~mdw / become / blob
? search:


ddf7b262ce11f3e95718f611112106360eb0ad22
[become] / src / blowfish.c
1 /* -*-c-*-
2 *
3 * $Id: blowfish.c,v 1.1 1997/07/21 13:47:53 mdw Exp $
4 *
5 * Blowfish encryption routines
6 *
7 * (c) 1997 Mark Wooding
8 */
9
10 /*----- Licencing notice --------------------------------------------------*
11 *
12 * This file is part of `become'
13 *
14 * `Become' is free software; you can redistribute it and/or modify
15 * it under the terms of the GNU General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or
17 * (at your option) any later version.
18 *
19 * `Become' is distributed in the hope that it will be useful,
20 * but WITHOUT ANY WARRANTY; without even the implied warranty of
21 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22 * GNU General Public License for more details.
23 *
24 * You should have received a copy of the GNU General Public License
25 * along with `become'; if not, write to the Free Software
26 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
27 */
28
29 /*----- Revision history --------------------------------------------------*
30 *
31 * $Log: blowfish.c,v $
32 * Revision 1.1 1997/07/21 13:47:53 mdw
33 * Initial revision
34 *
35 */
36
37 /*----- Header files ------------------------------------------------------*/
38
39 /* --- ANSI headers --- */
40
41 #include <stdio.h>
42
43 /* --- Local headers --- */
44
45 #include "config.h"
46 #include "blowfish.h"
47 #include "utils.h"
48
49 /*----- Define the initial S-box values -----------------------------------*/
50
51 #include "blowfish-sbox.h"
52
53 /*----- Useful macros -----------------------------------------------------*/
54
55 /* --- The Blowfish round function --- *
56 *
57 * This is why I like this cipher. The round function is microscopic. And
58 * very fast.
59 */
60
61 #define ROUND(L, R, K) \
62 ((L) ^= k->p[K], \
63 (R) ^= ((((k->s0[((L) >> 24) & 0xFF]) + \
64 k->s1[((L) >> 16) & 0xFF]) ^ \
65 k->s2[((L) >> 8) & 0xFF]) + \
66 k->s3[((L) >> 0) & 0xFF]))
67
68 /*----- Main code ---------------------------------------------------------*/
69
70 /* --- @blowfish_encrypt@ --- *
71 *
72 * Arguments: @const blowfish_key *k@ = pointer to key block
73 * @const void *from@ = block to encrypt from
74 * @void *to@ = block to encrypt to
75 *
76 * Returns: ---
77 *
78 * Use: Encrypts a block using the Blowfish algorithm.
79 */
80
81 void blowfish_encrypt(const blowfish_key *k, const void *from, void *to)
82 {
83 uint_32 l, r;
84 const unsigned char *f = from;
85 unsigned char *t = to;
86
87 /* --- Extract left and right block halves --- */
88
89 l = load32(f + 0);
90 r = load32(f + 4);
91
92 /* --- Now run the round function on these values --- */
93
94 ROUND(l, r, 0);
95 ROUND(r, l, 1);
96 ROUND(l, r, 2);
97 ROUND(r, l, 3);
98 ROUND(l, r, 4);
99 ROUND(r, l, 5);
100 ROUND(l, r, 6);
101 ROUND(r, l, 7);
102 ROUND(l, r, 8);
103 ROUND(r, l, 9);
104 ROUND(l, r, 10);
105 ROUND(r, l, 11);
106 ROUND(l, r, 12);
107 ROUND(r, l, 13);
108 ROUND(l, r, 14);
109 ROUND(r, l, 15);
110
111 /* --- Final transformation --- */
112
113 l ^= k->p[16];
114 r ^= k->p[17];
115
116 /* --- Store the encrypted value --- */
117
118 store32(t + 0, r);
119 store32(t + 4, l);
120 }
121
122 /* --- @blowfish_decrypt@ --- *
123 *
124 * Arguments: @const blowfish_key *k@ = pointer to key block
125 * @const void *from@ = block to decrypt from
126 * @void *to@ = block to decrypt to
127 *
128 * Returns: ---
129 *
130 * Use: Decrypts a block using the Blowfish algorithm.
