LCOV - code coverage report
Current view: top level - cipher - blowfish.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 0 220 0.0 %
Date: 2016-12-15 12:59:22 Functions: 0 19 0.0 %

          Line data    Source code
       1             : /* blowfish.c  -  Blowfish encryption
       2             :  *      Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
       3             :  *
       4             :  * This file is part of Libgcrypt.
       5             :  *
       6             :  * Libgcrypt is free software; you can redistribute it and/or modify
       7             :  * it under the terms of the GNU Lesser general Public License as
       8             :  * published by the Free Software Foundation; either version 2.1 of
       9             :  * the License, or (at your option) any later version.
      10             :  *
      11             :  * Libgcrypt is distributed in the hope that it will be useful,
      12             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      13             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      14             :  * GNU Lesser General Public License for more details.
      15             :  *
      16             :  * You should have received a copy of the GNU Lesser General Public
      17             :  * License along with this program; if not, write to the Free Software
      18             :  * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
      19             :  *
      20             :  * For a description of the algorithm, see:
      21             :  *   Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
      22             :  *   ISBN 0-471-11709-9. Pages 336 ff.
      23             :  */
      24             : 
      25             : /* Test values:
      26             :  * key    "abcdefghijklmnopqrstuvwxyz";
      27             :  * plain  "BLOWFISH"
      28             :  * cipher 32 4E D0 FE F4 13 A2 03
      29             :  *
      30             :  */
      31             : 
      32             : #include <config.h>
      33             : #include <stdio.h>
      34             : #include <stdlib.h>
      35             : #include <string.h>
      36             : #include "types.h"
      37             : #include "g10lib.h"
      38             : #include "cipher.h"
      39             : #include "bufhelp.h"
      40             : #include "cipher-selftest.h"
      41             : 
      42             : #define BLOWFISH_BLOCKSIZE 8
      43             : #define BLOWFISH_ROUNDS 16
      44             : 
      45             : 
      46             : /* USE_AMD64_ASM indicates whether to use AMD64 assembly code. */
      47             : #undef USE_AMD64_ASM
      48             : #if defined(__x86_64__) && (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
      49             :     defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
      50             :     (BLOWFISH_ROUNDS == 16)
      51             : # define USE_AMD64_ASM 1
      52             : #endif
      53             : 
      54             : /* USE_ARM_ASM indicates whether to use ARM assembly code. */
      55             : #undef USE_ARM_ASM
      56             : #if defined(__ARMEL__)
      57             : # if (BLOWFISH_ROUNDS == 16) && defined(HAVE_COMPATIBLE_GCC_ARM_PLATFORM_AS)
      58             : #  define USE_ARM_ASM 1
      59             : # endif
      60             : #endif
      61             : 
      62             : typedef struct {
      63             :     u32 s0[256];
      64             :     u32 s1[256];
      65             :     u32 s2[256];
      66             :     u32 s3[256];
      67             :     u32 p[BLOWFISH_ROUNDS+2];
      68             : } BLOWFISH_context;
      69             : 
      70             : static gcry_err_code_t bf_setkey (void *c, const byte *key, unsigned keylen);
      71             : static unsigned int encrypt_block (void *bc, byte *outbuf, const byte *inbuf);
      72             : static unsigned int decrypt_block (void *bc, byte *outbuf, const byte *inbuf);
      73             : 
      74             : 
      75             : /* precomputed S boxes */
      76             : static const u32 ks0[256] = {
      77             :     0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96,
      78             :     0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16,
      79             :     0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658,
      80             :     0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013,
      81             :     0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E,
      82             :     0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60,
      83             :     0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6,
      84             :     0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A,
      85             :     0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C,
      86             :     0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193,
      87             :     0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1,
      88             :     0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239,
      89             :     0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A,
      90             :     0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3,
      91             :     0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176,
      92             :     0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE,
      93             :     0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706,
      94             :     0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B,
      95             :     0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B,
      96             :     0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463,
      97             :     0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C,
      98             :     0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3,
      99             :     0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A,
     100             :     0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8,
     101             :     0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760,
     102             :     0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB,
     103             :     0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8,
     104             :     0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B,
     105             :     0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33,
     106             :     0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4,
     107             :     0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0,
     108             :     0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C,
     109             :     0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777,
     110             :     0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299,
     111             :     0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705,
     112             :     0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF,
     113             :     0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E,
     114             :     0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA,
     115             :     0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9,
     116             :     0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915,
     117             :     0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F,
     118             :     0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664,
     119             :     0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A };
     120             : 
     121             : static const u32 ks1[256] = {
     122             :     0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D,
