git ssb

0+

dangerousbeans / %aPBe2k3ugtjBr4rrsU1…



Tree: ae87ba58f416c1874af79af3b07e26073441c010

Files: ae87ba58f416c1874af79af3b07e26073441c010 / ext / mri / crypt_blowfish.c

26598 bytesRaw
1/*
2 * This code comes from John the Ripper password cracker, with reentrant
3 * and crypt(3) interfaces added, but optimizations specific to password
4 * cracking removed.
5 *
6 * Written by Solar Designer <solar at openwall.com> in 1998-2002 and
7 * placed in the public domain.  Quick self-test added in 2011 and also
8 * placed in the public domain.
9 *
10 * There's absolutely no warranty.
11 *
12 * It is my intent that you should be able to use this on your system,
13 * as a part of a software package, or anywhere else to improve security,
14 * ensure compatibility, or for any other purpose.  I would appreciate
15 * it if you give credit where it is due and keep your modifications in
16 * the public domain as well, but I don't require that in order to let
17 * you place this code and any modifications you make under a license
18 * of your choice.
19 *
20 * This implementation is compatible with OpenBSD bcrypt.c (version 2a)
21 * by Niels Provos <provos at citi.umich.edu>, and uses some of his
22 * ideas.  The password hashing algorithm was designed by David Mazieres
23 * <dm at lcs.mit.edu>.
24 *
25 * There's a paper on the algorithm that explains its design decisions:
26 *
27 *	http://www.usenix.org/events/usenix99/provos.html
28 *
29 * Some of the tricks in BF_ROUND might be inspired by Eric Young's
30 * Blowfish library (I can't be sure if I would think of something if I
31 * hadn't seen his code).
32 */
33
34#include <string.h>
35
36#include <errno.h>
37#ifndef __set_errno
38#define __set_errno(val) errno = (val)
39#endif
40
41#undef __CONST
42#ifdef __GNUC__
43#define __CONST __const
44#else
45#define __CONST
46#endif
47
48/*
49 * Please keep this enabled.  We really don't want incompatible hashes to be
50 * produced.  The performance cost of this quick self-test is around 0.6% at
51 * the "$2a$08" setting.
52 */
53#define BF_SELF_TEST
54
55#ifdef __i386__
56#define BF_ASM				1
57#define BF_SCALE			1
58#elif defined(__x86_64__) || defined(__alpha__) || defined(__hppa__)
59#define BF_ASM				0
60#define BF_SCALE			1
61#else
62#define BF_ASM				0
63#define BF_SCALE			0
64#endif
65
66typedef unsigned int BF_word;
67typedef signed int BF_word_signed;
68
69/* Number of Blowfish rounds, this is also hardcoded into a few places */
70#define BF_N				16
71
72typedef BF_word BF_key[BF_N + 2];
73
74typedef struct {
75	BF_word S[4][0x100];
76	BF_key P;
77} BF_ctx;
78
79/*
80 * Magic IV for 64 Blowfish encryptions that we do at the end.
81 * The string is "OrpheanBeholderScryDoubt" on big-endian.
82 */
83static BF_word BF_magic_w[6] = {
84	0x4F727068, 0x65616E42, 0x65686F6C,
85	0x64657253, 0x63727944, 0x6F756274
86};
87
88/*
89 * P-box and S-box tables initialized with digits of Pi.
