xref: /vim-8.2.3635/src/blowfish.c (revision a8ffcbbf) 
1 /* vi:set ts=8 sts=4 sw=4:
2  *
3  * VIM - Vi IMproved	by Bram Moolenaar
4  *
5  * Do ":help uganda"  in Vim to read copying and usage conditions.
6  * Do ":help credits" in Vim to see a list of people who contributed.
7  * See README.txt for an overview of the Vim source code.
8  *
9  * Blowfish encryption for Vim; in Blowfish output feedback mode.
10  * Contributed by Mohsin Ahmed, http://www.cs.albany.edu/~mosh
11  * Based on http://www.schneier.com/blowfish.html by Bruce Schneier.
12  */
13 
14 #include "vim.h"
15 
16 #if defined(FEAT_CRYPT)
17 
18 #define ARRAY_LENGTH(A)      (sizeof(A)/sizeof(A[0]))
19 
20 #define BF_BLOCK    8
21 #define BF_BLOCK_MASK 7
22 #define BF_OFB_LEN  (8*(BF_BLOCK))
23 
24 typedef union {
25     UINT32_T ul[2];
26     char_u   uc[8];
27 } block8;
28 
29 #if defined(WIN3264) || defined(DOS32)
30   /* MS-Windows is always little endian */
31 #else
32 # ifdef HAVE_CONFIG_H
33    /* in configure.in AC_C_BIGENDIAN() defines WORDS_BIGENDIAN when needed */
34 # else
35    error!
36    Please change this code to define WORDS_BIGENDIAN for big-endian machines.
37 # endif
38 #endif
39 
40 static void bf_e_block __ARGS((UINT32_T *p_xl, UINT32_T *p_xr));
41 static void bf_e_cblock __ARGS((char_u *block));
42 static int bf_check_tables __ARGS((UINT32_T ipa[18], UINT32_T sbi[4][256], UINT32_T val));
43 static int bf_self_test __ARGS((void));
44 
45 /* Blowfish code */
46 static UINT32_T pax[18];
47 static UINT32_T ipa[18] = {
48     0x243f6a88u, 0x85a308d3u, 0x13198a2eu,
49     0x03707344u, 0xa4093822u, 0x299f31d0u,
50     0x082efa98u, 0xec4e6c89u, 0x452821e6u,
51     0x38d01377u, 0xbe5466cfu, 0x34e90c6cu,
52     0xc0ac29b7u, 0xc97c50ddu, 0x3f84d5b5u,
53     0xb5470917u, 0x9216d5d9u, 0x8979fb1bu
54 };
55 
56 static UINT32_T sbx[4][256];
57 static UINT32_T sbi[4][256] = {
58    {0xd1310ba6u, 0x98dfb5acu, 0x2ffd72dbu, 0xd01adfb7u,
59     0xb8e1afedu, 0x6a267e96u, 0xba7c9045u, 0xf12c7f99u,
60     0x24a19947u, 0xb3916cf7u, 0x0801f2e2u, 0x858efc16u,
61     0x636920d8u, 0x71574e69u, 0xa458fea3u, 0xf4933d7eu,
62     0x0d95748fu, 0x728eb658u, 0x718bcd58u, 0x82154aeeu,
63     0x7b54a41du, 0xc25a59b5u, 0x9c30d539u, 0x2af26013u,
64     0xc5d1b023u, 0x286085f0u, 0xca417918u, 0xb8db38efu,
65     0x8e79dcb0u, 0x603a180eu, 0x6c9e0e8bu, 0xb01e8a3eu,
66     0xd71577c1u, 0xbd314b27u, 0x78af2fdau, 0x55605c60u,
67     0xe65525f3u, 0xaa55ab94u, 0x57489862u, 0x63e81440u,
68     0x55ca396au, 0x2aab10b6u, 0xb4cc5c34u, 0x1141e8ceu,
69     0xa15486afu, 0x7c72e993u, 0xb3ee1411u, 0x636fbc2au,
70     0x2ba9c55du, 0x741831f6u, 0xce5c3e16u, 0x9b87931eu,
71     0xafd6ba33u, 0x6c24cf5cu, 0x7a325381u, 0x28958677u,
72     0x3b8f4898u, 0x6b4bb9afu, 0xc4bfe81bu, 0x66282193u,
73     0x61d809ccu, 0xfb21a991u, 0x487cac60u, 0x5dec8032u,
74     0xef845d5du, 0xe98575b1u, 0xdc262302u, 0xeb651b88u,
75     0x23893e81u, 0xd396acc5u, 0x0f6d6ff3u, 0x83f44239u,
76     0x2e0b4482u, 0xa4842004u, 0x69c8f04au, 0x9e1f9b5eu,
77     0x21c66842u, 0xf6e96c9au, 0x670c9c61u, 0xabd388f0u,
78     0x6a51a0d2u, 0xd8542f68u, 0x960fa728u, 0xab5133a3u,
79     0x6eef0b6cu, 0x137a3be4u, 0xba3bf050u, 0x7efb2a98u,
80     0xa1f1651du, 0x39af0176u, 0x66ca593eu, 0x82430e88u,
