• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.] */
56 
57 #include <openssl/blowfish.h>
58 #include <openssl/cipher.h>
59 #include <openssl/obj.h>
60 
61 #include <assert.h>
62 #include <string.h>
63 
64 #include "../../crypto/internal.h"
65 #include "../macros.h"
66 
67 
68 #define BF_ENC(LL, R, S, P)                                               \
69   (LL ^= P,                                                               \
70    LL ^=                                                                  \
71    (((S[((int)(R >> 24) & 0xff)] + S[0x0100 + ((int)(R >> 16) & 0xff)]) ^ \
72      S[0x0200 + ((int)(R >> 8) & 0xff)]) +                                \
73     S[0x0300 + ((int)(R)&0xff)]) &                                        \
74    0xffffffffL)
75 
BF_encrypt(uint32_t * data,const BF_KEY * key)76 void BF_encrypt(uint32_t *data, const BF_KEY *key) {
77   uint32_t l, r;
78   const uint32_t *p, *s;
79 
80   p = key->P;
81   s = &(key->S[0]);
82   l = data[0];
83   r = data[1];
84 
85   l ^= p[0];
86   BF_ENC(r, l, s, p[1]);
87   BF_ENC(l, r, s, p[2]);
88   BF_ENC(r, l, s, p[3]);
89   BF_ENC(l, r, s, p[4]);
90   BF_ENC(r, l, s, p[5]);
91   BF_ENC(l, r, s, p[6]);
92   BF_ENC(r, l, s, p[7]);
93   BF_ENC(l, r, s, p[8]);
94   BF_ENC(r, l, s, p[9]);
95   BF_ENC(l, r, s, p[10]);
96   BF_ENC(r, l, s, p[11]);
97   BF_ENC(l, r, s, p[12]);
98   BF_ENC(r, l, s, p[13]);
99   BF_ENC(l, r, s, p[14]);
100   BF_ENC(r, l, s, p[15]);
101   BF_ENC(l, r, s, p[16]);
102   r ^= p[BF_ROUNDS + 1];
103 
104   data[1] = l & 0xffffffffL;
105   data[0] = r & 0xffffffffL;
106 }
107 
BF_decrypt(uint32_t * data,const BF_KEY * key)108 void BF_decrypt(uint32_t *data, const BF_KEY *key) {
109   uint32_t l, r;
110   const uint32_t *p, *s;
111 
112   p = key->P;
113   s = &(key->S[0]);
114   l = data[0];
115   r = data[1];
116 
117   l ^= p[BF_ROUNDS + 1];
118   BF_ENC(r, l, s, p[16]);
119   BF_ENC(l, r, s, p[15]);
120   BF_ENC(r, l, s, p[14]);
121   BF_ENC(l, r, s, p[13]);
122   BF_ENC(r, l, s, p[12]);
123   BF_ENC(l, r, s, p[11]);
124   BF_ENC(r, l, s, p[10]);
125   BF_ENC(l, r, s, p[9]);
126   BF_ENC(r, l, s, p[8]);
127   BF_ENC(l, r, s, p[7]);
128   BF_ENC(r, l, s, p[6]);
129   BF_ENC(l, r, s, p[5]);
130   BF_ENC(r, l, s, p[4]);
131   BF_ENC(l, r, s, p[3]);
132   BF_ENC(r, l, s, p[2]);
133   BF_ENC(l, r, s, p[1]);
134   r ^= p[0];
135 
136   data[1] = l & 0xffffffffL;
137   data[0] = r & 0xffffffffL;
138 }
139 
BF_ecb_encrypt(const uint8_t * in,uint8_t * out,const BF_KEY * key,int encrypt)140 void BF_ecb_encrypt(const uint8_t *in, uint8_t *out,
141                     const BF_KEY *key, int encrypt) {
142   uint32_t d[2];
143 
144   n2l(in, d[0]);
145   n2l(in, d[1]);
146   if (encrypt) {
147     BF_encrypt(d, key);
148   } else {
149     BF_decrypt(d, key);
150   }
151   l2n(d[0], out);
152   l2n(d[1], out);
153 }
154 
BF_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t length,const BF_KEY * schedule,uint8_t * ivec,int encrypt)155 void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
156                     const BF_KEY *schedule, uint8_t *ivec, int encrypt) {
157   uint32_t tin0, tin1;
158   uint32_t tout0, tout1, xor0, xor1;
159   size_t l = length;
160   uint32_t tin[2];
161 
162   if (encrypt) {
163     n2l(ivec, tout0);
164     n2l(ivec, tout1);
165     ivec -= 8;
166     while (l >= 8) {
167       n2l(in, tin0);
168       n2l(in, tin1);
169       tin0 ^= tout0;
170       tin1 ^= tout1;
171       tin[0] = tin0;
172       tin[1] = tin1;
173       BF_encrypt(tin, schedule);
174       tout0 = tin[0];
175       tout1 = tin[1];
176       l2n(tout0, out);
177       l2n(tout1, out);
178       l -= 8;
179     }
180     if (l != 0) {
181       n2ln(in, tin0, tin1, l);
182       tin0 ^= tout0;
183       tin1 ^= tout1;
184       tin[0] = tin0;
185       tin[1] = tin1;
186       BF_encrypt(tin, schedule);
187       tout0 = tin[0];
188       tout1 = tin[1];
189       l2n(tout0, out);
190       l2n(tout1, out);
191     }
192     l2n(tout0, ivec);
193     l2n(tout1, ivec);
194   } else {
195     n2l(ivec, xor0);
196     n2l(ivec, xor1);
197     ivec -= 8;
198     while (l >= 8) {
199       n2l(in, tin0);
200       n2l(in, tin1);
201       tin[0] = tin0;
202       tin[1] = tin1;
203       BF_decrypt(tin, schedule);
204       tout0 = tin[0] ^ xor0;
205       tout1 = tin[1] ^ xor1;
206       l2n(tout0, out);
207       l2n(tout1, out);
208       xor0 = tin0;
209       xor1 = tin1;
210       l -= 8;
211     }
212     if (l != 0) {
213       n2l(in, tin0);
214       n2l(in, tin1);
215       tin[0] = tin0;
