xref: /vim-8.2.3635/src/blowfish.c (revision ea2d8d25) 
1 /* vi:set ts=8 sts=4 sw=4 noet:
2  *
3  * VIM - Vi IMproved	by Bram Moolenaar
4  *
5  * Do ":help uganda"  in Vim to read copying and usage conditions.
6  * Do ":help credits" in Vim to see a list of people who contributed.
7  * See README.txt for an overview of the Vim source code.
8  *
9  * Blowfish encryption for Vim; in Blowfish cipher feedback mode.
10  * Contributed by Mohsin Ahmed, http://www.cs.albany.edu/~mosh
11  * Based on http://www.schneier.com/blowfish.html by Bruce Schneier.
12  *
13  * There are two variants:
14  * - The old one "blowfish" has a flaw which makes it much easier to crack the
15  *   key.  To see this, make a text file with one line of 1000 "x" characters
16  *   and write it encrypted.  Use "xxd" to inspect the bytes in the file.  You
17  *   will see that a block of 8 bytes repeats 8 times.
18  * - The new one "blowfish2" is better.  It uses an 8 byte CFB to avoid the
19  *   repeats.
20  */
21 
22 #include "vim.h"
23 
24 #if defined(FEAT_CRYPT) || defined(PROTO)
25 
26 #define ARRAY_LENGTH(A)      (sizeof(A)/sizeof(A[0]))
27 
28 #define BF_BLOCK    8
29 #define BF_BLOCK_MASK 7
30 #define BF_MAX_CFB_LEN  (8 * BF_BLOCK)
31 
32 typedef union {
33     UINT32_T ul[2];
34     char_u   uc[8];
35 } block8;
36 
37 #if defined(MSWIN)
38   // MS-Windows is always little endian
39 #else
40 # ifdef HAVE_CONFIG_H
41    // in configure.ac AC_C_BIGENDIAN() defines WORDS_BIGENDIAN when needed
42 # else
43 #  error Please change this code to define WORDS_BIGENDIAN for big-endian machines.
44 # endif
45 #endif
46 
47 // The state of encryption, referenced by cryptstate_T.
48 typedef struct {
49     UINT32_T	pax[18];	    // P-array
50     UINT32_T	sbx[4][256];	    // S-boxes
51     int		randbyte_offset;
52     int		update_offset;
53     char_u	cfb_buffer[BF_MAX_CFB_LEN]; // up to 64 bytes used
54     int		cfb_len;	    // size of cfb_buffer actually used
55 } bf_state_T;
56 
57 
58 // Blowfish code
59 static UINT32_T pax_init[18] = {
60     0x243f6a88u, 0x85a308d3u, 0x13198a2eu,
61     0x03707344u, 0xa4093822u, 0x299f31d0u,
62     0x082efa98u, 0xec4e6c89u, 0x452821e6u,
63     0x38d01377u, 0xbe5466cfu, 0x34e90c6cu,
64     0xc0ac29b7u, 0xc97c50ddu, 0x3f84d5b5u,
65     0xb5470917u, 0x9216d5d9u, 0x8979fb1bu
66 };
67 
68 static UINT32_T sbx_init[4][256] = {
69    {0xd1310ba6u, 0x98dfb5acu, 0x2ffd72dbu, 0xd01adfb7u,
70     0xb8e1afedu, 0x6a267e96u, 0xba7c9045u, 0xf12c7f99u,
71     0x24a19947u, 0xb3916cf7u, 0x0801f2e2u, 0x858efc16u,
72     0x636920d8u, 0x71574e69u, 0xa458fea3u, 0xf4933d7eu,
73     0x0d95748fu, 0x728eb658u, 0x718bcd58u, 0x82154aeeu,
74     0x7b54a41du, 0xc25a59b5u, 0x9c30d539u, 0x2af26013u,
75     0xc5d1b023u, 0x286085f0u, 0xca417918u, 0xb8db38efu,
76     0x8e79dcb0u, 0x603a180eu, 0x6c9e0e8bu, 0xb01e8a3eu,
77     0xd71577c1u, 0xbd314b27u, 0x78af2fdau, 0x55605c60u,
78     0xe65525f3u, 0xaa55ab94u, 0x57489862u, 0x63e81440u,
79     0x55ca396au, 0x2aab10b6u, 0xb4cc5c34u, 0x1141e8ceu,
80     0xa15486afu, 0x7c72e993u, 0xb3ee1411u, 0x636fbc2au,
81     0x2ba9c55du, 0x741831f6u, 0xce5c3e16u, 0x9b87931eu,
82     0xafd6ba33u, 0x6c24cf5cu, 0x7a325381u, 0x28958677u,
83     0x3b8f4898u, 0x6b4bb9afu, 0xc4bfe81bu, 0x66282193u,
