bcrypt_pbkdf-1.1.0/0000755000004100000410000000000013773516117014225 5ustar www-datawww-databcrypt_pbkdf-1.1.0/COPYING0000644000004100000410000000225413773516117015263 0ustar www-datawww-data(The MIT License) Copyright 2007-2016: Miklós Fazekas C implementation of bcrypt_pbkdf: OpenBSD: Copyright (c) 2013 Ted Unangst Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.bcrypt_pbkdf-1.1.0/.travis.yml0000644000004100000410000000017313773516117016337 0ustar www-datawww-datalanguage: ruby arch: - amd64 - ppc64le rvm: - 2.3.0 - 2.4.0 - 2.5.0 - 2.6.0 - 2.7.0 script: bundle exec rake bcrypt_pbkdf-1.1.0/test/0000755000004100000410000000000013773516117015204 5ustar www-datawww-databcrypt_pbkdf-1.1.0/test/bcrypt_pnkdf/0000755000004100000410000000000013773516117017671 5ustar www-datawww-databcrypt_pbkdf-1.1.0/test/bcrypt_pnkdf/engine_test.rb0000644000004100000410000000437513773516117022533 0ustar www-datawww-datarequire 'minitest/autorun' require 'test_helper' # bcrypt_pbkdf in ruby require 'openssl' BCRYPT_BLOCKS = 8 BCRYPT_HASHSIZE = BCRYPT_BLOCKS * 4 def bcrypt_pbkdf(password, salt, keylen, rounds) stride = (keylen + BCRYPT_HASHSIZE - 1) / BCRYPT_HASHSIZE amt = (keylen + stride - 1) / stride sha2pass = OpenSSL::Digest::SHA512.new(password).digest #puts "[RB] sha2pass:#{sha2pass.inspect} #{sha2pass.size}" remlen = keylen countsalt = salt + "\x00"*4 saltlen = salt.size key = "\x00"*keylen # generate key in BCRYPT_HASHSIZE pieces count = 1 while remlen > 0 countsalt[saltlen + 0] = ((count >> 24) & 0xff).chr countsalt[saltlen + 1] = ((count >> 16) & 0xff).chr countsalt[saltlen + 2] = ((count >> 8) & 0xff).chr countsalt[saltlen + 3] = (count & 0xff).chr #puts "[RC] countsalt: #{countsalt.inspect} len:#{countsalt.size}" sha2salt = OpenSSL::Digest::SHA512.new(countsalt).digest tmpout = BCryptPbkdf::Engine::__bc_crypt_hash(sha2pass, sha2salt) out = tmpout.clone #puts "[RB] out: #{out.inspect} keylen:#{remlen} count:#{count}" (1...rounds).each do |i| sha2salt = OpenSSL::Digest::SHA512.new(tmpout).digest tmpout = BCryptPbkdf::Engine::__bc_crypt_hash(sha2pass, sha2salt) out.bytes.each_with_index {|o,j| out.setbyte(j,o ^ tmpout[j].ord) } end amt = [amt, remlen].min (0...amt).each do |i| dest = i * stride + (count -1) key[dest] = out[i] if (dest < keylen) end remlen -= amt count += 1 end key end class TestExt < MiniTest::Unit::TestCase def test_table assert_equal table, table.map{ |p,s,l,r| [p,s,l,r,BCryptPbkdf::Engine::__bc_crypt_pbkdf(p,s,l,r).bytes] } end def test_ruby_and_native_returns_the_same table.each do |p,s,l,r| assert_equal bcrypt_pbkdf(p,s,l,r), BCryptPbkdf::Engine::__bc_crypt_pbkdf(p,s,l,r) assert_equal bcrypt_pbkdf(p,s,l,r), BCryptPbkdf::key(p,s,l,r) end end def table [ ["pass2", "salt2", 12, 2, [214, 14, 48, 162, 131, 206, 121, 176, 50, 104, 231, 252]], ["\u0000\u0001foo", "\u0001\u0002fooo3", 14, 5, [46, 189, 32, 185, 94, 85, 232, 10, 84, 26, 44, 161, 49, 126]], ["doozoasd", "fooo$AS!", 14, 22, [57, 62, 50, 107, 70, 155, 65, 5, 129, 211, 189, 169, 188, 65]] ] end end bcrypt_pbkdf-1.1.0/test/test_helper.rb0000644000004100000410000000011213773516117020041 0ustar www-datawww-data$:.unshift File.expand_path('../../lib', __FILE__) require 'bcrypt_pbkdf' bcrypt_pbkdf-1.1.0/README.md0000644000004100000410000000173113773516117015506 0ustar www-datawww-data# bcrypt_pbkdf-ruby bcrypt_pbkdf is a ruby gem implementing bcrypt_pbkdf from OpenBSD. This is currently used by net-ssh to read password encrypted Ed25519 keys. [![Build Status](https://travis-ci.org/mfazekas/bcrypt_pbkdf-ruby.png?branch=master)](https://travis-ci.org/mfazekas/bcrypt_pbkdf-ruby) # Acknowledgements * The gut of the code is based on OpenBSD's bcrypt_pbkdf.c implementation * Some ideas/code were taken adopted bcrypt-ruby: https://github.com/codahale/bcrypt-ruby # Links: http://www.tedunangst.com/flak/post/bcrypt-pbkdf http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libutil/bcrypt_pbkdf.c?rev=1.13&content-type=text/x-cvsweb-markup # Building For windows cross build make sure you checked out the gem source under the home directory ```sh gem install rake-compiler-dock ``` ```sh bundle exec rake compile bundle exec rake test bundle exec rake clean clobber bundle exec rake gem:windows bundle exec rake release bundle exec rake gem:windows:release ``` bcrypt_pbkdf-1.1.0/CHANGELOG.md0000644000004100000410000000004013773516117016030 0ustar www-datawww-data# 1.0.0.apha1 initial versionbcrypt_pbkdf-1.1.0/Rakefile0000644000004100000410000000317513773516117015700 0ustar www-datawww-datarequire 'rake/testtask' require 'rubygems/package_task' require 'bundler/gem_tasks' require 'rake/extensiontask' require 'rake/clean' require 'rdoc/task' require 'benchmark' CLEAN.include( "tmp", "lib/2.0", "lib/2.1", "lib/2.2", "lib/2.3", "lib/2.4", "lib/2.5", "lib/2.6", "lib/2.7", "lib/3.0", "lib/bcrypt_pbkdf_ext.so" ) CLOBBER.include( "doc", "pkg" ) task 'gem:windows' do require 'rake_compiler_dock' sh "bundle package" # Avoid repeated downloads of gems by using gem files from the host. RakeCompilerDock.sh "bundle && rake cross native gem RUBY_CC_VERSION=3.0.0:2.7.0:2.6.0:2.5.0:2.4.0:2.3.0:2.2.2:2.1.6:2.0.0" end task 'gem:windows:release' do version = Gem::Specification::load("bcrypt_pbkdf.gemspec").version sh "gem push pkg/bcrypt_pbkdf-#{version}-x86-mingw32.gem" sh "gem push pkg/bcrypt_pbkdf-#{version}-x64-mingw32.gem" end GEMSPEC = Gem::Specification.load("bcrypt_pbkdf.gemspec") task :default => [:compile, :spec] desc "Run all tests" Rake::TestTask.new do |t| #t.pattern = t.test_files = FileList['test/**/*_test.rb'] t.ruby_opts = ['-w'] t.libs << "test" t.verbose = true end task :spec => :test desc 'Generate RDoc' RDoc::Task.new do |rdoc| rdoc.rdoc_dir = 'doc/rdoc' rdoc.options += GEMSPEC.rdoc_options rdoc.template = ENV['TEMPLATE'] if ENV['TEMPLATE'] rdoc.rdoc_files.include(*GEMSPEC.extra_rdoc_files) end Gem::PackageTask.new(GEMSPEC) do |pkg| pkg.need_zip = true pkg.need_tar = true end Rake::ExtensionTask.new("bcrypt_pbkdf_ext", GEMSPEC) do |ext| ext.ext_dir = 'ext/mri' ext.cross_compile = true ext.cross_platform = ['x86-mingw32', 'x64-mingw32'] end bcrypt_pbkdf-1.1.0/lib/0000755000004100000410000000000013773516117014773 5ustar www-datawww-databcrypt_pbkdf-1.1.0/lib/bcrypt_pbkdf.rb0000644000004100000410000000130213773516117017765 0ustar www-datawww-databegin RUBY_VERSION =~ /(\d+.\d+)/ require "#{$1}/bcrypt_pbkdf_ext" rescue LoadError require "bcrypt_pbkdf_ext" end module BCryptPbkdf # generates a key from a password + salt returning a string with keylen bytes # that can be used as cryptographic key. # # Remember to get a good random salt of at least 16 bytes. Using a higher # rounds count will increase the cost of an exhaustive search but will also # make derivation proportionally slower. # # Example: # rounds = 10 # keylen = 64 # @key = BCryptPbkdf.key("my secret", "my salt", keylen, rounds) def self.key(pass,salt,keylen,rounds) BCryptPbkdf::Engine::__bc_crypt_pbkdf(pass,salt,keylen,rounds) end end bcrypt_pbkdf-1.1.0/bcrypt_pbkdf.gemspec0000644000004100000410000000176513773516117020254 0ustar www-datawww-dataGem::Specification.new do |s| s.name = 'bcrypt_pbkdf' s.version = '1.1.0' s.summary = "OpenBSD's bcrypt_pbkdf (a variant of PBKDF2 with bcrypt-based PRF)" s.description = <<-EOF This gem implements bcrypt_pbkdf (a variant of PBKDF2 with bcrypt-based PRF) EOF s.files = `git ls-files`.split("\n") s.require_path = 'lib' s.add_development_dependency 'rake-compiler', '~> 1.1.0' s.add_development_dependency 'minitest', '>= 5' s.add_development_dependency 'openssl' s.add_development_dependency 'rdoc', '~> 3.12' s.add_development_dependency 'rake-compiler-dock', '~> 1.0.1' s.has_rdoc = true s.rdoc_options += ['--title', 'bcrypt_pbkdf', '--line-numbers', '--inline-source', '--main', 'README.md'] s.extra_rdoc_files += ['README.md', 'COPYING', 'CHANGELOG.md', *Dir['lib/**/*.rb']] s.extensions = 'ext/mri/extconf.rb' s.authors = ["Miklos Fazekas"] s.email = "mfazekas@szemafor.com" s.homepage = "https://github.com/net-ssh/bcrypt_pbkdf-ruby" s.license = "MIT" end bcrypt_pbkdf-1.1.0/Gemfile0000644000004100000410000000004613773516117015520 0ustar www-datawww-datasource 'https://rubygems.org' gemspec bcrypt_pbkdf-1.1.0/ext/0000755000004100000410000000000013773516117015025 5ustar www-datawww-databcrypt_pbkdf-1.1.0/ext/mri/0000755000004100000410000000000013773516117015614 5ustar www-datawww-databcrypt_pbkdf-1.1.0/ext/mri/crypto_api.h0000644000004100000410000000035313773516117020137 0ustar www-datawww-data#define crypto_hash_sha512_BYTES 64U int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen); int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen);bcrypt_pbkdf-1.1.0/ext/mri/blowfish.c0000644000004100000410000005616213773516117017607 0ustar www-datawww-data/* $OpenBSD: blowfish.c,v 1.19 2015/09/11 09:18:27 guenther Exp $ */ /* * Blowfish block cipher for OpenBSD * Copyright 1997 Niels Provos * All rights reserved. * * Implementation advice by David Mazieres . * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Niels Provos. * 4. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* * This code is derived from section 14.3 and the given source * in section V of Applied Cryptography, second edition. * Blowfish is an unpatented fast block cipher designed by * Bruce Schneier. */ #if 0 #include /* used for debugging */ #include #endif #include #include "blf.h" #undef inline #ifdef __GNUC__ #define inline __inline #else /* !__GNUC__ */ #define inline #endif /* !__GNUC__ */ /* Function for Feistel Networks */ #define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ + (s)[0x100 + (((x)>>16)&0xFF)]) \ ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \ + (s)[0x300 + ( (x) &0xFF)]) #define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) void Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) { u_int32_t Xl; u_int32_t Xr; u_int32_t *s = c->S[0]; u_int32_t *p = c->P; Xl = *xl; Xr = *xr; Xl ^= p[0]; BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2); BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4); BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6); BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8); BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10); BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12); BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14); BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16); *xl = Xr ^ p[17]; *xr = Xl; } DEF_WEAK(Blowfish_encipher); void Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) { u_int32_t Xl; u_int32_t Xr; u_int32_t *s = c->S[0]; u_int32_t *p = c->P; Xl = *xl; Xr = *xr; Xl ^= p[17]; BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15); BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13); BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11); BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9); BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7); BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5); BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3); BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1); *xl = Xr ^ p[0]; *xr = Xl; } DEF_WEAK(Blowfish_decipher); void Blowfish_initstate(blf_ctx *c) { /* P-box and S-box tables initialized with digits of Pi */ static const blf_ctx initstate = { { { 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, { 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, { 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, { 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} }, { 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b } }; *c = initstate; } DEF_WEAK(Blowfish_initstate); u_int32_t Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, u_int16_t *current) { u_int8_t i; u_int16_t j; u_int32_t temp; temp = 0x00000000; j = *current; for (i = 0; i < 4; i++, j++) { if (j >= databytes) j = 0; temp = (temp << 8) | data[j]; } *current = j; return temp; } DEF_WEAK(Blowfish_stream2word); void Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) { u_int16_t i; u_int16_t j; u_int16_t k; u_int32_t temp; u_int32_t datal; u_int32_t datar; j = 0; for (i = 0; i < BLF_N + 2; i++) { /* Extract 4 int8 to 1 int32 from keystream */ temp = Blowfish_stream2word(key, keybytes, &j); c->P[i] = c->P[i] ^ temp; } j = 0; datal = 0x00000000; datar = 0x00000000; for (i = 0; i < BLF_N + 2; i += 2) { Blowfish_encipher(c, &datal, &datar); c->P[i] = datal; c->P[i + 1] = datar; } for (i = 0; i < 4; i++) { for (k = 0; k < 256; k += 2) { Blowfish_encipher(c, &datal, &datar); c->S[i][k] = datal; c->S[i][k + 1] = datar; } } } DEF_WEAK(Blowfish_expand0state); void Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, const u_int8_t *key, u_int16_t keybytes) { u_int16_t i; u_int16_t j; u_int16_t k; u_int32_t temp; u_int32_t datal; u_int32_t datar; j = 0; for (i = 0; i < BLF_N + 2; i++) { /* Extract 4 int8 to 1 int32 from keystream */ temp = Blowfish_stream2word(key, keybytes, &j); c->P[i] = c->P[i] ^ temp; } j = 0; datal = 0x00000000; datar = 0x00000000; for (i = 0; i < BLF_N + 2; i += 2) { datal ^= Blowfish_stream2word(data, databytes, &j); datar ^= Blowfish_stream2word(data, databytes, &j); Blowfish_encipher(c, &datal, &datar); c->P[i] = datal; c->P[i + 1] = datar; } for (i = 0; i < 4; i++) { for (k = 0; k < 256; k += 2) { datal ^= Blowfish_stream2word(data, databytes, &j); datar ^= Blowfish_stream2word(data, databytes, &j); Blowfish_encipher(c, &datal, &datar); c->S[i][k] = datal; c->S[i][k + 1] = datar; } } } DEF_WEAK(Blowfish_expandstate); void blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) { /* Initialize S-boxes and subkeys with Pi */ Blowfish_initstate(c); /* Transform S-boxes and subkeys with key */ Blowfish_expand0state(c, k, len); } DEF_WEAK(blf_key); void blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) { u_int32_t *d; u_int16_t i; d = data; for (i = 0; i < blocks; i++) { Blowfish_encipher(c, d, d + 1); d += 2; } } DEF_WEAK(blf_enc); void blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) { u_int32_t *d; u_int16_t i; d = data; for (i = 0; i < blocks; i++) { Blowfish_decipher(c, d, d + 1); d += 2; } } DEF_WEAK(blf_dec); void blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) { u_int32_t l, r; u_int32_t i; for (i = 0; i < len; i += 8) { l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_encipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; data += 8; } } DEF_WEAK(blf_ecb_encrypt); void blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) { u_int32_t l, r; u_int32_t i; for (i = 0; i < len; i += 8) { l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_decipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; data += 8; } } DEF_WEAK(blf_ecb_decrypt); void blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) { u_int32_t l, r; u_int32_t i, j; for (i = 0; i < len; i += 8) { for (j = 0; j < 8; j++) data[j] ^= iv[j]; l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_encipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; iv = data; data += 8; } } DEF_WEAK(blf_cbc_encrypt); void blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) { u_int32_t l, r; u_int8_t *iv; u_int32_t i, j; iv = data + len - 16; data = data + len - 8; for (i = len - 8; i >= 8; i -= 8) { l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_decipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; for (j = 0; j < 8; j++) data[j] ^= iv[j]; iv -= 8; data -= 8; } l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_decipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; for (j = 0; j < 8; j++) data[j] ^= iva[j]; } DEF_WEAK(blf_cbc_decrypt); #if 0 void report(u_int32_t data[], u_int16_t len) { u_int16_t i; for (i = 0; i < len; i += 2) printf("Block %0hd: %08lx %08lx.\n", i / 2, data[i], data[i + 1]); } void main(void) { blf_ctx c; char key[] = "AAAAA"; char key2[] = "abcdefghijklmnopqrstuvwxyz"; u_int32_t data[10]; u_int32_t data2[] = {0x424c4f57l, 0x46495348l}; u_int16_t i; /* First test */ for (i = 0; i < 10; i++) data[i] = i; blf_key(&c, (u_int8_t *) key, 5); blf_enc(&c, data, 5); blf_dec(&c, data, 1); blf_dec(&c, data + 2, 4); printf("Should read as 0 - 9.\n"); report(data, 10); /* Second test */ blf_key(&c, (u_int8_t *) key2, strlen(key2)); blf_enc(&c, data2, 1); printf("\nShould read as: 0x324ed0fe 0xf413a203.\n"); report(data2, 2); blf_dec(&c, data2, 1); report(data2, 2); } #endifbcrypt_pbkdf-1.1.0/ext/mri/explicit_bzero.c0000644000004100000410000000055513773516117021007 0ustar www-datawww-data/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */ /* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */ /* * Public domain. * Written by Ted Unangst */ #include "includes.h" #ifndef HAVE_EXPLICIT_BZERO /* * explicit_bzero - don't let the compiler optimize away bzero */ void explicit_bzero(void *p, size_t n) { bzero(p, n); } #endif bcrypt_pbkdf-1.1.0/ext/mri/utils.h0000644000004100000410000000016613773516117017130 0ustar www-datawww-data#include #include void explicit_bzero(void *p, size_t n); #define sodium_memzero explicit_bzerobcrypt_pbkdf-1.1.0/ext/mri/util.h0000644000004100000410000000000013773516117016730 0ustar www-datawww-databcrypt_pbkdf-1.1.0/ext/mri/extconf.rb0000644000004100000410000000012213773516117017602 0ustar www-datawww-datarequire "mkmf" dir_config("bcrypt_pbkdf_ext") create_makefile("bcrypt_pbkdf_ext") bcrypt_pbkdf-1.1.0/ext/mri/includes.h0000644000004100000410000000122013773516117017566 