90 */
91static BF_ctx BF_init_state = {
92	{
93		{
94			0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
95			0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
96			0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
97			0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
98			0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
99			0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
100			0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
101			0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
102			0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
103			0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
104			0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
105			0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
106			0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
107			0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
108			0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
109			0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
110			0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
111			0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
112			0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
113			0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
114			0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
115			0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
116			0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
117			0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
118			0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
119			0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
120			0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
121			0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
122			0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
123			0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
124			0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
125			0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
126			0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
127			0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
128			0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
129			0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
130			0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
131			0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
132			0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
133			0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
134			0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
135			0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
136			0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
137			0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
138			0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
139			0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
140			0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
141			0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
142			0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
143			0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
144			0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
145			0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
146			0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
147			0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
148			0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
149			0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
150			0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
151			0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
152			0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
153			0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
154			0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
155			0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
156			0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
157			0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a
158		}, {
159			0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
160			0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
161			0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
162			0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
163			0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
164			0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
165			0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
166			0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
167			0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
168			0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
169			0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
170			0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
171			0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
172			0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
173			0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
174			0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
175			0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
176			0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
177			0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
178			0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
179			0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
180			0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
181			0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
182			0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
183			0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
184			0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
185			0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
186			0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
187			0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
188			0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
189			0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
190			0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
191			0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
192			0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
193			0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
194			0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
195			0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
196			0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
197			0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
198			0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
199			0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
200			0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
201			0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
202			0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
203			0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
204			0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
205			0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
206			0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
207			0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
208			0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
209			0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
210			0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
211			0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
212			0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
213			0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
214			0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
215			0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
216			0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
217			0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
218			0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
219			0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
220			0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
221			0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
222			0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7
223		}, {
224			0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
225			0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
226			0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
227			0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
228			0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
229			0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
230			0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
231			0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
232			0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
233			0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
234			0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
235			0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
236			0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
237			0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
238			0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
239			0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
240			0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
241			0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
242			0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
243			0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
244			0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
245			0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
246			0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
247			0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
248			0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
249			0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
250			0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
251			0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
252			0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
253			0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
254			0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
255			0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
256			0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
257			0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
258			0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
259			0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
260			0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
261			0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
262			0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
263			0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
264			0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
265			0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
266			0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
267			0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
268			0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
269			0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
270			0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
271			0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
272			0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
273			0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
274			0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
275			0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
276			0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
277			0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
278			0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
279			0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
280			0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
281			0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
282			0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
283			0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
284			0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
285			0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
286			0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
287			0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0
288		}, {
289			0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
290			0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
291			0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
292			0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
293			0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
294			0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
295			0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
296			0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
297			0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
298			0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
299			0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
300			0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
301			0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
302			0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
303			0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
304			0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
305			0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
306			0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
307			0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
308			0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
309			0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
310			0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
311			0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
312			0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
313			0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
314			0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
315			0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
316			0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
317			0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
318			0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
319			0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
320			0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
321			0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
322			0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
323			0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
324			0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
325			0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
326			0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
327			0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
328			0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
329			0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
330			0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
331			0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
332			0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
333			0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
334			0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
335			0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
336			0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
337			0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
338			0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
339			0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
340			0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
341			0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
342			0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
343			0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
344			0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
345			0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
346			0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
347			0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
348			0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
349			0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
350			0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
351			0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
352			0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
353		}
354	}, {
355		0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
356		0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
357		0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
358		0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
359		0x9216d5d9, 0x8979fb1b
360	}
361};
362
363static unsigned char BF_itoa64[64 + 1] =
364	"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
365
366static unsigned char BF_atoi64[0x60] = {
367	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 0, 1,
368	54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 64, 64, 64, 64, 64,
369	64, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
370	17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 64, 64, 64, 64, 64,
371	64, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42,
372	43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 64, 64, 64, 64, 64
373};
374
375/*
376 * This may be optimized out if built with function inlining and no BF_ASM.