84     0x61d809ccu, 0xfb21a991u, 0x487cac60u, 0x5dec8032u,
85     0xef845d5du, 0xe98575b1u, 0xdc262302u, 0xeb651b88u,
86     0x23893e81u, 0xd396acc5u, 0x0f6d6ff3u, 0x83f44239u,
87     0x2e0b4482u, 0xa4842004u, 0x69c8f04au, 0x9e1f9b5eu,
88     0x21c66842u, 0xf6e96c9au, 0x670c9c61u, 0xabd388f0u,
89     0x6a51a0d2u, 0xd8542f68u, 0x960fa728u, 0xab5133a3u,
90     0x6eef0b6cu, 0x137a3be4u, 0xba3bf050u, 0x7efb2a98u,
91     0xa1f1651du, 0x39af0176u, 0x66ca593eu, 0x82430e88u,
92     0x8cee8619u, 0x456f9fb4u, 0x7d84a5c3u, 0x3b8b5ebeu,
93     0xe06f75d8u, 0x85c12073u, 0x401a449fu, 0x56c16aa6u,
94     0x4ed3aa62u, 0x363f7706u, 0x1bfedf72u, 0x429b023du,
95     0x37d0d724u, 0xd00a1248u, 0xdb0fead3u, 0x49f1c09bu,
96     0x075372c9u, 0x80991b7bu, 0x25d479d8u, 0xf6e8def7u,
97     0xe3fe501au, 0xb6794c3bu, 0x976ce0bdu, 0x04c006bau,
98     0xc1a94fb6u, 0x409f60c4u, 0x5e5c9ec2u, 0x196a2463u,
99     0x68fb6fafu, 0x3e6c53b5u, 0x1339b2ebu, 0x3b52ec6fu,
100     0x6dfc511fu, 0x9b30952cu, 0xcc814544u, 0xaf5ebd09u,
101     0xbee3d004u, 0xde334afdu, 0x660f2807u, 0x192e4bb3u,
102     0xc0cba857u, 0x45c8740fu, 0xd20b5f39u, 0xb9d3fbdbu,
103     0x5579c0bdu, 0x1a60320au, 0xd6a100c6u, 0x402c7279u,
104     0x679f25feu, 0xfb1fa3ccu, 0x8ea5e9f8u, 0xdb3222f8u,
105     0x3c7516dfu, 0xfd616b15u, 0x2f501ec8u, 0xad0552abu,
106     0x323db5fau, 0xfd238760u, 0x53317b48u, 0x3e00df82u,
107     0x9e5c57bbu, 0xca6f8ca0u, 0x1a87562eu, 0xdf1769dbu,
108     0xd542a8f6u, 0x287effc3u, 0xac6732c6u, 0x8c4f5573u,
109     0x695b27b0u, 0xbbca58c8u, 0xe1ffa35du, 0xb8f011a0u,
110     0x10fa3d98u, 0xfd2183b8u, 0x4afcb56cu, 0x2dd1d35bu,
111     0x9a53e479u, 0xb6f84565u, 0xd28e49bcu, 0x4bfb9790u,
112     0xe1ddf2dau, 0xa4cb7e33u, 0x62fb1341u, 0xcee4c6e8u,
113     0xef20cadau, 0x36774c01u, 0xd07e9efeu, 0x2bf11fb4u,
114     0x95dbda4du, 0xae909198u, 0xeaad8e71u, 0x6b93d5a0u,
115     0xd08ed1d0u, 0xafc725e0u, 0x8e3c5b2fu, 0x8e7594b7u,
116     0x8ff6e2fbu, 0xf2122b64u, 0x8888b812u, 0x900df01cu,
117     0x4fad5ea0u, 0x688fc31cu, 0xd1cff191u, 0xb3a8c1adu,
118     0x2f2f2218u, 0xbe0e1777u, 0xea752dfeu, 0x8b021fa1u,
119     0xe5a0cc0fu, 0xb56f74e8u, 0x18acf3d6u, 0xce89e299u,
120     0xb4a84fe0u, 0xfd13e0b7u, 0x7cc43b81u, 0xd2ada8d9u,
121     0x165fa266u, 0x80957705u, 0x93cc7314u, 0x211a1477u,
122     0xe6ad2065u, 0x77b5fa86u, 0xc75442f5u, 0xfb9d35cfu,
123     0xebcdaf0cu, 0x7b3e89a0u, 0xd6411bd3u, 0xae1e7e49u,
124     0x00250e2du, 0x2071b35eu, 0x226800bbu, 0x57b8e0afu,
125     0x2464369bu, 0xf009b91eu, 0x5563911du, 0x59dfa6aau,
126     0x78c14389u, 0xd95a537fu, 0x207d5ba2u, 0x02e5b9c5u,
127     0x83260376u, 0x6295cfa9u, 0x11c81968u, 0x4e734a41u,
128     0xb3472dcau, 0x7b14a94au, 0x1b510052u, 0x9a532915u,
129     0xd60f573fu, 0xbc9bc6e4u, 0x2b60a476u, 0x81e67400u,
130     0x08ba6fb5u, 0x571be91fu, 0xf296ec6bu, 0x2a0dd915u,
131     0xb6636521u, 0xe7b9f9b6u, 0xff34052eu, 0xc5855664u,
132     0x53b02d5du, 0xa99f8fa1u, 0x08ba4799u, 0x6e85076au},
133    {0x4b7a70e9u, 0xb5b32944u, 0xdb75092eu, 0xc4192623u,
134     0xad6ea6b0u, 0x49a7df7du, 0x9cee60b8u, 0x8fedb266u,
135     0xecaa8c71u, 0x699a17ffu, 0x5664526cu, 0xc2b19ee1u,
136     0x193602a5u, 0x75094c29u, 0xa0591340u, 0xe4183a3eu,
137     0x3f54989au, 0x5b429d65u, 0x6b8fe4d6u, 0x99f73fd6u,
