Complete rewrite to support class trees. Makes the behaviour of the set

[become] / src / blowfish.c

/* -*-c-*-
 *
 * $Id: blowfish.c,v 1.3 1997/08/07 09:42:58 mdw Exp $
 *
 * Blowfish encryption routines
 *
 * (c) 1997 Mark Wooding
 */
 
/*----- Licencing notice --------------------------------------------------*
 *
 * This file is part of `become'
 *
 * `Become' is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * `Become' is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with `become'; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */
 
/*----- Revision history --------------------------------------------------*
 *
 * $Log: blowfish.c,v $
 * Revision 1.3  1997/08/07 09:42:58  mdw
 * Fix address of the FSF.
 *
 * Revision 1.2  1997/08/04 10:24:20  mdw
 * Sources placed under CVS control.
 *
 * Revision 1.1  1997/07/21  13:47:53  mdw
 * Initial revision
 *
 */

/*----- Header files ------------------------------------------------------*/

/* --- ANSI headers --- */

#include <stdio.h>

/* --- Local headers --- */

#include "config.h"
#include "blowfish.h"
#include "utils.h"

/*----- Define the initial S-box values -----------------------------------*/

#include "blowfish-sbox.h"

/*----- Useful macros -----------------------------------------------------*/

/* --- The Blowfish round function --- *
 *
 * This is why I like this cipher.  The round function is microscopic.  And
 * very fast.
 */

#define ROUND(L, R, K)                                                  \
  ((L) ^= k->p[K],                                                      \
   (R) ^= ((((k->s0[((L) >> 24) & 0xFF]) +                              \
              k->s1[((L) >> 16) & 0xFF]) ^                              \
              k->s2[((L) >>  8) & 0xFF]) +                              \
              k->s3[((L) >>  0) & 0xFF]))

/*----- Main code ---------------------------------------------------------*/

/* --- @blowfish_encrypt@ --- *
 *
 * Arguments:   @const blowfish_key *k@ = pointer to key block
 *              @const void *from@ = block to encrypt from
 *              @void *to@ = block to encrypt to
 *
 * Returns:     ---
 *
 * Use:         Encrypts a block using the Blowfish algorithm.
 */

void blowfish_encrypt(const blowfish_key *k, const void *from, void *to)
{
  uint_32 l, r;
  const unsigned char *f = from;
  unsigned char *t = to;

  /* --- Extract left and right block halves --- */

  l = load32(f + 0);
  r = load32(f + 4);

  /* --- Now run the round function on these values --- */

  ROUND(l, r,  0);
  ROUND(r, l,  1);
  ROUND(l, r,  2);
  ROUND(r, l,  3);
  ROUND(l, r,  4);
  ROUND(r, l,  5);
  ROUND(l, r,  6);
  ROUND(r, l,  7);
  ROUND(l, r,  8);
  ROUND(r, l,  9);
  ROUND(l, r, 10);
  ROUND(r, l, 11);
  ROUND(l, r, 12);
  ROUND(r, l, 13);
  ROUND(l, r, 14);
  ROUND(r, l, 15);

  /* --- Final transformation --- */

  l ^= k->p[16];
  r ^= k->p[17];

  /* --- Store the encrypted value --- */

  store32(t + 0, r);
  store32(t + 4, l);  
}

/* --- @blowfish_decrypt@ --- *
 *
 * Arguments:   @const blowfish_key *k@ = pointer to key block
 *              @const void *from@ = block to decrypt from
 *              @void *to@ = block to decrypt to
 *
 * Returns:     ---
 *
 * Use:         Decrypts a block using the Blowfish algorithm.
 */

void blowfish_decrypt(const blowfish_key *k, const void *from, void *to)
{
  uint_32 l, r;
  const unsigned char *f = from;
  unsigned char *t = to;

  /* --- Extract left and right block halves --- */

  l = load32(f + 0);
  r = load32(f + 4);

