1 files changed, 713 insertions, 0 deletions
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
new file mode 100644
index 0000000000..17b50b7f52
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,713 @@
+/*      $OpenBSD: crypt.c,v 1.16 2002/04/29 06:26:50 pvalchev Exp $     */
+/*
+ * FreeSec: libcrypt
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the author nor the names of other contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ *
+ * An excellent reference on the underlying algorithm (and related
+ * algorithms) is:
+ *
+ *      B. Schneier, Applied Cryptography: protocols, algorithms,
+ *      and source code in C, John Wiley & Sons, 1994.
+ *
+ * Note that in that book's description of DES the lookups for the initial,
+ * pbox, and final permutations are inverted (this has been brought to the
+ * attention of the author).  A list of errata for this book has been
+ * posted to the sci.crypt newsgroup by the author and is available for FTP.
+ *
+ * NOTE:
+ * This file has a static version of des_setkey() so that crypt.o exports
+ * only the crypt() interface. This is required to make binaries linked
+ * against crypt.o exportable or re-exportable from the USA.
+ */
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: crypt.c,v 1.16 2002/04/29 06:26:50 pvalchev Exp $";
+#endif /* LIBC_SCCS and not lint */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <pwd.h>
+#include <string.h>
+#ifdef DEBUG
+# include <stdio.h>
+#endif
+static u_char   IP[64] = {
+        58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
+        62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
+        57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
+        61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
+};
+static u_char   inv_key_perm[64];
+static u_char   u_key_perm[56];
+static u_char   key_perm[56] = {
+        57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+        10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+        63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+        14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+static u_char   key_shifts[16] = {
+        1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+static u_char   inv_comp_perm[56];
+static u_char   comp_perm[48] = {
+        14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+        23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+        41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+        44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+/*
+ *      No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+static u_char   u_sbox[8][64];
+static u_char   sbox[8][64] = {
+        {
+                14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
+                 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
+                 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
+                15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
+        },
+        {
+                15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
+                 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
+                 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
+                13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
+        },
+        {
+                10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
+                13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
+                13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
+                 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
+        },
+        {
+                 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
+                13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
+                10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
+                 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
+        },
+        {
+                 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
+                14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
+                 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
+                11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
+        },
+        {
+                12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
+                10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
+                 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
+                 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
+        },
+        {
+                 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
+                13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
+                 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
+                 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
+        },
+        {
+                13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
+                 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
+                 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
+                 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
+        }
+};
+static u_char   un_pbox[32];
+static u_char   pbox[32] = {
+        16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+         2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+static u_int32_t bits32[32] =
+{
+        0x80000000, 0x40000000, 0x20000000, 0x10000000,
+        0x08000000, 0x04000000, 0x02000000, 0x01000000,
+        0x00800000, 0x00400000, 0x00200000, 0x00100000,
+        0x00080000, 0x00040000, 0x00020000, 0x00010000,
+        0x00008000, 0x00004000, 0x00002000, 0x00001000,
+        0x00000800, 0x00000400, 0x00000200, 0x00000100,
+        0x00000080, 0x00000040, 0x00000020, 0x00000010,
+        0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+static u_char   bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+static u_int32_t saltbits;
+static int32_t  old_salt;
+static u_int32_t *bits28, *bits24;
+static u_char   init_perm[64], final_perm[64];
+static u_int32_t en_keysl[16], en_keysr[16];
+static u_int32_t de_keysl[16], de_keysr[16];
+static int      des_initialised = 0;
+static u_char   m_sbox[4][4096];
+static u_int32_t psbox[4][256];
+static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
+static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
+static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
+static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
+static u_int32_t old_rawkey0, old_rawkey1;
+static u_char   ascii64[] =
+         "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+/*        0000000000111111111122222222223333333333444444444455555555556666 */
+/*        0123456789012345678901234567890123456789012345678901234567890123 */
+static __inline int
+ascii_to_bin(ch)
+        char ch;
+{
+        if (ch > 'z')
+                return(0);
+        if (ch >= 'a')
+                return(ch - 'a' + 38);
+        if (ch > 'Z')
+                return(0);
+        if (ch >= 'A')
+                return(ch - 'A' + 12);
+        if (ch > '9')
+                return(0);
+        if (ch >= '.')
+                return(ch - '.');
+        return(0);
+}
+static void
+des_init()
+{
+        int     i, j, b, k, inbit, obit;
+        u_int32_t       *p, *il, *ir, *fl, *fr;
+        old_rawkey0 = old_rawkey1 = 0;
+        saltbits = 0;
+        old_salt = 0;
+        bits24 = (bits28 = bits32 + 4) + 4;
+        /*
+         * Invert the S-boxes, reordering the input bits.
+         */
+        for (i = 0; i < 8; i++)
+                for (j = 0; j < 64; j++) {
+                        b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+                        u_sbox[i][j] = sbox[i][b];
+                }
+        /*
+         * Convert the inverted S-boxes into 4 arrays of 8 bits.
+         * Each will handle 12 bits of the S-box input.
+         */
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 64; i++)
+                        for (j = 0; j < 64; j++)
+                                m_sbox[b][(i << 6) | j] =
+                                        (u_sbox[(b << 1)][i] << 4) |
+                                        u_sbox[(b << 1) + 1][j];
+        /*
+         * Set up the initial & final permutations into a useful form, and
+         * initialise the inverted key permutation.
+         */
+        for (i = 0; i < 64; i++) {
+                init_perm[final_perm[i] = IP[i] - 1] = i;
+                inv_key_perm[i] = 255;
+        }
+        /*
+         * Invert the key permutation and initialise the inverted key
+         * compression permutation.
