summaryrefslogtreecommitdiff
path: root/src/lib/libc/crypt/crypt.c
diff options
context:
space:
mode:
authorderaadt <>1995-12-16 12:55:31 +0000
committerderaadt <>1995-12-16 12:55:31 +0000
commit767a35a43c1498fbfe4461e5456c6cd41f08de26 (patch)
treee617d22b73a45255f89c8b85781415b11dd8406a /src/lib/libc/crypt/crypt.c
parent8be58a122b61ab24a5524e848814fe5dd314d243 (diff)
downloadopenbsd-767a35a43c1498fbfe4461e5456c6cd41f08de26.tar.gz
openbsd-767a35a43c1498fbfe4461e5456c6cd41f08de26.tar.bz2
openbsd-767a35a43c1498fbfe4461e5456c6cd41f08de26.zip
non-USA crypto code by davidb@werj.com.au. The source has been split
& copied into two pieces so that use of crypt() pulls in a crypt.o that contains only that one programmer interface -- this permits USA export of binaries that use crypt() for authentication purposes. morecrypt.c contains the other DES programmer interfaces commonly used.
Diffstat (limited to 'src/lib/libc/crypt/crypt.c')
-rw-r--r--src/lib/libc/crypt/crypt.c715
1 files changed, 715 insertions, 0 deletions
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
new file mode 100644
index 0000000000..28add7f9e2
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,715 @@
1/* $Id: crypt.c,v 1.1 1995/12/16 12:55:30 deraadt Exp $ */
2
3/*
4 * FreeSec: libcrypt
5 *
6 * Copyright (c) 1994 David Burren
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 4. Neither the name of the author nor the names of other contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *
34 * This is an original implementation of the DES and the crypt(3) interfaces
35 * by David Burren <davidb@werj.com.au>.
36 *
37 * An excellent reference on the underlying algorithm (and related
38 * algorithms) is:
39 *
40 * B. Schneier, Applied Cryptography: protocols, algorithms,
41 * and source code in C, John Wiley & Sons, 1994.
42 *
43 * Note that in that book's description of DES the lookups for the initial,
44 * pbox, and final permutations are inverted (this has been brought to the
45 * attention of the author). A list of errata for this book has been
46 * posted to the sci.crypt newsgroup by the author and is available for FTP.
47 *
48 * ARCHITECTURE ASSUMPTIONS:
49 * This code assumes that u_longs are 32 bits. It will probably not
50 * operate on 64-bit machines without modifications.
51 * It is assumed that the 8-byte arrays passed by reference can be
52 * addressed as arrays of u_longs (ie. the CPU is not picky about
53 * alignment).
54 *
55 * NOTE:
56 * This file has a static version of des_setkey() so that crypt.o exports
57 * only the crypt() interface. This is required to make binaries linked
58 * against crypt.o exportable or re-exportable from the USA.
59 */
60#include <sys/types.h>
61#include <sys/param.h>
62#include <pwd.h>
63
64#ifdef DEBUG
65# include <stdio.h>
66#endif
67
68static u_char IP[64] = {
69 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
70 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
71 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
72 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
73};
74
75static u_char inv_key_perm[64];
76static u_char u_key_perm[56];
77static u_char key_perm[56] = {
78 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
79 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
80 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
81 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
82};
83
84static u_char key_shifts[16] = {
85 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
86};
87
88static u_char inv_comp_perm[56];
89static u_char comp_perm[48] = {
90 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
91 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
92 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
93 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
94};
95
96/*
97 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
98 */
99
100static u_char u_sbox[8][64];
101static u_char sbox[8][64] = {
102 {
103 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
104 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
105 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
106 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
107 },
108 {
109 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
110 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
111 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
112 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
113 },
114 {
115 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
116 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
117 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
118 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
119 },
120 {
121 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
122 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
123 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
124 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
125 },
126 {
127 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
128 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
129 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
130 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
131 },
132 {
133 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
134 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
135 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
