xref: /illumos-gate/usr/src/common/crypto/blowfish/blowfish_impl.c (revision 354507029a42e4bcb1ea64fc4685f2bfd4792db8)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  * Blowfish encryption/decryption and keyschedule code.
28  */
29 
30 #include <sys/types.h>
31 #include <sys/systm.h>
32 #include <sys/ddi.h>
33 #include <sys/sysmacros.h>
34 #include <sys/strsun.h>
35 #include <sys/note.h>
36 #include <sys/byteorder.h>
37 #include <sys/crypto/spi.h>
38 #include <modes/modes.h>
39 #include <sys/crypto/common.h>
40 #include "blowfish_impl.h"
41 
42 #ifdef _KERNEL
43 
44 #define	BLOWFISH_ASSERT(x)	ASSERT(x)
45 
46 #else /* !_KERNEL */
47 
48 #include <strings.h>
49 #include <stdlib.h>
50 #define	BLOWFISH_ASSERT(x)
51 #endif /* _KERNEL */
52 
53 #if defined(__i386) || defined(__amd64)
54 #include <sys/byteorder.h>
55 #define	UNALIGNED_POINTERS_PERMITTED
56 #endif
57 
58 /* EXPORT DELETE START */
59 
60 /*
61  * Blowfish initial P box and S boxes, derived from the hex digits of PI.
62  *
63  * NOTE:  S boxes are placed into one large array.
64  */
65 static const uint32_t init_P[] = {
66 	0x243f6a88U, 0x85a308d3U, 0x13198a2eU,
67 	0x03707344U, 0xa4093822U, 0x299f31d0U,
68 	0x082efa98U, 0xec4e6c89U, 0x452821e6U,
69 	0x38d01377U, 0xbe5466cfU, 0x34e90c6cU,
70 	0xc0ac29b7U, 0xc97c50ddU, 0x3f84d5b5U,
71 	0xb5470917U, 0x9216d5d9U, 0x8979fb1bU
72 };
73 
74 static const uint32_t init_S[] = {
75 	/* S-Box 0. */
76 	0xd1310ba6U, 0x98dfb5acU, 0x2ffd72dbU, 0xd01adfb7U,
77 	0xb8e1afedU, 0x6a267e96U, 0xba7c9045U, 0xf12c7f99U,
78 	0x24a19947U, 0xb3916cf7U, 0x0801f2e2U, 0x858efc16U,
79 	0x636920d8U, 0x71574e69U, 0xa458fea3U, 0xf4933d7eU,
80 	0x0d95748fU, 0x728eb658U, 0x718bcd58U, 0x82154aeeU,
81 	0x7b54a41dU, 0xc25a59b5U, 0x9c30d539U, 0x2af26013U,
82 	0xc5d1b023U, 0x286085f0U, 0xca417918U, 0xb8db38efU,
83 	0x8e79dcb0U, 0x603a180eU, 0x6c9e0e8bU, 0xb01e8a3eU,
84 	0xd71577c1U, 0xbd314b27U, 0x78af2fdaU, 0x55605c60U,
85 	0xe65525f3U, 0xaa55ab94U, 0x57489862U, 0x63e81440U,
86 	0x55ca396aU, 0x2aab10b6U, 0xb4cc5c34U, 0x1141e8ceU,
87 	0xa15486afU, 0x7c72e993U, 0xb3ee1411U, 0x636fbc2aU,
88 	0x2ba9c55dU, 0x741831f6U, 0xce5c3e16U, 0x9b87931eU,
89 	0xafd6ba33U, 0x6c24cf5cU, 0x7a325381U, 0x28958677U,
90 	0x3b8f4898U, 0x6b4bb9afU, 0xc4bfe81bU, 0x66282193U,
91 	0x61d809ccU, 0xfb21a991U, 0x487cac60U, 0x5dec8032U,
92 	0xef845d5dU, 0xe98575b1U, 0xdc262302U, 0xeb651b88U,
93 	0x23893e81U, 0xd396acc5U, 0x0f6d6ff3U, 0x83f44239U,
94 	0x2e0b4482U, 0xa4842004U, 0x69c8f04aU, 0x9e1f9b5eU,
95 	0x21c66842U, 0xf6e96c9aU, 0x670c9c61U, 0xabd388f0U,
96 	0x6a51a0d2U, 0xd8542f68U, 0x960fa728U, 0xab5133a3U,
97 	0x6eef0b6cU, 0x137a3be4U, 0xba3bf050U, 0x7efb2a98U,
98 	0xa1f1651dU, 0x39af0176U, 0x66ca593eU, 0x82430e88U,
99 	0x8cee8619U, 0x456f9fb4U, 0x7d84a5c3U, 0x3b8b5ebeU,
100 	0xe06f75d8U, 0x85c12073U, 0x401a449fU, 0x56c16aa6U,
101 	0x4ed3aa62U, 0x363f7706U, 0x1bfedf72U, 0x429b023dU,
102 	0x37d0d724U, 0xd00a1248U, 0xdb0fead3U, 0x49f1c09bU,
103 	0x075372c9U, 0x80991b7bU, 0x25d479d8U, 0xf6e8def7U,
104 	0xe3fe501aU, 0xb6794c3bU, 0x976ce0bdU, 0x04c006baU,
105 	0xc1a94fb6U, 0x409f60c4U, 0x5e5c9ec2U, 0x196a2463U,
106 	0x68fb6fafU, 0x3e6c53b5U, 0x1339b2ebU, 0x3b52ec6fU,
107 	0x6dfc511fU, 0x9b30952cU, 0xcc814544U, 0xaf5ebd09U,
108 	0xbee3d004U, 0xde334afdU, 0x660f2807U, 0x192e4bb3U,