  /* --- Now run the round function on these values --- */

  ROUND(l, r, 17);
  ROUND(r, l, 16);
  ROUND(l, r, 15);
  ROUND(r, l, 14);
  ROUND(l, r, 13);
  ROUND(r, l, 12);
  ROUND(l, r, 11);
  ROUND(r, l, 10);
  ROUND(l, r,  9);
  ROUND(r, l,  8);
  ROUND(l, r,  7);
  ROUND(r, l,  6);
  ROUND(l, r,  5);
  ROUND(r, l,  4);
  ROUND(l, r,  3);
  ROUND(r, l,  2);

  /* --- Final transformation --- */

  l ^= k->p[1];
  r ^= k->p[0];

  /* --- Store the decrypted value --- */

  store32(t + 0, r);
  store32(t + 4, l);  
}

/* --- @blowfish__qcrypt@ --- *
 *
 * Arguments:   @const blowfish_key *k@ = pointer to a key block
 *              @uint_32 *p@ = pointer to block to mangle
 *
 * Returns:     ---
 *
 * Use:         Mangles a block using the Blowfish algorithm.
 */

static void blowfish__qcrypt(blowfish_key *k, uint_32 *p)
{
  uint_32 l = p[0], r = p[1];

  /* --- Run the round function --- */

  ROUND(l, r,  0);
  ROUND(r, l,  1);
  ROUND(l, r,  2);
  ROUND(r, l,  3);
  ROUND(l, r,  4);
  ROUND(r, l,  5);
  ROUND(l, r,  6);
  ROUND(r, l,  7);
  ROUND(l, r,  8);
  ROUND(r, l,  9);
  ROUND(l, r, 10);
  ROUND(r, l, 11);
  ROUND(l, r, 12);
  ROUND(r, l, 13);
  ROUND(l, r, 14);
  ROUND(r, l, 15);

  /* --- Output transformation --- */

  l ^= k->p[16];
  r ^= k->p[17];

  /* --- Store the new values --- */

  p[0] = r;
  p[1] = l;
}

/* --- @blowfish__buildKey@ --- *
 *
 * Arguments:   @blowfish_key *k@ = pointer to a key block to set up
 *
 * Returns:     ---
 *
 * Use:         Sets up the P-array and S-boxes once a key has been mixed
 *              into the P-array.  Use a local copy of the Blowfish
 *              encryption routine, to avoid penalising the main code too
 *              much with having to veneer onto a general args-in-words
 *              function, and to avoid me messing about with transforming
 *              values backwards and forwards between char arrays and
 *              integers.
 */

static void blowfish__buildKey(blowfish_key *k)
{
  uint_32 b[2] = { 0, 0 };
  int i;

  /* --- First, run through the P-array --- */

  for (i = 0; i < 18; i += 2) {
    blowfish__qcrypt(k, b);
    k->p[i] = b[0];
    k->p[i + 1] = b[1];
  }

  /* --- Now do the S-boxes --- */

  for (i = 0; i < 256; i += 2) {
    blowfish__qcrypt(k, b);
    k->s0[i] = b[0];
    k->s0[i + 1] = b[1];
  }

  for (i = 0; i < 256; i += 2) {
    blowfish__qcrypt(k, b);
    k->s1[i] = b[0];
    k->s1[i + 1] = b[1];
  }

  for (i = 0; i < 256; i += 2) {
    blowfish__qcrypt(k, b);
    k->s2[i] = b[0];
    k->s2[i + 1] = b[1];
  }

  for (i = 0; i < 256; i += 2) {
    blowfish__qcrypt(k, b);
    k->s3[i] = b[0];
    k->s3[i + 1] = b[1];
  }
}

/* --- @blowfish_setKey@ --- *
 *
 * Arguments:   @blowfish_key *kb@ = pointer to key block to fill
 *              @void *k@ = pointer to key data
 *              @size_t sz@ = length of data in bytes
 *
 * Returns:     ---
 *
 * Use:         Expands a key which isn't represented as a number of whole
 *              words.  This is a nonstandard extension, although it can be
 *              used to support 40-bit keys, which some governments might
 *              find more palatable than 160-bit (or 448-bit!) keys.
 */

void blowfish_setKey(blowfish_key *kb, const void *k, size_t sz)
{
  int i, j, l;
  const unsigned char *p = k;
  uint_32 a;

