/*
 * CDDL HEADER START
 *
 * The contents of this file are subject to the terms of the
 * Common Development and Distribution License (the "License").
 * You may not use this file except in compliance with the License.
 *
 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
 * or http://www.opensolaris.org/os/licensing.
 * See the License for the specific language governing permissions
 * and limitations under the License.
 *
 * When distributing Covered Code, include this CDDL HEADER in each
 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
 * If applicable, add the following below this CDDL HEADER, with the
 * fields enclosed by brackets "[]" replaced with your own identifying
 * information: Portions Copyright [yyyy] [name of copyright owner]
 *
 * CDDL HEADER END
 */
/*
 * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
 * Use is subject to license terms.
 */

/*
 * Blowfish encryption/decryption and keyschedule code.
 */

#include <sys/types.h>
#include <sys/systm.h>
#include <sys/ddi.h>
#include <sys/sysmacros.h>
#include <sys/strsun.h>
#include <sys/note.h>
#include <sys/byteorder.h>
#include <sys/crypto/spi.h>
#include <modes/modes.h>
#include <sys/crypto/common.h>
#include "blowfish_impl.h"

#ifdef _KERNEL

#define	BLOWFISH_ASSERT(x)	ASSERT(x)

#else /* !_KERNEL */

#include <strings.h>
#include <stdlib.h>
#define	BLOWFISH_ASSERT(x)
#endif /* _KERNEL */

#if defined(__i386) || defined(__amd64)
#include <sys/byteorder.h>
#define	UNALIGNED_POINTERS_PERMITTED
#endif

/*
 * Blowfish initial P box and S boxes, derived from the hex digits of PI.
 *
 * NOTE:  S boxes are placed into one large array.
 */
static const uint32_t init_P[] = {
	0x243f6a88U, 0x85a308d3U, 0x13198a2eU,
	0x03707344U, 0xa4093822U, 0x299f31d0U,
	0x082efa98U, 0xec4e6c89U, 0x452821e6U,
	0x38d01377U, 0xbe5466cfU, 0x34e90c6cU,
	0xc0ac29b7U, 0xc97c50ddU, 0x3f84d5b5U,
	0xb5470917U, 0x9216d5d9U, 0x8979fb1bU
};

