bcrypt_pbkdf-1.1.1/0000755000004100000410000000000014623550075014222 5ustar www-datawww-databcrypt_pbkdf-1.1.1/.gitignore0000644000004100000410000000004514623550075016211 0ustar www-datawww-datalib/ pkg/ tmp/ Gemfile.lock .bundle/ bcrypt_pbkdf-1.1.1/.github/0000755000004100000410000000000014623550075015562 5ustar www-datawww-databcrypt_pbkdf-1.1.1/.github/workflows/0000755000004100000410000000000014623550075017617 5ustar www-datawww-databcrypt_pbkdf-1.1.1/.github/workflows/ci.yml0000644000004100000410000000214014623550075020732 0ustar www-datawww-data--- name: ci on: pull_request: branches: [ main ] push: branches: [ main ] workflow_dispatch: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: windows: name: ${{ matrix.os }} ruby ${{ matrix.ruby }} strategy: fail-fast: false matrix: ruby: [2.7, 3.3, head, mingw, mswin, ucrt] os: [windows-latest] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - run: bundle exec rake compile - run: bundle exec rake test unix: name: ${{ matrix.os }} ruby ${{ matrix.ruby }} strategy: fail-fast: false matrix: ruby: [2.7, 3.3, head] os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true - run: bundle exec rake compile - run: bundle exec rake test bcrypt_pbkdf-1.1.1/lib/0000755000004100000410000000000014623550075014770 5ustar www-datawww-databcrypt_pbkdf-1.1.1/lib/bcrypt_pbkdf.rb0000644000004100000410000000130214623550075017762 0ustar www-datawww-databegin RUBY_VERSION =~ /(\d+.\d+)/ require "#{$1}/bcrypt_pbkdf_ext" rescue LoadError require "bcrypt_pbkdf_ext" end module BCryptPbkdf # generates a key from a password + salt returning a string with keylen bytes # that can be used as cryptographic key. # # Remember to get a good random salt of at least 16 bytes. Using a higher # rounds count will increase the cost of an exhaustive search but will also # make derivation proportionally slower. # # Example: # rounds = 10 # keylen = 64 # @key = BCryptPbkdf.key("my secret", "my salt", keylen, rounds) def self.key(pass,salt,keylen,rounds) BCryptPbkdf::Engine::__bc_crypt_pbkdf(pass,salt,keylen,rounds) end end bcrypt_pbkdf-1.1.1/test/0000755000004100000410000000000014623550075015201 5ustar www-datawww-databcrypt_pbkdf-1.1.1/test/bcrypt_pnkdf/0000755000004100000410000000000014623550075017666 5ustar www-datawww-databcrypt_pbkdf-1.1.1/test/bcrypt_pnkdf/engine_test.rb0000644000004100000410000000442614623550075022525 0ustar www-datawww-datarequire 'minitest/autorun' require 'minitest/unit' require 'test_helper' # bcrypt_pbkdf in ruby require 'openssl' BCRYPT_BLOCKS = 8 BCRYPT_HASHSIZE = BCRYPT_BLOCKS * 4 def bcrypt_pbkdf(password, salt, keylen, rounds) stride = (keylen + BCRYPT_HASHSIZE - 1) / BCRYPT_HASHSIZE amt = (keylen + stride - 1) / stride sha2pass = OpenSSL::Digest::SHA512.new(password).digest #puts "[RB] sha2pass:#{sha2pass.inspect} #{sha2pass.size}" remlen = keylen countsalt = salt + "\x00"*4 saltlen = salt.size key = "\x00"*keylen # generate key in BCRYPT_HASHSIZE pieces count = 1 while remlen > 0 countsalt[saltlen + 0] = ((count >> 24) & 0xff).chr countsalt[saltlen + 1] = ((count >> 16) & 0xff).chr countsalt[saltlen + 2] = ((count >> 8) & 0xff).chr countsalt[saltlen + 3] = (count & 0xff).chr #puts "[RC] countsalt: #{countsalt.inspect} len:#{countsalt.size}" sha2salt = OpenSSL::Digest::SHA512.new(countsalt).digest tmpout = BCryptPbkdf::Engine::__bc_crypt_hash(sha2pass, sha2salt) out = tmpout.clone #puts "[RB] out: #{out.inspect} keylen:#{remlen} count:#{count}" (1...rounds).each do |i| sha2salt = OpenSSL::Digest::SHA512.new(tmpout).digest tmpout = BCryptPbkdf::Engine::__bc_crypt_hash(sha2pass, sha2salt) out.bytes.each_with_index {|o,j| out.setbyte(j,o ^ tmpout[j].ord) } end amt = [amt, remlen].min (0...amt).each do |i| dest = i * stride + (count - 1) key[dest] = out[i] if (dest < keylen) end remlen -= amt count += 1 end key end class TestExt < Minitest::Unit::TestCase def test_table assert_equal table, table.map{ |p,s,l,r| [p,s,l,r,BCryptPbkdf::Engine::__bc_crypt_pbkdf(p,s,l,r).bytes] } end def test_ruby_and_native_returns_the_same table.each do |p,s,l,r| assert_equal bcrypt_pbkdf(p,s,l,r), BCryptPbkdf::Engine::__bc_crypt_pbkdf(p,s,l,r) assert_equal bcrypt_pbkdf(p,s,l,r), BCryptPbkdf::key(p,s,l,r) end end def table [ ["pass2", "salt2", 12, 2, [214, 14, 48, 162, 131, 206, 121, 176, 50, 104, 231, 252]], ["\u0000\u0001foo", "\u0001\u0002fooo3", 14, 5, [46, 189, 32, 185, 94, 85, 232, 10, 84, 26, 44, 161, 49, 126]], ["doozoasd", "fooo$AS!", 14, 22, [57, 62, 50, 107, 70, 155, 65, 5, 129, 211, 189, 169, 188, 65]] ] end end bcrypt_pbkdf-1.1.1/test/test_helper.rb0000644000004100000410000000011214623550075020036 0ustar www-datawww-data$:.unshift File.expand_path('../../lib', __FILE__) require 'bcrypt_pbkdf' bcrypt_pbkdf-1.1.1/Rakefile0000644000004100000410000001132314623550075015667 0ustar www-datawww-datarequire 'rake/testtask' require 'rubygems/package_task' require 'bundler/gem_tasks' require 'rake/extensiontask' require 'rake/clean' require 'rdoc/task' require 'benchmark' require 'rake_compiler_dock' CLEAN.add("{ext,lib}/**/*.{o,so}", "pkg") cross_rubies = ["3.3.0", "3.2.0", "3.1.0", "3.0.0", "2.7.0"] cross_platforms = [ "arm64-darwin", "x64-mingw-ucrt", "x64-mingw32", "x86-mingw32", "x86_64-darwin", ] ENV["RUBY_CC_VERSION"] = cross_rubies.join(":") GEMSPEC = Gem::Specification.load("bcrypt_pbkdf.gemspec") task :default => [:compile, :spec] desc "Run all tests" Rake::TestTask.new do |t| #t.pattern = t.test_files = FileList['test/**/*_test.rb'] t.ruby_opts = ['-w'] t.libs << "test" t.verbose = true end task :spec => :test desc 'Generate RDoc' RDoc::Task.new do |rdoc| rdoc.rdoc_dir = 'doc/rdoc' rdoc.options += GEMSPEC.rdoc_options rdoc.template = ENV['TEMPLATE'] if ENV['TEMPLATE'] rdoc.rdoc_files.include(*GEMSPEC.extra_rdoc_files) end Rake::ExtensionTask.new("bcrypt_pbkdf_ext", GEMSPEC) do |ext| ext.ext_dir = 'ext/mri' ext.cross_compile = true ext.cross_platform = cross_platforms ext.cross_config_options << "--enable-cross-build" # so extconf.rb knows we're cross-compiling end namespace "gem" do cross_platforms.each do |platform| desc "build native gem for #{platform}" task platform do RakeCompilerDock.sh(<<~EOF, platform: platform, verbose: true) gem install bundler --no-document && BUNDLE_IGNORE_CONFIG=1 BUNDLE_PATH=.bundle/#{platform} bundle && BUNDLE_IGNORE_CONFIG=1 BUNDLE_PATH=.bundle/#{platform} bundle exec rake gem:#{platform}:buildit EOF end namespace platform do # this runs in the rake-compiler-dock docker container task "buildit" do # use Task#invoke because the pkg/*gem task is defined at runtime Rake::Task["native:#{platform}"].invoke Rake::Task["pkg/#{GEMSPEC.full_name}-#{Gem::Platform.new(platform)}.gem"].invoke end task "release" do sh "gem push pkg/#{GEMSPEC.full_name}-#{Gem::Platform.new(platform)}.gem" end end end desc "build native gem for all platforms" task "all" do cross_platforms.each do |platform| Rake::Task["gem:#{platform}"].invoke end end desc "release native gem for all platforms" task "release" do cross_platforms.each do |platform| Rake::Task["gem:#{platform}:release"].invoke end end end def change_version(&block) version = GEMSPEC.version version_file = 'bcrypt_pbkdf.gemspec' raise "No version found" if version.nil? final = version.segments.take_while{ |i| i.is_a?