summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--configure.ac10
-rw-r--r--openbsd-compat/Makefile.in4
-rw-r--r--openbsd-compat/bcrypt_pbkdf.c176
-rw-r--r--openbsd-compat/blf.h88
-rw-r--r--openbsd-compat/blowfish.c694
-rw-r--r--openbsd-compat/openbsd-compat.h8
7 files changed, 979 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 9ca70ed18..5d630fb57 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,10 @@
37 [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents 37 [ge25519_base.data hash.c sc25519.c sc25519.h verify.c] Fix RCS idents
38 - [Makefile.in] Add ed25519 sources 38 - [Makefile.in] Add ed25519 sources
39 - [authfile.c] Conditionalise inclusion of util.h 39 - [authfile.c] Conditionalise inclusion of util.h
40 - [configure.ac openbsd-compat/Makefile.in openbsd-compat/bcrypt_pbkdf.c]
41 [openbsd-compat/blf.h openbsd-compat/blowfish.c]
42 [openbsd-compat/openbsd-compat.h] Start at supporting bcrypt_pbkdf in
43 portable.
40 44
4120131205 4520131205
42 - (djm) OpenBSD CVS Sync 46 - (djm) OpenBSD CVS Sync
diff --git a/configure.ac b/configure.ac
index 95240f51c..c8d4bfc6b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.545 2013/12/07 00:35:37 djm Exp $ 1# $Id: configure.ac,v 1.546 2013/12/07 00:51:51 djm Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -15,7 +15,7 @@
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 16
17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) 17AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org])
18AC_REVISION($Revision: 1.545 $) 18AC_REVISION($Revision: 1.546 $)
19AC_CONFIG_SRCDIR([ssh.c]) 19AC_CONFIG_SRCDIR([ssh.c])
20AC_LANG([C]) 20AC_LANG([C])
21 21
@@ -296,6 +296,7 @@ AC_ARG_WITH([Werror],
296) 296)
297 297
298AC_CHECK_HEADERS([ \ 298AC_CHECK_HEADERS([ \
299 blf.h \
299 bstring.h \ 300 bstring.h \
300 crypt.h \ 301 crypt.h \
301 crypto/sha2.h \ 302 crypto/sha2.h \
@@ -1530,6 +1531,10 @@ AC_ARG_WITH([audit],
1530 1531
1531dnl Checks for library functions. Please keep in alphabetical order 1532dnl Checks for library functions. Please keep in alphabetical order
1532AC_CHECK_FUNCS([ \ 1533AC_CHECK_FUNCS([ \
1534 Blowfish_initstate \
1535 Blowfish_expandstate \
1536 Blowfish_expand0state \
1537 Blowfish_stream2word \
1533 arc4random \ 1538 arc4random \
1534 arc4random_buf \ 1539 arc4random_buf \
1535 arc4random_stir \ 1540 arc4random_stir \
@@ -1542,6 +1547,7 @@ AC_CHECK_FUNCS([ \
1542 bcopy \ 1547 bcopy \
1543 bcrypt_pbkdf \ 1548 bcrypt_pbkdf \
1544 bindresvport_sa \ 1549 bindresvport_sa \
1550 blf_enc \
1545 clock \ 1551 clock \
1546 closefrom \ 1552 closefrom \
1547 dirfd \ 1553 dirfd \
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index a5f4a266c..3866a5495 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.52 2013/10/08 23:44:49 djm Exp $ 1# $Id: Makefile.in,v 1.53 2013/12/07 00:51:54 djm Exp $
2 2
3sysconfdir=@sysconfdir@ 3sysconfdir=@sysconfdir@
4piddir=@piddir@ 4piddir=@piddir@
@@ -16,7 +16,7 @@ RANLIB=@RANLIB@
16INSTALL=@INSTALL@ 16INSTALL=@INSTALL@
17LDFLAGS=-L. @LDFLAGS@ 17LDFLAGS=-L. @LDFLAGS@
18 18
19OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o 19OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o
20 20
21COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o 21COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22 22
diff --git a/openbsd-compat/bcrypt_pbkdf.c b/openbsd-compat/bcrypt_pbkdf.c
new file mode 100644
index 000000000..58bbfe15b
--- /dev/null
+++ b/openbsd-compat/bcrypt_pbkdf.c
@@ -0,0 +1,176 @@
1/* $OpenBSD: bcrypt_pbkdf.c,v 1.4 2013/07/29 00:55:53 tedu Exp $ */
2/*
3 * Copyright (c) 2013 Ted Unangst <tedu@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include "includes.h"
19
20#ifndef HAVE_BCRYPT_PBKDF
21
22#include <sys/types.h>
23#include <sys/param.h>
24
25#include <stdlib.h>
26#include <string.h>
27#include <util.h>
28
29#ifdef HAVE_BLF_H
30# include <blf.h>
31#endif
32#ifdef HAVE_SHA256_UPDATE
33# ifdef HAVE_SHA2_H
34# include <sha2.h>
35# elif defined(HAVE_CRYPTO_SHA2_H)
36# include <crypto/sha2.h>
37# endif
38#endif
39
40/*
41 * pkcs #5 pbkdf2 implementation using the "bcrypt" hash
42 *
43 * The bcrypt hash function is derived from the bcrypt password hashing
44 * function with the following modifications:
45 * 1. The input password and salt are preprocessed with SHA512.
46 * 2. The output length is expanded to 256 bits.
47 * 3. Subsequently the magic string to be encrypted is lengthened and modifed
48 * to "OxychromaticBlowfishSwatDynamite"
49 * 4. The hash function is defined to perform 64 rounds of initial state
50 * expansion. (More rounds are performed by iterating the hash.)
51 *
52 * Note that this implementation pulls the SHA512 operations into the caller
53 * as a performance optimization.
54 *
55 * One modification from official pbkdf2. Instead of outputting key material
56 * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to
57 * generate (i.e.) 512 bits of key material for use as two 256 bit keys, an
58 * attacker can merely run once through the outer loop below, but the user
59 * always runs it twice. Shuffling output bytes requires computing the
60 * entirety of the key material to assemble any subkey. This is something a
61 * wise caller could do; we just do it for you.
62 */
63
64#define BCRYPT_BLOCKS 8
65#define BCRYPT_HASHSIZE (BCRYPT_BLOCKS * 4)
66
67static void
68bcrypt_hash(u_int8_t *sha2pass, u_int8_t *sha2salt, u_int8_t *out)
69{
70 blf_ctx state;
71 u_int8_t ciphertext[BCRYPT_HASHSIZE] =
72 "OxychromaticBlowfishSwatDynamite";
73 uint32_t cdata[BCRYPT_BLOCKS];
74 int i;
75 uint16_t j;
76 size_t shalen = SHA512_DIGEST_LENGTH;
77
78 /* key expansion */
79 Blowfish_initstate(&state);
80 Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen);
81 for (i = 0; i < 64; i++) {
82 Blowfish_expand0state(&state, sha2salt, shalen);
83 Blowfish_expand0state(&state, sha2pass, shalen);
84 }
85
86 /* encryption */
87 j = 0;
88 for (i = 0; i < BCRYPT_BLOCKS; i++)
89 cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext),
90 &j);
91 for (i = 0; i < 64; i++)
92 blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t));
93
94 /* copy out */
95 for (i = 0; i < BCRYPT_BLOCKS; i++) {
96 out[4 * i + 3] = (cdata[i] >> 24) & 0xff;
97 out[4 * i + 2] = (cdata[i] >> 16) & 0xff;
98 out[4 * i + 1] = (cdata[i] >> 8) & 0xff;
99 out[4 * i + 0] = cdata[i] & 0xff;
100 }
101
102 /* zap */
103 memset(ciphertext, 0, sizeof(ciphertext));