216       tin[1] = tin1;
217       BF_decrypt(tin, schedule);
218       tout0 = tin[0] ^ xor0;
219       tout1 = tin[1] ^ xor1;
220       l2nn(tout0, tout1, out, l);
221       xor0 = tin0;
222       xor1 = tin1;
223     }
224     l2n(xor0, ivec);
225     l2n(xor1, ivec);
226   }
227   tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
228   tin[0] = tin[1] = 0;
229 }
230 
231 static const BF_KEY bf_init = {
232     {0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, 0xa4093822L,
233      0x299f31d0L, 0x082efa98L, 0xec4e6c89L, 0x452821e6L, 0x38d01377L,
234      0xbe5466cfL, 0x34e90c6cL, 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L,
235      0xb5470917L, 0x9216d5d9L, 0x8979fb1b},
236     {
237      0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 0xb8e1afedL,
238      0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 0x24a19947L, 0xb3916cf7L,
239      0x0801f2e2L, 0x858efc16L, 0x636920d8L, 0x71574e69L, 0xa458fea3L,
240      0xf4933d7eL, 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
241      0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 0xc5d1b023L,
242      0x286085f0L, 0xca417918L, 0xb8db38efL, 0x8e79dcb0L, 0x603a180eL,
243      0x6c9e0e8bL, 0xb01e8a3eL, 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL,
244      0x55605c60L, 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
245      0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 0xa15486afL,
246      0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 0x2ba9c55dL, 0x741831f6L,
247      0xce5c3e16L, 0x9b87931eL, 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L,
248      0x28958677L, 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
249      0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 0xef845d5dL,
250      0xe98575b1L, 0xdc262302L, 0xeb651b88L, 0x23893e81L, 0xd396acc5L,
251      0x0f6d6ff3L, 0x83f44239L, 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL,
252      0x9e1f9b5eL, 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
253      0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 0x6eef0b6cL,
254      0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 0xa1f1651dL, 0x39af0176L,
255      0x66ca593eL, 0x82430e88L, 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L,
256      0x3b8b5ebeL, 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
257      0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 0x37d0d724L,
258      0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 0x075372c9L, 0x80991b7bL,
259      0x25d479d8L, 0xf6e8def7L, 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL,
260      0x04c006baL, 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
261      0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 0x6dfc511fL,
262      0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 0xbee3d004L, 0xde334afdL,
263      0x660f2807L, 0x192e4bb3L, 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L,
264      0xb9d3fbdbL, 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
265      0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 0x3c7516dfL,
266      0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 0x323db5faL, 0xfd238760L,
267      0x53317b48L, 0x3e00df82L, 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL,
268      0xdf1769dbL, 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
269      0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 0x10fa3d98L,
270      0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 0x9a53e479L, 0xb6f84565L,
271      0xd28e49bcL, 0x4bfb9790L, 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L,
272      0xcee4c6e8L, 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
273      0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 0xd08ed1d0L,
274      0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 0x8ff6e2fbL, 0xf2122b64L,
275      0x8888b812L, 0x900df01cL, 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L,
276      0xb3a8c1adL, 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
277      0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 0xb4a84fe0L,
278      0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 0x165fa266L, 0x80957705L,
279      0x93cc7314L, 0x211a1477L, 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L,
280      0xfb9d35cfL, 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
281      0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 0x2464369bL,
282      0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 0x78c14389L, 0xd95a537fL,
283      0x207d5ba2L, 0x02e5b9c5L, 0x83260376L, 0x6295cfa9L, 0x11c81968L,
