1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 /*
27 * Blowfish encryption/decryption and keyschedule code.
28 */
29
30 #include <sys/types.h>
31 #include <sys/systm.h>
32 #include <sys/ddi.h>
33 #include <sys/sysmacros.h>
34 #include <sys/strsun.h>
35 #include <sys/note.h>
36 #include <sys/byteorder.h>
37 #include <sys/crypto/spi.h>
38 #include <modes/modes.h>
39 #include <sys/crypto/common.h>
40 #include "blowfish_impl.h"
41
42 #ifdef _KERNEL
43
44 #define BLOWFISH_ASSERT(x) ASSERT(x)
45
46 #else /* !_KERNEL */
47
48 #include <strings.h>
49 #include <stdlib.h>
50 #define BLOWFISH_ASSERT(x)
51 #endif /* _KERNEL */
52
53 #if defined(__i386) || defined(__amd64)
54 #include <sys/byteorder.h>
55 #define UNALIGNED_POINTERS_PERMITTED
56 #endif
57
58 /*
59 * Blowfish initial P box and S boxes, derived from the hex digits of PI.
60 *
61 * NOTE: S boxes are placed into one large array.
62 */
63 static const uint32_t init_P[] = {
64 0x243f6a88U, 0x85a308d3U, 0x13198a2eU,
65 0x03707344U, 0xa4093822U, 0x299f31d0U,
66 0x082efa98U, 0xec4e6c89U, 0x452821e6U,
67 0x38d01377U, 0xbe5466cfU, 0x34e90c6cU,
68 0xc0ac29b7U, 0xc97c50ddU, 0x3f84d5b5U,
69 0xb5470917U, 0x9216d5d9U, 0x8979fb1bU
70 };
71
72 static const uint32_t init_S[] = {
73 /* S-Box 0. */
74 0xd1310ba6U, 0x98dfb5acU, 0x2ffd72dbU, 0xd01adfb7U,
75 0xb8e1afedU, 0x6a267e96U, 0xba7c9045U, 0xf12c7f99U,
76 0x24a19947U, 0xb3916cf7U, 0x0801f2e2U, 0x858efc16U,
77 0x636920d8U, 0x71574e69U, 0xa458fea3U, 0xf4933d7eU,
78 0x0d95748fU, 0x728eb658U, 0x718bcd58U, 0x82154aeeU,
79 0x7b54a41dU, 0xc25a59b5U, 0x9c30d539U, 0x2af26013U,
80 0xc5d1b023U, 0x286085f0U, 0xca417918U, 0xb8db38efU,
81 0x8e79dcb0U, 0x603a180eU, 0x6c9e0e8bU, 0xb01e8a3eU,
82 0xd71577c1U, 0xbd314b27U, 0x78af2fdaU, 0x55605c60U,
83 0xe65525f3U, 0xaa55ab94U, 0x57489862U, 0x63e81440U,
84 0x55ca396aU, 0x2aab10b6U, 0xb4cc5c34U, 0x1141e8ceU,
85 0xa15486afU, 0x7c72e993U, 0xb3ee1411U, 0x636fbc2aU,
86 0x2ba9c55dU, 0x741831f6U, 0xce5c3e16U, 0x9b87931eU,
87 0xafd6ba33U, 0x6c24cf5cU, 0x7a325381U, 0x28958677U,
88 0x3b8f4898U, 0x6b4bb9afU, 0xc4bfe81bU, 0x66282193U,
89 0x61d809ccU, 0xfb21a991U, 0x487cac60U, 0x5dec8032U,
90 0xef845d5dU, 0xe98575b1U, 0xdc262302U, 0xeb651b88U,
91 0x23893e81U, 0xd396acc5U, 0x0f6d6ff3U, 0x83f44239U,
92 0x2e0b4482U, 0xa4842004U, 0x69c8f04aU, 0x9e1f9b5eU,
93 0x21c66842U, 0xf6e96c9aU, 0x670c9c61U, 0xabd388f0U,
94 0x6a51a0d2U, 0xd8542f68U, 0x960fa728U, 0xab5133a3U,
95 0x6eef0b6cU, 0x137a3be4U, 0xba3bf050U, 0x7efb2a98U,
96 0xa1f1651dU, 0x39af0176U, 0x66ca593eU, 0x82430e88U,
97 0x8cee8619U, 0x456f9fb4U, 0x7d84a5c3U, 0x3b8b5ebeU,
98 0xe06f75d8U, 0x85c12073U, 0x401a449fU, 0x56c16aa6U,
99 0x4ed3aa62U, 0x363f7706U, 0x1bfedf72U, 0x429b023dU,
100 0x37d0d724U, 0xd00a1248U, 0xdb0fead3U, 0x49f1c09bU,
101 0x075372c9U, 0x80991b7bU, 0x25d479d8U, 0xf6e8def7U,
102 0xe3fe501aU, 0xb6794c3bU, 0x976ce0bdU, 0x04c006baU,
103 0xc1a94fb6U, 0x409f60c4U, 0x5e5c9ec2U, 0x196a2463U,
104 0x68fb6fafU, 0x3e6c53b5U, 0x1339b2ebU, 0x3b52ec6fU,
105 0x6dfc511fU, 0x9b30952cU, 0xcc814544U, 0xaf5ebd09U,
106 0xbee3d004U, 0xde334afdU, 0x660f2807U, 0x192e4bb3U,
107 0xc0cba857U, 0x45c8740fU, 0xd20b5f39U, 0xb9d3fbdbU,
108 0x5579c0bdU, 0x1a60320aU, 0xd6a100c6U, 0x402c7279U,