109 	0xc0cba857U, 0x45c8740fU, 0xd20b5f39U, 0xb9d3fbdbU,
110 	0x5579c0bdU, 0x1a60320aU, 0xd6a100c6U, 0x402c7279U,
111 	0x679f25feU, 0xfb1fa3ccU, 0x8ea5e9f8U, 0xdb3222f8U,
112 	0x3c7516dfU, 0xfd616b15U, 0x2f501ec8U, 0xad0552abU,
113 	0x323db5faU, 0xfd238760U, 0x53317b48U, 0x3e00df82U,
114 	0x9e5c57bbU, 0xca6f8ca0U, 0x1a87562eU, 0xdf1769dbU,
115 	0xd542a8f6U, 0x287effc3U, 0xac6732c6U, 0x8c4f5573U,
116 	0x695b27b0U, 0xbbca58c8U, 0xe1ffa35dU, 0xb8f011a0U,
117 	0x10fa3d98U, 0xfd2183b8U, 0x4afcb56cU, 0x2dd1d35bU,
118 	0x9a53e479U, 0xb6f84565U, 0xd28e49bcU, 0x4bfb9790U,
119 	0xe1ddf2daU, 0xa4cb7e33U, 0x62fb1341U, 0xcee4c6e8U,
120 	0xef20cadaU, 0x36774c01U, 0xd07e9efeU, 0x2bf11fb4U,
121 	0x95dbda4dU, 0xae909198U, 0xeaad8e71U, 0x6b93d5a0U,
122 	0xd08ed1d0U, 0xafc725e0U, 0x8e3c5b2fU, 0x8e7594b7U,
123 	0x8ff6e2fbU, 0xf2122b64U, 0x8888b812U, 0x900df01cU,
124 	0x4fad5ea0U, 0x688fc31cU, 0xd1cff191U, 0xb3a8c1adU,
125 	0x2f2f2218U, 0xbe0e1777U, 0xea752dfeU, 0x8b021fa1U,
126 	0xe5a0cc0fU, 0xb56f74e8U, 0x18acf3d6U, 0xce89e299U,
127 	0xb4a84fe0U, 0xfd13e0b7U, 0x7cc43b81U, 0xd2ada8d9U,
128 	0x165fa266U, 0x80957705U, 0x93cc7314U, 0x211a1477U,
129 	0xe6ad2065U, 0x77b5fa86U, 0xc75442f5U, 0xfb9d35cfU,
130 	0xebcdaf0cU, 0x7b3e89a0U, 0xd6411bd3U, 0xae1e7e49U,
131 	0x00250e2dU, 0x2071b35eU, 0x226800bbU, 0x57b8e0afU,
132 	0x2464369bU, 0xf009b91eU, 0x5563911dU, 0x59dfa6aaU,
133 	0x78c14389U, 0xd95a537fU, 0x207d5ba2U, 0x02e5b9c5U,
134 	0x83260376U, 0x6295cfa9U, 0x11c81968U, 0x4e734a41U,
135 	0xb3472dcaU, 0x7b14a94aU, 0x1b510052U, 0x9a532915U,
136 	0xd60f573fU, 0xbc9bc6e4U, 0x2b60a476U, 0x81e67400U,
137 	0x08ba6fb5U, 0x571be91fU, 0xf296ec6bU, 0x2a0dd915U,
138 	0xb6636521U, 0xe7b9f9b6U, 0xff34052eU, 0xc5855664U,
139 	0x53b02d5dU, 0xa99f8fa1U, 0x08ba4799U, 0x6e85076aU,
140 
141 	/* S-Box 1. */
142 	0x4b7a70e9U, 0xb5b32944U, 0xdb75092eU, 0xc4192623U,
143 	0xad6ea6b0U, 0x49a7df7dU, 0x9cee60b8U, 0x8fedb266U,
144 	0xecaa8c71U, 0x699a17ffU, 0x5664526cU, 0xc2b19ee1U,
145 	0x193602a5U, 0x75094c29U, 0xa0591340U, 0xe4183a3eU,
146 	0x3f54989aU, 0x5b429d65U, 0x6b8fe4d6U, 0x99f73fd6U,
147 	0xa1d29c07U, 0xefe830f5U, 0x4d2d38e6U, 0xf0255dc1U,
148 	0x4cdd2086U, 0x8470eb26U, 0x6382e9c6U, 0x021ecc5eU,
149 	0x09686b3fU, 0x3ebaefc9U, 0x3c971814U, 0x6b6a70a1U,
150 	0x687f3584U, 0x52a0e286U, 0xb79c5305U, 0xaa500737U,
151 	0x3e07841cU, 0x7fdeae5cU, 0x8e7d44ecU, 0x5716f2b8U,
152 	0xb03ada37U, 0xf0500c0dU, 0xf01c1f04U, 0x0200b3ffU,
153 	0xae0cf51aU, 0x3cb574b2U, 0x25837a58U, 0xdc0921bdU,
154 	0xd19113f9U, 0x7ca92ff6U, 0x94324773U, 0x22f54701U,
155 	0x3ae5e581U, 0x37c2dadcU, 0xc8b57634U, 0x9af3dda7U,
156 	0xa9446146U, 0x0fd0030eU, 0xecc8c73eU, 0xa4751e41U,
157 	0xe238cd99U, 0x3bea0e2fU, 0x3280bba1U, 0x183eb331U,
158 	0x4e548b38U, 0x4f6db908U, 0x6f420d03U, 0xf60a04bfU,
159 	0x2cb81290U, 0x24977c79U, 0x5679b072U, 0xbcaf89afU,
160 	0xde9a771fU, 0xd9930810U, 0xb38bae12U, 0xdccf3f2eU,
161 	0x5512721fU, 0x2e6b7124U, 0x501adde6U, 0x9f84cd87U,
162 	0x7a584718U, 0x7408da17U, 0xbc9f9abcU, 0xe94b7d8cU,
163 	0xec7aec3aU, 0xdb851dfaU, 0x63094366U, 0xc464c3d2U,
164 	0xef1c1847U, 0x3215d908U, 0xdd433b37U, 0x24c2ba16U,
165 	0x12a14d43U, 0x2a65c451U, 0x50940002U, 0x133ae4ddU,
166 	0x71dff89eU, 0x10314e55U, 0x81ac77d6U, 0x5f11199bU,
167 	0x043556f1U, 0xd7a3c76bU, 0x3c11183bU, 0x5924a509U,
