1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/blowfish.h>
58 #include <openssl/cipher.h>
59 #include <openssl/obj.h>
60
61 #include <assert.h>
62 #include <string.h>
63
64 #include "../../crypto/fipsmodule/cipher/internal.h"
65 #include "../../crypto/internal.h"
66 #include "../macros.h"
67
68
69 #define BF_ENC(LL, R, S, P) \
70 (LL ^= P, \
71 LL ^= \
72 (((S[((int)(R >> 24) & 0xff)] + S[0x0100 + ((int)(R >> 16) & 0xff)]) ^ \
73 S[0x0200 + ((int)(R >> 8) & 0xff)]) + \
74 S[0x0300 + ((int)(R) & 0xff)]) & \
75 0xffffffffL)
76
BF_encrypt(uint32_t * data,const BF_KEY * key)77 void BF_encrypt(uint32_t *data, const BF_KEY *key) {
78 uint32_t l, r;
79 const uint32_t *p, *s;
80
81 p = key->P;
82 s = &(key->S[0]);
83 l = data[0];
84 r = data[1];
85
86 l ^= p[0];
87 BF_ENC(r, l, s, p[1]);
88 BF_ENC(l, r, s, p[2]);
89 BF_ENC(r, l, s, p[3]);
90 BF_ENC(l, r, s, p[4]);
91 BF_ENC(r, l, s, p[5]);
92 BF_ENC(l, r, s, p[6]);
93 BF_ENC(r, l, s, p[7]);
94 BF_ENC(l, r, s, p[8]);
95 BF_ENC(r, l, s, p[9]);
96 BF_ENC(l, r, s, p[10]);
97 BF_ENC(r, l, s, p[11]);
98 BF_ENC(l, r, s, p[12]);
99 BF_ENC(r, l, s, p[13]);
100 BF_ENC(l, r, s, p[14]);
101 BF_ENC(r, l, s, p[15]);
102 BF_ENC(l, r, s, p[16]);
103 r ^= p[BF_ROUNDS + 1];
104
105 data[1] = l & 0xffffffffL;
106 data[0] = r & 0xffffffffL;
107 }
108
BF_decrypt(uint32_t * data,const BF_KEY * key)109 void BF_decrypt(uint32_t *data, const BF_KEY *key) {
110 uint32_t l, r;
111 const uint32_t *p, *s;
112
113 p = key->P;
114 s = &(key->S[0]);
115 l = data[0];
116 r = data[1];
117
118 l ^= p[BF_ROUNDS + 1];
119 BF_ENC(r, l, s, p[16]);
120 BF_ENC(l, r, s, p[15]);
121 BF_ENC(r, l, s, p[14]);
122 BF_ENC(l, r, s, p[13]);
123 BF_ENC(r, l, s, p[12]);
124 BF_ENC(l, r, s, p[11]);
125 BF_ENC(r, l, s, p[10]);
126 BF_ENC(l, r, s, p[9]);
127 BF_ENC(r, l, s, p[8]);
128 BF_ENC(l, r, s, p[7]);
129 BF_ENC(r, l, s, p[6]);
130 BF_ENC(l, r, s, p[5]);
131 BF_ENC(r, l, s, p[4]);
132 BF_ENC(l, r, s, p[3]);
133 BF_ENC(r, l, s, p[2]);
134 BF_ENC(l, r, s, p[1]);
135 r ^= p[0];
136
137 data[1] = l & 0xffffffffL;
138 data[0] = r & 0xffffffffL;
139 }
140
BF_ecb_encrypt(const uint8_t * in,uint8_t * out,const BF_KEY * key,int encrypt)141 void BF_ecb_encrypt(const uint8_t *in, uint8_t *out, const BF_KEY *key,
142 int encrypt) {
143 uint32_t d[2];
144
145 n2l(in, d[0]);
146 n2l(in, d[1]);
147 if (encrypt) {
148 BF_encrypt(d, key);
149 } else {
150 BF_decrypt(d, key);
151 }
152 l2n(d[0], out);
153 l2n(d[1], out);
154 }
155
BF_cbc_encrypt(const uint8_t * in,uint8_t * out,size_t length,const BF_KEY * schedule,uint8_t * ivec,int encrypt)156 void BF_cbc_encrypt(const uint8_t *in, uint8_t *out, size_t length,
157 const BF_KEY *schedule, uint8_t *ivec, int encrypt) {
158 uint32_t tin0, tin1;
159 uint32_t tout0, tout1, xor0, xor1;
160 size_t l = length;
161 uint32_t tin[2];
162
163 if (encrypt) {
164 n2l(ivec, tout0);
165 n2l(ivec, tout1);
166 ivec -= 8;
167 while (l >= 8) {
168 n2l(in, tin0);
169 n2l(in, tin1);