static const uint32_t init_S[] = {
	/* S-Box 0. */
	0xd1310ba6U, 0x98dfb5acU, 0x2ffd72dbU, 0xd01adfb7U,
	0xb8e1afedU, 0x6a267e96U, 0xba7c9045U, 0xf12c7f99U,
	0x24a19947U, 0xb3916cf7U, 0x0801f2e2U, 0x858efc16U,
	0x636920d8U, 0x71574e69U, 0xa458fea3U, 0xf4933d7eU,
	0x0d95748fU, 0x728eb658U, 0x718bcd58U, 0x82154aeeU,
	0x7b54a41dU, 0xc25a59b5U, 0x9c30d539U, 0x2af26013U,
	0xc5d1b023U, 0x286085f0U, 0xca417918U, 0xb8db38efU,
	0x8e79dcb0U, 0x603a180eU, 0x6c9e0e8bU, 0xb01e8a3eU,
	0xd71577c1U, 0xbd314b27U, 0x78af2fdaU, 0x55605c60U,
	0xe65525f3U, 0xaa55ab94U, 0x57489862U, 0x63e81440U,
	0x55ca396aU, 0x2aab10b6U, 0xb4cc5c34U, 0x1141e8ceU,
	0xa15486afU, 0x7c72e993U, 0xb3ee1411U, 0x636fbc2aU,
	0x2ba9c55dU, 0x741831f6U, 0xce5c3e16U, 0x9b87931eU,
	0xafd6ba33U, 0x6c24cf5cU, 0x7a325381U, 0x28958677U,
	0x3b8f4898U, 0x6b4bb9afU, 0xc4bfe81bU, 0x66282193U,
	0x61d809ccU, 0xfb21a991U, 0x487cac60U, 0x5dec8032U,
	0xef845d5dU, 0xe98575b1U, 0xdc262302U, 0xeb651b88U,
	0x23893e81U, 0xd396acc5U, 0x0f6d6ff3U, 0x83f44239U,
	0x2e0b4482U, 0xa4842004U, 0x69c8f04aU, 0x9e1f9b5eU,
	0x21c66842U, 0xf6e96c9aU, 0x670c9c61U, 0xabd388f0U,
	0x6a51a0d2U, 0xd8542f68U, 0x960fa728U, 0xab5133a3U,
	0x6eef0b6cU, 0x137a3be4U, 0xba3bf050U, 0x7efb2a98U,
	0xa1f1651dU, 0x39af0176U, 0x66ca593eU, 0x82430e88U,
	0x8cee8619U, 0x456f9fb4U, 0x7d84a5c3U, 0x3b8b5ebeU,
	0xe06f75d8U, 0x85c12073U, 0x401a449fU, 0x56c16aa6U,
	0x4ed3aa62U, 0x363f7706U, 0x1bfedf72U, 0x429b023dU,
	0x37d0d724U, 0xd00a1248U, 0xdb0fead3U, 0x49f1c09bU,
	0x075372c9U, 0x80991b7bU, 0x25d479d8U, 0xf6e8def7U,
	0xe3fe501aU, 0xb6794c3bU, 0x976ce0bdU, 0x04c006baU,
	0xc1a94fb6U, 0x409f60c4U, 0x5e5c9ec2U, 0x196a2463U,
	0x68fb6fafU, 0x3e6c53b5U, 0x1339b2ebU, 0x3b52ec6fU,
	0x6dfc511fU, 0x9b30952cU, 0xcc814544U, 0xaf5ebd09U,
	0xbee3d004U, 0xde334afdU, 0x660f2807U, 0x192e4bb3U,
	0xc0cba857U, 0x45c8740fU, 0xd20b5f39U, 0xb9d3fbdbU,
	0x5579c0bdU, 0x1a60320aU, 0xd6a100c6U, 0x402c7279U,
	0x679f25feU, 0xfb1fa3ccU, 0x8ea5e9f8U, 0xdb3222f8U,
	0x3c7516dfU, 0xfd616b15U, 0x2f501ec8U, 0xad0552abU,
	0x323db5faU, 0xfd238760U, 0x53317b48U, 0x3e00df82U,
	0x9e5c57bbU, 0xca6f8ca0U, 0x1a87562eU, 0xdf1769dbU,
	0xd542a8f6U, 0x287effc3U, 0xac6732c6U, 0x8c4f5573U,
	0x695b27b0U, 0xbbca58c8U, 0xe1ffa35dU, 0xb8f011a0U,
	0x10fa3d98U, 0xfd2183b8U, 0x4afcb56cU, 0x2dd1d35bU,
	0x9a53e479U, 0xb6f84565U, 0xd28e49bcU, 0x4bfb9790U,
	0xe1ddf2daU, 0xa4cb7e33U, 0x62fb1341U, 0xcee4c6e8U,
	0xef20cadaU, 0x36774c01U, 0xd07e9efeU, 0x2bf11fb4U,
	0x95dbda4dU, 0xae909198U, 0xeaad8e71U, 0x6b93d5a0U,
	0xd08ed1d0U, 0xafc725e0U, 0x8e3c5b2fU, 0x8e7594b7U,
	0x8ff6e2fbU, 0xf2122b64U, 0x8888b812U, 0x900df01cU,
	0x4fad5ea0U, 0x688fc31cU, 0xd1cff191U, 0xb3a8c1adU,
	0x2f2f2218U, 0xbe0e1777U, 0xea752dfeU, 0x8b021fa1U,
	0xe5a0cc0fU, 0xb56f74e8U, 0x18acf3d6U, 0xce89e299U,
	0xb4a84fe0U, 0xfd13e0b7U, 0x7cc43b81U, 0xd2ada8d9U,
	0x165fa266U, 0x80957705U, 0x93cc7314U, 0x211a1477U,
	0xe6ad2065U, 0x77b5fa86U, 0xc75442f5U, 0xfb9d35cfU,
	0xebcdaf0cU, 0x7b3e89a0U, 0xd6411bd3U, 0xae1e7e49U,
	0x00250e2dU, 0x2071b35eU, 0x226800bbU, 0x57b8e0afU,
	0x2464369bU, 0xf009b91eU, 0x5563911dU, 0x59dfa6aaU,
	0x78c14389U, 0xd95a537fU, 0x207d5ba2U, 0x02e5b9c5U,
	0x83260376U, 0x6295cfa9U, 0x11c81968U, 0x4e734a41U,
	0xb3472dcaU, 0x7b14a94aU, 0x1b510052U, 0x9a532915U,
	0xd60f573fU, 0xbc9bc6e4U, 0x2b60a476U, 0x81e67400U,
	0x08ba6fb5U, 0x571be91fU, 0xf296ec6bU, 0x2a0dd915U,
	0xb6636521U, 0xe7b9f9b6U, 0xff34052eU, 0xc5855664U,
	0x53b02d5dU, 0xa99f8fa1U, 0x08ba4799U, 0x6e85076aU,