168 	0xf28fe6edU, 0x97f1fbfaU, 0x9ebabf2cU, 0x1e153c6eU,
169 	0x86e34570U, 0xeae96fb1U, 0x860e5e0aU, 0x5a3e2ab3U,
170 	0x771fe71cU, 0x4e3d06faU, 0x2965dcb9U, 0x99e71d0fU,
171 	0x803e89d6U, 0x5266c825U, 0x2e4cc978U, 0x9c10b36aU,
172 	0xc6150ebaU, 0x94e2ea78U, 0xa5fc3c53U, 0x1e0a2df4U,
173 	0xf2f74ea7U, 0x361d2b3dU, 0x1939260fU, 0x19c27960U,
174 	0x5223a708U, 0xf71312b6U, 0xebadfe6eU, 0xeac31f66U,
175 	0xe3bc4595U, 0xa67bc883U, 0xb17f37d1U, 0x018cff28U,
176 	0xc332ddefU, 0xbe6c5aa5U, 0x65582185U, 0x68ab9802U,
177 	0xeecea50fU, 0xdb2f953bU, 0x2aef7dadU, 0x5b6e2f84U,
178 	0x1521b628U, 0x29076170U, 0xecdd4775U, 0x619f1510U,
179 	0x13cca830U, 0xeb61bd96U, 0x0334fe1eU, 0xaa0363cfU,
180 	0xb5735c90U, 0x4c70a239U, 0xd59e9e0bU, 0xcbaade14U,
181 	0xeecc86bcU, 0x60622ca7U, 0x9cab5cabU, 0xb2f3846eU,
182 	0x648b1eafU, 0x19bdf0caU, 0xa02369b9U, 0x655abb50U,
183 	0x40685a32U, 0x3c2ab4b3U, 0x319ee9d5U, 0xc021b8f7U,
184 	0x9b540b19U, 0x875fa099U, 0x95f7997eU, 0x623d7da8U,
185 	0xf837889aU, 0x97e32d77U, 0x11ed935fU, 0x16681281U,
186 	0x0e358829U, 0xc7e61fd6U, 0x96dedfa1U, 0x7858ba99U,
187 	0x57f584a5U, 0x1b227263U, 0x9b83c3ffU, 0x1ac24696U,
188 	0xcdb30aebU, 0x532e3054U, 0x8fd948e4U, 0x6dbc3128U,
189 	0x58ebf2efU, 0x34c6ffeaU, 0xfe28ed61U, 0xee7c3c73U,
190 	0x5d4a14d9U, 0xe864b7e3U, 0x42105d14U, 0x203e13e0U,
191 	0x45eee2b6U, 0xa3aaabeaU, 0xdb6c4f15U, 0xfacb4fd0U,
192 	0xc742f442U, 0xef6abbb5U, 0x654f3b1dU, 0x41cd2105U,
193 	0xd81e799eU, 0x86854dc7U, 0xe44b476aU, 0x3d816250U,
194 	0xcf62a1f2U, 0x5b8d2646U, 0xfc8883a0U, 0xc1c7b6a3U,
195 	0x7f1524c3U, 0x69cb7492U, 0x47848a0bU, 0x5692b285U,
196 	0x095bbf00U, 0xad19489dU, 0x1462b174U, 0x23820e00U,
197 	0x58428d2aU, 0x0c55f5eaU, 0x1dadf43eU, 0x233f7061U,
198 	0x3372f092U, 0x8d937e41U, 0xd65fecf1U, 0x6c223bdbU,
199 	0x7cde3759U, 0xcbee7460U, 0x4085f2a7U, 0xce77326eU,
200 	0xa6078084U, 0x19f8509eU, 0xe8efd855U, 0x61d99735U,
201 	0xa969a7aaU, 0xc50c06c2U, 0x5a04abfcU, 0x800bcadcU,
202 	0x9e447a2eU, 0xc3453484U, 0xfdd56705U, 0x0e1e9ec9U,
203 	0xdb73dbd3U, 0x105588cdU, 0x675fda79U, 0xe3674340U,
204 	0xc5c43465U, 0x713e38d8U, 0x3d28f89eU, 0xf16dff20U,
205 	0x153e21e7U, 0x8fb03d4aU, 0xe6e39f2bU, 0xdb83adf7U,
206 
207 	/* S-Box 2. */
208 	0xe93d5a68U, 0x948140f7U, 0xf64c261cU, 0x94692934U,
209 	0x411520f7U, 0x7602d4f7U, 0xbcf46b2eU, 0xd4a20068U,
210 	0xd4082471U, 0x3320f46aU, 0x43b7d4b7U, 0x500061afU,
211 	0x1e39f62eU, 0x97244546U, 0x14214f74U, 0xbf8b8840U,
212 	0x4d95fc1dU, 0x96b591afU, 0x70f4ddd3U, 0x66a02f45U,
213 	0xbfbc09ecU, 0x03bd9785U, 0x7fac6dd0U, 0x31cb8504U,
214 	0x96eb27b3U, 0x55fd3941U, 0xda2547e6U, 0xabca0a9aU,
215 	0x28507825U, 0x530429f4U, 0x0a2c86daU, 0xe9b66dfbU,
216 	0x68dc1462U, 0xd7486900U, 0x680ec0a4U, 0x27a18deeU,
217 	0x4f3ffea2U, 0xe887ad8cU, 0xb58ce006U, 0x7af4d6b6U,
218 	0xaace1e7cU, 0xd3375fecU, 0xce78a399U, 0x406b2a42U,
219 	0x20fe9e35U, 0xd9f385b9U, 0xee39d7abU, 0x3b124e8bU,
220 	0x1dc9faf7U, 0x4b6d1856U, 0x26a36631U, 0xeae397b2U,
221 	0x3a6efa74U, 0xdd5b4332U, 0x6841e7f7U, 0xca7820fbU,
222 	0xfb0af54eU, 0xd8feb397U, 0x454056acU, 0xba489527U,
223 	0x55533a3aU, 0x20838d87U, 0xfe6ba9b7U, 0xd096954bU,
224 	0x55a867bcU, 0xa1159a58U, 0xcca92963U, 0x99e1db33U,
225 	0xa62a4a56U, 0x3f3125f9U, 0x5ef47e1cU, 0x9029317cU,
226 	0xfdf8e802U, 0x04272f70U, 0x80bb155cU, 0x05282ce3U,