0ustar www-datawww-data#ifndef bcrypt_pbkdf_include_h #define bcrypt_pbkdf_include_h #include #include #include #include #if defined(_WIN32) || (defined(__sun) && defined(__SVR4)) typedef uint8_t u_int8_t; typedef uint16_t u_int16_t; typedef uint32_t u_int32_t; #endif #include "blf.h" void explicit_bzero(void *p, size_t n); int bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, uint8_t *key, size_t keylen, unsigned int rounds); void bcrypt_hash(const uint8_t *sha2pass, const uint8_t *sha2salt, uint8_t *out); #define BCRYPT_WORDS 8 #define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) #endifbcrypt_pbkdf-1.1.0/ext/mri/sha2.h0000644000004100000410000000076313773516117016630 0ustar www-datawww-data#include "crypto_hash_sha512.h" #define SHA2_CTX crypto_hash_sha512_state #ifdef SHA512_DIGEST_LENGTH # undef SHA512_DIGEST_LENGTH #endif #define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES inline static void SHA512Init(SHA2_CTX* ctx) { crypto_hash_sha512_init(ctx); } inline static void SHA512Update(SHA2_CTX* ctx, const void *in, size_t inlen) { crypto_hash_sha512_update(ctx, in, inlen); } inline static void SHA512Final(uint8_t* out, SHA2_CTX* ctx) { crypto_hash_sha512_final(ctx, out); } bcrypt_pbkdf-1.1.0/ext/mri/blf.h0000644000004100000410000000701613773516117016534 0ustar www-datawww-data/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */ /* * Blowfish - a fast block cipher designed by Bruce Schneier * * Copyright 1997 Niels Provos * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Niels Provos. * 4. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _BLF_H_ #define _BLF_H_ #include "includes.h" #if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) /* Schneier specifies a maximum key length of 56 bytes. * This ensures that every key bit affects every cipher * bit. However, the subkeys can hold up to 72 bytes. * Warning: For normal blowfish encryption only 56 bytes * of the key affect all cipherbits. */ #define BLF_N 16 /* Number of Subkeys */ #define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */ #define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */ /* Blowfish context */ typedef struct BlowfishContext { u_int32_t S[4][256]; /* S-Boxes */ u_int32_t P[BLF_N + 2]; /* Subkeys */ } blf_ctx; /* Raw access to customized Blowfish * blf_key is just: * Blowfish_initstate( state ) * Blowfish_expand0state( state, key, keylen ) */ void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *); void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *); void Blowfish_initstate(blf_ctx *); void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t); void Blowfish_expandstate (blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t); /* Standard Blowfish */ void blf_key(blf_ctx *, const u_int8_t *, u_int16_t); void blf_enc(blf_ctx *, u_int32_t *, u_int16_t); void blf_dec(blf_ctx *, u_int32_t *, u_int16_t); void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t); void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t); void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); /* Converts u_int8_t to u_int32_t */ u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *); #define DEF_WEAK(foo) #endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */ #endif /* _BLF_H */ bcrypt_pbkdf-1.1.0/ext/mri/bcrypt_pbkdf_ext.c0000644000004100000410000000267113773516117021317 0ustar www-datawww-data#include "includes.h" #include static VALUE mBCryptPbkdf; static VALUE cBCryptPbkdfEngine; /* Given a secret and a salt a key and the number of rounds and returns the encrypted secret */ static VALUE bc_crypt_pbkdf(VALUE self, VALUE pass, VALUE salt, VALUE keylen, VALUE rounds) { size_t okeylen = NUM2ULONG(keylen); u_int8_t* okey = xmalloc(okeylen); VALUE out; int ret = bcrypt_pbkdf( StringValuePtr(pass), RSTRING_LEN(pass), (const u_int8_t*)StringValuePtr(salt), RSTRING_LEN(salt), okey, okeylen, NUM2ULONG(rounds)); if (ret < 0) return Qnil; out = rb_str_new((const char*)okey, okeylen); xfree(okey); return out; } static VALUE bc_crypt_hash(VALUE self, VALUE pass, VALUE salt) { u_int8_t hash[BCRYPT_HASHSIZE]; if (RSTRING_LEN(pass) != 64U) return Qnil; if (RSTRING_LEN(salt) != 64U) return Qnil; bcrypt_hash((const u_int8_t*)StringValuePtr(pass), (const