+         */
+        for (i = 0; i < 56; i++) {
+                u_key_perm[i] = key_perm[i] - 1;
+                inv_key_perm[key_perm[i] - 1] = i;
+                inv_comp_perm[i] = 255;
+        }
+        /*
+         * Invert the key compression permutation.
+         */
+        for (i = 0; i < 48; i++) {
+                inv_comp_perm[comp_perm[i] - 1] = i;
+        }
+        /*
+         * Set up the OR-mask arrays for the initial and final permutations,
+         * and for the key initial and compression permutations.
+         */
+        for (k = 0; k < 8; k++) {
+                for (i = 0; i < 256; i++) {
+                        *(il = &ip_maskl[k][i]) = 0;
+                        *(ir = &ip_maskr[k][i]) = 0;
+                        *(fl = &fp_maskl[k][i]) = 0;
+                        *(fr = &fp_maskr[k][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                inbit = 8 * k + j;
+                                if (i & bits8[j]) {
+                                        if ((obit = init_perm[inbit]) < 32)
+                                                *il |= bits32[obit];
+                                        else
+                                                *ir |= bits32[obit-32];
+                                        if ((obit = final_perm[inbit]) < 32)
+                                                *fl |= bits32[obit];
+                                        else
+                                                *fr |= bits32[obit - 32];
+                                }
+                        }
+                }
+                for (i = 0; i < 128; i++) {
+                        *(il = &key_perm_maskl[k][i]) = 0;
+                        *(ir = &key_perm_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 8 * k + j;
+                                if (i & bits8[j + 1]) {
+                                        if ((obit = inv_key_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 28)
+                                                *il |= bits28[obit];
+                                        else
+                                                *ir |= bits28[obit - 28];
+                                }
+                        }
+                        *(il = &comp_maskl[k][i]) = 0;
+                        *(ir = &comp_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 7 * k + j;
+                                if (i & bits8[j + 1]) {
+                                        if ((obit=inv_comp_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 24)
+                                                *il |= bits24[obit];
+                                        else
+                                                *ir |= bits24[obit - 24];
+                                }
+                        }
+                }
+        }
+        /*
+         * Invert the P-box permutation, and convert into OR-masks for
+         * handling the output of the S-box arrays setup above.
+         */
+        for (i = 0; i < 32; i++)
+                un_pbox[pbox[i] - 1] = i;
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 256; i++) {
+                        *(p = &psbox[b][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                if (i & bits8[j])
+                                        *p |= bits32[un_pbox[8 * b + j]];
+                        }
+                }
+        des_initialised = 1;
+}
+static void
+setup_salt(salt)
+        int32_t salt;
+{
+        u_int32_t       obit, saltbit;
+        int     i;
+        if (salt == old_salt)
+                return;
+        old_salt = salt;
+        saltbits = 0;
+        saltbit = 1;
+        obit = 0x800000;
+        for (i = 0; i < 24; i++) {
+                if (salt & saltbit)
+                        saltbits |= obit;
+                saltbit <<= 1;
+                obit >>= 1;
+        }
+}
+static int
+des_setkey(key)
+        const char *key;
+{
+        u_int32_t k0, k1, rawkey0, rawkey1;
+        int     shifts, round;
+        if (!des_initialised)
+                des_init();
+        rawkey0 = ntohl(*(u_int32_t *) key);
+        rawkey1 = ntohl(*(u_int32_t *) (key + 4));
+        if ((rawkey0 | rawkey1)
+            && rawkey0 == old_rawkey0
+            && rawkey1 == old_rawkey1) {
+                /*
+                 * Already setup for this key.
+                 * This optimisation fails on a zero key (which is weak and
+                 * has bad parity anyway) in order to simplify the starting
+                 * conditions.
+                 */
+                return(0);
+        }
+        old_rawkey0 = rawkey0;
+        old_rawkey1 = rawkey1;
+        /*
+         *      Do key permutation and split into two 28-bit subkeys.
+         */
+        k0 = key_perm_maskl[0][rawkey0 >> 25]
+           | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskl[4][rawkey1 >> 25]
+           | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
+        k1 = key_perm_maskr[0][rawkey0 >> 25]
+           | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskr[4][rawkey1 >> 25]
+           | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
+        /*
+         *      Rotate subkeys and do compression permutation.
+         */
+        shifts = 0;
+        for (round = 0; round < 16; round++) {
+                u_int32_t       t0, t1;
+                shifts += key_shifts[round];
+                t0 = (k0 << shifts) | (k0 >> (28 - shifts));
+                t1 = (k1 << shifts) | (k1 >> (28 - shifts));
+                de_keysl[15 - round] =
+                en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
+                                | comp_maskl[1][(t0 >> 14) & 0x7f]
+                                | comp_maskl[2][(t0 >> 7) & 0x7f]
+                                | comp_maskl[3][t0 & 0x7f]
+                                | comp_maskl[4][(t1 >> 21) & 0x7f]
+                                | comp_maskl[5][(t1 >> 14) & 0x7f]
+                                | comp_maskl[6][(t1 >> 7) & 0x7f]
+                                | comp_maskl[7][t1 & 0x7f];
+                de_keysr[15 - round] =
+                en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
+                                | comp_maskr[1][(t0 >> 14) & 0x7f]
+                                | comp_maskr[2][(t0 >> 7) & 0x7f]
+                                | comp_maskr[3][t0 & 0x7f]
+                                | comp_maskr[4][(t1 >> 21) & 0x7f]
+                                | comp_maskr[5][(t1 >> 14) & 0x7f]
+                                | comp_maskr[6][(t1 >> 7) & 0x7f]
+                                | comp_maskr[7][t1 & 0x7f];
+        }
+        return(0);
+}
+static int
+do_des(l_in, r_in, l_out, r_out, count)
+        u_int32_t l_in, r_in, *l_out, *r_out;
+        int count;
+{
+        /*
+         *      l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
+         */
+        u_int32_t       l, r, *kl, *kr, *kl1, *kr1;
+        u_int32_t       f, r48l, r48r;
+        int             round;
+        if (count == 0) {
+                return(1);
+        } else if (count > 0) {
+                /*
+                 * Encrypting
+                 */
+                kl1 = en_keysl;
+                kr1 = en_keysr;
+        } else {
+                /*
+                 * Decrypting
+                 */
+                count = -count;
+                kl1 = de_keysl;
+                kr1 = de_keysr;
+        }
+        /*
+         *      Do initial permutation (IP).