109 0x679f25feU, 0xfb1fa3ccU, 0x8ea5e9f8U, 0xdb3222f8U,
110 0x3c7516dfU, 0xfd616b15U, 0x2f501ec8U, 0xad0552abU,
111 0x323db5faU, 0xfd238760U, 0x53317b48U, 0x3e00df82U,
112 0x9e5c57bbU, 0xca6f8ca0U, 0x1a87562eU, 0xdf1769dbU,
113 0xd542a8f6U, 0x287effc3U, 0xac6732c6U, 0x8c4f5573U,
114 0x695b27b0U, 0xbbca58c8U, 0xe1ffa35dU, 0xb8f011a0U,
115 0x10fa3d98U, 0xfd2183b8U, 0x4afcb56cU, 0x2dd1d35bU,
116 0x9a53e479U, 0xb6f84565U, 0xd28e49bcU, 0x4bfb9790U,
117 0xe1ddf2daU, 0xa4cb7e33U, 0x62fb1341U, 0xcee4c6e8U,
118 0xef20cadaU, 0x36774c01U, 0xd07e9efeU, 0x2bf11fb4U,
119 0x95dbda4dU, 0xae909198U, 0xeaad8e71U, 0x6b93d5a0U,
120 0xd08ed1d0U, 0xafc725e0U, 0x8e3c5b2fU, 0x8e7594b7U,
121 0x8ff6e2fbU, 0xf2122b64U, 0x8888b812U, 0x900df01cU,
122 0x4fad5ea0U, 0x688fc31cU, 0xd1cff191U, 0xb3a8c1adU,
123 0x2f2f2218U, 0xbe0e1777U, 0xea752dfeU, 0x8b021fa1U,
124 0xe5a0cc0fU, 0xb56f74e8U, 0x18acf3d6U, 0xce89e299U,
125 0xb4a84fe0U, 0xfd13e0b7U, 0x7cc43b81U, 0xd2ada8d9U,
126 0x165fa266U, 0x80957705U, 0x93cc7314U, 0x211a1477U,
127 0xe6ad2065U, 0x77b5fa86U, 0xc75442f5U, 0xfb9d35cfU,
128 0xebcdaf0cU, 0x7b3e89a0U, 0xd6411bd3U, 0xae1e7e49U,
129 0x00250e2dU, 0x2071b35eU, 0x226800bbU, 0x57b8e0afU,
130 0x2464369bU, 0xf009b91eU, 0x5563911dU, 0x59dfa6aaU,
131 0x78c14389U, 0xd95a537fU, 0x207d5ba2U, 0x02e5b9c5U,
132 0x83260376U, 0x6295cfa9U, 0x11c81968U, 0x4e734a41U,
133 0xb3472dcaU, 0x7b14a94aU, 0x1b510052U, 0x9a532915U,
134 0xd60f573fU, 0xbc9bc6e4U, 0x2b60a476U, 0x81e67400U,
135 0x08ba6fb5U, 0x571be91fU, 0xf296ec6bU, 0x2a0dd915U,
136 0xb6636521U, 0xe7b9f9b6U, 0xff34052eU, 0xc5855664U,
137 0x53b02d5dU, 0xa99f8fa1U, 0x08ba4799U, 0x6e85076aU,
138
139 /* S-Box 1. */
140 0x4b7a70e9U, 0xb5b32944U, 0xdb75092eU, 0xc4192623U,
141 0xad6ea6b0U, 0x49a7df7dU, 0x9cee60b8U, 0x8fedb266U,
142 0xecaa8c71U, 0x699a17ffU, 0x5664526cU, 0xc2b19ee1U,
143 0x193602a5U, 0x75094c29U, 0xa0591340U, 0xe4183a3eU,
144 0x3f54989aU, 0x5b429d65U, 0x6b8fe4d6U, 0x99f73fd6U,
145 0xa1d29c07U, 0xefe830f5U, 0x4d2d38e6U, 0xf0255dc1U,
146 0x4cdd2086U, 0x8470eb26U, 0x6382e9c6U, 0x021ecc5eU,
147 0x09686b3fU, 0x3ebaefc9U, 0x3c971814U, 0x6b6a70a1U,
148 0x687f3584U, 0x52a0e286U, 0xb79c5305U, 0xaa500737U,
149 0x3e07841cU, 0x7fdeae5cU, 0x8e7d44ecU, 0x5716f2b8U,
150 0xb03ada37U, 0xf0500c0dU, 0xf01c1f04U, 0x0200b3ffU,
151 0xae0cf51aU, 0x3cb574b2U, 0x25837a58U, 0xdc0921bdU,
152 0xd19113f9U, 0x7ca92ff6U, 0x94324773U, 0x22f54701U,
153 0x3ae5e581U, 0x37c2dadcU, 0xc8b57634U, 0x9af3dda7U,
154 0xa9446146U, 0x0fd0030eU, 0xecc8c73eU, 0xa4751e41U,
155 0xe238cd99U, 0x3bea0e2fU, 0x3280bba1U, 0x183eb331U,
156 0x4e548b38U, 0x4f6db908U, 0x6f420d03U, 0xf60a04bfU,
157 0x2cb81290U, 0x24977c79U, 0x5679b072U, 0xbcaf89afU,
158 0xde9a771fU, 0xd9930810U, 0xb38bae12U, 0xdccf3f2eU,
159 0x5512721fU, 0x2e6b7124U, 0x501adde6U, 0x9f84cd87U,
160 0x7a584718U, 0x7408da17U, 0xbc9f9abcU, 0xe94b7d8cU,
161 0xec7aec3aU, 0xdb851dfaU, 0x63094366U, 0xc464c3d2U,
162 0xef1c1847U, 0x3215d908U, 0xdd433b37U, 0x24c2ba16U,
163 0x12a14d43U, 0x2a65c451U, 0x50940002U, 0x133ae4ddU,
164 0x71dff89eU, 0x10314e55U, 0x81ac77d6U, 0x5f11199bU,
165 0x043556f1U, 0xd7a3c76bU, 0x3c11183bU, 0x5924a509U,
166 0xf28fe6edU, 0x97f1fbfaU, 0x9ebabf2cU, 0x1e153c6eU,
167 0x86e34570U, 0xeae96fb1U, 0x860e5e0aU, 0x5a3e2ab3U,