  memcpy(kb, &blowfish__init, sizeof(blowfish__init));

  j = 0;
  for (i = 0; i < 18; i++) {
    a = 0;
    for (l = 0; l < 4; l++) {
      a = (a << 8) | p[j];
      j++;
      if (j >= sz)
        j = 0;
    }
    kb->p[i] ^= a;
  }

  blowfish__buildKey(kb);
}

/*----- Test rig ----------------------------------------------------------*/

#ifdef TEST_RIG

int main(void)
{
  /* --- Stage one: ECB tests --- */

  {
    static struct {
      uint_32 k[2];
      uint_32 p[2];
      uint_32 c[2];
    } table[] = {
      { { 0x00000000u, 0x00000000u },
        { 0x00000000u, 0x00000000u },
        { 0x4EF99745u, 0x6198DD78u } },

      { { 0xFFFFFFFFu, 0xFFFFFFFFu },
        { 0xFFFFFFFFu, 0xFFFFFFFFu },
        { 0x51866FD5u, 0xB85ECB8Au } },

      { { 0x30000000u, 0x00000000u },
        { 0x10000000u, 0x00000001u },
        { 0x7D856F9Au, 0x613063F2u } },

      { { 0x11111111u, 0x11111111u },
        { 0x11111111u, 0x11111111u },
        { 0x2466DD87u, 0x8B963C9Du } },

      { { 0x01234567u, 0x89ABCDEFu },
        { 0x11111111u, 0x11111111u },
        { 0x61F9C380u, 0x2281B096u } },

      { { 0x11111111u, 0x11111111u },
        { 0x01234567u, 0x89ABCDEFu },
        { 0x7D0CC630u, 0xAFDA1EC7u } },

      { { 0x00000000u, 0x00000000u },
        { 0x00000000u, 0x00000000u },
        { 0x4EF99745u, 0x6198DD78u } },

      { { 0xFEDCBA98u, 0x76543210u },
        { 0x01234567u, 0x89ABCDEFu },
        { 0x0ACEAB0Fu, 0xC6A0A28Du } },

      { { 0x7CA11045u, 0x4A1A6E57u },
        { 0x01A1D6D0u, 0x39776742u },
        { 0x59C68245u, 0xEB05282Bu } },

      { { 0x0131D961u, 0x9DC1376Eu },
        { 0x5CD54CA8u, 0x3DEF57DAu },
        { 0xB1B8CC0Bu, 0x250F09A0u } },

      { { 0x07A1133Eu, 0x4A0B2686u },
        { 0x0248D438u, 0x06F67172u },
        { 0x1730E577u, 0x8BEA1DA4u } },

      { { 0x3849674Cu, 0x2602319Eu },
        { 0x51454B58u, 0x2DDF440Au },
        { 0xA25E7856u, 0xCF2651EBu } },

      { { 0x04B915BAu, 0x43FEB5B6u },
        { 0x42FD4430u, 0x59577FA2u },
        { 0x353882B1u, 0x09CE8F1Au } },

      { { 0x0113B970u, 0xFD34F2CEu },
        { 0x059B5E08u, 0x51CF143Au },
        { 0x48F4D088u, 0x4C379918u } },

      { { 0x0170F175u, 0x468FB5E6u },
        { 0x0756D8E0u, 0x774761D2u },
        { 0x432193B7u, 0x8951FC98u } },

      { { 0x43297FADu, 0x38E373FEu },
        { 0x762514B8u, 0x29BF486Au },
        { 0x13F04154u, 0xD69D1AE5u } },

      { { 0x07A71370u, 0x45DA2A16u },
        { 0x3BDD1190u, 0x49372802u },
        { 0x2EEDDA93u, 0xFFD39C79u } },

      { { 0x04689104u, 0xC2FD3B2Fu },
        { 0x26955F68u, 0x35AF609Au },
        { 0xD887E039u, 0x3C2DA6E3u } },

      { { 0x37D06BB5u, 0x16CB7546u },
        { 0x164D5E40u, 0x4F275232u },
        { 0x5F99D04Fu, 0x5B163969u } },