136 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
137 },
138 {
139 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
140 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
141 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
142 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
143 },
144 {
145 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
146 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
147 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
148 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
149 }
150};
151
152static u_char un_pbox[32];
153static u_char pbox[32] = {
154 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
155 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
156};
157
158static u_int32_t bits32[32] =
159{
160 0x80000000, 0x40000000, 0x20000000, 0x10000000,
161 0x08000000, 0x04000000, 0x02000000, 0x01000000,
162 0x00800000, 0x00400000, 0x00200000, 0x00100000,
163 0x00080000, 0x00040000, 0x00020000, 0x00010000,
164 0x00008000, 0x00004000, 0x00002000, 0x00001000,
165 0x00000800, 0x00000400, 0x00000200, 0x00000100,
166 0x00000080, 0x00000040, 0x00000020, 0x00000010,
167 0x00000008, 0x00000004, 0x00000002, 0x00000001
168};
169
170static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
171
172static u_int32_t saltbits;
173static int32_t old_salt;
174static u_int32_t *bits28, *bits24;
175static u_char init_perm[64], final_perm[64];
176static u_int32_t en_keysl[16], en_keysr[16];
177static u_int32_t de_keysl[16], de_keysr[16];
178static int des_initialised = 0;
179static u_char m_sbox[4][4096];
180static u_int32_t psbox[4][256];
181static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
182static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
183static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
184static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
185static u_int32_t old_rawkey0, old_rawkey1;
186
187static u_char ascii64[] =
188 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
189/* 0000000000111111111122222222223333333333444444444455555555556666 */
190/* 0123456789012345678901234567890123456789012345678901234567890123 */
191
192static inline int
193ascii_to_bin(ch)
194 char ch;
195{
196 if (ch > 'z')
197 return(0);
198 if (ch >= 'a')
199 return(ch - 'a' + 38);
200 if (ch > 'Z')
201 return(0);
202 if (ch >= 'A')
203 return(ch - 'A' + 12);
204 if (ch > '9')
205 return(0);
206 if (ch >= '.')
207 return(ch - '.');
208 return(0);
209}
210
211static void
212des_init()
213{
214 int i, j, b, k, inbit, obit;
215 u_int32_t *p, *il, *ir, *fl, *fr;
216
217 old_rawkey0 = old_rawkey1 = 0;
218 saltbits = 0;
219 old_salt = 0;
220 bits24 = (bits28 = bits32 + 4) + 4;
221
222 /*
223 * Invert the S-boxes, reordering the input bits.
224 */
225 for (i = 0; i < 8; i++)
226 for (j = 0; j < 64; j++) {
227 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
228 u_sbox[i][j] = sbox[i][b];
229 }
230
231 /*
232 * Convert the inverted S-boxes into 4 arrays of 8 bits.
233 * Each will handle 12 bits of the S-box input.
234 */
235 for (b = 0; b < 4; b++)
236 for (i = 0; i < 64; i++)
237 for (j = 0; j < 64; j++)
238 m_sbox[b][(i << 6) | j] =
239 (u_sbox[(b << 1)][i] << 4) |
240 u_sbox[(b << 1) + 1][j];
241
242 /*
243 * Set up the initial & final permutations into a useful form, and
244 * initialise the inverted key permutation.
245 */
246 for (i = 0; i < 64; i++) {
247 init_perm[final_perm[i] = IP[i] - 1] = i;
248 inv_key_perm[i] = 255;
249 }
250
251 /*
252 * Invert the key permutation and initialise the inverted key
253 * compression permutation.
254 */
255 for (i = 0; i < 56; i++) {
256 u_key_perm[i] = key_perm[i] - 1;
257 inv_key_perm[key_perm[i] - 1] = i;
258 inv_comp_perm[i] = 255;
259 }
260
261 /*
262 * Invert the key compression permutation.
263 */
264 for (i = 0; i < 48; i++) {
265 inv_comp_perm[comp_perm[i] - 1] = i;
266 }
267
268 /*
269 * Set up the OR-mask arrays for the initial and final permutations,
270 * and for the key initial and compression permutations.
271 */
272 for (k = 0; k < 8; k++) {
273 for (i = 0; i < 256; i++) {
274 *(il = &ip_maskl[k][i]) = 0;
275 *(ir = &ip_maskr[k][i]) = 0;
276 *(fl = &fp_maskl[k][i]) = 0;
277 *(fr = &fp_maskr[k][i]) = 0;
278 for (j = 0; j < 8; j++) {
279 inbit = 8 * k + j;
280 if (i & bits8[j]) {
281 if ((obit = init_perm[inbit]) < 32)
282 *il |= bits32[obit];
283 else
284 *ir |= bits32[obit-32];
285 if ((obit = final_perm[inbit]) < 32)
286 *fl |= bits32[obit];
287 else
288 *fr |= bits32[obit - 32];
289 }
290 }
291 }
292 for (i = 0; i < 128; i++) {
293 *(il = &key_perm_maskl[k][i]) = 0;
294 *(ir = &key_perm_maskr[k][i]) = 0;
295 for (j = 0; j < 7; j++) {
296 inbit = 8 * k + j;
297 if (i & bits8[j + 1]) {
298 if ((obit = inv_key_perm[inbit]) == 255)
299 continue;
300 if (obit < 28)
301 *il |= bits28[obit];
302 else
303 *ir |= bits28[obit - 28];
304 }
305 }
306 *(il = &comp_maskl[k][i]) = 0;
307 *(ir = &comp_maskr[k][i]) = 0;
308 for (j = 0; j < 7; j++) {
309 inbit = 7 * k + j;
310 if (i & bits8[j + 1]) {
311 if ((obit=inv_comp_perm[inbit]) == 255)
312 continue;
313 if (obit < 24)
314 *il |= bits24[obit];
315 else
316 *ir |= bits24[obit - 24];
317 }
318 }
319 }
320 }
321
322 /*
323 * Invert the P-box permutation, and convert into OR-masks for
324 * handling the output of the S-box arrays setup above.