168 0x771fe71cU, 0x4e3d06faU, 0x2965dcb9U, 0x99e71d0fU,
169 0x803e89d6U, 0x5266c825U, 0x2e4cc978U, 0x9c10b36aU,
170 0xc6150ebaU, 0x94e2ea78U, 0xa5fc3c53U, 0x1e0a2df4U,
171 0xf2f74ea7U, 0x361d2b3dU, 0x1939260fU, 0x19c27960U,
172 0x5223a708U, 0xf71312b6U, 0xebadfe6eU, 0xeac31f66U,
173 0xe3bc4595U, 0xa67bc883U, 0xb17f37d1U, 0x018cff28U,
174 0xc332ddefU, 0xbe6c5aa5U, 0x65582185U, 0x68ab9802U,
175 0xeecea50fU, 0xdb2f953bU, 0x2aef7dadU, 0x5b6e2f84U,
176 0x1521b628U, 0x29076170U, 0xecdd4775U, 0x619f1510U,
177 0x13cca830U, 0xeb61bd96U, 0x0334fe1eU, 0xaa0363cfU,
178 0xb5735c90U, 0x4c70a239U, 0xd59e9e0bU, 0xcbaade14U,
179 0xeecc86bcU, 0x60622ca7U, 0x9cab5cabU, 0xb2f3846eU,
180 0x648b1eafU, 0x19bdf0caU, 0xa02369b9U, 0x655abb50U,
181 0x40685a32U, 0x3c2ab4b3U, 0x319ee9d5U, 0xc021b8f7U,
182 0x9b540b19U, 0x875fa099U, 0x95f7997eU, 0x623d7da8U,
183 0xf837889aU, 0x97e32d77U, 0x11ed935fU, 0x16681281U,
184 0x0e358829U, 0xc7e61fd6U, 0x96dedfa1U, 0x7858ba99U,
185 0x57f584a5U, 0x1b227263U, 0x9b83c3ffU, 0x1ac24696U,
186 0xcdb30aebU, 0x532e3054U, 0x8fd948e4U, 0x6dbc3128U,
187 0x58ebf2efU, 0x34c6ffeaU, 0xfe28ed61U, 0xee7c3c73U,
188 0x5d4a14d9U, 0xe864b7e3U, 0x42105d14U, 0x203e13e0U,
189 0x45eee2b6U, 0xa3aaabeaU, 0xdb6c4f15U, 0xfacb4fd0U,
190 0xc742f442U, 0xef6abbb5U, 0x654f3b1dU, 0x41cd2105U,
191 0xd81e799eU, 0x86854dc7U, 0xe44b476aU, 0x3d816250U,
192 0xcf62a1f2U, 0x5b8d2646U, 0xfc8883a0U, 0xc1c7b6a3U,
193 0x7f1524c3U, 0x69cb7492U, 0x47848a0bU, 0x5692b285U,
194 0x095bbf00U, 0xad19489dU, 0x1462b174U, 0x23820e00U,
195 0x58428d2aU, 0x0c55f5eaU, 0x1dadf43eU, 0x233f7061U,
196 0x3372f092U, 0x8d937e41U, 0xd65fecf1U, 0x6c223bdbU,
197 0x7cde3759U, 0xcbee7460U, 0x4085f2a7U, 0xce77326eU,
198 0xa6078084U, 0x19f8509eU, 0xe8efd855U, 0x61d99735U,
199 0xa969a7aaU, 0xc50c06c2U, 0x5a04abfcU, 0x800bcadcU,
200 0x9e447a2eU, 0xc3453484U, 0xfdd56705U, 0x0e1e9ec9U,
201 0xdb73dbd3U, 0x105588cdU, 0x675fda79U, 0xe3674340U,
202 0xc5c43465U, 0x713e38d8U, 0x3d28f89eU, 0xf16dff20U,
203 0x153e21e7U, 0x8fb03d4aU, 0xe6e39f2bU, 0xdb83adf7U,
204
205 /* S-Box 2. */
206 0xe93d5a68U, 0x948140f7U, 0xf64c261cU, 0x94692934U,
207 0x411520f7U, 0x7602d4f7U, 0xbcf46b2eU, 0xd4a20068U,
208 0xd4082471U, 0x3320f46aU, 0x43b7d4b7U, 0x500061afU,
209 0x1e39f62eU, 0x97244546U, 0x14214f74U, 0xbf8b8840U,
210 0x4d95fc1dU, 0x96b591afU, 0x70f4ddd3U, 0x66a02f45U,
211 0xbfbc09ecU, 0x03bd9785U, 0x7fac6dd0U, 0x31cb8504U,
212 0x96eb27b3U, 0x55fd3941U, 0xda2547e6U, 0xabca0a9aU,
213 0x28507825U, 0x530429f4U, 0x0a2c86daU, 0xe9b66dfbU,
214 0x68dc1462U, 0xd7486900U, 0x680ec0a4U, 0x27a18deeU,
215 0x4f3ffea2U, 0xe887ad8cU, 0xb58ce006U, 0x7af4d6b6U,
216 0xaace1e7cU, 0xd3375fecU, 0xce78a399U, 0x406b2a42U,
217 0x20fe9e35U, 0xd9f385b9U, 0xee39d7abU, 0x3b124e8bU,
218 0x1dc9faf7U, 0x4b6d1856U, 0x26a36631U, 0xeae397b2U,
219 0x3a6efa74U, 0xdd5b4332U, 0x6841e7f7U, 0xca7820fbU,
220 0xfb0af54eU, 0xd8feb397U, 0x454056acU, 0xba489527U,
221 0x55533a3aU, 0x20838d87U, 0xfe6ba9b7U, 0xd096954bU,
222 0x55a867bcU, 0xa1159a58U, 0xcca92963U, 0x99e1db33U,
223 0xa62a4a56U, 0x3f3125f9U, 0x5ef47e1cU, 0x9029317cU,
224 0xfdf8e802U, 0x04272f70U, 0x80bb155cU, 0x05282ce3U,
225 0x95c11548U, 0xe4c66d22U, 0x48c1133fU, 0xc70f86dcU,
