summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorderaadt <>1995-12-16 12:55:31 +0000
committerderaadt <>1995-12-16 12:55:31 +0000
commit767a35a43c1498fbfe4461e5456c6cd41f08de26 (patch)
treee617d22b73a45255f89c8b85781415b11dd8406a
parent8be58a122b61ab24a5524e848814fe5dd314d243 (diff)
downloadopenbsd-767a35a43c1498fbfe4461e5456c6cd41f08de26.tar.gz
openbsd-767a35a43c1498fbfe4461e5456c6cd41f08de26.tar.bz2
openbsd-767a35a43c1498fbfe4461e5456c6cd41f08de26.zip
non-USA crypto code by davidb@werj.com.au. The source has been split
& copied into two pieces so that use of crypt() pulls in a crypt.o that contains only that one programmer interface -- this permits USA export of binaries that use crypt() for authentication purposes. morecrypt.c contains the other DES programmer interfaces commonly used.
Diffstat
-rw-r--r--src/lib/libc/crypt/Makefile.inc8
-rw-r--r--src/lib/libc/crypt/crypt.3237
-rw-r--r--src/lib/libc/crypt/crypt.c715
-rw-r--r--src/lib/libc/crypt/morecrypt.c338
4 files changed, 1298 insertions, 0 deletions
diff --git a/src/lib/libc/crypt/Makefile.inc b/src/lib/libc/crypt/Makefile.inc
new file mode 100644
index 0000000000..782615f38e
--- /dev/null
+++ b/src/lib/libc/crypt/Makefile.inc
@@ -0,0 +1,8 @@
1# $Id: Makefile.inc,v 1.1 1995-12-16 12:55:27 deraadt Exp $
2
3.PATH: ${.CURDIR}/arch/${MACHINE_ARCH}/crypt ${.CURDIR}/crypt
4
5SRCS+= crypt.c morecrypt.c
6
7MAN+= crypt.3
8MLINKS+=crypt.3 encrypt.3 crypt.3 setkey.3
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
new file mode 100644
index 0000000000..78a54b18a2
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.3
@@ -0,0 +1,237 @@
1.\" FreeSec: libcrypt
2.\"
3.\" Copyright (c) 1994 David Burren
4.\" All rights reserved.
5.\"
6.\" Redistribution and use in source and binary forms, with or without
7.\" modification, are permitted provided that the following conditions
8.\" are met:
9.\" 1. Redistributions of source code must retain the above copyright
10.\" notice, this list of conditions and the following disclaimer.
11.\" 2. Redistributions in binary form must reproduce the above copyright
12.\" notice, this list of conditions and the following disclaimer in the
13.\" documentation and/or other materials provided with the distribution.
14.\" 4. Neither the name of the author nor the names of other contributors
15.\" may be used to endorse or promote products derived from this software
16.\" without specific prior written permission.
17.\"
18.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28.\" SUCH DAMAGE.
29.\"
30.\" $Id: crypt.3,v 1.1 1995/12/16 12:55:29 deraadt Exp $
31.\"
32.\" Manual page, using -mandoc macros
33.\"
34.Dd March 9, 1994
35.Dt CRYPT 3
36.Os "FreeSec 1.0"
37.Sh NAME
38.Nm crypt ,
39.Nm setkey ,
40.Nm encrypt ,
41.Nm des_setkey ,
42.Nm des_cipher ,
43.Nd DES encryption
44.Sh SYNOPSIS
45.Ft char
46.Fn *crypt "const char *key" "const char *setting"
47.Ft int
48.Fn setkey "char *key"
49.Ft int
50.Fn encrypt "char *block" "int flag"
51.Ft int
52.Fn des_setkey "const char *key"
53.Ft int
54.Fn des_cipher "const char *in" "char *out" "long salt" "int count"
55.Sh DESCRIPTION
56The
57.Fn crypt
58function performs password encryption, based on the
59.Tn NBS
60Data Encryption Standard (DES).
61Additional code has been added to deter key search attempts.
62The first argument to
63.Nm crypt
64is a
65.Dv null Ns -terminated
66string, typically a user's typed password.
67The second is in one of two forms:
68if it begins with an underscore (``_'') then an extended format is used
69in interpreting both the the key and the setting, as outlined below.
70.Ss Extended crypt:
71.Pp
72The
73.Ar key
74is divided into groups of 8 characters (the last group is null-padded)
75and the low-order 7 bits of each each character (56 bits per group) are
76used to form the DES key as follows:
77the first group of 56 bits becomes the initial DES key.
78For each additional group, the XOR of the encryption of the current DES
79key with itself and the group bits becomes the next DES key.
80.Pp
81The setting is a 9-character array consisting of an underscore followed
82by 4 bytes of iteration count and 4 bytes of salt.
83These are encoded as printable characters, 6 bits per character,
84least significant character first.