(Integer) }.to_a pre = version.segments.drop_while{ |i| i.is_a?(Integer) }.to_a.join("") pre = nil if pre.empty? tiny = final.last result = block[pre: pre, tiny: tiny] raise ArgumentError, "Version change logic should always return a pre" unless result.key?(:pre) puts "result: #{result.inspect}" new_pre = result[:pre] || [] new_tiny = result[:tiny] || tiny final[-1] = new_tiny new_version = Gem::Version.new([final, *new_pre].join(".")) found = false File.open("#{version_file}.new", "w") do |f| File.readlines(version_file).each do |line| match = /^(\s+s\.version\s*=\s*\')[\d[a-z]\.]+(\'\s*)$/.match(line) if match prefix = match[1] postfix = match[2] new_line = "#{prefix}#{new_version.to_s}#{postfix}" puts "Changing:\n - #{line} + #{new_line}" line = new_line found = true end f.write(line) end raise ArgumentError, "Cound not find version line in #{version_file}" unless found end FileUtils.mv version_file, "#{version_file}.old" FileUtils.mv "#{version_file}.new", version_file FileUtils.rm_f "#{version_file}.old" end namespace :vbump do desc "Final release" task :final do change_version do |pre:, tiny:| _ = tiny if pre.nil? { tiny: tiny + 1, pre: nil } else raise ArgumentError, "Unexpected pre: #{pre}" if pre.nil? { pre: nil } end end end desc "Increment prerelease" task :pre, [:type] do |_t, args| change_version do |pre:, tiny:| puts " PRE => #{pre.inspect}" match = /^([a-z]+)(\d+)/.match(pre) raise ArgumentError, "Unexpected pre: #{pre}" if match.nil? && args[:type].nil? if match.nil? || (!args[:type].nil? && args[:type] != match[1]) if pre.nil? { pre: "#{args[:type]}1", tiny: tiny + 1 } else { pre: "#{args[:type]}1" } end else { pre: "#{match[1]}#{match[2].to_i + 1}" } end end end end task "package" => cross_platforms.map { |p| "gem:#{p}" } # "package" task for all the native platforms Rake::Task["package"].prerequisites.prepend("compile") bcrypt_pbkdf-1.1.1/Gemfile0000644000004100000410000000004614623550075015515 0ustar www-datawww-datasource 'https://rubygems.org' gemspec bcrypt_pbkdf-1.1.1/COPYING0000644000004100000410000000225414623550075015260 0ustar www-datawww-data(The MIT License) Copyright 2007-2016: Miklós Fazekas C implementation of bcrypt_pbkdf: OpenBSD: Copyright (c) 2013 Ted Unangst Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.bcrypt_pbkdf-1.1.1/bcrypt_pbkdf.gemspec0000644000004100000410000000174614623550075020250 0ustar www-datawww-dataGem::Specification.new do |s| s.name = 'bcrypt_pbkdf' s.version = '1.1.1' s.summary = "OpenBSD's bcrypt_pbkdf (a variant of PBKDF2 with bcrypt-based PRF)" s.description = <<-EOF This gem implements bcrypt_pbkdf (a variant of PBKDF2 with bcrypt-based PRF) EOF s.files = `git ls-files`.split("\n") s.require_path = 'lib' s.add_development_dependency 'rake-compiler', '~> 1.2.5' s.add_development_dependency 'minitest', '~> 5' s.add_development_dependency 'openssl', '~> 3' s.add_development_dependency 'rdoc', '~> 6' s.add_development_dependency 'rake-compiler-dock', '~> 1.5.0' s.rdoc_options += ['--title', 'bcrypt_pbkdf', '--line-numbers', '--inline-source', '--main', 'README.md'] s.extra_rdoc_files += ['README.md', 'COPYING', 'CHANGELOG.md', *Dir['lib/**/*.rb']] s.extensions = 'ext/mri/extconf.rb' s.authors = ["Miklos Fazekas"] s.email = "mfazekas@szemafor.com" s.homepage = "https://github.com/net-ssh/bcrypt_pbkdf-ruby" s.license = "MIT" end bcrypt_pbkdf-1.1.1/ext/0000755000004100000410000000000014623550075015022 5ustar www-datawww-databcrypt_pbkdf-1.1.1/ext/mri/0000755000004100000410000000000014623550075015611 5ustar www-datawww-databcrypt_pbkdf-1.1.1/ext/mri/crypto_hash_sha512.h0000644000004100000410000000122114623550075021364 0ustar www-datawww-data#include typedef struct crypto_hash_sha512_state { uint64_t state[8]; uint64_t count[2]; unsigned char buf[128]; } crypto_hash_sha512_state; #define crypto_hash_sha512_BYTES 64U int crypto_hash_sha512_init(crypto_hash_sha512_state *state); int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen); int crypto_hash_sha512_update(crypto_hash_sha512_state *state, const unsigned char *in, unsigned long long inlen); int crypto_hash_sha512_final(crypto_hash_sha512_state *state, unsigned char *out); bcrypt_pbkdf-1.1.1/ext/mri/utils.h0000644000004100000410000000016614623550075017125 0ustar www-datawww-data#include #include void explicit_bzero(void *p, size_t n); #define sodium_memzero explicit_bzerobcrypt_pbkdf-1.1.1/ext/mri/blowfish.c0000644000004100000410000005616214623550075017604 0ustar www-datawww-data/* $OpenBSD: blowfish.c,v 1.19 2015/09/11 09:18:27 guenther Exp $ */ /* * Blowfish block cipher for OpenBSD * Copyright 1997 Niels Provos * All rights reserved. * * Implementation advice by David Mazieres . * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Niels Provos. * 4. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ /* * This code is derived from section 14.3 and the given source * in section V of Applied Cryptography, second edition. * Blowfish is an unpatented fast block cipher designed by * Bruce Schneier. */ #if 0 #include /* used for debugging */ #include #endif #include #include "blf.h" #undef inline #ifdef __GNUC__ #define inline __inline #else /* !__GNUC__ */ #define inline #endif /* !