170 tin0 ^= tout0;
171 tin1 ^= tout1;
172 tin[0] = tin0;
173 tin[1] = tin1;
174 BF_encrypt(tin, schedule);
175 tout0 = tin[0];
176 tout1 = tin[1];
177 l2n(tout0, out);
178 l2n(tout1, out);
179 l -= 8;
180 }
181 if (l != 0) {
182 n2ln(in, tin0, tin1, l);
183 tin0 ^= tout0;
184 tin1 ^= tout1;
185 tin[0] = tin0;
186 tin[1] = tin1;
187 BF_encrypt(tin, schedule);
188 tout0 = tin[0];
189 tout1 = tin[1];
190 l2n(tout0, out);
191 l2n(tout1, out);
192 }
193 l2n(tout0, ivec);
194 l2n(tout1, ivec);
195 } else {
196 n2l(ivec, xor0);
197 n2l(ivec, xor1);
198 ivec -= 8;
199 while (l >= 8) {
200 n2l(in, tin0);
201 n2l(in, tin1);
202 tin[0] = tin0;
203 tin[1] = tin1;
204 BF_decrypt(tin, schedule);
205 tout0 = tin[0] ^ xor0;
206 tout1 = tin[1] ^ xor1;
207 l2n(tout0, out);
208 l2n(tout1, out);
209 xor0 = tin0;
210 xor1 = tin1;
211 l -= 8;
212 }
213 if (l != 0) {
214 n2l(in, tin0);
215 n2l(in, tin1);
216 tin[0] = tin0;
217 tin[1] = tin1;
218 BF_decrypt(tin, schedule);
219 tout0 = tin[0] ^ xor0;
220 tout1 = tin[1] ^ xor1;
221 l2nn(tout0, tout1, out, l);
222 xor0 = tin0;
223 xor1 = tin1;
224 }
225 l2n(xor0, ivec);
226 l2n(xor1, ivec);
227 }
228 tin0 = tin1 = tout0 = tout1 = xor0 = xor1 = 0;
229 tin[0] = tin[1] = 0;
230 }
231
232 static const BF_KEY bf_init = {
233 {0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, 0xa4093822L,
234 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, 0x452821e6L, 0x38d01377L,
235 0xbe5466cfL, 0x34e90c6cL, 0xc0ac29b7L, 0xc97c50ddL, 0x3f84d5b5L,
236 0xb5470917L, 0x9216d5d9L, 0x8979fb1b},
237 {
238 0xd1310ba6L, 0x98dfb5acL, 0x2ffd72dbL, 0xd01adfb7L, 0xb8e1afedL,
239 0x6a267e96L, 0xba7c9045L, 0xf12c7f99L, 0x24a19947L, 0xb3916cf7L,
240 0x0801f2e2L, 0x858efc16L, 0x636920d8L, 0x71574e69L, 0xa458fea3L,
241 0xf4933d7eL, 0x0d95748fL, 0x728eb658L, 0x718bcd58L, 0x82154aeeL,
242 0x7b54a41dL, 0xc25a59b5L, 0x9c30d539L, 0x2af26013L, 0xc5d1b023L,
243 0x286085f0L, 0xca417918L, 0xb8db38efL, 0x8e79dcb0L, 0x603a180eL,
244 0x6c9e0e8bL, 0xb01e8a3eL, 0xd71577c1L, 0xbd314b27L, 0x78af2fdaL,
245 0x55605c60L, 0xe65525f3L, 0xaa55ab94L, 0x57489862L, 0x63e81440L,
246 0x55ca396aL, 0x2aab10b6L, 0xb4cc5c34L, 0x1141e8ceL, 0xa15486afL,
247 0x7c72e993L, 0xb3ee1411L, 0x636fbc2aL, 0x2ba9c55dL, 0x741831f6L,
248 0xce5c3e16L, 0x9b87931eL, 0xafd6ba33L, 0x6c24cf5cL, 0x7a325381L,
249 0x28958677L, 0x3b8f4898L, 0x6b4bb9afL, 0xc4bfe81bL, 0x66282193L,
250 0x61d809ccL, 0xfb21a991L, 0x487cac60L, 0x5dec8032L, 0xef845d5dL,
251 0xe98575b1L, 0xdc262302L, 0xeb651b88L, 0x23893e81L, 0xd396acc5L,
252 0x0f6d6ff3L, 0x83f44239L, 0x2e0b4482L, 0xa4842004L, 0x69c8f04aL,
253 0x9e1f9b5eL, 0x21c66842L, 0xf6e96c9aL, 0x670c9c61L, 0xabd388f0L,
254 0x6a51a0d2L, 0xd8542f68L, 0x960fa728L, 0xab5133a3L, 0x6eef0b6cL,
255 0x137a3be4L, 0xba3bf050L, 0x7efb2a98L, 0xa1f1651dL, 0x39af0176L,
256 0x66ca593eL, 0x82430e88L, 0x8cee8619L, 0x456f9fb4L, 0x7d84a5c3L,
257 0x3b8b5ebeL, 0xe06f75d8L, 0x85c12073L, 0x401a449fL, 0x56c16aa6L,
258 0x4ed3aa62L, 0x363f7706L, 0x1bfedf72L, 0x429b023dL, 0x37d0d724L,
