bludgeon DES support out of crypt. long live the bcrypt.

author: tedu <> 2015-04-06 20:49:41 +0000
committer: tedu <> 2015-04-06 20:49:41 +0000
commit: 5bc886238be15ae40e7b95f920d80bf191b2ae70 (patch)
tree: 170d8b968a1dd9fe1c63ae235ab3fc93e874d5c2 /src/lib/libc/crypt/crypt.c
parent: 624f175c4f67570150d01364c1e08bdbeeb38eb9 (diff)
download: openbsd-5bc886238be15ae40e7b95f920d80bf191b2ae70.tar.gz
openbsd-5bc886238be15ae40e7b95f920d80bf191b2ae70.tar.bz2
openbsd-5bc886238be15ae40e7b95f920d80bf191b2ae70.zip
1 files changed, 1 insertions, 682 deletions
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
index 7d21d4fbc3..c61f360a59 100644
--- a/src/lib/libc/crypt/crypt.c
+++ b/src/lib/libc/crypt/crypt.c
@@ -1,686 +1,10 @@
-/*      $OpenBSD: crypt.c,v 1.26 2015/01/16 16:48:51 deraadt Exp $      */
+/*      $OpenBSD: crypt.c,v 1.27 2015/04/06 20:49:41 tedu Exp $ */
-/*
- * FreeSec: libcrypt
- *
- * Copyright (c) 1994 David Burren
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 4. Neither the name of the author nor the names of other contributors
- *    may be used to endorse or promote products derived from this software
- *    without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- *
- * This is an original implementation of the DES and the crypt(3) interfaces
- * by David Burren <davidb@werj.com.au>.
- *
- * An excellent reference on the underlying algorithm (and related
- * algorithms) is:
- *
- *      B. Schneier, Applied Cryptography: protocols, algorithms,
- *      and source code in C, John Wiley & Sons, 1994.
- *
- * Note that in that book's description of DES the lookups for the initial,
- * pbox, and final permutations are inverted (this has been brought to the
- * attention of the author).  A list of errata for this book has been
- * posted to the sci.crypt newsgroup by the author and is available for FTP.
- */
-#include <sys/types.h>
 #include <pwd.h>
-#include <unistd.h>
-#include <string.h>
-#ifdef DEBUG
-# include <stdio.h>
-#endif
-static const u_char     IP[64] = {
-        58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
-        62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
-        57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
-        61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
-};
-static u_char   inv_key_perm[64];
-static u_char   u_key_perm[56];
-static u_char   const key_perm[56] = {
-        57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
-        10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
-        63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
-        14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
-};
-static const u_char     key_shifts[16] = {
-        1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
-};
-static u_char   inv_comp_perm[56];
-static const u_char     comp_perm[48] = {
-        14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
-        23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
-        41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
-        44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
-};
-/*
- *      No E box is used, as it's replaced by some ANDs, shifts, and ORs.
- */
-static u_char   u_sbox[8][64];
-static const u_char     sbox[8][64] = {
-        {
-                14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
-                 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
-                 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
-                15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
-        },
-        {
-                15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
-                 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
-                 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
-                13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
-        },
-        {
-                10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
-                13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
-                13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
-                 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
-        },
-        {
-                 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
-                13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
-                10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
-                 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
-        },
-        {
-                 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
-                14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
-                 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
-                11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
-        },
-        {
-                12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
-                10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
-                 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
-                 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
-        },
-        {
-                 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
-                13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
-                 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
-                 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
-        },
-        {
-                13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
-                 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
-                 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
-                 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
-        }
-};
-static u_char   un_pbox[32];
-static const u_char     pbox[32] = {
-        16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
-         2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
-};
-const u_int32_t _des_bits32[32] =
-{
-        0x80000000, 0x40000000, 0x20000000, 0x10000000,
-        0x08000000, 0x04000000, 0x02000000, 0x01000000,
-        0x00800000, 0x00400000, 0x00200000, 0x00100000,
-        0x00080000, 0x00040000, 0x00020000, 0x00010000,
-        0x00008000, 0x00004000, 0x00002000, 0x00001000,
-        0x00000800, 0x00000400, 0x00000200, 0x00000100,
-        0x00000080, 0x00000040, 0x00000020, 0x00000010,
-        0x00000008, 0x00000004, 0x00000002, 0x00000001
-};
-static const u_char     _des_bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
-static const u_int32_t *bits28, *bits24;
-static u_char   init_perm[64], final_perm[64];
-static u_int32_t en_keysl[16], en_keysr[16];
-static u_int32_t de_keysl[16], de_keysr[16];
-int     _des_initialised = 0;
-static u_char   m_sbox[4][4096];
-static u_int32_t psbox[4][256];
-static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
-static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
-static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
-static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
-static u_int32_t old_rawkey0, old_rawkey1;
-static u_char   ascii64[] =
-         "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
-/*        0000000000111111111122222222223333333333444444444455555555556666 */
-/*        0123456789012345678901234567890123456789012345678901234567890123 */
-static __inline int
-ascii_to_bin(char ch)
-{
-        if (ch > 'z')
-                return(0);
-        if (ch >= 'a')
-                return(ch - 'a' + 38);
-        if (ch > 'Z')
-                return(0);
-        if (ch >= 'A')
-                return(ch - 'A' + 12);
-        if (ch > '9')
-                return(0);
-        if (ch >= '.')
-                return(ch - '.');
-        return(0);
-}
-static void
-_des_init(void)
-{
-        int     i, j, b, k, inbit, obit;
-        u_int32_t       *p, *il, *ir, *fl, *fr;
-        old_rawkey0 = old_rawkey1 = 0;
-        bits24 = (bits28 = _des_bits32 + 4) + 4;
-        /*
-         * Invert the S-boxes, reordering the input bits.