85The values 0 to 63 are encoded as ``./0-9A-Za-z''.
86This allows 24 bits for both
87.Fa count
88and
89.Fa salt .
90.Ss "Traditional" crypt:
91.Pp
92The first 8 bytes of the key are null-padded, and the low-order 7 bits of
93each character is used to form the 56-bit
94.Tn DES
95key.
96.Pp
97The setting is a 2-character array of the ASCII-encoded salt.
98Thus only 12 bits of
99.Fa salt
100are used.
101.Fa count
102is set to 25.
103.Ss Algorithm:
104.Pp
105The
106.Fa salt
107introduces disorder in the
108.Tn DES
109algorithm in one of 16777216 or 4096 possible ways
110(ie. with 24 or 12 bits: if bit
111.Em i
112of the
113.Ar salt
114is set, then bits
115.Em i
116and
117.Em i+24
118are swapped in the
119.Tn DES
120E-box output).
121.Pp
122The DES key is used to encrypt a 64-bit constant using
123.Ar count
124iterations of
125.Tn DES .
126The value returned is a
127.Dv null Ns -terminated
128string, 20 or 13 bytes (plus null) in length, consisting of the
129.Ar setting
130followed by the encoded 64-bit encryption.
131.Pp
132The functions,
133.Fn encrypt ,
134.Fn setkey ,
135.Fn des_setkey
136and
137.Fn des_cipher
138provide access to the
139.Tn DES
140algorithm itself.
141.Fn setkey
142is passed a 64-byte array of binary values (numeric 0 or 1).
143A 56-bit key is extracted from this array by dividing the
144array into groups of 8, and ignoring the last bit in each group.
145That bit is reserved for a byte parity check by DES, but is ignored
146by these functions.
147.Pp
148The
149.Fa block
150argument to
151.Fn encrypt
152is also a 64-byte array of binary values.
153If the value of
154.Fa flag
155is 0,
156.Fa block
157is encrypted otherwise it is decrypted.
158The result is returned in the original array
159.Fa block
160after using the key specified by
161.Fn setkey
162to process it.
163.Pp
164The argument to
165.Fn des_setkey
166is a character array of length 8.
167The least significant bit (the parity bit) in each character is ignored,
168and the remaining bits are concatenated to form a 56-bit key.
169The function
170.Fn des_cipher
171encrypts (or decrypts if
172.Fa count
173is negative) the 64-bits stored in the 8 characters at
174.Fa in
175using
176.Xr abs 3
177of
178.Fa count
179iterations of
180.Tn DES
181and stores the 64-bit result in the 8 characters at
182.Fa out
183(which may be the same as
184.Fa in
185).
186The
187.Fa salt
188specifies perturbations to the
189.Tn DES
190E-box output as described above.
191.Pp
192The function
193.Fn crypt
194returns a pointer to the encrypted value on success, and NULL on failure.
195The functions
196.Fn setkey ,
197.Fn encrypt ,
198.Fn des_setkey ,
199and
200.Fn des_cipher
201return 0 on success and 1 on failure.
202.Pp
203The
204.Fn crypt ,
205.Fn setkey
206and
207.Fn des_setkey
208functions all manipulate the same key space.
209.Sh SEE ALSO
210.Xr login 1 ,
211.Xr passwd 1 ,
212.Xr getpass 3 ,
213.Xr passwd 5
214.Sh BUGS
215The
216.Fn crypt
217function returns a pointer to static data, and subsequent calls to
218.Fn crypt
219will modify the same object.
220.Sh HISTORY
221A rotor-based
222.Fn crypt
223function appeared in
224.At v6 .
225The current style
226.Fn crypt
227first appeared in
228.At v7 .
229.Pp
230This library (FreeSec 1.0) was developed outside the United States of America
231as an unencumbered replacement for the U.S.-only libcrypt encryption
232library.
233Programs linked against the crypt() interface may be exported from the U.S.A.
234only if they use crypt() solely for authentication purposes and avoid use of
235the other programmer interfaces listed above.
236.Sh AUTHOR
237David Burren <davidb@werj.com.au>
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
new file mode 100644
index 0000000000..28add7f9e2
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,715 @@
1/* $Id: crypt.c,v 1.1 1995/12/16 12:55:30 deraadt Exp $ */
2
3/*
4 * FreeSec: libcrypt
5 *
6 * Copyright (c) 1994 David Burren
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 4. Neither the name of the author nor the names of other contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *
34 * This is an original implementation of the DES and the crypt(3) interfaces
35 * by David Burren <davidb@werj.com.au>.
36 *
37 * An excellent reference on the underlying algorithm (and related
38 * algorithms) is:
39 *
40 * B. Schneier, Applied Cryptography: protocols, algorithms,
41 * and source code in C, John Wiley & Sons, 1994.