259 0xd00a1248L, 0xdb0fead3L, 0x49f1c09bL, 0x075372c9L, 0x80991b7bL,
260 0x25d479d8L, 0xf6e8def7L, 0xe3fe501aL, 0xb6794c3bL, 0x976ce0bdL,
261 0x04c006baL, 0xc1a94fb6L, 0x409f60c4L, 0x5e5c9ec2L, 0x196a2463L,
262 0x68fb6fafL, 0x3e6c53b5L, 0x1339b2ebL, 0x3b52ec6fL, 0x6dfc511fL,
263 0x9b30952cL, 0xcc814544L, 0xaf5ebd09L, 0xbee3d004L, 0xde334afdL,
264 0x660f2807L, 0x192e4bb3L, 0xc0cba857L, 0x45c8740fL, 0xd20b5f39L,
265 0xb9d3fbdbL, 0x5579c0bdL, 0x1a60320aL, 0xd6a100c6L, 0x402c7279L,
266 0x679f25feL, 0xfb1fa3ccL, 0x8ea5e9f8L, 0xdb3222f8L, 0x3c7516dfL,
267 0xfd616b15L, 0x2f501ec8L, 0xad0552abL, 0x323db5faL, 0xfd238760L,
268 0x53317b48L, 0x3e00df82L, 0x9e5c57bbL, 0xca6f8ca0L, 0x1a87562eL,
269 0xdf1769dbL, 0xd542a8f6L, 0x287effc3L, 0xac6732c6L, 0x8c4f5573L,
270 0x695b27b0L, 0xbbca58c8L, 0xe1ffa35dL, 0xb8f011a0L, 0x10fa3d98L,
271 0xfd2183b8L, 0x4afcb56cL, 0x2dd1d35bL, 0x9a53e479L, 0xb6f84565L,
272 0xd28e49bcL, 0x4bfb9790L, 0xe1ddf2daL, 0xa4cb7e33L, 0x62fb1341L,
273 0xcee4c6e8L, 0xef20cadaL, 0x36774c01L, 0xd07e9efeL, 0x2bf11fb4L,
274 0x95dbda4dL, 0xae909198L, 0xeaad8e71L, 0x6b93d5a0L, 0xd08ed1d0L,
275 0xafc725e0L, 0x8e3c5b2fL, 0x8e7594b7L, 0x8ff6e2fbL, 0xf2122b64L,
276 0x8888b812L, 0x900df01cL, 0x4fad5ea0L, 0x688fc31cL, 0xd1cff191L,
277 0xb3a8c1adL, 0x2f2f2218L, 0xbe0e1777L, 0xea752dfeL, 0x8b021fa1L,
278 0xe5a0cc0fL, 0xb56f74e8L, 0x18acf3d6L, 0xce89e299L, 0xb4a84fe0L,
279 0xfd13e0b7L, 0x7cc43b81L, 0xd2ada8d9L, 0x165fa266L, 0x80957705L,
280 0x93cc7314L, 0x211a1477L, 0xe6ad2065L, 0x77b5fa86L, 0xc75442f5L,
281 0xfb9d35cfL, 0xebcdaf0cL, 0x7b3e89a0L, 0xd6411bd3L, 0xae1e7e49L,
282 0x00250e2dL, 0x2071b35eL, 0x226800bbL, 0x57b8e0afL, 0x2464369bL,
283 0xf009b91eL, 0x5563911dL, 0x59dfa6aaL, 0x78c14389L, 0xd95a537fL,
284 0x207d5ba2L, 0x02e5b9c5L, 0x83260376L, 0x6295cfa9L, 0x11c81968L,
285 0x4e734a41L, 0xb3472dcaL, 0x7b14a94aL, 0x1b510052L, 0x9a532915L,
286 0xd60f573fL, 0xbc9bc6e4L, 0x2b60a476L, 0x81e67400L, 0x08ba6fb5L,
287 0x571be91fL, 0xf296ec6bL, 0x2a0dd915L, 0xb6636521L, 0xe7b9f9b6L,
288 0xff34052eL, 0xc5855664L, 0x53b02d5dL, 0xa99f8fa1L, 0x08ba4799L,
289 0x6e85076aL, 0x4b7a70e9L, 0xb5b32944L, 0xdb75092eL, 0xc4192623L,
290 0xad6ea6b0L, 0x49a7df7dL, 0x9cee60b8L, 0x8fedb266L, 0xecaa8c71L,
291 0x699a17ffL, 0x5664526cL, 0xc2b19ee1L, 0x193602a5L, 0x75094c29L,
292 0xa0591340L, 0xe4183a3eL, 0x3f54989aL, 0x5b429d65L, 0x6b8fe4d6L,
293 0x99f73fd6L, 0xa1d29c07L, 0xefe830f5L, 0x4d2d38e6L, 0xf0255dc1L,
294 0x4cdd2086L, 0x8470eb26L, 0x6382e9c6L, 0x021ecc5eL, 0x09686b3fL,
295 0x3ebaefc9L, 0x3c971814L, 0x6b6a70a1L, 0x687f3584L, 0x52a0e286L,
296 0xb79c5305L, 0xaa500737L, 0x3e07841cL, 0x7fdeae5cL, 0x8e7d44ecL,
297 0x5716f2b8L, 0xb03ada37L, 0xf0500c0dL, 0xf01c1f04L, 0x0200b3ffL,
298 0xae0cf51aL, 0x3cb574b2L, 0x25837a58L, 0xdc0921bdL, 0xd19113f9L,
299 0x7ca92ff6L, 0x94324773L, 0x22f54701L, 0x3ae5e581L, 0x37c2dadcL,
300 0xc8b57634L, 0x9af3dda7L, 0xa9446146L, 0x0fd0030eL, 0xecc8c73eL,