226 0x07f9c9eeU, 0x41041f0fU, 0x404779a4U, 0x5d886e17U,
227 0x325f51ebU, 0xd59bc0d1U, 0xf2bcc18fU, 0x41113564U,
228 0x257b7834U, 0x602a9c60U, 0xdff8e8a3U, 0x1f636c1bU,
229 0x0e12b4c2U, 0x02e1329eU, 0xaf664fd1U, 0xcad18115U,
230 0x6b2395e0U, 0x333e92e1U, 0x3b240b62U, 0xeebeb922U,
231 0x85b2a20eU, 0xe6ba0d99U, 0xde720c8cU, 0x2da2f728U,
232 0xd0127845U, 0x95b794fdU, 0x647d0862U, 0xe7ccf5f0U,
233 0x5449a36fU, 0x877d48faU, 0xc39dfd27U, 0xf33e8d1eU,
234 0x0a476341U, 0x992eff74U, 0x3a6f6eabU, 0xf4f8fd37U,
235 0xa812dc60U, 0xa1ebddf8U, 0x991be14cU, 0xdb6e6b0dU,
236 0xc67b5510U, 0x6d672c37U, 0x2765d43bU, 0xdcd0e804U,
237 0xf1290dc7U, 0xcc00ffa3U, 0xb5390f92U, 0x690fed0bU,
238 0x667b9ffbU, 0xcedb7d9cU, 0xa091cf0bU, 0xd9155ea3U,
239 0xbb132f88U, 0x515bad24U, 0x7b9479bfU, 0x763bd6ebU,
240 0x37392eb3U, 0xcc115979U, 0x8026e297U, 0xf42e312dU,
241 0x6842ada7U, 0xc66a2b3bU, 0x12754cccU, 0x782ef11cU,
242 0x6a124237U, 0xb79251e7U, 0x06a1bbe6U, 0x4bfb6350U,
243 0x1a6b1018U, 0x11caedfaU, 0x3d25bdd8U, 0xe2e1c3c9U,
244 0x44421659U, 0x0a121386U, 0xd90cec6eU, 0xd5abea2aU,
245 0x64af674eU, 0xda86a85fU, 0xbebfe988U, 0x64e4c3feU,
246 0x9dbc8057U, 0xf0f7c086U, 0x60787bf8U, 0x6003604dU,
247 0xd1fd8346U, 0xf6381fb0U, 0x7745ae04U, 0xd736fcccU,
248 0x83426b33U, 0xf01eab71U, 0xb0804187U, 0x3c005e5fU,
249 0x77a057beU, 0xbde8ae24U, 0x55464299U, 0xbf582e61U,
250 0x4e58f48fU, 0xf2ddfda2U, 0xf474ef38U, 0x8789bdc2U,
251 0x5366f9c3U, 0xc8b38e74U, 0xb475f255U, 0x46fcd9b9U,
252 0x7aeb2661U, 0x8b1ddf84U, 0x846a0e79U, 0x915f95e2U,
253 0x466e598eU, 0x20b45770U, 0x8cd55591U, 0xc902de4cU,
254 0xb90bace1U, 0xbb8205d0U, 0x11a86248U, 0x7574a99eU,
255 0xb77f19b6U, 0xe0a9dc09U, 0x662d09a1U, 0xc4324633U,
256 0xe85a1f02U, 0x09f0be8cU, 0x4a99a025U, 0x1d6efe10U,
257 0x1ab93d1dU, 0x0ba5a4dfU, 0xa186f20fU, 0x2868f169U,
258 0xdcb7da83U, 0x573906feU, 0xa1e2ce9bU, 0x4fcd7f52U,
259 0x50115e01U, 0xa70683faU, 0xa002b5c4U, 0x0de6d027U,
260 0x9af88c27U, 0x773f8641U, 0xc3604c06U, 0x61a806b5U,
261 0xf0177a28U, 0xc0f586e0U, 0x006058aaU, 0x30dc7d62U,
262 0x11e69ed7U, 0x2338ea63U, 0x53c2dd94U, 0xc2c21634U,
263 0xbbcbee56U, 0x90bcb6deU, 0xebfc7da1U, 0xce591d76U,
264 0x6f05e409U, 0x4b7c0188U, 0x39720a3dU, 0x7c927c24U,
265 0x86e3725fU, 0x724d9db9U, 0x1ac15bb4U, 0xd39eb8fcU,
266 0xed545578U, 0x08fca5b5U, 0xd83d7cd3U, 0x4dad0fc4U,
267 0x1e50ef5eU, 0xb161e6f8U, 0xa28514d9U, 0x6c51133cU,
268 0x6fd5c7e7U, 0x56e14ec4U, 0x362abfceU, 0xddc6c837U,
269 0xd79a3234U, 0x92638212U, 0x670efa8eU, 0x406000e0U,
270
271 /* S-Box 3. */
272 0x3a39ce37U, 0xd3faf5cfU, 0xabc27737U, 0x5ac52d1bU,
273 0x5cb0679eU, 0x4fa33742U, 0xd3822740U, 0x99bc9bbeU,
274 0xd5118e9dU, 0xbf0f7315U, 0xd62d1c7eU, 0xc700c47bU,
275 0xb78c1b6bU, 0x21a19045U, 0xb26eb1beU, 0x6a366eb4U,
276 0x5748ab2fU, 0xbc946e79U, 0xc6a376d2U, 0x6549c2c8U,
277 0x530ff8eeU, 0x468dde7dU, 0xd5730a1dU, 0x4cd04dc6U,
278 0x2939bbdbU, 0xa9ba4650U, 0xac9526e8U, 0xbe5ee304U,
279 0xa1fad5f0U, 0x6a2d519aU, 0x63ef8ce2U, 0x9a86ee22U,
280 0xc089c2b8U, 0x43242ef6U, 0xa51e03aaU, 0x9cf2d0a4U,
281 0x83c061baU, 0x9be96a4dU, 0x8fe51550U, 0xba645bd6U,
282 0x2826a2f9U, 0xa73a3ae1U, 0x4ba99586U, 0xef5562e9U,
283 0xc72fefd3U, 0xf752f7daU, 0x3f046f69U, 0x77fa0a59U,
284 0x80e4a915U, 0x87b08601U, 0x9b09e6adU, 0x3b3ee593U,