227 	0x95c11548U, 0xe4c66d22U, 0x48c1133fU, 0xc70f86dcU,
228 	0x07f9c9eeU, 0x41041f0fU, 0x404779a4U, 0x5d886e17U,
229 	0x325f51ebU, 0xd59bc0d1U, 0xf2bcc18fU, 0x41113564U,
230 	0x257b7834U, 0x602a9c60U, 0xdff8e8a3U, 0x1f636c1bU,
231 	0x0e12b4c2U, 0x02e1329eU, 0xaf664fd1U, 0xcad18115U,
232 	0x6b2395e0U, 0x333e92e1U, 0x3b240b62U, 0xeebeb922U,
233 	0x85b2a20eU, 0xe6ba0d99U, 0xde720c8cU, 0x2da2f728U,
234 	0xd0127845U, 0x95b794fdU, 0x647d0862U, 0xe7ccf5f0U,
235 	0x5449a36fU, 0x877d48faU, 0xc39dfd27U, 0xf33e8d1eU,
236 	0x0a476341U, 0x992eff74U, 0x3a6f6eabU, 0xf4f8fd37U,
237 	0xa812dc60U, 0xa1ebddf8U, 0x991be14cU, 0xdb6e6b0dU,
238 	0xc67b5510U, 0x6d672c37U, 0x2765d43bU, 0xdcd0e804U,
239 	0xf1290dc7U, 0xcc00ffa3U, 0xb5390f92U, 0x690fed0bU,
240 	0x667b9ffbU, 0xcedb7d9cU, 0xa091cf0bU, 0xd9155ea3U,
241 	0xbb132f88U, 0x515bad24U, 0x7b9479bfU, 0x763bd6ebU,
242 	0x37392eb3U, 0xcc115979U, 0x8026e297U, 0xf42e312dU,
243 	0x6842ada7U, 0xc66a2b3bU, 0x12754cccU, 0x782ef11cU,
244 	0x6a124237U, 0xb79251e7U, 0x06a1bbe6U, 0x4bfb6350U,
245 	0x1a6b1018U, 0x11caedfaU, 0x3d25bdd8U, 0xe2e1c3c9U,
246 	0x44421659U, 0x0a121386U, 0xd90cec6eU, 0xd5abea2aU,
247 	0x64af674eU, 0xda86a85fU, 0xbebfe988U, 0x64e4c3feU,
248 	0x9dbc8057U, 0xf0f7c086U, 0x60787bf8U, 0x6003604dU,
249 	0xd1fd8346U, 0xf6381fb0U, 0x7745ae04U, 0xd736fcccU,
250 	0x83426b33U, 0xf01eab71U, 0xb0804187U, 0x3c005e5fU,
251 	0x77a057beU, 0xbde8ae24U, 0x55464299U, 0xbf582e61U,
252 	0x4e58f48fU, 0xf2ddfda2U, 0xf474ef38U, 0x8789bdc2U,
253 	0x5366f9c3U, 0xc8b38e74U, 0xb475f255U, 0x46fcd9b9U,
254 	0x7aeb2661U, 0x8b1ddf84U, 0x846a0e79U, 0x915f95e2U,
255 	0x466e598eU, 0x20b45770U, 0x8cd55591U, 0xc902de4cU,
256 	0xb90bace1U, 0xbb8205d0U, 0x11a86248U, 0x7574a99eU,
257 	0xb77f19b6U, 0xe0a9dc09U, 0x662d09a1U, 0xc4324633U,
258 	0xe85a1f02U, 0x09f0be8cU, 0x4a99a025U, 0x1d6efe10U,
259 	0x1ab93d1dU, 0x0ba5a4dfU, 0xa186f20fU, 0x2868f169U,
260 	0xdcb7da83U, 0x573906feU, 0xa1e2ce9bU, 0x4fcd7f52U,
261 	0x50115e01U, 0xa70683faU, 0xa002b5c4U, 0x0de6d027U,
262 	0x9af88c27U, 0x773f8641U, 0xc3604c06U, 0x61a806b5U,
263 	0xf0177a28U, 0xc0f586e0U, 0x006058aaU, 0x30dc7d62U,
264 	0x11e69ed7U, 0x2338ea63U, 0x53c2dd94U, 0xc2c21634U,
265 	0xbbcbee56U, 0x90bcb6deU, 0xebfc7da1U, 0xce591d76U,
266 	0x6f05e409U, 0x4b7c0188U, 0x39720a3dU, 0x7c927c24U,
267 	0x86e3725fU, 0x724d9db9U, 0x1ac15bb4U, 0xd39eb8fcU,
268 	0xed545578U, 0x08fca5b5U, 0xd83d7cd3U, 0x4dad0fc4U,
269 	0x1e50ef5eU, 0xb161e6f8U, 0xa28514d9U, 0x6c51133cU,
270 	0x6fd5c7e7U, 0x56e14ec4U, 0x362abfceU, 0xddc6c837U,
271 	0xd79a3234U, 0x92638212U, 0x670efa8eU, 0x406000e0U,
272 
273 	/* S-Box 3. */
274 	0x3a39ce37U, 0xd3faf5cfU, 0xabc27737U, 0x5ac52d1bU,
275 	0x5cb0679eU, 0x4fa33742U, 0xd3822740U, 0x99bc9bbeU,
276 	0xd5118e9dU, 0xbf0f7315U, 0xd62d1c7eU, 0xc700c47bU,
277 	0xb78c1b6bU, 0x21a19045U, 0xb26eb1beU, 0x6a366eb4U,
278 	0x5748ab2fU, 0xbc946e79U, 0xc6a376d2U, 0x6549c2c8U,
279 	0x530ff8eeU, 0x468dde7dU, 0xd5730a1dU, 0x4cd04dc6U,
280 	0x2939bbdbU, 0xa9ba4650U, 0xac9526e8U, 0xbe5ee304U,
281 	0xa1fad5f0U, 0x6a2d519aU, 0x63ef8ce2U, 0x9a86ee22U,
282 	0xc089c2b8U, 0x43242ef6U, 0xa51e03aaU, 0x9cf2d0a4U,
283 	0x83c061baU, 0x9be96a4dU, 0x8fe51550U, 0xba645bd6U,
284 	0x2826a2f9U, 0xa73a3ae1U, 0x4ba99586U, 0xef5562e9U,
285 	0xc72fefd3U, 0xf752f7daU, 0x3f046f69U, 0x77fa0a59U,