42 *
43 * Note that in that book's description of DES the lookups for the initial,
44 * pbox, and final permutations are inverted (this has been brought to the
45 * attention of the author). A list of errata for this book has been
46 * posted to the sci.crypt newsgroup by the author and is available for FTP.
47 *
48 * ARCHITECTURE ASSUMPTIONS:
49 * This code assumes that u_longs are 32 bits. It will probably not
50 * operate on 64-bit machines without modifications.
51 * It is assumed that the 8-byte arrays passed by reference can be
52 * addressed as arrays of u_longs (ie. the CPU is not picky about
53 * alignment).
54 *
55 * NOTE:
56 * This file has a static version of des_setkey() so that crypt.o exports
57 * only the crypt() interface. This is required to make binaries linked
58 * against crypt.o exportable or re-exportable from the USA.
59 */
60#include <sys/types.h>
61#include <sys/param.h>
62#include <pwd.h>
63
64#ifdef DEBUG
65# include <stdio.h>
66#endif
67
68static u_char IP[64] = {
69 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
70 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
71 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
72 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
73};
74
75static u_char inv_key_perm[64];
76static u_char u_key_perm[56];
77static u_char key_perm[56] = {
78 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
79 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
80 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
81 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
82};
83
84static u_char key_shifts[16] = {
85 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
86};
87
88static u_char inv_comp_perm[56];
89static u_char comp_perm[48] = {
90 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
91 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
92 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
93 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
94};
95
96/*
97 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
98 */
99
100static u_char u_sbox[8][64];
101static u_char sbox[8][64] = {
102 {
103 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
104 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
105 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
106 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
107 },
108 {
109 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
110 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
111 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
112 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
113 },
114 {
115 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
116 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
117 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
118 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
119 },
120 {
121 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
122 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
123 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
124 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
125 },
126 {
127 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
128 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
129 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
130 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
131 },
132 {
133 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
134 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
135 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
136 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
137 },
138 {
139 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
140 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
141 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
142 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
143 },
144 {
145 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
146 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
147 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
148 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
149 }
150};
151
152static u_char un_pbox[32];
153static u_char pbox[32] = {
154 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
155 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
156};
157
158static u_int32_t bits32[32] =
159{
160 0x80000000, 0x40000000, 0x20000000, 0x10000000,
161 0x08000000, 0x04000000, 0x02000000, 0x01000000,
162 0x00800000, 0x00400000, 0x00200000, 0x00100000,
163 0x00080000, 0x00040000, 0x00020000, 0x00010000,
164 0x00008000, 0x00004000, 0x00002000, 0x00001000,
165 0x00000800, 0x00000400, 0x00000200, 0x00000100,
166 0x00000080, 0x00000040, 0x00000020, 0x00000010,
167 0x00000008, 0x00000004, 0x00000002, 0x00000001
168};
169
170static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
171
172static u_int32_t saltbits;
173static int32_t old_salt;
174static u_int32_t *bits28, *bits24;
175static u_char init_perm[64], final_perm[64];
176static u_int32_t en_keysl[16], en_keysr[16];
177static u_int32_t de_keysl[16], de_keysr[16];
178static int des_initialised = 0;
179static u_char m_sbox[4][4096];
180static u_int32_t psbox[4][256];
181static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
182static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
183static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
184static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
185static u_int32_t old_rawkey0, old_rawkey1;
186
187static u_char ascii64[] =
188 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
189/* 0000000000111111111122222222223333333333444444444455555555556666 */
190/* 0123456789012345678901234567890123456789012345678901234567890123 */
191
192static inline int
193ascii_to_bin(ch)
194 char ch;
195{
196 if (ch > 'z')
197 return(0);
198 if (ch >= 'a')
199 return(ch - 'a' + 38);
200 if (ch > 'Z')
201 return(0);
202 if (ch >= 'A')
203 return(ch - 'A' + 12);
204 if (ch > '9')
205 return(0);
206 if (ch >= '.')
207 return(ch - '.');
208 return(0);
209}
210
211static void
212des_init()
213{
214 int i, j, b, k, inbit, obit;
215 u_int32_t *p, *il, *ir, *fl, *fr;
216
217 old_rawkey0 = old_rawkey1 = 0;
218 saltbits = 0;
219 old_salt = 0;
220 bits24 = (bits28 = bits32 + 4) + 4;
221
222 /*
223 * Invert the S-boxes, reordering the input bits.
224 */
225 for (i = 0; i < 8; i++)
226 for (j = 0; j < 64; j++) {
227 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
228 u_sbox[i][j] = sbox[i][b];
229 }
230
231 /*
232 * Convert the inverted S-boxes into 4 arrays of 8 bits.
233 * Each will handle 12 bits of the S-box input.
234 */
235 for (b = 0; b < 4; b++)
236 for (i = 0; i < 64; i++)
237 for (j = 0; j < 64; j++)
238 m_sbox[b][(i << 6) | j] =
239 (u_sbox[(b << 1)][i] << 4) |
240 u_sbox[(b << 1) + 1][j];
241
242 /*
243 * Set up the initial & final permutations into a useful form, and
244 * initialise the inverted key permutation.