138     0xa1d29c07u, 0xefe830f5u, 0x4d2d38e6u, 0xf0255dc1u,
139     0x4cdd2086u, 0x8470eb26u, 0x6382e9c6u, 0x021ecc5eu,
140     0x09686b3fu, 0x3ebaefc9u, 0x3c971814u, 0x6b6a70a1u,
141     0x687f3584u, 0x52a0e286u, 0xb79c5305u, 0xaa500737u,
142     0x3e07841cu, 0x7fdeae5cu, 0x8e7d44ecu, 0x5716f2b8u,
143     0xb03ada37u, 0xf0500c0du, 0xf01c1f04u, 0x0200b3ffu,
144     0xae0cf51au, 0x3cb574b2u, 0x25837a58u, 0xdc0921bdu,
145     0xd19113f9u, 0x7ca92ff6u, 0x94324773u, 0x22f54701u,
146     0x3ae5e581u, 0x37c2dadcu, 0xc8b57634u, 0x9af3dda7u,
147     0xa9446146u, 0x0fd0030eu, 0xecc8c73eu, 0xa4751e41u,
148     0xe238cd99u, 0x3bea0e2fu, 0x3280bba1u, 0x183eb331u,
149     0x4e548b38u, 0x4f6db908u, 0x6f420d03u, 0xf60a04bfu,
150     0x2cb81290u, 0x24977c79u, 0x5679b072u, 0xbcaf89afu,
151     0xde9a771fu, 0xd9930810u, 0xb38bae12u, 0xdccf3f2eu,
152     0x5512721fu, 0x2e6b7124u, 0x501adde6u, 0x9f84cd87u,
153     0x7a584718u, 0x7408da17u, 0xbc9f9abcu, 0xe94b7d8cu,
154     0xec7aec3au, 0xdb851dfau, 0x63094366u, 0xc464c3d2u,
155     0xef1c1847u, 0x3215d908u, 0xdd433b37u, 0x24c2ba16u,
156     0x12a14d43u, 0x2a65c451u, 0x50940002u, 0x133ae4ddu,
157     0x71dff89eu, 0x10314e55u, 0x81ac77d6u, 0x5f11199bu,
158     0x043556f1u, 0xd7a3c76bu, 0x3c11183bu, 0x5924a509u,
159     0xf28fe6edu, 0x97f1fbfau, 0x9ebabf2cu, 0x1e153c6eu,
160     0x86e34570u, 0xeae96fb1u, 0x860e5e0au, 0x5a3e2ab3u,
161     0x771fe71cu, 0x4e3d06fau, 0x2965dcb9u, 0x99e71d0fu,
162     0x803e89d6u, 0x5266c825u, 0x2e4cc978u, 0x9c10b36au,
163     0xc6150ebau, 0x94e2ea78u, 0xa5fc3c53u, 0x1e0a2df4u,
164     0xf2f74ea7u, 0x361d2b3du, 0x1939260fu, 0x19c27960u,
165     0x5223a708u, 0xf71312b6u, 0xebadfe6eu, 0xeac31f66u,
166     0xe3bc4595u, 0xa67bc883u, 0xb17f37d1u, 0x018cff28u,
167     0xc332ddefu, 0xbe6c5aa5u, 0x65582185u, 0x68ab9802u,
168     0xeecea50fu, 0xdb2f953bu, 0x2aef7dadu, 0x5b6e2f84u,
169     0x1521b628u, 0x29076170u, 0xecdd4775u, 0x619f1510u,
170     0x13cca830u, 0xeb61bd96u, 0x0334fe1eu, 0xaa0363cfu,
171     0xb5735c90u, 0x4c70a239u, 0xd59e9e0bu, 0xcbaade14u,
172     0xeecc86bcu, 0x60622ca7u, 0x9cab5cabu, 0xb2f3846eu,
173     0x648b1eafu, 0x19bdf0cau, 0xa02369b9u, 0x655abb50u,
174     0x40685a32u, 0x3c2ab4b3u, 0x319ee9d5u, 0xc021b8f7u,
175     0x9b540b19u, 0x875fa099u, 0x95f7997eu, 0x623d7da8u,
176     0xf837889au, 0x97e32d77u, 0x11ed935fu, 0x16681281u,
177     0x0e358829u, 0xc7e61fd6u, 0x96dedfa1u, 0x7858ba99u,
178     0x57f584a5u, 0x1b227263u, 0x9b83c3ffu, 0x1ac24696u,
179     0xcdb30aebu, 0x532e3054u, 0x8fd948e4u, 0x6dbc3128u,
180     0x58ebf2efu, 0x34c6ffeau, 0xfe28ed61u, 0xee7c3c73u,
181     0x5d4a14d9u, 0xe864b7e3u, 0x42105d14u, 0x203e13e0u,
182     0x45eee2b6u, 0xa3aaabeau, 0xdb6c4f15u, 0xfacb4fd0u,
183     0xc742f442u, 0xef6abbb5u, 0x654f3b1du, 0x41cd2105u,
184     0xd81e799eu, 0x86854dc7u, 0xe44b476au, 0x3d816250u,
185     0xcf62a1f2u, 0x5b8d2646u, 0xfc8883a0u, 0xc1c7b6a3u,
186     0x7f1524c3u, 0x69cb7492u, 0x47848a0bu, 0x5692b285u,
187     0x095bbf00u, 0xad19489du, 0x1462b174u, 0x23820e00u,
188     0x58428d2au, 0x0c55f5eau, 0x1dadf43eu, 0x233f7061u,
189     0x3372f092u, 0x8d937e41u, 0xd65fecf1u, 0x6c223bdbu,
190     0x7cde3759u, 0xcbee7460u, 0x4085f2a7u, 0xce77326eu,
191     0xa6078084u, 0x19f8509eu, 0xe8efd855u, 0x61d99735u,