     123             :     0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1,
     124             :     0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65,
     125             :     0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1,
     126             :     0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9,
     127             :     0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737,
     128             :     0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D,
     129             :     0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD,
     130             :     0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC,
     131             :     0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41,
     132             :     0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908,
     133             :     0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF,
     134             :     0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124,
     135             :     0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C,
     136             :     0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908,
     137             :     0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD,
     138             :     0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B,
     139             :     0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E,
     140             :     0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA,
     141             :     0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A,
     142             :     0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D,
     143             :     0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66,
     144             :     0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5,
     145             :     0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84,
     146             :     0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96,
     147             :     0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14,
     148             :     0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA,
     149             :     0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7,
     150             :     0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77,
     151             :     0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99,
     152             :     0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054,
     153             :     0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73,
     154             :     0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA,
     155             :     0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105,
     156             :     0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646,
     157             :     0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285,
     158             :     0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA,
     159             :     0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB,
     160             :     0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E,
     161             :     0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC,
     162             :     0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD,
     163             :     0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20,
     164             :     0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 };
     165             : 
     166             : static const u32 ks2[256] = {
     167             :     0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7,
     168             :     0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF,
     169             :     0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF,
     170             :     0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504,
     171             :     0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4,
     172             :     0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE,
     173             :     0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC,
     174             :     0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B,
     175             :     0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332,
     176             :     0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527,
     177             :     0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58,
     178             :     0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C,
     179             :     0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22,
     180             :     0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17,
     181             :     0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60,
     182             :     0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115,
     183             :     0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99,
     184             :     0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0,
     185             :     0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74,
     186             :     0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D,
     187             :     0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3,
     188             :     0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3,
     189             :     0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979,
     190             :     0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C,
     191             :     0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA,
     192             :     0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A,
     193             :     0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086,
     194             :     0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC,
     195             :     0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24,
     196             :     0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2,
     197             :     0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84,
     198             :     0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C,
     199             :     0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09,
     200             :     0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10,
     201             :     0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE,
     202             :     0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027,
     203             :     0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0,
     204             :     0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634,
     205             :     0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188,
     206             :     0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC,
     207             :     0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8,
     208             :     0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837,
     209             :     0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 };
     210             : 
     211             : static const u32 ks3[256] = {
     212             :     0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742,
     213             :     0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B,
     214             :     0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79,
     215             :     0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6,
     216             :     0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A,
     217             :     0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4,
     218             :     0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1,
     219             :     0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59,