377 */
378static void clean(void *data, int size)
379{
380#if BF_ASM
381	extern void _BF_clean(void *data);
382#endif
383	memset(data, 0, size);
384#if BF_ASM
385	_BF_clean(data);
386#endif
387}
388
389#define BF_safe_atoi64(dst, src) \
390{ \
391	tmp = (unsigned char)(src); \
392	if ((unsigned int)(tmp -= 0x20) >= 0x60) return -1; \
393	tmp = BF_atoi64[tmp]; \
394	if (tmp > 63) return -1; \
395	(dst) = tmp; \
396}
397
398static int BF_decode(BF_word *dst, __CONST char *src, int size)
399{
400	unsigned char *dptr = (unsigned char *)dst;
401	unsigned char *end = dptr + size;
402	unsigned char *sptr = (unsigned char *)src;
403	unsigned int tmp, c1, c2, c3, c4;
404
405	do {
406		BF_safe_atoi64(c1, *sptr++);
407		BF_safe_atoi64(c2, *sptr++);
408		*dptr++ = (c1 << 2) | ((c2 & 0x30) >> 4);
409		if (dptr >= end) break;
410
411		BF_safe_atoi64(c3, *sptr++);
412		*dptr++ = ((c2 & 0x0F) << 4) | ((c3 & 0x3C) >> 2);
413		if (dptr >= end) break;
414
415		BF_safe_atoi64(c4, *sptr++);
416		*dptr++ = ((c3 & 0x03) << 6) | c4;
417	} while (dptr < end);
418
419	return 0;
420}
421
422static void BF_encode(char *dst, __CONST BF_word *src, int size)
423{
424	unsigned char *sptr = (unsigned char *)src;
425	unsigned char *end = sptr + size;
426	unsigned char *dptr = (unsigned char *)dst;
427	unsigned int c1, c2;
428
429	do {
430		c1 = *sptr++;
431		*dptr++ = BF_itoa64[c1 >> 2];
432		c1 = (c1 & 0x03) << 4;
433		if (sptr >= end) {
434			*dptr++ = BF_itoa64[c1];
435			break;
436		}
437
438		c2 = *sptr++;
439		c1 |= c2 >> 4;
440		*dptr++ = BF_itoa64[c1];
441		c1 = (c2 & 0x0f) << 2;
442		if (sptr >= end) {
443			*dptr++ = BF_itoa64[c1];
444			break;
445		}
446
447		c2 = *sptr++;
448		c1 |= c2 >> 6;
449		*dptr++ = BF_itoa64[c1];
450		*dptr++ = BF_itoa64[c2 & 0x3f];
451	} while (sptr < end);
452}
453
454static void BF_swap(BF_word *x, int count)
455{
456	static int endianness_check = 1;
457	char *is_little_endian = (char *)&endianness_check;
458	BF_word tmp;
459
460	if (*is_little_endian)
461	do {
462		tmp = *x;
463		tmp = (tmp << 16) | (tmp >> 16);
464		*x++ = ((tmp & 0x00FF00FF) << 8) | ((tmp >> 8) & 0x00FF00FF);
465	} while (--count);
466}
467
468#if BF_SCALE
469/* Architectures which can shift addresses left by 2 bits with no extra cost */
470#define BF_ROUND(L, R, N) \
471	tmp1 = L & 0xFF; \
472	tmp2 = L >> 8; \
473	tmp2 &= 0xFF; \
474	tmp3 = L >> 16; \
475	tmp3 &= 0xFF; \
476	tmp4 = L >> 24; \
477	tmp1 = data.ctx.S[3][tmp1]; \
478	tmp2 = data.ctx.S[2][tmp2]; \
479	tmp3 = data.ctx.S[1][tmp3]; \
480	tmp3 += data.ctx.S[0][tmp4]; \
481	tmp3 ^= tmp2; \
482	R ^= data.ctx.P[N + 1]; \
483	tmp3 += tmp1; \
484	R ^= tmp3;
485#else
486/* Architectures with no complicated addressing modes supported */
487#define BF_INDEX(S, i) \
488	(*((BF_word *)(((unsigned char *)S) + (i))))
489#define BF_ROUND(L, R, N) \
490	tmp1 = L & 0xFF; \
491	tmp1 <<= 2; \
492	tmp2 = L >> 6; \
493	tmp2 &= 0x3FC; \
494	tmp3 = L >> 14; \
495	tmp3 &= 0x3FC; \
496	tmp4 = L >> 22; \
497	tmp4 &= 0x3FC; \
498	tmp1 = BF_INDEX(data.ctx.S[3], tmp1); \
499	tmp2 = BF_INDEX(data.ctx.S[2], tmp2); \
500	tmp3 = BF_INDEX(data.ctx.S[1], tmp3); \
501	tmp3 += BF_INDEX(data.ctx.S[0], tmp4); \
502	tmp3 ^= tmp2; \
503	R ^= data.ctx.P[N + 1]; \
504	tmp3 += tmp1; \
505	R ^= tmp3;
506#endif
507
508/*
509 * Encrypt one block, BF_N is hardcoded here.