285 0xe990fd5aU, 0x9e34d797U, 0x2cf0b7d9U, 0x022b8b51U,
286 0x96d5ac3aU, 0x017da67dU, 0xd1cf3ed6U, 0x7c7d2d28U,
287 0x1f9f25cfU, 0xadf2b89bU, 0x5ad6b472U, 0x5a88f54cU,
288 0xe029ac71U, 0xe019a5e6U, 0x47b0acfdU, 0xed93fa9bU,
289 0xe8d3c48dU, 0x283b57ccU, 0xf8d56629U, 0x79132e28U,
290 0x785f0191U, 0xed756055U, 0xf7960e44U, 0xe3d35e8cU,
291 0x15056dd4U, 0x88f46dbaU, 0x03a16125U, 0x0564f0bdU,
292 0xc3eb9e15U, 0x3c9057a2U, 0x97271aecU, 0xa93a072aU,
293 0x1b3f6d9bU, 0x1e6321f5U, 0xf59c66fbU, 0x26dcf319U,
294 0x7533d928U, 0xb155fdf5U, 0x03563482U, 0x8aba3cbbU,
295 0x28517711U, 0xc20ad9f8U, 0xabcc5167U, 0xccad925fU,
296 0x4de81751U, 0x3830dc8eU, 0x379d5862U, 0x9320f991U,
297 0xea7a90c2U, 0xfb3e7bceU, 0x5121ce64U, 0x774fbe32U,
298 0xa8b6e37eU, 0xc3293d46U, 0x48de5369U, 0x6413e680U,
299 0xa2ae0810U, 0xdd6db224U, 0x69852dfdU, 0x09072166U,
300 0xb39a460aU, 0x6445c0ddU, 0x586cdecfU, 0x1c20c8aeU,
301 0x5bbef7ddU, 0x1b588d40U, 0xccd2017fU, 0x6bb4e3bbU,
302 0xdda26a7eU, 0x3a59ff45U, 0x3e350a44U, 0xbcb4cdd5U,
303 0x72eacea8U, 0xfa6484bbU, 0x8d6612aeU, 0xbf3c6f47U,
304 0xd29be463U, 0x542f5d9eU, 0xaec2771bU, 0xf64e6370U,
305 0x740e0d8dU, 0xe75b1357U, 0xf8721671U, 0xaf537d5dU,
306 0x4040cb08U, 0x4eb4e2ccU, 0x34d2466aU, 0x0115af84U,
307 0xe1b00428U, 0x95983a1dU, 0x06b89fb4U, 0xce6ea048U,
308 0x6f3f3b82U, 0x3520ab82U, 0x011a1d4bU, 0x277227f8U,
309 0x611560b1U, 0xe7933fdcU, 0xbb3a792bU, 0x344525bdU,
310 0xa08839e1U, 0x51ce794bU, 0x2f32c9b7U, 0xa01fbac9U,
311 0xe01cc87eU, 0xbcc7d1f6U, 0xcf0111c3U, 0xa1e8aac7U,
312 0x1a908749U, 0xd44fbd9aU, 0xd0dadecbU, 0xd50ada38U,
313 0x0339c32aU, 0xc6913667U, 0x8df9317cU, 0xe0b12b4fU,
314 0xf79e59b7U, 0x43f5bb3aU, 0xf2d519ffU, 0x27d9459cU,
315 0xbf97222cU, 0x15e6fc2aU, 0x0f91fc71U, 0x9b941525U,
316 0xfae59361U, 0xceb69cebU, 0xc2a86459U, 0x12baa8d1U,
317 0xb6c1075eU, 0xe3056a0cU, 0x10d25065U, 0xcb03a442U,
318 0xe0ec6e0eU, 0x1698db3bU, 0x4c98a0beU, 0x3278e964U,
319 0x9f1f9532U, 0xe0d392dfU, 0xd3a0342bU, 0x8971f21eU,
320 0x1b0a7441U, 0x4ba3348cU, 0xc5be7120U, 0xc37632d8U,
321 0xdf359f8dU, 0x9b992f2eU, 0xe60b6f47U, 0x0fe3f11dU,
322 0xe54cda54U, 0x1edad891U, 0xce6279cfU, 0xcd3e7e6fU,
323 0x1618b166U, 0xfd2c1d05U, 0x848fd2c5U, 0xf6fb2299U,
324 0xf523f357U, 0xa6327623U, 0x93a83531U, 0x56cccd02U,
325 0xacf08162U, 0x5a75ebb5U, 0x6e163697U, 0x88d273ccU,
326 0xde966292U, 0x81b949d0U, 0x4c50901bU, 0x71c65614U,
327 0xe6c6c7bdU, 0x327a140aU, 0x45e1d006U, 0xc3f27b9aU,
328 0xc9aa53fdU, 0x62a80f00U, 0xbb25bfe2U, 0x35bdd2f6U,
329 0x71126905U, 0xb2040222U, 0xb6cbcf7cU, 0xcd769c2bU,
330 0x53113ec0U, 0x1640e3d3U, 0x38abbd60U, 0x2547adf0U,
331 0xba38209cU, 0xf746ce76U, 0x77afa1c5U, 0x20756060U,
332 0x85cbfe4eU, 0x8ae88dd8U, 0x7aaaf9b0U, 0x4cf9aa7eU,
333 0x1948c25cU, 0x02fb8a8cU, 0x01c36ae4U, 0xd6ebe1f9U,
334 0x90d4f869U, 0xa65cdea0U, 0x3f09252dU, 0xc208e69fU,
335 0xb74e6132U, 0xce77e25bU, 0x578fdfe3U, 0x3ac372e6U,
336 };
337
338 typedef struct keysched_s {
339 uint32_t ksch_S[1024]; /* The 4 S boxes are 256 32-bit words. */
340 uint32_t ksch_P[18]; /* P box is 18 32-bit words. */
341 } keysched_t;
342
343 /*
344 * Since ROUND() is a macro, make sure that the things inside can be
345 * evaluated more than once. Especially when calling F().