     220             :     0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797,
     221             :     0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28,
     222             :     0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6,
     223             :     0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28,
     224             :     0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA,
     225             :     0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A,
     226             :     0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5,
     227             :     0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F,
     228             :     0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE,
     229             :     0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680,
     230             :     0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD,
     231             :     0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB,
     232             :     0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB,
     233             :     0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370,
     234             :     0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC,
     235             :     0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048,
     236             :     0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC,
     237             :     0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9,
     238             :     0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A,
     239             :     0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F,
     240             :     0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A,
     241             :     0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1,
     242             :     0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B,
     243             :     0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E,
     244             :     0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E,
     245             :     0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F,
     246             :     0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623,
     247             :     0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC,
     248             :     0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A,
     249             :     0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6,
     250             :     0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3,
     251             :     0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060,
     252             :     0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C,
     253             :     0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F,
     254             :     0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 };
     255             : 
     256             : static const u32 ps[BLOWFISH_ROUNDS+2] = {
     257             :     0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0,
     258             :     0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C,
     259             :     0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B };
     260             : 
     261             : 
     262             : #ifdef USE_AMD64_ASM
     263             : 
     264             : /* Assembly implementations of Blowfish. */
     265             : extern void _gcry_blowfish_amd64_do_encrypt(BLOWFISH_context *c, u32 *ret_xl,
     266             :                                             u32 *ret_xr);
     267             : 
     268             : extern void _gcry_blowfish_amd64_encrypt_block(BLOWFISH_context *c, byte *out,
     269             :                                                const byte *in);
     270             : 
     271             : extern void _gcry_blowfish_amd64_decrypt_block(BLOWFISH_context *c, byte *out,
     272             :                                                const byte *in);
     273             : 
     274             : /* These assembly implementations process four blocks in parallel. */
     275             : extern void _gcry_blowfish_amd64_ctr_enc(BLOWFISH_context *ctx, byte *out,
     276             :                                          const byte *in, byte *ctr);
     277             : 
     278             : extern void _gcry_blowfish_amd64_cbc_dec(BLOWFISH_context *ctx, byte *out,
     279             :                                          const byte *in, byte *iv);
     280             : 
     281             : extern void _gcry_blowfish_amd64_cfb_dec(BLOWFISH_context *ctx, byte *out,
     282             :                                          const byte *in, byte *iv);
     283             : 
     284             : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
     285             : static inline void
     286             : call_sysv_fn (const void *fn, const void *arg1, const void *arg2,
     287             :               const void *arg3, const void *arg4)
     288             : {
     289             :   /* Call SystemV ABI function without storing non-volatile XMM registers,
     290             :    * as target function does not use vector instruction sets. */
     291             :   asm volatile ("callq *%0\n\t"
     292             :                 : "+a" (fn),
     293             :                   "+D" (arg1),
     294             :                   "+S" (arg2),
     295             :                   "+d" (arg3),
     296             :                   "+c" (arg4)
     297             :                 :
     298             :                 : "cc", "memory", "r8", "r9", "r10", "r11");
     299             : }
     300             : #endif
     301             : 
     302             : static void
     303           0 : do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
     304             : {
     305             : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
     306             :   call_sysv_fn (_gcry_blowfish_amd64_do_encrypt, bc, ret_xl, ret_xr, NULL);
     307             : #else
     308           0 :   _gcry_blowfish_amd64_do_encrypt (bc, ret_xl, ret_xr);
     309             : #endif
     310           0 : }
     311             : 
     312             : static void
     313           0 : do_encrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf)
     314             : {
     315             : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
     316             :   call_sysv_fn (_gcry_blowfish_amd64_encrypt_block, context, outbuf, inbuf,
     317             :                 NULL);
     318             : #else
     319           0 :   _gcry_blowfish_amd64_encrypt_block (context, outbuf, inbuf);
     320             : #endif
     321           0 : }
     322             : 
     323             : static void
     324           0 : do_decrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf)
     325             : {
     326             : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
     327             :   call_sysv_fn (_gcry_blowfish_amd64_decrypt_block, context, outbuf, inbuf,
     328             :                 NULL);
     329             : #else
     330           0 :   _gcry_blowfish_amd64_decrypt_block (context, outbuf, inbuf);
     331             : #endif
     332           0 : }
     333             : 
     334             : static inline void
     335           0 : blowfish_amd64_ctr_enc(BLOWFISH_context *ctx, byte *out, const byte *in,
     336             :                        byte *ctr)
     337             : {
     338             : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
     339             :   call_sysv_fn (_gcry_blowfish_amd64_ctr_enc, ctx, out, in, ctr);
     340             : #else
     341           0 :   _gcry_blowfish_amd64_ctr_enc(ctx, out, in, ctr);
     342             : #endif