284      0x4e734a41L, 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
285      0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 0x08ba6fb5L,
286      0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 0xb6636521L, 0xe7b9f9b6L,
287      0xff34052eL, 0xc5855664L, 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L,
288      0x6e85076aL, 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
289      0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 0xecaa8c71L,
290      0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 0x193602a5L, 0x75094c29L,
291      0xa0591340L, 0xe4183a3eL, 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L,
292      0x99f73fd6L, 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
293      0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 0x09686b3fL,
294      0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 0x687f3584L, 0x52a0e286L,
295      0xb79c5305L, 0xaa500737L, 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL,
296      0x5716f2b8L, 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
297      0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 0xd19113f9L,
298      0x7ca92ff6L, 0x94324773L, 0x22f54701L, 0x3ae5e581L, 0x37c2dadcL,
299      0xc8b57634L, 0x9af3dda7L, 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL,
300      0xa4751e41L, 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
301      0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 0x2cb81290L,
302      0x24977c79L, 0x5679b072L, 0xbcaf89afL, 0xde9a771fL, 0xd9930810L,
303      0xb38bae12L, 0xdccf3f2eL, 0x5512721fL, 0x2e6b7124L, 0x501adde6L,
304      0x9f84cd87L, 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
305      0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 0xef1c1847L,
306      0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 0x12a14d43L, 0x2a65c451L,
307      0x50940002L, 0x133ae4ddL, 0x71dff89eL, 0x10314e55L, 0x81ac77d6L,
308      0x5f11199bL, 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
309      0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 0x86e34570L,
310      0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 0x771fe71cL, 0x4e3d06faL,
311      0x2965dcb9L, 0x99e71d0fL, 0x803e89d6L, 0x5266c825L, 0x2e4cc978L,
312      0x9c10b36aL, 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
313      0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 0x5223a708L,
314      0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 0xe3bc4595L, 0xa67bc883L,
315      0xb17f37d1L, 0x018cff28L, 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L,
316      0x68ab9802L, 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
317      0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 0x13cca830L,
318      0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 0xb5735c90L, 0x4c70a239L,
319      0xd59e9e0bL, 0xcbaade14L, 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL,
320      0xb2f3846eL, 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
321      0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 0x9b540b19L,
322      0x875fa099L, 0x95f7997eL, 0x623d7da8L, 0xf837889aL, 0x97e32d77L,
323      0x11ed935fL, 0x16681281L, 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L,
324      0x7858ba99L, 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
325      0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 0x58ebf2efL,
326      0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 0x5d4a14d9L, 0xe864b7e3L,
327      0x42105d14L, 0x203e13e0L, 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L,
328      0xfacb4fd0L, 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
329      0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 0xcf62a1f2L,
330      0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 0x7f1524c3L, 0x69cb7492L,
331      0x47848a0bL, 0x5692b285L, 0x095bbf00L, 0xad19489dL, 0x1462b174L,
332      0x23820e00L, 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
333      0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 0x7cde3759L,
334      0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 0xa6078084L, 0x19f8509eL,
335      0xe8efd855L, 0x61d99735L, 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL,
336      0x800bcadcL, 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
337      0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 0xc5c43465L,
338      0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 0x153e21e7L, 0x8fb03d4aL,
339      0xe6e39f2bL, 0xdb83adf7L, 0xe93d5a68L, 0x948140f7L, 0xf64c261cL,
340      0x94692934L, 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
