run the round function on these values --- */
 102
 103   ROUND(l, r,  0);
 104   ROUND(r, l,  1);
 105   ROUND(l, r,  2);
 106   ROUND(r, l,  3);
 107   ROUND(l, r,  4);
 108   ROUND(r, l,  5);
 109   ROUND(l, r,  6);
 110   ROUND(r, l,  7);
 111   ROUND(l, r,  8);
 112   ROUND(r, l,  9);
 113   ROUND(l, r, 10);
 114   ROUND(r, l, 11);
 115   ROUND(l, r, 12);
 116   ROUND(r, l, 13);
 117   ROUND(l, r, 14);
 118   ROUND(r, l, 15);
 119
 120   /* --- Final transformation --- */
 121
 122   l ^= k->p[16];
 123   r ^= k->p[17];
 124
 125   /* --- Store the encrypted value --- */
 126
 127   store32(t + 0, r);
 128   store32(t + 4, l);
 129 }
 130
 131 /* --- @blowfish_decrypt@ --- *
 132  *
 133  * Arguments:   @const blowfish_key *k@ = pointer to key block
 134  *              @const void *from@ = block to decrypt from
 135  *              @void *to@ = block to decrypt to
 136  *
 137  * Returns:     ---
 138  *
 139  * Use:         Decrypts a block using the Blowfish algorithm.
 140  */
 141
 142 void blowfish_decrypt(const blowfish_key *k, const void *from, void *to)
 143 {
 144   uint_32 l, r;
 145   const unsigned char *f = from;
 146   unsigned char *t = to;
 147
 148   /* --- Extract left and right block halves --- */
 149
 150   l = load32(f + 0);
 151   r = load32(f + 4);
 152
 153   /* --- Now run the round function on these values --- */
 154
 155   ROUND(l, r, 17);
 156   ROUND(r, l, 16);
 157   ROUND(l, r, 15);
 158   ROUND(r, l, 14);
 159   ROUND(l, r, 13);
 160   ROUND(r, l, 12);
 161   ROUND(l, r, 11);
 162   ROUND(r, l, 10);
 163   ROUND(l, r,  9);
 164   ROUND(r, l,  8);
 165   ROUND(l, r,  7);
 166   ROUND(r, l,  6);
 167   ROUND(l, r,  5);
 168   ROUND(r, l,  4);
 169   ROUND(l, r,  3);
 170   ROUND(r, l,  2);
 171
 172   /* --- Final transformation --- */
 173
 174   l ^= k->p[1];
 175   r ^= k->p[0];
 176
 177   /* --- Store the decrypted value --- */
 178
 179   store32(t + 0, r);
 180   store32(t + 4, l);
 181 }
 182
 183 /* --- @blowfish__qcrypt@ --- *
 184  *
 185  * Arguments:   @const blowfish_key *k@ = pointer to a key block
 186  *              @uint_32 *p@ = pointer to block to mangle
 187  *
 188  * Returns:     ---
 189  *
 190  * Use:         Mangles a block using the Blowfish algorithm.
 191  */
 192
 193 static void blowfish__qcrypt(blowfish_key *k, uint_32 *p)
 194 {
 195   uint_32 l = p[0], r = p[1];
 196
 197   /* --- Run the round function --- */
 198
 199   ROUND(l, r,  0);
 200   ROUND(r, l,  1);
 201   ROUND(l, r,  2);
 202   ROUND(r, l,  3);
 203   ROUND(l, r,  4);
 204   ROUND(r, l,  5);
 205   ROUND(l, r,  6);
 206   ROUND(r, l,  7);
 207   ROUND(l, r,  8);
 208   ROUND(r, l,  9);
 209   ROUND(l, r, 10);
 210   ROUND(r, l, 11);
 211   ROUND(l, r, 12);
 212   ROUND(r, l, 13);
 213   ROUND(l, r, 14);
 214   ROUND(r, l, 15);
 215
 216   /* --- Output transformation --- */
 217
 218   l ^= k->p[16];
 219   r ^= k->p[17];
 220
 221   /* --- Store the new values --- */
 222
 223   p[0] = r;
 224   p[1] = l;
 225 }
 226
 227 /* --- @blowfish__buildKey@ --- *
 228  *
 229  * Arguments:   @blowfish_key *k@ = pointer to a key block to set up
 230  *
 231  * Returns:     ---
 232  *
 233  * Use:         Sets up the P-array and S-boxes once a key has been mixed
 234  *              into the P-array.  Use a local copy of the Blowfish
 235  *              encryption routine, to avoid penalising the main code too
 236  *              much with having to veneer onto a general args-in-words
 237  *              function, and to avoid me messing about with transforming
 238  *              values backwards and forwards between char arrays and
 239  *              integers.