245 */
246 for (i = 0; i < 64; i++) {
247 init_perm[final_perm[i] = IP[i] - 1] = i;
248 inv_key_perm[i] = 255;
249 }
250
251 /*
252 * Invert the key permutation and initialise the inverted key
253 * compression permutation.
254 */
255 for (i = 0; i < 56; i++) {
256 u_key_perm[i] = key_perm[i] - 1;
257 inv_key_perm[key_perm[i] - 1] = i;
258 inv_comp_perm[i] = 255;
259 }
260
261 /*
262 * Invert the key compression permutation.
263 */
264 for (i = 0; i < 48; i++) {
265 inv_comp_perm[comp_perm[i] - 1] = i;
266 }
267
268 /*
269 * Set up the OR-mask arrays for the initial and final permutations,
270 * and for the key initial and compression permutations.
271 */
272 for (k = 0; k < 8; k++) {
273 for (i = 0; i < 256; i++) {
274 *(il = &ip_maskl[k][i]) = 0;
275 *(ir = &ip_maskr[k][i]) = 0;
276 *(fl = &fp_maskl[k][i]) = 0;
277 *(fr = &fp_maskr[k][i]) = 0;
278 for (j = 0; j < 8; j++) {
279 inbit = 8 * k + j;
280 if (i & bits8[j]) {
281 if ((obit = init_perm[inbit]) < 32)
282 *il |= bits32[obit];
283 else
284 *ir |= bits32[obit-32];
285 if ((obit = final_perm[inbit]) < 32)
286 *fl |= bits32[obit];
287 else
288 *fr |= bits32[obit - 32];
289 }
290 }
291 }
292 for (i = 0; i < 128; i++) {
293 *(il = &key_perm_maskl[k][i]) = 0;
294 *(ir = &key_perm_maskr[k][i]) = 0;
295 for (j = 0; j < 7; j++) {
296 inbit = 8 * k + j;
297 if (i & bits8[j + 1]) {
298 if ((obit = inv_key_perm[inbit]) == 255)
299 continue;
300 if (obit < 28)
301 *il |= bits28[obit];
302 else
303 *ir |= bits28[obit - 28];
304 }
305 }
306 *(il = &comp_maskl[k][i]) = 0;
307 *(ir = &comp_maskr[k][i]) = 0;
308 for (j = 0; j < 7; j++) {
309 inbit = 7 * k + j;
310 if (i & bits8[j + 1]) {
311 if ((obit=inv_comp_perm[inbit]) == 255)
312 continue;
313 if (obit < 24)
314 *il |= bits24[obit];
315 else
316 *ir |= bits24[obit - 24];
317 }
318 }
319 }
320 }
321
322 /*
323 * Invert the P-box permutation, and convert into OR-masks for
324 * handling the output of the S-box arrays setup above.
325 */
326 for (i = 0; i < 32; i++)
327 un_pbox[pbox[i] - 1] = i;
328
329 for (b = 0; b < 4; b++)
330 for (i = 0; i < 256; i++) {
331 *(p = &psbox[b][i]) = 0;
332 for (j = 0; j < 8; j++) {
333 if (i & bits8[j])
334 *p |= bits32[un_pbox[8 * b + j]];
335 }
336 }
337
338 des_initialised = 1;
339}
340
341static void
342setup_salt(salt)
343 int32_t salt;
344{
345 u_int32_t obit, saltbit;
346 int i;
347
348 if (salt == old_salt)
349 return;
350 old_salt = salt;
351
352 saltbits = 0;
353 saltbit = 1;
354 obit = 0x800000;
355 for (i = 0; i < 24; i++) {
356 if (salt & saltbit)
357 saltbits |= obit;
358 saltbit <<= 1;
359 obit >>= 1;
360 }
361}
362
363static int
364des_setkey(key)
365 const char *key;
366{
367 u_int32_t k0, k1, rawkey0, rawkey1;
368 int shifts, i, b, round;
369
370 if (!des_initialised)
371 des_init();
372
373 rawkey0 = ntohl(*(u_int32_t *) key);
374 rawkey1 = ntohl(*(u_int32_t *) (key + 4));
375
376 if ((rawkey0 | rawkey1)
377 && rawkey0 == old_rawkey0
378 && rawkey1 == old_rawkey1) {
379 /*
380 * Already setup for this key.
381 * This optimisation fails on a zero key (which is weak and
382 * has bad parity anyway) in order to simplify the starting
383 * conditions.
384 */
385 return(0);
386 }
387 old_rawkey0 = rawkey0;
388 old_rawkey1 = rawkey1;
389
390 /*
391 * Do key permutation and split into two 28-bit subkeys.