325 */
326 for (i = 0; i < 32; i++)
327 un_pbox[pbox[i] - 1] = i;
328
329 for (b = 0; b < 4; b++)
330 for (i = 0; i < 256; i++) {
331 *(p = &psbox[b][i]) = 0;
332 for (j = 0; j < 8; j++) {
333 if (i & bits8[j])
334 *p |= bits32[un_pbox[8 * b + j]];
335 }
336 }
337
338 des_initialised = 1;
339}
340
341static void
342setup_salt(salt)
343 int32_t salt;
344{
345 u_int32_t obit, saltbit;
346 int i;
347
348 if (salt == old_salt)
349 return;
350 old_salt = salt;
351
352 saltbits = 0;
353 saltbit = 1;
354 obit = 0x800000;
355 for (i = 0; i < 24; i++) {
356 if (salt & saltbit)
357 saltbits |= obit;
358 saltbit <<= 1;
359 obit >>= 1;
360 }
361}
362
363static int
364des_setkey(key)
365 const char *key;
366{
367 u_int32_t k0, k1, rawkey0, rawkey1;
368 int shifts, i, b, round;
369
370 if (!des_initialised)
371 des_init();
372
373 rawkey0 = ntohl(*(u_int32_t *) key);
374 rawkey1 = ntohl(*(u_int32_t *) (key + 4));
375
376 if ((rawkey0 | rawkey1)
377 && rawkey0 == old_rawkey0
378 && rawkey1 == old_rawkey1) {
379 /*
380 * Already setup for this key.
381 * This optimisation fails on a zero key (which is weak and
382 * has bad parity anyway) in order to simplify the starting
383 * conditions.
384 */
385 return(0);
386 }
387 old_rawkey0 = rawkey0;
388 old_rawkey1 = rawkey1;
389
390 /*
391 * Do key permutation and split into two 28-bit subkeys.
392 */
393 k0 = key_perm_maskl[0][rawkey0 >> 25]
394 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
395 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
396 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
397 | key_perm_maskl[4][rawkey1 >> 25]
398 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
399 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
400 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
401 k1 = key_perm_maskr[0][rawkey0 >> 25]
402 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
403 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
404 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
405 | key_perm_maskr[4][rawkey1 >> 25]
406 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
407 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
408 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
409 /*
410 * Rotate subkeys and do compression permutation.
411 */
412 shifts = 0;
413 for (round = 0; round < 16; round++) {
414 u_int32_t t0, t1;
415 int bit;
416
417 shifts += key_shifts[round];
418
419 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
420 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
421
422 de_keysl[15 - round] =
423 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
424 | comp_maskl[1][(t0 >> 14) & 0x7f]
425 | comp_maskl[2][(t0 >> 7) & 0x7f]
426 | comp_maskl[3][t0 & 0x7f]
427 | comp_maskl[4][(t1 >> 21) & 0x7f]
428 | comp_maskl[5][(t1 >> 14) & 0x7f]
429 | comp_maskl[6][(t1 >> 7) & 0x7f]
430 | comp_maskl[7][t1 & 0x7f];
431
432 de_keysr[15 - round] =
433 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
434 | comp_maskr[1][(t0 >> 14) & 0x7f]
435 | comp_maskr[2][(t0 >> 7) & 0x7f]
436 | comp_maskr[3][t0 & 0x7f]
437 | comp_maskr[4][(t1 >> 21) & 0x7f]
438 | comp_maskr[5][(t1 >> 14) & 0x7f]
439 | comp_maskr[6][(t1 >> 7) & 0x7f]
440 | comp_maskr[7][t1 & 0x7f];
441 }
442 return(0);
443}
444
445static int
446do_des(l_in, r_in, l_out, r_out, count)
447 u_int32_t l_in, r_in, *l_out, *r_out;
448 int count;
449{
450 /*
451 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
452 */
453 u_int32_t mask, rawl, rawr, l, r, *kl, *kr, *kl1, *kr1;
454 u_int32_t f, r48l, r48r;
455 int i, j, b, round;
456
457 if (count == 0) {
458 return(1);
459 } else if (count > 0) {
460 /*
461 * Encrypting
462 */
463 kl1 = en_keysl;
464 kr1 = en_keysr;
465 } else {
466 /*
467 * Decrypting
468 */
469 count = -count;
470 kl1 = de_keysl;
471 kr1 = de_keysr;
472 }
473
474 /*
475 * Do initial permutation (IP).