     343           0 : }
     344             : 
     345             : static inline void
     346           0 : blowfish_amd64_cbc_dec(BLOWFISH_context *ctx, byte *out, const byte *in,
     347             :                        byte *iv)
     348             : {
     349             : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
     350             :   call_sysv_fn (_gcry_blowfish_amd64_cbc_dec, ctx, out, in, iv);
     351             : #else
     352           0 :   _gcry_blowfish_amd64_cbc_dec(ctx, out, in, iv);
     353             : #endif
     354           0 : }
     355             : 
     356             : static inline void
     357           0 : blowfish_amd64_cfb_dec(BLOWFISH_context *ctx, byte *out, const byte *in,
     358             :                        byte *iv)
     359             : {
     360             : #ifdef HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS
     361             :   call_sysv_fn (_gcry_blowfish_amd64_cfb_dec, ctx, out, in, iv);
     362             : #else
     363           0 :   _gcry_blowfish_amd64_cfb_dec(ctx, out, in, iv);
     364             : #endif
     365           0 : }
     366             : 
     367             : static unsigned int
     368           0 : encrypt_block (void *context , byte *outbuf, const byte *inbuf)
     369             : {
     370           0 :   BLOWFISH_context *c = (BLOWFISH_context *) context;
     371           0 :   do_encrypt_block (c, outbuf, inbuf);
     372           0 :   return /*burn_stack*/ (2*8);
     373             : }
     374             : 
     375             : static unsigned int
     376           0 : decrypt_block (void *context, byte *outbuf, const byte *inbuf)
     377             : {
     378           0 :   BLOWFISH_context *c = (BLOWFISH_context *) context;
     379           0 :   do_decrypt_block (c, outbuf, inbuf);
     380           0 :   return /*burn_stack*/ (2*8);
     381             : }
     382             : 
     383             : #elif defined(USE_ARM_ASM)
     384             : 
     385             : /* Assembly implementations of Blowfish. */
     386             : extern void _gcry_blowfish_arm_do_encrypt(BLOWFISH_context *c, u32 *ret_xl,
     387             :                                             u32 *ret_xr);
     388             : 
     389             : extern void _gcry_blowfish_arm_encrypt_block(BLOWFISH_context *c, byte *out,
     390             :                                                const byte *in);
     391             : 
     392             : extern void _gcry_blowfish_arm_decrypt_block(BLOWFISH_context *c, byte *out,
     393             :                                                const byte *in);
     394             : 
     395             : /* These assembly implementations process two blocks in parallel. */
     396             : extern void _gcry_blowfish_arm_ctr_enc(BLOWFISH_context *ctx, byte *out,
     397             :                                          const byte *in, byte *ctr);
     398             : 
     399             : extern void _gcry_blowfish_arm_cbc_dec(BLOWFISH_context *ctx, byte *out,
     400             :                                          const byte *in, byte *iv);
     401             : 
     402             : extern void _gcry_blowfish_arm_cfb_dec(BLOWFISH_context *ctx, byte *out,
     403             :                                          const byte *in, byte *iv);
     404             : 
     405             : static void
     406             : do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
     407             : {
     408             :   _gcry_blowfish_arm_do_encrypt (bc, ret_xl, ret_xr);
     409             : }
     410             : 
     411             : static void
     412             : do_encrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf)
     413             : {
     414             :   _gcry_blowfish_arm_encrypt_block (context, outbuf, inbuf);
     415             : }
     416             : 
     417             : static void
     418             : do_decrypt_block (BLOWFISH_context *context, byte *outbuf, const byte *inbuf)
     419             : {
     420             :   _gcry_blowfish_arm_decrypt_block (context, outbuf, inbuf);
     421             : }
     422             : 
     423             : static unsigned int
     424             : encrypt_block (void *context , byte *outbuf, const byte *inbuf)
     425             : {
     426             :   BLOWFISH_context *c = (BLOWFISH_context *) context;
     427             :   do_encrypt_block (c, outbuf, inbuf);
     428             :   return /*burn_stack*/ (10*4);
     429             : }
     430             : 
     431             : static unsigned int
     432             : decrypt_block (void *context, byte *outbuf, const byte *inbuf)
     433             : {
     434             :   BLOWFISH_context *c = (BLOWFISH_context *) context;
     435             :   do_decrypt_block (c, outbuf, inbuf);
     436             :   return /*burn_stack*/ (10*4);
     437             : }
     438             : 
     439             : #else /*USE_ARM_ASM*/
     440             : 
     441             : #if BLOWFISH_ROUNDS != 16
     442             : static inline u32
     443             : function_F( BLOWFISH_context *bc, u32 x )
     444             : {
     445             :     u16 a, b, c, d;
     446             : 
     447             : #ifdef WORDS_BIGENDIAN
     448             :     a = ((byte*)&x)[0];
     449             :     b = ((byte*)&x)[1];
     450             :     c = ((byte*)&x)[2];
     451             :     d = ((byte*)&x)[3];
     452             : #else
     453             :     a = ((byte*)&x)[3];
     454             :     b = ((byte*)&x)[2];
     455             :     c = ((byte*)&x)[1];
     456             :     d = ((byte*)&x)[0];
     457             : #endif
     458             : 
     459             :     return ((bc->s0[a] + bc->s1[b]) ^ bc->s2[c] ) + bc->s3[d];
     460             : }
     461             : #endif
     462             : 
     463             : #ifdef WORDS_BIGENDIAN
     464             : #define F(x) ((( s0[((byte*)&x)[0]] + s1[((byte*)&x)[1]])        \
     465             :                    ^ s2[((byte*)&x)[2]]) + s3[((byte*)&x)[3]] )
     466             : #else
     467             : #define F(x) ((( s0[((byte*)&x)[3]] + s1[((byte*)&x)[2]])        \
     468             :                    ^ s2[((byte*)&x)[1]]) + s3[((byte*)&x)[0]] )
     469             : #endif
     470             : #define R(l,r,i)  do { l ^= p[i]; r ^= F(l); } while(0)
     471             : 
     472             : 
     473             : static void
     474             : do_encrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
     475             : {
     476             : #if BLOWFISH_ROUNDS == 16
     477             :   u32 xl, xr, *s0, *s1, *s2, *s3, *p;
     478             : 
     479             :   xl = *ret_xl;
     480             :   xr = *ret_xr;
     481             :   p = bc->p;
     482             :   s0 = bc->s0;
     483             :   s1 = bc->s1;
     484             :   s2 = bc->s2;
     485             :   s3 = bc->s3;
     486             : 
     487             :   R( xl, xr,    0);
     488             :   R( xr, xl,    1);
     489             :   R( xl, xr,    2);
     490             :   R( xr, xl,    3);
     491             :   R( xl, xr,    4);
     492             :   R( xr, xl,    5);
     493             :   R( xl, xr,    6);
     494             :   R( xr, xl,    7);
     495             :   R( xl, xr,    8);
     496             :   R( xr, xl,    9);
     497             :   R( xl, xr, 10);
     498             :   R( xr, xl, 11);
     499             :   R( xl, xr, 12);
     500             :   R( xr, xl, 13);
     501             :   R( xl, xr, 14);
     502             :   R( xr, xl, 15);
     503             : 
     504             :   xl ^= p[BLOWFISH_ROUNDS];