392 */
393 k0 = key_perm_maskl[0][rawkey0 >> 25]
394 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
395 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
396 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
397 | key_perm_maskl[4][rawkey1 >> 25]
398 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
399 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
400 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
401 k1 = key_perm_maskr[0][rawkey0 >> 25]
402 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
403 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
404 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
405 | key_perm_maskr[4][rawkey1 >> 25]
406 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
407 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
408 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
409 /*
410 * Rotate subkeys and do compression permutation.
411 */
412 shifts = 0;
413 for (round = 0; round < 16; round++) {
414 u_int32_t t0, t1;
415 int bit;
416
417 shifts += key_shifts[round];
418
419 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
420 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
421
422 de_keysl[15 - round] =
423 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
424 | comp_maskl[1][(t0 >> 14) & 0x7f]
425 | comp_maskl[2][(t0 >> 7) & 0x7f]
426 | comp_maskl[3][t0 & 0x7f]
427 | comp_maskl[4][(t1 >> 21) & 0x7f]
428 | comp_maskl[5][(t1 >> 14) & 0x7f]
429 | comp_maskl[6][(t1 >> 7) & 0x7f]
430 | comp_maskl[7][t1 & 0x7f];
431
432 de_keysr[15 - round] =
433 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
434 | comp_maskr[1][(t0 >> 14) & 0x7f]
435 | comp_maskr[2][(t0 >> 7) & 0x7f]
436 | comp_maskr[3][t0 & 0x7f]
437 | comp_maskr[4][(t1 >> 21) & 0x7f]
438 | comp_maskr[5][(t1 >> 14) & 0x7f]
439 | comp_maskr[6][(t1 >> 7) & 0x7f]
440 | comp_maskr[7][t1 & 0x7f];
441 }
442 return(0);
443}
444
445static int
446do_des(l_in, r_in, l_out, r_out, count)
447 u_int32_t l_in, r_in, *l_out, *r_out;
448 int count;
449{
450 /*
451 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
452 */
453 u_int32_t mask, rawl, rawr, l, r, *kl, *kr, *kl1, *kr1;
454 u_int32_t f, r48l, r48r;
455 int i, j, b, round;
456
457 if (count == 0) {
458 return(1);
459 } else if (count > 0) {
460 /*
461 * Encrypting
462 */
463 kl1 = en_keysl;
464 kr1 = en_keysr;
465 } else {
466 /*
467 * Decrypting
468 */
469 count = -count;
470 kl1 = de_keysl;
471 kr1 = de_keysr;
472 }
473
474 /*
475 * Do initial permutation (IP).
476 */
477 l = ip_maskl[0][l_in >> 24]
478 | ip_maskl[1][(l_in >> 16) & 0xff]
479 | ip_maskl[2][(l_in >> 8) & 0xff]
480 | ip_maskl[3][l_in & 0xff]
481 | ip_maskl[4][r_in >> 24]
482 | ip_maskl[5][(r_in >> 16) & 0xff]
483 | ip_maskl[6][(r_in >> 8) & 0xff]
484 | ip_maskl[7][r_in & 0xff];
485 r = ip_maskr[0][l_in >> 24]
486 | ip_maskr[1][(l_in >> 16) & 0xff]
487 | ip_maskr[2][(l_in >> 8) & 0xff]
488 | ip_maskr[3][l_in & 0xff]
489 | ip_maskr[4][r_in >> 24]
490 | ip_maskr[5][(r_in >> 16) & 0xff]
491 | ip_maskr[6][(r_in >> 8) & 0xff]
492 | ip_maskr[7][r_in & 0xff];
493
494 while (count--) {
495 /*
496 * Do each round.
497 */
498 kl = kl1;
499 kr = kr1;
500 round = 16;
501 while (round--) {
502 /*
503 * Expand R to 48 bits (simulate the E-box).
504 */
505 r48l = ((r & 0x00000001) << 23)
506 | ((r & 0xf8000000) >> 9)
507 | ((r & 0x1f800000) >> 11)
508 | ((r & 0x01f80000) >> 13)
509 | ((r & 0x001f8000) >> 15);
510
511 r48r = ((r & 0x0001f800) << 7)
512 | ((r & 0x00001f80) << 5)
513 | ((r & 0x000001f8) << 3)
514 | ((r & 0x0000001f) << 1)
515 | ((r & 0x80000000) >> 31);
516 /*
517 * Do salting for crypt() and friends, and
518 * XOR with the permuted key.
519 */
520 f = (r48l ^ r48r) & saltbits;
521 r48l ^= f ^ *kl++;
522 r48r ^= f ^ *kr++;
523 /*
524 * Do sbox lookups (which shrink it back to 32 bits)
525 * and do the pbox permutation at the same time.