192     0xa969a7aau, 0xc50c06c2u, 0x5a04abfcu, 0x800bcadcu,
193     0x9e447a2eu, 0xc3453484u, 0xfdd56705u, 0x0e1e9ec9u,
194     0xdb73dbd3u, 0x105588cdu, 0x675fda79u, 0xe3674340u,
195     0xc5c43465u, 0x713e38d8u, 0x3d28f89eu, 0xf16dff20u,
196     0x153e21e7u, 0x8fb03d4au, 0xe6e39f2bu, 0xdb83adf7u},
197    {0xe93d5a68u, 0x948140f7u, 0xf64c261cu, 0x94692934u,
198     0x411520f7u, 0x7602d4f7u, 0xbcf46b2eu, 0xd4a20068u,
199     0xd4082471u, 0x3320f46au, 0x43b7d4b7u, 0x500061afu,
200     0x1e39f62eu, 0x97244546u, 0x14214f74u, 0xbf8b8840u,
201     0x4d95fc1du, 0x96b591afu, 0x70f4ddd3u, 0x66a02f45u,
202     0xbfbc09ecu, 0x03bd9785u, 0x7fac6dd0u, 0x31cb8504u,
203     0x96eb27b3u, 0x55fd3941u, 0xda2547e6u, 0xabca0a9au,
204     0x28507825u, 0x530429f4u, 0x0a2c86dau, 0xe9b66dfbu,
205     0x68dc1462u, 0xd7486900u, 0x680ec0a4u, 0x27a18deeu,
206     0x4f3ffea2u, 0xe887ad8cu, 0xb58ce006u, 0x7af4d6b6u,
207     0xaace1e7cu, 0xd3375fecu, 0xce78a399u, 0x406b2a42u,
208     0x20fe9e35u, 0xd9f385b9u, 0xee39d7abu, 0x3b124e8bu,
209     0x1dc9faf7u, 0x4b6d1856u, 0x26a36631u, 0xeae397b2u,
210     0x3a6efa74u, 0xdd5b4332u, 0x6841e7f7u, 0xca7820fbu,
211     0xfb0af54eu, 0xd8feb397u, 0x454056acu, 0xba489527u,
212     0x55533a3au, 0x20838d87u, 0xfe6ba9b7u, 0xd096954bu,
213     0x55a867bcu, 0xa1159a58u, 0xcca92963u, 0x99e1db33u,
214     0xa62a4a56u, 0x3f3125f9u, 0x5ef47e1cu, 0x9029317cu,
215     0xfdf8e802u, 0x04272f70u, 0x80bb155cu, 0x05282ce3u,
216     0x95c11548u, 0xe4c66d22u, 0x48c1133fu, 0xc70f86dcu,
217     0x07f9c9eeu, 0x41041f0fu, 0x404779a4u, 0x5d886e17u,
218     0x325f51ebu, 0xd59bc0d1u, 0xf2bcc18fu, 0x41113564u,
219     0x257b7834u, 0x602a9c60u, 0xdff8e8a3u, 0x1f636c1bu,
220     0x0e12b4c2u, 0x02e1329eu, 0xaf664fd1u, 0xcad18115u,
221     0x6b2395e0u, 0x333e92e1u, 0x3b240b62u, 0xeebeb922u,
222     0x85b2a20eu, 0xe6ba0d99u, 0xde720c8cu, 0x2da2f728u,
223     0xd0127845u, 0x95b794fdu, 0x647d0862u, 0xe7ccf5f0u,
224     0x5449a36fu, 0x877d48fau, 0xc39dfd27u, 0xf33e8d1eu,
225     0x0a476341u, 0x992eff74u, 0x3a6f6eabu, 0xf4f8fd37u,
226     0xa812dc60u, 0xa1ebddf8u, 0x991be14cu, 0xdb6e6b0du,
227     0xc67b5510u, 0x6d672c37u, 0x2765d43bu, 0xdcd0e804u,
228     0xf1290dc7u, 0xcc00ffa3u, 0xb5390f92u, 0x690fed0bu,
229     0x667b9ffbu, 0xcedb7d9cu, 0xa091cf0bu, 0xd9155ea3u,
230     0xbb132f88u, 0x515bad24u, 0x7b9479bfu, 0x763bd6ebu,
231     0x37392eb3u, 0xcc115979u, 0x8026e297u, 0xf42e312du,
232     0x6842ada7u, 0xc66a2b3bu, 0x12754cccu, 0x782ef11cu,
233     0x6a124237u, 0xb79251e7u, 0x06a1bbe6u, 0x4bfb6350u,
234     0x1a6b1018u, 0x11caedfau, 0x3d25bdd8u, 0xe2e1c3c9u,
235     0x44421659u, 0x0a121386u, 0xd90cec6eu, 0xd5abea2au,
236     0x64af674eu, 0xda86a85fu, 0xbebfe988u, 0x64e4c3feu,
237     0x9dbc8057u, 0xf0f7c086u, 0x60787bf8u, 0x6003604du,
238     0xd1fd8346u, 0xf6381fb0u, 0x7745ae04u, 0xd736fcccu,
239     0x83426b33u, 0xf01eab71u, 0xb0804187u, 0x3c005e5fu,
240     0x77a057beu, 0xbde8ae24u, 0x55464299u, 0xbf582e61u,
241     0x4e58f48fu, 0xf2ddfda2u, 0xf474ef38u, 0x8789bdc2u,
242     0x5366f9c3u, 0xc8b38e74u, 0xb475f255u, 0x46fcd9b9u,
243     0x7aeb2661u, 0x8b1ddf84u, 0x846a0e79u, 0x915f95e2u,
244     0x466e598eu, 0x20b45770u, 0x8cd55591u, 0xc902de4cu,
245     0xb90bace1u, 0xbb8205d0u, 0x11a86248u, 0x7574a99eu,