-         */
-        for (i = 0; i < 8; i++)
-                for (j = 0; j < 64; j++) {
-                        b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
-                        u_sbox[i][j] = sbox[i][b];
-                }
-        /*
-         * Convert the inverted S-boxes into 4 arrays of 8 bits.
-         * Each will handle 12 bits of the S-box input.
-         */
-        for (b = 0; b < 4; b++)
-                for (i = 0; i < 64; i++)
-                        for (j = 0; j < 64; j++)
-                                m_sbox[b][(i << 6) | j] =
-                                        (u_sbox[(b << 1)][i] << 4) |
-                                        u_sbox[(b << 1) + 1][j];
-        /*
-         * Set up the initial & final permutations into a useful form, and
-         * initialise the inverted key permutation.
-         */
-        for (i = 0; i < 64; i++) {
-                init_perm[final_perm[i] = IP[i] - 1] = i;
-                inv_key_perm[i] = 255;
-        }
-        /*
-         * Invert the key permutation and initialise the inverted key
-         * compression permutation.
-         */
-        for (i = 0; i < 56; i++) {
-                u_key_perm[i] = key_perm[i] - 1;
-                inv_key_perm[key_perm[i] - 1] = i;
-                inv_comp_perm[i] = 255;
-        }
-        /*
-         * Invert the key compression permutation.
-         */
-        for (i = 0; i < 48; i++) {
-                inv_comp_perm[comp_perm[i] - 1] = i;
-        }
-        /*
-         * Set up the OR-mask arrays for the initial and final permutations,
-         * and for the key initial and compression permutations.
-         */
-        for (k = 0; k < 8; k++) {
-                for (i = 0; i < 256; i++) {
-                        *(il = &ip_maskl[k][i]) = 0;
-                        *(ir = &ip_maskr[k][i]) = 0;
-                        *(fl = &fp_maskl[k][i]) = 0;
-                        *(fr = &fp_maskr[k][i]) = 0;
-                        for (j = 0; j < 8; j++) {
-                                inbit = 8 * k + j;
-                                if (i & _des_bits8[j]) {
-                                        if ((obit = init_perm[inbit]) < 32)
-                                                *il |= _des_bits32[obit];
-                                        else
-                                                *ir |= _des_bits32[obit-32];
-                                        if ((obit = final_perm[inbit]) < 32)
-                                                *fl |= _des_bits32[obit];
-                                        else
-                                                *fr |= _des_bits32[obit - 32];
-                                }
-                        }
-                }
-                for (i = 0; i < 128; i++) {
-                        *(il = &key_perm_maskl[k][i]) = 0;
-                        *(ir = &key_perm_maskr[k][i]) = 0;
-                        for (j = 0; j < 7; j++) {
-                                inbit = 8 * k + j;
-                                if (i & _des_bits8[j + 1]) {
-                                        if ((obit = inv_key_perm[inbit]) == 255)
-                                                continue;
-                                        if (obit < 28)
-                                                *il |= bits28[obit];
-                                        else
-                                                *ir |= bits28[obit - 28];
-                                }
-                        }
-                        *(il = &comp_maskl[k][i]) = 0;
-                        *(ir = &comp_maskr[k][i]) = 0;
-                        for (j = 0; j < 7; j++) {
-                                inbit = 7 * k + j;
-                                if (i & _des_bits8[j + 1]) {
-                                        if ((obit=inv_comp_perm[inbit]) == 255)
-                                                continue;
-                                        if (obit < 24)
-                                                *il |= bits24[obit];
-                                        else
-                                                *ir |= bits24[obit - 24];
-                                }
-                        }
-                }
-        }
-        /*
-         * Invert the P-box permutation, and convert into OR-masks for
-         * handling the output of the S-box arrays setup above.
-         */
-        for (i = 0; i < 32; i++)
-                un_pbox[pbox[i] - 1] = i;
-        for (b = 0; b < 4; b++)
-                for (i = 0; i < 256; i++) {
-                        *(p = &psbox[b][i]) = 0;
-                        for (j = 0; j < 8; j++) {
-                                if (i & _des_bits8[j])
-                                        *p |= _des_bits32[un_pbox[8 * b + j]];
-                        }
-                }
-        _des_initialised = 1;
-}
-static u_int32_t
-_des_setup_salt(int32_t salt)
-{
-        u_int32_t       obit, saltbit, saltbits;
-        int     i;
-        saltbits = 0;
-        saltbit = 1;
-        obit = 0x800000;
-        for (i = 0; i < 24; i++) {
-                if (salt & saltbit)
-                        saltbits |= obit;
-                saltbit <<= 1;
-                obit >>= 1;
-        }
-        return saltbits;
-}
-static int
-des_setkey(const char *key)
-{
-        u_int32_t k0, k1, rawkey0, rawkey1;
-        int     shifts, round;
-        if (!_des_initialised)
-                _des_init();
-        rawkey0 = ntohl(*(u_int32_t *) key);
-        rawkey1 = ntohl(*(u_int32_t *) (key + 4));
-        if ((rawkey0 | rawkey1)
-            && rawkey0 == old_rawkey0
-            && rawkey1 == old_rawkey1) {
-                /*
-                 * Already setup for this key.
-                 * This optimisation fails on a zero key (which is weak and
-                 * has bad parity anyway) in order to simplify the starting
-                 * conditions.
-                 */
-                return(0);
-        }
-        old_rawkey0 = rawkey0;
-        old_rawkey1 = rawkey1;
-        /*
-         *      Do key permutation and split into two 28-bit subkeys.