104 memset(cdata, 0, sizeof(cdata));
105 memset(&state, 0, sizeof(state));
106}
107
108int
109bcrypt_pbkdf(const char *pass, size_t passlen, const u_int8_t *salt, size_t saltlen,
110 u_int8_t *key, size_t keylen, unsigned int rounds)
111{
112 SHA2_CTX ctx;
113 u_int8_t sha2pass[SHA512_DIGEST_LENGTH];
114 u_int8_t sha2salt[SHA512_DIGEST_LENGTH];
115 u_int8_t out[BCRYPT_HASHSIZE];
116 u_int8_t tmpout[BCRYPT_HASHSIZE];
117 u_int8_t countsalt[4];
118 size_t i, j, amt, stride;
119 uint32_t count;
120
121 /* nothing crazy */
122 if (rounds < 1)
123 return -1;
124 if (passlen == 0 || saltlen == 0 || keylen == 0 ||
125 keylen > sizeof(out) * sizeof(out))
126 return -1;
127 stride = (keylen + sizeof(out) - 1) / sizeof(out);
128 amt = (keylen + stride - 1) / stride;
129
130 /* collapse password */
131 SHA512Init(&ctx);
132 SHA512Update(&ctx, pass, passlen);
133 SHA512Final(sha2pass, &ctx);
134
135
136 /* generate key, sizeof(out) at a time */
137 for (count = 1; keylen > 0; count++) {
138 countsalt[0] = (count >> 24) & 0xff;
139 countsalt[1] = (count >> 16) & 0xff;
140 countsalt[2] = (count >> 8) & 0xff;
141 countsalt[3] = count & 0xff;
142
143 /* first round, salt is salt */
144 SHA512Init(&ctx);
145 SHA512Update(&ctx, salt, saltlen);
146 SHA512Update(&ctx, countsalt, sizeof(countsalt));
147 SHA512Final(sha2salt, &ctx);
148 bcrypt_hash(sha2pass, sha2salt, tmpout);
149 memcpy(out, tmpout, sizeof(out));
150
151 for (i = 1; i < rounds; i++) {
152 /* subsequent rounds, salt is previous output */
153 SHA512Init(&ctx);
154 SHA512Update(&ctx, tmpout, sizeof(tmpout));
155 SHA512Final(sha2salt, &ctx);
156 bcrypt_hash(sha2pass, sha2salt, tmpout);
157 for (j = 0; j < sizeof(out); j++)
158 out[j] ^= tmpout[j];
159 }
160
161 /*
162 * pbkdf2 deviation: ouput the key material non-linearly.
163 */
164 amt = MIN(amt, keylen);
165 for (i = 0; i < amt; i++)
166 key[i * stride + (count - 1)] = out[i];
167 keylen -= amt;
168 }
169
170 /* zap */
171 memset(&ctx, 0, sizeof(ctx));
172 memset(out, 0, sizeof(out));
173
174 return 0;
175}
176#endif /* HAVE_BCRYPT_PBKDF */
diff --git a/openbsd-compat/blf.h b/openbsd-compat/blf.h
new file mode 100644
index 000000000..f1ac5a5c2
--- /dev/null
+++ b/openbsd-compat/blf.h
@@ -0,0 +1,88 @@
1/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */
2/*
3 * Blowfish - a fast block cipher designed by Bruce Schneier
4 *
5 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. All advertising materials mentioning features or use of this software
17 * must display the following acknowledgement:
18 * This product includes software developed by Niels Provos.
19 * 4. The name of the author may not be used to endorse or promote products
20 * derived from this software without specific prior written permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34#ifndef _BLF_H_
35#define _BLF_H_
36
37#include "includes.h"
38
39#if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H)
40
41/* Schneier specifies a maximum key length of 56 bytes.
42 * This ensures that every key bit affects every cipher
43 * bit. However, the subkeys can hold up to 72 bytes.
44 * Warning: For normal blowfish encryption only 56 bytes
45 * of the key affect all cipherbits.