246     0xb77f19b6u, 0xe0a9dc09u, 0x662d09a1u, 0xc4324633u,
247     0xe85a1f02u, 0x09f0be8cu, 0x4a99a025u, 0x1d6efe10u,
248     0x1ab93d1du, 0x0ba5a4dfu, 0xa186f20fu, 0x2868f169u,
249     0xdcb7da83u, 0x573906feu, 0xa1e2ce9bu, 0x4fcd7f52u,
250     0x50115e01u, 0xa70683fau, 0xa002b5c4u, 0x0de6d027u,
251     0x9af88c27u, 0x773f8641u, 0xc3604c06u, 0x61a806b5u,
252     0xf0177a28u, 0xc0f586e0u, 0x006058aau, 0x30dc7d62u,
253     0x11e69ed7u, 0x2338ea63u, 0x53c2dd94u, 0xc2c21634u,
254     0xbbcbee56u, 0x90bcb6deu, 0xebfc7da1u, 0xce591d76u,
255     0x6f05e409u, 0x4b7c0188u, 0x39720a3du, 0x7c927c24u,
256     0x86e3725fu, 0x724d9db9u, 0x1ac15bb4u, 0xd39eb8fcu,
257     0xed545578u, 0x08fca5b5u, 0xd83d7cd3u, 0x4dad0fc4u,
258     0x1e50ef5eu, 0xb161e6f8u, 0xa28514d9u, 0x6c51133cu,
259     0x6fd5c7e7u, 0x56e14ec4u, 0x362abfceu, 0xddc6c837u,
260     0xd79a3234u, 0x92638212u, 0x670efa8eu, 0x406000e0u},
261    {0x3a39ce37u, 0xd3faf5cfu, 0xabc27737u, 0x5ac52d1bu,
262     0x5cb0679eu, 0x4fa33742u, 0xd3822740u, 0x99bc9bbeu,
263     0xd5118e9du, 0xbf0f7315u, 0xd62d1c7eu, 0xc700c47bu,
264     0xb78c1b6bu, 0x21a19045u, 0xb26eb1beu, 0x6a366eb4u,
265     0x5748ab2fu, 0xbc946e79u, 0xc6a376d2u, 0x6549c2c8u,
266     0x530ff8eeu, 0x468dde7du, 0xd5730a1du, 0x4cd04dc6u,
267     0x2939bbdbu, 0xa9ba4650u, 0xac9526e8u, 0xbe5ee304u,
268     0xa1fad5f0u, 0x6a2d519au, 0x63ef8ce2u, 0x9a86ee22u,
269     0xc089c2b8u, 0x43242ef6u, 0xa51e03aau, 0x9cf2d0a4u,
270     0x83c061bau, 0x9be96a4du, 0x8fe51550u, 0xba645bd6u,
271     0x2826a2f9u, 0xa73a3ae1u, 0x4ba99586u, 0xef5562e9u,
272     0xc72fefd3u, 0xf752f7dau, 0x3f046f69u, 0x77fa0a59u,
273     0x80e4a915u, 0x87b08601u, 0x9b09e6adu, 0x3b3ee593u,
274     0xe990fd5au, 0x9e34d797u, 0x2cf0b7d9u, 0x022b8b51u,
275     0x96d5ac3au, 0x017da67du, 0xd1cf3ed6u, 0x7c7d2d28u,
276     0x1f9f25cfu, 0xadf2b89bu, 0x5ad6b472u, 0x5a88f54cu,
277     0xe029ac71u, 0xe019a5e6u, 0x47b0acfdu, 0xed93fa9bu,
278     0xe8d3c48du, 0x283b57ccu, 0xf8d56629u, 0x79132e28u,
279     0x785f0191u, 0xed756055u, 0xf7960e44u, 0xe3d35e8cu,
280     0x15056dd4u, 0x88f46dbau, 0x03a16125u, 0x0564f0bdu,
281     0xc3eb9e15u, 0x3c9057a2u, 0x97271aecu, 0xa93a072au,
282     0x1b3f6d9bu, 0x1e6321f5u, 0xf59c66fbu, 0x26dcf319u,
283     0x7533d928u, 0xb155fdf5u, 0x03563482u, 0x8aba3cbbu,
284     0x28517711u, 0xc20ad9f8u, 0xabcc5167u, 0xccad925fu,
285     0x4de81751u, 0x3830dc8eu, 0x379d5862u, 0x9320f991u,
286     0xea7a90c2u, 0xfb3e7bceu, 0x5121ce64u, 0x774fbe32u,
287     0xa8b6e37eu, 0xc3293d46u, 0x48de5369u, 0x6413e680u,
288     0xa2ae0810u, 0xdd6db224u, 0x69852dfdu, 0x09072166u,
289     0xb39a460au, 0x6445c0ddu, 0x586cdecfu, 0x1c20c8aeu,
290     0x5bbef7ddu, 0x1b588d40u, 0xccd2017fu, 0x6bb4e3bbu,
291     0xdda26a7eu, 0x3a59ff45u, 0x3e350a44u, 0xbcb4cdd5u,
292     0x72eacea8u, 0xfa6484bbu, 0x8d6612aeu, 0xbf3c6f47u,
293     0xd29be463u, 0x542f5d9eu, 0xaec2771bu, 0xf64e6370u,
294     0x740e0d8du, 0xe75b1357u, 0xf8721671u, 0xaf537d5du,
295     0x4040cb08u, 0x4eb4e2ccu, 0x34d2466au, 0x0115af84u,
296     0xe1b00428u, 0x95983a1du, 0x06b89fb4u, 0xce6ea048u,
297     0x6f3f3b82u, 0x3520ab82u, 0x011a1d4bu, 0x277227f8u,
298     0x611560b1u, 0xe7933fdcu, 0xbb3a792bu, 0x344525bdu,