+         */
+        l = ip_maskl[0][l_in >> 24]
+          | ip_maskl[1][(l_in >> 16) & 0xff]
+          | ip_maskl[2][(l_in >> 8) & 0xff]
+          | ip_maskl[3][l_in & 0xff]
+          | ip_maskl[4][r_in >> 24]
+          | ip_maskl[5][(r_in >> 16) & 0xff]
+          | ip_maskl[6][(r_in >> 8) & 0xff]
+          | ip_maskl[7][r_in & 0xff];
+        r = ip_maskr[0][l_in >> 24]
+          | ip_maskr[1][(l_in >> 16) & 0xff]
+          | ip_maskr[2][(l_in >> 8) & 0xff]
+          | ip_maskr[3][l_in & 0xff]
+          | ip_maskr[4][r_in >> 24]
+          | ip_maskr[5][(r_in >> 16) & 0xff]
+          | ip_maskr[6][(r_in >> 8) & 0xff]
+          | ip_maskr[7][r_in & 0xff];
+        while (count--) {
+                /*
+                 * Do each round.
+                 */
+                kl = kl1;
+                kr = kr1;
+                round = 16;
+                while (round--) {
+                        /*
+                         * Expand R to 48 bits (simulate the E-box).
+                         */
+                        r48l    = ((r & 0x00000001) << 23)
+                                | ((r & 0xf8000000) >> 9)
+                                | ((r & 0x1f800000) >> 11)
+                                | ((r & 0x01f80000) >> 13)
+                                | ((r & 0x001f8000) >> 15);
+                        r48r    = ((r & 0x0001f800) << 7)
+                                | ((r & 0x00001f80) << 5)
+                                | ((r & 0x000001f8) << 3)
+                                | ((r & 0x0000001f) << 1)
+                                | ((r & 0x80000000) >> 31);
+                        /*
+                         * Do salting for crypt() and friends, and
+                         * XOR with the permuted key.
+                         */
+                        f = (r48l ^ r48r) & saltbits;
+                        r48l ^= f ^ *kl++;
+                        r48r ^= f ^ *kr++;
+                        /*
+                         * Do sbox lookups (which shrink it back to 32 bits)
+                         * and do the pbox permutation at the same time.
+                         */
+                        f = psbox[0][m_sbox[0][r48l >> 12]]
+                          | psbox[1][m_sbox[1][r48l & 0xfff]]
+                          | psbox[2][m_sbox[2][r48r >> 12]]
+                          | psbox[3][m_sbox[3][r48r & 0xfff]];
+                        /*
+                         * Now that we've permuted things, complete f().
+                         */
+                        f ^= l;
+                        l = r;
+                        r = f;
+                }
+                r = l;
+                l = f;
+        }
+        /*
+         * Do final permutation (inverse of IP).
+         */
+        *l_out  = fp_maskl[0][l >> 24]
+                | fp_maskl[1][(l >> 16) & 0xff]
+                | fp_maskl[2][(l >> 8) & 0xff]
+                | fp_maskl[3][l & 0xff]
+                | fp_maskl[4][r >> 24]
+                | fp_maskl[5][(r >> 16) & 0xff]
+                | fp_maskl[6][(r >> 8) & 0xff]
+                | fp_maskl[7][r & 0xff];
+        *r_out  = fp_maskr[0][l >> 24]
+                | fp_maskr[1][(l >> 16) & 0xff]
+                | fp_maskr[2][(l >> 8) & 0xff]
+                | fp_maskr[3][l & 0xff]
+                | fp_maskr[4][r >> 24]
+                | fp_maskr[5][(r >> 16) & 0xff]
+                | fp_maskr[6][(r >> 8) & 0xff]
+                | fp_maskr[7][r & 0xff];
+        return(0);
+}
+static int
+des_cipher(in, out, salt, count)
+        const char *in;
+        char *out;
+        int32_t salt;
+        int count;
+{
+        u_int32_t l_out, r_out, rawl, rawr;
+        u_int32_t x[2];
+        int     retval;
+        if (!des_initialised)
+                des_init();
+        setup_salt(salt);
+        memcpy(x, in, sizeof x);
+        rawl = ntohl(x[0]);
+        rawr = ntohl(x[1]);
+        retval = do_des(rawl, rawr, &l_out, &r_out, count);
+        x[0] = htonl(l_out);
+        x[1] = htonl(r_out);
+        memcpy(out, x, sizeof x);
+        return(retval);
+}
+char *
+crypt(key, setting)
+        const char *key;
+        const char *setting;
+{
+        int             i;
+        u_int32_t       count, salt, l, r0, r1, keybuf[2];
+        u_char          *p, *q;
+        static u_char   output[21];
+        extern char     *md5crypt(const char *, const char *);
+        extern char     *bcrypt(const char *, const char *);
+        if (setting[0] == '$') {
+                switch (setting[1]) {
+                case '1':
+                        return (md5crypt(key, setting));
+                default:
+                        return bcrypt(key, setting);
+                }
+        }
+        if (!des_initialised)
+                des_init();
+        /*
+         * Copy the key, shifting each character up by one bit
+         * and padding with zeros.