301 0xa4751e41L, 0xe238cd99L, 0x3bea0e2fL, 0x3280bba1L, 0x183eb331L,
302 0x4e548b38L, 0x4f6db908L, 0x6f420d03L, 0xf60a04bfL, 0x2cb81290L,
303 0x24977c79L, 0x5679b072L, 0xbcaf89afL, 0xde9a771fL, 0xd9930810L,
304 0xb38bae12L, 0xdccf3f2eL, 0x5512721fL, 0x2e6b7124L, 0x501adde6L,
305 0x9f84cd87L, 0x7a584718L, 0x7408da17L, 0xbc9f9abcL, 0xe94b7d8cL,
306 0xec7aec3aL, 0xdb851dfaL, 0x63094366L, 0xc464c3d2L, 0xef1c1847L,
307 0x3215d908L, 0xdd433b37L, 0x24c2ba16L, 0x12a14d43L, 0x2a65c451L,
308 0x50940002L, 0x133ae4ddL, 0x71dff89eL, 0x10314e55L, 0x81ac77d6L,
309 0x5f11199bL, 0x043556f1L, 0xd7a3c76bL, 0x3c11183bL, 0x5924a509L,
310 0xf28fe6edL, 0x97f1fbfaL, 0x9ebabf2cL, 0x1e153c6eL, 0x86e34570L,
311 0xeae96fb1L, 0x860e5e0aL, 0x5a3e2ab3L, 0x771fe71cL, 0x4e3d06faL,
312 0x2965dcb9L, 0x99e71d0fL, 0x803e89d6L, 0x5266c825L, 0x2e4cc978L,
313 0x9c10b36aL, 0xc6150ebaL, 0x94e2ea78L, 0xa5fc3c53L, 0x1e0a2df4L,
314 0xf2f74ea7L, 0x361d2b3dL, 0x1939260fL, 0x19c27960L, 0x5223a708L,
315 0xf71312b6L, 0xebadfe6eL, 0xeac31f66L, 0xe3bc4595L, 0xa67bc883L,
316 0xb17f37d1L, 0x018cff28L, 0xc332ddefL, 0xbe6c5aa5L, 0x65582185L,
317 0x68ab9802L, 0xeecea50fL, 0xdb2f953bL, 0x2aef7dadL, 0x5b6e2f84L,
318 0x1521b628L, 0x29076170L, 0xecdd4775L, 0x619f1510L, 0x13cca830L,
319 0xeb61bd96L, 0x0334fe1eL, 0xaa0363cfL, 0xb5735c90L, 0x4c70a239L,
320 0xd59e9e0bL, 0xcbaade14L, 0xeecc86bcL, 0x60622ca7L, 0x9cab5cabL,
321 0xb2f3846eL, 0x648b1eafL, 0x19bdf0caL, 0xa02369b9L, 0x655abb50L,
322 0x40685a32L, 0x3c2ab4b3L, 0x319ee9d5L, 0xc021b8f7L, 0x9b540b19L,
323 0x875fa099L, 0x95f7997eL, 0x623d7da8L, 0xf837889aL, 0x97e32d77L,
324 0x11ed935fL, 0x16681281L, 0x0e358829L, 0xc7e61fd6L, 0x96dedfa1L,
325 0x7858ba99L, 0x57f584a5L, 0x1b227263L, 0x9b83c3ffL, 0x1ac24696L,
326 0xcdb30aebL, 0x532e3054L, 0x8fd948e4L, 0x6dbc3128L, 0x58ebf2efL,
327 0x34c6ffeaL, 0xfe28ed61L, 0xee7c3c73L, 0x5d4a14d9L, 0xe864b7e3L,
328 0x42105d14L, 0x203e13e0L, 0x45eee2b6L, 0xa3aaabeaL, 0xdb6c4f15L,
329 0xfacb4fd0L, 0xc742f442L, 0xef6abbb5L, 0x654f3b1dL, 0x41cd2105L,
330 0xd81e799eL, 0x86854dc7L, 0xe44b476aL, 0x3d816250L, 0xcf62a1f2L,
331 0x5b8d2646L, 0xfc8883a0L, 0xc1c7b6a3L, 0x7f1524c3L, 0x69cb7492L,
332 0x47848a0bL, 0x5692b285L, 0x095bbf00L, 0xad19489dL, 0x1462b174L,
333 0x23820e00L, 0x58428d2aL, 0x0c55f5eaL, 0x1dadf43eL, 0x233f7061L,
334 0x3372f092L, 0x8d937e41L, 0xd65fecf1L, 0x6c223bdbL, 0x7cde3759L,
335 0xcbee7460L, 0x4085f2a7L, 0xce77326eL, 0xa6078084L, 0x19f8509eL,
336 0xe8efd855L, 0x61d99735L, 0xa969a7aaL, 0xc50c06c2L, 0x5a04abfcL,
337 0x800bcadcL, 0x9e447a2eL, 0xc3453484L, 0xfdd56705L, 0x0e1e9ec9L,
338 0xdb73dbd3L, 0x105588cdL, 0x675fda79L, 0xe3674340L, 0xc5c43465L,
339 0x713e38d8L, 0x3d28f89eL, 0xf16dff20L, 0x153e21e7L, 0x8fb03d4aL,
340 0xe6e39f2bL, 0xdb83adf7L, 0xe93d5a68L, 0x948140f7L, 0xf64c261cL,
341 0x94692934L, 0x411520f7L, 0x7602d4f7L, 0xbcf46b2eL, 0xd4a20068L,
342 0xd4082471L, 0x3320f46aL, 0x43b7d4b7L, 0x500061afL, 0x1e39f62eL,
343 0x97244546L, 0x14214f74L, 0xbf8b8840L, 0x4d95fc1dL, 0x96b591afL,