__GNUC__ */ /* Function for Feistel Networks */ #define F(s, x) ((((s)[ (((x)>>24)&0xFF)] \ + (s)[0x100 + (((x)>>16)&0xFF)]) \ ^ (s)[0x200 + (((x)>> 8)&0xFF)]) \ + (s)[0x300 + ( (x) &0xFF)]) #define BLFRND(s,p,i,j,n) (i ^= F(s,j) ^ (p)[n]) void Blowfish_encipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) { u_int32_t Xl; u_int32_t Xr; u_int32_t *s = c->S[0]; u_int32_t *p = c->P; Xl = *xl; Xr = *xr; Xl ^= p[0]; BLFRND(s, p, Xr, Xl, 1); BLFRND(s, p, Xl, Xr, 2); BLFRND(s, p, Xr, Xl, 3); BLFRND(s, p, Xl, Xr, 4); BLFRND(s, p, Xr, Xl, 5); BLFRND(s, p, Xl, Xr, 6); BLFRND(s, p, Xr, Xl, 7); BLFRND(s, p, Xl, Xr, 8); BLFRND(s, p, Xr, Xl, 9); BLFRND(s, p, Xl, Xr, 10); BLFRND(s, p, Xr, Xl, 11); BLFRND(s, p, Xl, Xr, 12); BLFRND(s, p, Xr, Xl, 13); BLFRND(s, p, Xl, Xr, 14); BLFRND(s, p, Xr, Xl, 15); BLFRND(s, p, Xl, Xr, 16); *xl = Xr ^ p[17]; *xr = Xl; } DEF_WEAK(Blowfish_encipher); void Blowfish_decipher(blf_ctx *c, u_int32_t *xl, u_int32_t *xr) { u_int32_t Xl; u_int32_t Xr; u_int32_t *s = c->S[0]; u_int32_t *p = c->P; Xl = *xl; Xr = *xr; Xl ^= p[17]; BLFRND(s, p, Xr, Xl, 16); BLFRND(s, p, Xl, Xr, 15); BLFRND(s, p, Xr, Xl, 14); BLFRND(s, p, Xl, Xr, 13); BLFRND(s, p, Xr, Xl, 12); BLFRND(s, p, Xl, Xr, 11); BLFRND(s, p, Xr, Xl, 10); BLFRND(s, p, Xl, Xr, 9); BLFRND(s, p, Xr, Xl, 8); BLFRND(s, p, Xl, Xr, 7); BLFRND(s, p, Xr, Xl, 6); BLFRND(s, p, Xl, Xr, 5); BLFRND(s, p, Xr, Xl, 4); BLFRND(s, p, Xl, Xr, 3); BLFRND(s, p, Xr, Xl, 2); BLFRND(s, p, Xl, Xr, 1); *xl = Xr ^ p[0]; *xr = Xl; } DEF_WEAK(Blowfish_decipher); void Blowfish_initstate(blf_ctx *c) { /* P-box and S-box tables initialized with digits of Pi */ static const blf_ctx initstate = { { { 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7, 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99, 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16, 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e, 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee, 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013, 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef, 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e, 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60, 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440, 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce, 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a, 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e, 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677, 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193, 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032, 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88, 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239, 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e, 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0, 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3, 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98, 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88, 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe, 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6, 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d, 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b, 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7, 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba, 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463, 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f, 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09, 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3, 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb, 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279, 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8, 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab, 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82, 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db, 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573, 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0, 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b, 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790, 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8, 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4, 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0, 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7, 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c, 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad, 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1, 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299, 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9, 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477, 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf, 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49, 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af, 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa, 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5, 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41, 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915, 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400, 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915, 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664, 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a}, { 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623, 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266, 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1, 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e, 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6, 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1, 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e, 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1, 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737, 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8, 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff, 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd, 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701, 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7, 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41, 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331, 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf, 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af, 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e, 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87, 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c, 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2, 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16, 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd, 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b, 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509, 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e, 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3, 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f, 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a, 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4, 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960, 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66, 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28, 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802, 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84, 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510, 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf, 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14, 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e, 