 240  */
 241
 242 static void blowfish__buildKey(blowfish_key *k)
 243 {
 244   uint_32 b[2] = { 0, 0 };
 245   int i;
 246
 247   /* --- First, run through the P-array --- */
 248
 249   for (i = 0; i < 18; i += 2) {
 250     blowfish__qcrypt(k, b);
 251     k->p[i] = b[0];
 252     k->p[i + 1] = b[1];
 253   }
 254
 255   /* --- Now do the S-boxes --- */
 256
 257   for (i = 0; i < 256; i += 2) {
 258     blowfish__qcrypt(k, b);
 259     k->s0[i] = b[0];
 260     k->s0[i + 1] = b[1];
 261   }
 262
 263   for (i = 0; i < 256; i += 2) {
 264     blowfish__qcrypt(k, b);
 265     k->s1[i] = b[0];
 266     k->s1[i + 1] = b[1];
 267   }
 268
 269   for (i = 0; i < 256; i += 2) {
 270     blowfish__qcrypt(k, b);
 271     k->s2[i] = b[0];
 272     k->s2[i + 1] = b[1];
 273   }
 274
 275   for (i = 0; i < 256; i += 2) {
 276     blowfish__qcrypt(k, b);
 277     k->s3[i] = b[0];
 278     k->s3[i + 1] = b[1];
 279   }
 280 }
 281
 282 /* --- @blowfish_setKey@ --- *
 283  *
 284  * Arguments:   @blowfish_key *kb@ = pointer to key block to fill
 285  *              @void *k@ = pointer to key data
 286  *              @size_t sz@ = length of data in bytes
 287  *
 288  * Returns:     ---
 289  *
 290  * Use:         Expands a key which isn't represented as a number of whole
 291  *              words.  This is a nonstandard extension, although it can be
 292  *              used to support 40-bit keys, which some governments might
 293  *              find more palatable than 160-bit (or 448-bit!) keys.
 294  */
 295
 296 void blowfish_setKey(blowfish_key *kb, const void *k, size_t sz)
 297 {
 298   int i, j, l;
 299   const unsigned char *p = k;
 300   uint_32 a;
 301
 302   memcpy(kb, &blowfish__init, sizeof(blowfish__init));
 303
 304   j = 0;
 305   for (i = 0; i < 18; i++) {
 306     a = 0;
 307     for (l = 0; l < 4; l++) {
 308       a = (a << 8) | p[j];
 309       j++;
 310       if (j >= sz)
 311         j = 0;
 312     }
 313     kb->p[i] ^= a;
 314   }
 315
 316   blowfish__buildKey(kb);
 317 }
 318
 319 /*----- Test rig ----------------------------------------------------------*/
 320
 321 #ifdef TEST_RIG
 322
 323 int main(void)
 324 {
 325   /* --- Stage one: ECB tests --- */
 326
 327   {
 328     static struct {
 329       uint_32 k[2];
 330       uint_32 p[2];
 331       uint_32 c[2];
 332     } table[] = {
 333       { { 0x00000000u, 0x00000000u },
 334         { 0x00000000u, 0x00000000u },
 335         { 0x4EF99745u, 0x6198DD78u } },
 336
 337       { { 0xFFFFFFFFu, 0xFFFFFFFFu },
 338         { 0xFFFFFFFFu, 0xFFFFFFFFu },
 339         { 0x51866FD5u, 0xB85ECB8Au } },
 340
 341       { { 0x30000000u, 0x00000000u },
 342         { 0x10000000u, 0x00000001u },
 343         { 0x7D856F9Au, 0x613063F2u } },
 344
 345       { { 0x11111111u, 0x11111111u },
 346         { 0x11111111u, 0x11111111u },
 347         { 0x2466DD87u, 0x8B963C9Du } },
 348
 349       { { 0x01234567u, 0x89ABCDEFu },
 350         { 0x11111111u, 0x11111111u },
 351         { 0x61F9C380u, 0x2281B096u } },