	/* S-Box 1. */
	0x4b7a70e9U, 0xb5b32944U, 0xdb75092eU, 0xc4192623U,
	0xad6ea6b0U, 0x49a7df7dU, 0x9cee60b8U, 0x8fedb266U,
	0xecaa8c71U, 0x699a17ffU, 0x5664526cU, 0xc2b19ee1U,
	0x193602a5U, 0x75094c29U, 0xa0591340U, 0xe4183a3eU,
	0x3f54989aU, 0x5b429d65U, 0x6b8fe4d6U, 0x99f73fd6U,
	0xa1d29c07U, 0xefe830f5U, 0x4d2d38e6U, 0xf0255dc1U,
	0x4cdd2086U, 0x8470eb26U, 0x6382e9c6U, 0x021ecc5eU,
	0x09686b3fU, 0x3ebaefc9U, 0x3c971814U, 0x6b6a70a1U,
	0x687f3584U, 0x52a0e286U, 0xb79c5305U, 0xaa500737U,
	0x3e07841cU, 0x7fdeae5cU, 0x8e7d44ecU, 0x5716f2b8U,
	0xb03ada37U, 0xf0500c0dU, 0xf01c1f04U, 0x0200b3ffU,
	0xae0cf51aU, 0x3cb574b2U, 0x25837a58U, 0xdc0921bdU,
	0xd19113f9U, 0x7ca92ff6U, 0x94324773U, 0x22f54701U,
	0x3ae5e581U, 0x37c2dadcU, 0xc8b57634U, 0x9af3dda7U,
	0xa9446146U, 0x0fd0030eU, 0xecc8c73eU, 0xa4751e41U,
	0xe238cd99U, 0x3bea0e2fU, 0x3280bba1U, 0x183eb331U,
	0x4e548b38U, 0x4f6db908U, 0x6f420d03U, 0xf60a04bfU,
	0x2cb81290U, 0x24977c79U, 0x5679b072U, 0xbcaf89afU,
	0xde9a771fU, 0xd9930810U, 0xb38bae12U, 0xdccf3f2eU,
	0x5512721fU, 0x2e6b7124U, 0x501adde6U, 0x9f84cd87U,
	0x7a584718U, 0x7408da17U, 0xbc9f9abcU, 0xe94b7d8cU,
	0xec7aec3aU, 0xdb851dfaU, 0x63094366U, 0xc464c3d2U,
	0xef1c1847U, 0x3215d908U, 0xdd433b37U, 0x24c2ba16U,
	0x12a14d43U, 0x2a65c451U, 0x50940002U, 0x133ae4ddU,
	0x71dff89eU, 0x10314e55U, 0x81ac77d6U, 0x5f11199bU,
	0x043556f1U, 0xd7a3c76bU, 0x3c11183bU, 0x5924a509U,
	0xf28fe6edU, 0x97f1fbfaU, 0x9ebabf2cU, 0x1e153c6eU,
	0x86e34570U, 0xeae96fb1U, 0x860e5e0aU, 0x5a3e2ab3U,
	0x771fe71cU, 0x4e3d06faU, 0x2965dcb9U, 0x99e71d0fU,
	0x803e89d6U, 0x5266c825U, 0x2e4cc978U, 0x9c10b36aU,
	0xc6150ebaU, 0x94e2ea78U, 0xa5fc3c53U, 0x1e0a2df4U,
	0xf2f74ea7U, 0x361d2b3dU, 0x1939260fU, 0x19c27960U,
	0x5223a708U, 0xf71312b6U, 0xebadfe6eU, 0xeac31f66U,
	0xe3bc4595U, 0xa67bc883U, 0xb17f37d1U, 0x018cff28U,
	0xc332ddefU, 0xbe6c5aa5U, 0x65582185U, 0x68ab9802U,
	0xeecea50fU, 0xdb2f953bU, 0x2aef7dadU, 0x5b6e2f84U,
	0x1521b628U, 0x29076170U, 0xecdd4775U, 0x619f1510U,
	0x13cca830U, 0xeb61bd96U, 0x0334fe1eU, 0xaa0363cfU,
	0xb5735c90U, 0x4c70a239U, 0xd59e9e0bU, 0xcbaade14U,
	0xeecc86bcU, 0x60622ca7U, 0x9cab5cabU, 0xb2f3846eU,
	0x648b1eafU, 0x19bdf0caU, 0xa02369b9U, 0x655abb50U,
	0x40685a32U, 0x3c2ab4b3U, 0x319ee9d5U, 0xc021b8f7U,
	0x9b540b19U, 0x875fa099U, 0x95f7997eU, 0x623d7da8U,
	0xf837889aU, 0x97e32d77U, 0x11ed935fU, 0x16681281U,
	0x0e358829U, 0xc7e61fd6U, 0x96dedfa1U, 0x7858ba99U,
	0x57f584a5U, 0x1b227263U, 0x9b83c3ffU, 0x1ac24696U,
	0xcdb30aebU, 0x532e3054U, 0x8fd948e4U, 0x6dbc3128U,
	0x58ebf2efU, 0x34c6ffeaU, 0xfe28ed61U, 0xee7c3c73U,
	0x5d4a14d9U, 0xe864b7e3U, 0x42105d14U, 0x203e13e0U,
	0x45eee2b6U, 0xa3aaabeaU, 0xdb6c4f15U, 0xfacb4fd0U,
	0xc742f442U, 0xef6abbb5U, 0x654f3b1dU, 0x41cd2105U,
	0xd81e799eU, 0x86854dc7U, 0xe44b476aU, 0x3d816250U,
	0xcf62a1f2U, 0x5b8d2646U, 0xfc8883a0U, 0xc1c7b6a3U,
	0x7f1524c3U, 0x69cb7492U, 0x47848a0bU, 0x5692b285U,
	0x095bbf00U, 0xad19489dU, 0x1462b174U, 0x23820e00U,
	0x58428d2aU, 0x0c55f5eaU, 0x1dadf43eU, 0x233f7061U,
	0x3372f092U, 0x8d937e41U, 0xd65fecf1U, 0x6c223bdbU,
	0x7cde3759U, 0xcbee7460U, 0x4085f2a7U, 0xce77326eU,
	0xa6078084U, 0x19f8509eU, 0xe8efd855U, 0x61d99735U,
	0xa969a7aaU, 0xc50c06c2U, 0x5a04abfcU, 0x800bcadcU,
	0x9e447a2eU, 0xc3453484U, 0xfdd56705U, 0x0e1e9ec9U,
	0xdb73dbd3U, 0x105588cdU, 0x675fda79U, 0xe3674340U,
	0xc5c43465U, 0x713e38d8U, 0x3d28f89eU, 0xf16dff20U,
	0x153e21e7U, 0x8fb03d4aU, 0xe6e39f2bU, 0xdb83adf7U,