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50, 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7, 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8, 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281, 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99, 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696, 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128, 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73, 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0, 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0, 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105, 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250, 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3, 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285, 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00, 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061, 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb, 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e, 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735, 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc, 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9, 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340, 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20, 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7}, { 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934, 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068, 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af, 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840, 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45, 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504, 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a, 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb, 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee, 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6, 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42, 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b, 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2, 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb, 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527, 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b, 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33, 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c, 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3, 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc, 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17, 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564, 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b, 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115, 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922, 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728, 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0, 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e, 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37, 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d, 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804, 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b, 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3, 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb, 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d, 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c, 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350, 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9, 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a, 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe, 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d, 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc, 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f, 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61, 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2, 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9, 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2, 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c, 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e, 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633, 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10, 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169, 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52, 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027, 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5, 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62, 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634, 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76, 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24, 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc, 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4, 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c, 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837, 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0}, { 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b, 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe, 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b, 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4, 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8, 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6, 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304, 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22, 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4, 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6, 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9, 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59, 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593, 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51, 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28, 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c, 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b, 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28, 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c, 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd, 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a, 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319, 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb, 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f, 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991, 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32, 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680, 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166, 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae, 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb, 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5, 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47, 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370, 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d, 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84, 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048, 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8, 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd, 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9, 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7, 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38, 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f, 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c, 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525, 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1, 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442, 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964, 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e, 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8, 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d, 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f, 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299, 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02, 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc, 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614, 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a, 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6, 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b, 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0, 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060, 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e, 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9, 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f, 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6} }, { 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344, 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89, 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c, 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917, 0x9216d5d9, 0x8979fb1b } }; *c = initstate; } DEF_WEAK(Blowfish_initstate); u_int32_t Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, u_int16_t *current) { u_int8_t i; u_int16_t j; u_int32_t temp; temp = 0x00000000; j = *current; for (i = 0; i < 4; i++, j++) { if (j >= databytes) j = 0; temp = (temp << 8) | data[j]; } *current = j; return temp; } DEF_WEAK(Blowfish_stream2word); void Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes) { u_int16_t i; u_int16_t j; u_int16_t k; u_int32_t temp; u_int32_t datal; u_int32_t datar; j = 0; for (i = 0; i < BLF_N + 2; i++) { /* Extract 4 int8 to 1 int32 from keystream */ temp = Blowfish_stream2word(key, keybytes, &j); c->P[i] = c->P[i] ^ temp; } j = 0; datal = 0x00000000; datar = 0x00000000; for (i = 0; i < BLF_N + 2; i += 2) { Blowfish_encipher(c, &datal, &datar); c->P[i] = datal; c->P[i + 1] = datar; } for (i = 0; i < 4; i++) { for (k = 0; k < 256; k += 2) { Blowfish_encipher(c, &datal, &datar); c->S[i][k] = datal; c->S[i][k + 1] = datar; } } } DEF_WEAK(Blowfish_expand0state); void Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes, const u_int8_t *key, u_int16_t keybytes) { u_int16_t i; u_int16_t j; u_int16_t k; u_int32_t temp; u_int32_t datal; u_int32_t datar; j = 0; for (i = 0; i < BLF_N + 2; i++) { /* Extract 4 int8 to 1 int32 from keystream */ temp = Blowfish_stream2word(key, keybytes, &j); c->P[i] = c->P[i] ^ temp; } j = 0; datal = 0x00000000; datar = 0x00000000; for (i = 0; i < BLF_N + 2; i += 2) { datal ^= Blowfish_stream2word(data, databytes, &j); datar ^= Blowfish_stream2word(data, databytes, &j); Blowfish_encipher(c, &datal, &datar); c->P[i] = datal; c->P[i + 1] = datar; } for (i = 0; i < 4; i++) { for (k = 0; k < 256; k += 2) { datal ^= Blowfish_stream2word(data, databytes, &j); datar ^= Blowfish_stream2word(data, databytes, &j); Blowfish_encipher(c, &datal, &datar); c->S[i][k] = datal; c->S[i][k + 1] = datar; } } } DEF_WEAK(Blowfish_expandstate); void blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len) { /* Initialize S-boxes and subkeys with Pi */ Blowfish_initstate(c); /* Transform S-boxes and subkeys with key */ Blowfish_expand0state(c, k, len); } DEF_WEAK(blf_key); void blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks) { u_int32_t *d; u_int16_t i; d = data; for (i = 0; i < blocks; i++) { Blowfish_encipher(c, d, d + 1); d += 2; } } DEF_WEAK(blf_enc); void blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks) { u_int32_t *d; u_int16_t i; d = data; for (i = 0; i < blocks; i++) { Blowfish_decipher(c, d, d + 1); d += 2; } } DEF_WEAK(blf_dec); void blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) { u_int32_t l, r; u_int32_t i; for (i = 0; i < len; i += 8) { l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_encipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; data += 8; } } DEF_WEAK(blf_ecb_encrypt); void blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len) { u_int32_t l, r; u_int32_t i; for (i = 0; i < len; i += 8) { l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_decipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; data += 8; } } DEF_WEAK(blf_ecb_decrypt); void blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len) { u_int32_t l, r; u_int32_t i, j; for (i = 0; i < len; i += 8) { for (j = 0; j < 8; j++) data[j] ^= iv[j]; l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_encipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; iv = data; data += 8; } } DEF_WEAK(blf_cbc_encrypt); void blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len) { u_int32_t l, r; u_int8_t *iv; u_int32_t i, j; iv = data + len - 16; data = data + len - 8; for (i = len - 8; i >= 8; i -= 8) { l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_decipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; for (j = 0; j < 8; j++) data[j] ^= iv[j]; iv -= 8; data -= 8; } l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3]; r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7]; Blowfish_decipher(c, &l, &r); data[0] = l >> 24 & 0xff; data[1] = l >> 16 & 0xff; data[2] = l >> 8 & 0xff; data[3] = l & 0xff; data[4] = r >> 24 & 0xff; data[5] = r >> 16 & 0xff; data[6] = r >> 8 & 0xff; data[7] = r & 0xff; for (j = 0; j < 8; j++) data[j] ^= iva[j]; } DEF_WEAK(blf_cbc_decrypt); #if 0 void report(u_int32_t data[], u_int16_t len) { u_int16_t i; for (i = 0; i < len; i += 2) printf("Block %0hd: %08lx %08lx.