81     0x8cee8619u, 0x456f9fb4u, 0x7d84a5c3u, 0x3b8b5ebeu,
82     0xe06f75d8u, 0x85c12073u, 0x401a449fu, 0x56c16aa6u,
83     0x4ed3aa62u, 0x363f7706u, 0x1bfedf72u, 0x429b023du,
84     0x37d0d724u, 0xd00a1248u, 0xdb0fead3u, 0x49f1c09bu,
85     0x075372c9u, 0x80991b7bu, 0x25d479d8u, 0xf6e8def7u,
86     0xe3fe501au, 0xb6794c3bu, 0x976ce0bdu, 0x04c006bau,
87     0xc1a94fb6u, 0x409f60c4u, 0x5e5c9ec2u, 0x196a2463u,
88     0x68fb6fafu, 0x3e6c53b5u, 0x1339b2ebu, 0x3b52ec6fu,
89     0x6dfc511fu, 0x9b30952cu, 0xcc814544u, 0xaf5ebd09u,
90     0xbee3d004u, 0xde334afdu, 0x660f2807u, 0x192e4bb3u,
91     0xc0cba857u, 0x45c8740fu, 0xd20b5f39u, 0xb9d3fbdbu,
92     0x5579c0bdu, 0x1a60320au, 0xd6a100c6u, 0x402c7279u,
93     0x679f25feu, 0xfb1fa3ccu, 0x8ea5e9f8u, 0xdb3222f8u,
94     0x3c7516dfu, 0xfd616b15u, 0x2f501ec8u, 0xad0552abu,
95     0x323db5fau, 0xfd238760u, 0x53317b48u, 0x3e00df82u,
96     0x9e5c57bbu, 0xca6f8ca0u, 0x1a87562eu, 0xdf1769dbu,
97     0xd542a8f6u, 0x287effc3u, 0xac6732c6u, 0x8c4f5573u,
98     0x695b27b0u, 0xbbca58c8u, 0xe1ffa35du, 0xb8f011a0u,
99     0x10fa3d98u, 0xfd2183b8u, 0x4afcb56cu, 0x2dd1d35bu,
100     0x9a53e479u, 0xb6f84565u, 0xd28e49bcu, 0x4bfb9790u,
101     0xe1ddf2dau, 0xa4cb7e33u, 0x62fb1341u, 0xcee4c6e8u,
102     0xef20cadau, 0x36774c01u, 0xd07e9efeu, 0x2bf11fb4u,
103     0x95dbda4du, 0xae909198u, 0xeaad8e71u, 0x6b93d5a0u,
104     0xd08ed1d0u, 0xafc725e0u, 0x8e3c5b2fu, 0x8e7594b7u,
105     0x8ff6e2fbu, 0xf2122b64u, 0x8888b812u, 0x900df01cu,
106     0x4fad5ea0u, 0x688fc31cu, 0xd1cff191u, 0xb3a8c1adu,
107     0x2f2f2218u, 0xbe0e1777u, 0xea752dfeu, 0x8b021fa1u,
108     0xe5a0cc0fu, 0xb56f74e8u, 0x18acf3d6u, 0xce89e299u,
109     0xb4a84fe0u, 0xfd13e0b7u, 0x7cc43b81u, 0xd2ada8d9u,
110     0x165fa266u, 0x80957705u, 0x93cc7314u, 0x211a1477u,
111     0xe6ad2065u, 0x77b5fa86u, 0xc75442f5u, 0xfb9d35cfu,
112     0xebcdaf0cu, 0x7b3e89a0u, 0xd6411bd3u, 0xae1e7e49u,
113     0x00250e2du, 0x2071b35eu, 0x226800bbu, 0x57b8e0afu,
114     0x2464369bu, 0xf009b91eu, 0x5563911du, 0x59dfa6aau,
115     0x78c14389u, 0xd95a537fu, 0x207d5ba2u, 0x02e5b9c5u,
116     0x83260376u, 0x6295cfa9u, 0x11c81968u, 0x4e734a41u,
117     0xb3472dcau, 0x7b14a94au, 0x1b510052u, 0x9a532915u,
118     0xd60f573fu, 0xbc9bc6e4u, 0x2b60a476u, 0x81e67400u,
119     0x08ba6fb5u, 0x571be91fu, 0xf296ec6bu, 0x2a0dd915u,
120     0xb6636521u, 0xe7b9f9b6u, 0xff34052eu, 0xc5855664u,
121     0x53b02d5du, 0xa99f8fa1u, 0x08ba4799u, 0x6e85076au},
122    {0x4b7a70e9u, 0xb5b32944u, 0xdb75092eu, 0xc4192623u,
123     0xad6ea6b0u, 0x49a7df7du, 0x9cee60b8u, 0x8fedb266u,
124     0xecaa8c71u, 0x699a17ffu, 0x5664526cu, 0xc2b19ee1u,
125     0x193602a5u, 0x75094c29u, 0xa0591340u, 0xe4183a3eu,
126     0x3f54989au, 0x5b429d65u, 0x6b8fe4d6u, 0x99f73fd6u,
127     0xa1d29c07u, 0xefe830f5u, 0x4d2d38e6u, 0xf0255dc1u,
128     0x4cdd2086u, 0x8470eb26u, 0x6382e9c6u, 0x021ecc5eu,
129     0x09686b3fu, 0x3ebaefc9u, 0x3c971814u, 0x6b6a70a1u,
130     0x687f3584u, 0x52a0e286u, 0xb79c5305u, 0xaa500737u,
131     0x3e07841cu, 0x7fdeae5cu, 0x8e7d44ecu, 0x5716f2b8u,
132     0xb03ada37u, 0xf0500c0du, 0xf01c1f04u, 0x0200b3ffu,
133     0xae0cf51au, 0x3cb574b2u, 0x25837a58u, 0xdc0921bdu,
134     0xd19113f9u, 0x7ca92ff6u, 0x94324773u, 0x22f54701u,
135     0x3ae5e581u, 0x37c2dadcu, 0xc8b57634u, 0x9af3dda7u,