     505             :   xr ^= p[BLOWFISH_ROUNDS+1];
     506             : 
     507             :   *ret_xl = xr;
     508             :   *ret_xr = xl;
     509             : 
     510             : #else
     511             :   u32 xl, xr, temp, *p;
     512             :   int i;
     513             : 
     514             :   xl = *ret_xl;
     515             :   xr = *ret_xr;
     516             :   p = bc->p;
     517             : 
     518             :   for(i=0; i < BLOWFISH_ROUNDS; i++ )
     519             :     {
     520             :       xl ^= p[i];
     521             :       xr ^= function_F(bc, xl);
     522             :       temp = xl;
     523             :       xl = xr;
     524             :       xr = temp;
     525             :     }
     526             :   temp = xl;
     527             :   xl = xr;
     528             :   xr = temp;
     529             : 
     530             :   xr ^= p[BLOWFISH_ROUNDS];
     531             :   xl ^= p[BLOWFISH_ROUNDS+1];
     532             : 
     533             :   *ret_xl = xl;
     534             :   *ret_xr = xr;
     535             : #endif
     536             : }
     537             : 
     538             : 
     539             : static void
     540             : decrypt ( BLOWFISH_context *bc, u32 *ret_xl, u32 *ret_xr )
     541             : {
     542             : #if BLOWFISH_ROUNDS == 16
     543             :   u32 xl, xr, *s0, *s1, *s2, *s3, *p;
     544             : 
     545             :   xl = *ret_xl;
     546             :   xr = *ret_xr;
     547             :   p = bc->p;
     548             :   s0 = bc->s0;
     549             :   s1 = bc->s1;
     550             :   s2 = bc->s2;
     551             :   s3 = bc->s3;
     552             : 
     553             :   R( xl, xr, 17);
     554             :   R( xr, xl, 16);
     555             :   R( xl, xr, 15);
     556             :   R( xr, xl, 14);
     557             :   R( xl, xr, 13);
     558             :   R( xr, xl, 12);
     559             :   R( xl, xr, 11);
     560             :   R( xr, xl, 10);
     561             :   R( xl, xr,    9);
     562             :   R( xr, xl,    8);
     563             :   R( xl, xr,    7);
     564             :   R( xr, xl,    6);
     565             :   R( xl, xr,    5);
     566             :   R( xr, xl,    4);
     567             :   R( xl, xr,    3);
     568             :   R( xr, xl,    2);
     569             : 
     570             :   xl ^= p[1];
     571             :   xr ^= p[0];
     572             : 
     573             :   *ret_xl = xr;
     574             :   *ret_xr = xl;
     575             : 
     576             : #else
     577             :   u32 xl, xr, temp, *p;
     578             :   int i;
     579             : 
     580             :   xl = *ret_xl;
     581             :   xr = *ret_xr;
     582             :   p = bc->p;
     583             : 
     584             :   for (i=BLOWFISH_ROUNDS+1; i > 1; i-- )
     585             :     {
     586             :       xl ^= p[i];
     587             :       xr ^= function_F(bc, xl);
     588             :       temp = xl;
     589             :       xl = xr;
     590             :       xr = temp;
     591             :     }
     592             : 
     593             :   temp = xl;
     594             :   xl = xr;
     595             :   xr = temp;
     596             : 
     597             :   xr ^= p[1];
     598             :   xl ^= p[0];
     599             : 
     600             :   *ret_xl = xl;
     601             :   *ret_xr = xr;
     602             : #endif
     603             : }
     604             : 
     605             : #undef F
     606             : #undef R
     607             : 
     608             : static void
     609             : do_encrypt_block ( BLOWFISH_context *bc, byte *outbuf, const byte *inbuf )
     610             : {
     611             :   u32 d1, d2;
     612             : 
     613             :   d1 = buf_get_be32(inbuf);
     614             :   d2 = buf_get_be32(inbuf + 4);
     615             :   do_encrypt( bc, &d1, &d2 );
     616             :   buf_put_be32(outbuf, d1);
     617             :   buf_put_be32(outbuf + 4, d2);
     618             : }
     619             : 
     620             : static unsigned int
     621             : encrypt_block (void *context, byte *outbuf, const byte *inbuf)
     622             : {
     623             :   BLOWFISH_context *bc = (BLOWFISH_context *) context;
     624             :   do_encrypt_block (bc, outbuf, inbuf);
     625             :   return /*burn_stack*/ (64);
     626             : }
     627             : 
     628             : 
     629             : static void
     630             : do_decrypt_block (BLOWFISH_context *bc, byte *outbuf, const byte *inbuf)
     631             : {
     632             :   u32 d1, d2;
     633             : 
     634             :   d1 = buf_get_be32(inbuf);
     635             :   d2 = buf_get_be32(inbuf + 4);
     636             :   decrypt( bc, &d1, &d2 );
     637             :   buf_put_be32(outbuf, d1);
     638             :   buf_put_be32(outbuf + 4, d2);
     639             : }
     640             : 
     641             : static unsigned int
     642             : decrypt_block (void *context, byte *outbuf, const byte *inbuf)
     643             : {
     644             :   BLOWFISH_context *bc = (BLOWFISH_context *) context;
     645             :   do_decrypt_block (bc, outbuf, inbuf);
     646             :   return /*burn_stack*/ (64);
     647             : }
     648             : 
     649             : #endif /*!USE_AMD64_ASM&&!USE_ARM_ASM*/
     650             : 
     651             : 
     652             : /* Bulk encryption of complete blocks in CTR mode.  This function is only
     653             :    intended for the bulk encryption feature of cipher.c.  CTR is expected to be
     654             :    of size BLOWFISH_BLOCKSIZE. */
     655             : void
     656           0 : _gcry_blowfish_ctr_enc(void *context, unsigned char *ctr, void *outbuf_arg,
     657             :                        const void *inbuf_arg, size_t nblocks)
     658             : {
     659           0 :   BLOWFISH_context *ctx = context;
     660           0 :   unsigned char *outbuf = outbuf_arg;
     661           0 :   const unsigned char *inbuf = inbuf_arg;
     662             :   unsigned char tmpbuf[BLOWFISH_BLOCKSIZE];
     663           0 :   int burn_stack_depth = (64) + 2 * BLOWFISH_BLOCKSIZE;
     664             :   int i;
     665             : 
     666             : #ifdef USE_AMD64_ASM
     667             :   {
     668           0 :     if (nblocks >= 4)
     669           0 :       burn_stack_depth += 5 * sizeof(void*);
     670             : 
     671             :     /* Process data in 4 block chunks. */
     672           0 :     while (nblocks >= 4)
     673             :       {
     674           0 :         blowfish_amd64_ctr_enc(ctx, outbuf, inbuf, ctr);
     675             : 
     676           0 :         nblocks -= 4;
     677           0 :         outbuf += 4 * BLOWFISH_BLOCKSIZE;
     678           0 :         inbuf  += 4 * BLOWFISH_BLOCKSIZE;
     679             :       }
     680             : 
     681             :     /* Use generic code to handle smaller chunks... */
     682             :     /* TODO: use caching instead? */
     683             :   }
     684             : #elif defined(USE_ARM_ASM)
     685             :   {
     686             :     /* Process data in 2 block chunks. */
     687             :     while (nblocks >= 2)
     688             :       {
     689             :         _gcry_blowfish_arm_ctr_enc(ctx, outbuf, inbuf, ctr);
     690             : 
     691             :         nblocks -= 2;
     692             :         outbuf += 2 * BLOWFISH_BLOCKSIZE;
     693             :         inbuf  += 2 * BLOWFISH_BLOCKSIZE;
     694             :       }