341      0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 0x1e39f62eL,
342      0x97244546L, 0x14214f74L, 0xbf8b8840L, 0x4d95fc1dL, 0x96b591afL,
343      0x70f4ddd3L, 0x66a02f45L, 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L,
344      0x31cb8504L, 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
345      0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 0x68dc1462L,
346      0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 0x4f3ffea2L, 0xe887ad8cL,
347      0xb58ce006L, 0x7af4d6b6L, 0xaace1e7cL, 0xd3375fecL, 0xce78a399L,
348      0x406b2a42L, 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
349      0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 0x3a6efa74L,
350      0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 0xfb0af54eL, 0xd8feb397L,
351      0x454056acL, 0xba489527L, 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L,
352      0xd096954bL, 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
353      0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 0xfdf8e802L,
354      0x04272f70L, 0x80bb155cL, 0x05282ce3L, 0x95c11548L, 0xe4c66d22L,
355      0x48c1133fL, 0xc70f86dcL, 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L,
356      0x5d886e17L, 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
357      0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 0x0e12b4c2L,
358      0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 0x6b2395e0L, 0x333e92e1L,
359      0x3b240b62L, 0xeebeb922L, 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL,
360      0x2da2f728L, 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
361      0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 0x0a476341L,
362      0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 0xa812dc60L, 0xa1ebddf8L,
363      0x991be14cL, 0xdb6e6b0dL, 0xc67b5510L, 0x6d672c37L, 0x2765d43bL,
364      0xdcd0e804L, 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
365      0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 0xbb132f88L,
366      0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 0x37392eb3L, 0xcc115979L,
367      0x8026e297L, 0xf42e312dL, 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL,
368      0x782ef11cL, 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
369      0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 0x44421659L,
370      0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 0x64af674eL, 0xda86a85fL,
371      0xbebfe988L, 0x64e4c3feL, 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L,
372      0x6003604dL, 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
373      0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 0x77a057beL,
374      0xbde8ae24L, 0x55464299L, 0xbf582e61L, 0x4e58f48fL, 0xf2ddfda2L,
375      0xf474ef38L, 0x8789bdc2L, 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L,
376      0x46fcd9b9L, 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
377      0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 0xb90bace1L,
378      0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 0xb77f19b6L, 0xe0a9dc09L,
379      0x662d09a1L, 0xc4324633L, 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L,
380      0x1d6efe10L, 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
381      0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 0x50115e01L,
382      0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 0x9af88c27L, 0x773f8641L,
383      0xc3604c06L, 0x61a806b5L, 0xf0177a28L, 0xc0f586e0L, 0x006058aaL,
384      0x30dc7d62L, 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
385      0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 0x6f05e409L,
386      0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 0x86e3725fL, 0x724d9db9L,
387      0x1ac15bb4L, 0xd39eb8fcL, 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L,
388      0x4dad0fc4L, 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
389      0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 0xd79a3234L,
390      0x92638212L, 0x670efa8eL, 0x406000e0L, 0x3a39ce37L, 0xd3faf5cfL,
391      0xabc27737L, 0x5ac52d1bL, 0x5cb0679eL, 0x4fa33742L, 0xd3822740L,
392      0x99bc9bbeL, 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
393      0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 0x5748ab2fL,
394      0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 0x530ff8eeL, 0x468dde7dL,
395      0xd5730a1dL, 0x4cd04dc6L, 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L,
396      0xbe5ee304L, 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
