blowfish.c

这是一个同样来自贝尔实验室的和UNIX有着渊源的操作系统, 其简洁的设计和实现易于我们学习和理解

#include "os.h"
#include <mp.h>
#include <libsec.h>

// Blowfish block cipher.  See:
// 	Lecture Notes in Computer Science 809
// 	Fast Software Encryption
// 	Cambridge Security Workshop, Cambridge, England (1993)

static u32int sbox[1024];
static u32int pbox[BFrounds+2];

static void bfencrypt(u32int *, BFstate *);
static void bfdecrypt(u32int *, BFstate *);

void
setupBFstate(BFstate *s, uchar key[], int keybytes, uchar *ivec)
{
	int i, j;
	u32int n, buf[2];

	memset(s, 0, sizeof(*s));
	memset(buf, 0, sizeof buf);

	if (keybytes > sizeof(s->key))
		keybytes = sizeof(s->key);

	memmove(s->key, key, keybytes);

	if (ivec != nil)
		memmove(s->ivec, ivec, sizeof(s->ivec));
	else
		memset(s->ivec, 0, sizeof(s->ivec));
		
	memmove(s->pbox, pbox, sizeof(pbox));
	memmove(s->sbox, sbox, sizeof(sbox));

	if (keybytes > 4*(BFrounds + 2))
		keybytes = 4*(BFrounds + 2);

	for(i=j=0; i < BFrounds+2; i++) {
		n = key[j];
		j = (j+1) % keybytes;

		n <<= 8;
		n |= key[j];
		j = (j+1) % keybytes;

		n <<= 8;
		n |= key[j];
		j = (j+1) % keybytes;

		n <<= 8;
		n |= key[j];
		j = (j+1) % keybytes;

		s->pbox[i] ^= n;
	}

	for(i=0; i < BFrounds+2; i += 2) {
		bfencrypt(buf, s);
		s->pbox[i] = buf[0];
		s->pbox[i+1] = buf[1];
	}

	for(i=0; i < 1024; i += 2) {
		bfencrypt(buf, s);
		s->sbox[i] = buf[0];
		s->sbox[i+1] = buf[1];
	}

	s->setup = 0xcafebabe;
}

void
bfCBCencrypt(uchar *buf, int n, BFstate *s)
{
	int i;
	uchar *p;
	u32int bo[2], bi[2], b;

	assert((n & 7) == 0);

	bo[0] =  s->ivec[0] | ((u32int) s->ivec[1]<<8) | ((u32int)s->ivec[2]<<16) | ((u32int)s->ivec[3]<<24);
	bo[1] =  s->ivec[4] | ((u32int) s->ivec[5]<<8) | ((u32int)s->ivec[6]<<16) | ((u32int)s->ivec[7]<<24);

	for(i=0; i < n; i += 8, buf += 8) {
		bi[0] =  buf[0] | ((u32int) buf[1]<<8) | ((u32int)buf[2]<<16) | ((u32int)buf[3]<<24);
		bi[1] =  buf[4] | ((u32int) buf[5]<<8) | ((u32int)buf[6]<<16) | ((u32int)buf[7]<<24);

		bi[0] ^= bo[0];
		bi[1] ^= bo[1];

		bfencrypt(bi, s);

		bo[0] = bi[0];
		bo[1] = bi[1];

		p = buf;
		b = bo[0];
		*p++ = b;
		b >>= 8;
		*p++ = b;
		b >>= 8;
		*p++ = b;
		b >>= 8;
		*p++ = b;

		b = bo[1];
		*p++ = b;
		b >>= 8;
		*p++ = b;
		b >>= 8;
		*p++ = b;
		b >>= 8;
		*p = b;
	}

	s->ivec[7] = bo[1] >> 24;
	s->ivec[6] = bo[1] >> 16;
	s->ivec[5] = bo[1] >> 8;
	s->ivec[4] = bo[1];

	s->ivec[3] = bo[0] >> 24;
	s->ivec[2] = bo[0] >> 16;
	s->ivec[1] = bo[0] >> 8;
	s->ivec[0] = bo[0];

	return;
}

void
bfCBCdecrypt(uchar *buf, int n, BFstate *s)
{
	int i;
	uchar *p;
	u32int b, bo[2], bi[2], xr[2];

	assert((n & 7) == 0);