286 	0x80e4a915U, 0x87b08601U, 0x9b09e6adU, 0x3b3ee593U,
287 	0xe990fd5aU, 0x9e34d797U, 0x2cf0b7d9U, 0x022b8b51U,
288 	0x96d5ac3aU, 0x017da67dU, 0xd1cf3ed6U, 0x7c7d2d28U,
289 	0x1f9f25cfU, 0xadf2b89bU, 0x5ad6b472U, 0x5a88f54cU,
290 	0xe029ac71U, 0xe019a5e6U, 0x47b0acfdU, 0xed93fa9bU,
291 	0xe8d3c48dU, 0x283b57ccU, 0xf8d56629U, 0x79132e28U,
292 	0x785f0191U, 0xed756055U, 0xf7960e44U, 0xe3d35e8cU,
293 	0x15056dd4U, 0x88f46dbaU, 0x03a16125U, 0x0564f0bdU,
294 	0xc3eb9e15U, 0x3c9057a2U, 0x97271aecU, 0xa93a072aU,
295 	0x1b3f6d9bU, 0x1e6321f5U, 0xf59c66fbU, 0x26dcf319U,
296 	0x7533d928U, 0xb155fdf5U, 0x03563482U, 0x8aba3cbbU,
297 	0x28517711U, 0xc20ad9f8U, 0xabcc5167U, 0xccad925fU,
298 	0x4de81751U, 0x3830dc8eU, 0x379d5862U, 0x9320f991U,
299 	0xea7a90c2U, 0xfb3e7bceU, 0x5121ce64U, 0x774fbe32U,
300 	0xa8b6e37eU, 0xc3293d46U, 0x48de5369U, 0x6413e680U,
301 	0xa2ae0810U, 0xdd6db224U, 0x69852dfdU, 0x09072166U,
302 	0xb39a460aU, 0x6445c0ddU, 0x586cdecfU, 0x1c20c8aeU,
303 	0x5bbef7ddU, 0x1b588d40U, 0xccd2017fU, 0x6bb4e3bbU,
304 	0xdda26a7eU, 0x3a59ff45U, 0x3e350a44U, 0xbcb4cdd5U,
305 	0x72eacea8U, 0xfa6484bbU, 0x8d6612aeU, 0xbf3c6f47U,
306 	0xd29be463U, 0x542f5d9eU, 0xaec2771bU, 0xf64e6370U,
307 	0x740e0d8dU, 0xe75b1357U, 0xf8721671U, 0xaf537d5dU,
308 	0x4040cb08U, 0x4eb4e2ccU, 0x34d2466aU, 0x0115af84U,
309 	0xe1b00428U, 0x95983a1dU, 0x06b89fb4U, 0xce6ea048U,
310 	0x6f3f3b82U, 0x3520ab82U, 0x011a1d4bU, 0x277227f8U,
311 	0x611560b1U, 0xe7933fdcU, 0xbb3a792bU, 0x344525bdU,
312 	0xa08839e1U, 0x51ce794bU, 0x2f32c9b7U, 0xa01fbac9U,
313 	0xe01cc87eU, 0xbcc7d1f6U, 0xcf0111c3U, 0xa1e8aac7U,
314 	0x1a908749U, 0xd44fbd9aU, 0xd0dadecbU, 0xd50ada38U,
315 	0x0339c32aU, 0xc6913667U, 0x8df9317cU, 0xe0b12b4fU,
316 	0xf79e59b7U, 0x43f5bb3aU, 0xf2d519ffU, 0x27d9459cU,
317 	0xbf97222cU, 0x15e6fc2aU, 0x0f91fc71U, 0x9b941525U,
318 	0xfae59361U, 0xceb69cebU, 0xc2a86459U, 0x12baa8d1U,
319 	0xb6c1075eU, 0xe3056a0cU, 0x10d25065U, 0xcb03a442U,
320 	0xe0ec6e0eU, 0x1698db3bU, 0x4c98a0beU, 0x3278e964U,
321 	0x9f1f9532U, 0xe0d392dfU, 0xd3a0342bU, 0x8971f21eU,
322 	0x1b0a7441U, 0x4ba3348cU, 0xc5be7120U, 0xc37632d8U,
323 	0xdf359f8dU, 0x9b992f2eU, 0xe60b6f47U, 0x0fe3f11dU,
324 	0xe54cda54U, 0x1edad891U, 0xce6279cfU, 0xcd3e7e6fU,
325 	0x1618b166U, 0xfd2c1d05U, 0x848fd2c5U, 0xf6fb2299U,
326 	0xf523f357U, 0xa6327623U, 0x93a83531U, 0x56cccd02U,
327 	0xacf08162U, 0x5a75ebb5U, 0x6e163697U, 0x88d273ccU,
328 	0xde966292U, 0x81b949d0U, 0x4c50901bU, 0x71c65614U,
329 	0xe6c6c7bdU, 0x327a140aU, 0x45e1d006U, 0xc3f27b9aU,
330 	0xc9aa53fdU, 0x62a80f00U, 0xbb25bfe2U, 0x35bdd2f6U,
331 	0x71126905U, 0xb2040222U, 0xb6cbcf7cU, 0xcd769c2bU,
332 	0x53113ec0U, 0x1640e3d3U, 0x38abbd60U, 0x2547adf0U,
333 	0xba38209cU, 0xf746ce76U, 0x77afa1c5U, 0x20756060U,
334 	0x85cbfe4eU, 0x8ae88dd8U, 0x7aaaf9b0U, 0x4cf9aa7eU,
335 	0x1948c25cU, 0x02fb8a8cU, 0x01c36ae4U, 0xd6ebe1f9U,
336 	0x90d4f869U, 0xa65cdea0U, 0x3f09252dU, 0xc208e69fU,
337 	0xb74e6132U, 0xce77e25bU, 0x578fdfe3U, 0x3ac372e6U,
338 };
339 
340 typedef struct keysched_s {
341 	uint32_t ksch_S[1024];	/* The 4 S boxes are 256 32-bit words. */
342 	uint32_t ksch_P[18];	/* P box is 18 32-bit words. */
343 } keysched_t;
344 
345 /*
346  * Since ROUND() is a macro, make sure that the things inside can be
347  * evaluated more than once.  Especially when calling F().
