blowfish.cpp

KeePassX用于保护密码的安全

	R(xr, xl, 13, p, s0, s1, s2, s3);
	R(xl, xr, 14, p, s0, s1, s2, s3);
	R(xr, xl, 15, p, s0, s1, s2, s3);

	xl ^= p[BLOWFISH_ROUNDS];
	xr ^= p[BLOWFISH_ROUNDS + 1];

	*ret_xl = xr;
	*ret_xr = xl;

#else
	uint32_t xl, xr, temp, *p;
	int i;

	xl = *ret_xl;
	xr = *ret_xr;
	p = bc.p;

	for (i = 0; i < BLOWFISH_ROUNDS; i++) {
		xl ^= p[i];
		xr ^= function_F(xl);
		temp = xl;
		xl = xr;
		xr = temp;
	}
	temp = xl;
	xl = xr;
	xr = temp;

	xr ^= p[BLOWFISH_ROUNDS];
	xl ^= p[BLOWFISH_ROUNDS + 1];

	*ret_xl = xl;
	*ret_xr = xr;
#endif
}

void Blowfish::do_decrypt(uint32_t * ret_xl, uint32_t * ret_xr)
{
#if BLOWFISH_ROUNDS == 16
	uint32_t xl, xr, *s0, *s1, *s2, *s3, *p;

	xl = *ret_xl;
	xr = *ret_xr;
	p = bc.p;
	s0 = bc.s0;
	s1 = bc.s1;
	s2 = bc.s2;
	s3 = bc.s3;

	R(xl, xr, 17, p, s0, s1, s2, s3);
	R(xr, xl, 16, p, s0, s1, s2, s3);
	R(xl, xr, 15, p, s0, s1, s2, s3);
	R(xr, xl, 14, p, s0, s1, s2, s3);
	R(xl, xr, 13, p, s0, s1, s2, s3);
	R(xr, xl, 12, p, s0, s1, s2, s3);
	R(xl, xr, 11, p, s0, s1, s2, s3);
	R(xr, xl, 10, p, s0, s1, s2, s3);
	R(xl, xr, 9, p, s0, s1, s2, s3);
	R(xr, xl, 8, p, s0, s1, s2, s3);
	R(xl, xr, 7, p, s0, s1, s2, s3);
	R(xr, xl, 6, p, s0, s1, s2, s3);
	R(xl, xr, 5, p, s0, s1, s2, s3);
	R(xr, xl, 4, p, s0, s1, s2, s3);
	R(xl, xr, 3, p, s0, s1, s2, s3);
	R(xr, xl, 2, p, s0, s1, s2, s3);

	xl ^= p[1];
	xr ^= p[0];

	*ret_xl = xr;
	*ret_xr = xl;

#else
	uint32_t xl, xr, temp, *p;
	int i;

	xl = *ret_xl;
	xr = *ret_xr;
	p = bc.p;

	for (i = BLOWFISH_ROUNDS + 1; i > 1; i--) {
		xl ^= p[i];
		xr ^= function_F(xl);
		temp = xl;
		xl = xr;
		xr = temp;
	}

	temp = xl;
	xl = xr;
	xr = temp;

	xr ^= p[1];
	xl ^= p[0];

	*ret_xl = xl;
	*ret_xr = xr;
#endif
}

void Blowfish::do_encrypt_block(byte * outbuf, byte * inbuf)
{
	uint32_t d1, d2;

	d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
	d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
	do_encrypt(&d1, &d2);
	outbuf[0] = (d1 >> 24) & 0xff;
	outbuf[1] = (d1 >> 16) & 0xff;
	outbuf[2] = (d1 >> 8) & 0xff;
	outbuf[3] = d1 & 0xff;
	outbuf[4] = (d2 >> 24) & 0xff;
	outbuf[5] = (d2 >> 16) & 0xff;
	outbuf[6] = (d2 >> 8) & 0xff;
	outbuf[7] = d2 & 0xff;
}

void Blowfish::encrypt_block(byte * outbuf, byte * inbuf)
{
	do_encrypt_block(outbuf, inbuf);
	burn_stack(64);
}

void Blowfish::do_decrypt_block(byte * outbuf, byte * inbuf)
{
	uint32_t d1, d2;