      { { 0x1F08260Du, 0x1AC2465Eu },
        { 0x6B056E18u, 0x759F5CCAu },
        { 0x4A057A3Bu, 0x24D3977Bu } },

      { { 0x58402364u, 0x1ABA6176u },
        { 0x004BD6EFu, 0x09176062u },
        { 0x452031C1u, 0xE4FADA8Eu } },

      { { 0x02581616u, 0x4629B007u },
        { 0x480D3900u, 0x6EE762F2u },
        { 0x7555AE39u, 0xF59B87BDu } },

      { { 0x49793EBCu, 0x79B3258Fu },
        { 0x437540C8u, 0x698F3CFAu },
        { 0x53C55F9Cu, 0xB49FC019u } },

      { { 0x4FB05E15u, 0x15AB73A7u },
        { 0x072D43A0u, 0x77075292u },
        { 0x7A8E7BFAu, 0x937E89A3u } },

      { { 0x49E95D6Du, 0x4CA229BFu },
        { 0x02FE5577u, 0x8117F12Au },
        { 0xCF9C5D7Au, 0x4986ADB5u } },

      { { 0x018310DCu, 0x409B26D6u },
        { 0x1D9D5C50u, 0x18F728C2u },
        { 0xD1ABB290u, 0x658BC778u } },

      { { 0x1C587F1Cu, 0x13924FEFu },
        { 0x30553228u, 0x6D6F295Au },
        { 0x55CB3774u, 0xD13EF201u } },

      { { 0x01010101u, 0x01010101u },
        { 0x01234567u, 0x89ABCDEFu },
        { 0xFA34EC48u, 0x47B268B2u } },

      { { 0x1F1F1F1Fu, 0x0E0E0E0Eu },
        { 0x01234567u, 0x89ABCDEFu },
        { 0xA7907951u, 0x08EA3CAEu } },

      { { 0xE0FEE0FEu, 0xF1FEF1FEu },
        { 0x01234567u, 0x89ABCDEFu },
        { 0xC39E072Du, 0x9FAC631Du } },

      { { 0x00000000u, 0x00000000u },
        { 0xFFFFFFFFu, 0xFFFFFFFFu },
        { 0x014933E0u, 0xCDAFF6E4u } },

      { { 0xFFFFFFFFu, 0xFFFFFFFFu },
        { 0x00000000u, 0x00000000u },
        { 0xF21E9A77u, 0xB71C49BCu } },

      { { 0x01234567u, 0x89ABCDEFu },
        { 0x00000000u, 0x00000000u },
        { 0x24594688u, 0x5754369Au } },

      { { 0xFEDCBA98u, 0x76543210u },
        { 0xFFFFFFFFu, 0xFFFFFFFFu },
        { 0x6B5C5A9Cu, 0x5D9E0A5Au } }
    };

    int f = 1;
    int i;

    printf("*** stage one: ");
    fflush(stdout);

    for (i = 0; i < sizeof(table) / sizeof(table[0]); i++) {
      char kb[8], p[8], c[8];
      blowfish_key k;

      store32(kb + 0, table[i].k[0]);
      store32(kb + 4, table[i].k[1]);
      blowfish_setKey(&k, kb, 8);

      store32(p + 0, table[i].p[0]);
      store32(p + 4, table[i].p[1]);
      blowfish_encrypt(&k, p, c);

      if (load32(c + 0) != table[i].c[0] ||
          load32(c + 4) != table[i].c[1]) {
        printf("\n"
               "!!! bad encryption\n"
               "                    key = %08lx-%08lx\n"
               "              plaintext = %08lx-%08lx\n"
               "    expected ciphertext = %08lx-%08lx\n"
               "  calculated ciphertext = %08lx-%08lx\n",
               (unsigned long)table[i].k[0],
               (unsigned long)table[i].k[1],
               (unsigned long)table[i].p[0],
               (unsigned long)table[i].p[1],
               (unsigned long)table[i].c[0],
               (unsigned long)table[i].c[1],
               (unsigned long)load32(c + 0),
               (unsigned long)load32(c + 4));
        f = 0;
      }