u_int8_t*)StringValuePtr(salt), hash); return rb_str_new((const char*)hash, sizeof(hash)); } /* Create the BCryptPbkdf and BCryptPbkdf::Engine modules, and populate them with methods. */ void Init_bcrypt_pbkdf_ext(){ mBCryptPbkdf = rb_define_module("BCryptPbkdf"); cBCryptPbkdfEngine = rb_define_class_under(mBCryptPbkdf, "Engine", rb_cObject); rb_define_singleton_method(cBCryptPbkdfEngine, "__bc_crypt_pbkdf", bc_crypt_pbkdf, 4); rb_define_singleton_method(cBCryptPbkdfEngine, "__bc_crypt_hash", bc_crypt_hash, 2); }bcrypt_pbkdf-1.1.0/ext/mri/crypto_hash_sha512.h0000644000004100000410000000122113773516117021367 0ustar www-datawww-data#include typedef struct crypto_hash_sha512_state { uint64_t state[8]; uint64_t count[2]; unsigned char buf[128]; } crypto_hash_sha512_state; #define crypto_hash_sha512_BYTES 64U int crypto_hash_sha512_init(crypto_hash_sha512_state *state); int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen); int crypto_hash_sha512_update(crypto_hash_sha512_state *state, const unsigned char *in, unsigned long long inlen); int crypto_hash_sha512_final(crypto_hash_sha512_state *state, unsigned char *out); bcrypt_pbkdf-1.1.0/ext/mri/bcrypt_pbkdf.c0000644000004100000410000001226213773516117020434 0ustar www-datawww-data/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include "blf.h" #include "sha2.h" #include #include "util.h" #define MINIMUM(a,b) (((a) < (b)) ? (a) : (b)) /* * pkcs #5 pbkdf2 implementation using the "bcrypt" hash * * The bcrypt hash function is derived from the bcrypt password hashing * function with the following modifications: * 1. The input password and salt are preprocessed with SHA512. * 2. The output length is expanded to 256 bits. * 3. Subsequently the magic string to be encrypted is lengthened and modifed * to "OxychromaticBlowfishSwatDynamite" * 4. The hash function is defined to perform 64 rounds of initial state * expansion. (More rounds are performed by iterating the hash.) * * Note that this implementation pulls the SHA512 operations into the caller * as a performance optimization. * * One modification from official pbkdf2. Instead of outputting key material * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to * generate (e.g.) 512 bits of key material for use as two 256 bit keys, an * attacker can merely run once through the outer loop, but the user * always runs it twice. Shuffling output bytes requires computing the * entirety of the key material to assemble any subkey. This is something a * wise caller could do; we just do it for you. */ #define BCRYPT_WORDS 8 #define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) void bcrypt_hash(const uint8_t *sha2pass, const uint8_t *sha2salt, uint8_t *out) { blf_ctx state; uint8_t ciphertext[BCRYPT_HASHSIZE] = "OxychromaticBlowfishSwatDynamite"; uint32_t cdata[BCRYPT_WORDS]; int i; uint16_t j; size_t shalen = SHA512_DIGEST_LENGTH; /* key expansion */ Blowfish_initstate(&state); Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); for (i = 0; i < 64; i++) { Blowfish_expand0state(&state, sha2salt, shalen); Blowfish_expand0state(&state, sha2pass, shalen); } /* encryption */ j = 0; for (i = 0; i < BCRYPT_WORDS; i++) cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), &j); for (i = 0; i < 64; i++) blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t)); /* copy out */ for (i = 0; i < BCRYPT_WORDS; i++) { out[4 * i + 3] = (cdata[i] >> 24) & 0xff; out[4 * i + 2] = (cdata[i] >> 16) & 0xff; out[4 * i + 1] = (cdata[i] >> 8) & 0xff; out[4 * i + 0] = cdata[i] & 0xff; } /* zap */ explicit_bzero(ciphertext, sizeof(ciphertext)); explicit_bzero(cdata, sizeof(cdata)); explicit_bzero(&state, sizeof(state)); } int bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, uint8_t *key, size_t keylen, unsigned int rounds) { SHA2_CTX ctx; uint8_t sha2pass[SHA512_DIGEST_LENGTH]; uint8_t sha2salt[SHA512_DIGEST_LENGTH]; uint8_t out[BCRYPT_HASHSIZE]; uint8_t tmpout[BCRYPT_HASHSIZE]; uint8_t countsalt[4]; size_t i, j, amt, stride; uint32_t count; size_t origkeylen = keylen; /* nothing crazy */ if (rounds < 1) return -1; if (passlen == 0 || saltlen == 0 || keylen == 0 || keylen > sizeof(out) * sizeof(out)) return -1; stride = (keylen + sizeof(out) - 1) / sizeof(out); amt = (keylen + stride - 1) / stride; /* collapse password */ SHA512Init(&ctx); SHA512Update(&ctx, pass, passlen); SHA512Final(sha2pass, &ctx); /* generate key, sizeof(out) at a time */ for (count = 1; keylen > 0; count++) { countsalt[0] = (count >> 24) & 0xff; countsalt[1] = (count >> 16) & 0xff; countsalt[2] = (count >> 8) & 0xff; countsalt[3] = count & 0xff; /* first round, salt is salt */ SHA512Init(&ctx); SHA512Update(&ctx, salt, saltlen); SHA512Update(&ctx, countsalt, sizeof(countsalt)); SHA512Final(sha2salt, &ctx); bcrypt_hash(sha2pass, sha2salt, tmpout); memcpy(out, tmpout, sizeof(out)); for (i = 1; i < rounds; i++) { /* subsequent rounds, salt is previous output */ SHA512Init(&ctx); SHA512Update(&ctx, tmpout, sizeof(tmpout)); SHA512Final(sha2salt, &ctx); bcrypt_hash(sha2pass, sha2salt, tmpout); for (j = 0; j < sizeof(out); j++) out[j] ^= tmpout[j]; } /* * pbkdf2 deviation: output the key material non-linearly. */ amt = MINIMUM(amt, keylen); for (i = 0; i < amt; i++) { size_t dest = i * stride + (count - 1); if (dest >= origkeylen) break; key[dest] = out[i]; } keylen -= i; } /* zap */ explicit_bzero(&ctx, sizeof(ctx)); explicit_bzero(out, sizeof(out)); return 0; }bcrypt_pbkdf-1.1.0/ext/mri/hash_sha512.c0000644000004100000410000002417713773516117020001 0ustar www-datawww-data/*- * Copyright 2005,2007,2009 Colin Percival * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include "crypto_hash_sha512.h" #include "utils.h" #include #include #include #include #include /* Avoid namespace collisions with BSD . */ #define be64dec _sha512_be64dec #define be64enc _sha512_be64enc static inline uint64_t be64dec(const void *pp) { const uint8_t *p = (uint8_t const *)pp; return ((uint64_t)(p[7]) + ((uint64_t)(p[6]) << 8) + ((uint64_t)(p[5]) << 16) + ((uint64_t)(p[4]) << 24) + ((uint64_t)(p[3]) << 32) + ((uint64_t)(p[2]) << 40) + ((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56)); } static inline void be64enc(void *pp, uint64_t x) { uint8_t *p = (uint8_t *)pp; p[7] = x & 0xff; p[6] = (x >> 8) & 0xff; p[5] = (x >> 16) & 0xff; p[4] = (x >> 24) & 0xff; p[3] = (x >> 32) & 0xff; p[2] = (x >> 40) & 0xff; p[1] = (x >> 48) & 0xff; p[0] = (x >> 56) & 0xff; } static void be64enc_vect(unsigned char *dst, const uint64_t *src, size_t len) { size_t i; for (i = 0; i < len / 8; i++) { be64enc(dst + i * 8, src[i]); } } static void be64dec_vect(uint64_t *dst, const unsigned char *src, size_t len) { size_t i; for (i = 0; i < len / 8; i++) { dst[i] = be64dec(src + i * 8); } } #define Ch(x, y, z) ((x & (y ^ z)) ^ z) #define Maj(x, y, z) ((x & (y | z)) | (y & z)) #define SHR(x, n) (x >> n) #define ROTR(x, n) ((x >> n) | (x << (64 - n))) #define S0(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) #define S1(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) #define s0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) #define s1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) #define RND(a, b, c, d, e, f, g, h, k) \ t0 = h + S1(e) + Ch(e, f, g) + k; \ t1 = S0(a) + Maj(a, b, c); \ d += t0; \ h = t0 + t1; #define RNDr(S, W, i, k) \ RND(S[(80 - i) % 8], S[(81 - i) % 8], \ S[(82 - i) % 8], S[(83 - i) % 8], \ S[(84 - i) % 8], S[(85 - i) % 8], \ S[(86 - i) % 8], S[(87 - i) % 8], \ W[i] + k) static void SHA512_Transform(uint64_t *state, const unsigned char block[128]) { uint64_t W[80]; uint64_t S[8]; uint64_t t0, t1; int i; be64dec_vect(W, block, 128); for (i = 16; i < 80; i++) { W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; } memcpy(S, state, 64); RNDr(S, W, 0, 0x428a2f98d728ae22ULL); RNDr(S, W, 1, 0x7137449123ef65cdULL); RNDr(S, W, 2, 0xb5c0fbcfec4d3b2fULL); RNDr(S, W, 3, 0xe9b5dba58189dbbcULL); RNDr(S, W, 4, 0x3956c25bf348b538ULL); RNDr(S, W, 5, 0x59f111f1b605d019ULL); RNDr(S, W, 6, 0x923f82a4af194f9bULL); RNDr(S, W, 7, 0xab1c5ed5da6d8118ULL); RNDr(S, W, 8, 0xd807aa98a3030242ULL); RNDr(S, W, 9, 0x12835b0145706fbeULL); RNDr(S, W, 10, 0x243185be4ee4b28cULL); RNDr(S, W, 11, 0x550c7dc3d5ffb4e2ULL); RNDr(S, W, 12, 0x72be5d74f27b896fULL); RNDr(S, W, 13, 0x80deb1fe3b1696b1ULL); RNDr(S, W, 14, 0x9bdc06a725c71235ULL); RNDr(S, W, 15, 0xc19bf174cf692694ULL); RNDr(S, W, 16, 0xe49b69c19ef14ad2ULL); RNDr(S, W, 17, 0xefbe4786384f25e3ULL); RNDr(S, W, 18, 0x0fc19dc68b8cd5b5ULL); RNDr(S, W, 19, 0x240ca1cc77ac9c65ULL); RNDr(S, W, 20, 0x2de92c6f592b0275ULL); RNDr(S, W, 21, 0x4a7484aa6ea6e483ULL); RNDr(S, W, 22, 0x5cb0a9dcbd41fbd4ULL); RNDr(S, W, 23, 