510 */
511#define BF_ENCRYPT \
512	L ^= data.ctx.P[0]; \
513	BF_ROUND(L, R, 0); \
514	BF_ROUND(R, L, 1); \
515	BF_ROUND(L, R, 2); \
516	BF_ROUND(R, L, 3); \
517	BF_ROUND(L, R, 4); \
518	BF_ROUND(R, L, 5); \
519	BF_ROUND(L, R, 6); \
520	BF_ROUND(R, L, 7); \
521	BF_ROUND(L, R, 8); \
522	BF_ROUND(R, L, 9); \
523	BF_ROUND(L, R, 10); \
524	BF_ROUND(R, L, 11); \
525	BF_ROUND(L, R, 12); \
526	BF_ROUND(R, L, 13); \
527	BF_ROUND(L, R, 14); \
528	BF_ROUND(R, L, 15); \
529	tmp4 = R; \
530	R = L; \
531	L = tmp4 ^ data.ctx.P[BF_N + 1];
532
533#if BF_ASM
534#define BF_body() \
535	_BF_body_r(&data.ctx);
536#else
537#define BF_body() \
538	L = R = 0; \
539	ptr = data.ctx.P; \
540	do { \
541		ptr += 2; \
542		BF_ENCRYPT; \
543		*(ptr - 2) = L; \
544		*(ptr - 1) = R; \
545	} while (ptr < &data.ctx.P[BF_N + 2]); \
546\
547	ptr = data.ctx.S[0]; \
548	do { \
549		ptr += 2; \
550		BF_ENCRYPT; \
551		*(ptr - 2) = L; \
552		*(ptr - 1) = R; \
553	} while (ptr < &data.ctx.S[3][0xFF]);
554#endif
555
556static void BF_set_key(__CONST char *key, BF_key expanded, BF_key initial,
557    int sign_extension_bug)
558{
559	__CONST char *ptr = key;
560	int i, j;
561	BF_word tmp;
562
563	for (i = 0; i < BF_N + 2; i++) {
564		tmp = 0;
565		for (j = 0; j < 4; j++) {
566			tmp <<= 8;
567			if (sign_extension_bug)
568				tmp |= (BF_word_signed)(signed char)*ptr;
569			else
570				tmp |= (unsigned char)*ptr;
571
572			if (!*ptr) ptr = key; else ptr++;
573		}
574
575		expanded[i] = tmp;
576		initial[i] = BF_init_state.P[i] ^ tmp;
577	}
578}
579
580static char *BF_crypt(__CONST char *key, __CONST char *setting,
581	char *output, int size,
582	BF_word min)
583{
584#if BF_ASM
585	extern void _BF_body_r(BF_ctx *ctx);
586#endif
587	struct {
588		BF_ctx ctx;
589		BF_key expanded_key;
590		union {
591			BF_word salt[4];
592			BF_word output[6];
593		} binary;
594	} data;
595	BF_word L, R;
596	BF_word tmp1, tmp2, tmp3, tmp4;
597	BF_word *ptr;
598	BF_word count;
599	int i;
600
601	if (size < 7 + 22 + 31 + 1) {
602		__set_errno(ERANGE);
603		return NULL;
604	}
605
606	if (setting[0] != '$' ||
607	    setting[1] != '2' ||
608	    (setting[2] != 'a' && setting[2] != 'x') ||
609	    setting[3] != '$' ||
610	    setting[4] < '0' || setting[4] > '3' ||
611	    setting[5] < '0' || setting[5] > '9' ||
612	    (setting[4] == '3' && setting[5] > '1') ||
613	    setting[6] != '$') {
614		__set_errno(EINVAL);
615		return NULL;
616	}
617
618	count = (BF_word)1 << ((setting[4] - '0') * 10 + (setting[5] - '0'));
619	if (count < min || BF_decode(data.binary.salt, &setting[7], 16)) {
620		clean(data.binary.salt, sizeof(data.binary.salt));
621		__set_errno(EINVAL);
622		return NULL;
623	}