344 0x70f4ddd3L, 0x66a02f45L, 0xbfbc09ecL, 0x03bd9785L, 0x7fac6dd0L,
345 0x31cb8504L, 0x96eb27b3L, 0x55fd3941L, 0xda2547e6L, 0xabca0a9aL,
346 0x28507825L, 0x530429f4L, 0x0a2c86daL, 0xe9b66dfbL, 0x68dc1462L,
347 0xd7486900L, 0x680ec0a4L, 0x27a18deeL, 0x4f3ffea2L, 0xe887ad8cL,
348 0xb58ce006L, 0x7af4d6b6L, 0xaace1e7cL, 0xd3375fecL, 0xce78a399L,
349 0x406b2a42L, 0x20fe9e35L, 0xd9f385b9L, 0xee39d7abL, 0x3b124e8bL,
350 0x1dc9faf7L, 0x4b6d1856L, 0x26a36631L, 0xeae397b2L, 0x3a6efa74L,
351 0xdd5b4332L, 0x6841e7f7L, 0xca7820fbL, 0xfb0af54eL, 0xd8feb397L,
352 0x454056acL, 0xba489527L, 0x55533a3aL, 0x20838d87L, 0xfe6ba9b7L,
353 0xd096954bL, 0x55a867bcL, 0xa1159a58L, 0xcca92963L, 0x99e1db33L,
354 0xa62a4a56L, 0x3f3125f9L, 0x5ef47e1cL, 0x9029317cL, 0xfdf8e802L,
355 0x04272f70L, 0x80bb155cL, 0x05282ce3L, 0x95c11548L, 0xe4c66d22L,
356 0x48c1133fL, 0xc70f86dcL, 0x07f9c9eeL, 0x41041f0fL, 0x404779a4L,
357 0x5d886e17L, 0x325f51ebL, 0xd59bc0d1L, 0xf2bcc18fL, 0x41113564L,
358 0x257b7834L, 0x602a9c60L, 0xdff8e8a3L, 0x1f636c1bL, 0x0e12b4c2L,
359 0x02e1329eL, 0xaf664fd1L, 0xcad18115L, 0x6b2395e0L, 0x333e92e1L,
360 0x3b240b62L, 0xeebeb922L, 0x85b2a20eL, 0xe6ba0d99L, 0xde720c8cL,
361 0x2da2f728L, 0xd0127845L, 0x95b794fdL, 0x647d0862L, 0xe7ccf5f0L,
362 0x5449a36fL, 0x877d48faL, 0xc39dfd27L, 0xf33e8d1eL, 0x0a476341L,
363 0x992eff74L, 0x3a6f6eabL, 0xf4f8fd37L, 0xa812dc60L, 0xa1ebddf8L,
364 0x991be14cL, 0xdb6e6b0dL, 0xc67b5510L, 0x6d672c37L, 0x2765d43bL,
365 0xdcd0e804L, 0xf1290dc7L, 0xcc00ffa3L, 0xb5390f92L, 0x690fed0bL,
366 0x667b9ffbL, 0xcedb7d9cL, 0xa091cf0bL, 0xd9155ea3L, 0xbb132f88L,
367 0x515bad24L, 0x7b9479bfL, 0x763bd6ebL, 0x37392eb3L, 0xcc115979L,
368 0x8026e297L, 0xf42e312dL, 0x6842ada7L, 0xc66a2b3bL, 0x12754cccL,
369 0x782ef11cL, 0x6a124237L, 0xb79251e7L, 0x06a1bbe6L, 0x4bfb6350L,
370 0x1a6b1018L, 0x11caedfaL, 0x3d25bdd8L, 0xe2e1c3c9L, 0x44421659L,
371 0x0a121386L, 0xd90cec6eL, 0xd5abea2aL, 0x64af674eL, 0xda86a85fL,
372 0xbebfe988L, 0x64e4c3feL, 0x9dbc8057L, 0xf0f7c086L, 0x60787bf8L,
373 0x6003604dL, 0xd1fd8346L, 0xf6381fb0L, 0x7745ae04L, 0xd736fcccL,
374 0x83426b33L, 0xf01eab71L, 0xb0804187L, 0x3c005e5fL, 0x77a057beL,
375 0xbde8ae24L, 0x55464299L, 0xbf582e61L, 0x4e58f48fL, 0xf2ddfda2L,
376 0xf474ef38L, 0x8789bdc2L, 0x5366f9c3L, 0xc8b38e74L, 0xb475f255L,
377 0x46fcd9b9L, 0x7aeb2661L, 0x8b1ddf84L, 0x846a0e79L, 0x915f95e2L,
378 0x466e598eL, 0x20b45770L, 0x8cd55591L, 0xc902de4cL, 0xb90bace1L,
379 0xbb8205d0L, 0x11a86248L, 0x7574a99eL, 0xb77f19b6L, 0xe0a9dc09L,
380 0x662d09a1L, 0xc4324633L, 0xe85a1f02L, 0x09f0be8cL, 0x4a99a025L,
381 0x1d6efe10L, 0x1ab93d1dL, 0x0ba5a4dfL, 0xa186f20fL, 0x2868f169L,
382 0xdcb7da83L, 0x573906feL, 0xa1e2ce9bL, 0x4fcd7f52L, 0x50115e01L,
383 0xa70683faL, 0xa002b5c4L, 0x0de6d027L, 0x9af88c27L, 0x773f8641L,
384 0xc3604c06L, 0x61a806b5L, 0xf0177a28L, 0xc0f586e0L, 0x006058aaL,
385 0x30dc7d62L, 0x11e69ed7L, 0x2338ea63L, 0x53c2dd94L, 0xc2c21634L,
386 0xbbcbee56L, 0x90bcb6deL, 0xebfc7da1L, 0xce591d76L, 0x6f05e409L,