136     0xa9446146u, 0x0fd0030eu, 0xecc8c73eu, 0xa4751e41u,
137     0xe238cd99u, 0x3bea0e2fu, 0x3280bba1u, 0x183eb331u,
138     0x4e548b38u, 0x4f6db908u, 0x6f420d03u, 0xf60a04bfu,
139     0x2cb81290u, 0x24977c79u, 0x5679b072u, 0xbcaf89afu,
140     0xde9a771fu, 0xd9930810u, 0xb38bae12u, 0xdccf3f2eu,
141     0x5512721fu, 0x2e6b7124u, 0x501adde6u, 0x9f84cd87u,
142     0x7a584718u, 0x7408da17u, 0xbc9f9abcu, 0xe94b7d8cu,
143     0xec7aec3au, 0xdb851dfau, 0x63094366u, 0xc464c3d2u,
144     0xef1c1847u, 0x3215d908u, 0xdd433b37u, 0x24c2ba16u,
145     0x12a14d43u, 0x2a65c451u, 0x50940002u, 0x133ae4ddu,
146     0x71dff89eu, 0x10314e55u, 0x81ac77d6u, 0x5f11199bu,
147     0x043556f1u, 0xd7a3c76bu, 0x3c11183bu, 0x5924a509u,
148     0xf28fe6edu, 0x97f1fbfau, 0x9ebabf2cu, 0x1e153c6eu,
149     0x86e34570u, 0xeae96fb1u, 0x860e5e0au, 0x5a3e2ab3u,
150     0x771fe71cu, 0x4e3d06fau, 0x2965dcb9u, 0x99e71d0fu,
151     0x803e89d6u, 0x5266c825u, 0x2e4cc978u, 0x9c10b36au,
152     0xc6150ebau, 0x94e2ea78u, 0xa5fc3c53u, 0x1e0a2df4u,
153     0xf2f74ea7u, 0x361d2b3du, 0x1939260fu, 0x19c27960u,
154     0x5223a708u, 0xf71312b6u, 0xebadfe6eu, 0xeac31f66u,
155     0xe3bc4595u, 0xa67bc883u, 0xb17f37d1u, 0x018cff28u,
156     0xc332ddefu, 0xbe6c5aa5u, 0x65582185u, 0x68ab9802u,
157     0xeecea50fu, 0xdb2f953bu, 0x2aef7dadu, 0x5b6e2f84u,
158     0x1521b628u, 0x29076170u, 0xecdd4775u, 0x619f1510u,
159     0x13cca830u, 0xeb61bd96u, 0x0334fe1eu, 0xaa0363cfu,
160     0xb5735c90u, 0x4c70a239u, 0xd59e9e0bu, 0xcbaade14u,
161     0xeecc86bcu, 0x60622ca7u, 0x9cab5cabu, 0xb2f3846eu,
162     0x648b1eafu, 0x19bdf0cau, 0xa02369b9u, 0x655abb50u,
163     0x40685a32u, 0x3c2ab4b3u, 0x319ee9d5u, 0xc021b8f7u,
164     0x9b540b19u, 0x875fa099u, 0x95f7997eu, 0x623d7da8u,
165     0xf837889au, 0x97e32d77u, 0x11ed935fu, 0x16681281u,
166     0x0e358829u, 0xc7e61fd6u, 0x96dedfa1u, 0x7858ba99u,
167     0x57f584a5u, 0x1b227263u, 0x9b83c3ffu, 0x1ac24696u,
168     0xcdb30aebu, 0x532e3054u, 0x8fd948e4u, 0x6dbc3128u,
169     0x58ebf2efu, 0x34c6ffeau, 0xfe28ed61u, 0xee7c3c73u,
170     0x5d4a14d9u, 0xe864b7e3u, 0x42105d14u, 0x203e13e0u,
171     0x45eee2b6u, 0xa3aaabeau, 0xdb6c4f15u, 0xfacb4fd0u,
172     0xc742f442u, 0xef6abbb5u, 0x654f3b1du, 0x41cd2105u,
173     0xd81e799eu, 0x86854dc7u, 0xe44b476au, 0x3d816250u,
174     0xcf62a1f2u, 0x5b8d2646u, 0xfc8883a0u, 0xc1c7b6a3u,
175     0x7f1524c3u, 0x69cb7492u, 0x47848a0bu, 0x5692b285u,
176     0x095bbf00u, 0xad19489du, 0x1462b174u, 0x23820e00u,
177     0x58428d2au, 0x0c55f5eau, 0x1dadf43eu, 0x233f7061u,
178     0x3372f092u, 0x8d937e41u, 0xd65fecf1u, 0x6c223bdbu,
179     0x7cde3759u, 0xcbee7460u, 0x4085f2a7u, 0xce77326eu,
180     0xa6078084u, 0x19f8509eu, 0xe8efd855u, 0x61d99735u,
181     0xa969a7aau, 0xc50c06c2u, 0x5a04abfcu, 0x800bcadcu,
182     0x9e447a2eu, 0xc3453484u, 0xfdd56705u, 0x0e1e9ec9u,
183     0xdb73dbd3u, 0x105588cdu, 0x675fda79u, 0xe3674340u,
184     0xc5c43465u, 0x713e38d8u, 0x3d28f89eu, 0xf16dff20u,
185     0x153e21e7u, 0x8fb03d4au, 0xe6e39f2bu, 0xdb83adf7u},
186    {0xe93d5a68u, 0x948140f7u, 0xf64c261cu, 0x94692934u,
187     0x411520f7u, 0x7602d4f7u, 0xbcf46b2eu, 0xd4a20068u,
188     0xd4082471u, 0x3320f46au, 0x43b7d4b7u, 0x500061afu,
189     0x1e39f62eu, 0x97244546u, 0x14214f74u, 0xbf8b8840u,