526 */
527 f = psbox[0][m_sbox[0][r48l >> 12]]
528 | psbox[1][m_sbox[1][r48l & 0xfff]]
529 | psbox[2][m_sbox[2][r48r >> 12]]
530 | psbox[3][m_sbox[3][r48r & 0xfff]];
531 /*
532 * Now that we've permuted things, complete f().
533 */
534 f ^= l;
535 l = r;
536 r = f;
537 }
538 r = l;
539 l = f;
540 }
541 /*
542 * Do final permutation (inverse of IP).
543 */
544 *l_out = fp_maskl[0][l >> 24]
545 | fp_maskl[1][(l >> 16) & 0xff]
546 | fp_maskl[2][(l >> 8) & 0xff]
547 | fp_maskl[3][l & 0xff]
548 | fp_maskl[4][r >> 24]
549 | fp_maskl[5][(r >> 16) & 0xff]
550 | fp_maskl[6][(r >> 8) & 0xff]
551 | fp_maskl[7][r & 0xff];
552 *r_out = fp_maskr[0][l >> 24]
553 | fp_maskr[1][(l >> 16) & 0xff]
554 | fp_maskr[2][(l >> 8) & 0xff]
555 | fp_maskr[3][l & 0xff]
556 | fp_maskr[4][r >> 24]
557 | fp_maskr[5][(r >> 16) & 0xff]
558 | fp_maskr[6][(r >> 8) & 0xff]
559 | fp_maskr[7][r & 0xff];
560 return(0);
561}
562
563static int
564des_cipher(in, out, salt, count)
565 const char *in;
566 char *out;
567 int32_t salt;
568 int count;
569{
570 u_int32_t l_out, r_out, rawl, rawr;
571 u_int32_t x[2];
572 int retval;
573
574 if (!des_initialised)
575 des_init();
576
577 setup_salt(salt);
578
579#if 0
580 rawl = ntohl(*((u_int32_t *) in)++);
581 rawr = ntohl(*((u_int32_t *) in));
582#else
583 memcpy(x, in, sizeof x);
584 rawl = ntohl(x[0]);
585 rawr = ntohl(x[1]);
586#endif
587 retval = do_des(rawl, rawr, &l_out, &r_out, count);
588
589#if 0
590 *((u_int32_t *) out)++ = htonl(l_out);
591 *((u_int32_t *) out) = htonl(r_out);
592#else
593 x[0] = htonl(l_out);
594 x[1] = htonl(r_out);
595 memcpy(out, x, sizeof x);
596#endif
597 return(retval);
598}
599
600char *
601crypt(key, setting)
602 char *key;
603 char *setting;
604{
605 int i;
606 u_int32_t count, salt, l, r0, r1, keybuf[2];
607 u_char *p, *q;
608 static u_char output[21];
609
610 if (!des_initialised)
611 des_init();
612
613
614 /*
615 * Copy the key, shifting each character up by one bit
616 * and padding with zeros.
617 */
618 q = (u_char *) keybuf;
619 while (q - (u_char *) keybuf - 8) {
620 if (*q++ = *key << 1)
621 key++;
622 }
623 if (des_setkey((u_char *) keybuf))
624 return(NULL);
625
626 if (*setting == _PASSWORD_EFMT1) {
627 /*
628 * "new"-style:
629 * setting - underscore, 4 bytes of count, 4 bytes of salt
630 * key - unlimited characters
631 */
632 for (i = 1, count = 0; i < 5; i++)
633 count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
634
635 for (i = 5, salt = 0; i < 9; i++)
636 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
637
638 while (*key) {
639 /*
640 * Encrypt the key with itself.
641 */
642 if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0, 1))
643 return(NULL);
644 /*
645 * And XOR with the next 8 characters of the key.
646 */
647 q = (u_char *) keybuf;
648 while (q - (u_char *) keybuf - 8 && *key)
649 *q++ ^= *key++ << 1;
650
651 if (des_setkey((u_char *) keybuf))
652 return(NULL);
653 }
654 strncpy(output, setting, 9);
655
656 /*
657 * Double check that we weren't given a short setting.
658 * If we were, the above code will probably have created
659 * wierd values for count and salt, but we don't really care.
660 * Just make sure the output string doesn't have an extra
661 * NUL in it.
662 */
663 output[9] = '\0';
664 p = output + strlen(output);
665 } else {
666 /*
667 * "old"-style:
668 * setting - 2 bytes of salt
669 * key - up to 8 characters
670 */
671 count = 25;
672
673 salt = (ascii_to_bin(setting[1]) << 6)
674 | ascii_to_bin(setting[0]);
675
676 output[0] = setting[0];
677 /*
678 * If the encrypted password that the salt was extracted from
679 * is only 1 character long, the salt will be corrupted. We
680 * need to ensure that the output string doesn't have an extra
681 * NUL in it!
682 */
683 output[1] = setting[1] ? setting[1] : output[0];
684
685 p = output + 2;
686 }
687 setup_salt(salt);
688 /*
689 * Do it.