-         */
-        k0 = key_perm_maskl[0][rawkey0 >> 25]
-           | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
-           | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
-           | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
-           | key_perm_maskl[4][rawkey1 >> 25]
-           | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
-           | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
-           | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
-        k1 = key_perm_maskr[0][rawkey0 >> 25]
-           | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
-           | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
-           | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
-           | key_perm_maskr[4][rawkey1 >> 25]
-           | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
-           | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
-           | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
-        /*
-         *      Rotate subkeys and do compression permutation.
-         */
-        shifts = 0;
-        for (round = 0; round < 16; round++) {
-                u_int32_t       t0, t1;
-                shifts += key_shifts[round];
-                t0 = (k0 << shifts) | (k0 >> (28 - shifts));
-                t1 = (k1 << shifts) | (k1 >> (28 - shifts));
-                de_keysl[15 - round] =
-                en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
-                                | comp_maskl[1][(t0 >> 14) & 0x7f]
-                                | comp_maskl[2][(t0 >> 7) & 0x7f]
-                                | comp_maskl[3][t0 & 0x7f]
-                                | comp_maskl[4][(t1 >> 21) & 0x7f]
-                                | comp_maskl[5][(t1 >> 14) & 0x7f]
-                                | comp_maskl[6][(t1 >> 7) & 0x7f]
-                                | comp_maskl[7][t1 & 0x7f];
-                de_keysr[15 - round] =
-                en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
-                                | comp_maskr[1][(t0 >> 14) & 0x7f]
-                                | comp_maskr[2][(t0 >> 7) & 0x7f]
-                                | comp_maskr[3][t0 & 0x7f]
-                                | comp_maskr[4][(t1 >> 21) & 0x7f]
-                                | comp_maskr[5][(t1 >> 14) & 0x7f]
-                                | comp_maskr[6][(t1 >> 7) & 0x7f]
-                                | comp_maskr[7][t1 & 0x7f];
-        }
-        return(0);
-}
-static int
-_des_do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out,
-    int count, u_int32_t saltbits)
-{
-        /*
-         *      l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
-         */
-        u_int32_t       l, r, *kl, *kr, *kl1, *kr1;
-        u_int32_t       f, r48l, r48r;
-        int             round;
-        if (count == 0) {
-                return(1);
-        } else if (count > 0) {
-                /*
-                 * Encrypting
-                 */
-                kl1 = en_keysl;
-                kr1 = en_keysr;
-        } else {
-                /*
-                 * Decrypting
-                 */
-                count = -count;
-                kl1 = de_keysl;
-                kr1 = de_keysr;
-        }
-        /*
-         *      Do initial permutation (IP).
-         */
-        l = ip_maskl[0][l_in >> 24]
-          | ip_maskl[1][(l_in >> 16) & 0xff]
-          | ip_maskl[2][(l_in >> 8) & 0xff]
-          | ip_maskl[3][l_in & 0xff]
-          | ip_maskl[4][r_in >> 24]
-          | ip_maskl[5][(r_in >> 16) & 0xff]
-          | ip_maskl[6][(r_in >> 8) & 0xff]
-          | ip_maskl[7][r_in & 0xff];
-        r = ip_maskr[0][l_in >> 24]
-          | ip_maskr[1][(l_in >> 16) & 0xff]
-          | ip_maskr[2][(l_in >> 8) & 0xff]
-          | ip_maskr[3][l_in & 0xff]
-          | ip_maskr[4][r_in >> 24]
-          | ip_maskr[5][(r_in >> 16) & 0xff]
-          | ip_maskr[6][(r_in >> 8) & 0xff]
-          | ip_maskr[7][r_in & 0xff];
-        while (count--) {
-                /*
-                 * Do each round.
-                 */
-                kl = kl1;
-                kr = kr1;
-                round = 16;
-                while (round--) {
-                        /*
-                         * Expand R to 48 bits (simulate the E-box).
-                         */
-                        r48l    = ((r & 0x00000001) << 23)
-                                | ((r & 0xf8000000) >> 9)
-                                | ((r & 0x1f800000) >> 11)
-                                | ((r & 0x01f80000) >> 13)
-                                | ((r & 0x001f8000) >> 15);
-                        r48r    = ((r & 0x0001f800) << 7)
-                                | ((r & 0x00001f80) << 5)
-                                | ((r & 0x000001f8) << 3)
-                                | ((r & 0x0000001f) << 1)
-                                | ((r & 0x80000000) >> 31);
-                        /*
-                         * Do salting for crypt() and friends, and
-                         * XOR with the permuted key.
-                         */
-                        f = (r48l ^ r48r) & saltbits;
-                        r48l ^= f ^ *kl++;
-                        r48r ^= f ^ *kr++;
-                        /*
-                         * Do sbox lookups (which shrink it back to 32 bits)
-                         * and do the pbox permutation at the same time.
-                         */
-                        f = psbox[0][m_sbox[0][r48l >> 12]]
-                          | psbox[1][m_sbox[1][r48l & 0xfff]]
-                          | psbox[2][m_sbox[2][r48r >> 12]]
-                          | psbox[3][m_sbox[3][r48r & 0xfff]];
-                        /*
-                         * Now that we've permuted things, complete f().
-                         */
-                        f ^= l;
-                        l = r;
-                        r = f;
-                }
-                r = l;
-                l = f;
-        }
-        /*
-         * Do final permutation (inverse of IP).