190     0x4d95fc1du, 0x96b591afu, 0x70f4ddd3u, 0x66a02f45u,
191     0xbfbc09ecu, 0x03bd9785u, 0x7fac6dd0u, 0x31cb8504u,
192     0x96eb27b3u, 0x55fd3941u, 0xda2547e6u, 0xabca0a9au,
193     0x28507825u, 0x530429f4u, 0x0a2c86dau, 0xe9b66dfbu,
194     0x68dc1462u, 0xd7486900u, 0x680ec0a4u, 0x27a18deeu,
195     0x4f3ffea2u, 0xe887ad8cu, 0xb58ce006u, 0x7af4d6b6u,
196     0xaace1e7cu, 0xd3375fecu, 0xce78a399u, 0x406b2a42u,
197     0x20fe9e35u, 0xd9f385b9u, 0xee39d7abu, 0x3b124e8bu,
198     0x1dc9faf7u, 0x4b6d1856u, 0x26a36631u, 0xeae397b2u,
199     0x3a6efa74u, 0xdd5b4332u, 0x6841e7f7u, 0xca7820fbu,
200     0xfb0af54eu, 0xd8feb397u, 0x454056acu, 0xba489527u,
201     0x55533a3au, 0x20838d87u, 0xfe6ba9b7u, 0xd096954bu,
202     0x55a867bcu, 0xa1159a58u, 0xcca92963u, 0x99e1db33u,
203     0xa62a4a56u, 0x3f3125f9u, 0x5ef47e1cu, 0x9029317cu,
204     0xfdf8e802u, 0x04272f70u, 0x80bb155cu, 0x05282ce3u,
205     0x95c11548u, 0xe4c66d22u, 0x48c1133fu, 0xc70f86dcu,
206     0x07f9c9eeu, 0x41041f0fu, 0x404779a4u, 0x5d886e17u,
207     0x325f51ebu, 0xd59bc0d1u, 0xf2bcc18fu, 0x41113564u,
208     0x257b7834u, 0x602a9c60u, 0xdff8e8a3u, 0x1f636c1bu,
209     0x0e12b4c2u, 0x02e1329eu, 0xaf664fd1u, 0xcad18115u,
210     0x6b2395e0u, 0x333e92e1u, 0x3b240b62u, 0xeebeb922u,
211     0x85b2a20eu, 0xe6ba0d99u, 0xde720c8cu, 0x2da2f728u,
212     0xd0127845u, 0x95b794fdu, 0x647d0862u, 0xe7ccf5f0u,
213     0x5449a36fu, 0x877d48fau, 0xc39dfd27u, 0xf33e8d1eu,
214     0x0a476341u, 0x992eff74u, 0x3a6f6eabu, 0xf4f8fd37u,
215     0xa812dc60u, 0xa1ebddf8u, 0x991be14cu, 0xdb6e6b0du,
216     0xc67b5510u, 0x6d672c37u, 0x2765d43bu, 0xdcd0e804u,
217     0xf1290dc7u, 0xcc00ffa3u, 0xb5390f92u, 0x690fed0bu,
218     0x667b9ffbu, 0xcedb7d9cu, 0xa091cf0bu, 0xd9155ea3u,
219     0xbb132f88u, 0x515bad24u, 0x7b9479bfu, 0x763bd6ebu,
220     0x37392eb3u, 0xcc115979u, 0x8026e297u, 0xf42e312du,
221     0x6842ada7u, 0xc66a2b3bu, 0x12754cccu, 0x782ef11cu,
222     0x6a124237u, 0xb79251e7u, 0x06a1bbe6u, 0x4bfb6350u,
223     0x1a6b1018u, 0x11caedfau, 0x3d25bdd8u, 0xe2e1c3c9u,
224     0x44421659u, 0x0a121386u, 0xd90cec6eu, 0xd5abea2au,
225     0x64af674eu, 0xda86a85fu, 0xbebfe988u, 0x64e4c3feu,
226     0x9dbc8057u, 0xf0f7c086u, 0x60787bf8u, 0x6003604du,
227     0xd1fd8346u, 0xf6381fb0u, 0x7745ae04u, 0xd736fcccu,
228     0x83426b33u, 0xf01eab71u, 0xb0804187u, 0x3c005e5fu,
229     0x77a057beu, 0xbde8ae24u, 0x55464299u, 0xbf582e61u,
230     0x4e58f48fu, 0xf2ddfda2u, 0xf474ef38u, 0x8789bdc2u,
231     0x5366f9c3u, 0xc8b38e74u, 0xb475f255u, 0x46fcd9b9u,
232     0x7aeb2661u, 0x8b1ddf84u, 0x846a0e79u, 0x915f95e2u,
233     0x466e598eu, 0x20b45770u, 0x8cd55591u, 0xc902de4cu,
234     0xb90bace1u, 0xbb8205d0u, 0x11a86248u, 0x7574a99eu,
235     0xb77f19b6u, 0xe0a9dc09u, 0x662d09a1u, 0xc4324633u,
236     0xe85a1f02u, 0x09f0be8cu, 0x4a99a025u, 0x1d6efe10u,
237     0x1ab93d1du, 0x0ba5a4dfu, 0xa186f20fu, 0x2868f169u,
238     0xdcb7da83u, 0x573906feu, 0xa1e2ce9bu, 0x4fcd7f52u,
239     0x50115e01u, 0xa70683fau, 0xa002b5c4u, 0x0de6d027u,
240     0x9af88c27u, 0x773f8641u, 0xc3604c06u, 0x61a806b5u,
241     0xf0177a28u, 0xc0f586e0u, 0x006058aau, 0x30dc7d62u,
242     0x11e69ed7u, 0x2338ea63u, 0x53c2dd94u, 0xc2c21634u,
243     0xbbcbee56u, 0x90bcb6deu, 0xebfc7da1u, 0xce591d76u,