346 * Assume the presence of local variables:
347 *
348 * uint32_t *P;
349 * uint32_t *S;
350 * uint32_t tmp;
351 *
352 *
353 * And to Microsoft interview survivors out there, perhaps I should do the
354 * XOR swap trick, or at least #ifdef (__i386) the tmp = ... = tmp; stuff.
355 */
356
357 #define F(word) \
358 (((S[(word >> 24) & 0xff] + S[256 + ((word >> 16) & 0xff)]) ^ \
359 S[512 + ((word >> 8) & 0xff)]) + S[768 + (word & 0xff)])
360
361 #define ROUND(left, right, i) \
362 (left) ^= P[i]; \
363 (right) ^= F((left)); \
364 tmp = (left); \
365 (left) = (right); \
366 (right) = tmp;
367
368 /*
369 * Encrypt a block of data. Because of addition operations, convert blocks
370 * to their big-endian representation, even on Intel boxen.
371 */
372 /* ARGSUSED */
373 int
blowfish_encrypt_block(const void * cookie,const uint8_t * block,uint8_t * out_block)374 blowfish_encrypt_block(const void *cookie, const uint8_t *block,
375 uint8_t *out_block)
376 {
377 keysched_t *ksch = (keysched_t *)cookie;
378
379 uint32_t left, right, tmp;
380 uint32_t *P = ksch->ksch_P;
381 uint32_t *S = ksch->ksch_S;
382 #ifdef _BIG_ENDIAN
383 uint32_t *b32;
384
385 if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
386 /* LINTED: pointer alignment */
387 b32 = (uint32_t *)block;
388 left = b32[0];
389 right = b32[1];
390 } else
391 #endif
392 {
393 /*
394 * Read input block and place in left/right in big-endian order.
395 */
396 #ifdef UNALIGNED_POINTERS_PERMITTED
397 left = htonl(*(uint32_t *)(void *)&block[0]);
398 right = htonl(*(uint32_t *)(void *)&block[4]);
399 #else
400 left = ((uint32_t)block[0] << 24)
401 | ((uint32_t)block[1] << 16)
402 | ((uint32_t)block[2] << 8)
403 | (uint32_t)block[3];
404 right = ((uint32_t)block[4] << 24)
405 | ((uint32_t)block[5] << 16)
406 | ((uint32_t)block[6] << 8)
407 | (uint32_t)block[7];
408 #endif /* UNALIGNED_POINTERS_PERMITTED */
409 }
410
411 ROUND(left, right, 0);
412 ROUND(left, right, 1);
413 ROUND(left, right, 2);
414 ROUND(left, right, 3);
415 ROUND(left, right, 4);
416 ROUND(left, right, 5);
417 ROUND(left, right, 6);
418 ROUND(left, right, 7);
419 ROUND(left, right, 8);
420 ROUND(left, right, 9);
421 ROUND(left, right, 10);
422 ROUND(left, right, 11);
423 ROUND(left, right, 12);
424 ROUND(left, right, 13);
425 ROUND(left, right, 14);
426 ROUND(left, right, 15);
427
428 tmp = left;
429 left = right;
430 right = tmp;
431 right ^= P[16];
432 left ^= P[17];
433
434 #ifdef _BIG_ENDIAN
435 if (IS_P2ALIGNED(out_block, sizeof (uint32_t))) {
436 /* LINTED: pointer alignment */
437 b32 = (uint32_t *)out_block;
438 b32[0] = left;
439 b32[1] = right;
440 } else
441 #endif
442 {
443 /* Put the block back into the user's block with final swap */
444 #ifdef UNALIGNED_POINTERS_PERMITTED
445 *(uint32_t *)(void *)&out_block[0] = htonl(left);
446 *(uint32_t *)(void *)&out_block[4] = htonl(right);
447 #else
448 out_block[0] = left >> 24;
449 out_block[1] = left >> 16;
450 out_block[2] = left >> 8;
451 out_block[3] = left;
452 out_block[4] = right >> 24;
453 out_block[5] = right >> 16;
454 out_block[6] = right >> 8;
455 out_block[7] = right;
456 #endif /* UNALIGNED_POINTERS_PERMITTED */
457 }
458 return (CRYPTO_SUCCESS);
459 }
460
461 /*
462 * Decrypt a block of data. Because of addition operations, convert blocks
463 * to their big-endian representation, even on Intel boxen.
464 * It should look like the blowfish_encrypt_block() operation
465 * except for the order in which the S/P boxes are accessed.