     695             : 
     696             :     /* Use generic code to handle smaller chunks... */
     697             :     /* TODO: use caching instead? */
     698             :   }
     699             : #endif
     700             : 
     701           0 :   for ( ;nblocks; nblocks-- )
     702             :     {
     703             :       /* Encrypt the counter. */
     704           0 :       do_encrypt_block(ctx, tmpbuf, ctr);
     705             :       /* XOR the input with the encrypted counter and store in output.  */
     706           0 :       buf_xor(outbuf, tmpbuf, inbuf, BLOWFISH_BLOCKSIZE);
     707           0 :       outbuf += BLOWFISH_BLOCKSIZE;
     708           0 :       inbuf  += BLOWFISH_BLOCKSIZE;
     709             :       /* Increment the counter.  */
     710           0 :       for (i = BLOWFISH_BLOCKSIZE; i > 0; i--)
     711             :         {
     712           0 :           ctr[i-1]++;
     713           0 :           if (ctr[i-1])
     714           0 :             break;
     715             :         }
     716             :     }
     717             : 
     718           0 :   wipememory(tmpbuf, sizeof(tmpbuf));
     719           0 :   _gcry_burn_stack(burn_stack_depth);
     720           0 : }
     721             : 
     722             : 
     723             : /* Bulk decryption of complete blocks in CBC mode.  This function is only
     724             :    intended for the bulk encryption feature of cipher.c. */
     725             : void
     726           0 : _gcry_blowfish_cbc_dec(void *context, unsigned char *iv, void *outbuf_arg,
     727             :                        const void *inbuf_arg, size_t nblocks)
     728             : {
     729           0 :   BLOWFISH_context *ctx = context;
     730           0 :   unsigned char *outbuf = outbuf_arg;
     731           0 :   const unsigned char *inbuf = inbuf_arg;
     732             :   unsigned char savebuf[BLOWFISH_BLOCKSIZE];
     733           0 :   int burn_stack_depth = (64) + 2 * BLOWFISH_BLOCKSIZE;
     734             : 
     735             : #ifdef USE_AMD64_ASM
     736             :   {
     737           0 :     if (nblocks >= 4)
     738           0 :       burn_stack_depth += 5 * sizeof(void*);
     739             : 
     740             :     /* Process data in 4 block chunks. */
     741           0 :     while (nblocks >= 4)
     742             :       {
     743           0 :         blowfish_amd64_cbc_dec(ctx, outbuf, inbuf, iv);
     744             : 
     745           0 :         nblocks -= 4;
     746           0 :         outbuf += 4 * BLOWFISH_BLOCKSIZE;
     747           0 :         inbuf  += 4 * BLOWFISH_BLOCKSIZE;
     748             :       }
     749             : 
     750             :     /* Use generic code to handle smaller chunks... */
     751             :   }
     752             : #elif defined(USE_ARM_ASM)
     753             :   {
     754             :     /* Process data in 2 block chunks. */
     755             :     while (nblocks >= 2)
     756             :       {
     757             :         _gcry_blowfish_arm_cbc_dec(ctx, outbuf, inbuf, iv);
     758             : 
     759             :         nblocks -= 2;
     760             :         outbuf += 2 * BLOWFISH_BLOCKSIZE;
     761             :         inbuf  += 2 * BLOWFISH_BLOCKSIZE;
     762             :       }
     763             : 
     764             :     /* Use generic code to handle smaller chunks... */
     765             :   }
     766             : #endif
     767             : 
     768           0 :   for ( ;nblocks; nblocks-- )
     769             :     {
     770             :       /* INBUF is needed later and it may be identical to OUTBUF, so store
     771             :          the intermediate result to SAVEBUF.  */
     772           0 :       do_decrypt_block (ctx, savebuf, inbuf);
     773             : 
     774           0 :       buf_xor_n_copy_2(outbuf, savebuf, iv, inbuf, BLOWFISH_BLOCKSIZE);
     775           0 :       inbuf += BLOWFISH_BLOCKSIZE;
     776           0 :       outbuf += BLOWFISH_BLOCKSIZE;
     777             :     }
     778             : 
     779           0 :   wipememory(savebuf, sizeof(savebuf));
     780           0 :   _gcry_burn_stack(burn_stack_depth);
     781           0 : }
     782             : 
     783             : 
     784             : /* Bulk decryption of complete blocks in CFB mode.  This function is only
     785             :    intended for the bulk encryption feature of cipher.c. */
     786             : void
     787           0 : _gcry_blowfish_cfb_dec(void *context, unsigned char *iv, void *outbuf_arg,
     788             :                        const void *inbuf_arg, size_t nblocks)
     789             : {
     790           0 :   BLOWFISH_context *ctx = context;
     791           0 :   unsigned char *outbuf = outbuf_arg;
     792           0 :   const unsigned char *inbuf = inbuf_arg;
     793           0 :   int burn_stack_depth = (64) + 2 * BLOWFISH_BLOCKSIZE;
     794             : 
     795             : #ifdef USE_AMD64_ASM
     796             :   {
     797           0 :     if (nblocks >= 4)
     798           0 :       burn_stack_depth += 5 * sizeof(void*);
     799             : 
     800             :     /* Process data in 4 block chunks. */
     801           0 :     while (nblocks >= 4)
     802             :       {
     803           0 :         blowfish_amd64_cfb_dec(ctx, outbuf, inbuf, iv);
     804             : 
     805           0 :         nblocks -= 4;
     806           0 :         outbuf += 4 * BLOWFISH_BLOCKSIZE;
     807           0 :         inbuf  += 4 * BLOWFISH_BLOCKSIZE;
     808             :       }
     809             : 
     810             :     /* Use generic code to handle smaller chunks... */
     811             :   }
     812             : #elif defined(USE_ARM_ASM)
     813             :   {
     814             :     /* Process data in 2 block chunks. */
     815             :     while (nblocks >= 2)
     816             :       {
     817             :         _gcry_blowfish_arm_cfb_dec(ctx, outbuf, inbuf, iv);
     818             : 
     819             :         nblocks -= 2;
     820             :         outbuf += 2 * BLOWFISH_BLOCKSIZE;
     821             :         inbuf  += 2 * BLOWFISH_BLOCKSIZE;
     822             :       }
     823             : 
     824             :     /* Use generic code to handle smaller chunks... */
     825             :   }
     826             : #endif
     827             : 
     828           0 :   for ( ;nblocks; nblocks-- )
     829             :     {
     830           0 :       do_encrypt_block(ctx, iv, iv);
     831           0 :       buf_xor_n_copy(outbuf, iv, inbuf, BLOWFISH_BLOCKSIZE);
     832           0 :       outbuf += BLOWFISH_BLOCKSIZE;
     833           0 :       inbuf  += BLOWFISH_BLOCKSIZE;
     834             :     }
     835             : 
     836           0 :   _gcry_burn_stack(burn_stack_depth);
     837           0 : }
     838             : 
     839             : 
     840             : /* Run the self-tests for BLOWFISH-CTR, tests IV increment of bulk CTR
     841             :    encryption.  Returns NULL on success. */
     842             : static const char *
     843           0 : selftest_ctr (void)
     844             : {
     845           0 :   const int nblocks = 4+1;
     846           0 :   const int blocksize = BLOWFISH_BLOCKSIZE;
     847           0 :   const int context_size = sizeof(BLOWFISH_context);
     848             : 
     849           0 :   return _gcry_selftest_helper_ctr("BLOWFISH", &bf_setkey,
     850             :            &encrypt_block, &_gcry_blowfish_ctr_enc, nblocks, blocksize,
     851             :            context_size);
     852             : }
     853             : 
     854             : 
     855             : /* Run the self-tests for BLOWFISH-CBC, tests bulk CBC decryption.