-         */
-        *l_out  = fp_maskl[0][l >> 24]
-                | fp_maskl[1][(l >> 16) & 0xff]
-                | fp_maskl[2][(l >> 8) & 0xff]
-                | fp_maskl[3][l & 0xff]
-                | fp_maskl[4][r >> 24]
-                | fp_maskl[5][(r >> 16) & 0xff]
-                | fp_maskl[6][(r >> 8) & 0xff]
-                | fp_maskl[7][r & 0xff];
-        *r_out  = fp_maskr[0][l >> 24]
-                | fp_maskr[1][(l >> 16) & 0xff]
-                | fp_maskr[2][(l >> 8) & 0xff]
-                | fp_maskr[3][l & 0xff]
-                | fp_maskr[4][r >> 24]
-                | fp_maskr[5][(r >> 16) & 0xff]
-                | fp_maskr[6][(r >> 8) & 0xff]
-                | fp_maskr[7][r & 0xff];
-        return(0);
-}
-static int
-des_cipher(const char *in, char *out, int32_t salt, int count)
-{
-        u_int32_t l_out, r_out, rawl, rawr, saltbits;
-        u_int32_t x[2];
-        int     retval;
-        if (!_des_initialised)
-                _des_init();
-        saltbits = _des_setup_salt(salt);
-        memcpy(x, in, sizeof x);
-        rawl = ntohl(x[0]);
-        rawr = ntohl(x[1]);
-        retval = _des_do_des(rawl, rawr, &l_out, &r_out, count, saltbits);
-        x[0] = htonl(l_out);
-        x[1] = htonl(r_out);
-        memcpy(out, x, sizeof x);
-        return(retval);
-}
-static int
-crypt_hashpass(const char *key, const char *setting, char *output)
-{
-        int             i;
-        u_int32_t       count, salt, l, r0, r1, saltbits, keybuf[2];
-        u_char          *p, *q;
-        if (!_des_initialised)
-                _des_init();
-        /*
-         * Copy the key, shifting each character up by one bit
-         * and padding with zeros.
-         */
-        q = (u_char *) keybuf;
-        while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
-                if ((*q++ = *key << 1))
-                        key++;
-        }
-        if (des_setkey((char *) keybuf))
-                return(-1);
-        if (*setting == _PASSWORD_EFMT1) {
-                /*
-                 * "new"-style:
-                 *      setting - underscore, 4 bytes of count, 4 bytes of salt
-                 *      key - unlimited characters
-                 */
-                for (i = 1, count = 0; i < 5; i++)
-                        count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
-                for (i = 5, salt = 0; i < 9; i++)
-                        salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
-                while (*key) {
-                        /*
-                         * Encrypt the key with itself.
-                         */
-                        if (des_cipher((char *)keybuf, (char *)keybuf, 0, 1))
-                                return(-1);
-                        /*
-                         * And XOR with the next 8 characters of the key.
-                         */
-                        q = (u_char *) keybuf;
-                        while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
-                                        *key)
-                                *q++ ^= *key++ << 1;
-                        if (des_setkey((char *) keybuf))
-                                return(-1);
-                }
-                strlcpy((char *)output, setting, 10);
-                /*
-                 * Double check that we weren't given a short setting.
-                 * If we were, the above code will probably have created
-                 * weird values for count and salt, but we don't really care.
-                 * Just make sure the output string doesn't have an extra
-                 * NUL in it.
-                 */
-                p = output + strlen((const char *)output);
-        } else {
-                /*
-                 * "old"-style:
-                 *      setting - 2 bytes of salt
-                 *      key - up to 8 characters
-                 */
-                count = 25;
-                salt = (ascii_to_bin(setting[1]) << 6)
-                     |  ascii_to_bin(setting[0]);
-                output[0] = setting[0];
-                /*
-                 * If the encrypted password that the salt was extracted from
-                 * is only 1 character long, the salt will be corrupted.  We
-                 * need to ensure that the output string doesn't have an extra
-                 * NUL in it!
-                 */
-                output[1] = setting[1] ? setting[1] : output[0];
-                p = output + 2;
-        }
-        saltbits = _des_setup_salt(salt);
-        /*
-         * Do it.
-         */
-        if (_des_do_des(0, 0, &r0, &r1, count, saltbits))
-                return(-1);
-        /*
-         * Now encode the result...
-         */
-        l = (r0 >> 8);
-        *p++ = ascii64[(l >> 18) & 0x3f];
-        *p++ = ascii64[(l >> 12) & 0x3f];
-        *p++ = ascii64[(l >> 6) & 0x3f];
-        *p++ = ascii64[l & 0x3f];
-        l = (r0 << 16) | ((r1 >> 16) & 0xffff);
-        *p++ = ascii64[(l >> 18) & 0x3f];
-        *p++ = ascii64[(l >> 12) & 0x3f];
-        *p++ = ascii64[(l >> 6) & 0x3f];
-        *p++ = ascii64[l & 0x3f];
-        l = r1 << 2;
-        *p++ = ascii64[(l >> 12) & 0x3f];
-        *p++ = ascii64[(l >> 6) & 0x3f];
-        *p++ = ascii64[l & 0x3f];
-        *p = 0;
-        return(0);
-}
 char *
 crypt(const char *key, const char *setting)
 {
-        static u_char   goutput[21];
-        extern char     *bcrypt(const char *, const char *);
        if (setting[0] == '$') {
                switch (setting[1]) {
                case '2':
@@ -689,9 +13,4 @@ crypt(const char *key, const char *setting)
                        return (NULL);
                }
        }
-        memset(goutput, 0, sizeof(goutput));
-        if (crypt_hashpass(key, setting, goutput) != 0)
-                return (NULL);
-        return goutput;
 }
author	tedu <>	2015-04-06 20:49:41 +0000
committer	tedu <>	2015-04-06 20:49:41 +0000
commit	5bc886238be15ae40e7b95f920d80bf191b2ae70 (patch)
tree	170d8b968a1dd9fe1c63ae235ab3fc93e874d5c2 /src/lib/libc/crypt/crypt.c
parent	624f175c4f67570150d01364c1e08bdbeeb38eb9 (diff)
download	openbsd-5bc886238be15ae40e7b95f920d80bf191b2ae70.tar.gz openbsd-5bc886238be15ae40e7b95f920d80bf191b2ae70.tar.bz2 openbsd-5bc886238be15ae40e7b95f920d80bf191b2ae70.zip

diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c index 7d21d4fbc3..c61f360a59 100644 --- a/src/lib/libc/crypt/crypt.c +++ b/src/lib/libc/crypt/crypt.c
@@ -1,686 +1,10 @@
1	/* $OpenBSD: crypt.c,v 1.26 2015/01/16 16:48:51 deraadt Exp $ */	1	/* $OpenBSD: crypt.c,v 1.27 2015/04/06 20:49:41 tedu Exp $ */
2		2
3	/*
4	* FreeSec: libcrypt
5	*
6	* Copyright (c) 1994 David Burren
7	* All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	* 2. Redistributions in binary form must reproduce the above copyright
15	* notice, this list of conditions and the following disclaimer in the
16	* documentation and/or other materials provided with the distribution.