+         */
+        q = (u_char *) keybuf;
+        while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
+                if ((*q++ = *key << 1))
+                        key++;
+        }
+        if (des_setkey((u_char *) keybuf))
+                return(NULL);
+        if (*setting == _PASSWORD_EFMT1) {
+                /*
+                 * "new"-style:
+                 *      setting - underscore, 4 bytes of count, 4 bytes of salt
+                 *      key - unlimited characters
+                 */
+                for (i = 1, count = 0; i < 5; i++)
+                        count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
+                for (i = 5, salt = 0; i < 9; i++)
+                        salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
+                while (*key) {
+                        /*
+                         * Encrypt the key with itself.
+                         */
+                        if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0, 1))
+                                return(NULL);
+                        /*
+                         * And XOR with the next 8 characters of the key.
+                         */
+                        q = (u_char *) keybuf;
+                        while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
+                                        *key)
+                                *q++ ^= *key++ << 1;
+                        if (des_setkey((u_char *) keybuf))
+                                return(NULL);
+                }
+                strlcpy((char *)output, setting, 10);
+                /*
+                 * Double check that we weren't given a short setting.
+                 * If we were, the above code will probably have created
+                 * weird values for count and salt, but we don't really care.
+                 * Just make sure the output string doesn't have an extra
+                 * NUL in it.
+                 */
+                p = output + strlen((const char *)output);
+        } else {
+                /*
+                 * "old"-style:
+                 *      setting - 2 bytes of salt
+                 *      key - up to 8 characters
+                 */
+                count = 25;
+                salt = (ascii_to_bin(setting[1]) << 6)
+                     |  ascii_to_bin(setting[0]);
+                output[0] = setting[0];
+                /*
+                 * If the encrypted password that the salt was extracted from
+                 * is only 1 character long, the salt will be corrupted.  We
+                 * need to ensure that the output string doesn't have an extra
+                 * NUL in it!
+                 */
+                output[1] = setting[1] ? setting[1] : output[0];
+                p = output + 2;
+        }
+        setup_salt(salt);
+        /*
+         * Do it.
+         */
+        if (do_des(0, 0, &r0, &r1, count))
+                return(NULL);
+        /*
+         * Now encode the result...
+         */
+        l = (r0 >> 8);
+        *p++ = ascii64[(l >> 18) & 0x3f];
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        l = (r0 << 16) | ((r1 >> 16) & 0xffff);
+        *p++ = ascii64[(l >> 18) & 0x3f];
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        l = r1 << 2;
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        *p = 0;
+        return((char *)output);
+}

diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c new file mode 100644 index 0000000000..17b50b7f52 --- /dev/null +++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,713 @@
	1	/* $OpenBSD: crypt.c,v 1.16 2002/04/29 06:26:50 pvalchev Exp $ */
	2
	3	/*
	4	* FreeSec: libcrypt
	5	*
	6	* Copyright (c) 1994 David Burren
	7	* All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	* 2. Redistributions in binary form must reproduce the above copyright
	15	* notice, this list of conditions and the following disclaimer in the
	16	* documentation and/or other materials provided with the distribution.
	17	* 4. Neither the name of the author nor the names of other contributors
	18	* may be used to endorse or promote products derived from this software
	19	* without specific prior written permission.
	20	*
	21	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
	22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	24	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	31	* SUCH DAMAGE.
	32	*
	33	*
	34	* This is an original implementation of the DES and the crypt(3) interfaces
	35	* by David Burren <davidb@werj.com.au>.
	36	*
	37	* An excellent reference on the underlying algorithm (and related
	38	* algorithms) is:
	39	*
	40	* B. Schneier, Applied Cryptography: protocols, algorithms,
	41	* and source code in C, John Wiley & Sons, 1994.
	42	*
	43	* Note that in that book's description of DES the lookups for the initial,
	44	* pbox, and final permutations are inverted (this has been brought to the
	45	* attention of the author). A list of errata for this book has been
	46	* posted to the sci.crypt newsgroup by the author and is available for FTP.
	47	*
	48	* NOTE:
	49	* This file has a static version of des_setkey() so that crypt.o exports
	50	* only the crypt() interface. This is required to make binaries linked
	51	* against crypt.o exportable or re-exportable from the USA.