      blowfish_decrypt(&k, c, p);
      if (load32(p + 0) != table[i].p[0] ||
          load32(p + 4) != table[i].p[1]) {
        printf("\n"
               "!!! bad decryption\n"
               "                    key = %08lx-%08lx\n"
               "             ciphertext = %08lx-%08lx\n"
               "     expected plaintext = %08lx-%08lx\n"
               "   calculated plaintext = %08lx-%08lx\n",
               (unsigned long)table[i].k[0],
               (unsigned long)table[i].k[1],
               (unsigned long)table[i].c[0],
               (unsigned long)table[i].c[1],
               (unsigned long)table[i].p[0],
               (unsigned long)table[i].p[1],
               (unsigned long)load32(p + 0),
               (unsigned long)load32(p + 4));
        f = 0;
      }

      putchar('.');
      fflush(stdout);
    }
    putchar('\n');
    if (f)
      printf("*** stage one ok\n");
  }

  /* --- Stage 2: key scheduling --- */

  {
    static struct {
      uint_32 c[2];
    } table[] = {
      {{ 0xF9AD597Cu, 0x49DB005Eu }},
      {{ 0xE91D21C1u, 0xD961A6D6u }},
      {{ 0xE9C2B70Au, 0x1BC65CF3u }},
      {{ 0xBE1E6394u, 0x08640F05u }},
      {{ 0xB39E4448u, 0x1BDB1E6Eu }},
      {{ 0x9457AA83u, 0xB1928C0Du }},
      {{ 0x8BB77032u, 0xF960629Du }},
      {{ 0xE87A244Eu, 0x2CC85E82u }},
      {{ 0x15750E7Au, 0x4F4EC577u }},
      {{ 0x122BA70Bu, 0x3AB64AE0u }},
      {{ 0x3A833C9Au, 0xFFC537F6u }},
      {{ 0x9409DA87u, 0xA90F6BF2u }},
      {{ 0x884F8062u, 0x5060B8B4u }},
      {{ 0x1F85031Cu, 0x19E11968u }},
      {{ 0x79D9373Au, 0x714CA34Fu }},
      {{ 0x93142887u, 0xEE3BE15Cu }},
      {{ 0x03429E83u, 0x8CE2D14Bu }},
      {{ 0xA4299E27u, 0x469FF67Bu }},
      {{ 0xAFD5AED1u, 0xC1BC96A8u }},
      {{ 0x10851C0Eu, 0x3858DA9Fu }},
      {{ 0xE6F51ED7u, 0x9B9DB21Fu }},
      {{ 0x64A6E14Au, 0xFD36B46Fu }},
      {{ 0x80C7D7D4u, 0x5A5479ADu }},
      {{ 0x05044B62u, 0xFA52D080u }},
    };

    unsigned char kk[] = {
      0xF0, 0xE1, 0xD2, 0xC3, 0xB4, 0xA5, 0x96, 0x87,
      0x78, 0x69, 0x5A, 0x4B, 0x3C, 0x2D, 0x1E, 0x0F,
      0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
    };

    int i;
    int f = 1;

    printf("*** stage two: ");
    fflush(stdout);

    for (i = 0; i < sizeof(kk); i++) {
      blowfish_key k;
      unsigned char p[8] = { 0xFE, 0xDC, 0xBA, 0x98,
                             0x76, 0x54, 0x32, 0x10 };

      blowfish_setKey(&k, kk, i + 1);
      blowfish_encrypt(&k, p, p);

      if (load32(p + 0) != table[i].c[0] ||
          load32(p + 4) != table[i].c[1]) {
        printf("!!! bad encryption\n"
               "  key length = %i\n"
               "    expected = %08lx-%08lx\n"
               "  calculated = %08lx-%08lx\n",
               i + 1,
               (unsigned long)table[i].c[0],
               (unsigned long)table[i].c[1],
               (unsigned long)load32(p + 0),
               (unsigned long)load32(p + 4));
        f = 0;
      }

      putchar('.');
      fflush(stdout);
    }

    putchar('\n');

    if (f)
      printf("*** stage two ok\n");
  }

  return (0);

}      

#endif

/*----- That's all, folks -------------------------------------------------*/