131 */
132
133 void blowfish_decrypt(const blowfish_key *k, const void *from, void *to)
134 {
135 uint_32 l, r;
136 const unsigned char *f = from;
137 unsigned char *t = to;
138
139 /* --- Extract left and right block halves --- */
140
141 l = load32(f + 0);
142 r = load32(f + 4);
143
144 /* --- Now run the round function on these values --- */
145
146 ROUND(l, r, 17);
147 ROUND(r, l, 16);
148 ROUND(l, r, 15);
149 ROUND(r, l, 14);
150 ROUND(l, r, 13);
151 ROUND(r, l, 12);
152 ROUND(l, r, 11);
153 ROUND(r, l, 10);
154 ROUND(l, r, 9);
155 ROUND(r, l, 8);
156 ROUND(l, r, 7);
157 ROUND(r, l, 6);
158 ROUND(l, r, 5);
159 ROUND(r, l, 4);
160 ROUND(l, r, 3);
161 ROUND(r, l, 2);
162
163 /* --- Final transformation --- */
164
165 l ^= k->p[1];
166 r ^= k->p[0];
167
168 /* --- Store the decrypted value --- */
169
170 store32(t + 0, r);
171 store32(t + 4, l);
172 }
173
174 /* --- @blowfish__qcrypt@ --- *
175 *
176 * Arguments: @const blowfish_key *k@ = pointer to a key block
177 * @uint_32 *p@ = pointer to block to mangle
178 *
179 * Returns: ---
180 *
181 * Use: Mangles a block using the Blowfish algorithm.
182 */
183
184 static void blowfish__qcrypt(blowfish_key *k, uint_32 *p)
185 {
186 uint_32 l = p[0], r = p[1];
187
188 /* --- Run the round function --- */
189
190 ROUND(l, r, 0);
191 ROUND(r, l, 1);
192 ROUND(l, r, 2);
193 ROUND(r, l, 3);
194 ROUND(l, r, 4);
195 ROUND(r, l, 5);
196 ROUND(l, r, 6);
197 ROUND(r, l, 7);
198 ROUND(l, r, 8);
199 ROUND(r, l, 9);
200 ROUND(l, r, 10);
201 ROUND(r, l, 11);
202 ROUND(l, r, 12);
203 ROUND(r, l, 13);
204 ROUND(l, r, 14);
205 ROUND(r, l, 15);
206
207 /* --- Output transformation --- */
208
209 l ^= k->p[16];
210 r ^= k->p[17];
211
212 /* --- Store the new values --- */
213
214 p[0] = r;
215 p[1] = l;
216 }
217
218 /* --- @blowfish__buildKey@ --- *
219 *
220 * Arguments: @blowfish_key *k@ = pointer to a key block to set up
221 *
222 * Returns: ---
223 *
224 * Use: Sets up the P-array and S-boxes once a key has been mixed
225 * into the P-array. Use a local copy of the Blowfish
226 * encryption routine, to avoid penalising the main code too
227 * much with having to veneer onto a general args-in-words
228 * function, and to avoid me messing about with transforming
229 * values backwards and forwards between char arrays and
230 * integers.
231 */
232
233 static void blowfish__buildKey(blowfish_key *k)
234 {
235 uint_32 b[2] = { 0, 0 };
236 int i;
237
238 /* --- First, run through the P-array --- */
239
240 for (i = 0; i < 18; i += 2) {
241 blowfish__qcrypt(k, b);
242 k->p[i] = b[0];
243 k->p[i + 1] = b[1];
244 }
245
246 /* --- Now do the S-boxes --- */
247
248 for (i = 0; i < 256; i += 2) {
249 blowfish__qcrypt(k, b);
250 k->s0[i] = b[0];
251 k->s0[i + 1] = b[1];
252 }
253
254 for (i = 0; i < 256; i += 2) {
255 blowfish__qcrypt(k, b);
256 k->s1[i] = b[0];
257 k->s1[i + 1] = b[1];
258 }
259
260 for (i = 0; i < 256; i += 2) {
261 blowfish__qcrypt(k, b);
262 k->s2[i] = b[0];
263 k->s2[i + 1] = b[1];
264 }
265
266 for (i = 0; i < 256; i += 2) {
267 blowfish__qcrypt(k, b);
268 k->s3[i] = b[0];
269 k->s3[i + 1] = b[1];
270 }
271 }
272
273 /* --- @blowfish_setKey@ --- *
274 *
275 * Arguments: @blowfish_key *kb@ = pointer to key block to fill
276 * @void *k@ = pointer to key data
277 * @size_t sz@ = length of data in bytes
278 *
279 * Returns: ---
280 *
281 * Use: Expands a key which isn't represented as a number of whole
282 * words. This is a nonstandard extension, although it can be
283 * used to support 40-bit keys, which some governments might
284 * find more palatable than 160-bit (or 448-bit!) keys.