	52	*/
	53
	54	#if defined(LIBC_SCCS) && !defined(lint)
	55	static char rcsid[] = "$OpenBSD: crypt.c,v 1.16 2002/04/29 06:26:50 pvalchev Exp $";
	56	#endif /* LIBC_SCCS and not lint */
	57
	58	#include <sys/types.h>
	59	#include <sys/param.h>
	60	#include <pwd.h>
	61	#include <string.h>
	62
	63	#ifdef DEBUG
	64	# include <stdio.h>
	65	#endif
	66
	67	static u_char IP[64] = {
	68	58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
	69	62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
	70	57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
	71	61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
	72	};
	73
	74	static u_char inv_key_perm[64];
	75	static u_char u_key_perm[56];
	76	static u_char key_perm[56] = {
	77	57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
	78	10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
	79	63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
	80	14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
	81	};
	82
	83	static u_char key_shifts[16] = {
	84	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
	85	};
	86
	87	static u_char inv_comp_perm[56];
	88	static u_char comp_perm[48] = {
	89	14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
	90	23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
	91	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
	92	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
	93	};
	94
	95	/*
	96	* No E box is used, as it's replaced by some ANDs, shifts, and ORs.
	97	*/
	98
	99	static u_char u_sbox[8][64];
	100	static u_char sbox[8][64] = {
	101	{
	102	14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
	103	0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
	104	4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
	105	15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
	106	},
	107	{
	108	15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
	109	3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
	110	0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
	111	13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
	112	},
	113	{
	114	10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
	115	13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
	116	13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
	117	1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
	118	},
	119	{
	120	7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
	121	13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
	122	10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
	123	3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
	124	},
	125	{
	126	2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
	127	14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
	128	4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
	129	11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
	130	},
	131	{
	132	12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
	133	10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
	134	9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
	135	4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
	136	},
	137	{
	138	4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
	139	13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
	140	1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
	141	6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
	142	},
	143	{
	144	13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
	145	1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
	146	7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
	147	2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
	148	}
	149	};
	150
	151	static u_char un_pbox[32];
	152	static u_char pbox[32] = {
	153	16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
	154	2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
	155	};
	156
	157	static u_int32_t bits32[32] =
	158	{
	159	0x80000000, 0x40000000, 0x20000000, 0x10000000,
	160	0x08000000, 0x04000000, 0x02000000, 0x01000000,
	161	0x00800000, 0x00400000, 0x00200000, 0x00100000,
	162	0x00080000, 0x00040000, 0x00020000, 0x00010000,
	163	0x00008000, 0x00004000, 0x00002000, 0x00001000,
	164	0x00000800, 0x00000400, 0x00000200, 0x00000100,
	165	0x00000080, 0x00000040, 0x00000020, 0x00000010,
	166	0x00000008, 0x00000004, 0x00000002, 0x00000001
	167	};
	168
	169	static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
	170
	171	static u_int32_t saltbits;
	172	static int32_t old_salt;
	173	static u_int32_t bits28, bits24;
	174	static u_char init_perm[64], final_perm[64];
	175	static u_int32_t en_keysl[16], en_keysr[16];
	176	static u_int32_t de_keysl[16], de_keysr[16];
	177	static int des_initialised = 0;
	178	static u_char m_sbox[4][4096];
	179	static u_int32_t psbox[4][256];
	180	static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
	181	static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
	182	static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
	183	static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
	184	static u_int32_t old_rawkey0, old_rawkey1;
	185
	186	static u_char ascii64[] =
	187	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
	188	/* 0000000000111111111122222222223333333333444444444455555555556666 */
	189	/* 0123456789012345678901234567890123456789012345678901234567890123 */
	190
	191	static __inline int
	192	ascii_to_bin(ch)
	193	char ch;
	194	{
	195	if (ch > 'z')
	196	return(0);
	197	if (ch >= 'a')
	198	return(ch - 'a' + 38);
	199	if (ch > 'Z')
	200	return(0);
	201	if (ch >= 'A')
	202	return(ch - 'A' + 12);
	203	if (ch > '9')
	204	return(0);
	205	if (ch >= '.')
	206	return(ch - '.');
	207	return(0);
	208	}
	209
	210	static void
	211	des_init()
	212	{
	213	int i, j, b, k, inbit, obit;
	214	u_int32_t p, il, ir, fl, *fr;
	215
	216	old_rawkey0 = old_rawkey1 = 0;
	217	saltbits = 0;
	218	old_salt = 0;
	219	bits24 = (bits28 = bits32 + 4) + 4;
	220
	221	/*
	222	* Invert the S-boxes, reordering the input bits.
	223	*/
	224	for (i = 0; i < 8; i++)
	225	for (j = 0; j < 64; j++) {
	226	b = (j & 0x20) \| ((j & 1) << 4) \| ((j >> 1) & 0xf);
	227	u_sbox[i][j] = sbox[i][b];
	228	}
	229
	230	/*
	231	* Convert the inverted S-boxes into 4 arrays of 8 bits.
	232	* Each will handle 12 bits of the S-box input.
	233	*/
	234	for (b = 0; b < 4; b++)
	235	for (i = 0; i < 64; i++)
	236	for (j = 0; j < 64; j++)
	237	m_sbox[b][(i << 6) \| j] =
	238	(u_sbox[(b << 1)][i] << 4) \|
	239	u_sbox[(b << 1) + 1][j];
	240
	241	/*
	242	* Set up the initial & final permutations into a useful form, and
	243	* initialise the inverted key permutation.
	244	*/
	245	for (i = 0; i < 64; i++) {
	246	init_perm[final_perm[i] = IP[i] - 1] = i;
	247	inv_key_perm[i] = 255;
	248	}
	249
	250	/*
	251	* Invert the key permutation and initialise the inverted key
	252	* compression permutation.
	253	*/
	254	for (i = 0; i < 56; i++) {
	255	u_key_perm[i] = key_perm[i] - 1;
	256	inv_key_perm[key_perm[i] - 1] = i;
	257	inv_comp_perm[i] = 255;
	258	}
	259
	260	/*
	261	* Invert the key compression permutation.