466 */
467 /* ARGSUSED */
468 int
blowfish_decrypt_block(const void * cookie,const uint8_t * block,uint8_t * out_block)469 blowfish_decrypt_block(const void *cookie, const uint8_t *block,
470 uint8_t *out_block)
471 {
472 keysched_t *ksch = (keysched_t *)cookie;
473
474 uint32_t left, right, tmp;
475 uint32_t *P = ksch->ksch_P;
476 uint32_t *S = ksch->ksch_S;
477 #ifdef _BIG_ENDIAN
478 uint32_t *b32;
479
480 if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
481 /* LINTED: pointer alignment */
482 b32 = (uint32_t *)block;
483 left = b32[0];
484 right = b32[1];
485 } else
486 #endif
487 {
488 /*
489 * Read input block and place in left/right in big-endian order.
490 */
491 #ifdef UNALIGNED_POINTERS_PERMITTED
492 left = htonl(*(uint32_t *)(void *)&block[0]);
493 right = htonl(*(uint32_t *)(void *)&block[4]);
494 #else
495 left = ((uint32_t)block[0] << 24)
496 | ((uint32_t)block[1] << 16)
497 | ((uint32_t)block[2] << 8)
498 | (uint32_t)block[3];
499 right = ((uint32_t)block[4] << 24)
500 | ((uint32_t)block[5] << 16)
501 | ((uint32_t)block[6] << 8)
502 | (uint32_t)block[7];
503 #endif /* UNALIGNED_POINTERS_PERMITTED */
504 }
505
506 ROUND(left, right, 17);
507 ROUND(left, right, 16);
508 ROUND(left, right, 15);
509 ROUND(left, right, 14);
510 ROUND(left, right, 13);
511 ROUND(left, right, 12);
512 ROUND(left, right, 11);
513 ROUND(left, right, 10);
514 ROUND(left, right, 9);
515 ROUND(left, right, 8);
516 ROUND(left, right, 7);
517 ROUND(left, right, 6);
518 ROUND(left, right, 5);
519 ROUND(left, right, 4);
520 ROUND(left, right, 3);
521 ROUND(left, right, 2);
522
523 tmp = left;
524 left = right;
525 right = tmp;
526 right ^= P[1];
527 left ^= P[0];
528
529 #ifdef _BIG_ENDIAN
530 if (IS_P2ALIGNED(out_block, sizeof (uint32_t))) {
531 /* LINTED: pointer alignment */
532 b32 = (uint32_t *)out_block;
533 b32[0] = left;
534 b32[1] = right;
535 } else
536 #endif
537 {
538 /* Put the block back into the user's block with final swap */
539 #ifdef UNALIGNED_POINTERS_PERMITTED
540 *(uint32_t *)(void *)&out_block[0] = htonl(left);
541 *(uint32_t *)(void *)&out_block[4] = htonl(right);
542 #else
543 out_block[0] = left >> 24;
544 out_block[1] = left >> 16;
545 out_block[2] = left >> 8;
546 out_block[3] = left;
547 out_block[4] = right >> 24;
548 out_block[5] = right >> 16;
549 out_block[6] = right >> 8;
550 out_block[7] = right;
551 #endif /* UNALIGNED_POINTERS_PERMITTED */
552 }
553 return (CRYPTO_SUCCESS);
554 }
555
556 static void
bitrepeat(uint8_t * pattern,uint_t len_bytes,uint_t len_bits,uint8_t * dst,uint_t dst_len_bytes)557 bitrepeat(uint8_t *pattern, uint_t len_bytes, uint_t len_bits, uint8_t *dst,
558 uint_t dst_len_bytes)
559 {
560 uint8_t *current = dst;
561 uint_t bitsleft = CRYPTO_BYTES2BITS(dst_len_bytes);
562 uint_t bitoffset = 0;
563 uint_t currentbits;
564 int i;
565
566 BLOWFISH_ASSERT(CRYPTO_BITS2BYTES(len_bits) == len_bytes);
567
568 bzero(dst, dst_len_bytes);
569
570 while (bitsleft != 0) {
571 if (bitsleft >= len_bits) {
572 currentbits = len_bits;
573
574 for (i = 0; i < len_bytes; i++) {
575 if (currentbits >= 8) {
576 *current++ |= pattern[i] >> bitoffset;
577 *current |= pattern[i] << 8 - bitoffset;
578 currentbits -= 8;
579 } else {
580 *current |= pattern[i] >> bitoffset;
581 bitoffset = bitoffset + currentbits;
582 bitoffset &= 0x7;
583 if (bitoffset == 0)
584 current++;
585 }
586 }
587 bitsleft -= len_bits;
588 } else {
589 currentbits = bitsleft;
590
591 for (i = 0; i < len_bytes && bitsleft != 0; i++) {
592 if (currentbits >= 8 &&
593 current < dst + dst_len_bytes) {
594 *current++ |= pattern[i] >> bitoffset;
595 *current |= pattern[i] << 8 - bitoffset;
596 currentbits -= 8;
597 bitsleft -= 8;
598 } else {
599 *current |= pattern[i] >> bitoffset;
600 bitsleft -= bitoffset;
601 bitoffset = bitoffset + currentbits;
602 bitoffset &= 0x7;
603 if (bitoffset == 0)
604 current++;
605 currentbits = 0;
606 }
607 }
608 bitsleft = 0;
609 }
610 }
611 }
612
613 /*
614 * Initialize key schedules for Blowfish.
615 */
616 void
blowfish_init_keysched(uint8_t * key,uint_t bits,void * keysched)617 blowfish_init_keysched(uint8_t *key, uint_t bits, void *keysched)
618 {
619 keysched_t *newbie = keysched;
620 uint32_t *P = newbie->ksch_P;
621 uint32_t *S = newbie->ksch_S;
622 uint32_t *initp;
623 uint32_t tmpblock[] = {0, 0};
624 uint8_t *rawkeybytes = (uint8_t *)P;
625 int i, slop, copylen;
626 uintptr_t bytesleft;
627 uint_t len;
628
629 len = CRYPTO_BITS2BYTES(bits);
630
631 if ((bits & 0x7) != 0) {
632 /*
633 * Really slow case, bits aren't on a byte boundary.