397      0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 0x83c061baL,
398      0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 0x2826a2f9L, 0xa73a3ae1L,
399      0x4ba99586L, 0xef5562e9L, 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L,
400      0x77fa0a59L, 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
401      0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 0x96d5ac3aL,
402      0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 0x1f9f25cfL, 0xadf2b89bL,
403      0x5ad6b472L, 0x5a88f54cL, 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL,
404      0xed93fa9bL, 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
405      0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 0x15056dd4L,
406      0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 0xc3eb9e15L, 0x3c9057a2L,
407      0x97271aecL, 0xa93a072aL, 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL,
408      0x26dcf319L, 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
409      0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 0x4de81751L,
410      0x3830dc8eL, 0x379d5862L, 0x9320f991L, 0xea7a90c2L, 0xfb3e7bceL,
411      0x5121ce64L, 0x774fbe32L, 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L,
412      0x6413e680L, 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
413      0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 0x5bbef7ddL,
414      0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 0xdda26a7eL, 0x3a59ff45L,
415      0x3e350a44L, 0xbcb4cdd5L, 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL,
416      0xbf3c6f47L, 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
417      0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 0x4040cb08L,
418      0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 0xe1b00428L, 0x95983a1dL,
419      0x06b89fb4L, 0xce6ea048L, 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL,
420      0x277227f8L, 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
421      0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 0xe01cc87eL,
422      0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 0x1a908749L, 0xd44fbd9aL,
423      0xd0dadecbL, 0xd50ada38L, 0x0339c32aL, 0xc6913667L, 0x8df9317cL,
424      0xe0b12b4fL, 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
425      0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 0xfae59361L,
426      0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 0xb6c1075eL, 0xe3056a0cL,
427      0x10d25065L, 0xcb03a442L, 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL,
428      0x3278e964L, 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
429      0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 0xdf359f8dL,
430      0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 0xe54cda54L, 0x1edad891L,
431      0xce6279cfL, 0xcd3e7e6fL, 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L,
432      0xf6fb2299L, 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
433      0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 0xde966292L,
434      0x81b949d0L, 0x4c50901bL, 0x71c65614L, 0xe6c6c7bdL, 0x327a140aL,
435      0x45e1d006L, 0xc3f27b9aL, 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L,
436      0x35bdd2f6L, 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
437      0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 0xba38209cL,
438      0xf746ce76L, 0x77afa1c5L, 0x20756060L, 0x85cbfe4eL, 0x8ae88dd8L,
439      0x7aaaf9b0L, 0x4cf9aa7eL, 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L,
440      0xd6ebe1f9L, 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
441      0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
442     },
443 };
444 
BF_set_key(BF_KEY * key,size_t len,const uint8_t * data)445 void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data) {
446   int i;
447   uint32_t *p, ri, in[2];
448   const uint8_t *d, *end;
449 
450   OPENSSL_memcpy(key, &bf_init, sizeof(BF_KEY));
451   p = key->P;
452 
453   if (len > ((BF_ROUNDS + 2) * 4))
454     len = (BF_ROUNDS + 2) * 4;
455 
456   d = data;
457   end = &data[len];
458   for (i = 0; i < BF_ROUNDS + 2; i++) {
459     ri = *(d++);
460     if (d >= end) {
461       d = data;
462     }
463 
464     ri <<= 8;
465     ri |= *(d++);
466     if (d >= end) {
467       d = data;
468     }
469 
470     ri <<= 8;
471     ri |= *(d++);
472     if (d >= end) {
473       d = data;
474     }
475 
476     ri <<= 8;
477     ri |= *(d++);
478     if (d >= end) {
479       d = data;
480     }
481 
482     p[i] ^= ri;
483   }
484 
485   in[0] = 0L;
486   in[1] = 0L;