	/* S-Box 2. */
	0xe93d5a68U, 0x948140f7U, 0xf64c261cU, 0x94692934U,
	0x411520f7U, 0x7602d4f7U, 0xbcf46b2eU, 0xd4a20068U,
	0xd4082471U, 0x3320f46aU, 0x43b7d4b7U, 0x500061afU,
	0x1e39f62eU, 0x97244546U, 0x14214f74U, 0xbf8b8840U,
	0x4d95fc1dU, 0x96b591afU, 0x70f4ddd3U, 0x66a02f45U,
	0xbfbc09ecU, 0x03bd9785U, 0x7fac6dd0U, 0x31cb8504U,
	0x96eb27b3U, 0x55fd3941U, 0xda2547e6U, 0xabca0a9aU,
	0x28507825U, 0x530429f4U, 0x0a2c86daU, 0xe9b66dfbU,
	0x68dc1462U, 0xd7486900U, 0x680ec0a4U, 0x27a18deeU,
	0x4f3ffea2U, 0xe887ad8cU, 0xb58ce006U, 0x7af4d6b6U,
	0xaace1e7cU, 0xd3375fecU, 0xce78a399U, 0x406b2a42U,
	0x20fe9e35U, 0xd9f385b9U, 0xee39d7abU, 0x3b124e8bU,
	0x1dc9faf7U, 0x4b6d1856U, 0x26a36631U, 0xeae397b2U,
	0x3a6efa74U, 0xdd5b4332U, 0x6841e7f7U, 0xca7820fbU,
	0xfb0af54eU, 0xd8feb397U, 0x454056acU, 0xba489527U,
	0x55533a3aU, 0x20838d87U, 0xfe6ba9b7U, 0xd096954bU,
	0x55a867bcU, 0xa1159a58U, 0xcca92963U, 0x99e1db33U,
	0xa62a4a56U, 0x3f3125f9U, 0x5ef47e1cU, 0x9029317cU,
	0xfdf8e802U, 0x04272f70U, 0x80bb155cU, 0x05282ce3U,
	0x95c11548U, 0xe4c66d22U, 0x48c1133fU, 0xc70f86dcU,
	0x07f9c9eeU, 0x41041f0fU, 0x404779a4U, 0x5d886e17U,
	0x325f51ebU, 0xd59bc0d1U, 0xf2bcc18fU, 0x41113564U,
	0x257b7834U, 0x602a9c60U, 0xdff8e8a3U, 0x1f636c1bU,
	0x0e12b4c2U, 0x02e1329eU, 0xaf664fd1U, 0xcad18115U,
	0x6b2395e0U, 0x333e92e1U, 0x3b240b62U, 0xeebeb922U,
	0x85b2a20eU, 0xe6ba0d99U, 0xde720c8cU, 0x2da2f728U,
	0xd0127845U, 0x95b794fdU, 0x647d0862U, 0xe7ccf5f0U,
	0x5449a36fU, 0x877d48faU, 0xc39dfd27U, 0xf33e8d1eU,
	0x0a476341U, 0x992eff74U, 0x3a6f6eabU, 0xf4f8fd37U,
	0xa812dc60U, 0xa1ebddf8U, 0x991be14cU, 0xdb6e6b0dU,
	0xc67b5510U, 0x6d672c37U, 0x2765d43bU, 0xdcd0e804U,
	0xf1290dc7U, 0xcc00ffa3U, 0xb5390f92U, 0x690fed0bU,
	0x667b9ffbU, 0xcedb7d9cU, 0xa091cf0bU, 0xd9155ea3U,
	0xbb132f88U, 0x515bad24U, 0x7b9479bfU, 0x763bd6ebU,
	0x37392eb3U, 0xcc115979U, 0x8026e297U, 0xf42e312dU,
	0x6842ada7U, 0xc66a2b3bU, 0x12754cccU, 0x782ef11cU,
	0x6a124237U, 0xb79251e7U, 0x06a1bbe6U, 0x4bfb6350U,
	0x1a6b1018U, 0x11caedfaU, 0x3d25bdd8U, 0xe2e1c3c9U,
	0x44421659U, 0x0a121386U, 0xd90cec6eU, 0xd5abea2aU,
	0x64af674eU, 0xda86a85fU, 0xbebfe988U, 0x64e4c3feU,
	0x9dbc8057U, 0xf0f7c086U, 0x60787bf8U, 0x6003604dU,
	0xd1fd8346U, 0xf6381fb0U, 0x7745ae04U, 0xd736fcccU,
	0x83426b33U, 0xf01eab71U, 0xb0804187U, 0x3c005e5fU,
	0x77a057beU, 0xbde8ae24U, 0x55464299U, 0xbf582e61U,
	0x4e58f48fU, 0xf2ddfda2U, 0xf474ef38U, 0x8789bdc2U,
	0x5366f9c3U, 0xc8b38e74U, 0xb475f255U, 0x46fcd9b9U,
	0x7aeb2661U, 0x8b1ddf84U, 0x846a0e79U, 0x915f95e2U,
	0x466e598eU, 0x20b45770U, 0x8cd55591U, 0xc902de4cU,
	0xb90bace1U, 0xbb8205d0U, 0x11a86248U, 0x7574a99eU,
	0xb77f19b6U, 0xe0a9dc09U, 0x662d09a1U, 0xc4324633U,
	0xe85a1f02U, 0x09f0be8cU, 0x4a99a025U, 0x1d6efe10U,
	0x1ab93d1dU, 0x0ba5a4dfU, 0xa186f20fU, 0x2868f169U,
	0xdcb7da83U, 0x573906feU, 0xa1e2ce9bU, 0x4fcd7f52U,
	0x50115e01U, 0xa70683faU, 0xa002b5c4U, 0x0de6d027U,
	0x9af88c27U, 0x773f8641U, 0xc3604c06U, 0x61a806b5U,
	0xf0177a28U, 0xc0f586e0U, 0x006058aaU, 0x30dc7d62U,
	0x11e69ed7U, 0x2338ea63U, 0x53c2dd94U, 0xc2c21634U,
	0xbbcbee56U, 0x90bcb6deU, 0xebfc7da1U, 0xce591d76U,
	0x6f05e409U, 0x4b7c0188U, 0x39720a3dU, 0x7c927c24U,
	0x86e3725fU, 0x724d9db9U, 0x1ac15bb4U, 0xd39eb8fcU,
	0xed545578U, 0x08fca5b5U, 0xd83d7cd3U, 0x4dad0fc4U,
	0x1e50ef5eU, 0xb161e6f8U, 0xa28514d9U, 0x6c51133cU,
	0x6fd5c7e7U, 0x56e14ec4U, 0x362abfceU, 0xddc6c837U,
	0xd79a3234U, 0x92638212U, 0x670efa8eU, 0x406000e0U,