     856             :    Returns NULL on success. */
     857             : static const char *
     858           0 : selftest_cbc (void)
     859             : {
     860           0 :   const int nblocks = 4+2;
     861           0 :   const int blocksize = BLOWFISH_BLOCKSIZE;
     862           0 :   const int context_size = sizeof(BLOWFISH_context);
     863             : 
     864           0 :   return _gcry_selftest_helper_cbc("BLOWFISH", &bf_setkey,
     865             :            &encrypt_block, &_gcry_blowfish_cbc_dec, nblocks, blocksize,
     866             :            context_size);
     867             : }
     868             : 
     869             : 
     870             : /* Run the self-tests for BLOWFISH-CFB, tests bulk CBC decryption.
     871             :    Returns NULL on success. */
     872             : static const char *
     873           0 : selftest_cfb (void)
     874             : {
     875           0 :   const int nblocks = 4+2;
     876           0 :   const int blocksize = BLOWFISH_BLOCKSIZE;
     877           0 :   const int context_size = sizeof(BLOWFISH_context);
     878             : 
     879           0 :   return _gcry_selftest_helper_cfb("BLOWFISH", &bf_setkey,
     880             :            &encrypt_block, &_gcry_blowfish_cfb_dec, nblocks, blocksize,
     881             :            context_size);
     882             : }
     883             : 
     884             : 
     885             : static const char*
     886           0 : selftest(void)
     887             : {
     888             :   BLOWFISH_context c;
     889           0 :   byte plain[] = "BLOWFISH";
     890             :   byte buffer[8];
     891             :   static const byte plain3[] =
     892             :     { 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 };
     893             :   static const byte key3[] =
     894             :     { 0x41, 0x79, 0x6E, 0xA0, 0x52, 0x61, 0x6E, 0xE4 };
     895             :   static const byte cipher3[] =
     896             :     { 0xE1, 0x13, 0xF4, 0x10, 0x2C, 0xFC, 0xCE, 0x43 };
     897             :   const char *r;
     898             : 
     899           0 :   bf_setkey( (void *) &c,
     900             :              (const unsigned char*)"abcdefghijklmnopqrstuvwxyz", 26 );
     901           0 :   encrypt_block( (void *) &c, buffer, plain );
     902           0 :   if( memcmp( buffer, "\x32\x4E\xD0\xFE\xF4\x13\xA2\x03", 8 ) )
     903           0 :     return "Blowfish selftest failed (1).";
     904           0 :   decrypt_block( (void *) &c, buffer, buffer );
     905           0 :   if( memcmp( buffer, plain, 8 ) )
     906           0 :     return "Blowfish selftest failed (2).";
     907             : 
     908           0 :   bf_setkey( (void *) &c, key3, 8 );
     909           0 :   encrypt_block( (void *) &c, buffer, plain3 );
     910           0 :   if( memcmp( buffer, cipher3, 8 ) )
     911           0 :     return "Blowfish selftest failed (3).";
     912           0 :   decrypt_block( (void *) &c, buffer, buffer );
     913           0 :   if( memcmp( buffer, plain3, 8 ) )
     914           0 :     return "Blowfish selftest failed (4).";
     915             : 
     916           0 :   if ( (r = selftest_cbc ()) )
     917           0 :     return r;
     918             : 
     919           0 :   if ( (r = selftest_cfb ()) )
     920           0 :     return r;
     921             : 
     922           0 :   if ( (r = selftest_ctr ()) )
     923           0 :     return r;
     924             : 
     925           0 :   return NULL;
     926             : }
     927             : 
     928             : 
     929             : struct hashset_elem {
     930             :   u32 val;
     931             :   short nidx;
     932             :   char used;
     933             : };
     934             : 
     935             : static inline byte
     936           0 : val_to_hidx(u32 val)
     937             : {
     938             :   /* bf sboxes are quite random already. */
     939           0 :   return (val >> 24) ^ (val >> 16)  ^ (val >> 8) ^ val;
     940             : }
     941             : 
     942             : static inline int
     943           0 : add_val(struct hashset_elem hset[256], u32 val, int *midx,
     944             :         struct hashset_elem *mpool)
     945             : {
     946             :   struct hashset_elem *elem;
     947             :   byte hidx;
     948             : 
     949           0 :   hidx = val_to_hidx(val);
     950           0 :   elem = &hset[hidx];
     951             : 
     952             :   /* Check if first is in use. */
     953           0 :   if (elem->used == 0)
     954             :     {
     955           0 :       elem->val = val;
     956           0 :       elem->nidx = -1;
     957           0 :       elem->used = 1;
     958           0 :       return 0;
     959             :     }
     960             : 
     961             :   /* Check if first matches. */
     962           0 :   if (elem->val == val)
     963           0 :     return 1;
     964             : 
     965           0 :   for (; elem->nidx >= 0; elem = &mpool[elem->nidx])
     966             :     {
     967             :       /* Check if elem matches. */
     968           0 :       if (elem->val == val)
     969           0 :         return 1;
     970             :     }
     971             : 
     972           0 :   elem->nidx = (*midx)++;
     973           0 :   elem = &mpool[elem->nidx];
     974             : 
     975           0 :   elem->val = val;
     976           0 :   elem->nidx = -1;
     977           0 :   elem->used = 1;
     978             : 
     979           0 :   return 0;
     980             : }
     981             : 
     982             : static gcry_err_code_t
     983           0 : do_bf_setkey (BLOWFISH_context *c, const byte *key, unsigned keylen)
     984             : {
     985             :   struct hashset_elem mempool[4 * 255]; /* Enough entries for the worst case. */
     986             :   struct hashset_elem hset[4][256];
     987           0 :   int memidx = 0;