387 0x4b7c0188L, 0x39720a3dL, 0x7c927c24L, 0x86e3725fL, 0x724d9db9L,
388 0x1ac15bb4L, 0xd39eb8fcL, 0xed545578L, 0x08fca5b5L, 0xd83d7cd3L,
389 0x4dad0fc4L, 0x1e50ef5eL, 0xb161e6f8L, 0xa28514d9L, 0x6c51133cL,
390 0x6fd5c7e7L, 0x56e14ec4L, 0x362abfceL, 0xddc6c837L, 0xd79a3234L,
391 0x92638212L, 0x670efa8eL, 0x406000e0L, 0x3a39ce37L, 0xd3faf5cfL,
392 0xabc27737L, 0x5ac52d1bL, 0x5cb0679eL, 0x4fa33742L, 0xd3822740L,
393 0x99bc9bbeL, 0xd5118e9dL, 0xbf0f7315L, 0xd62d1c7eL, 0xc700c47bL,
394 0xb78c1b6bL, 0x21a19045L, 0xb26eb1beL, 0x6a366eb4L, 0x5748ab2fL,
395 0xbc946e79L, 0xc6a376d2L, 0x6549c2c8L, 0x530ff8eeL, 0x468dde7dL,
396 0xd5730a1dL, 0x4cd04dc6L, 0x2939bbdbL, 0xa9ba4650L, 0xac9526e8L,
397 0xbe5ee304L, 0xa1fad5f0L, 0x6a2d519aL, 0x63ef8ce2L, 0x9a86ee22L,
398 0xc089c2b8L, 0x43242ef6L, 0xa51e03aaL, 0x9cf2d0a4L, 0x83c061baL,
399 0x9be96a4dL, 0x8fe51550L, 0xba645bd6L, 0x2826a2f9L, 0xa73a3ae1L,
400 0x4ba99586L, 0xef5562e9L, 0xc72fefd3L, 0xf752f7daL, 0x3f046f69L,
401 0x77fa0a59L, 0x80e4a915L, 0x87b08601L, 0x9b09e6adL, 0x3b3ee593L,
402 0xe990fd5aL, 0x9e34d797L, 0x2cf0b7d9L, 0x022b8b51L, 0x96d5ac3aL,
403 0x017da67dL, 0xd1cf3ed6L, 0x7c7d2d28L, 0x1f9f25cfL, 0xadf2b89bL,
404 0x5ad6b472L, 0x5a88f54cL, 0xe029ac71L, 0xe019a5e6L, 0x47b0acfdL,
405 0xed93fa9bL, 0xe8d3c48dL, 0x283b57ccL, 0xf8d56629L, 0x79132e28L,
406 0x785f0191L, 0xed756055L, 0xf7960e44L, 0xe3d35e8cL, 0x15056dd4L,
407 0x88f46dbaL, 0x03a16125L, 0x0564f0bdL, 0xc3eb9e15L, 0x3c9057a2L,
408 0x97271aecL, 0xa93a072aL, 0x1b3f6d9bL, 0x1e6321f5L, 0xf59c66fbL,
409 0x26dcf319L, 0x7533d928L, 0xb155fdf5L, 0x03563482L, 0x8aba3cbbL,
410 0x28517711L, 0xc20ad9f8L, 0xabcc5167L, 0xccad925fL, 0x4de81751L,
411 0x3830dc8eL, 0x379d5862L, 0x9320f991L, 0xea7a90c2L, 0xfb3e7bceL,
412 0x5121ce64L, 0x774fbe32L, 0xa8b6e37eL, 0xc3293d46L, 0x48de5369L,
413 0x6413e680L, 0xa2ae0810L, 0xdd6db224L, 0x69852dfdL, 0x09072166L,
414 0xb39a460aL, 0x6445c0ddL, 0x586cdecfL, 0x1c20c8aeL, 0x5bbef7ddL,
415 0x1b588d40L, 0xccd2017fL, 0x6bb4e3bbL, 0xdda26a7eL, 0x3a59ff45L,
416 0x3e350a44L, 0xbcb4cdd5L, 0x72eacea8L, 0xfa6484bbL, 0x8d6612aeL,
417 0xbf3c6f47L, 0xd29be463L, 0x542f5d9eL, 0xaec2771bL, 0xf64e6370L,
418 0x740e0d8dL, 0xe75b1357L, 0xf8721671L, 0xaf537d5dL, 0x4040cb08L,
419 0x4eb4e2ccL, 0x34d2466aL, 0x0115af84L, 0xe1b00428L, 0x95983a1dL,
420 0x06b89fb4L, 0xce6ea048L, 0x6f3f3b82L, 0x3520ab82L, 0x011a1d4bL,
421 0x277227f8L, 0x611560b1L, 0xe7933fdcL, 0xbb3a792bL, 0x344525bdL,
422 0xa08839e1L, 0x51ce794bL, 0x2f32c9b7L, 0xa01fbac9L, 0xe01cc87eL,
423 0xbcc7d1f6L, 0xcf0111c3L, 0xa1e8aac7L, 0x1a908749L, 0xd44fbd9aL,
424 0xd0dadecbL, 0xd50ada38L, 0x0339c32aL, 0xc6913667L, 0x8df9317cL,
425 0xe0b12b4fL, 0xf79e59b7L, 0x43f5bb3aL, 0xf2d519ffL, 0x27d9459cL,
426 0xbf97222cL, 0x15e6fc2aL, 0x0f91fc71L, 0x9b941525L, 0xfae59361L,
427 0xceb69cebL, 0xc2a86459L, 0x12baa8d1L, 0xb6c1075eL, 0xe3056a0cL,
428 0x10d25065L, 0xcb03a442L, 0xe0ec6e0eL, 0x1698db3bL, 0x4c98a0beL,
429 0x3278e964L, 0x9f1f9532L, 0xe0d392dfL, 0xd3a0342bL, 0x8971f21eL,