\n", i / 2, data[i], data[i + 1]); } void main(void) { blf_ctx c; char key[] = "AAAAA"; char key2[] = "abcdefghijklmnopqrstuvwxyz"; u_int32_t data[10]; u_int32_t data2[] = {0x424c4f57l, 0x46495348l}; u_int16_t i; /* First test */ for (i = 0; i < 10; i++) data[i] = i; blf_key(&c, (u_int8_t *) key, 5); blf_enc(&c, data, 5); blf_dec(&c, data, 1); blf_dec(&c, data + 2, 4); printf("Should read as 0 - 9.\n"); report(data, 10); /* Second test */ blf_key(&c, (u_int8_t *) key2, strlen(key2)); blf_enc(&c, data2, 1); printf("\nShould read as: 0x324ed0fe 0xf413a203.\n"); report(data2, 2); blf_dec(&c, data2, 1); report(data2, 2); } #endifbcrypt_pbkdf-1.1.1/ext/mri/bcrypt_pbkdf_ext.c0000644000004100000410000000267114623550075021314 0ustar www-datawww-data#include "includes.h" #include static VALUE mBCryptPbkdf; static VALUE cBCryptPbkdfEngine; /* Given a secret and a salt a key and the number of rounds and returns the encrypted secret */ static VALUE bc_crypt_pbkdf(VALUE self, VALUE pass, VALUE salt, VALUE keylen, VALUE rounds) { size_t okeylen = NUM2ULONG(keylen); u_int8_t* okey = xmalloc(okeylen); VALUE out; int ret = bcrypt_pbkdf( StringValuePtr(pass), RSTRING_LEN(pass), (const u_int8_t*)StringValuePtr(salt), RSTRING_LEN(salt), okey, okeylen, NUM2ULONG(rounds)); if (ret < 0) return Qnil; out = rb_str_new((const char*)okey, okeylen); xfree(okey); return out; } static VALUE bc_crypt_hash(VALUE self, VALUE pass, VALUE salt) { u_int8_t hash[BCRYPT_HASHSIZE]; if (RSTRING_LEN(pass) != 64U) return Qnil; if (RSTRING_LEN(salt) != 64U) return Qnil; bcrypt_hash((const u_int8_t*)StringValuePtr(pass), (const u_int8_t*)StringValuePtr(salt), hash); return rb_str_new((const char*)hash, sizeof(hash)); } /* Create the BCryptPbkdf and BCryptPbkdf::Engine modules, and populate them with methods. */ void Init_bcrypt_pbkdf_ext(){ mBCryptPbkdf = rb_define_module("BCryptPbkdf"); cBCryptPbkdfEngine = rb_define_class_under(mBCryptPbkdf, "Engine", rb_cObject); rb_define_singleton_method(cBCryptPbkdfEngine, "__bc_crypt_pbkdf", bc_crypt_pbkdf, 4); rb_define_singleton_method(cBCryptPbkdfEngine, "__bc_crypt_hash", bc_crypt_hash, 2); }bcrypt_pbkdf-1.1.1/ext/mri/crypto_api.h0000644000004100000410000000035314623550075020134 0ustar www-datawww-data#define crypto_hash_sha512_BYTES 64U int crypto_hashblocks_sha512(unsigned char *statebytes,const unsigned char *in,unsigned long long inlen); int crypto_hash_sha512(unsigned char *out,const unsigned char *in,unsigned long long inlen);bcrypt_pbkdf-1.1.1/ext/mri/blf.h0000644000004100000410000000701614623550075016531 0ustar www-datawww-data/* $OpenBSD: blf.h,v 1.7 2007/03/14 17:59:41 grunk Exp $ */ /* * Blowfish - a fast block cipher designed by Bruce Schneier * * Copyright 1997 Niels Provos * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by Niels Provos. * 4. The name of the author may not be used to endorse or promote products * derived from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #ifndef _BLF_H_ #define _BLF_H_ #include "includes.h" #if !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) /* Schneier specifies a maximum key length of 56 bytes. * This ensures that every key bit affects every cipher * bit. However, the subkeys can hold up to 72 bytes. * Warning: For normal blowfish encryption only 56 bytes * of the key affect all cipherbits. */ #define BLF_N 16 /* Number of Subkeys */ #define BLF_MAXKEYLEN ((BLF_N-2)*4) /* 448 bits */ #define BLF_MAXUTILIZED ((BLF_N+2)*4) /* 576 bits */ /* Blowfish context */ typedef struct BlowfishContext { u_int32_t S[4][256]; /* S-Boxes */ u_int32_t P[BLF_N + 2]; /* Subkeys */ } blf_ctx; /* Raw access to customized Blowfish * blf_key is just: * Blowfish_initstate( state ) * Blowfish_expand0state( state, key, keylen ) */ void Blowfish_encipher(blf_ctx *, u_int32_t *, u_int32_t *); void Blowfish_decipher(blf_ctx *, u_int32_t *, u_int32_t *); void Blowfish_initstate(blf_ctx *); void Blowfish_expand0state(blf_ctx *, const u_int8_t *, u_int16_t); void Blowfish_expandstate (blf_ctx *, const u_int8_t *, u_int16_t, const u_int8_t *, u_int16_t); /* Standard Blowfish */ void blf_key(blf_ctx *, const u_int8_t *, u_int16_t); void blf_enc(blf_ctx *, u_int32_t *, u_int16_t); void blf_dec(blf_ctx *, u_int32_t *, u_int16_t); void blf_ecb_encrypt(blf_ctx *, u_int8_t *, u_int32_t); void blf_ecb_decrypt(blf_ctx *, u_int8_t *, u_int32_t); void blf_cbc_encrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); void blf_cbc_decrypt(blf_ctx *, u_int8_t *, u_int8_t *, u_int32_t); /* Converts u_int8_t to u_int32_t */ u_int32_t Blowfish_stream2word(const u_int8_t *, u_int16_t , u_int16_t *); #define DEF_WEAK(foo) #endif /* !defined(HAVE_BCRYPT_PBKDF) && !defined(HAVE_BLH_H) */ #endif /* _BLF_H */ bcrypt_pbkdf-1.1.1/ext/mri/includes.h0000644000004100000410000000121714623550075017571 0ustar www-datawww-data#ifndef bcrypt_pbkdf_include_h #define bcrypt_pbkdf_include_h #include #include #include #include #if defined(_WIN32) || (defined(__sun) && defined(__SVR4)) typedef uint8_t u_int8_t; typedef uint16_t u_int16_t; typedef uint32_t u_int32_t; #endif #include "blf.h" void explicit_bzero(void *p, size_t n); int bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, uint8_t *key, size_t keylen, unsigned int rounds); void bcrypt_hash(const uint8_t *sha2pass, const uint8_t *sha2salt, uint8_t *out); #define BCRYPT_WORDS 8 #define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) #endifbcrypt_pbkdf-1.1.1/ext/mri/util.h0000644000004100000410000000000014623550075016725 0ustar www-datawww-databcrypt_pbkdf-1.1.1/ext/mri/hash_sha512.c0000644000004100000410000002417714623550075017776 0ustar www-datawww-data/*- * Copyright 2005,2007,2009 Colin Percival * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #include "crypto_hash_sha512.h" #include "utils.h" #include #include #include #include #include /* Avoid namespace collisions with BSD . */ #define be64dec _sha512_be64dec #define be64enc _sha512_be64enc static inline uint64_t be64dec(const void *pp) { const uint8_t *p = (uint8_t const *)pp; return ((uint64_t)(p[7]) + ((uint64_t)(p[6]) << 8) + ((uint64_t)(p[5]) << 16) + ((uint64_t)(p[4]) << 24) + ((uint64_t)(p[3]) << 32) + ((uint64_t)(p[2]) << 40) + ((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56)); } static inline void be64enc(void *pp, uint64_t x) { uint8_t *p = (uint8_t *)pp; p[7] = x & 0xff; p[6] = (x >> 8) & 0xff; p[5] = (x >> 16) & 0xff; p[4] = (x >> 24) & 0xff; p[3] = (x >> 32) & 0xff; p[2] = (x >> 40) & 0xff; p[1] = (x >> 48) & 0xff; p[0] = (x >> 56) & 0xff; } static void be64enc_vect(unsigned char *dst, const uint64_t *src, size_t len) { size_t i; for (i = 0; i < len / 8; i++) { be64enc(dst + i * 8, src[i]); } } static void be64dec_vect(uint64_t *dst, const unsigned char *src, size_t len) { size_t i; for (i = 0; i < len / 8; i++) { dst[i] = be64dec(src + i * 8); } } #define Ch(x, y, z) ((x & (y ^ z)) ^ z) #define Maj(x, y, z) ((x & (y | z)) | (y & z)) #define SHR(x, n) (x >> n) #define ROTR(x, n) ((x >> n) | (x << (64 - n))) #define S0(x) (ROTR(x, 28) ^ ROTR(x, 34) ^ ROTR(x, 39)) #define S1(x) (ROTR(x, 14) ^ ROTR(x, 18) ^ ROTR(x, 41)) #define s0(x) (ROTR(x, 1) ^ ROTR(x, 8) ^ SHR(x, 7)) #define s1(x) (ROTR(x, 19) ^ ROTR(x, 61) ^ SHR(x, 6)) #define RND(a, b, c, d, e, f, g, h, k) \ t0 = h + S1(e) + Ch(e, f, g) + k; \ t1 = S0(a) + Maj(a, b, c); \ d += t0; \ h = t0 + t1; #define RNDr(S, W, i, k) \ RND(S[(80 - i) % 8], S[(81 - i) % 8], \ S[(82 - i) % 8], S[(83 - i) % 8], \ S[(84 - i) % 8], S[(85 - i) % 8], \ S[(86 - i) % 8], S[(87 - i) % 8], \ W[i] + k) static void SHA512_Transform(uint64_t *state, const unsigned char block[128]) { uint64_t W[80]; uint64_t S[8]; uint64_t t0, t1; int i; be64dec_vect(W, block, 128); for (i = 16; i < 80; i++) { W[i] = s1(W[i - 2]) + W[i - 7] + s0(W[i - 15]) + W[i - 16]; } memcpy(S, state, 64); RNDr(S, W, 0, 0x428a2f98d728ae22ULL); RNDr(S, W, 1, 0x7137449123ef65cdULL); RNDr(S, W, 2, 0xb5c0fbcfec4d3b2fULL); RNDr(S, W, 3, 0xe9b5dba58189dbbcULL); RNDr(S, W, 4, 0x3956c25bf348b538ULL); RNDr(S, W, 5, 0x59f111f1b605d019ULL); RNDr(S, W, 6, 0x923f82a4af194f9bULL); RNDr(S, W, 7, 0xab1c5ed5da6d8118ULL); RNDr(S, W, 8, 0xd807aa98a3030242ULL); RNDr(S, W, 9, 0x12835b0145706fbeULL); RNDr(S, W, 10, 0x243185be4ee4b28cULL); RNDr(S, W, 11, 0x550c7dc3d5ffb4e2ULL); RNDr(S, W, 12, 0x72be5d74f27b896fULL); RNDr(S, W, 13, 0x80deb1fe3b1696b1ULL); RNDr(S, W, 14, 0x9bdc06a725c71235ULL); RNDr(S, W, 15, 0xc19bf174cf692694ULL); RNDr(S, W, 16, 0xe49b69c19ef14ad2ULL); RNDr(S, W, 17, 0xefbe4786384f25e3ULL); RNDr(S, W, 18, 0x0fc19dc68b8cd5b5ULL); RNDr(S, W, 19, 0x240ca1cc77ac9c65ULL); RNDr(S, W, 20, 0x2de92c6f592b0275ULL); RNDr(S, W, 21, 0x4a7484aa6ea6e483ULL); RNDr(S, W, 22, 0x5cb0a9dcbd41fbd4ULL); RNDr(S, W, 23, 0x76f988da831153b5ULL); RNDr(S, W, 24, 0x983e5152ee66dfabULL); RNDr(S, W, 25, 0xa831c66d2db43210ULL); RNDr(S, W, 26, 0xb00327c898fb213fULL); RNDr(S, W, 27, 0xbf597fc7beef0ee4ULL); RNDr(S, W, 28, 0xc6e00bf33da88fc2ULL); RNDr(S, W, 29, 0xd5a79147930aa725ULL); RNDr(S, W, 30, 0x06ca6351e003826fULL); RNDr(S, W, 31, 0x142929670a0e6e70ULL); RNDr(S, W, 32, 0x27b70a8546d22ffcULL); RNDr(S, W, 33, 0x2e1b21385c26c926ULL); RNDr(S, W, 34, 0x4d2c6dfc5ac42aedULL); RNDr(S, W, 35, 0x53380d139d95b3dfULL); RNDr(S, W, 36, 0x650a73548baf63deULL); RNDr(S, W, 37, 0x766a0abb3c77b2a8ULL); RNDr(S, W, 38, 0x81c2c92e47edaee6ULL); RNDr(S, W, 39, 0x92722c851482353bULL); RNDr(S, W, 40, 0xa2bfe8a14cf10364ULL); RNDr(S, W, 41, 0xa81a664bbc423001ULL); RNDr(S, W, 42, 0xc24b8b70d0f89791ULL); RNDr(S, W, 43, 0xc76c51a30654be30ULL); RNDr(S, W, 44, 0xd192e819d6ef5218ULL); RNDr(S, W, 45, 0xd69906245565a910ULL); RNDr(S, W, 46, 0xf40e35855771202aULL); RNDr(S, W, 47, 0x106aa07032bbd1b8ULL); RNDr(S, W, 48, 0x19a4c116b8d2d0c8ULL); RNDr(S, W, 49, 0x1e376c085141ab53ULL); RNDr(S, W, 50, 0x2748774cdf8eeb99ULL); RNDr(S, W, 51, 0x34b0bcb5e19b48a8ULL); RNDr(S, W, 52, 0x391c0cb3c5c95a63ULL); RNDr(S, W, 53, 0x4ed8aa4ae3418acbULL); RNDr(S, W, 54, 0x5b9cca4f7763e373ULL); RNDr(S, W, 55, 0x682e6ff3d6b2b8a3ULL); RNDr(S, W, 56, 0x748f82ee5defb2fcULL); RNDr(S, W, 57, 0x78a5636f43172f60ULL); RNDr(S, W, 58, 0x84c87814a1f0ab72ULL); RNDr(S, W, 59, 0x8cc702081a6439ecULL); RNDr(S, W, 60, 0x90befffa23631e28ULL); RNDr(S, W, 61, 0xa4506cebde82bde9ULL); RNDr(S, W, 62, 0xbef9a3f7b2c67915ULL); RNDr(S, W, 63, 0xc67178f2e372532bULL); RNDr(S, W, 64, 0xca273eceea26619cULL); RNDr(S, W, 65, 0xd186b8c721c0c207ULL); RNDr(S, W, 66, 0xeada7dd6cde0eb1eULL); RNDr(S, W, 67, 0xf57d4f7fee6ed178ULL); RNDr(S, W, 68, 0x06f067aa72176fbaULL); RNDr(S, W, 69, 0x0a637dc5a2c898a6ULL); RNDr(S, W, 70, 0x113f9804bef90daeULL); RNDr(S, W, 71, 0x1b710b35131c471bULL); RNDr(S, W, 72, 0x28db77f523047d84ULL); RNDr(S, W, 73, 0x32caab7b40c72493ULL); RNDr(S, W, 74, 0x3c9ebe0a15c9bebcULL); RNDr(S, W, 75, 0x431d67c49c100d4cULL); RNDr(S, W, 76, 0x4cc5d4becb3e42b6ULL); RNDr(S, W, 77, 0x597f299cfc657e2aULL); RNDr(S, W, 78, 0x5fcb6fab3ad6faecULL); RNDr(S, W, 79, 0x6c44198c4a475817ULL); for (i = 0; i < 8; i++) { state[i] += S[i]; } sodium_memzero((void *) W, sizeof W); sodium_memzero((void *) S, sizeof S); sodium_memzero((void *) &t0, sizeof t0); sodium_memzero((void *) &t1, sizeof t1); } static unsigned char PAD[128] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; static void SHA512_Pad(crypto_hash_sha512_state *state) { unsigned char len[16]; uint64_t r, plen; be64enc_vect(len, state->count, 16); r = (state->count[1] >> 3) & 0x7f; plen = (r < 112) ? (112 - r) : (240 - r); crypto_hash_sha512_update(state, PAD, (unsigned long long) plen); crypto_hash_sha512_update(state, len, 16); } int crypto_hash_sha512_init(crypto_hash_sha512_state *state) { static const uint64_t sha512_initstate[8] = { 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; state->count[0] = state->count[1] = (uint64_t) 0U; memcpy(state->state, sha512_initstate, sizeof sha512_initstate); return 0; } int crypto_hash_sha512_update(crypto_hash_sha512_state *state, const unsigned char *in, unsigned long long inlen) { uint64_t bitlen[2]; uint64_t r; const unsigned char *src = in; r = (state->count[1] >> 3) & 0x7f; bitlen[1] = ((uint64_t)inlen) << 3; bitlen[0] = ((uint64_t)inlen) >> 61; /* LCOV_EXCL_START */ if ((state->count[1] += bitlen[1]) < bitlen[1]) { state->count[0]++; } /* LCOV_EXCL_STOP */ state->count[0] += bitlen[0]; if (inlen < 128 - r) { memcpy(&state->buf[r], src, inlen); return 0; } memcpy(&state->buf[r], src, 128 - r); SHA512_Transform(state->state, state->buf); src += 128 - r; inlen -= 128 - r; while (inlen >= 128) { SHA512_Transform(state->state, src); src += 128; inlen -= 128; } memcpy(state->buf, src, inlen); /* inlen < 128 */ return 0; } int crypto_hash_sha512_final(crypto_hash_sha512_state *state, unsigned char *out) { SHA512_Pad(state); be64enc_vect(out, state->state, 64); sodium_memzero((void *) state, sizeof *state); return 0; } int crypto_hash_sha512(unsigned char *out, const unsigned char *in, unsigned long long inlen) { crypto_hash_sha512_state state; crypto_hash_sha512_init(&state); crypto_hash_sha512_update(&state, in, inlen); crypto_hash_sha512_final(&state, out); return 0; }bcrypt_pbkdf-1.1.1/ext/mri/explicit_bzero.c0000644000004100000410000000056114623550075021001 0ustar www-datawww-data/* OPENBSD ORIGINAL: lib/libc/string/explicit_bzero.c */ /* $OpenBSD: explicit_bzero.c,v 1.1 2014/01/22 21:06:45 tedu Exp $ */ /* * Public domain. * Written by Ted Unangst */ #include "includes.h" #ifndef HAVE_EXPLICIT_BZERO /* * explicit_bzero - don't let the compiler optimize away bzero */ void explicit_bzero(void *p, size_t n) { memset(p, 0, n); } #endif bcrypt_pbkdf-1.1.1/ext/mri/bcrypt_pbkdf.c0000644000004100000410000001226214623550075020431 0ustar www-datawww-data/* $OpenBSD: bcrypt_pbkdf.c,v 1.13 2015/01/12 03:20:04 tedu Exp $ */ /* * Copyright (c) 2013 Ted Unangst * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include #include #include #include "blf.h" #include "sha2.h" #include #include "util.h" #define MINIMUM(a,b) (((a) < (b)) ? (a) : (b)) /* * pkcs #5 pbkdf2 implementation using the "bcrypt" hash * * The bcrypt hash function is derived from the bcrypt password hashing * function with the following modifications: * 1. The input password and salt are preprocessed with SHA512. * 2. The output length is expanded to 256 bits. * 3. Subsequently the magic string to be encrypted is lengthened and modifed * to "OxychromaticBlowfishSwatDynamite" * 4. The hash function is defined to perform 64 rounds of initial state * expansion. (More rounds are performed by iterating the hash.) * * Note that this implementation pulls the SHA512 operations into the caller * as a performance optimization. * * One modification from official pbkdf2. Instead of outputting key material * linearly, we mix it. pbkdf2 has a known weakness where if one uses it to * generate (e.g.) 512 bits of key material for use as two 256 bit keys, an * attacker can merely run once through the outer loop, but the user * always runs it twice. Shuffling output bytes requires computing the * entirety of the key material to assemble any subkey. This is something a * wise caller could do; we just do it for you. */ #define BCRYPT_WORDS 8 #define BCRYPT_HASHSIZE (BCRYPT_WORDS * 4) void bcrypt_hash(const uint8_t *sha2pass, const uint8_t *sha2salt, uint8_t *out) { blf_ctx state; uint8_t ciphertext[BCRYPT_HASHSIZE] = "OxychromaticBlowfishSwatDynamite"; uint32_t cdata[BCRYPT_WORDS]; int i; uint16_t j; size_t shalen = SHA512_DIGEST_LENGTH; /* key expansion */ Blowfish_initstate(&state); Blowfish_expandstate(&state, sha2salt, shalen, sha2pass, shalen); for (i = 0; i < 64; i++) { Blowfish_expand0state(&state, sha2salt, shalen); Blowfish_expand0state(&state, sha2pass, shalen); } /* encryption */ j = 0; for (i = 0; i < BCRYPT_WORDS; i++) cdata[i] = Blowfish_stream2word(ciphertext, sizeof(ciphertext), &j); for (i = 0; i < 64; i++) blf_enc(&state, cdata, sizeof(cdata) / sizeof(uint64_t)); /* copy out */ for (i = 0; i < BCRYPT_WORDS; i++) { out[4 * i + 3] = (cdata[i] >> 24) & 0xff; out[4 * i + 2] = (cdata[i] >> 16) & 0xff; out[4 * i + 1] = (cdata[i] >> 8) & 0xff; out[4 * i + 0] = cdata[i] & 0xff; } /* zap */ explicit_bzero(ciphertext, sizeof(ciphertext)); explicit_bzero(cdata, sizeof(cdata)); explicit_bzero(&state, sizeof(state)); } int bcrypt_pbkdf(const char *pass, size_t passlen, const uint8_t *salt, size_t saltlen, uint8_t *key, size_t keylen, unsigned int rounds) { SHA2_CTX ctx; uint8_t sha2pass[SHA512_DIGEST_LENGTH]; uint8_t sha2salt[SHA512_DIGEST_LENGTH]; uint8_t out[BCRYPT_HASHSIZE]; uint8_t tmpout[BCRYPT_HASHSIZE]; uint8_t countsalt[4]; size_t i, j, amt, stride; uint32_t count; size_t origkeylen = keylen; /* nothing crazy */ if (rounds < 1) return -1; if (passlen == 0 || saltlen == 0 || keylen == 0 || keylen > sizeof(out) * sizeof(out)) return -1; stride = (keylen + sizeof(out) - 1) / sizeof(out); amt = (keylen + stride - 1) / stride; /* collapse password */ SHA512Init(&ctx); SHA512Update(&ctx, pass, passlen); SHA512Final(sha2pass, &ctx); /* generate key, sizeof(out) at a time */ for (count = 1; keylen > 0; count++) { countsalt[0] = (count >> 24) & 0xff; countsalt[1] = (count >> 16) & 0xff; countsalt[2] = (count >> 8) & 0xff; countsalt[3] = count & 0xff; /* first round, salt is salt */ SHA512Init(&ctx); SHA512Update(&ctx, salt, saltlen); SHA512Update(&ctx, countsalt, sizeof(countsalt)); SHA512Final(sha2salt, &ctx); bcrypt_hash(sha2pass, sha2salt, tmpout); memcpy(out, tmpout, sizeof(out)); for (i = 1; i < rounds; i++) { /* subsequent rounds, salt is previous output */ SHA512Init(&ctx); SHA512Update(&ctx, tmpout, sizeof(tmpout)); SHA512Final(sha2salt, &ctx); bcrypt_hash(sha2pass, sha2salt, tmpout); for (j = 0; j < sizeof(out); j++) out[j] ^= tmpout[j]; } /* * pbkdf2 deviation: output the key material non-linearly. */ amt = MINIMUM(amt, keylen); for (i = 0; i < amt; i++) { size_t dest = i * stride + (count - 1); if (dest >= origkeylen) break; key[dest] = out[i]; } keylen -= i; } /* zap */ explicit_bzero(&ctx, sizeof(ctx)); explicit_bzero(out, sizeof(out)); return 0; }bcrypt_pbkdf-1.1.1/ext/mri/sha2.h0000644000004100000410000000076314623550075016625 0ustar www-datawww-data#include "crypto_hash_sha512.h" #define SHA2_CTX crypto_hash_sha512_state #ifdef SHA512_DIGEST_LENGTH # undef SHA512_DIGEST_LENGTH #endif #define SHA512_DIGEST_LENGTH crypto_hash_sha512_BYTES inline static void SHA512Init(SHA2_CTX* ctx) { crypto_hash_sha512_init(ctx); } inline static void SHA512Update(SHA2_CTX* ctx, const void *in, size_t inlen) { crypto_hash_sha512_update(ctx, in, inlen); } inline static void SHA512Final(uint8_t* out, SHA2_CTX* ctx) { crypto_hash_sha512_final(ctx, out); } bcrypt_pbkdf-1.1.1/ext/mri/extconf.rb0000644000004100000410000000012214623550075017577 0ustar www-datawww-datarequire "mkmf" dir_config("bcrypt_pbkdf_ext") create_makefile("bcrypt_pbkdf_ext") bcrypt_pbkdf-1.1.1/README.md0000644000004100000410000000206114623550075015500 0ustar www-datawww-data# bcrypt_pbkdf-ruby bcrypt_pbkdf is a ruby gem implementing bcrypt_pbkdf from OpenBSD. This is currently used by net-ssh to read password encrypted Ed25519 keys. [![Build Status](https://github.com/net-ssh/bcrypt_pbkdf-ruby/actions/workflows/ci.yml/badge.svg?branch=master&event=push)](https://github.com/net-ssh/bcrypt_pbkdf-ruby/actions/workflows/ci.yml) ## Acknowledgements * The gut of the code is based on OpenBSD's bcrypt_pbkdf.c implementation * Some ideas/code were taken adopted bcrypt-ruby: https://github.com/codahale/bcrypt-ruby ## Links * http://www.tedunangst.com/flak/post/bcrypt-pbkdf * http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libutil/bcrypt_pbkdf.c?rev=1.13&content-type=text/x-cvsweb-markup ## Building For windows and osx cross build make sure you checked out the gem source under the home directory and have docker installed. ```sh gem install rake-compiler-dock ``` ```sh bundle exec rake compile bundle exec rake test bundle exec rake clean clobber bundle exec rake gem:all bundle exec rake release bundle exec rake gem:release ``` bcrypt_pbkdf-1.1.1/CHANGELOG.md0000644000004100000410000000004014623550075016025 0ustar www-datawww-data# 1.0.0.apha1 initial version