285 */
286
287 void blowfish_setKey(blowfish_key *kb, const void *k, size_t sz)
288 {
289 int i, j, l;
290 const unsigned char *p = k;
291 uint_32 a;
292
293 memcpy(kb, &blowfish__init, sizeof(blowfish__init));
294
295 j = 0;
296 for (i = 0; i < 18; i++) {
297 a = 0;
298 for (l = 0; l < 4; l++) {
299 a = (a << 8) | p[j];
300 j++;
301 if (j >= sz)
302 j = 0;
303 }
304 kb->p[i] ^= a;
305 }
306
307 blowfish__buildKey(kb);
308 }
309
310 /*----- Test rig ----------------------------------------------------------*/
311
312 #ifdef TEST_RIG
313
314 int main(void)
315 {
316 /* --- Stage one: ECB tests --- */
317
318 {
319 static struct {
320 uint_32 k[2];
321 uint_32 p[2];
322 uint_32 c[2];
323 } table[] = {
324 { { 0x00000000u, 0x00000000u },
325 { 0x00000000u, 0x00000000u },
326 { 0x4EF99745u, 0x6198DD78u } },
327
328 { { 0xFFFFFFFFu, 0xFFFFFFFFu },
329 { 0xFFFFFFFFu, 0xFFFFFFFFu },
330 { 0x51866FD5u, 0xB85ECB8Au } },
331
332 { { 0x30000000u, 0x00000000u },
333 { 0x10000000u, 0x00000001u },
334 { 0x7D856F9Au, 0x613063F2u } },
335
336 { { 0x11111111u, 0x11111111u },
337 { 0x11111111u, 0x11111111u },
338 { 0x2466DD87u, 0x8B963C9Du } },
339
340 { { 0x01234567u, 0x89ABCDEFu },
341 { 0x11111111u, 0x11111111u },
342 { 0x61F9C380u, 0x2281B096u } },
343
344 { { 0x11111111u, 0x11111111u },
345 { 0x01234567u, 0x89ABCDEFu },
346 { 0x7D0CC630u, 0xAFDA1EC7u } },
347
348 { { 0x00000000u, 0x00000000u },
349 { 0x00000000u, 0x00000000u },
350 { 0x4EF99745u, 0x6198DD78u } },
351
352 { { 0xFEDCBA98u, 0x76543210u },
353 { 0x01234567u, 0x89ABCDEFu },
354 { 0x0ACEAB0Fu, 0xC6A0A28Du } },
355
356 { { 0x7CA11045u, 0x4A1A6E57u },
357 { 0x01A1D6D0u, 0x39776742u },
358 { 0x59C68245u, 0xEB05282Bu } },
359
360 { { 0x0131D961u, 0x9DC1376Eu },
361 { 0x5CD54CA8u, 0x3DEF57DAu },
362 { 0xB1B8CC0Bu, 0x250F09A0u } },
363
364 { { 0x07A1133Eu, 0x4A0B2686u },
365 { 0x0248D438u, 0x06F67172u },
366 { 0x1730E577u, 0x8BEA1DA4u } },
367
368 { { 0x3849674Cu, 0x2602319Eu },
369 { 0x51454B58u, 0x2DDF440Au },
370 { 0xA25E7856u, 0xCF2651EBu } },
371
372 { { 0x04B915BAu, 0x43FEB5B6u },
373 { 0x42FD4430u, 0x59577FA2u },
374 { 0x353882B1u, 0x09CE8F1Au } },
375
376 { { 0x0113B970u, 0xFD34F2CEu },
377 { 0x059B5E08u, 0x51CF143Au },
378 { 0x48F4D088u, 0x4C379918u } },
379
380 { { 0x0170F175u, 0x468FB5E6u },
381 { 0x0756D8E0u, 0x774761D2u },
382 { 0x432193B7u, 0x8951FC98u } },
383
384 { { 0x43297FADu, 0x38E373FEu },
385 { 0x762514B8u, 0x29BF486Au },
386 { 0x13F04154u, 0xD69D1AE5u } },
387
388 { { 0x07A71370u, 0x45DA2A16u },
389 { 0x3BDD1190u, 0x49372802u },
390 { 0x2EEDDA93u, 0xFFD39C79u } },
391
392 { { 0x04689104u, 0xC2FD3B2Fu },
393 { 0x26955F68u, 0x35AF609Au },
394 { 0xD887E039u, 0x3C2DA6E3u } },
395
396 { { 0x37D06BB5u, 0x16CB7546u },
397 { 0x164D5E40u, 0x4F275232u },