430 0x1b0a7441L, 0x4ba3348cL, 0xc5be7120L, 0xc37632d8L, 0xdf359f8dL,
431 0x9b992f2eL, 0xe60b6f47L, 0x0fe3f11dL, 0xe54cda54L, 0x1edad891L,
432 0xce6279cfL, 0xcd3e7e6fL, 0x1618b166L, 0xfd2c1d05L, 0x848fd2c5L,
433 0xf6fb2299L, 0xf523f357L, 0xa6327623L, 0x93a83531L, 0x56cccd02L,
434 0xacf08162L, 0x5a75ebb5L, 0x6e163697L, 0x88d273ccL, 0xde966292L,
435 0x81b949d0L, 0x4c50901bL, 0x71c65614L, 0xe6c6c7bdL, 0x327a140aL,
436 0x45e1d006L, 0xc3f27b9aL, 0xc9aa53fdL, 0x62a80f00L, 0xbb25bfe2L,
437 0x35bdd2f6L, 0x71126905L, 0xb2040222L, 0xb6cbcf7cL, 0xcd769c2bL,
438 0x53113ec0L, 0x1640e3d3L, 0x38abbd60L, 0x2547adf0L, 0xba38209cL,
439 0xf746ce76L, 0x77afa1c5L, 0x20756060L, 0x85cbfe4eL, 0x8ae88dd8L,
440 0x7aaaf9b0L, 0x4cf9aa7eL, 0x1948c25cL, 0x02fb8a8cL, 0x01c36ae4L,
441 0xd6ebe1f9L, 0x90d4f869L, 0xa65cdea0L, 0x3f09252dL, 0xc208e69fL,
442 0xb74e6132L, 0xce77e25bL, 0x578fdfe3L, 0x3ac372e6L,
443 },
444 };
445
BF_set_key(BF_KEY * key,size_t len,const uint8_t * data)446 void BF_set_key(BF_KEY *key, size_t len, const uint8_t *data) {
447 int i;
448 uint32_t *p, ri, in[2];
449 const uint8_t *d, *end;
450
451 OPENSSL_memcpy(key, &bf_init, sizeof(BF_KEY));
452 p = key->P;
453
454 if (len > ((BF_ROUNDS + 2) * 4)) {
455 len = (BF_ROUNDS + 2) * 4;
456 }
457
458 d = data;
459 end = &data[len];
460 for (i = 0; i < BF_ROUNDS + 2; i++) {
461 ri = *(d++);
462 if (d >= end) {
463 d = data;
464 }
465
466 ri <<= 8;
467 ri |= *(d++);
468 if (d >= end) {
469 d = data;
470 }
471
472 ri <<= 8;
473 ri |= *(d++);
474 if (d >= end) {
475 d = data;
476 }
477
478 ri <<= 8;
479 ri |= *(d++);
480 if (d >= end) {
481 d = data;
482 }
483
484 p[i] ^= ri;
485 }
486
487 in[0] = 0L;
488 in[1] = 0L;
489 for (i = 0; i < BF_ROUNDS + 2; i += 2) {
490 BF_encrypt(in, key);
491 p[i] = in[0];
492 p[i + 1] = in[1];
493 }
494
495 p = key->S;
496 for (i = 0; i < 4 * 256; i += 2) {
497 BF_encrypt(in, key);
498 p[i] = in[0];
499 p[i + 1] = in[1];
500 }
501 }
502
BF_cfb64_encrypt(const uint8_t * in,uint8_t * out,size_t length,const BF_KEY * schedule,uint8_t * ivec,int * num,int encrypt)503 static void BF_cfb64_encrypt(const uint8_t *in, uint8_t *out, size_t length,
504 const BF_KEY *schedule, uint8_t *ivec, int *num,
505 int encrypt) {
506 uint32_t v0, v1, t;
507 int n = *num;
508 size_t l = length;
509 uint32_t ti[2];
510 uint8_t c, cc;
511
512 uint8_t *iv = ivec;
513 if (encrypt) {
514 while (l--) {
515 if (n == 0) {
516 n2l(iv, v0);
517 ti[0] = v0;
518 n2l(iv, v1);
519 ti[1] = v1;
520 BF_encrypt(ti, schedule);
521 iv = ivec;
522 t = ti[0];
523 l2n(t, iv);
524 t = ti[1];
525 l2n(t, iv);
526 iv = ivec;
527 }
528 c = *(in++) ^ iv[n];
529 *(out++) = c;
530 iv[n] = c;
531 n = (n + 1) & 0x07;
532 }
533 } else {
534 while (l--) {
535 if (n == 0) {
536 n2l(iv, v0);
537 ti[0] = v0;
538 n2l(iv, v1);
539 ti[1] = v1;
540 BF_encrypt(ti, schedule);
541 iv = ivec;
542 t = ti[0];
543 l2n(t, iv);
544 t = ti[1];
545 l2n(t, iv);
546 iv = ivec;
547 }
548 cc = *(in++);