 352
 353       { { 0x11111111u, 0x11111111u },
 354         { 0x01234567u, 0x89ABCDEFu },
 355         { 0x7D0CC630u, 0xAFDA1EC7u } },
 356
 357       { { 0x00000000u, 0x00000000u },
 358         { 0x00000000u, 0x00000000u },
 359         { 0x4EF99745u, 0x6198DD78u } },
 360
 361       { { 0xFEDCBA98u, 0x76543210u },
 362         { 0x01234567u, 0x89ABCDEFu },
 363         { 0x0ACEAB0Fu, 0xC6A0A28Du } },
 364
 365       { { 0x7CA11045u, 0x4A1A6E57u },
 366         { 0x01A1D6D0u, 0x39776742u },
 367         { 0x59C68245u, 0xEB05282Bu } },
 368
 369       { { 0x0131D961u, 0x9DC1376Eu },
 370         { 0x5CD54CA8u, 0x3DEF57DAu },
 371         { 0xB1B8CC0Bu, 0x250F09A0u } },
 372
 373       { { 0x07A1133Eu, 0x4A0B2686u },
 374         { 0x0248D438u, 0x06F67172u },
 375         { 0x1730E577u, 0x8BEA1DA4u } },
 376
 377       { { 0x3849674Cu, 0x2602319Eu },
 378         { 0x51454B58u, 0x2DDF440Au },
 379         { 0xA25E7856u, 0xCF2651EBu } },
 380
 381       { { 0x04B915BAu, 0x43FEB5B6u },
 382         { 0x42FD4430u, 0x59577FA2u },
 383         { 0x353882B1u, 0x09CE8F1Au } },
 384
 385       { { 0x0113B970u, 0xFD34F2CEu },
 386         { 0x059B5E08u, 0x51CF143Au },
 387         { 0x48F4D088u, 0x4C379918u } },
 388
 389       { { 0x0170F175u, 0x468FB5E6u },
 390         { 0x0756D8E0u, 0x774761D2u },
 391         { 0x432193B7u, 0x8951FC98u } },
 392
 393       { { 0x43297FADu, 0x38E373FEu },
 394         { 0x762514B8u, 0x29BF486Au },
 395         { 0x13F04154u, 0xD69D1AE5u } },
 396
 397       { { 0x07A71370u, 0x45DA2A16u },
 398         { 0x3BDD1190u, 0x49372802u },
 399         { 0x2EEDDA93u, 0xFFD39C79u } },
 400
 401       { { 0x04689104u, 0xC2FD3B2Fu },
 402         { 0x26955F68u, 0x35AF609Au },
 403         { 0xD887E039u, 0x3C2DA6E3u } },
 404
 405       { { 0x37D06BB5u, 0x16CB7546u },
 406         { 0x164D5E40u, 0x4F275232u },
 407         { 0x5F99D04Fu, 0x5B163969u } },
 408
 409       { { 0x1F08260Du, 0x1AC2465Eu },
 410         { 0x6B056E18u, 0x759F5CCAu },
 411         { 0x4A057A3Bu, 0x24D3977Bu } },
 412
 413       { { 0x58402364u, 0x1ABA6176u },
 414         { 0x004BD6EFu, 0x09176062u },
 415         { 0x452031C1u, 0xE4FADA8Eu } },
 416
 417       { { 0x02581616u, 0x4629B007u },
 418         { 0x480D3900u, 0x6EE762F2u },
 419         { 0x7555AE39u, 0xF59B87BDu } },
 420
 421       { { 0x49793EBCu, 0x79B3258Fu },
 422         { 0x437540C8u, 0x698F3CFAu },
 423         { 0x53C55F9Cu, 0xB49FC019u } },
 424
 425       { { 0x4FB05E15u, 0x15AB73A7u },
 426         { 0x072D43A0u, 0x77075292u },
 427         { 0x7A8E7BFAu, 0x937E89A3u } },
 428
 429       { { 0x49E95D6Du, 0x4CA229BFu },
 430         { 0x02FE5577u, 0x8117F12Au },
 431         { 0xCF9C5D7Au, 0x4986ADB5u } },
 432
 433       { { 0x018310DCu, 0x409B26D6u },
 434         { 0x1D9D5C50u, 0x18F728C2u },
 435         { 0xD1ABB290u, 0x658BC778u } },
 436
 437       { { 0x1C587F1Cu, 0x13924FEFu },
 438         { 0x30553228u, 0x6D6F295Au },
 439         { 0x55CB3774u, 0xD13EF201u } },
 440