398 { 0x5F99D04Fu, 0x5B163969u } },
399
400 { { 0x1F08260Du, 0x1AC2465Eu },
401 { 0x6B056E18u, 0x759F5CCAu },
402 { 0x4A057A3Bu, 0x24D3977Bu } },
403
404 { { 0x58402364u, 0x1ABA6176u },
405 { 0x004BD6EFu, 0x09176062u },
406 { 0x452031C1u, 0xE4FADA8Eu } },
407
408 { { 0x02581616u, 0x4629B007u },
409 { 0x480D3900u, 0x6EE762F2u },
410 { 0x7555AE39u, 0xF59B87BDu } },
411
412 { { 0x49793EBCu, 0x79B3258Fu },
413 { 0x437540C8u, 0x698F3CFAu },
414 { 0x53C55F9Cu, 0xB49FC019u } },
415
416 { { 0x4FB05E15u, 0x15AB73A7u },
417 { 0x072D43A0u, 0x77075292u },
418 { 0x7A8E7BFAu, 0x937E89A3u } },
419
420 { { 0x49E95D6Du, 0x4CA229BFu },
421 { 0x02FE5577u, 0x8117F12Au },
422 { 0xCF9C5D7Au, 0x4986ADB5u } },
423
424 { { 0x018310DCu, 0x409B26D6u },
425 { 0x1D9D5C50u, 0x18F728C2u },
426 { 0xD1ABB290u, 0x658BC778u } },
427
428 { { 0x1C587F1Cu, 0x13924FEFu },
429 { 0x30553228u, 0x6D6F295Au },
430 { 0x55CB3774u, 0xD13EF201u } },
431
432 { { 0x01010101u, 0x01010101u },
433 { 0x01234567u, 0x89ABCDEFu },
434 { 0xFA34EC48u, 0x47B268B2u } },
435
436 { { 0x1F1F1F1Fu, 0x0E0E0E0Eu },
437 { 0x01234567u, 0x89ABCDEFu },
438 { 0xA7907951u, 0x08EA3CAEu } },
439
440 { { 0xE0FEE0FEu, 0xF1FEF1FEu },
441 { 0x01234567u, 0x89ABCDEFu },
442 { 0xC39E072Du, 0x9FAC631Du } },
443
444 { { 0x00000000u, 0x00000000u },
445 { 0xFFFFFFFFu, 0xFFFFFFFFu },
446 { 0x014933E0u, 0xCDAFF6E4u } },
447
448 { { 0xFFFFFFFFu, 0xFFFFFFFFu },
449 { 0x00000000u, 0x00000000u },
450 { 0xF21E9A77u, 0xB71C49BCu } },
451
452 { { 0x01234567u, 0x89ABCDEFu },
453 { 0x00000000u, 0x00000000u },
454 { 0x24594688u, 0x5754369Au } },
455
456 { { 0xFEDCBA98u, 0x76543210u },
457 { 0xFFFFFFFFu, 0xFFFFFFFFu },
458 { 0x6B5C5A9Cu, 0x5D9E0A5Au } }
459 };
460
461 int f = 1;
462 int i;
463
464 printf("*** stage one: ");
465 fflush(stdout);
466
467 for (i = 0; i < sizeof(table) / sizeof(table[0]); i++) {
468 char kb[8], p[8], c[8];
469 blowfish_key k;
470
471 store32(kb + 0, table[i].k[0]);
472 store32(kb + 4, table[i].k[1]);
473 blowfish_setKey(&k, kb, 8);
474
475 store32(p + 0, table[i].p[0]);
476 store32(p + 4, table[i].p[1]);
477 blowfish_encrypt(&k, p, c);
478
479 if (load32(c + 0) != table[i].c[0] ||
480 load32(c + 4) != table[i].c[1]) {
481 printf("\n"
482 "!!! bad encryption\n"
483 " key = %08lx-%08lx\n"
484 " plaintext = %08lx-%08lx\n"
485 " expected ciphertext = %08lx-%08lx\n"
486 " calculated ciphertext = %08lx-%08lx\n",
487 (unsigned long)table[i].k[0],
488 (unsigned long)table[i].k[1],
489 (unsigned long)table[i].p[0],
490 (unsigned long)table[i].p[1],
491 (unsigned long)table[i].c[0],
492 (unsigned long)table[i].c[1],
493 (unsigned long)load32(c + 0),
494 (unsigned long)load32(c + 4));
495 f = 0;
496 }
497
498 blowfish_decrypt(&k, c, p);
499 if (load32(p + 0) != table[i].p[0] ||
500 load32(p + 4) != table[i].p[1]) {
