本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

160 lines
6.0KB

  1. // Copyright 2010 The Go Authors. All rights reserved.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. package blowfish
  5. // getNextWord returns the next big-endian uint32 value from the byte slice
  6. // at the given position in a circular manner, updating the position.
  7. func getNextWord(b []byte, pos *int) uint32 {
  8. var w uint32
  9. j := *pos
  10. for i := 0; i < 4; i++ {
  11. w = w<<8 | uint32(b[j])
  12. j++
  13. if j >= len(b) {
  14. j = 0
  15. }
  16. }
  17. *pos = j
  18. return w
  19. }
  20. // ExpandKey performs a key expansion on the given *Cipher. Specifically, it
  21. // performs the Blowfish algorithm's key schedule which sets up the *Cipher's
  22. // pi and substitution tables for calls to Encrypt. This is used, primarily,
  23. // by the bcrypt package to reuse the Blowfish key schedule during its
  24. // set up. It's unlikely that you need to use this directly.
  25. func ExpandKey(key []byte, c *Cipher) {
  26. j := 0
  27. for i := 0; i < 18; i++ {
  28. // Using inlined getNextWord for performance.
  29. var d uint32
  30. for k := 0; k < 4; k++ {
  31. d = d<<8 | uint32(key[j])
  32. j++
  33. if j >= len(key) {
  34. j = 0
  35. }
  36. }
  37. c.p[i] ^= d
  38. }
  39. var l, r uint32
  40. for i := 0; i < 18; i += 2 {
  41. l, r = encryptBlock(l, r, c)
  42. c.p[i], c.p[i+1] = l, r
  43. }
  44. for i := 0; i < 256; i += 2 {
  45. l, r = encryptBlock(l, r, c)
  46. c.s0[i], c.s0[i+1] = l, r
  47. }
  48. for i := 0; i < 256; i += 2 {
  49. l, r = encryptBlock(l, r, c)
  50. c.s1[i], c.s1[i+1] = l, r
  51. }
  52. for i := 0; i < 256; i += 2 {
  53. l, r = encryptBlock(l, r, c)
  54. c.s2[i], c.s2[i+1] = l, r
  55. }
  56. for i := 0; i < 256; i += 2 {
  57. l, r = encryptBlock(l, r, c)
  58. c.s3[i], c.s3[i+1] = l, r
  59. }
  60. }
  61. // This is similar to ExpandKey, but folds the salt during the key
  62. // schedule. While ExpandKey is essentially expandKeyWithSalt with an all-zero
  63. // salt passed in, reusing ExpandKey turns out to be a place of inefficiency
  64. // and specializing it here is useful.
  65. func expandKeyWithSalt(key []byte, salt []byte, c *Cipher) {
  66. j := 0
  67. for i := 0; i < 18; i++ {
  68. c.p[i] ^= getNextWord(key, &j)
  69. }
  70. j = 0
  71. var l, r uint32
  72. for i := 0; i < 18; i += 2 {
  73. l ^= getNextWord(salt, &j)
  74. r ^= getNextWord(salt, &j)
  75. l, r = encryptBlock(l, r, c)
  76. c.p[i], c.p[i+1] = l, r
  77. }
  78. for i := 0; i < 256; i += 2 {
  79. l ^= getNextWord(salt, &j)
  80. r ^= getNextWord(salt, &j)
  81. l, r = encryptBlock(l, r, c)
  82. c.s0[i], c.s0[i+1] = l, r
  83. }
  84. for i := 0; i < 256; i += 2 {
  85. l ^= getNextWord(salt, &j)
  86. r ^= getNextWord(salt, &j)
  87. l, r = encryptBlock(l, r, c)
  88. c.s1[i], c.s1[i+1] = l, r
  89. }
  90. for i := 0; i < 256; i += 2 {
  91. l ^= getNextWord(salt, &j)
  92. r ^= getNextWord(salt, &j)
  93. l, r = encryptBlock(l, r, c)
  94. c.s2[i], c.s2[i+1] = l, r
  95. }
  96. for i := 0; i < 256; i += 2 {
  97. l ^= getNextWord(salt, &j)
  98. r ^= getNextWord(salt, &j)
  99. l, r = encryptBlock(l, r, c)
  100. c.s3[i], c.s3[i+1] = l, r
  101. }
  102. }
  103. func encryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
  104. xl, xr := l, r
  105. xl ^= c.p[0]
  106. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[1]
  107. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[2]
  108. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[3]
  109. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[4]
  110. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[5]
  111. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[6]
  112. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[7]
  113. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[8]
  114. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[9]
  115. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[10]
  116. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[11]
  117. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[12]
  118. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[13]
  119. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[14]
  120. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[15]
  121. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[16]
  122. xr ^= c.p[17]
  123. return xr, xl
  124. }
  125. func decryptBlock(l, r uint32, c *Cipher) (uint32, uint32) {
  126. xl, xr := l, r
  127. xl ^= c.p[17]
  128. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[16]
  129. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[15]
  130. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[14]
  131. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[13]
  132. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[12]
  133. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[11]
  134. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[10]
  135. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[9]
  136. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[8]
  137. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[7]
  138. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[6]
  139. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[5]
  140. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[4]
  141. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[3]
  142. xr ^= ((c.s0[byte(xl>>24)] + c.s1[byte(xl>>16)]) ^ c.s2[byte(xl>>8)]) + c.s3[byte(xl)] ^ c.p[2]
  143. xl ^= ((c.s0[byte(xr>>24)] + c.s1[byte(xr>>16)]) ^ c.s2[byte(xr>>8)]) + c.s3[byte(xr)] ^ c.p[1]
  144. xr ^= c.p[0]
  145. return xr, xl
  146. }
上海开阖软件有限公司 沪ICP备12045867号-1