348  * Assume the presence of local variables:
349  *
350  *	uint32_t *P;
351  *	uint32_t *S;
352  *	uint32_t tmp;
353  *
354  *
355  * And to Microsoft interview survivors out there, perhaps I should do the
356  * XOR swap trick, or at least #ifdef (__i386) the tmp = ... = tmp; stuff.
357  */
358 
359 #define	F(word) \
360 	(((S[(word >> 24) & 0xff] + S[256 + ((word >> 16) & 0xff)]) ^ \
361 		S[512 + ((word >> 8) & 0xff)]) + S[768 + (word & 0xff)])
362 
363 #define	ROUND(left, right, i) \
364 	(left) ^= P[i]; \
365 	(right) ^= F((left)); \
366 	tmp = (left); \
367 	(left) = (right); \
368 	(right) = tmp;
369 
370 /* EXPORT DELETE END */
371 
372 /*
373  * Encrypt a block of data.  Because of addition operations, convert blocks
374  * to their big-endian representation, even on Intel boxen.
375  */
376 /* ARGSUSED */
377 int
378 blowfish_encrypt_block(const void *cookie, const uint8_t *block,
379     uint8_t *out_block)
380 {
381 /* EXPORT DELETE START */
382 	keysched_t *ksch = (keysched_t *)cookie;
383 
384 	uint32_t left, right, tmp;
385 	uint32_t *P = ksch->ksch_P;
386 	uint32_t *S = ksch->ksch_S;
387 #ifdef _BIG_ENDIAN
388 	uint32_t *b32;
389 
390 	if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
391 		/* LINTED:  pointer alignment */
392 		b32 = (uint32_t *)block;
393 		left = b32[0];
394 		right = b32[1];
395 	} else
396 #endif
397 	{
398 	/*
399 	 * Read input block and place in left/right in big-endian order.
400 	 */
401 #ifdef UNALIGNED_POINTERS_PERMITTED
402 	left = htonl(*(uint32_t *)(void *)&block[0]);
403 	right = htonl(*(uint32_t *)(void *)&block[4]);
404 #else
405 	left = ((uint32_t)block[0] << 24)
406 	    | ((uint32_t)block[1] << 16)
407 	    | ((uint32_t)block[2] << 8)
408 	    | (uint32_t)block[3];
409 	right = ((uint32_t)block[4] << 24)
410 	    | ((uint32_t)block[5] << 16)
411 	    | ((uint32_t)block[6] << 8)
412 	    | (uint32_t)block[7];
413 #endif	/* UNALIGNED_POINTERS_PERMITTED */
414 	}
415 
416 	ROUND(left, right, 0);
417 	ROUND(left, right, 1);
418 	ROUND(left, right, 2);
419 	ROUND(left, right, 3);
420 	ROUND(left, right, 4);
421 	ROUND(left, right, 5);
422 	ROUND(left, right, 6);
423 	ROUND(left, right, 7);
424 	ROUND(left, right, 8);
425 	ROUND(left, right, 9);
426 	ROUND(left, right, 10);
427 	ROUND(left, right, 11);
428 	ROUND(left, right, 12);
429 	ROUND(left, right, 13);
430 	ROUND(left, right, 14);
431 	ROUND(left, right, 15);
432 
433 	tmp = left;
434 	left = right;
435 	right = tmp;
436 	right ^= P[16];
437 	left ^= P[17];
438 
439 #ifdef _BIG_ENDIAN
440 	if (IS_P2ALIGNED(out_block, sizeof (uint32_t))) {
441 		/* LINTED:  pointer alignment */
442 		b32 = (uint32_t *)out_block;
443 		b32[0] = left;
444 		b32[1] = right;
445 	} else
446 #endif
447 	{
448 		/* Put the block back into the user's block with final swap */
449 #ifdef UNALIGNED_POINTERS_PERMITTED
450 		*(uint32_t *)(void *)&out_block[0] = htonl(left);
451 		*(uint32_t *)(void *)&out_block[4] = htonl(right);
452 #else
453 		out_block[0] = left >> 24;
454 		out_block[1] = left >> 16;
455 		out_block[2] = left >> 8;
456 		out_block[3] = left;
457 		out_block[4] = right >> 24;
458 		out_block[5] = right >> 16;
459 		out_block[6] = right >> 8;
460 		out_block[7] = right;
461 #endif	/* UNALIGNED_POINTERS_PERMITTED */
462 	}
463 /* EXPORT DELETE END */
464 	return (CRYPTO_SUCCESS);
465 }
466 
467 /*
468  * Decrypt a block of data.  Because of addition operations, convert blocks
469  * to their big-endian representation, even on Intel boxen.
470  * It should look like the blowfish_encrypt_block() operation
471  * except for the order in which the S/P boxes are accessed.