 441       { { 0x01010101u, 0x01010101u },
 442         { 0x01234567u, 0x89ABCDEFu },
 443         { 0xFA34EC48u, 0x47B268B2u } },
 444
 445       { { 0x1F1F1F1Fu, 0x0E0E0E0Eu },
 446         { 0x01234567u, 0x89ABCDEFu },
 447         { 0xA7907951u, 0x08EA3CAEu } },
 448
 449       { { 0xE0FEE0FEu, 0xF1FEF1FEu },
 450         { 0x01234567u, 0x89ABCDEFu },
 451         { 0xC39E072Du, 0x9FAC631Du } },
 452
 453       { { 0x00000000u, 0x00000000u },
 454         { 0xFFFFFFFFu, 0xFFFFFFFFu },
 455         { 0x014933E0u, 0xCDAFF6E4u } },
 456
 457       { { 0xFFFFFFFFu, 0xFFFFFFFFu },
 458         { 0x00000000u, 0x00000000u },
 459         { 0xF21E9A77u, 0xB71C49BCu } },
 460
 461       { { 0x01234567u, 0x89ABCDEFu },
 462         { 0x00000000u, 0x00000000u },
 463         { 0x24594688u, 0x5754369Au } },
 464
 465       { { 0xFEDCBA98u, 0x76543210u },
 466         { 0xFFFFFFFFu, 0xFFFFFFFFu },
 467         { 0x6B5C5A9Cu, 0x5D9E0A5Au } }
 468     };
 469
 470     int f = 1;
 471     int i;
 472
 473     printf("*** stage one: ");
 474     fflush(stdout);
 475
 476     for (i = 0; i < sizeof(table) / sizeof(table[0]); i++) {
 477       char kb[8], p[8], c[8];
 478       blowfish_key k;
 479
 480       store32(kb + 0, table[i].k[0]);
 481       store32(kb + 4, table[i].k[1]);
 482       blowfish_setKey(&k, kb, 8);
 483
 484       store32(p + 0, table[i].p[0]);
 485       store32(p + 4, table[i].p[1]);
 486       blowfish_encrypt(&k, p, c);
 487
 488       if (load32(c + 0) != table[i].c[0] ||
 489           load32(c + 4) != table[i].c[1]) {
 490         printf("\n"
 491                "!!! bad encryption\n"
 492                "                    key = %08lx-%08lx\n"
 493                "              plaintext = %08lx-%08lx\n"
 494                "    expected ciphertext = %08lx-%08lx\n"
 495                "  calculated ciphertext = %08lx-%08lx\n",
 496                (unsigned long)table[i].k[0],
 497                (unsigned long)table[i].k[1],
 498                (unsigned long)table[i].p[0],
 499                (unsigned long)table[i].p[1],
 500                (unsigned long)table[i].c[0],
 501                (unsigned long)table[i].c[1],
 502                (unsigned long)load32(c + 0),
 503                (unsigned long)load32(c + 4));
 504         f = 0;
 505       }
 506
 507       blowfish_decrypt(&k, c, p);
 508       if (load32(p + 0) != table[i].p[0] ||
 509           load32(p + 4) != table[i].p[1]) {
 510         printf("\n"
 511                "!!! bad decryption\n"
 512                "                    key = %08lx-%08lx\n"
 513                "             ciphertext = %08lx-%08lx\n"
 514                "     expected plaintext = %08lx-%08lx\n"
 515                "   calculated plaintext = %08lx-%08lx\n",
 516                (unsigned long)table[i].k[0],
 517                (unsigned long)table[i].k[1],
 518                (unsigned long)table[i].c[0],
 519                (unsigned long)table[i].c[1],
 520                (unsigned long)table[i].p[0],