46 */
47
48#define BLF_N 16 /* Number of Subkeys */
49#define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */
50#define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */
51
52/* Blowfish context */
53typedef struct BlowfishContext {
54 u_int32_t S[4][256]; /* S-Boxes */
55 u_int32_t P[BLF_N + 2]; /* Subkeys */
56} blf_ctx;
57
58/* Raw access to customized Blowfish
59 * blf_key is just:
60 * Blowfish_initstate( state )
61 * Blowfish_expand0state( state, key, keylen )
62 */
63
64void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *);
65void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *);
66void Blowfish_initstate(blf_ctx *);
67void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t);
68void Blowfish_expandstate
69(blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t);
70
71/* Standard Blowfish */
72
73void blf_key(blf_ctx *, const u_int8_t *, u_int16_t);
74void blf_enc(blf_ctx *, u_int32_t *, u_int16_t);
75void blf_dec(blf_ctx *, u_int32_t *, u_int16_t);
76
77void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t);
78void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t);
79
80void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
81void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t);
82
83/* Converts u_int8_t to u_int32_t */
84u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *);
85
86#endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */
87#endif /* _BLF_H */
88
diff --git a/openbsd-compat/blowfish.c b/openbsd-compat/blowfish.c
new file mode 100644
index 000000000..6c419549e
--- /dev/null
+++ b/openbsd-compat/blowfish.c
@@ -0,0 +1,694 @@
1/* $OpenBSD: blowfish.c,v 1.18 2004/11/02 17:23:26 hshoexer Exp $ */
2/*
3 * Blowfish block cipher for OpenBSD
4 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5 * All rights reserved.
6 *
7 * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Niels Provos.
20 * 4. The name of the author may not be used to endorse or promote products
21 * derived from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35/*
36 * This code is derived from section 14.3 and the given source
37 * in section V of Applied Cryptography, second edition.
38 * Blowfish is an unpatented fast block cipher designed by
39 * Bruce Schneier.
40 */
41
42#include "includes.h"
43
44#if !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
45 !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC))
46
47#if 0
48#include <stdio.h> /* used for debugging */
49#include <string.h>
50#endif
51
52#include <sys/types.h>
53#include <blf.h>
54
55#undef inline
56#ifdef __GNUC__
57#define inline __inline
58#else /* !__GNUC__ */
59#define inline
60#endif /* !__GNUC__ */
61
62/* Function for Feistel Networks */
63
64#define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \
65 + (s)[0x100 + (((x)>>16)&0xFF)]) \
66 ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \
67 + (s)[0x300 + ( (x) &0xFF)])
68
69#define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n])
70
71void
72Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
73{
74 u_int32_t Xl;
75 u_int32_t Xr;
76 u_int32_t *s = c->S[0];
77 u_int32_t *p = c->P;
78
79 Xl = *xl;
80 Xr = *xr;
81
82 Xl ^= p[0];
83 BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2);
84 BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4);
85 BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6);
86 BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8);
87 BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10);
88 BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12);
89 BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14);
90 BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16);
91
92 *xl = Xr ^ p[17];
93 *xr = Xl;
94}
95
96void
97Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr)
98{
99 u_int32_t Xl;
100 u_int32_t Xr;
101 u_int32_t *s = c->S[0];
102 u_int32_t *p = c->P;
103
104 Xl = *xl;
105 Xr = *xr;
106
107 Xl ^= p[17];
108 BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15);
109 BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13);
110 BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11);
111 BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9);
112 BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7);
113 BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5);
114 BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3);
115 BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1);
116
117 *xl = Xr ^ p[0];
118 *xr = Xl;
119}
120
121void
122Blowfish_initstate(blf_ctx *c)
123{
124 /* P-box and S-box tables initialized with digits of Pi */
125
126 static const blf_ctx initstate =
127 { {
128 {
129 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
130 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
131 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
132 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
133 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
134 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
135 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
136 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
137 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
138 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
139 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
140 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
141 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
142 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
143 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
144 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
145 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
146 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
147 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
148 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
149 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
150 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
151 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
152 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
153 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
154 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
155 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
156 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
157 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
158 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
159 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
160 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
161 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
162 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
163 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
164 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
165 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
166 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
167 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
168 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