549 c = iv[n];
550 iv[n] = cc;
551 *(out++) = c ^ cc;
552 n = (n + 1) & 0x07;
553 }
554 }
555
556 *num = n;
557 }
558
bf_init_key(EVP_CIPHER_CTX * ctx,const uint8_t * key,const uint8_t * iv,int enc)559 static int bf_init_key(EVP_CIPHER_CTX *ctx, const uint8_t *key,
560 const uint8_t *iv, int enc) {
561 BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data);
562 BF_set_key(bf_key, ctx->key_len, key);
563 return 1;
564 }
565
bf_ecb_cipher(EVP_CIPHER_CTX * ctx,uint8_t * out,const uint8_t * in,size_t len)566 static int bf_ecb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
567 size_t len) {
568 BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data);
569
570 while (len >= BF_BLOCK) {
571 BF_ecb_encrypt(in, out, bf_key, ctx->encrypt);
572 in += BF_BLOCK;
573 out += BF_BLOCK;
574 len -= BF_BLOCK;
575 }
576 assert(len == 0);
577
578 return 1;
579 }
580
bf_cbc_cipher(EVP_CIPHER_CTX * ctx,uint8_t * out,const uint8_t * in,size_t len)581 static int bf_cbc_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
582 size_t len) {
583 BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data);
584 BF_cbc_encrypt(in, out, len, bf_key, ctx->iv, ctx->encrypt);
585 return 1;
586 }
587
bf_cfb_cipher(EVP_CIPHER_CTX * ctx,uint8_t * out,const uint8_t * in,size_t len)588 static int bf_cfb_cipher(EVP_CIPHER_CTX *ctx, uint8_t *out, const uint8_t *in,
589 size_t len) {
590 BF_KEY *bf_key = reinterpret_cast<BF_KEY *>(ctx->cipher_data);
591 int num = ctx->num;
592 BF_cfb64_encrypt(in, out, len, bf_key, ctx->iv, &num, ctx->encrypt);
593 ctx->num = num;
594 return 1;
595 }
596
597 static const EVP_CIPHER bf_ecb = {
598 /* nid= */ NID_bf_ecb,
599 /* block_size= */ BF_BLOCK,
600 /* key_len= */ 16,
601 /* iv_len= */ BF_BLOCK,
602 /* ctx_size= */ sizeof(BF_KEY),
603 /* flags= */ EVP_CIPH_ECB_MODE | EVP_CIPH_VARIABLE_LENGTH,
604 /* init= */ bf_init_key,
605 /* cipher= */ bf_ecb_cipher,
606 /* cleanup= */ nullptr,
607 /* ctrl= */ nullptr,
608 };
609
610 static const EVP_CIPHER bf_cbc = {
611 /* nid= */ NID_bf_cbc,
612 /* block_size= */ BF_BLOCK,
613 /* key_len= */ 16,
614 /* iv_len= */ BF_BLOCK,
615 /* ctx_size= */ sizeof(BF_KEY),
616 /* flags= */ EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH,
617 /* init= */ bf_init_key,
618 /* cipher= */ bf_cbc_cipher,
619 /* cleanup= */ nullptr,
620 /* ctrl= */ nullptr,
621 };
622
623 static const EVP_CIPHER bf_cfb = {
624 /* nid= */ NID_bf_cfb64,
625 /* block_size= */ 1,
626 /* key_len= */ 16,
627 /* iv_len= */ BF_BLOCK,
628 /* ctx_size= */ sizeof(BF_KEY),
629 /* flags= */ EVP_CIPH_CFB_MODE | EVP_CIPH_VARIABLE_LENGTH,
630 /* init= */ bf_init_key,
631 /* cipher= */ bf_cfb_cipher,
632 /* cleanup= */ nullptr,
633 /* ctrl= */ nullptr,
634 };
635
EVP_bf_ecb(void)636 const EVP_CIPHER *EVP_bf_ecb(void) { return &bf_ecb; }
637
EVP_bf_cbc(void)638 const EVP_CIPHER *EVP_bf_cbc(void) { return &bf_cbc; }
639
EVP_bf_cfb(void)640 const EVP_CIPHER *EVP_bf_cfb(void) { return &bf_cfb; }
641