	/* S-Box 3. */
	0x3a39ce37U, 0xd3faf5cfU, 0xabc27737U, 0x5ac52d1bU,
	0x5cb0679eU, 0x4fa33742U, 0xd3822740U, 0x99bc9bbeU,
	0xd5118e9dU, 0xbf0f7315U, 0xd62d1c7eU, 0xc700c47bU,
	0xb78c1b6bU, 0x21a19045U, 0xb26eb1beU, 0x6a366eb4U,
	0x5748ab2fU, 0xbc946e79U, 0xc6a376d2U, 0x6549c2c8U,
	0x530ff8eeU, 0x468dde7dU, 0xd5730a1dU, 0x4cd04dc6U,
	0x2939bbdbU, 0xa9ba4650U, 0xac9526e8U, 0xbe5ee304U,
	0xa1fad5f0U, 0x6a2d519aU, 0x63ef8ce2U, 0x9a86ee22U,
	0xc089c2b8U, 0x43242ef6U, 0xa51e03aaU, 0x9cf2d0a4U,
	0x83c061baU, 0x9be96a4dU, 0x8fe51550U, 0xba645bd6U,
	0x2826a2f9U, 0xa73a3ae1U, 0x4ba99586U, 0xef5562e9U,
	0xc72fefd3U, 0xf752f7daU, 0x3f046f69U, 0x77fa0a59U,
	0x80e4a915U, 0x87b08601U, 0x9b09e6adU, 0x3b3ee593U,
	0xe990fd5aU, 0x9e34d797U, 0x2cf0b7d9U, 0x022b8b51U,
	0x96d5ac3aU, 0x017da67dU, 0xd1cf3ed6U, 0x7c7d2d28U,
	0x1f9f25cfU, 0xadf2b89bU, 0x5ad6b472U, 0x5a88f54cU,
	0xe029ac71U, 0xe019a5e6U, 0x47b0acfdU, 0xed93fa9bU,
	0xe8d3c48dU, 0x283b57ccU, 0xf8d56629U, 0x79132e28U,
	0x785f0191U, 0xed756055U, 0xf7960e44U, 0xe3d35e8cU,
	0x15056dd4U, 0x88f46dbaU, 0x03a16125U, 0x0564f0bdU,
	0xc3eb9e15U, 0x3c9057a2U, 0x97271aecU, 0xa93a072aU,
	0x1b3f6d9bU, 0x1e6321f5U, 0xf59c66fbU, 0x26dcf319U,
	0x7533d928U, 0xb155fdf5U, 0x03563482U, 0x8aba3cbbU,
	0x28517711U, 0xc20ad9f8U, 0xabcc5167U, 0xccad925fU,
	0x4de81751U, 0x3830dc8eU, 0x379d5862U, 0x9320f991U,
	0xea7a90c2U, 0xfb3e7bceU, 0x5121ce64U, 0x774fbe32U,
	0xa8b6e37eU, 0xc3293d46U, 0x48de5369U, 0x6413e680U,
	0xa2ae0810U, 0xdd6db224U, 0x69852dfdU, 0x09072166U,
	0xb39a460aU, 0x6445c0ddU, 0x586cdecfU, 0x1c20c8aeU,
	0x5bbef7ddU, 0x1b588d40U, 0xccd2017fU, 0x6bb4e3bbU,
	0xdda26a7eU, 0x3a59ff45U, 0x3e350a44U, 0xbcb4cdd5U,
	0x72eacea8U, 0xfa6484bbU, 0x8d6612aeU, 0xbf3c6f47U,
	0xd29be463U, 0x542f5d9eU, 0xaec2771bU, 0xf64e6370U,
	0x740e0d8dU, 0xe75b1357U, 0xf8721671U, 0xaf537d5dU,
	0x4040cb08U, 0x4eb4e2ccU, 0x34d2466aU, 0x0115af84U,
	0xe1b00428U, 0x95983a1dU, 0x06b89fb4U, 0xce6ea048U,
	0x6f3f3b82U, 0x3520ab82U, 0x011a1d4bU, 0x277227f8U,
	0x611560b1U, 0xe7933fdcU, 0xbb3a792bU, 0x344525bdU,
	0xa08839e1U, 0x51ce794bU, 0x2f32c9b7U, 0xa01fbac9U,
	0xe01cc87eU, 0xbcc7d1f6U, 0xcf0111c3U, 0xa1e8aac7U,
	0x1a908749U, 0xd44fbd9aU, 0xd0dadecbU, 0xd50ada38U,
	0x0339c32aU, 0xc6913667U, 0x8df9317cU, 0xe0b12b4fU,
	0xf79e59b7U, 0x43f5bb3aU, 0xf2d519ffU, 0x27d9459cU,
	0xbf97222cU, 0x15e6fc2aU, 0x0f91fc71U, 0x9b941525U,
	0xfae59361U, 0xceb69cebU, 0xc2a86459U, 0x12baa8d1U,
	0xb6c1075eU, 0xe3056a0cU, 0x10d25065U, 0xcb03a442U,
	0xe0ec6e0eU, 0x1698db3bU, 0x4c98a0beU, 0x3278e964U,
	0x9f1f9532U, 0xe0d392dfU, 0xd3a0342bU, 0x8971f21eU,
	0x1b0a7441U, 0x4ba3348cU, 0xc5be7120U, 0xc37632d8U,
	0xdf359f8dU, 0x9b992f2eU, 0xe60b6f47U, 0x0fe3f11dU,
	0xe54cda54U, 0x1edad891U, 0xce6279cfU, 0xcd3e7e6fU,
	0x1618b166U, 0xfd2c1d05U, 0x848fd2c5U, 0xf6fb2299U,
	0xf523f357U, 0xa6327623U, 0x93a83531U, 0x56cccd02U,
	0xacf08162U, 0x5a75ebb5U, 0x6e163697U, 0x88d273ccU,
	0xde966292U, 0x81b949d0U, 0x4c50901bU, 0x71c65614U,
	0xe6c6c7bdU, 0x327a140aU, 0x45e1d006U, 0xc3f27b9aU,
	0xc9aa53fdU, 0x62a80f00U, 0xbb25bfe2U, 0x35bdd2f6U,
	0x71126905U, 0xb2040222U, 0xb6cbcf7cU, 0xcd769c2bU,
	0x53113ec0U, 0x1640e3d3U, 0x38abbd60U, 0x2547adf0U,
	0xba38209cU, 0xf746ce76U, 0x77afa1c5U, 0x20756060U,
	0x85cbfe4eU, 0x8ae88dd8U, 0x7aaaf9b0U, 0x4cf9aa7eU,
	0x1948c25cU, 0x02fb8a8cU, 0x01c36ae4U, 0xd6ebe1f9U,
	0x90d4f869U, 0xa65cdea0U, 0x3f09252dU, 0xc208e69fU,
	0xb74e6132U, 0xce77e25bU, 0x578fdfe3U, 0x3ac372e6U,
};