299     0xa08839e1u, 0x51ce794bu, 0x2f32c9b7u, 0xa01fbac9u,
300     0xe01cc87eu, 0xbcc7d1f6u, 0xcf0111c3u, 0xa1e8aac7u,
301     0x1a908749u, 0xd44fbd9au, 0xd0dadecbu, 0xd50ada38u,
302     0x0339c32au, 0xc6913667u, 0x8df9317cu, 0xe0b12b4fu,
303     0xf79e59b7u, 0x43f5bb3au, 0xf2d519ffu, 0x27d9459cu,
304     0xbf97222cu, 0x15e6fc2au, 0x0f91fc71u, 0x9b941525u,
305     0xfae59361u, 0xceb69cebu, 0xc2a86459u, 0x12baa8d1u,
306     0xb6c1075eu, 0xe3056a0cu, 0x10d25065u, 0xcb03a442u,
307     0xe0ec6e0eu, 0x1698db3bu, 0x4c98a0beu, 0x3278e964u,
308     0x9f1f9532u, 0xe0d392dfu, 0xd3a0342bu, 0x8971f21eu,
309     0x1b0a7441u, 0x4ba3348cu, 0xc5be7120u, 0xc37632d8u,
310     0xdf359f8du, 0x9b992f2eu, 0xe60b6f47u, 0x0fe3f11du,
311     0xe54cda54u, 0x1edad891u, 0xce6279cfu, 0xcd3e7e6fu,
312     0x1618b166u, 0xfd2c1d05u, 0x848fd2c5u, 0xf6fb2299u,
313     0xf523f357u, 0xa6327623u, 0x93a83531u, 0x56cccd02u,
314     0xacf08162u, 0x5a75ebb5u, 0x6e163697u, 0x88d273ccu,
315     0xde966292u, 0x81b949d0u, 0x4c50901bu, 0x71c65614u,
316     0xe6c6c7bdu, 0x327a140au, 0x45e1d006u, 0xc3f27b9au,
317     0xc9aa53fdu, 0x62a80f00u, 0xbb25bfe2u, 0x35bdd2f6u,
318     0x71126905u, 0xb2040222u, 0xb6cbcf7cu, 0xcd769c2bu,
319     0x53113ec0u, 0x1640e3d3u, 0x38abbd60u, 0x2547adf0u,
320     0xba38209cu, 0xf746ce76u, 0x77afa1c5u, 0x20756060u,
321     0x85cbfe4eu, 0x8ae88dd8u, 0x7aaaf9b0u, 0x4cf9aa7eu,
322     0x1948c25cu, 0x02fb8a8cu, 0x01c36ae4u, 0xd6ebe1f9u,
323     0x90d4f869u, 0xa65cdea0u, 0x3f09252du, 0xc208e69fu,
324     0xb74e6132u, 0xce77e25bu, 0x578fdfe3u, 0x3ac372e6u
325  }
326 };
327 
328 #define F1(i) \
329     xl ^= bfs->pax[i]; \
330     xr ^= ((bfs->sbx[0][xl >> 24] + \
331     bfs->sbx[1][(xl & 0xFF0000) >> 16]) ^ \
332     bfs->sbx[2][(xl & 0xFF00) >> 8]) + \
333     bfs->sbx[3][xl & 0xFF];
334 
335 #define F2(i) \
336     xr ^= bfs->pax[i]; \
337     xl ^= ((bfs->sbx[0][xr >> 24] + \
338     bfs->sbx[1][(xr & 0xFF0000) >> 16]) ^ \
339     bfs->sbx[2][(xr & 0xFF00) >> 8]) + \
340     bfs->sbx[3][xr & 0xFF];
341 
342     static void
343 bf_e_block(
344     bf_state_T *bfs,
345     UINT32_T *p_xl,
346     UINT32_T *p_xr)
347 {
348     UINT32_T temp;
349     UINT32_T xl = *p_xl;
350     UINT32_T xr = *p_xr;
351 
352     F1(0) F2(1)
353     F1(2) F2(3)
354     F1(4) F2(5)
355     F1(6) F2(7)
356     F1(8) F2(9)
357     F1(10) F2(11)
358     F1(12) F2(13)
359     F1(14) F2(15)
360     xl ^= bfs->pax[16];
361     xr ^= bfs->pax[17];
362     temp = xl;
363     xl = xr;
364     xr = temp;
365     *p_xl = xl;
366     *p_xr = xr;
367 }
368 
369 
370 #ifdef WORDS_BIGENDIAN
371 # define htonl2(x) \
372     x = ((((x) &     0xffL) << 24) | (((x) & 0xff00L)     <<  8) | \
373 	 (((x) & 0xff0000L) >>  8) | (((x) & 0xff000000L) >> 24))
374 #else
375 # define htonl2(x)
376 #endif
377 
378     static void
379 bf_e_cblock(
380     bf_state_T *bfs,
381     char_u *block)
382 {
383     block8	bk;
384 
385     memcpy(bk.uc, block, 8);
386     htonl2(bk.ul[0]);
387     htonl2(bk.ul[1]);
388     bf_e_block(bfs, &bk.ul[0], &bk.ul[1]);
389     htonl2(bk.ul[0]);
390     htonl2(bk.ul[1]);
391     memcpy(block, bk.uc, 8);
392 }
393 
394 /*
395  * Initialize the crypt method using "password" as the encryption key and
396  * "salt[salt_len]" as the salt.