17	* 4. Neither the name of the author nor the names of other contributors
18	* may be used to endorse or promote products derived from this software
19	* without specific prior written permission.
20	*
21	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	* SUCH DAMAGE.
32	*
33	*
34	* This is an original implementation of the DES and the crypt(3) interfaces
35	* by David Burren <davidb@werj.com.au>.
36	*
37	* An excellent reference on the underlying algorithm (and related
38	* algorithms) is:
39	*
40	* B. Schneier, Applied Cryptography: protocols, algorithms,
41	* and source code in C, John Wiley & Sons, 1994.
42	*
43	* Note that in that book's description of DES the lookups for the initial,
44	* pbox, and final permutations are inverted (this has been brought to the
45	* attention of the author). A list of errata for this book has been
46	* posted to the sci.crypt newsgroup by the author and is available for FTP.
47	*/
48
49	#include <sys/types.h>
50	#include <pwd.h>	3	#include <pwd.h>
51	#include <unistd.h>
52	#include <string.h>
53
54	#ifdef DEBUG
55	# include <stdio.h>
56	#endif
57
58	static const u_char IP[64] = {
59	58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
60	62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
61	57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
62	61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
63	};
64
65	static u_char inv_key_perm[64];
66	static u_char u_key_perm[56];
67	static u_char const key_perm[56] = {
68	57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
69	10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
70	63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
71	14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
72	};
73
74	static const u_char key_shifts[16] = {
75	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
76	};
77
78	static u_char inv_comp_perm[56];
79	static const u_char comp_perm[48] = {
80	14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
81	23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
82	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
83	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
84	};
85
86	/*
87	* No E box is used, as it's replaced by some ANDs, shifts, and ORs.
88	*/
89
90	static u_char u_sbox[8][64];
91	static const u_char sbox[8][64] = {
92	{
93	14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
94	0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
95	4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
96	15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
97	},
98	{
99	15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
100	3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
101	0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
102	13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
103	},
104	{
105	10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
106	13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
107	13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
108	1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
109	},
110	{
111	7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
112	13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
113	10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
114	3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
115	},
116	{
117	2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
118	14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
119	4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
120	11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
121	},
122	{
123	12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
124	10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
125	9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
126	4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
127	},
128	{
129	4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
130	13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
131	1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
132	6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
133	},
134	{
135	13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
136	1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
137	7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
138	2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
139	}
140	};
141
142	static u_char un_pbox[32];
143	static const u_char pbox[32] = {
144	16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
145	2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
146	};
147
148	const u_int32_t _des_bits32[32] =
149	{
150	0x80000000, 0x40000000, 0x20000000, 0x10000000,
151	0x08000000, 0x04000000, 0x02000000, 0x01000000,
152	0x00800000, 0x00400000, 0x00200000, 0x00100000,
153	0x00080000, 0x00040000, 0x00020000, 0x00010000,
154	0x00008000, 0x00004000, 0x00002000, 0x00001000,
155	0x00000800, 0x00000400, 0x00000200, 0x00000100,
156	0x00000080, 0x00000040, 0x00000020, 0x00000010,
157	0x00000008, 0x00000004, 0x00000002, 0x00000001
158	};
159
160	static const u_char _des_bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
161
162	static const u_int32_t bits28, bits24;
163	static u_char init_perm[64], final_perm[64];
164	static u_int32_t en_keysl[16], en_keysr[16];
165	static u_int32_t de_keysl[16], de_keysr[16];
166	int _des_initialised = 0;
167	static u_char m_sbox[4][4096];
168	static u_int32_t psbox[4][256];
169	static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
170	static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
171	static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
172	static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
173	static u_int32_t old_rawkey0, old_rawkey1;
174
175	static u_char ascii64[] =
176	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
177	/* 0000000000111111111122222222223333333333444444444455555555556666 */
178	/* 0123456789012345678901234567890123456789012345678901234567890123 */
179
180	static __inline int
181	ascii_to_bin(char ch)
182	{
183	if (ch > 'z')
184	return(0);
185	if (ch >= 'a')
186	return(ch - 'a' + 38);
187	if (ch > 'Z')
188	return(0);
189	if (ch >= 'A')
190	return(ch - 'A' + 12);
191	if (ch > '9')
192	return(0);
193	if (ch >= '.')
194	return(ch - '.');
195	return(0);
196	}
197
198	static void
199	_des_init(void)
200	{
201	int i, j, b, k, inbit, obit;
202	u_int32_t p, il, ir, fl, *fr;
203
204	old_rawkey0 = old_rawkey1 = 0;
205	bits24 = (bits28 = _des_bits32 + 4) + 4;
206
207	/*
208	* Invert the S-boxes, reordering the input bits.