typedef struct keysched_s {
	uint32_t ksch_S[1024];	/* The 4 S boxes are 256 32-bit words. */
	uint32_t ksch_P[18];	/* P box is 18 32-bit words. */
} keysched_t;

/*
 * Since ROUND() is a macro, make sure that the things inside can be
 * evaluated more than once.  Especially when calling F().
 * Assume the presence of local variables:
 *
 *	uint32_t *P;
 *	uint32_t *S;
 *	uint32_t tmp;
 *
 *
 * And to Microsoft interview survivors out there, perhaps I should do the
 * XOR swap trick, or at least #ifdef (__i386) the tmp = ... = tmp; stuff.
 */

#define	F(word) \
	(((S[(word >> 24) & 0xff] + S[256 + ((word >> 16) & 0xff)]) ^ \
		S[512 + ((word >> 8) & 0xff)]) + S[768 + (word & 0xff)])

#define	ROUND(left, right, i) \
	(left) ^= P[i]; \
	(right) ^= F((left)); \
	tmp = (left); \
	(left) = (right); \
	(right) = tmp;

/*
 * Encrypt a block of data.  Because of addition operations, convert blocks
 * to their big-endian representation, even on Intel boxen.
 */
/* ARGSUSED */
int
blowfish_encrypt_block(const void *cookie, const uint8_t *block,
    uint8_t *out_block)
{
	keysched_t *ksch = (keysched_t *)cookie;

	uint32_t left, right, tmp;
	uint32_t *P = ksch->ksch_P;
	uint32_t *S = ksch->ksch_S;
#ifdef _BIG_ENDIAN
	uint32_t *b32;

	if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
		/* LINTED:  pointer alignment */
		b32 = (uint32_t *)block;
		left = b32[0];
		right = b32[1];
	} else
#endif
	{
	/*
	 * Read input block and place in left/right in big-endian order.
	 */
#ifdef UNALIGNED_POINTERS_PERMITTED
	left = htonl(*(uint32_t *)(void *)&block[0]);
	right = htonl(*(uint32_t *)(void *)&block[4]);
#else
	left = ((uint32_t)block[0] << 24)
	    | ((uint32_t)block[1] << 16)
	    | ((uint32_t)block[2] << 8)
	    | (uint32_t)block[3];
	right = ((uint32_t)block[4] << 24)
	    | ((uint32_t)block[5] << 16)
	    | ((uint32_t)block[6] << 8)
	    | (uint32_t)block[7];
#endif	/* UNALIGNED_POINTERS_PERMITTED */
	}

	ROUND(left, right, 0);
	ROUND(left, right, 1);
	ROUND(left, right, 2);
	ROUND(left, right, 3);
	ROUND(left, right, 4);
	ROUND(left, right, 5);
	ROUND(left, right, 6);
	ROUND(left, right, 7);
	ROUND(left, right, 8);
	ROUND(left, right, 9);
	ROUND(left, right, 10);
	ROUND(left, right, 11);
	ROUND(left, right, 12);
	ROUND(left, right, 13);
	ROUND(left, right, 14);
	ROUND(left, right, 15);

	tmp = left;
	left = right;
	right = tmp;
	right ^= P[16];
	left ^= P[17];

#ifdef _BIG_ENDIAN
	if (IS_P2ALIGNED(out_block, sizeof (uint32_t))) {
		/* LINTED:  pointer alignment */
		b32 = (uint32_t *)out_block;
		b32[0] = left;
		b32[1] = right;
	} else
#endif
	{
		/* Put the block back into the user's block with final swap */
#ifdef UNALIGNED_POINTERS_PERMITTED
		*(uint32_t *)(void *)&out_block[0] = htonl(left);
		*(uint32_t *)(void *)&out_block[4] = htonl(right);
#else
		out_block[0] = left >> 24;
		out_block[1] = left >> 16;
		out_block[2] = left >> 8;
		out_block[3] = left;
		out_block[4] = right >> 24;
		out_block[5] = right >> 16;
		out_block[6] = right >> 8;
		out_block[7] = right;
#endif	/* UNALIGNED_POINTERS_PERMITTED */
	}
	return (CRYPTO_SUCCESS);
}