	bo[0] =  s->ivec[0] | ((u32int) s->ivec[1]<<8) | ((u32int)s->ivec[2]<<16) | ((u32int)s->ivec[3]<<24);
	bo[1] =  s->ivec[4] | ((u32int) s->ivec[5]<<8) | ((u32int)s->ivec[6]<<16) | ((u32int)s->ivec[7]<<24);

	for(i=0; i < n; i += 8, buf += 8) {
		bi[0] =  buf[0] | ((u32int) buf[1]<<8) | ((u32int)buf[2]<<16) | ((u32int)buf[3]<<24);
		bi[1] =  buf[4] | ((u32int) buf[5]<<8) | ((u32int)buf[6]<<16) | ((u32int)buf[7]<<24);

		xr[0] = bi[0];
		xr[1] = bi[1];

		bfdecrypt(bi, s);

		bo[0] ^= bi[0];
		bo[1] ^= bi[1];

		p = buf;
		b = bo[0];
		*p++ = b;
		b >>= 8;
		*p++ = b;
		b >>= 8;
		*p++ = b;
		b >>= 8;
		*p++ = b;

		b = bo[1];
		*p++ = b;
		b >>= 8;
		*p++ = b;
		b >>= 8;
		*p++ = b;
		b >>= 8;
		*p = b;

		bo[0] = xr[0];
		bo[1] = xr[1];
	}

	s->ivec[7] = bo[1] >> 24;
	s->ivec[6] = bo[1] >> 16;
	s->ivec[5] = bo[1] >> 8;
	s->ivec[4] = bo[1];

	s->ivec[3] = bo[0] >> 24;
	s->ivec[2] = bo[0] >> 16;
	s->ivec[1] = bo[0] >> 8;
	s->ivec[0] = bo[0];

	return;
}

void
bfECBencrypt(uchar *buf, int n, BFstate *s)
{
	int i;
	u32int b[2];

	for(i=0; i < n; i += 8, buf += 8) {
		b[0] =  buf[0] | ((u32int) buf[1]<<8) | ((u32int)buf[2]<<16) | ((u32int)buf[3]<<24);
		b[1] =  buf[4] | ((u32int) buf[5]<<8) | ((u32int)buf[6]<<16) | ((u32int)buf[7]<<24);

		bfencrypt(b, s);

		buf[7] = b[1] >> 24;
		buf[6] = b[1] >> 16;
		buf[5] = b[1] >> 8;
		buf[4] = b[1];

		buf[3] = b[0] >> 24;
		buf[2] = b[0] >> 16;
		buf[1] = b[0] >> 8;
		buf[0] = b[0];
	}

	return;
}

void
bfECBdecrypt(uchar *buf, int n, BFstate *s)
{
	int i;
	u32int b[2];

	for(i=0; i < n; i += 8, buf += 8) {
		b[0] =  buf[0] | ((u32int) buf[1]<<8) | ((u32int)buf[2]<<16) | ((u32int)buf[3]<<24);
		b[1] =  buf[4] | ((u32int) buf[5]<<8) | ((u32int)buf[6]<<16) | ((u32int)buf[7]<<24);

		bfdecrypt(b, s);

		buf[7] = b[1] >> 24;
		buf[6] = b[1] >> 16;
		buf[5] = b[1] >> 8;
		buf[4] = b[1];

		buf[3] = b[0] >> 24;
		buf[2] = b[0] >> 16;
		buf[1] = b[0] >> 8;
		buf[0] = b[0];
	}

	return;		
}

static void
bfencrypt(u32int *b, BFstate *s)
{
	int i;
	u32int l, r;
	u32int *pb, *sb;

	l = b[0];
	r = b[1];

	pb = s->pbox;
	sb = s->sbox;

	l ^= pb[0];

	for(i=1; i<16; i += 2) {
		r ^= pb[i];
		r ^= ( (sb[ (uchar) (l>>24)] + sb[256 + ((uchar) (l>>16))]) ^  
			sb[512 + ((uchar) (l>>8))]) + sb[768 +((uchar) l)];

		l ^= pb[i+1];
		l ^= ( (sb[ (uchar) (r>>24)] + sb[256 + ((uchar) (r>>16))]) ^  
			sb[512 + ((uchar) (r>>8))]) + sb[768 +((uchar) r)];
	}

	r ^= pb[BFrounds+1];

	/* sic */
	b[0] = r;
	b[1] = l;

	return;
}

static void
bfdecrypt(u32int *b, BFstate *s)
{
	int i;
	u32int l, r;
	u32int *pb, *sb;

	l = b[0];
	r = b[1];

	pb = s->pbox;
	sb = s->sbox;