209	*/
210	for (i = 0; i < 8; i++)
211	for (j = 0; j < 64; j++) {
212	b = (j & 0x20) \| ((j & 1) << 4) \| ((j >> 1) & 0xf);
213	u_sbox[i][j] = sbox[i][b];
214	}
215
216	/*
217	* Convert the inverted S-boxes into 4 arrays of 8 bits.
218	* Each will handle 12 bits of the S-box input.
219	*/
220	for (b = 0; b < 4; b++)
221	for (i = 0; i < 64; i++)
222	for (j = 0; j < 64; j++)
223	m_sbox[b][(i << 6) \| j] =
224	(u_sbox[(b << 1)][i] << 4) \|
225	u_sbox[(b << 1) + 1][j];
226
227	/*
228	* Set up the initial & final permutations into a useful form, and
229	* initialise the inverted key permutation.
230	*/
231	for (i = 0; i < 64; i++) {
232	init_perm[final_perm[i] = IP[i] - 1] = i;
233	inv_key_perm[i] = 255;
234	}
235
236	/*
237	* Invert the key permutation and initialise the inverted key
238	* compression permutation.
239	*/
240	for (i = 0; i < 56; i++) {
241	u_key_perm[i] = key_perm[i] - 1;
242	inv_key_perm[key_perm[i] - 1] = i;
243	inv_comp_perm[i] = 255;
244	}
245
246	/*
247	* Invert the key compression permutation.
248	*/
249	for (i = 0; i < 48; i++) {
250	inv_comp_perm[comp_perm[i] - 1] = i;
251	}
252
253	/*
254	* Set up the OR-mask arrays for the initial and final permutations,
255	* and for the key initial and compression permutations.
256	*/
257	for (k = 0; k < 8; k++) {
258	for (i = 0; i < 256; i++) {
259	*(il = &ip_maskl[k][i]) = 0;
260	*(ir = &ip_maskr[k][i]) = 0;
261	*(fl = &fp_maskl[k][i]) = 0;
262	*(fr = &fp_maskr[k][i]) = 0;
263	for (j = 0; j < 8; j++) {
264	inbit = 8 * k + j;
265	if (i & _des_bits8[j]) {
266	if ((obit = init_perm[inbit]) < 32)
267	*il \|= _des_bits32[obit];
268	else
269	*ir \|= _des_bits32[obit-32];
270	if ((obit = final_perm[inbit]) < 32)
271	*fl \|= _des_bits32[obit];
272	else
273	*fr \|= _des_bits32[obit - 32];
274	}
275	}
276	}
277	for (i = 0; i < 128; i++) {
278	*(il = &key_perm_maskl[k][i]) = 0;
279	*(ir = &key_perm_maskr[k][i]) = 0;
280	for (j = 0; j < 7; j++) {
281	inbit = 8 * k + j;
282	if (i & _des_bits8[j + 1]) {
283	if ((obit = inv_key_perm[inbit]) == 255)
284	continue;
285	if (obit < 28)
286	*il \|= bits28[obit];
287	else
288	*ir \|= bits28[obit - 28];
289	}
290	}
291	*(il = &comp_maskl[k][i]) = 0;
292	*(ir = &comp_maskr[k][i]) = 0;
293	for (j = 0; j < 7; j++) {
294	inbit = 7 * k + j;
295	if (i & _des_bits8[j + 1]) {
296	if ((obit=inv_comp_perm[inbit]) == 255)
297	continue;
298	if (obit < 24)
299	*il \|= bits24[obit];
300	else
301	*ir \|= bits24[obit - 24];
302	}
303	}
304	}
305	}
306
307	/*
308	* Invert the P-box permutation, and convert into OR-masks for
309	* handling the output of the S-box arrays setup above.
310	*/
311	for (i = 0; i < 32; i++)
312	un_pbox[pbox[i] - 1] = i;
313
314	for (b = 0; b < 4; b++)
315	for (i = 0; i < 256; i++) {
316	*(p = &psbox[b][i]) = 0;
317	for (j = 0; j < 8; j++) {
318	if (i & _des_bits8[j])
319	p \|= _des_bits32[un_pbox[8 b + j]];
320	}
321	}
322
323	_des_initialised = 1;
324	}
325
326	static u_int32_t
327	_des_setup_salt(int32_t salt)
328	{
329	u_int32_t obit, saltbit, saltbits;
330	int i;
331
332	saltbits = 0;
333	saltbit = 1;
334	obit = 0x800000;
335	for (i = 0; i < 24; i++) {
336	if (salt & saltbit)
337	saltbits \|= obit;
338	saltbit <<= 1;
339	obit >>= 1;
340	}
341	return saltbits;
342	}
343
344	static int
345	des_setkey(const char *key)
346	{
347	u_int32_t k0, k1, rawkey0, rawkey1;
348	int shifts, round;
349
350	if (!_des_initialised)
351	_des_init();
352
353	rawkey0 = ntohl((u_int32_t ) key);
354	rawkey1 = ntohl((u_int32_t ) (key + 4));
355
356	if ((rawkey0 \| rawkey1)
357	&& rawkey0 == old_rawkey0
358	&& rawkey1 == old_rawkey1) {
359	/*
360	* Already setup for this key.
361	* This optimisation fails on a zero key (which is weak and
362	* has bad parity anyway) in order to simplify the starting
363	* conditions.
364	*/
365	return(0);
366	}
367	old_rawkey0 = rawkey0;
368	old_rawkey1 = rawkey1;
369
370	/*
371	* Do key permutation and split into two 28-bit subkeys.