 521                (unsigned long)table[i].p[1],
 522                (unsigned long)load32(p + 0),
 523                (unsigned long)load32(p + 4));
 524         f = 0;
 525       }
 526
 527       putchar('.');
 528       fflush(stdout);
 529     }
 530     putchar('\n');
 531     if (f)
 532       printf("*** stage one ok\n");
 533   }
 534
 535   /* --- Stage 2: key scheduling --- */
 536
 537   {
 538     static struct {
 539       uint_32 c[2];
 540     } table[] = {
 541       {{ 0xF9AD597Cu, 0x49DB005Eu }},
 542       {{ 0xE91D21C1u, 0xD961A6D6u }},
 543       {{ 0xE9C2B70Au, 0x1BC65CF3u }},
 544       {{ 0xBE1E6394u, 0x08640F05u }},
 545       {{ 0xB39E4448u, 0x1BDB1E6Eu }},
 546       {{ 0x9457AA83u, 0xB1928C0Du }},
 547       {{ 0x8BB77032u, 0xF960629Du }},
 548       {{ 0xE87A244Eu, 0x2CC85E82u }},
 549       {{ 0x15750E7Au, 0x4F4EC577u }},
 550       {{ 0x122BA70Bu, 0x3AB64AE0u }},
 551       {{ 0x3A833C9Au, 0xFFC537F6u }},
 552       {{ 0x9409DA87u, 0xA90F6BF2u }},
 553       {{ 0x884F8062u, 0x5060B8B4u }},
 554       {{ 0x1F85031Cu, 0x19E11968u }},
 555       {{ 0x79D9373Au, 0x714CA34Fu }},
 556       {{ 0x93142887u, 0xEE3BE15Cu }},
 557       {{ 0x03429E83u, 0x8CE2D14Bu }},
 558       {{ 0xA4299E27u, 0x469FF67Bu }},
 559       {{ 0xAFD5AED1u, 0xC1BC96A8u }},
 560       {{ 0x10851C0Eu, 0x3858DA9Fu }},
 561       {{ 0xE6F51ED7u, 0x9B9DB21Fu }},
 562       {{ 0x64A6E14Au, 0xFD36B46Fu }},
 563       {{ 0x80C7D7D4u, 0x5A5479ADu }},
 564       {{ 0x05044B62u, 0xFA52D080u }},
 565     };
 566
 567     unsigned char kk[] = {
 568       0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87,
 569       0x78, 0x69, 0x5A, 0x4B, 0x3C, 0x2D, 0x1E, 0x0F,
 570       0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
 571     };
 572
 573     int i;
 574     int f = 1;
 575
 576     printf("*** stage two: ");
 577     fflush(stdout);
 578
 579     for (i = 0; i < sizeof(kk); i++) {
 580       blowfish_key k;
 581       unsigned char p[8] = { 0xFE, 0xDC, 0xBA, 0x98,
 582                              0x76, 0x54, 0x32, 0x10 };
 583
 584       blowfish_setKey(&k, kk, i + 1);
 585       blowfish_encrypt(&k, p, p);
 586
 587       if (load32(p + 0) != table[i].c[0] ||
 588           load32(p + 4) != table[i].c[1]) {
 589         printf("!!! bad encryption\n"
 590                "  key length = %i\n"
 591                "    expected = %08lx-%08lx\n"
 592                "  calculated = %08lx-%08lx\n",
 593                i + 1,
 594                (unsigned long)table[i].c[0],
 595                (unsigned long)table[i].c[1],
 596                (unsigned long)load32(p + 0),
 597                (unsigned long)load32(p + 4));
 598         f = 0;
 599       }
 600
 601       putchar('.');
 602       fflush(stdout);
 603     }
 604
 605     putchar('\n');
 606
 607     if (f)
 608       printf("*** stage two ok\n");
 609   }
 610
 611   return (0);
 612
 613 }
 614
 615 #endif
 616
 617 /*----- That's all, folks -------------------------------------------------*/