244     0x6f05e409u, 0x4b7c0188u, 0x39720a3du, 0x7c927c24u,
245     0x86e3725fu, 0x724d9db9u, 0x1ac15bb4u, 0xd39eb8fcu,
246     0xed545578u, 0x08fca5b5u, 0xd83d7cd3u, 0x4dad0fc4u,
247     0x1e50ef5eu, 0xb161e6f8u, 0xa28514d9u, 0x6c51133cu,
248     0x6fd5c7e7u, 0x56e14ec4u, 0x362abfceu, 0xddc6c837u,
249     0xd79a3234u, 0x92638212u, 0x670efa8eu, 0x406000e0u},
250    {0x3a39ce37u, 0xd3faf5cfu, 0xabc27737u, 0x5ac52d1bu,
251     0x5cb0679eu, 0x4fa33742u, 0xd3822740u, 0x99bc9bbeu,
252     0xd5118e9du, 0xbf0f7315u, 0xd62d1c7eu, 0xc700c47bu,
253     0xb78c1b6bu, 0x21a19045u, 0xb26eb1beu, 0x6a366eb4u,
254     0x5748ab2fu, 0xbc946e79u, 0xc6a376d2u, 0x6549c2c8u,
255     0x530ff8eeu, 0x468dde7du, 0xd5730a1du, 0x4cd04dc6u,
256     0x2939bbdbu, 0xa9ba4650u, 0xac9526e8u, 0xbe5ee304u,
257     0xa1fad5f0u, 0x6a2d519au, 0x63ef8ce2u, 0x9a86ee22u,
258     0xc089c2b8u, 0x43242ef6u, 0xa51e03aau, 0x9cf2d0a4u,
259     0x83c061bau, 0x9be96a4du, 0x8fe51550u, 0xba645bd6u,
260     0x2826a2f9u, 0xa73a3ae1u, 0x4ba99586u, 0xef5562e9u,
261     0xc72fefd3u, 0xf752f7dau, 0x3f046f69u, 0x77fa0a59u,
262     0x80e4a915u, 0x87b08601u, 0x9b09e6adu, 0x3b3ee593u,
263     0xe990fd5au, 0x9e34d797u, 0x2cf0b7d9u, 0x022b8b51u,
264     0x96d5ac3au, 0x017da67du, 0xd1cf3ed6u, 0x7c7d2d28u,
265     0x1f9f25cfu, 0xadf2b89bu, 0x5ad6b472u, 0x5a88f54cu,
266     0xe029ac71u, 0xe019a5e6u, 0x47b0acfdu, 0xed93fa9bu,
267     0xe8d3c48du, 0x283b57ccu, 0xf8d56629u, 0x79132e28u,
268     0x785f0191u, 0xed756055u, 0xf7960e44u, 0xe3d35e8cu,
269     0x15056dd4u, 0x88f46dbau, 0x03a16125u, 0x0564f0bdu,
270     0xc3eb9e15u, 0x3c9057a2u, 0x97271aecu, 0xa93a072au,
271     0x1b3f6d9bu, 0x1e6321f5u, 0xf59c66fbu, 0x26dcf319u,
272     0x7533d928u, 0xb155fdf5u, 0x03563482u, 0x8aba3cbbu,
273     0x28517711u, 0xc20ad9f8u, 0xabcc5167u, 0xccad925fu,
274     0x4de81751u, 0x3830dc8eu, 0x379d5862u, 0x9320f991u,
275     0xea7a90c2u, 0xfb3e7bceu, 0x5121ce64u, 0x774fbe32u,
276     0xa8b6e37eu, 0xc3293d46u, 0x48de5369u, 0x6413e680u,
277     0xa2ae0810u, 0xdd6db224u, 0x69852dfdu, 0x09072166u,
278     0xb39a460au, 0x6445c0ddu, 0x586cdecfu, 0x1c20c8aeu,
279     0x5bbef7ddu, 0x1b588d40u, 0xccd2017fu, 0x6bb4e3bbu,
280     0xdda26a7eu, 0x3a59ff45u, 0x3e350a44u, 0xbcb4cdd5u,
281     0x72eacea8u, 0xfa6484bbu, 0x8d6612aeu, 0xbf3c6f47u,
282     0xd29be463u, 0x542f5d9eu, 0xaec2771bu, 0xf64e6370u,
283     0x740e0d8du, 0xe75b1357u, 0xf8721671u, 0xaf537d5du,
284     0x4040cb08u, 0x4eb4e2ccu, 0x34d2466au, 0x0115af84u,
285     0xe1b00428u, 0x95983a1du, 0x06b89fb4u, 0xce6ea048u,
286     0x6f3f3b82u, 0x3520ab82u, 0x011a1d4bu, 0x277227f8u,
287     0x611560b1u, 0xe7933fdcu, 0xbb3a792bu, 0x344525bdu,
288     0xa08839e1u, 0x51ce794bu, 0x2f32c9b7u, 0xa01fbac9u,
289     0xe01cc87eu, 0xbcc7d1f6u, 0xcf0111c3u, 0xa1e8aac7u,
290     0x1a908749u, 0xd44fbd9au, 0xd0dadecbu, 0xd50ada38u,
291     0x0339c32au, 0xc6913667u, 0x8df9317cu, 0xe0b12b4fu,
292     0xf79e59b7u, 0x43f5bb3au, 0xf2d519ffu, 0x27d9459cu,
293     0xbf97222cu, 0x15e6fc2au, 0x0f91fc71u, 0x9b941525u,
294     0xfae59361u, 0xceb69cebu, 0xc2a86459u, 0x12baa8d1u,
295     0xb6c1075eu, 0xe3056a0cu, 0x10d25065u, 0xcb03a442u,
296     0xe0ec6e0eu, 0x1698db3bu, 0x4c98a0beu, 0x3278e964u,
297     0x9f1f9532u, 0xe0d392dfu, 0xd3a0342bu, 0x8971f21eu,