624	BF_swap(data.binary.salt, 4);
625
626	BF_set_key(key, data.expanded_key, data.ctx.P, setting[2] == 'x');
627
628	memcpy(data.ctx.S, BF_init_state.S, sizeof(data.ctx.S));
629
630	L = R = 0;
631	for (i = 0; i < BF_N + 2; i += 2) {
632		L ^= data.binary.salt[i & 2];
633		R ^= data.binary.salt[(i & 2) + 1];
634		BF_ENCRYPT;
635		data.ctx.P[i] = L;
636		data.ctx.P[i + 1] = R;
637	}
638
639	ptr = data.ctx.S[0];
640	do {
641		ptr += 4;
642		L ^= data.binary.salt[(BF_N + 2) & 3];
643		R ^= data.binary.salt[(BF_N + 3) & 3];
644		BF_ENCRYPT;
645		*(ptr - 4) = L;
646		*(ptr - 3) = R;
647
648		L ^= data.binary.salt[(BF_N + 4) & 3];
649		R ^= data.binary.salt[(BF_N + 5) & 3];
650		BF_ENCRYPT;
651		*(ptr - 2) = L;
652		*(ptr - 1) = R;
653	} while (ptr < &data.ctx.S[3][0xFF]);
654
655	do {
656		data.ctx.P[0] ^= data.expanded_key[0];
657		data.ctx.P[1] ^= data.expanded_key[1];
658		data.ctx.P[2] ^= data.expanded_key[2];
659		data.ctx.P[3] ^= data.expanded_key[3];
660		data.ctx.P[4] ^= data.expanded_key[4];
661		data.ctx.P[5] ^= data.expanded_key[5];
662		data.ctx.P[6] ^= data.expanded_key[6];
663		data.ctx.P[7] ^= data.expanded_key[7];
664		data.ctx.P[8] ^= data.expanded_key[8];
665		data.ctx.P[9] ^= data.expanded_key[9];
666		data.ctx.P[10] ^= data.expanded_key[10];
667		data.ctx.P[11] ^= data.expanded_key[11];
668		data.ctx.P[12] ^= data.expanded_key[12];
669		data.ctx.P[13] ^= data.expanded_key[13];
670		data.ctx.P[14] ^= data.expanded_key[14];
671		data.ctx.P[15] ^= data.expanded_key[15];
672		data.ctx.P[16] ^= data.expanded_key[16];
673		data.ctx.P[17] ^= data.expanded_key[17];
674
675		BF_body();
676
677		tmp1 = data.binary.salt[0];
678		tmp2 = data.binary.salt[1];
679		tmp3 = data.binary.salt[2];
680		tmp4 = data.binary.salt[3];
681		data.ctx.P[0] ^= tmp1;
682		data.ctx.P[1] ^= tmp2;
683		data.ctx.P[2] ^= tmp3;
684		data.ctx.P[3] ^= tmp4;
685		data.ctx.P[4] ^= tmp1;
686		data.ctx.P[5] ^= tmp2;
687		data.ctx.P[6] ^= tmp3;
688		data.ctx.P[7] ^= tmp4;
689		data.ctx.P[8] ^= tmp1;
690		data.ctx.P[9] ^= tmp2;
691		data.ctx.P[10] ^= tmp3;
692		data.ctx.P[11] ^= tmp4;
693		data.ctx.P[12] ^= tmp1;
694		data.ctx.P[13] ^= tmp2;
695		data.ctx.P[14] ^= tmp3;
696		data.ctx.P[15] ^= tmp4;
697		data.ctx.P[16] ^= tmp1;
698		data.ctx.P[17] ^= tmp2;
699
700		BF_body();
701	} while (--count);
702
703	for (i = 0; i < 6; i += 2) {
704		L = BF_magic_w[i];
705		R = BF_magic_w[i + 1];
706
707		count = 64;
708		do {
709			BF_ENCRYPT;
710		} while (--count);
711
712		data.binary.output[i] = L;
713		data.binary.output[i + 1] = R;
714	}
715
716	memcpy(output, setting, 7 + 22 - 1);
717	output[7 + 22 - 1] = BF_itoa64[(int)
718		BF_atoi64[(int)setting[7 + 22 - 1] - 0x20] & 0x30];
719