372	*/
373	k0 = key_perm_maskl[0][rawkey0 >> 25]
374	\| key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
375	\| key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
376	\| key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
377	\| key_perm_maskl[4][rawkey1 >> 25]
378	\| key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
379	\| key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
380	\| key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
381	k1 = key_perm_maskr[0][rawkey0 >> 25]
382	\| key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
383	\| key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
384	\| key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
385	\| key_perm_maskr[4][rawkey1 >> 25]
386	\| key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
387	\| key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
388	\| key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
389	/*
390	* Rotate subkeys and do compression permutation.
391	*/
392	shifts = 0;
393	for (round = 0; round < 16; round++) {
394	u_int32_t t0, t1;
395
396	shifts += key_shifts[round];
397
398	t0 = (k0 << shifts) \| (k0 >> (28 - shifts));
399	t1 = (k1 << shifts) \| (k1 >> (28 - shifts));
400
401	de_keysl[15 - round] =
402	en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
403	\| comp_maskl[1][(t0 >> 14) & 0x7f]
404	\| comp_maskl[2][(t0 >> 7) & 0x7f]
405	\| comp_maskl[3][t0 & 0x7f]
406	\| comp_maskl[4][(t1 >> 21) & 0x7f]
407	\| comp_maskl[5][(t1 >> 14) & 0x7f]
408	\| comp_maskl[6][(t1 >> 7) & 0x7f]
409	\| comp_maskl[7][t1 & 0x7f];
410
411	de_keysr[15 - round] =
412	en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
413	\| comp_maskr[1][(t0 >> 14) & 0x7f]
414	\| comp_maskr[2][(t0 >> 7) & 0x7f]
415	\| comp_maskr[3][t0 & 0x7f]
416	\| comp_maskr[4][(t1 >> 21) & 0x7f]
417	\| comp_maskr[5][(t1 >> 14) & 0x7f]
418	\| comp_maskr[6][(t1 >> 7) & 0x7f]
419	\| comp_maskr[7][t1 & 0x7f];
420	}
421	return(0);
422	}
423
424	static int
425	_des_do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t l_out, u_int32_t r_out,
426	int count, u_int32_t saltbits)
427	{
428	/*
429	* l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
430	*/
431	u_int32_t l, r, kl, kr, kl1, kr1;
432	u_int32_t f, r48l, r48r;
433	int round;
434
435	if (count == 0) {
436	return(1);
437	} else if (count > 0) {
438	/*
439	* Encrypting
440	*/
441	kl1 = en_keysl;
442	kr1 = en_keysr;
443	} else {
444	/*
445	* Decrypting
446	*/
447	count = -count;
448	kl1 = de_keysl;
449	kr1 = de_keysr;
450	}
451
452	/*
453	* Do initial permutation (IP).
454	*/
455	l = ip_maskl[0][l_in >> 24]
456	\| ip_maskl[1][(l_in >> 16) & 0xff]
457	\| ip_maskl[2][(l_in >> 8) & 0xff]
458	\| ip_maskl[3][l_in & 0xff]
459	\| ip_maskl[4][r_in >> 24]
460	\| ip_maskl[5][(r_in >> 16) & 0xff]
461	\| ip_maskl[6][(r_in >> 8) & 0xff]
462	\| ip_maskl[7][r_in & 0xff];
463	r = ip_maskr[0][l_in >> 24]
464	\| ip_maskr[1][(l_in >> 16) & 0xff]
465	\| ip_maskr[2][(l_in >> 8) & 0xff]
466	\| ip_maskr[3][l_in & 0xff]
467	\| ip_maskr[4][r_in >> 24]
468	\| ip_maskr[5][(r_in >> 16) & 0xff]
469	\| ip_maskr[6][(r_in >> 8) & 0xff]
470	\| ip_maskr[7][r_in & 0xff];
471
472	while (count--) {
473	/*
474	* Do each round.
475	*/
476	kl = kl1;
477	kr = kr1;
478	round = 16;
479	while (round--) {
480	/*
481	* Expand R to 48 bits (simulate the E-box).
482	*/
483	r48l = ((r & 0x00000001) << 23)
484	\| ((r & 0xf8000000) >> 9)
485	\| ((r & 0x1f800000) >> 11)
486	\| ((r & 0x01f80000) >> 13)
487	\| ((r & 0x001f8000) >> 15);
488
489	r48r = ((r & 0x0001f800) << 7)
490	\| ((r & 0x00001f80) << 5)
491	\| ((r & 0x000001f8) << 3)
492	\| ((r & 0x0000001f) << 1)
493	\| ((r & 0x80000000) >> 31);
494	/*
495	* Do salting for crypt() and friends, and
496	* XOR with the permuted key.
497	*/
498	f = (r48l ^ r48r) & saltbits;
499	r48l ^= f ^ *kl++;
500	r48r ^= f ^ *kr++;
501	/*
502	* Do sbox lookups (which shrink it back to 32 bits)
503	* and do the pbox permutation at the same time.
504	*/
505	f = psbox[0][m_sbox[0][r48l >> 12]]
506	\| psbox[1][m_sbox[1][r48l & 0xfff]]
507	\| psbox[2][m_sbox[2][r48r >> 12]]
508	\| psbox[3][m_sbox[3][r48r & 0xfff]];
509	/*
510	* Now that we've permuted things, complete f().
511	*/
512	f ^= l;
513	l = r;
514	r = f;
515	}
516	r = l;
517	l = f;
518	}
519	/*
520	* Do final permutation (inverse of IP).