298     0x1b0a7441u, 0x4ba3348cu, 0xc5be7120u, 0xc37632d8u,
299     0xdf359f8du, 0x9b992f2eu, 0xe60b6f47u, 0x0fe3f11du,
300     0xe54cda54u, 0x1edad891u, 0xce6279cfu, 0xcd3e7e6fu,
301     0x1618b166u, 0xfd2c1d05u, 0x848fd2c5u, 0xf6fb2299u,
302     0xf523f357u, 0xa6327623u, 0x93a83531u, 0x56cccd02u,
303     0xacf08162u, 0x5a75ebb5u, 0x6e163697u, 0x88d273ccu,
304     0xde966292u, 0x81b949d0u, 0x4c50901bu, 0x71c65614u,
305     0xe6c6c7bdu, 0x327a140au, 0x45e1d006u, 0xc3f27b9au,
306     0xc9aa53fdu, 0x62a80f00u, 0xbb25bfe2u, 0x35bdd2f6u,
307     0x71126905u, 0xb2040222u, 0xb6cbcf7cu, 0xcd769c2bu,
308     0x53113ec0u, 0x1640e3d3u, 0x38abbd60u, 0x2547adf0u,
309     0xba38209cu, 0xf746ce76u, 0x77afa1c5u, 0x20756060u,
310     0x85cbfe4eu, 0x8ae88dd8u, 0x7aaaf9b0u, 0x4cf9aa7eu,
311     0x1948c25cu, 0x02fb8a8cu, 0x01c36ae4u, 0xd6ebe1f9u,
312     0x90d4f869u, 0xa65cdea0u, 0x3f09252du, 0xc208e69fu,
313     0xb74e6132u, 0xce77e25bu, 0x578fdfe3u, 0x3ac372e6u
314  }
315 };
316 
317 
318 #define F1(i) \
319     xl ^= pax[i]; \
320     xr ^= ((sbx[0][xl >> 24] + \
321     sbx[1][(xl & 0xFF0000) >> 16]) ^ \
322     sbx[2][(xl & 0xFF00) >> 8]) + \
323     sbx[3][xl & 0xFF];
324 
325 #define F2(i) \
326     xr ^= pax[i]; \
327     xl ^= ((sbx[0][xr >> 24] + \
328     sbx[1][(xr & 0xFF0000) >> 16]) ^ \
329     sbx[2][(xr & 0xFF00) >> 8]) + \
330     sbx[3][xr & 0xFF];
331 
332 
333     static void
334 bf_e_block(p_xl, p_xr)
335     UINT32_T *p_xl;
336     UINT32_T *p_xr;
337 {
338     UINT32_T temp, xl = *p_xl, xr = *p_xr;
339 
340     F1(0) F2(1) F1(2) F2(3) F1(4) F2(5) F1(6) F2(7)
341     F1(8) F2(9) F1(10) F2(11) F1(12) F2(13) F1(14) F2(15)
342     xl ^= pax[16];
343     xr ^= pax[17];
344     temp = xl;
345     xl = xr;
346     xr = temp;
347     *p_xl = xl;
348     *p_xr = xr;
349 }
350 
351 #if 0  /* not used */
352     static void
353 bf_d_block(p_xl, p_xr)
354     UINT32_T *p_xl;
355     UINT32_T *p_xr;
356 {
357     UINT32_T temp, xl = *p_xl, xr = *p_xr;
358     F1(17) F2(16) F1(15) F2(14) F1(13) F2(12) F1(11) F2(10)
359     F1(9) F2(8) F1(7) F2(6) F1(5) F2(4) F1(3) F2(2)
360     xl ^= pax[1];
361     xr ^= pax[0];
362     temp = xl; xl = xr; xr = temp;
363     *p_xl = xl; *p_xr = xr;
364 }
365 #endif
366 
367 
368 #ifdef WORDS_BIGENDIAN
369 # define htonl2(x) \
370     x = ((((x) &     0xffL) << 24) | (((x) & 0xff00L)     <<  8) | \
371 	 (((x) & 0xff0000L) >>  8) | (((x) & 0xff000000L) >> 24))
372 #else
373 # define htonl2(x)
374 #endif
375 
376     static void
377 bf_e_cblock(block)
378     char_u *block;
379 {
380     block8	bk;
381 
382     memcpy(bk.uc, block, 8);
383     htonl2(bk.ul[0]);
384     htonl2(bk.ul[1]);
385     bf_e_block(&bk.ul[0], &bk.ul[1]);
386     htonl2(bk.ul[0]);
387     htonl2(bk.ul[1]);
388     memcpy(block, bk.uc, 8);
389 }
390 
391 #if 0  /* not used */
392     void
393 bf_d_cblock(block)
394     char_u *block;
395 {
396     block8 bk;
397     memcpy(bk.uc, block, 8);
398     htonl2(bk.ul[0]); htonl2(bk.ul[1]);
399     bf_d_block(&bk.ul[0], &bk.ul[1]);
400     htonl2(bk.ul[0]); htonl2(bk.ul[1]);
401     memcpy(block, bk.uc, 8);
402 }
403 #endif
404 
405 /*
406  * Initialize the crypt method using "password" as the encryption key and
407  * "salt[salt_len]" as the salt.