690 */
691 if (do_des(0, 0, &r0, &r1, count))
692 return(NULL);
693 /*
694 * Now encode the result...
695 */
696 l = (r0 >> 8);
697 *p++ = ascii64[(l >> 18) & 0x3f];
698 *p++ = ascii64[(l >> 12) & 0x3f];
699 *p++ = ascii64[(l >> 6) & 0x3f];
700 *p++ = ascii64[l & 0x3f];
701
702 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
703 *p++ = ascii64[(l >> 18) & 0x3f];
704 *p++ = ascii64[(l >> 12) & 0x3f];
705 *p++ = ascii64[(l >> 6) & 0x3f];
706 *p++ = ascii64[l & 0x3f];
707
708 l = r1 << 2;
709 *p++ = ascii64[(l >> 12) & 0x3f];
710 *p++ = ascii64[(l >> 6) & 0x3f];
711 *p++ = ascii64[l & 0x3f];
712 *p = 0;
713
714 return(output);
715}
diff --git a/src/lib/libc/crypt/morecrypt.c b/src/lib/libc/crypt/morecrypt.c
new file mode 100644
index 0000000000..85ace2ecce
--- /dev/null
+++ b/src/lib/libc/crypt/morecrypt.c
@@ -0,0 +1,338 @@
1/* $Id: morecrypt.c,v 1.1 1995/12/16 12:55:31 deraadt Exp $ */
2
3/*
4 * FreeSec: libcrypt
5 *
6 * Copyright (c) 1994 David Burren
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 4. Neither the name of the author nor the names of other contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *
34 * This is an original implementation of the DES and the crypt(3) interfaces
35 * by David Burren <davidb@werj.com.au>.
36 *
37 * An excellent reference on the underlying algorithm (and related
38 * algorithms) is:
39 *
40 * B. Schneier, Applied Cryptography: protocols, algorithms,
41 * and source code in C, John Wiley & Sons, 1994.
42 *
43 * Note that in that book's description of DES the lookups for the initial,
44 * pbox, and final permutations are inverted (this has been brought to the
45 * attention of the author). A list of errata for this book has been
46 * posted to the sci.crypt newsgroup by the author and is available for FTP.
47 *
48 * ARCHITECTURE ASSUMPTIONS:
49 * This code assumes that u_longs are 32 bits. It will probably not
50 * operate on 64-bit machines without modifications.
51 * It is assumed that the 8-byte arrays passed by reference can be
52 * addressed as arrays of u_longs (ie. the CPU is not picky about
53 * alignment).
54 *
55 * NOTE:
56 * This file must copy certain chunks of crypt.c for legal reasons.
57 * crypt.c can only export the interface crypt(), to make binaries
58 * exportable from the USA. Hence, to also have the other crypto interfaces
59 * available we have to copy pieces...
60 */
61#include <sys/types.h>
62#include <sys/param.h>
63#include <pwd.h>
64
65#ifdef DEBUG
66# include <stdio.h>
67#endif
68
69static u_char IP[64] = {
70 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
71 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
72 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
73 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
74};
75
76static u_char inv_key_perm[64];
77static u_char u_key_perm[56];
78static u_char key_perm[56] = {
79 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
80 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
81 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
82 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
83};
84
85static u_char key_shifts[16] = {
86 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
87};
88
89static u_char inv_comp_perm[56];
90static u_char comp_perm[48] = {
91 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
92 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
93 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
94 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
95};
96
97/*
98 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
99 */
100
101static u_char u_sbox[8][64];
102static u_char sbox[8][64] = {
103 {
104 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
105 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
106 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
107 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
108 },
109 {
110 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
111 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
112 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
113 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
114 },
115 {
116 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
117 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
118 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
119 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
120 },
121 {
122 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
123 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
124 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
125 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
126 },
127 {
128 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
129 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
130 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
131 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
132 },
133 {
134 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
135 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
136 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
137 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
138 },
139 {
140 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
141 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
142 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
143 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
144 },
145 {
146 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
147 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
148 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
149 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
150 }
151};
152
153static u_char un_pbox[32];
154static u_char pbox[32] = {
155 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
156 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
157};
158
159static u_int32_t bits32[32] =
160{
161 0x80000000, 0x40000000, 0x20000000, 0x10000000,
162 0x08000000, 0x04000000, 0x02000000, 0x01000000,
163 0x00800000, 0x00400000, 0x00200000, 0x00100000,
164 0x00080000, 0x00040000, 0x00020000, 0x00010000,
165 0x00008000, 0x00004000, 0x00002000, 0x00001000,
166 0x00000800, 0x00000400, 0x00000200, 0x00000100,
167 0x00000080, 0x00000040, 0x00000020, 0x00000010,
168 0x00000008, 0x00000004, 0x00000002, 0x00000001
169};
170
171static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
172
173static u_int32_t saltbits;
174static int32_t old_salt;
175static u_int32_t *bits28, *bits24;
176static u_char init_perm[64], final_perm[64];
177static u_int32_t en_keysl[16], en_keysr[16];
178static u_int32_t de_keysl[16], de_keysr[16];
179static int des_initialised = 0;
180static u_char m_sbox[4][4096];
181static u_int32_t psbox[4][256];
182static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
183static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
184static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
185static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
186static u_int32_t old_rawkey0, old_rawkey1;
187
188static u_char ascii64[] =
189 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
190/* 0000000000111111111122222222223333333333444444444455555555556666 */
191/* 0123456789012345678901234567890123456789012345678901234567890123 */
192
193static inline int
194ascii_to_bin(ch)
195 char ch;
196{
197 if (ch > 'z')
198 return(0);
199 if (ch >= 'a')
200 return(ch - 'a' + 38);
201 if (ch > 'Z')
202 return(0);
203 if (ch >= 'A')
204 return(ch - 'A' + 12);
205 if (ch > '9')
206 return(0);
207 if (ch >= '.')