169 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
170 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
171 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
172 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
173 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
174 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
175 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
176 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
177 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
178 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
179 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
180 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
181 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
182 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
183 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
184 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
185 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
186 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
187 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
188 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
189 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
190 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
191 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
192 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
193 {
194 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
195 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
196 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
197 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
198 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
199 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
200 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
201 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
202 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
203 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
204 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
205 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
206 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
207 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
208 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
209 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
210 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
211 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
212 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
213 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
214 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
215 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
216 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
217 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
218 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
219 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
220 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
221 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
222 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
223 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
224 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
225 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
226 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
227 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
228 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
229 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
230 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
231 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
232 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
233 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
234 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
235 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
236 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
237 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
238 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
239 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
240 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
241 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
242 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
243 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
244 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
245 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
246 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
247 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
248 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
249 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
250 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
251 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
252 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
253 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
254 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
255 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
256 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
257 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
258 {
259 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
260 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
261 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
262 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
263 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
264 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
265 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
266 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
267 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
268 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
269 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
270 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
271 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
272 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
273 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
274 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
275 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
276 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
277 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
278 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
279 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
280 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
281 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
282 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
283 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
284 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
285 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
286 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
287 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
288 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
289 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
290 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
291 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
292 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
293 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
294 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
295 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
296 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
297 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
298 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
299 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
300 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
301 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
302 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
303 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
304 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
305 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
306 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
307 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
308 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
309 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
310 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
311 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
312 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
313 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
314 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
315 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
316 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
317 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
318 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
319 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
320 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
321 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
322 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
323 {
324 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
325 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
326 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
327 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
328 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
329 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
330 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
331 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
332 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
333 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
334 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
335 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
336 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
337 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
338 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
339 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
340 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
341 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
342 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
343 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
344 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
345 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
346 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
347 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
348 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
349 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
350 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
351 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
352 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
353 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
354 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
355 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
356 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
357 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
358 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
359 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
360 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
361 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
362 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
363 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
364 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
365 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
366 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
367 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
368 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
369 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
370 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
371 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
372 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
373 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
374 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
375 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
376 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
377 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
378 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
379 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
380 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
381 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
382 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
383 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
384 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
385 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
386 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
387 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
388 },
389 {
390 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
391 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
392 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
393 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
394 0x9216d5d9, 0x8979fb1b
395 } };
396
397 *c = initstate;
398}
399
400u_int32_t
401Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes,
402 u_int16_t *current)
403{
404 u_int8_t i;
405 u_int16_t j;
406 u_int32_t temp;
407
408 temp = 0x00000000;
409 j = *current;
410
411 for (i = 0; i < 4; i++, j++) {
412 if (j >= databytes)
413 j = 0;
414 temp = (temp << 8) | data[j];
415 }
416
417 *current = j;
418 return temp;
419}
420
421void
422Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
423{
424 u_int16_t i;
425 u_int16_t j;
426 u_int16_t k;
427 u_int32_t temp;
428 u_int32_t datal;
429 u_int32_t datar;
430
431 j = 0;
432 for (i = 0; i < BLF_N + 2; i++) {
433 /* Extract 4 int8 to 1 int32 from keystream */
434 temp = Blowfish_stream2word(key, keybytes, &j);
435 c->P[i] = c->P[i] ^ temp;
436 }
437
438 j = 0;
439 datal = 0x00000000;
440 datar = 0x00000000;
441 for (i = 0; i < BLF_N + 2; i += 2) {
442 Blowfish_encipher(c, &datal, &datar);
443
444 c->P[i] = datal;
445 c->P[i + 1] = datar;
446 }
447
448 for (i = 0; i < 4; i++) {
449 for (k = 0; k < 256; k += 2) {
450 Blowfish_encipher(c, &datal, &datar);
451
452 c->S[i][k] = datal;
453 c->S[i][k + 1] = datar;