408  */
409     void
410 bf_key_init(password, salt, salt_len)
411     char_u *password;
412     char_u *salt;
413     int    salt_len;
414 {
415     int      i, j, keypos = 0;
416     UINT32_T val, data_l, data_r;
417     char_u   *key;
418     int      keylen;
419 
420     /* Process the key 1000 times.
421      * See http://en.wikipedia.org/wiki/Key_strengthening. */
422     key = sha256_key(password, salt, salt_len);
423     for (i = 0; i < 1000; i++)
424         key = sha256_key(key, salt, salt_len);
425 
426     /* Convert the key from 64 hex chars to 32 binary chars. */
427     keylen = (int)STRLEN(key) / 2;
428     if (keylen == 0)
429     {
430 	EMSG(_("E831: bf_key_init() called with empty password"));
431 	return;
432     }
433     for (i = 0; i < keylen; i++)
434     {
435         sscanf((char *)&key[i * 2], "%2x", &j);
436         key[i] = j;
437     }
438 
439     mch_memmove(sbx, sbi, 4 * 4 * 256);
440 
441     for (i = 0; i < 18; ++i)
442     {
443 	val = 0;
444 	for (j = 0; j < 4; ++j)
445 	    val = (val << 8) | key[keypos++ % keylen];
446 	pax[i] = ipa[i] ^ val;
447     }
448 
449     data_l = data_r = 0;
450     for (i = 0; i < 18; i += 2)
451     {
452 	bf_e_block(&data_l, &data_r);
453 	pax[i + 0] = data_l;
454 	pax[i + 1] = data_r;
455     }
456 
457     for (i = 0; i < 4; ++i)
458     {
459 	for (j = 0; j < 256; j += 2)
460 	{
461 	    bf_e_block(&data_l, &data_r);
462 	    sbx[i][j + 0] = data_l;
463 	    sbx[i][j + 1] = data_r;
464 	}
465     }
466 }
467 
468 /*
469  * BF Self test for corrupted tables or instructions
470  */
471     static int
472 bf_check_tables(ipa, sbi, val)
473     UINT32_T ipa[18];
474     UINT32_T sbi[4][256];
475     UINT32_T val;
476 {
477     int i, j;
478     UINT32_T c = 0;
479 
480     for (i = 0; i < 18; i++)
481 	c ^= ipa[i];
482     for (i = 0; i < 4; i++)
483 	for (j = 0; j < 256; j++)
484 	    c ^= sbi[i][j];
485     return c == val;
486 }
487 
488 typedef struct {
489     char_u   password[64];
490     char_u   salt[9];
491     char_u   plaintxt[9];
492     char_u   cryptxt[9];
493     char_u   badcryptxt[9]; /* cryptxt when big/little endian is wrong */
494     UINT32_T keysum;
495 } struct_bf_test_data;
496 
497 /*
498  * Assert bf(password, plaintxt) is cryptxt.
499  * Assert csum(pax sbx(password)) is keysum.
500  */
501 static struct_bf_test_data bf_test_data[] = {
502   {
503       "password",
504       "salt",
505       "plaintxt",
506       "\xad\x3d\xfa\x7f\xe8\xea\x40\xf6", /* cryptxt */
507       "\x72\x50\x3b\x38\x10\x60\x22\xa7", /* badcryptxt */
508       0x56701b5du /* keysum */
509   },
510 };
511 
512 /*
513  * Return FAIL when there is something wrong with blowfish encryption.