/*
 * Decrypt a block of data.  Because of addition operations, convert blocks
 * to their big-endian representation, even on Intel boxen.
 * It should look like the blowfish_encrypt_block() operation
 * except for the order in which the S/P boxes are accessed.
 */
/* ARGSUSED */
int
blowfish_decrypt_block(const void *cookie, const uint8_t *block,
    uint8_t *out_block)
{
	keysched_t *ksch = (keysched_t *)cookie;

	uint32_t left, right, tmp;
	uint32_t *P = ksch->ksch_P;
	uint32_t *S = ksch->ksch_S;
#ifdef _BIG_ENDIAN
	uint32_t *b32;

	if (IS_P2ALIGNED(block, sizeof (uint32_t))) {
		/* LINTED:  pointer alignment */
		b32 = (uint32_t *)block;
		left = b32[0];
		right = b32[1];
	} else
#endif
	{
	/*
	 * Read input block and place in left/right in big-endian order.
	 */
#ifdef UNALIGNED_POINTERS_PERMITTED
	left = htonl(*(uint32_t *)(void *)&block[0]);
	right = htonl(*(uint32_t *)(void *)&block[4]);
#else
	left = ((uint32_t)block[0] << 24)
	    | ((uint32_t)block[1] << 16)
	    | ((uint32_t)block[2] << 8)
	    | (uint32_t)block[3];
	right = ((uint32_t)block[4] << 24)
	    | ((uint32_t)block[5] << 16)
	    | ((uint32_t)block[6] << 8)
	    | (uint32_t)block[7];
#endif	/* UNALIGNED_POINTERS_PERMITTED */
	}

	ROUND(left, right, 17);
	ROUND(left, right, 16);
	ROUND(left, right, 15);
	ROUND(left, right, 14);
	ROUND(left, right, 13);
	ROUND(left, right, 12);
	ROUND(left, right, 11);
	ROUND(left, right, 10);
	ROUND(left, right, 9);
	ROUND(left, right, 8);
	ROUND(left, right, 7);
	ROUND(left, right, 6);
	ROUND(left, right, 5);
	ROUND(left, right, 4);
	ROUND(left, right, 3);
	ROUND(left, right, 2);

	tmp = left;
	left = right;
	right = tmp;
	right ^= P[1];
	left ^= P[0];

#ifdef _BIG_ENDIAN
	if (IS_P2ALIGNED(out_block, sizeof (uint32_t))) {
		/* LINTED:  pointer alignment */
		b32 = (uint32_t *)out_block;
		b32[0] = left;
		b32[1] = right;
	} else
#endif
	{
	/* Put the block back into the user's block with final swap */
#ifdef UNALIGNED_POINTERS_PERMITTED
		*(uint32_t *)(void *)&out_block[0] = htonl(left);
		*(uint32_t *)(void *)&out_block[4] = htonl(right);
#else
		out_block[0] = left >> 24;
		out_block[1] = left >> 16;
		out_block[2] = left >> 8;
		out_block[3] = left;
		out_block[4] = right >> 24;
		out_block[5] = right >> 16;
		out_block[6] = right >> 8;
		out_block[7] = right;
#endif	/* UNALIGNED_POINTERS_PERMITTED */
	}
	return (CRYPTO_SUCCESS);
}

static void
bitrepeat(uint8_t *pattern, uint_t len_bytes, uint_t len_bits, uint8_t *dst,
    uint_t dst_len_bytes)
{
	uint8_t *current = dst;
	uint_t bitsleft = CRYPTO_BYTES2BITS(dst_len_bytes);
	uint_t bitoffset = 0;
	uint_t currentbits;
	int i;

	BLOWFISH_ASSERT(CRYPTO_BITS2BYTES(len_bits) == len_bytes);

	bzero(dst, dst_len_bytes);

	while (bitsleft != 0) {
		if (bitsleft >= len_bits) {
			currentbits = len_bits;

			for (i = 0; i < len_bytes; i++) {
				if (currentbits >= 8) {
					*current++ |= pattern[i] >> bitoffset;
					*current |= pattern[i] << 8 - bitoffset;
					currentbits -= 8;
				} else {
					*current |= pattern[i] >> bitoffset;
					bitoffset = bitoffset + currentbits;
					bitoffset &= 0x7;
					if (bitoffset == 0)
						current++;
				}
			}
			bitsleft -= len_bits;
		} else {
			currentbits = bitsleft;

			for (i = 0; i < len_bytes && bitsleft != 0; i++) {
				if (currentbits >= 8 &&
				    current < dst + dst_len_bytes) {
					*current++ |= pattern[i] >> bitoffset;
					*current |= pattern[i] << 8 - bitoffset;
					currentbits -= 8;
					bitsleft -= 8;
				} else {
					*current |= pattern[i] >> bitoffset;
					bitsleft -= bitoffset;
					bitoffset = bitoffset + currentbits;
					bitoffset &= 0x7;
					if (bitoffset == 0)
						current++;
					currentbits = 0;
				}
			}
			bitsleft = 0;
		}
	}
}