634 * Keep track of individual bits copied over. :-P
635 */
636 bitrepeat(key, len, bits, rawkeybytes, 72);
637 } else {
638 slop = 72 % len;
639
640 /* Someone gave us a nice amount (i.e. div by 8) of bits */
641 while (rawkeybytes != (uint8_t *)(P + 18)) {
642 bytesleft =
643 (uintptr_t)(P + 18) - (uintptr_t)rawkeybytes;
644 copylen = (bytesleft >= len) ? len : slop;
645 bcopy(key, rawkeybytes, copylen);
646 rawkeybytes += copylen;
647 }
648 }
649
650 for (i = 0; i < 18; i++)
651 P[i] = ntohl(P[i]) ^ init_P[i];
652
653 /* Go bcopy go! (Hope that Ultra's bcopy is faster than me!) */
654 bcopy(init_S, S, sizeof (init_S));
655
656 /*
657 * When initializing P and S boxes, store the results of a single
658 * encrypt-block operation in "host order", which on little-endian
659 * means byte-swapping. Fortunately, the ntohl() function does this
660 * quite nicely, and it a NOP on big-endian machine.
661 */
662 initp = P;
663 for (i = 0; i < 9; i++) {
664 (void) blowfish_encrypt_block(newbie, (uint8_t *)tmpblock,
665 (uint8_t *)tmpblock);
666 *initp++ = ntohl(tmpblock[0]);
667 *initp++ = ntohl(tmpblock[1]);
668 }
669
670 initp = S;
671 for (i = 0; i < 512; i++) {
672 (void) blowfish_encrypt_block(newbie, (uint8_t *)tmpblock,
673 (uint8_t *)tmpblock);
674 *initp++ = ntohl(tmpblock[0]);
675 *initp++ = ntohl(tmpblock[1]);
676 }
677 }
678
679 /*
680 * Allocate key schedule for Blowfish.
681 */
682 /* ARGSUSED */
683 void *
blowfish_alloc_keysched(size_t * size,int kmflag)684 blowfish_alloc_keysched(size_t *size, int kmflag)
685 {
686 keysched_t *keysched;
687
688 #ifdef _KERNEL
689 keysched = (keysched_t *)kmem_alloc(sizeof (keysched_t), kmflag);
690 #else
691 keysched = (keysched_t *)malloc(sizeof (keysched_t));
692 #endif /* _KERNEL */
693 if (keysched != NULL) {
694 *size = sizeof (keysched_t);
695 return (keysched);
696 }
697
698 return (NULL);
699 }
700
701 void
blowfish_copy_block(uint8_t * in,uint8_t * out)702 blowfish_copy_block(uint8_t *in, uint8_t *out)
703 {
704 if (IS_P2ALIGNED(in, sizeof (uint32_t)) &&
705 IS_P2ALIGNED(out, sizeof (uint32_t))) {
706 /* LINTED: pointer alignment */
707 *(uint32_t *)&out[0] = *(uint32_t *)&in[0];
708 /* LINTED: pointer alignment */
709 *(uint32_t *)&out[4] = *(uint32_t *)&in[4];
710 } else {
711 BLOWFISH_COPY_BLOCK(in, out);
712 }
713 }
714
715 /* XOR block of data into dest */
716 void
blowfish_xor_block(uint8_t * data,uint8_t * dst)717 blowfish_xor_block(uint8_t *data, uint8_t *dst)
718 {
719 if (IS_P2ALIGNED(dst, sizeof (uint32_t)) &&
720 IS_P2ALIGNED(data, sizeof (uint32_t))) {
721 /* LINTED: pointer alignment */
722 *(uint32_t *)&dst[0] ^= *(uint32_t *)&data[0];
723 /* LINTED: pointer alignment */
724 *(uint32_t *)&dst[4] ^= *(uint32_t *)&data[4];
725 } else {
726 BLOWFISH_XOR_BLOCK(data, dst);
727 }
728 }
729
730 /*
731 * Encrypt multiple blocks of data according to mode.
732 */
733 int
blowfish_encrypt_contiguous_blocks(void * ctx,char * data,size_t length,crypto_data_t * out)734 blowfish_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
735 crypto_data_t *out)
736 {
737 blowfish_ctx_t *blowfish_ctx = ctx;
738 int rv;
739
740 if (blowfish_ctx->bc_flags & CBC_MODE) {
741 rv = cbc_encrypt_contiguous_blocks(ctx, data, length, out,
742 BLOWFISH_BLOCK_LEN, blowfish_encrypt_block,
743 blowfish_copy_block, blowfish_xor_block);
744 } else {
745 rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
746 BLOWFISH_BLOCK_LEN, blowfish_encrypt_block);
747 }
748 return (rv);
749 }
750
751 /*
752 * Decrypt multiple blocks of data according to mode.
753 */
754 int
blowfish_decrypt_contiguous_blocks(void * ctx,char * data,size_t length,crypto_data_t * out)755 blowfish_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
756 crypto_data_t *out)
757 {
758 blowfish_ctx_t *blowfish_ctx = ctx;
759 int rv;
760
761 if (blowfish_ctx->bc_flags & CBC_MODE) {
762 rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out,
763 BLOWFISH_BLOCK_LEN, blowfish_decrypt_block,
764 blowfish_copy_block, blowfish_xor_block);
765 } else {
766 rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
767 BLOWFISH_BLOCK_LEN, blowfish_decrypt_block);
768 if (rv == CRYPTO_DATA_LEN_RANGE)
769 rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
770 }
771 return (rv);
772 }
773