0x76f988da831153b5ULL); RNDr(S, W, 24, 0x983e5152ee66dfabULL); RNDr(S, W, 25, 0xa831c66d2db43210ULL); RNDr(S, W, 26, 0xb00327c898fb213fULL); RNDr(S, W, 27, 0xbf597fc7beef0ee4ULL); RNDr(S, W, 28, 0xc6e00bf33da88fc2ULL); RNDr(S, W, 29, 0xd5a79147930aa725ULL); RNDr(S, W, 30, 0x06ca6351e003826fULL); RNDr(S, W, 31, 0x142929670a0e6e70ULL); RNDr(S, W, 32, 0x27b70a8546d22ffcULL); RNDr(S, W, 33, 0x2e1b21385c26c926ULL); RNDr(S, W, 34, 0x4d2c6dfc5ac42aedULL); RNDr(S, W, 35, 0x53380d139d95b3dfULL); RNDr(S, W, 36, 0x650a73548baf63deULL); RNDr(S, W, 37, 0x766a0abb3c77b2a8ULL); RNDr(S, W, 38, 0x81c2c92e47edaee6ULL); RNDr(S, W, 39, 0x92722c851482353bULL); RNDr(S, W, 40, 0xa2bfe8a14cf10364ULL); RNDr(S, W, 41, 0xa81a664bbc423001ULL); RNDr(S, W, 42, 0xc24b8b70d0f89791ULL); RNDr(S, W, 43, 0xc76c51a30654be30ULL); RNDr(S, W, 44, 0xd192e819d6ef5218ULL); RNDr(S, W, 45, 0xd69906245565a910ULL); RNDr(S, W, 46, 0xf40e35855771202aULL); RNDr(S, W, 47, 0x106aa07032bbd1b8ULL); RNDr(S, W, 48, 0x19a4c116b8d2d0c8ULL); RNDr(S, W, 49, 0x1e376c085141ab53ULL); RNDr(S, W, 50, 0x2748774cdf8eeb99ULL); RNDr(S, W, 51, 0x34b0bcb5e19b48a8ULL); RNDr(S, W, 52, 0x391c0cb3c5c95a63ULL); RNDr(S, W, 53, 0x4ed8aa4ae3418acbULL); RNDr(S, W, 54, 0x5b9cca4f7763e373ULL); RNDr(S, W, 55, 0x682e6ff3d6b2b8a3ULL); RNDr(S, W, 56, 0x748f82ee5defb2fcULL); RNDr(S, W, 57, 0x78a5636f43172f60ULL); RNDr(S, W, 58, 0x84c87814a1f0ab72ULL); RNDr(S, W, 59, 0x8cc702081a6439ecULL); RNDr(S, W, 60, 0x90befffa23631e28ULL); RNDr(S, W, 61, 0xa4506cebde82bde9ULL); RNDr(S, W, 62, 0xbef9a3f7b2c67915ULL); RNDr(S, W, 63, 0xc67178f2e372532bULL); RNDr(S, W, 64, 0xca273eceea26619cULL); RNDr(S, W, 65, 0xd186b8c721c0c207ULL); RNDr(S, W, 66, 0xeada7dd6cde0eb1eULL); RNDr(S, W, 67, 0xf57d4f7fee6ed178ULL); RNDr(S, W, 68, 0x06f067aa72176fbaULL); RNDr(S, W, 69, 0x0a637dc5a2c898a6ULL); RNDr(S, W, 70, 0x113f9804bef90daeULL); RNDr(S, W, 71, 0x1b710b35131c471bULL); RNDr(S, W, 72, 0x28db77f523047d84ULL); RNDr(S, W, 73, 0x32caab7b40c72493ULL); RNDr(S, W, 74, 0x3c9ebe0a15c9bebcULL); RNDr(S, W, 75, 0x431d67c49c100d4cULL); RNDr(S, W, 76, 0x4cc5d4becb3e42b6ULL); RNDr(S, W, 77, 0x597f299cfc657e2aULL); RNDr(S, W, 78, 0x5fcb6fab3ad6faecULL); RNDr(S, W, 79, 0x6c44198c4a475817ULL); for (i = 0; i < 8; i++) { state[i] += S[i]; } sodium_memzero((void *) W, sizeof W); sodium_memzero((void *) S, sizeof S); sodium_memzero((void *) &t0, sizeof t0); sodium_memzero((void *) &t1, sizeof t1); } static unsigned char PAD[128] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; static void SHA512_Pad(crypto_hash_sha512_state *state) { unsigned char len[16]; uint64_t r, plen; be64enc_vect(len, state->count, 16); r = (state->count[1] >> 3) & 0x7f; plen = (r < 112) ? (112 - r) : (240 - r); crypto_hash_sha512_update(state, PAD, (unsigned long long) plen); crypto_hash_sha512_update(state, len, 16); } int crypto_hash_sha512_init(crypto_hash_sha512_state *state) { static const uint64_t sha512_initstate[8] = { 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; state->count[0] = state->count[1] = (uint64_t) 0U; memcpy(state->state, sha512_initstate, sizeof sha512_initstate); return 0; } int crypto_hash_sha512_update(crypto_hash_sha512_state *state, const unsigned char *in, unsigned long long inlen) { uint64_t bitlen[2]; uint64_t r; const unsigned char *src = in; r = (state->count[1] >> 3) & 0x7f; bitlen[1] = ((uint64_t)inlen) << 3; bitlen[0] = ((uint64_t)inlen) >> 61; /* LCOV_EXCL_START */ if ((state->count[1] += bitlen[1]) < bitlen[1]) { state->count[0]++; } /* LCOV_EXCL_STOP */ state->count[0] += bitlen[0]; if (inlen < 128 - r) { memcpy(&state->buf[r], src, inlen); return 0; } memcpy(&state->buf[r], src, 128 - r); SHA512_Transform(state->state, state->buf); src += 128 - r; inlen -= 128 - r; while (inlen >= 128) { SHA512_Transform(state->state, src); src += 128; inlen -= 128; } memcpy(state->buf, src, inlen); /* inlen < 128 */ return 0; } int crypto_hash_sha512_final(crypto_hash_sha512_state *state, unsigned char *out) { SHA512_Pad(state); be64enc_vect(out, state->state, 64); sodium_memzero((void *) state, sizeof *state); return 0; } int crypto_hash_sha512(unsigned char *out, const unsigned char *in, unsigned long long inlen) { crypto_hash_sha512_state state; crypto_hash_sha512_init(&state); crypto_hash_sha512_update(&state, in, inlen); crypto_hash_sha512_final(&state, out); return 0; }