521	*/
522	*l_out = fp_maskl[0][l >> 24]
523	\| fp_maskl[1][(l >> 16) & 0xff]
524	\| fp_maskl[2][(l >> 8) & 0xff]
525	\| fp_maskl[3][l & 0xff]
526	\| fp_maskl[4][r >> 24]
527	\| fp_maskl[5][(r >> 16) & 0xff]
528	\| fp_maskl[6][(r >> 8) & 0xff]
529	\| fp_maskl[7][r & 0xff];
530	*r_out = fp_maskr[0][l >> 24]
531	\| fp_maskr[1][(l >> 16) & 0xff]
532	\| fp_maskr[2][(l >> 8) & 0xff]
533	\| fp_maskr[3][l & 0xff]
534	\| fp_maskr[4][r >> 24]
535	\| fp_maskr[5][(r >> 16) & 0xff]
536	\| fp_maskr[6][(r >> 8) & 0xff]
537	\| fp_maskr[7][r & 0xff];
538	return(0);
539	}
540
541	static int
542	des_cipher(const char in, char out, int32_t salt, int count)
543	{
544	u_int32_t l_out, r_out, rawl, rawr, saltbits;
545	u_int32_t x[2];
546	int retval;
547
548	if (!_des_initialised)
549	_des_init();
550
551	saltbits = _des_setup_salt(salt);
552
553	memcpy(x, in, sizeof x);
554	rawl = ntohl(x[0]);
555	rawr = ntohl(x[1]);
556	retval = _des_do_des(rawl, rawr, &l_out, &r_out, count, saltbits);
557
558	x[0] = htonl(l_out);
559	x[1] = htonl(r_out);
560	memcpy(out, x, sizeof x);
561	return(retval);
562	}
563
564	static int
565	crypt_hashpass(const char key, const char setting, char *output)
566	{
567	int i;
568	u_int32_t count, salt, l, r0, r1, saltbits, keybuf[2];
569	u_char p, q;
570
571	if (!_des_initialised)
572	_des_init();
573
574	/*
575	* Copy the key, shifting each character up by one bit
576	* and padding with zeros.
577	*/
578	q = (u_char *) keybuf;
579	while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
580	if ((q++ = key << 1))
581	key++;
582	}
583	if (des_setkey((char *) keybuf))
584	return(-1);
585
586	if (*setting == _PASSWORD_EFMT1) {
587	/*
588	* "new"-style:
589	* setting - underscore, 4 bytes of count, 4 bytes of salt
590	* key - unlimited characters
591	*/
592	for (i = 1, count = 0; i < 5; i++)
593	count \|= ascii_to_bin(setting[i]) << (i - 1) * 6;
594
595	for (i = 5, salt = 0; i < 9; i++)
596	salt \|= ascii_to_bin(setting[i]) << (i - 5) * 6;
597
598	while (*key) {
599	/*
600	* Encrypt the key with itself.
601	*/
602	if (des_cipher((char )keybuf, (char )keybuf, 0, 1))
603	return(-1);
604	/*
605	* And XOR with the next 8 characters of the key.
606	*/
607	q = (u_char *) keybuf;
608	while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
609	*key)
610	q++ ^= key++ << 1;
611
612	if (des_setkey((char *) keybuf))
613	return(-1);
614	}
615	strlcpy((char *)output, setting, 10);
616
617	/*
618	* Double check that we weren't given a short setting.
619	* If we were, the above code will probably have created
620	* weird values for count and salt, but we don't really care.
621	* Just make sure the output string doesn't have an extra
622	* NUL in it.
623	*/
624	p = output + strlen((const char *)output);
625	} else {
626	/*
627	* "old"-style:
628	* setting - 2 bytes of salt
629	* key - up to 8 characters
630	*/
631	count = 25;
632
633	salt = (ascii_to_bin(setting[1]) << 6)
634	\| ascii_to_bin(setting[0]);
635
636	output[0] = setting[0];
637	/*
638	* If the encrypted password that the salt was extracted from
639	* is only 1 character long, the salt will be corrupted. We
640	* need to ensure that the output string doesn't have an extra
641	* NUL in it!
642	*/
643	output[1] = setting[1] ? setting[1] : output[0];
644
645	p = output + 2;
646	}
647	saltbits = _des_setup_salt(salt);
648
649	/*
650	* Do it.
651	*/
652	if (_des_do_des(0, 0, &r0, &r1, count, saltbits))
653	return(-1);
654	/*
655	* Now encode the result...
656	*/
657	l = (r0 >> 8);
658	*p++ = ascii64[(l >> 18) & 0x3f];
659	*p++ = ascii64[(l >> 12) & 0x3f];
660	*p++ = ascii64[(l >> 6) & 0x3f];
661	*p++ = ascii64[l & 0x3f];
662
663	l = (r0 << 16) \| ((r1 >> 16) & 0xffff);
664	*p++ = ascii64[(l >> 18) & 0x3f];
665	*p++ = ascii64[(l >> 12) & 0x3f];
666	*p++ = ascii64[(l >> 6) & 0x3f];
667	*p++ = ascii64[l & 0x3f];
668
669	l = r1 << 2;
670	*p++ = ascii64[(l >> 12) & 0x3f];
671	*p++ = ascii64[(l >> 6) & 0x3f];
672	*p++ = ascii64[l & 0x3f];
673	*p = 0;
674
675	return(0);
676	}
677		4
678	char *	5	char *
679	crypt(const char key, const char setting)	6	crypt(const char key, const char setting)
680	{	7	{
681	static u_char goutput[21];
682	extern char bcrypt(const char , const char *);
683
684	if (setting[0] == '$') {	8	if (setting[0] == '$') {
685	switch (setting[1]) {	9	switch (setting[1]) {
686	case '2':	10	case '2':
@@ -689,9 +13,4 @@ crypt(const char key, const char setting)
689	return (NULL);	13	return (NULL);
690	}	14	}
691	}	15	}
692
693	memset(goutput, 0, sizeof(goutput));
694	if (crypt_hashpass(key, setting, goutput) != 0)
695	return (NULL);
696	return goutput;
697	}	16	}