	262	*/
	263	for (i = 0; i < 48; i++) {
	264	inv_comp_perm[comp_perm[i] - 1] = i;
	265	}
	266
	267	/*
	268	* Set up the OR-mask arrays for the initial and final permutations,
	269	* and for the key initial and compression permutations.
	270	*/
	271	for (k = 0; k < 8; k++) {
	272	for (i = 0; i < 256; i++) {
	273	*(il = &ip_maskl[k][i]) = 0;
	274	*(ir = &ip_maskr[k][i]) = 0;
	275	*(fl = &fp_maskl[k][i]) = 0;
	276	*(fr = &fp_maskr[k][i]) = 0;
	277	for (j = 0; j < 8; j++) {
	278	inbit = 8 * k + j;
	279	if (i & bits8[j]) {
	280	if ((obit = init_perm[inbit]) < 32)
	281	*il \|= bits32[obit];
	282	else
	283	*ir \|= bits32[obit-32];
	284	if ((obit = final_perm[inbit]) < 32)
	285	*fl \|= bits32[obit];
	286	else
	287	*fr \|= bits32[obit - 32];
	288	}
	289	}
	290	}
	291	for (i = 0; i < 128; i++) {
	292	*(il = &key_perm_maskl[k][i]) = 0;
	293	*(ir = &key_perm_maskr[k][i]) = 0;
	294	for (j = 0; j < 7; j++) {
	295	inbit = 8 * k + j;
	296	if (i & bits8[j + 1]) {
	297	if ((obit = inv_key_perm[inbit]) == 255)
	298	continue;
	299	if (obit < 28)
	300	*il \|= bits28[obit];
	301	else
	302	*ir \|= bits28[obit - 28];
	303	}
	304	}
	305	*(il = &comp_maskl[k][i]) = 0;
	306	*(ir = &comp_maskr[k][i]) = 0;
	307	for (j = 0; j < 7; j++) {
	308	inbit = 7 * k + j;
	309	if (i & bits8[j + 1]) {
	310	if ((obit=inv_comp_perm[inbit]) == 255)
	311	continue;
	312	if (obit < 24)
	313	*il \|= bits24[obit];
	314	else
	315	*ir \|= bits24[obit - 24];
	316	}
	317	}
	318	}
	319	}
	320
	321	/*
	322	* Invert the P-box permutation, and convert into OR-masks for
	323	* handling the output of the S-box arrays setup above.
	324	*/
	325	for (i = 0; i < 32; i++)
	326	un_pbox[pbox[i] - 1] = i;
	327
	328	for (b = 0; b < 4; b++)
	329	for (i = 0; i < 256; i++) {
	330	*(p = &psbox[b][i]) = 0;
	331	for (j = 0; j < 8; j++) {
	332	if (i & bits8[j])
	333	p \|= bits32[un_pbox[8 b + j]];
	334	}
	335	}
	336
	337	des_initialised = 1;
	338	}
	339
	340	static void
	341	setup_salt(salt)
	342	int32_t salt;
	343	{
	344	u_int32_t obit, saltbit;
	345	int i;
	346
	347	if (salt == old_salt)
	348	return;
	349	old_salt = salt;
	350
	351	saltbits = 0;
	352	saltbit = 1;
	353	obit = 0x800000;
	354	for (i = 0; i < 24; i++) {
	355	if (salt & saltbit)
	356	saltbits \|= obit;
	357	saltbit <<= 1;
	358	obit >>= 1;
	359	}
	360	}
	361
	362	static int
	363	des_setkey(key)
	364	const char *key;
	365	{
	366	u_int32_t k0, k1, rawkey0, rawkey1;
	367	int shifts, round;
	368
	369	if (!des_initialised)
	370	des_init();
	371
	372	rawkey0 = ntohl((u_int32_t ) key);
	373	rawkey1 = ntohl((u_int32_t ) (key + 4));
	374
	375	if ((rawkey0 \| rawkey1)
	376	&& rawkey0 == old_rawkey0
	377	&& rawkey1 == old_rawkey1) {
	378	/*
	379	* Already setup for this key.
	380	* This optimisation fails on a zero key (which is weak and
	381	* has bad parity anyway) in order to simplify the starting
	382	* conditions.
	383	*/
	384	return(0);
	385	}
	386	old_rawkey0 = rawkey0;
	387	old_rawkey1 = rawkey1;
	388
	389	/*
	390	* Do key permutation and split into two 28-bit subkeys.
	391	*/
	392	k0 = key_perm_maskl[0][rawkey0 >> 25]
	393	\| key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
	394	\| key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
	395	\| key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
	396	\| key_perm_maskl[4][rawkey1 >> 25]
	397	\| key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
	398	\| key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
	399	\| key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
	400	k1 = key_perm_maskr[0][rawkey0 >> 25]
	401	\| key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
	402	\| key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
	403	\| key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
	404	\| key_perm_maskr[4][rawkey1 >> 25]
	405	\| key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
	406	\| key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
	407	\| key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
	408	/*
	409	* Rotate subkeys and do compression permutation.