	d1 = inbuf[0] << 24 | inbuf[1] << 16 | inbuf[2] << 8 | inbuf[3];
	d2 = inbuf[4] << 24 | inbuf[5] << 16 | inbuf[6] << 8 | inbuf[7];
	do_decrypt(&d1, &d2);
	outbuf[0] = (d1 >> 24) & 0xff;
	outbuf[1] = (d1 >> 16) & 0xff;
	outbuf[2] = (d1 >> 8) & 0xff;
	outbuf[3] = d1 & 0xff;
	outbuf[4] = (d2 >> 24) & 0xff;
	outbuf[5] = (d2 >> 16) & 0xff;
	outbuf[6] = (d2 >> 8) & 0xff;
	outbuf[7] = d2 & 0xff;
}

void Blowfish::decrypt_block(byte * outbuf, byte * inbuf)
{
	do_decrypt_block(outbuf, inbuf);
	burn_stack(64);
}

int Blowfish::do_bf_setkey(byte * key, unsigned int keylen)
{
	int i, j;
	uint32_t data, datal, datar;

	for (i = 0; i < BLOWFISH_ROUNDS + 2; ++i)
		bc.p[i] = ps[i];
	for (i = 0; i < 256; ++i) {
		bc.s0[i] = ks0[i];
		bc.s1[i] = ks1[i];
		bc.s2[i] = ks2[i];
		bc.s3[i] = ks3[i];
	}

	for (i = j = 0; i < BLOWFISH_ROUNDS + 2; ++i) {
#ifdef KEEPASS_BIG_ENDIAN
		((byte *) & data)[0] = key[j];
		((byte *) & data)[1] = key[(j + 1) % keylen];
		((byte *) & data)[2] = key[(j + 2) % keylen];
		((byte *) & data)[3] = key[(j + 3) % keylen];
#else
		((byte *) & data)[3] = key[j];
		((byte *) & data)[2] = key[(j + 1) % keylen];
		((byte *) & data)[1] = key[(j + 2) % keylen];
		((byte *) & data)[0] = key[(j + 3) % keylen];
#endif
		bc.p[i] ^= data;
		j = (j + 4) % keylen;
	}

	datal = datar = 0;
	for (i = 0; i < BLOWFISH_ROUNDS + 2; i += 2) {
		do_encrypt(&datal, &datar);
		bc.p[i] = datal;
		bc.p[i + 1] = datar;
	}
	for (i = 0; i < 256; i += 2) {
		do_encrypt(&datal, &datar);
		bc.s0[i] = datal;
		bc.s0[i + 1] = datar;
	}
	for (i = 0; i < 256; i += 2) {
		do_encrypt(&datal, &datar);
		bc.s1[i] = datal;
		bc.s1[i + 1] = datar;
	}
	for (i = 0; i < 256; i += 2) {
		do_encrypt(&datal, &datar);
		bc.s2[i] = datal;
		bc.s2[i + 1] = datar;
	}
	for (i = 0; i < 256; i += 2) {
		do_encrypt(&datal, &datar);
		bc.s3[i] = datal;
		bc.s3[i + 1] = datar;
	}

	/* Check for weak key.  A weak key is a key in which a value in */
	/* the P-array (here c) occurs more than once per table.        */
	for (i = 0; i < 255; ++i) {
		for (j = i + 1; j < 256; ++j) {
			if ((bc.s0[i] == bc.s0[j]) || (bc.s1[i] == bc.s1[j]) ||
			    (bc.s2[i] == bc.s2[j]) || (bc.s3[i] == bc.s3[j]))
				return 1;
		}
	}

	return 0;
}

int Blowfish::bf_setkey(byte * key, unsigned int keylen)
{
	int rc = do_bf_setkey(key, keylen);
	burn_stack(64);
	return rc;
}

int Blowfish::bf_encrypt(byte * outbuf, byte * inbuf, unsigned int inbuf_len)
{
	if (inbuf_len % 8)
		return 1;

	unsigned int i = 0;
	while (i < inbuf_len) {
		encrypt_block(outbuf + i, inbuf + i);
		i += 8;
	}
	return 0;
}

int Blowfish::bf_decrypt(byte * outbuf, byte * inbuf, unsigned int inbuf_len)
{
	if (inbuf_len % 8)
		return 1;

	unsigned int i = 0;
	while (i < inbuf_len) {
		decrypt_block(outbuf + i, inbuf + i);
		i += 8;
	}
	return 0;
}

void Blowfish::padNull(string *buf)
{
	buf->append(1, (char)0x01);
	string::size_type append_null = 8 - (buf->length() % 8);
	buf->append(append_null, (char)0x00);
}

bool Blowfish::unpadNull(string *buf)
{
	if (buf->size() % 8)
		return false;
	string::size_type pos = buf->length() - 1;
	while ((*buf)[pos] != (char)0x01) {
		if (pos == 0)
			return false;
		--pos;
	}
	buf->erase(pos, buf->length() - pos);
	return true;
}