476 */
477 l = ip_maskl[0][l_in >> 24]
478 | ip_maskl[1][(l_in >> 16) & 0xff]
479 | ip_maskl[2][(l_in >> 8) & 0xff]
480 | ip_maskl[3][l_in & 0xff]
481 | ip_maskl[4][r_in >> 24]
482 | ip_maskl[5][(r_in >> 16) & 0xff]
483 | ip_maskl[6][(r_in >> 8) & 0xff]
484 | ip_maskl[7][r_in & 0xff];
485 r = ip_maskr[0][l_in >> 24]
486 | ip_maskr[1][(l_in >> 16) & 0xff]
487 | ip_maskr[2][(l_in >> 8) & 0xff]
488 | ip_maskr[3][l_in & 0xff]
489 | ip_maskr[4][r_in >> 24]
490 | ip_maskr[5][(r_in >> 16) & 0xff]
491 | ip_maskr[6][(r_in >> 8) & 0xff]
492 | ip_maskr[7][r_in & 0xff];
493
494 while (count--) {
495 /*
496 * Do each round.
497 */
498 kl = kl1;
499 kr = kr1;
500 round = 16;
501 while (round--) {
502 /*
503 * Expand R to 48 bits (simulate the E-box).
504 */
505 r48l = ((r & 0x00000001) << 23)
506 | ((r & 0xf8000000) >> 9)
507 | ((r & 0x1f800000) >> 11)
508 | ((r & 0x01f80000) >> 13)
509 | ((r & 0x001f8000) >> 15);
510
511 r48r = ((r & 0x0001f800) << 7)
512 | ((r & 0x00001f80) << 5)
513 | ((r & 0x000001f8) << 3)
514 | ((r & 0x0000001f) << 1)
515 | ((r & 0x80000000) >> 31);
516 /*
517 * Do salting for crypt() and friends, and
518 * XOR with the permuted key.
519 */
520 f = (r48l ^ r48r) & saltbits;
521 r48l ^= f ^ *kl++;
522 r48r ^= f ^ *kr++;
523 /*
524 * Do sbox lookups (which shrink it back to 32 bits)
525 * and do the pbox permutation at the same time.
526 */
527 f = psbox[0][m_sbox[0][r48l >> 12]]
528 | psbox[1][m_sbox[1][r48l & 0xfff]]
529 | psbox[2][m_sbox[2][r48r >> 12]]
530 | psbox[3][m_sbox[3][r48r & 0xfff]];
531 /*
532 * Now that we've permuted things, complete f().
533 */
534 f ^= l;
535 l = r;
536 r = f;
537 }
538 r = l;
539 l = f;
540 }
541 /*
542 * Do final permutation (inverse of IP).