	410	*/
	411	shifts = 0;
	412	for (round = 0; round < 16; round++) {
	413	u_int32_t t0, t1;
	414
	415	shifts += key_shifts[round];
	416
	417	t0 = (k0 << shifts) \| (k0 >> (28 - shifts));
	418	t1 = (k1 << shifts) \| (k1 >> (28 - shifts));
	419
	420	de_keysl[15 - round] =
	421	en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
	422	\| comp_maskl[1][(t0 >> 14) & 0x7f]
	423	\| comp_maskl[2][(t0 >> 7) & 0x7f]
	424	\| comp_maskl[3][t0 & 0x7f]
	425	\| comp_maskl[4][(t1 >> 21) & 0x7f]
	426	\| comp_maskl[5][(t1 >> 14) & 0x7f]
	427	\| comp_maskl[6][(t1 >> 7) & 0x7f]
	428	\| comp_maskl[7][t1 & 0x7f];
	429
	430	de_keysr[15 - round] =
	431	en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
	432	\| comp_maskr[1][(t0 >> 14) & 0x7f]
	433	\| comp_maskr[2][(t0 >> 7) & 0x7f]
	434	\| comp_maskr[3][t0 & 0x7f]
	435	\| comp_maskr[4][(t1 >> 21) & 0x7f]
	436	\| comp_maskr[5][(t1 >> 14) & 0x7f]
	437	\| comp_maskr[6][(t1 >> 7) & 0x7f]
	438	\| comp_maskr[7][t1 & 0x7f];
	439	}
	440	return(0);
	441	}
	442
	443	static int
	444	do_des(l_in, r_in, l_out, r_out, count)
	445	u_int32_t l_in, r_in, l_out, r_out;
	446	int count;
	447	{
	448	/*
	449	* l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
	450	*/
	451	u_int32_t l, r, kl, kr, kl1, kr1;
	452	u_int32_t f, r48l, r48r;
	453	int round;
	454
	455	if (count == 0) {
	456	return(1);
	457	} else if (count > 0) {
	458	/*
	459	* Encrypting
	460	*/
	461	kl1 = en_keysl;
	462	kr1 = en_keysr;
	463	} else {
	464	/*
	465	* Decrypting
	466	*/
	467	count = -count;
	468	kl1 = de_keysl;
	469	kr1 = de_keysr;
	470	}
	471
	472	/*
	473	* Do initial permutation (IP).
	474	*/
	475	l = ip_maskl[0][l_in >> 24]
	476	\| ip_maskl[1][(l_in >> 16) & 0xff]
	477	\| ip_maskl[2][(l_in >> 8) & 0xff]
	478	\| ip_maskl[3][l_in & 0xff]
	479	\| ip_maskl[4][r_in >> 24]
	480	\| ip_maskl[5][(r_in >> 16) & 0xff]
	481	\| ip_maskl[6][(r_in >> 8) & 0xff]
	482	\| ip_maskl[7][r_in & 0xff];
	483	r = ip_maskr[0][l_in >> 24]
	484	\| ip_maskr[1][(l_in >> 16) & 0xff]
	485	\| ip_maskr[2][(l_in >> 8) & 0xff]
	486	\| ip_maskr[3][l_in & 0xff]
	487	\| ip_maskr[4][r_in >> 24]
	488	\| ip_maskr[5][(r_in >> 16) & 0xff]
	489	\| ip_maskr[6][(r_in >> 8) & 0xff]
	490	\| ip_maskr[7][r_in & 0xff];
	491
	492	while (count--) {
	493	/*
	494	* Do each round.
	495	*/
	496	kl = kl1;
	497	kr = kr1;
	498	round = 16;
	499	while (round--) {
	500	/*
	501	* Expand R to 48 bits (simulate the E-box).
	502	*/
	503	r48l = ((r & 0x00000001) << 23)
	504	\| ((r & 0xf8000000) >> 9)
	505	\| ((r & 0x1f800000) >> 11)
	506	\| ((r & 0x01f80000) >> 13)
	507	\| ((r & 0x001f8000) >> 15);
	508
	509	r48r = ((r & 0x0001f800) << 7)
	510	\| ((r & 0x00001f80) << 5)
	511	\| ((r & 0x000001f8) << 3)
	512	\| ((r & 0x0000001f) << 1)
	513	\| ((r & 0x80000000) >> 31);
	514	/*
	515	* Do salting for crypt() and friends, and
	516	* XOR with the permuted key.
	517	*/
	518	f = (r48l ^ r48r) & saltbits;
	519	r48l ^= f ^ *kl++;
	520	r48r ^= f ^ *kr++;
	521	/*
	522	* Do sbox lookups (which shrink it back to 32 bits)
	523	* and do the pbox permutation at the same time.
	524	*/
	525	f = psbox[0][m_sbox[0][r48l >> 12]]
	526	\| psbox[1][m_sbox[1][r48l & 0xfff]]
	527	\| psbox[2][m_sbox[2][r48r >> 12]]
	528	\| psbox[3][m_sbox[3][r48r & 0xfff]];
	529	/*
	530	* Now that we've permuted things, complete f().
	531	*/
	532	f ^= l;
	533	l = r;
	534	r = f;
	535	}
	536	r = l;
	537	l = f;
	538	}
	539	/*
	540	* Do final permutation (inverse of IP).