472  */
473 /* ARGSUSED */
474 int
475 blowfish_decrypt_block(const void *cookie, const uint8_t *block,
476     uint8_t *out_block)
477 {
478 /* EXPORT DELETE START */
479 	keysched_t *ksch = (keysched_t *)cookie;
480 
481 	uint32_t left, right, tmp;
482 	uint32_t *P = ksch->ksch_P;
483 	uint32_t *S = ksch->ksch_S;
484 #ifdef _BIG_ENDIAN
485 	uint32_t *b32;
486 
487 	if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
488 		/* LINTED:  pointer alignment */
489 		b32 = (uint32_t *)block;
490 		left = b32[0];
491 		right = b32[1];
492 	} else
493 #endif
494 	{
495 	/*
496 	 * Read input block and place in left/right in big-endian order.
497 	 */
498 #ifdef UNALIGNED_POINTERS_PERMITTED
499 	left = htonl(*(uint32_t *)(void *)&block[0]);
500 	right = htonl(*(uint32_t *)(void *)&block[4]);
501 #else
502 	left = ((uint32_t)block[0] << 24)
503 	    | ((uint32_t)block[1] << 16)
504 	    | ((uint32_t)block[2] << 8)
505 	    | (uint32_t)block[3];
506 	right = ((uint32_t)block[4] << 24)
507 	    | ((uint32_t)block[5] << 16)
508 	    | ((uint32_t)block[6] << 8)
509 	    | (uint32_t)block[7];
510 #endif	/* UNALIGNED_POINTERS_PERMITTED */
511 	}
512 
513 	ROUND(left, right, 17);
514 	ROUND(left, right, 16);
515 	ROUND(left, right, 15);
516 	ROUND(left, right, 14);
517 	ROUND(left, right, 13);
518 	ROUND(left, right, 12);
519 	ROUND(left, right, 11);
520 	ROUND(left, right, 10);
521 	ROUND(left, right, 9);
522 	ROUND(left, right, 8);
523 	ROUND(left, right, 7);
524 	ROUND(left, right, 6);
525 	ROUND(left, right, 5);
526 	ROUND(left, right, 4);
527 	ROUND(left, right, 3);
528 	ROUND(left, right, 2);
529 
530 	tmp = left;
531 	left = right;
532 	right = tmp;
533 	right ^= P[1];
534 	left ^= P[0];
535 
536 #ifdef _BIG_ENDIAN
537 	if (IS_P2ALIGNED(out_block, sizeof (uint32_t))) {
538 		/* LINTED:  pointer alignment */
539 		b32 = (uint32_t *)out_block;
540 		b32[0] = left;
541 		b32[1] = right;
542 	} else
543 #endif
544 	{
545 	/* Put the block back into the user's block with final swap */
546 #ifdef UNALIGNED_POINTERS_PERMITTED
547 		*(uint32_t *)(void *)&out_block[0] = htonl(left);
548 		*(uint32_t *)(void *)&out_block[4] = htonl(right);
549 #else
550 		out_block[0] = left >> 24;
551 		out_block[1] = left >> 16;
552 		out_block[2] = left >> 8;
553 		out_block[3] = left;
554 		out_block[4] = right >> 24;
555 		out_block[5] = right >> 16;
556 		out_block[6] = right >> 8;
557 		out_block[7] = right;
558 #endif	/* UNALIGNED_POINTERS_PERMITTED */
559 	}
560 /* EXPORT DELETE END */
561 	return (CRYPTO_SUCCESS);
562 }
563 
564 static void
565 bitrepeat(uint8_t *pattern, uint_t len_bytes, uint_t len_bits, uint8_t *dst,
566     uint_t dst_len_bytes)
567 {
568 /* EXPORT DELETE START */
569 	uint8_t *current = dst;
570 	uint_t bitsleft = dst_len_bytes << 3;
571 	uint_t bitoffset = 0;
572 	uint_t currentbits;
573 	int i;
574 
575 	BLOWFISH_ASSERT(((len_bits + 7) >> 3) == len_bytes);
576 
577 	bzero(dst, dst_len_bytes);
578 
579 	while (bitsleft != 0) {
580 		if (bitsleft >= len_bits) {
581 			currentbits = len_bits;
582 
583 			for (i = 0; i < len_bytes; i++) {
584 				if (currentbits >= 8) {
585 					*current++ |= pattern[i] >> bitoffset;
586 					*current |= pattern[i] << 8 - bitoffset;
587 					currentbits -= 8;
588 				} else {
589 					*current |= pattern[i] >> bitoffset;
590 					bitoffset = bitoffset + currentbits;
591 					bitoffset &= 0x7;
592 					if (bitoffset == 0)
593 						current++;
594 				}
595 			}
596 			bitsleft -= len_bits;
597 		} else {
598 			currentbits = bitsleft;
599 
600 			for (i = 0; i < len_bytes && bitsleft != 0; i++) {
601 				if (currentbits >= 8 &&
602 				    current < dst + dst_len_bytes) {
603 					*current++ |= pattern[i] >> bitoffset;
604 					*current |= pattern[i] << 8 - bitoffset;
605 					currentbits -= 8;
606 					bitsleft -= 8;
607 				} else {
608 					*current |= pattern[i] >> bitoffset;
609 					bitsleft -= bitoffset;
610 					bitoffset = bitoffset + currentbits;
611 					bitoffset &= 0x7;
612 					if (bitoffset == 0)
613 						current++;
614 					currentbits = 0;
615 				}
616 			}
617 			bitsleft = 0;
618 		}
619 	}
620 /* EXPORT DELETE END */
621 }
622 
623 /*
624  * Initialize key schedules for Blowfish.