397  */
398     static void
399 bf_key_init(
400     bf_state_T	*bfs,
401     char_u	*password,
402     char_u	*salt,
403     int		salt_len)
404 {
405     int      i, j, keypos = 0;
406     unsigned u;
407     UINT32_T val, data_l, data_r;
408     char_u   *key;
409     int      keylen;
410 
411     // Process the key 1001 times.
412     // See http://en.wikipedia.org/wiki/Key_strengthening.
413     key = sha256_key(password, salt, salt_len);
414     for (i = 0; i < 1000; i++)
415 	key = sha256_key(key, salt, salt_len);
416 
417     // Convert the key from 64 hex chars to 32 binary chars.
418     keylen = (int)STRLEN(key) / 2;
419     if (keylen == 0)
420     {
421 	iemsg(_("E831: bf_key_init() called with empty password"));
422 	return;
423     }
424     for (i = 0; i < keylen; i++)
425     {
426 	sscanf((char *)&key[i * 2], "%2x", &u);
427 	key[i] = u;
428     }
429 
430     // Use "key" to initialize the P-array ("pax") and S-boxes ("sbx") of
431     // Blowfish.
432     mch_memmove(bfs->sbx, sbx_init, 4 * 4 * 256);
433 
434     for (i = 0; i < 18; ++i)
435     {
436 	val = 0;
437 	for (j = 0; j < 4; ++j)
438 	    val = (val << 8) | key[keypos++ % keylen];
439 	bfs->pax[i] = pax_init[i] ^ val;
440     }
441 
442     data_l = data_r = 0;
443     for (i = 0; i < 18; i += 2)
444     {
445 	bf_e_block(bfs, &data_l, &data_r);
446 	bfs->pax[i + 0] = data_l;
447 	bfs->pax[i + 1] = data_r;
448     }
449 
450     for (i = 0; i < 4; ++i)
451     {
452 	for (j = 0; j < 256; j += 2)
453 	{
454 	    bf_e_block(bfs, &data_l, &data_r);
455 	    bfs->sbx[i][j + 0] = data_l;
456 	    bfs->sbx[i][j + 1] = data_r;
457 	}
458     }
459 }
460 
461 /*
462  * Blowfish self-test for corrupted tables or instructions.
463  */
464     static int
465 bf_check_tables(
466     UINT32_T pax[18],
467     UINT32_T sbx[4][256],
468     UINT32_T val)
469 {
470     int i, j;
471     UINT32_T c = 0;
472 
473     for (i = 0; i < 18; i++)
474 	c ^= pax[i];
475     for (i = 0; i < 4; i++)
476 	for (j = 0; j < 256; j++)
477 	    c ^= sbx[i][j];
478     return c == val;
479 }
480 
481 typedef struct {
482     char_u   password[64];
483     char_u   salt[9];
484     char_u   plaintxt[9];
485     char_u   cryptxt[9];
486     char_u   badcryptxt[9]; // cryptxt when big/little endian is wrong
487     UINT32_T keysum;
488 } struct_bf_test_data;
489 
490 /*
491  * Assert bf(password, plaintxt) is cryptxt.
492  * Assert csum(pax sbx(password)) is keysum.
493  */
494 static struct_bf_test_data bf_test_data[] = {
495   {
496       "password",
497       "salt",
498       "plaintxt",
499       "\xad\x3d\xfa\x7f\xe8\xea\x40\xf6", // cryptxt
500       "\x72\x50\x3b\x38\x10\x60\x22\xa7", // badcryptxt
501       0x56701b5du // keysum
502   },
503 };
504 
505 /*
506  * Return FAIL when there is something wrong with blowfish encryption.
507  */
508     static int
509 bf_self_test(void)
510 {
511     int    i, bn;
512     int    err = 0;
513     block8 bk;
514     UINT32_T ui = 0xffffffffUL;
515     bf_state_T state;
516 
517     CLEAR_FIELD(state);
518     state.cfb_len = BF_MAX_CFB_LEN;
519 
520     // We can't simply use sizeof(UINT32_T), it would generate a compiler
521     // warning.