	541	*/
	542	*l_out = fp_maskl[0][l >> 24]
	543	\| fp_maskl[1][(l >> 16) & 0xff]
	544	\| fp_maskl[2][(l >> 8) & 0xff]
	545	\| fp_maskl[3][l & 0xff]
	546	\| fp_maskl[4][r >> 24]
	547	\| fp_maskl[5][(r >> 16) & 0xff]
	548	\| fp_maskl[6][(r >> 8) & 0xff]
	549	\| fp_maskl[7][r & 0xff];
	550	*r_out = fp_maskr[0][l >> 24]
	551	\| fp_maskr[1][(l >> 16) & 0xff]
	552	\| fp_maskr[2][(l >> 8) & 0xff]
	553	\| fp_maskr[3][l & 0xff]
	554	\| fp_maskr[4][r >> 24]
	555	\| fp_maskr[5][(r >> 16) & 0xff]
	556	\| fp_maskr[6][(r >> 8) & 0xff]
	557	\| fp_maskr[7][r & 0xff];
	558	return(0);
	559	}
	560
	561	static int
	562	des_cipher(in, out, salt, count)
	563	const char *in;
	564	char *out;
	565	int32_t salt;
	566	int count;
	567	{
	568	u_int32_t l_out, r_out, rawl, rawr;
	569	u_int32_t x[2];
	570	int retval;
	571
	572	if (!des_initialised)
	573	des_init();
	574
	575	setup_salt(salt);
	576
	577	memcpy(x, in, sizeof x);
	578	rawl = ntohl(x[0]);
	579	rawr = ntohl(x[1]);
	580	retval = do_des(rawl, rawr, &l_out, &r_out, count);
	581
	582	x[0] = htonl(l_out);
	583	x[1] = htonl(r_out);
	584	memcpy(out, x, sizeof x);
	585	return(retval);
	586	}
	587
	588	char *
	589	crypt(key, setting)
	590	const char *key;
	591	const char *setting;
	592	{
	593	int i;
	594	u_int32_t count, salt, l, r0, r1, keybuf[2];
	595	u_char p, q;
	596	static u_char output[21];
	597	extern char md5crypt(const char , const char *);
	598	extern char bcrypt(const char , const char *);
	599
	600	if (setting[0] == '$') {
	601	switch (setting[1]) {
	602	case '1':
	603	return (md5crypt(key, setting));
	604	default:
	605	return bcrypt(key, setting);
	606	}
	607	}
	608
	609	if (!des_initialised)
	610	des_init();
	611
	612	/*
	613	* Copy the key, shifting each character up by one bit
	614	* and padding with zeros.
	615	*/
	616	q = (u_char *) keybuf;
	617	while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
	618	if ((q++ = key << 1))
	619	key++;
	620	}
	621	if (des_setkey((u_char *) keybuf))
	622	return(NULL);
	623
	624	if (*setting == _PASSWORD_EFMT1) {
	625	/*
	626	* "new"-style:
	627	* setting - underscore, 4 bytes of count, 4 bytes of salt
	628	* key - unlimited characters
	629	*/
	630	for (i = 1, count = 0; i < 5; i++)
	631	count \|= ascii_to_bin(setting[i]) << (i - 1) * 6;
	632
	633	for (i = 5, salt = 0; i < 9; i++)
	634	salt \|= ascii_to_bin(setting[i]) << (i - 5) * 6;
	635
	636	while (*key) {
	637	/*
	638	* Encrypt the key with itself.
	639	*/
	640	if (des_cipher((u_char)keybuf, (u_char)keybuf, 0, 1))
	641	return(NULL);
	642	/*
	643	* And XOR with the next 8 characters of the key.
	644	*/
	645	q = (u_char *) keybuf;
	646	while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
	647	*key)
	648	q++ ^= key++ << 1;
	649
	650	if (des_setkey((u_char *) keybuf))
	651	return(NULL);
	652	}
	653	strlcpy((char *)output, setting, 10);
	654
	655	/*
	656	* Double check that we weren't given a short setting.
	657	* If we were, the above code will probably have created
	658	* weird values for count and salt, but we don't really care.
	659	* Just make sure the output string doesn't have an extra
	660	* NUL in it.
	661	*/
	662	p = output + strlen((const char *)output);
	663	} else {
	664	/*
	665	* "old"-style:
	666	* setting - 2 bytes of salt
	667	* key - up to 8 characters
	668	*/
	669	count = 25;
	670
	671	salt = (ascii_to_bin(setting[1]) << 6)
	672	\| ascii_to_bin(setting[0]);
	673
	674	output[0] = setting[0];
	675	/*
	676	* If the encrypted password that the salt was extracted from
	677	* is only 1 character long, the salt will be corrupted. We
	678	* need to ensure that the output string doesn't have an extra
	679	* NUL in it!
	680	*/
	681	output[1] = setting[1] ? setting[1] : output[0];
	682
	683	p = output + 2;
	684	}
	685	setup_salt(salt);
	686	/*
	687	* Do it.
	688	*/
	689	if (do_des(0, 0, &r0, &r1, count))
	690	return(NULL);
	691	/*
	692	* Now encode the result...
	693	*/
	694	l = (r0 >> 8);
	695	*p++ = ascii64[(l >> 18) & 0x3f];
	696	*p++ = ascii64[(l >> 12) & 0x3f];
	697	*p++ = ascii64[(l >> 6) & 0x3f];
	698	*p++ = ascii64[l & 0x3f];
	699
	700	l = (r0 << 16) \| ((r1 >> 16) & 0xffff);
	701	*p++ = ascii64[(l >> 18) & 0x3f];
	702	*p++ = ascii64[(l >> 12) & 0x3f];
	703	*p++ = ascii64[(l >> 6) & 0x3f];
	704	*p++ = ascii64[l & 0x3f];
	705
	706	l = r1 << 2;
	707	*p++ = ascii64[(l >> 12) & 0x3f];
	708	*p++ = ascii64[(l >> 6) & 0x3f];
	709	*p++ = ascii64[l & 0x3f];
	710	*p = 0;
	711
	712	return((char *)output);
	713	}