543 */
544 *l_out = fp_maskl[0][l >> 24]
545 | fp_maskl[1][(l >> 16) & 0xff]
546 | fp_maskl[2][(l >> 8) & 0xff]
547 | fp_maskl[3][l & 0xff]
548 | fp_maskl[4][r >> 24]
549 | fp_maskl[5][(r >> 16) & 0xff]
550 | fp_maskl[6][(r >> 8) & 0xff]
551 | fp_maskl[7][r & 0xff];
552 *r_out = fp_maskr[0][l >> 24]
553 | fp_maskr[1][(l >> 16) & 0xff]
554 | fp_maskr[2][(l >> 8) & 0xff]
555 | fp_maskr[3][l & 0xff]
556 | fp_maskr[4][r >> 24]
557 | fp_maskr[5][(r >> 16) & 0xff]
558 | fp_maskr[6][(r >> 8) & 0xff]
559 | fp_maskr[7][r & 0xff];
560 return(0);
561}
562
563static int
564des_cipher(in, out, salt, count)
565 const char *in;
566 char *out;
567 int32_t salt;
568 int count;
569{
570 u_int32_t l_out, r_out, rawl, rawr;
571 u_int32_t x[2];
572 int retval;
573
574 if (!des_initialised)
575 des_init();
576
577 setup_salt(salt);
578
579#if 0
580 rawl = ntohl(*((u_int32_t *) in)++);
581 rawr = ntohl(*((u_int32_t *) in));
582#else
583 memcpy(x, in, sizeof x);
584 rawl = ntohl(x[0]);
585 rawr = ntohl(x[1]);
586#endif
587 retval = do_des(rawl, rawr, &l_out, &r_out, count);
588
589#if 0
590 *((u_int32_t *) out)++ = htonl(l_out);
591 *((u_int32_t *) out) = htonl(r_out);
592#else
593 x[0] = htonl(l_out);
594 x[1] = htonl(r_out);
595 memcpy(out, x, sizeof x);
596#endif
597 return(retval);
598}
599
600char *
601crypt(key, setting)
602 char *key;
603 char *setting;
604{
605 int i;
606 u_int32_t count, salt, l, r0, r1, keybuf[2];
607 u_char *p, *q;
608 static u_char output[21];
609
610 if (!des_initialised)
611 des_init();
612
613
614 /*
615 * Copy the key, shifting each character up by one bit
616 * and padding with zeros.
617 */
618 q = (u_char *) keybuf;
619 while (q - (u_char *) keybuf - 8) {
620 if (*q++ = *key << 1)
621 key++;
622 }
623 if (des_setkey((u_char *) keybuf))
624 return(NULL);
625
626 if (*setting == _PASSWORD_EFMT1) {
627 /*
628 * "new"-style:
629 * setting - underscore, 4 bytes of count, 4 bytes of salt
630 * key - unlimited characters
631 */
632 for (i = 1, count = 0; i < 5; i++)
633 count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
634
635 for (i = 5, salt = 0; i < 9; i++)
636 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
637
638 while (*key) {
639 /*
640 * Encrypt the key with itself.
641 */
642 if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0, 1))
643 return(NULL);
644 /*
645 * And XOR with the next 8 characters of the key.
646 */
647 q = (u_char *) keybuf;
648 while (q - (u_char *) keybuf - 8 && *key)
649 *q++ ^= *key++ << 1;
650
651 if (des_setkey((u_char *) keybuf))
652 return(NULL);
653 }
654 strncpy(output, setting, 9);
655
656 /*
657 * Double check that we weren't given a short setting.
658 * If we were, the above code will probably have created
659 * wierd values for count and salt, but we don't really care.
660 * Just make sure the output string doesn't have an extra
661 * NUL in it.
662 */
663 output[9] = '\0';
664 p = output + strlen(output);
665 } else {
666 /*
667 * "old"-style:
668 * setting - 2 bytes of salt
669 * key - up to 8 characters
670 */
671 count = 25;
672
673 salt = (ascii_to_bin(setting[1]) << 6)
674 | ascii_to_bin(setting[0]);
675
676 output[0] = setting[0];
677 /*
678 * If the encrypted password that the salt was extracted from
679 * is only 1 character long, the salt will be corrupted. We
680 * need to ensure that the output string doesn't have an extra
681 * NUL in it!
682 */
683 output[1] = setting[1] ? setting[1] : output[0];
684
685 p = output + 2;
686 }
687 setup_salt(salt);
688 /*
689 * Do it.
690 */
691 if (do_des(0, 0, &r0, &r1, count))
692 return(NULL);
693 /*
694 * Now encode the result...
695 */
696 l = (r0 >> 8);
697 *p++ = ascii64[(l >> 18) & 0x3f];
698 *p++ = ascii64[(l >> 12) & 0x3f];
699 *p++ = ascii64[(l >> 6) & 0x3f];
700 *p++ = ascii64[l & 0x3f];
701
702 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
703 *p++ = ascii64[(l >> 18) & 0x3f];
704 *p++ = ascii64[(l >> 12) & 0x3f];
705 *p++ = ascii64[(l >> 6) & 0x3f];
706 *p++ = ascii64[l & 0x3f];
707
708 l = r1 << 2;
709 *p++ = ascii64[(l >> 12) & 0x3f];
710 *p++ = ascii64[(l >> 6) & 0x3f];
711 *p++ = ascii64[l & 0x3f];
712 *p = 0;
713
714 return(output);
715}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-25 19:04:51 +0000