522     if (ui != 0xffffffffUL || ui + 1 != 0) {
523 	err++;
524 	emsg(_("E820: sizeof(uint32_t) != 4"));
525     }
526 
527     if (!bf_check_tables(pax_init, sbx_init, 0x6ffa520a))
528 	err++;
529 
530     bn = ARRAY_LENGTH(bf_test_data);
531     for (i = 0; i < bn; i++)
532     {
533 	bf_key_init(&state, (char_u *)(bf_test_data[i].password),
534 		    bf_test_data[i].salt,
535 		    (int)STRLEN(bf_test_data[i].salt));
536 	if (!bf_check_tables(state.pax, state.sbx, bf_test_data[i].keysum))
537 	    err++;
538 
539 	// Don't modify bf_test_data[i].plaintxt, self test is idempotent.
540 	memcpy(bk.uc, bf_test_data[i].plaintxt, 8);
541 	bf_e_cblock(&state, bk.uc);
542 	if (memcmp(bk.uc, bf_test_data[i].cryptxt, 8) != 0)
543 	{
544 	    if (err == 0 && memcmp(bk.uc, bf_test_data[i].badcryptxt, 8) == 0)
545 		emsg(_("E817: Blowfish big/little endian use wrong"));
546 	    err++;
547 	}
548     }
549 
550     return err > 0 ? FAIL : OK;
551 }
552 
553 /*
554  * CFB: Cipher Feedback Mode.
555  */
556 
557 /*
558  * Initialize with seed "seed[seed_len]".
559  */
560     static void
561 bf_cfb_init(
562     bf_state_T	*bfs,
563     char_u	*seed,
564     int		seed_len)
565 {
566     int i, mi;
567 
568     bfs->randbyte_offset = bfs->update_offset = 0;
569     vim_memset(bfs->cfb_buffer, 0, bfs->cfb_len);
570     if (seed_len > 0)
571     {
572 	mi = seed_len > bfs->cfb_len ? seed_len : bfs->cfb_len;
573 	for (i = 0; i < mi; i++)
574 	    bfs->cfb_buffer[i % bfs->cfb_len] ^= seed[i % seed_len];
575     }
576 }
577 
578 #define BF_CFB_UPDATE(bfs, c) { \
579     bfs->cfb_buffer[bfs->update_offset] ^= (char_u)c; \
580     if (++bfs->update_offset == bfs->cfb_len) \
581 	bfs->update_offset = 0; \
582 }
583 
584 #define BF_RANBYTE(bfs, t) { \
585     if ((bfs->randbyte_offset & BF_BLOCK_MASK) == 0) \
586 	bf_e_cblock(bfs, &(bfs->cfb_buffer[bfs->randbyte_offset])); \
587     t = bfs->cfb_buffer[bfs->randbyte_offset]; \
588     if (++bfs->randbyte_offset == bfs->cfb_len) \
589 	bfs->randbyte_offset = 0; \
590 }
591 
592 /*
593  * Encrypt "from[len]" into "to[len]".
594  * "from" and "to" can be equal to encrypt in place.
595  */
596     void
597 crypt_blowfish_encode(
598     cryptstate_T *state,
599     char_u	*from,
600     size_t	len,
601     char_u	*to)
602 {
603     bf_state_T *bfs = state->method_state;
604     size_t	i;
605     int		ztemp, t;
606 
607     for (i = 0; i < len; ++i)
608     {
609 	ztemp = from[i];
610 	BF_RANBYTE(bfs, t);
611 	BF_CFB_UPDATE(bfs, ztemp);
612 	to[i] = t ^ ztemp;
613     }
614 }
615 
616 /*
617  * Decrypt "from[len]" into "to[len]".
618  */
619     void
620 crypt_blowfish_decode(
621     cryptstate_T *state,
622     char_u	*from,
623     size_t	len,
624     char_u	*to)
625 {
626     bf_state_T *bfs = state->method_state;
627     size_t	i;
628     int		t;
629 
630     for (i = 0; i < len; ++i)
631     {
632 	BF_RANBYTE(bfs, t);
633 	to[i] = from[i] ^ t;
634 	BF_CFB_UPDATE(bfs, to[i]);
635     }
636 }
637 
638     int
639 crypt_blowfish_init(
640     cryptstate_T	*state,
641     char_u*		key,
642     char_u*		salt,
643     int			salt_len,
644     char_u*		seed,
645     int			seed_len)
646 {
647     bf_state_T	*bfs = ALLOC_CLEAR_ONE(bf_state_T);
648 
649     if (bfs == NULL)
650 	return FAIL;
651     state->method_state = bfs;
652 
653     // "blowfish" uses a 64 byte buffer, causing it to repeat 8 byte groups 8
654     // times.  "blowfish2" uses a 8 byte buffer to avoid repeating.
655     bfs->cfb_len = state->method_nr == CRYPT_M_BF ? BF_MAX_CFB_LEN : BF_BLOCK;
656 
657     if (blowfish_self_test() == FAIL)
658 	return FAIL;
659 
660     bf_key_init(bfs, key, salt, salt_len);
661     bf_cfb_init(bfs, seed, seed_len);
662 
663     return OK;
664 }
665 
666 /*
667  * Run a test to check if the encryption works as expected.
668  * Give an error and return FAIL when not.
669  */
670     int
671 blowfish_self_test(void)
672 {
673     if (sha256_self_test() == FAIL)
674     {
675 	emsg(_("E818: sha256 test failed"));
676 	return FAIL;
677     }
678     if (bf_self_test() == FAIL)
679     {
680 	emsg(_("E819: Blowfish test failed"));
681 	return FAIL;
682     }
683     return OK;
684 }
685 
686 #endif // FEAT_CRYPT
687