514  */
515     static int
516 bf_self_test()
517 {
518     int    i, bn;
519     int    err = 0;
520     block8 bk;
521     UINT32_T ui = 0xffffffffUL;
522 
523     /* We can't simply use sizeof(UINT32_T), it would generate a compiler
524      * warning. */
525     if (ui != 0xffffffffUL || ui + 1 != 0) {
526 	err++;
527 	EMSG(_("E820: sizeof(uint32_t) != 4"));
528     }
529 
530     if (!bf_check_tables(ipa, sbi, 0x6ffa520a))
531 	err++;
532 
533     bn = ARRAY_LENGTH(bf_test_data);
534     for (i = 0; i < bn; i++)
535     {
536 	bf_key_init((char_u *)(bf_test_data[i].password),
537                     bf_test_data[i].salt,
538 		    (int)STRLEN(bf_test_data[i].salt));
539 	if (!bf_check_tables(pax, sbx, bf_test_data[i].keysum))
540 	    err++;
541 
542 	/* Don't modify bf_test_data[i].plaintxt, self test is idempotent. */
543 	memcpy(bk.uc, bf_test_data[i].plaintxt, 8);
544 	bf_e_cblock(bk.uc);
545 	if (memcmp(bk.uc, bf_test_data[i].cryptxt, 8) != 0)
546 	{
547 	    if (err == 0 && memcmp(bk.uc, bf_test_data[i].badcryptxt, 8) == 0)
548 		EMSG(_("E817: Blowfish big/little endian use wrong"));
549 	    err++;
550 	}
551     }
552 
553     return err > 0 ? FAIL : OK;
554 }
555 
556 /* Output feedback mode. */
557 static int randbyte_offset = 0;
558 static int update_offset = 0;
559 static char_u ofb_buffer[BF_OFB_LEN]; /* 64 bytes */
560 
561 /*
562  * Initialize with seed "iv[iv_len]".
563  */
564     void
565 bf_ofb_init(iv, iv_len)
566     char_u *iv;
567     int    iv_len;
568 {
569     int i, mi;
570 
571     randbyte_offset = update_offset = 0;
572     vim_memset(ofb_buffer, 0, BF_OFB_LEN);
573     if (iv_len > 0)
574     {
575 	mi = iv_len > BF_OFB_LEN ? iv_len : BF_OFB_LEN;
576 	for (i = 0; i < mi; i++)
577 	    ofb_buffer[i % BF_OFB_LEN] ^= iv[i % iv_len];
578     }
579 }
580 
581 #define BF_OFB_UPDATE(c) { \
582     ofb_buffer[update_offset] ^= (char_u)c; \
583     if (++update_offset == BF_OFB_LEN) \
584 	update_offset = 0; \
585 }
586 
587 #define BF_RANBYTE(t) { \
588     if ((randbyte_offset & BF_BLOCK_MASK) == 0) \
589 	bf_e_cblock(&ofb_buffer[randbyte_offset]); \
590     t = ofb_buffer[randbyte_offset]; \
591     if (++randbyte_offset == BF_OFB_LEN) \
592 	randbyte_offset = 0; \
593 }
594 
595 /*
596  * Encrypt "from[len]" into "to[len]".
597  * "from" and "to" can be equal to encrypt in place.
598  */
599     void
600 bf_crypt_encode(from, len, to)
601     char_u	*from;
602     size_t	len;
603     char_u	*to;
604 {
605     size_t	i;
606     int		ztemp, t;
607 
608     for (i = 0; i < len; ++i)
609     {
610 	ztemp = from[i];
611 	BF_RANBYTE(t);
612 	BF_OFB_UPDATE(ztemp);
613 	to[i] = t ^ ztemp;
614     }
615 }
616 
617 /*
618  * Decrypt "ptr[len]" in place.
619  */
620     void
621 bf_crypt_decode(ptr, len)
622     char_u	*ptr;
623     long	len;
624 {
625     char_u	*p;
626     int		t;
627 
628     for (p = ptr; p < ptr + len; ++p)
629     {
630 	BF_RANBYTE(t);
631 	*p ^= t;
632 	BF_OFB_UPDATE(*p);
633     }
634 }
635 
636 /*
637  * Initialize the encryption keys and the random header according to
638  * the given password.
639  */
640     void
641 bf_crypt_init_keys(passwd)
642     char_u *passwd;		/* password string with which to modify keys */
643 {
644     char_u *p;
645 
646     for (p = passwd; *p != NUL; ++p)
647     {
648 	BF_OFB_UPDATE(*p);
649     }
650 }
651 
652 static int save_randbyte_offset;
653 static int save_update_offset;
654 static char_u save_ofb_buffer[BF_OFB_LEN];
655 static UINT32_T save_pax[18];
656 static UINT32_T save_sbx[4][256];
657 
658 /*
659  * Save the current crypt state.  Can only be used once before
660  * bf_crypt_restore().
661  */
662     void
663 bf_crypt_save()
664 {
665     save_randbyte_offset = randbyte_offset;
666     save_update_offset = update_offset;
667     mch_memmove(save_ofb_buffer, ofb_buffer, BF_OFB_LEN);
668     mch_memmove(save_pax, pax, 4 * 18);
669     mch_memmove(save_sbx, sbx, 4 * 4 * 256);
670 }
671 
672 /*
673  * Restore the current crypt state.  Can only be used after
674  * bf_crypt_save().
675  */
676     void
677 bf_crypt_restore()
678 {
679     randbyte_offset = save_randbyte_offset;
680     update_offset = save_update_offset;
681     mch_memmove(ofb_buffer, save_ofb_buffer, BF_OFB_LEN);
682     mch_memmove(pax, save_pax, 4 * 18);
683     mch_memmove(sbx, save_sbx, 4 * 4 * 256);
684 }
685 
686 /*
687  * Run a test to check if the encryption works as expected.
688  * Give an error and return FAIL when not.
689  */
690     int
691 blowfish_self_test()
692 {
693     if (sha256_self_test() == FAIL)
694     {
695 	EMSG(_("E818: sha256 test failed"));
696 	return FAIL;
697     }
698     if (bf_self_test() == FAIL)
699     {
700 	EMSG(_("E819: Blowfish test failed"));
701 	return FAIL;
702     }
703     return OK;
704 }
705 
706 #endif /* FEAT_CRYPT */
707