625  */
626 void
627 blowfish_init_keysched(uint8_t *key, uint_t bits, void *keysched)
628 {
629 /* EXPORT DELETE START */
630 	keysched_t *newbie = keysched;
631 	uint32_t *P = newbie->ksch_P;
632 	uint32_t *S = newbie->ksch_S;
633 	uint32_t *initp;
634 	uint32_t tmpblock[] = {0, 0};
635 	uint8_t *rawkeybytes = (uint8_t *)P;
636 	int i, slop, copylen;
637 	uintptr_t bytesleft;
638 	uint_t len;
639 
640 	len = CRYPTO_BITS2BYTES(bits);
641 
642 	if ((bits & 0x7) != 0) {
643 		/*
644 		 * Really slow case, bits aren't on a byte boundary.
645 		 * Keep track of individual bits copied over.  :-P
646 		 */
647 		bitrepeat(key, len, bits, rawkeybytes, 72);
648 	} else {
649 		slop = 72 % len;
650 
651 		/* Someone gave us a nice amount (i.e. div by 8) of bits */
652 		while (rawkeybytes != (uint8_t *)(P + 18)) {
653 			bytesleft =
654 			    (uintptr_t)(P + 18) - (uintptr_t)rawkeybytes;
655 			copylen = (bytesleft >= len) ? len : slop;
656 			bcopy(key, rawkeybytes, copylen);
657 			rawkeybytes += copylen;
658 		}
659 	}
660 
661 	for (i = 0; i < 18; i++)
662 		P[i] = ntohl(P[i]) ^ init_P[i];
663 
664 	/* Go bcopy go!  (Hope that Ultra's bcopy is faster than me!) */
665 	bcopy(init_S, S, sizeof (init_S));
666 
667 	/*
668 	 * When initializing P and S boxes, store the results of a single
669 	 * encrypt-block operation in "host order", which on little-endian
670 	 * means byte-swapping.  Fortunately, the ntohl() function does this
671 	 * quite nicely, and it a NOP on big-endian machine.
672 	 */
673 	initp = P;
674 	for (i = 0; i < 9; i++) {
675 		(void) blowfish_encrypt_block(newbie, (uint8_t *)tmpblock,
676 		    (uint8_t *)tmpblock);
677 		*initp++ = ntohl(tmpblock[0]);
678 		*initp++ = ntohl(tmpblock[1]);
679 	}
680 
681 	initp = S;
682 	for (i = 0; i < 512; i++) {
683 		(void) blowfish_encrypt_block(newbie, (uint8_t *)tmpblock,
684 		    (uint8_t *)tmpblock);
685 		*initp++ = ntohl(tmpblock[0]);
686 		*initp++ = ntohl(tmpblock[1]);
687 	}
688 /* EXPORT DELETE END */
689 }
690 
691 /*
692  * Allocate key schedule for Blowfish.
693  */
694 /* ARGSUSED */
695 void *
696 blowfish_alloc_keysched(size_t *size, int kmflag)
697 {
698 /* EXPORT DELETE START */
699 	keysched_t *keysched;
700 
701 #ifdef _KERNEL
702 	keysched = (keysched_t *)kmem_alloc(sizeof (keysched_t), kmflag);
703 #else
704 	keysched = (keysched_t *)malloc(sizeof (keysched_t));
705 #endif /* _KERNEL */
706 	if (keysched != NULL) {
707 		*size = sizeof (keysched_t);
708 		return (keysched);
709 	}
710 /* EXPORT DELETE END */
711 
712 	return (NULL);
713 }
714 
715 void
716 blowfish_copy_block(uint8_t *in, uint8_t *out)
717 {
718 	if (IS_P2ALIGNED(in, sizeof (uint32_t)) &&
719 	    IS_P2ALIGNED(out, sizeof (uint32_t))) {
720 		/* LINTED: pointer alignment */
721 		*(uint32_t *)&out[0] = *(uint32_t *)&in[0];
722 		/* LINTED: pointer alignment */
723 		*(uint32_t *)&out[4] = *(uint32_t *)&in[4];
724 	} else {
725 		BLOWFISH_COPY_BLOCK(in, out);
726 	}
727 }
728 
729 /* XOR block of data into dest */
730 void
731 blowfish_xor_block(uint8_t *data, uint8_t *dst)
732 {
733 	if (IS_P2ALIGNED(dst, sizeof (uint32_t)) &&
734 	    IS_P2ALIGNED(data, sizeof (uint32_t))) {
735 		/* LINTED: pointer alignment */
736 		*(uint32_t *)&dst[0] ^= *(uint32_t *)&data[0];
737 		/* LINTED: pointer alignment */
738 		*(uint32_t *)&dst[4] ^= *(uint32_t *)&data[4];
739 	} else {
740 		BLOWFISH_XOR_BLOCK(data, dst);
741 	}
742 }
743 
744 /*
745  * Encrypt multiple blocks of data according to mode.
746  */
747 int
748 blowfish_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
749     crypto_data_t *out)
750 {
751 	blowfish_ctx_t *blowfish_ctx = ctx;
752 	int rv;
753 
754 	if (blowfish_ctx->bc_flags & CBC_MODE) {
755 		rv = cbc_encrypt_contiguous_blocks(ctx, data, length, out,
756 		    BLOWFISH_BLOCK_LEN, blowfish_encrypt_block,
757 		    blowfish_copy_block, blowfish_xor_block);
758 	} else {
759 		rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
760 		    BLOWFISH_BLOCK_LEN, blowfish_encrypt_block);
761 	}
762 	return (rv);
763 }
764 
765 /*
766  * Decrypt multiple blocks of data according to mode.
767  */
768 int
769 blowfish_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
770     crypto_data_t *out)
771 {
772 	blowfish_ctx_t *blowfish_ctx = ctx;
773 	int rv;
774 
775 	if (blowfish_ctx->bc_flags & CBC_MODE) {
776 		rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out,
777 		    BLOWFISH_BLOCK_LEN, blowfish_decrypt_block,
778 		    blowfish_copy_block, blowfish_xor_block);
779 	} else {
780 		rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
781 		    BLOWFISH_BLOCK_LEN, blowfish_decrypt_block);
782 		if (rv == CRYPTO_DATA_LEN_RANGE)
783 			rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
784 	}
785 	return (rv);
786 }
787