720/* This has to be bug-compatible with the original implementation, so
721 * only encode 23 of the 24 bytes. :-) */
722	BF_swap(data.binary.output, 6);
723	BF_encode(&output[7 + 22], data.binary.output, 23);
724	output[7 + 22 + 31] = '\0';
725
726#ifndef BF_SELF_TEST
727/* Overwrite the most obvious sensitive data we have on the stack.  Note
728 * that this does not guarantee there's no sensitive data left on the
729 * stack and/or in registers; I'm not aware of portable code that does. */
730	clean(&data, sizeof(data));
731#endif
732
733	return output;
734}
735
736char *_crypt_blowfish_rn(__CONST char *key, __CONST char *setting,
737	char *output, int size)
738{
739#ifdef BF_SELF_TEST
740	__CONST char *test_key = "8b \xd0\xc1\xd2\xcf\xcc\xd8";
741	__CONST char *test_2a =
742	    "$2a$00$abcdefghijklmnopqrstuui1D709vfamulimlGcq0qq3UvuUasvEa"
743	    "\0"
744	    "canary";
745	__CONST char *test_2x =
746	    "$2x$00$abcdefghijklmnopqrstuuVUrPmXD6q/nVSSp7pNDhCR9071IfIRe"
747	    "\0"
748	    "canary";
749	__CONST char *test_hash, *p;
750	int ok;
751	char buf[7 + 22 + 31 + 1 + 6 + 1];
752
753	output = BF_crypt(key, setting, output, size, 16);
754
755/* Do a quick self-test.  This also happens to overwrite BF_crypt()'s data. */
756	test_hash = (setting[2] == 'x') ? test_2x : test_2a;
757	memcpy(buf, test_hash, sizeof(buf));
758	memset(buf, -1, sizeof(buf) - (6 + 1)); /* keep "canary" only */
759	p = BF_crypt(test_key, test_hash, buf, sizeof(buf) - 6, 1);
760
761	ok = (p == buf && !memcmp(p, test_hash, sizeof(buf)));
762
763/* This could reveal what hash type we were using last.  Unfortunately, we
764 * can't reliably clean the test_hash pointer. */
765	clean(&buf, sizeof(buf));
766
767	if (ok)
768		return output;
769
770/* Should not happen */
771	__set_errno(EINVAL); /* pretend we don't support this hash type */
772	return NULL;
773#else
774#warning Self-test is disabled, please enable
775	return BF_crypt(key, setting, output, size, 16);
776#endif
777}
778
779char *_crypt_gensalt_blowfish_rn(unsigned long count,
780	__CONST char *input, int size, char *output, int output_size)
781{
782	if (size < 16 || output_size < 7 + 22 + 1 ||
783	    (count && (count < 4 || count > 31))) {
784		if (output_size > 0) output[0] = '\0';
785		__set_errno((output_size < 7 + 22 + 1) ? ERANGE : EINVAL);
786		return NULL;
787	}
788
789	if (!count) count = 5;
790
791	output[0] = '$';
792	output[1] = '2';
793	output[2] = 'a';
794	output[3] = '$';
795	output[4] = '0' + count / 10;
796	output[5] = '0' + count % 10;
797	output[6] = '$';
798
799	BF_encode(&output[7], (BF_word *)input, 16);
800	output[7 + 22] = '\0';
801
802	return output;
803}
804

Built with git-ssb-web