501 printf("\n"
502 "!!! bad decryption\n"
503 " key = %08lx-%08lx\n"
504 " ciphertext = %08lx-%08lx\n"
505 " expected plaintext = %08lx-%08lx\n"
506 " calculated plaintext = %08lx-%08lx\n",
507 (unsigned long)table[i].k[0],
508 (unsigned long)table[i].k[1],
509 (unsigned long)table[i].c[0],
510 (unsigned long)table[i].c[1],
511 (unsigned long)table[i].p[0],
512 (unsigned long)table[i].p[1],
513 (unsigned long)load32(p + 0),
514 (unsigned long)load32(p + 4));
515 f = 0;
516 }
517
518 putchar('.');
519 fflush(stdout);
520 }
521 putchar('\n');
522 if (f)
523 printf("*** stage one ok\n");
524 }
525
526 /* --- Stage 2: key scheduling --- */
527
528 {
529 static struct {
530 uint_32 c[2];
531 } table[] = {
532 {{ 0xF9AD597Cu, 0x49DB005Eu }},
533 {{ 0xE91D21C1u, 0xD961A6D6u }},
534 {{ 0xE9C2B70Au, 0x1BC65CF3u }},
535 {{ 0xBE1E6394u, 0x08640F05u }},
536 {{ 0xB39E4448u, 0x1BDB1E6Eu }},
537 {{ 0x9457AA83u, 0xB1928C0Du }},
538 {{ 0x8BB77032u, 0xF960629Du }},
539 {{ 0xE87A244Eu, 0x2CC85E82u }},
540 {{ 0x15750E7Au, 0x4F4EC577u }},
541 {{ 0x122BA70Bu, 0x3AB64AE0u }},
542 {{ 0x3A833C9Au, 0xFFC537F6u }},
543 {{ 0x9409DA87u, 0xA90F6BF2u }},
544 {{ 0x884F8062u, 0x5060B8B4u }},
545 {{ 0x1F85031Cu, 0x19E11968u }},
546 {{ 0x79D9373Au, 0x714CA34Fu }},
547 {{ 0x93142887u, 0xEE3BE15Cu }},
548 {{ 0x03429E83u, 0x8CE2D14Bu }},
549 {{ 0xA4299E27u, 0x469FF67Bu }},
550 {{ 0xAFD5AED1u, 0xC1BC96A8u }},
551 {{ 0x10851C0Eu, 0x3858DA9Fu }},
552 {{ 0xE6F51ED7u, 0x9B9DB21Fu }},
553 {{ 0x64A6E14Au, 0xFD36B46Fu }},
554 {{ 0x80C7D7D4u, 0x5A5479ADu }},
555 {{ 0x05044B62u, 0xFA52D080u }},
556 };
557
558 unsigned char kk[] = {
559 0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87,
560 0x78, 0x69, 0x5A, 0x4B, 0x3C, 0x2D, 0x1E, 0x0F,
561 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
562 };
563
564 int i;
565 int f = 1;
566
567 printf("*** stage two: ");
568 fflush(stdout);
569
570 for (i = 0; i < sizeof(kk); i++) {
571 blowfish_key k;
572 unsigned char p[8] = { 0xFE, 0xDC, 0xBA, 0x98,
573 0x76, 0x54, 0x32, 0x10 };
574
575 blowfish_setKey(&k, kk, i + 1);
576 blowfish_encrypt(&k, p, p);
577
578 if (load32(p + 0) != table[i].c[0] ||
579 load32(p + 4) != table[i].c[1]) {
580 printf("!!! bad encryption\n"
581 " key length = %i\n"
582 " expected = %08lx-%08lx\n"
583 " calculated = %08lx-%08lx\n",
584 i + 1,
585 (unsigned long)table[i].c[0],
586 (unsigned long)table[i].c[1],
587 (unsigned long)load32(p + 0),
588 (unsigned long)load32(p + 4));
589 f = 0;
590 }
591
592 putchar('.');
593 fflush(stdout);
594 }
595
596 putchar('\n');
597
598 if (f)
599 printf("*** stage two ok\n");
600 }
601
602 return (0);
603
604 }
605
606 #endif
607
608 /*----- That's all, folks -------------------------------------------------*/
Management for shared accounts