454 }
455 }
456}
457
458
459void
460Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
461 const u_int8_t *key, u_int16_t keybytes)
462{
463 u_int16_t i;
464 u_int16_t j;
465 u_int16_t k;
466 u_int32_t temp;
467 u_int32_t datal;
468 u_int32_t datar;
469
470 j = 0;
471 for (i = 0; i < BLF_N + 2; i++) {
472 /* Extract 4 int8 to 1 int32 from keystream */
473 temp = Blowfish_stream2word(key, keybytes, &j);
474 c->P[i] = c->P[i] ^ temp;
475 }
476
477 j = 0;
478 datal = 0x00000000;
479 datar = 0x00000000;
480 for (i = 0; i < BLF_N + 2; i += 2) {
481 datal ^= Blowfish_stream2word(data, databytes, &j);
482 datar ^= Blowfish_stream2word(data, databytes, &j);
483 Blowfish_encipher(c, &datal, &datar);
484
485 c->P[i] = datal;
486 c->P[i + 1] = datar;
487 }
488
489 for (i = 0; i < 4; i++) {
490 for (k = 0; k < 256; k += 2) {
491 datal ^= Blowfish_stream2word(data, databytes, &j);
492 datar ^= Blowfish_stream2word(data, databytes, &j);
493 Blowfish_encipher(c, &datal, &datar);
494
495 c->S[i][k] = datal;
496 c->S[i][k + 1] = datar;
497 }
498 }
499
500}
501
502void
503blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
504{
505 /* Initialize S-boxes and subkeys with Pi */
506 Blowfish_initstate(c);
507
508 /* Transform S-boxes and subkeys with key */
509 Blowfish_expand0state(c, k, len);
510}
511
512void
513blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
514{
515 u_int32_t *d;
516 u_int16_t i;
517
518 d = data;
519 for (i = 0; i < blocks; i++) {
520 Blowfish_encipher(c, d, d + 1);
521 d += 2;
522 }
523}
524
525void
526blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
527{
528 u_int32_t *d;
529 u_int16_t i;
530
531 d = data;
532 for (i = 0; i < blocks; i++) {
533 Blowfish_decipher(c, d, d + 1);
534 d += 2;
535 }
536}
537
538void
539blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
540{
541 u_int32_t l, r;
542 u_int32_t i;
543
544 for (i = 0; i < len; i += 8) {
545 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
546 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
547 Blowfish_encipher(c, &l, &r);
548 data[0] = l >> 24 & 0xff;
549 data[1] = l >> 16 & 0xff;
550 data[2] = l >> 8 & 0xff;
551 data[3] = l & 0xff;
552 data[4] = r >> 24 & 0xff;
553 data[5] = r >> 16 & 0xff;
554 data[6] = r >> 8 & 0xff;
555 data[7] = r & 0xff;
556 data += 8;
557 }
558}
559
560void
561blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
562{
563 u_int32_t l, r;
564 u_int32_t i;
565
566 for (i = 0; i < len; i += 8) {
567 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
568 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
569 Blowfish_decipher(c, &l, &r);
570 data[0] = l >> 24 & 0xff;
571 data[1] = l >> 16 & 0xff;
572 data[2] = l >> 8 & 0xff;
573 data[3] = l & 0xff;
574 data[4] = r >> 24 & 0xff;
575 data[5] = r >> 16 & 0xff;
576 data[6] = r >> 8 & 0xff;
577 data[7] = r & 0xff;
578 data += 8;
579 }
580}
581
582void
583blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
584{
585 u_int32_t l, r;
586 u_int32_t i, j;
587
588 for (i = 0; i < len; i += 8) {
589 for (j = 0; j < 8; j++)
590 data[j] ^= iv[j];
591 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
592 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
593 Blowfish_encipher(c, &l, &r);
594 data[0] = l >> 24 & 0xff;
595 data[1] = l >> 16 & 0xff;
596 data[2] = l >> 8 & 0xff;
597 data[3] = l & 0xff;
598 data[4] = r >> 24 & 0xff;
599 data[5] = r >> 16 & 0xff;
600 data[6] = r >> 8 & 0xff;
601 data[7] = r & 0xff;
602 iv = data;
603 data += 8;
604 }
605}
606
607void
608blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
609{
610 u_int32_t l, r;
611 u_int8_t *iv;
612 u_int32_t i, j;
613
614 iv = data + len - 16;
615 data = data + len - 8;
616 for (i = len - 8; i >= 8; i -= 8) {
617 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
618 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
619 Blowfish_decipher(c, &l, &r);
620 data[0] = l >> 24 & 0xff;
621 data[1] = l >> 16 & 0xff;
622 data[2] = l >> 8 & 0xff;
623 data[3] = l & 0xff;
624 data[4] = r >> 24 & 0xff;
625 data[5] = r >> 16 & 0xff;
626 data[6] = r >> 8 & 0xff;
627 data[7] = r & 0xff;
628 for (j = 0; j < 8; j++)
629 data[j] ^= iv[j];
630 iv -= 8;
631 data -= 8;
632 }
633 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
634 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
635 Blowfish_decipher(c, &l, &r);
636 data[0] = l >> 24 & 0xff;
637 data[1] = l >> 16 & 0xff;
638 data[2] = l >> 8 & 0xff;
639 data[3] = l & 0xff;
640 data[4] = r >> 24 & 0xff;
641 data[5] = r >> 16 & 0xff;
642 data[6] = r >> 8 & 0xff;
643 data[7] = r & 0xff;
644 for (j = 0; j < 8; j++)
645 data[j] ^= iva[j];
646}
647
648#if 0
649void
650report(u_int32_t data[], u_int16_t len)
651{
652 u_int16_t i;
653 for (i = 0; i < len; i += 2)
654 printf("Block %0hd: %08lx %08lx.\n",
655 i / 2, data[i], data[i + 1]);
656}
657void
658main(void)
659{
660
661 blf_ctx c;
662 char key[] = "AAAAA";
663 char key2[] = "abcdefghijklmnopqrstuvwxyz";
664
665 u_int32_t data[10];
666 u_int32_t data2[] =
667 {0x424c4f57l, 0x46495348l};
668
669 u_int16_t i;
670
671 /* First test */
672 for (i = 0; i < 10; i++)
673 data[i] = i;
674
675 blf_key(&c, (u_int8_t *) key, 5);
676 blf_enc(&c, data, 5);
677 blf_dec(&c, data, 1);
678 blf_dec(&c, data + 2, 4);
679 printf("Should read as 0 - 9.\n");
680 report(data, 10);
681
682 /* Second test */
683 blf_key(&c, (u_int8_t *) key2, strlen(key2));
684 blf_enc(&c, data2, 1);
685 printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
686 report(data2, 2);
687 blf_dec(&c, data2, 1);
688 report(data2, 2);
689}
690#endif
691
692#endif /* !defined(HAVE_BCRYPT_PBKDF) && (!defined(HAVE_BLOWFISH_INITSTATE) || \
693 !defined(HAVE_BLOWFISH_EXPAND0STATE) || !defined(HAVE_BLF_ENC)) */
694
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index cb007f018..f34619e4a 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
1/* $Id: openbsd-compat.h,v 1.59 2013/11/08 07:54:39 dtucker Exp $ */ 1/* $Id: openbsd-compat.h,v 1.60 2013/12/07 00:51:54 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved. 4 * Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -44,6 +44,7 @@
44#include "vis.h" 44#include "vis.h"
45#include "getrrsetbyname.h" 45#include "getrrsetbyname.h"
46#include "sha2.h" 46#include "sha2.h"
47#include "blf.h"
47 48
48#ifndef HAVE_BASENAME 49#ifndef HAVE_BASENAME
49char *basename(const char *path); 50char *basename(const char *path);
@@ -240,6 +241,11 @@ char *group_from_gid(gid_t, int);
240int timingsafe_bcmp(const void *, const void *, size_t); 241int timingsafe_bcmp(const void *, const void *, size_t);
241#endif 242#endif
242 243
244#ifndef HAVE_BCRYPT_PBKDF
245int bcrypt_pbkdf(const char *, size_t, const u_int8_t *, size_t,
246 u_int8_t *, size_t, unsigned int);
247#endif
248
243void *xmmap(size_t size); 249void *xmmap(size_t size);
244char *xcrypt(const char *password, const char *salt); 250char *xcrypt(const char *password, const char *salt);
245char *shadow_pw(struct passwd *pw); 251char *shadow_pw(struct passwd *pw);