source: code/trunk/vendor/golang.org/x/crypto/blowfish/block.go@ 822

Last change on this file since 822 was 822, checked in by yakumo.izuru, 22 months ago

Prefer immortal.run over runit and rc.d, use vendored modules
for convenience.

Signed-off-by: Izuru Yakumo <yakumo.izuru@…>
File size: 6.0 KB
Line 
1// Copyright 2010 The Go Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style
3// license that can be found in the LICENSE file.
4
5package blowfish
6
7// getNextWord returns the next big-endian uint32 value from the byte slice
8// at the given position in a circular manner, updating the position.
9func getNextWord(b []byte, pos *int) uint32 {
10 var w uint32
11 j := *pos
12 for i := 0; i < 4; i++ {
13 w = w<<8 | uint32(b[j])
14 j++
15 if j >= len(b) {
16 j = 0
17 }
18 }
19 *pos = j
20 return w
21}
22
23// ExpandKey performs a key expansion on the given *Cipher. Specifically, it
24// performs the Blowfish algorithm's key schedule which sets up the *Cipher's
25// pi and substitution tables for calls to Encrypt. This is used, primarily,
26// by the bcrypt package to reuse the Blowfish key schedule during its
27// set up. It's unlikely that you need to use this directly.
28func ExpandKey(key []byte, c *Cipher) {
29 j := 0
30 for i := 0; i < 18; i++ {
31 // Using inlined getNextWord for performance.
32 var d uint32
33 for k := 0; k < 4; k++ {
34 d = d<<8 | uint32(key[j])
35 j++
36 if j >= len(key) {
37 j = 0
38 }
39 }
40 c.p[i] ^= d
41 }
42
43 var l, r uint32
44 for i := 0; i < 18; i += 2 {
45 l, r = encryptBlock(l, r, c)
46 c.p[i], c.p[i+1] = l, r
47 }
48
49 for i := 0; i < 256; i += 2 {
50 l, r = encryptBlock(l, r, c)
51 c.s0[i], c.s0[i+1] = l, r
52 }
53 for i := 0; i < 256; i += 2 {
54 l, r = encryptBlock(l, r, c)
55 c.s1[i], c.s1[i+1] = l, r
56 }
57 for i := 0; i < 256; i += 2 {
58 l, r = encryptBlock(l, r, c)
59 c.s2[i], c.s2[i+1] = l, r
60 }
61 for i := 0; i < 256; i += 2 {
62 l, r = encryptBlock(l, r, c)
63 c.s3[i], c.s3[i+1] = l, r
64 }
65}
66
67// This is similar to ExpandKey, but folds the salt during the key
68// schedule. While ExpandKey is essentially expandKeyWithSalt with an all-zero
69// salt passed in, reusing ExpandKey turns out to be a place of inefficiency
70// and specializing it here is useful.
71func expandKeyWithSalt(key []byte, salt []byte, c *Cipher) {
72 j := 0
73 for i := 0; i < 18; i++ {
74 c.p[i] ^= getNextWord(key, &j)
75 }
76
77 j = 0
78 var l, r uint32
79 for i := 0; i < 18; i += 2 {
80 l ^= getNextWord(salt, &j)
81 r ^= getNextWord(salt, &j)
82 l, r = encryptBlock(l, r, c)
83 c.p[i], c.p[i+1] = l, r
84 }
85
86 for i := 0; i < 256; i += 2 {
87 l ^= getNextWord(salt, &j)
88 r ^= getNextWord(salt, &j)
89 l, r = encryptBlock(l, r, c)
90 c.s0[i], c.s0[i+1] = l, r
91 }
92
93 for i := 0; i < 256; i += 2 {
94 l ^= getNextWord(salt, &j)
95 r ^= getNextWord(salt, &j)
96 l, r = encryptBlock(l, r, c)
97 c.s1[i], c.s1[i+1] = l, r
98 }
99
100 for i := 0; i < 256; i += 2 {
101 l ^= getNextWord(salt, &j)
102 r ^= getNextWord(salt, &j)
103 l, r = encryptBlock(l, r, c)
104 c.s2[i], c.s2[i+1] = l, r
105 }
106
107 for i := 0; i < 256; i += 2 {
108 l ^= getNextWord(salt, &j)
109 r ^= getNextWord(salt, &j)
110 l, r = encryptBlock(l, r, c)
111 c.s3[i], c.s3[i+1] = l, r
112 }
113}
114
115func encryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
116 xl, xr := l, r
117 xl ^= c.p[0]
118 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[1]
119 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[2]
120 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[3]
121 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[4]
122 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[5]
123 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[6]
124 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[7]
125 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[8]
126 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[9]
127 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[10]
128 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[11]
129 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[12]
130 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[13]
131 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[14]
132 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[15]
133 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[16]
134 xr ^= c.p[17]
135 return xr, xl
136}
137
138func decryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
139 xl, xr := l, r
140 xl ^= c.p[17]
141 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[16]
142 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[15]
143 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[14]
144 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[13]
145 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[12]
146 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[11]
147 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[10]
148 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[9]
149 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[8]
150 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[7]
151 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[6]
152 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[5]
153 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[4]
154 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[3]
155 xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[2]
156 xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[1]
157 xr ^= c.p[0]
158 return xr, xl
159}
Note: See TracBrowser for help on using the repository browser.