/*
 * Initialize key schedules for Blowfish.
 */
void
blowfish_init_keysched(uint8_t *key, uint_t bits, void *keysched)
{
	keysched_t *newbie = keysched;
	uint32_t *P = newbie->ksch_P;
	uint32_t *S = newbie->ksch_S;
	uint32_t *initp;
	uint32_t tmpblock[] = {0, 0};
	uint8_t *rawkeybytes = (uint8_t *)P;
	int i, slop, copylen;
	uintptr_t bytesleft;
	uint_t len;

	len = CRYPTO_BITS2BYTES(bits);

	if ((bits & 0x7) != 0) {
		/*
		 * Really slow case, bits aren't on a byte boundary.
		 * Keep track of individual bits copied over.  :-P
		 */
		bitrepeat(key, len, bits, rawkeybytes, 72);
	} else {
		slop = 72 % len;

		/* Someone gave us a nice amount (i.e. div by 8) of bits */
		while (rawkeybytes != (uint8_t *)(P + 18)) {
			bytesleft =
			    (uintptr_t)(P + 18) - (uintptr_t)rawkeybytes;
			copylen = (bytesleft >= len) ? len : slop;
			bcopy(key, rawkeybytes, copylen);
			rawkeybytes += copylen;
		}
	}

	for (i = 0; i < 18; i++)
		P[i] = ntohl(P[i]) ^ init_P[i];

	/* Go bcopy go!  (Hope that Ultra's bcopy is faster than me!) */
	bcopy(init_S, S, sizeof (init_S));

	/*
	 * When initializing P and S boxes, store the results of a single
	 * encrypt-block operation in "host order", which on little-endian
	 * means byte-swapping.  Fortunately, the ntohl() function does this
	 * quite nicely, and it a NOP on big-endian machine.
	 */
	initp = P;
	for (i = 0; i < 9; i++) {
		(void) blowfish_encrypt_block(newbie, (uint8_t *)tmpblock,
		    (uint8_t *)tmpblock);
		*initp++ = ntohl(tmpblock[0]);
		*initp++ = ntohl(tmpblock[1]);
	}

	initp = S;
	for (i = 0; i < 512; i++) {
		(void) blowfish_encrypt_block(newbie, (uint8_t *)tmpblock,
		    (uint8_t *)tmpblock);
		*initp++ = ntohl(tmpblock[0]);
		*initp++ = ntohl(tmpblock[1]);
	}
}

/*
 * Allocate key schedule for Blowfish.
 */
/* ARGSUSED */
void *
blowfish_alloc_keysched(size_t *size, int kmflag)
{
	keysched_t *keysched;

#ifdef _KERNEL
	keysched = (keysched_t *)kmem_alloc(sizeof (keysched_t), kmflag);
#else
	keysched = (keysched_t *)malloc(sizeof (keysched_t));
#endif /* _KERNEL */
	if (keysched != NULL) {
		*size = sizeof (keysched_t);
		return (keysched);
	}

	return (NULL);
}

void
blowfish_copy_block(uint8_t *in, uint8_t *out)
{
	if (IS_P2ALIGNED(in, sizeof (uint32_t)) &&
	    IS_P2ALIGNED(out, sizeof (uint32_t))) {
		/* LINTED: pointer alignment */
		*(uint32_t *)&out[0] = *(uint32_t *)&in[0];
		/* LINTED: pointer alignment */
		*(uint32_t *)&out[4] = *(uint32_t *)&in[4];
	} else {
		BLOWFISH_COPY_BLOCK(in, out);
	}
}

/* XOR block of data into dest */
void
blowfish_xor_block(uint8_t *data, uint8_t *dst)
{
	if (IS_P2ALIGNED(dst, sizeof (uint32_t)) &&
	    IS_P2ALIGNED(data, sizeof (uint32_t))) {
		/* LINTED: pointer alignment */
		*(uint32_t *)&dst[0] ^= *(uint32_t *)&data[0];
		/* LINTED: pointer alignment */
		*(uint32_t *)&dst[4] ^= *(uint32_t *)&data[4];
	} else {
		BLOWFISH_XOR_BLOCK(data, dst);
	}
}

/*
 * Encrypt multiple blocks of data according to mode.
 */
int
blowfish_encrypt_contiguous_blocks(void *ctx, char *data, size_t length,
    crypto_data_t *out)
{
	blowfish_ctx_t *blowfish_ctx = ctx;
	int rv;

	if (blowfish_ctx->bc_flags & CBC_MODE) {
		rv = cbc_encrypt_contiguous_blocks(ctx, data, length, out,
		    BLOWFISH_BLOCK_LEN, blowfish_encrypt_block,
		    blowfish_copy_block, blowfish_xor_block);
	} else {
		rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
		    BLOWFISH_BLOCK_LEN, blowfish_encrypt_block);
	}
	return (rv);
}

/*
 * Decrypt multiple blocks of data according to mode.
 */
int
blowfish_decrypt_contiguous_blocks(void *ctx, char *data, size_t length,
    crypto_data_t *out)
{
	blowfish_ctx_t *blowfish_ctx = ctx;
	int rv;

	if (blowfish_ctx->bc_flags & CBC_MODE) {
		rv = cbc_decrypt_contiguous_blocks(ctx, data, length, out,
		    BLOWFISH_BLOCK_LEN, blowfish_decrypt_block,
		    blowfish_copy_block, blowfish_xor_block);
	} else {
		rv = ecb_cipher_contiguous_blocks(ctx, data, length, out,
		    BLOWFISH_BLOCK_LEN, blowfish_decrypt_block);
		if (rv == CRYPTO_DATA_LEN_RANGE)
			rv = CRYPTO_ENCRYPTED_DATA_LEN_RANGE;
	}
	return (rv);
}