487   for (i = 0; i < BF_ROUNDS + 2; i += 2) {
488     BF_encrypt(in, key);
489     p[i] = in[0];
490     p[i + 1] = in[1];
491   }
492 
493   p = key->S;
494   for (i = 0; i < 4 * 256; i += 2) {
495     BF_encrypt(in, key);
496     p[i] = in[0];
497     p[i + 1] = in[1];
498   }
499 }
500 
BF_cfb64_encrypt(const uint8_t * in,uint8_t * out,size_t length,const BF_KEY * schedule,uint8_t * ivec,int * num,int encrypt)501 static void BF_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length,
502                              const BF_KEY *schedule, uint8_t *ivec, int *num,
503                              int encrypt) {
504   uint32_t v0, v1, t;
505   int n = *num;
506   size_t l = length;
507   uint32_t ti[2];
508   uint8_t c, cc;
509 
510   uint8_t *iv = ivec;
511   if (encrypt) {
512     while (l--) {
513       if (n == 0) {
514         n2l(iv, v0);
515         ti[0] = v0;
516         n2l(iv, v1);
517         ti[1] = v1;
518         BF_encrypt(ti, schedule);
519         iv = ivec;
520         t = ti[0];
521         l2n(t, iv);
522         t = ti[1];
523         l2n(t, iv);
524         iv = ivec;
525       }
526       c = *(in++) ^ iv[n];
527       *(out++) = c;
528       iv[n] = c;
529       n = (n + 1) & 0x07;
530     }
531   } else {
532     while (l--) {
533       if (n == 0) {
534         n2l(iv, v0);
535         ti[0] = v0;
536         n2l(iv, v1);
537         ti[1] = v1;
538         BF_encrypt(ti, schedule);
539         iv = ivec;
540         t = ti[0];
541         l2n(t, iv);
542         t = ti[1];
543         l2n(t, iv);
544         iv = ivec;
545       }
546       cc = *(in++);
547       c = iv[n];
548       iv[n] = cc;
549       *(out++) = c ^ cc;
550       n = (n + 1) & 0x07;
551     }
552   }
553 
554   *num = n;
555 }
556 
bf_init_key(EVP_CIPHER_CTX * ctx,const uint8_t * key,const uint8_t * iv,int enc)557 static int bf_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
558                             const uint8_t *iv, int enc) {
559   BF_KEY *bf_key = ctx->cipher_data;
560   BF_set_key(bf_key, ctx->key_len, key);
561   return 1;
562 }
563 
bf_ecb_cipher(EVP_CIPHER_CTX * ctx,uint8_t * out,const uint8_t * in,size_t len)564 static int bf_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
565                          size_t len) {
566   BF_KEY *bf_key = ctx->cipher_data;
567 
568   while (len >= BF_BLOCK) {
569     BF_ecb_encrypt(in, out, bf_key, ctx->encrypt);
570     in += BF_BLOCK;
571     out += BF_BLOCK;
572     len -= BF_BLOCK;
573   }
574   assert(len == 0);
575 
576   return 1;
577 }
578 
bf_cbc_cipher(EVP_CIPHER_CTX * ctx,uint8_t * out,const uint8_t * in,size_t len)579 static int bf_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
580                          size_t len) {
581   BF_KEY *bf_key = ctx->cipher_data;
582   BF_cbc_encrypt(in, out, len, bf_key, ctx->iv, ctx->encrypt);
583   return 1;
584 }
585 
bf_cfb_cipher(EVP_CIPHER_CTX * ctx,uint8_t * out,const uint8_t * in,size_t len)586 static int bf_cfb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
587                          size_t len) {
588   BF_KEY *bf_key = ctx->cipher_data;
589   int num = ctx->num;
590   BF_cfb64_encrypt(in, out, len, bf_key, ctx->iv, &num, ctx->encrypt);
591   ctx->num = num;
592   return 1;
593 }
594 
595 static const EVP_CIPHER bf_ecb = {
596     NID_bf_ecb,          BF_BLOCK /* block_size */,
597     16 /* key_size */,   BF_BLOCK /* iv_len */,
598     sizeof(BF_KEY),      EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
599     NULL /* app_data */, bf_init_key,
600     bf_ecb_cipher,       NULL /* cleanup */,
601     NULL /* ctrl */,
602 };
603 
604 static const EVP_CIPHER bf_cbc = {
605     NID_bf_cbc,          BF_BLOCK /* block_size */,
606     16 /* key_size */,   BF_BLOCK /* iv_len */,
607     sizeof(BF_KEY),      EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
608     NULL /* app_data */, bf_init_key,
609     bf_cbc_cipher,       NULL /* cleanup */,
610     NULL /* ctrl */,
611 };
612 
613 static const EVP_CIPHER bf_cfb = {
614     NID_bf_cfb64,        1 /* block_size */,
615     16 /* key_size */,   BF_BLOCK /* iv_len */,
616     sizeof(BF_KEY),      EVP_CIPH_CFB_MODE | EVP_CIPH_VARIABLE_LENGTH,
617     NULL /* app_data */, bf_init_key,
618     bf_cfb_cipher,       NULL /* cleanup */,
619     NULL /* ctrl */,
620 };
621 
EVP_bf_ecb(void)622 const EVP_CIPHER *EVP_bf_ecb(void) { return &bf_ecb; }
623 
EVP_bf_cbc(void)624 const EVP_CIPHER *EVP_bf_cbc(void) { return &bf_cbc; }
625 
EVP_bf_cfb(void)626 const EVP_CIPHER *EVP_bf_cfb(void) { return &bf_cfb; }
627