208 return(ch - '.');
209 return(0);
210}
211
212int
213des_setkey(key)
214 const char *key;
215{
216 u_int32_t k0, k1, rawkey0, rawkey1;
217 int shifts, i, b, round;
218
219 if (!des_initialised)
220 des_init();
221
222 rawkey0 = ntohl(*(u_int32_t *) key);
223 rawkey1 = ntohl(*(u_int32_t *) (key + 4));
224
225 if ((rawkey0 | rawkey1)
226 && rawkey0 == old_rawkey0
227 && rawkey1 == old_rawkey1) {
228 /*
229 * Already setup for this key.
230 * This optimisation fails on a zero key (which is weak and
231 * has bad parity anyway) in order to simplify the starting
232 * conditions.
233 */
234 return(0);
235 }
236 old_rawkey0 = rawkey0;
237 old_rawkey1 = rawkey1;
238
239 /*
240 * Do key permutation and split into two 28-bit subkeys.
241 */
242 k0 = key_perm_maskl[0][rawkey0 >> 25]
243 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
244 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
245 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
246 | key_perm_maskl[4][rawkey1 >> 25]
247 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
248 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
249 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
250 k1 = key_perm_maskr[0][rawkey0 >> 25]
251 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
252 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
253 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
254 | key_perm_maskr[4][rawkey1 >> 25]
255 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
256 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
257 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
258 /*
259 * Rotate subkeys and do compression permutation.
260 */
261 shifts = 0;
262 for (round = 0; round < 16; round++) {
263 u_int32_t t0, t1;
264 int bit;
265
266 shifts += key_shifts[round];
267
268 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
269 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
270
271 de_keysl[15 - round] =
272 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
273 | comp_maskl[1][(t0 >> 14) & 0x7f]
274 | comp_maskl[2][(t0 >> 7) & 0x7f]
275 | comp_maskl[3][t0 & 0x7f]
276 | comp_maskl[4][(t1 >> 21) & 0x7f]
277 | comp_maskl[5][(t1 >> 14) & 0x7f]
278 | comp_maskl[6][(t1 >> 7) & 0x7f]
279 | comp_maskl[7][t1 & 0x7f];
280
281 de_keysr[15 - round] =
282 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
283 | comp_maskr[1][(t0 >> 14) & 0x7f]
284 | comp_maskr[2][(t0 >> 7) & 0x7f]
285 | comp_maskr[3][t0 & 0x7f]
286 | comp_maskr[4][(t1 >> 21) & 0x7f]
287 | comp_maskr[5][(t1 >> 14) & 0x7f]
288 | comp_maskr[6][(t1 >> 7) & 0x7f]
289 | comp_maskr[7][t1 & 0x7f];
290 }
291 return(0);
292}
293
294int
295setkey(key)
296 char *key;
297{
298 int i, j;
299 u_int32_t packed_keys[2];
300 u_char *p;
301
302 p = (u_char *) packed_keys;
303
304 for (i = 0; i < 8; i++) {
305 p[i] = 0;
306 for (j = 0; j < 8; j++)
307 if (*key++ & 1)
308 p[i] |= bits8[j];
309 }
310 return(des_setkey(p));
311}
312
313int
314encrypt(block, flag)
315 char *block;
316 int flag;
317{
318 u_int32_t io[2];
319 u_char *p;
320 int i, j, retval;
321
322 if (!des_initialised)
323 des_init();
324
325 setup_salt(0L);
326 p = block;
327 for (i = 0; i < 2; i++) {
328 io[i] = 0L;
329 for (j = 0; j < 32; j++)
330 if (*p++ & 1)
331 io[i] |= bits32[j];
332 }
333 retval = do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
334 for (i = 0; i < 2; i++)
335 for (j = 0; j < 32; j++)
336 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
337 return(retval);
338}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-17 20:22:21 +0000