     988           0 :   int weak = 0;
     989             :   int i, j, ret;
     990             :   u32 data, datal, datar;
     991             :   static int initialized;
     992             :   static const char *selftest_failed;
     993             : 
     994           0 :   if( !initialized )
     995             :     {
     996           0 :       initialized = 1;
     997           0 :       selftest_failed = selftest();
     998           0 :       if( selftest_failed )
     999           0 :         log_error ("%s\n", selftest_failed );
    1000             :     }
    1001           0 :   if( selftest_failed )
    1002           0 :     return GPG_ERR_SELFTEST_FAILED;
    1003             : 
    1004           0 :   memset(hset, 0, sizeof(hset));
    1005             : 
    1006           0 :   for(i=0; i < BLOWFISH_ROUNDS+2; i++ )
    1007           0 :     c->p[i] = ps[i];
    1008           0 :   for(i=0; i < 256; i++ )
    1009             :     {
    1010           0 :       c->s0[i] = ks0[i];
    1011           0 :       c->s1[i] = ks1[i];
    1012           0 :       c->s2[i] = ks2[i];
    1013           0 :       c->s3[i] = ks3[i];
    1014             :     }
    1015             : 
    1016           0 :   for(i=j=0; i < BLOWFISH_ROUNDS+2; i++ )
    1017             :     {
    1018           0 :       data = ((u32)key[j] << 24) |
    1019           0 :              ((u32)key[(j+1)%keylen] << 16) |
    1020           0 :              ((u32)key[(j+2)%keylen] << 8) |
    1021           0 :              ((u32)key[(j+3)%keylen]);
    1022           0 :       c->p[i] ^= data;
    1023           0 :       j = (j+4) % keylen;
    1024             :     }
    1025             : 
    1026           0 :   datal = datar = 0;
    1027           0 :   for(i=0; i < BLOWFISH_ROUNDS+2; i += 2 )
    1028             :     {
    1029           0 :       do_encrypt( c, &datal, &datar );
    1030           0 :       c->p[i]   = datal;
    1031           0 :       c->p[i+1] = datar;
    1032             :     }
    1033           0 :   for(i=0; i < 256; i += 2 )
    1034             :     {
    1035           0 :       do_encrypt( c, &datal, &datar );
    1036           0 :       c->s0[i]   = datal;
    1037           0 :       c->s0[i+1] = datar;
    1038             : 
    1039             :       /* Add values to hashset, detect duplicates (weak keys). */
    1040           0 :       ret = add_val (hset[0], datal, &memidx, mempool);
    1041           0 :       weak = ret ? 1 : weak;
    1042           0 :       ret = add_val (hset[0], datar, &memidx, mempool);
    1043           0 :       weak = ret ? 1 : weak;
    1044             :     }
    1045           0 :   for(i=0; i < 256; i += 2 )
    1046             :     {
    1047           0 :       do_encrypt( c, &datal, &datar );
    1048           0 :       c->s1[i]   = datal;
    1049           0 :       c->s1[i+1] = datar;
    1050             : 
    1051             :       /* Add values to hashset, detect duplicates (weak keys). */
    1052           0 :       ret = add_val (hset[1], datal, &memidx, mempool);
    1053           0 :       weak = ret ? 1 : weak;
    1054           0 :       ret = add_val (hset[1], datar, &memidx, mempool);
    1055           0 :       weak = ret ? 1 : weak;
    1056             :     }
    1057           0 :   for(i=0; i < 256; i += 2 )
    1058             :     {
    1059           0 :       do_encrypt( c, &datal, &datar );
    1060           0 :       c->s2[i]   = datal;
    1061           0 :       c->s2[i+1] = datar;
    1062             : 
    1063             :       /* Add values to hashset, detect duplicates (weak keys). */
    1064           0 :       ret = add_val (hset[2], datal, &memidx, mempool);
    1065           0 :       weak = ret ? 1 : weak;
    1066           0 :       ret = add_val (hset[2], datar, &memidx, mempool);
    1067           0 :       weak = ret ? 1 : weak;
    1068             :     }
    1069           0 :   for(i=0; i < 256; i += 2 )
    1070             :     {
    1071           0 :       do_encrypt( c, &datal, &datar );
    1072           0 :       c->s3[i]   = datal;
    1073           0 :       c->s3[i+1] = datar;
    1074             : 
    1075             :       /* Add values to hashset, detect duplicates (weak keys). */
    1076           0 :       ret = add_val (hset[3], datal, &memidx, mempool);
    1077           0 :       weak = ret ? 1 : weak;
    1078           0 :       ret = add_val (hset[3], datar, &memidx, mempool);
    1079           0 :       weak = ret ? 1 : weak;
    1080             :     }
    1081             : 
    1082             :   /* Clear stack. */
    1083           0 :   wipememory(hset, sizeof(hset));
    1084           0 :   wipememory(mempool, sizeof(mempool[0]) * memidx);
    1085             : 
    1086           0 :   _gcry_burn_stack (64);
    1087             : 
    1088             :   /* Check for weak key.  A weak key is a key in which a value in
    1089             :      the P-array (here c) occurs more than once per table.  */
    1090           0 :   if (weak)
    1091           0 :     return GPG_ERR_WEAK_KEY;
    1092             : 
    1093           0 :   return GPG_ERR_NO_ERROR;
    1094             : }
    1095             : 
    1096             : 
    1097             : static gcry_err_code_t
    1098           0 : bf_setkey (void *context, const byte *key, unsigned keylen)
    1099             : {
    1100           0 :   BLOWFISH_context *c = (BLOWFISH_context *) context;
    1101           0 :   gcry_err_code_t rc = do_bf_setkey (c, key, keylen);
    1102           0 :   return rc;
    1103             : }
    1104             : 
    1105             : 
    1106             : gcry_cipher_spec_t _gcry_cipher_spec_blowfish =
    1107             :   {
    1108             :     GCRY_CIPHER_BLOWFISH, {0, 0},
    1109             :     "BLOWFISH", NULL, NULL, BLOWFISH_BLOCKSIZE, 128,
    1110             :     sizeof (BLOWFISH_context),
    1111             :     bf_setkey, encrypt_block, decrypt_block
    1112             :   };

Generated by: LCOV version 1.12