1 files changed, 700 insertions, 0 deletions
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
new file mode 100644
index 0000000000..e0f5e8364a
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,700 @@
+/*      $OpenBSD: crypt.c,v 1.18 2003/08/12 01:22:17 deraadt Exp $      */
+/*
+ * FreeSec: libcrypt
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the author nor the names of other contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ *
+ * An excellent reference on the underlying algorithm (and related
+ * algorithms) is:
+ *
+ *      B. Schneier, Applied Cryptography: protocols, algorithms,
+ *      and source code in C, John Wiley & Sons, 1994.
+ *
+ * Note that in that book's description of DES the lookups for the initial,
+ * pbox, and final permutations are inverted (this has been brought to the
+ * attention of the author).  A list of errata for this book has been
+ * posted to the sci.crypt newsgroup by the author and is available for FTP.
+ */
+#if defined(LIBC_SCCS) && !defined(lint)
+static char rcsid[] = "$OpenBSD: crypt.c,v 1.18 2003/08/12 01:22:17 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <pwd.h>
+#include <unistd.h>
+#include <string.h>
+#ifdef DEBUG
+# include <stdio.h>
+#endif
+static const u_char     IP[64] = {
+        58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
+        62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
+        57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
+        61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
+};
+static u_char   inv_key_perm[64];
+static u_char   u_key_perm[56];
+static u_char   const key_perm[56] = {
+        57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+        10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+        63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+        14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+static const u_char     key_shifts[16] = {
+        1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+static u_char   inv_comp_perm[56];
+static const u_char     comp_perm[48] = {
+        14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+        23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+        41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+        44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+/*
+ *      No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+static u_char   u_sbox[8][64];
+static const u_char     sbox[8][64] = {
+        {
+                14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
+                 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
+                 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
+                15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
+        },
+        {
+                15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
+                 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
+                 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
+                13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
+        },
+        {
+                10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
+                13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
+                13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
+                 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
+        },
+        {
+                 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
+                13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
+                10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
+                 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
+        },
+        {
+                 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
+                14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
+                 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
+                11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
+        },
+        {
+                12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
+                10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
+                 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
+                 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
+        },
+        {
+                 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
+                13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
+                 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
+                 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
+        },
+        {
+                13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
+                 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
+                 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
+                 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
+        }
+};
+static u_char   un_pbox[32];
+static const u_char     pbox[32] = {
+        16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+         2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+const u_int32_t _des_bits32[32] =
+{
+        0x80000000, 0x40000000, 0x20000000, 0x10000000,
+        0x08000000, 0x04000000, 0x02000000, 0x01000000,
+        0x00800000, 0x00400000, 0x00200000, 0x00100000,
+        0x00080000, 0x00040000, 0x00020000, 0x00010000,
+        0x00008000, 0x00004000, 0x00002000, 0x00001000,
+        0x00000800, 0x00000400, 0x00000200, 0x00000100,
+        0x00000080, 0x00000040, 0x00000020, 0x00000010,
+        0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+const u_char    _des_bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+static u_int32_t saltbits;
+static int32_t  old_salt;
+static const u_int32_t *bits28, *bits24;
+static u_char   init_perm[64], final_perm[64];
+static u_int32_t en_keysl[16], en_keysr[16];
+static u_int32_t de_keysl[16], de_keysr[16];
+int     _des_initialised = 0;
+static u_char   m_sbox[4][4096];
+static u_int32_t psbox[4][256];
+static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
+static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
+static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
+static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
+static u_int32_t old_rawkey0, old_rawkey1;
+static u_char   ascii64[] =
+         "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+/*        0000000000111111111122222222223333333333444444444455555555556666 */
+/*        0123456789012345678901234567890123456789012345678901234567890123 */
+static __inline int
+ascii_to_bin(char ch)
+{
+        if (ch > 'z')
+                return(0);
+        if (ch >= 'a')
+                return(ch - 'a' + 38);
+        if (ch > 'Z')
+                return(0);
+        if (ch >= 'A')
+                return(ch - 'A' + 12);
+        if (ch > '9')
+                return(0);
+        if (ch >= '.')
+                return(ch - '.');
+        return(0);
+}
+void
+_des_init(void)
+{
+        int     i, j, b, k, inbit, obit;
+        u_int32_t       *p, *il, *ir, *fl, *fr;
+        old_rawkey0 = old_rawkey1 = 0;
+        saltbits = 0;
+        old_salt = 0;
+        bits24 = (bits28 = _des_bits32 + 4) + 4;
+        /*
+         * Invert the S-boxes, reordering the input bits.
+         */
+        for (i = 0; i < 8; i++)
+                for (j = 0; j < 64; j++) {
+                        b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+                        u_sbox[i][j] = sbox[i][b];
+                }
+        /*
+         * Convert the inverted S-boxes into 4 arrays of 8 bits.
+         * Each will handle 12 bits of the S-box input.
+         */
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 64; i++)
+                        for (j = 0; j < 64; j++)
+                                m_sbox[b][(i << 6) | j] =
+                                        (u_sbox[(b << 1)][i] << 4) |
+                                        u_sbox[(b << 1) + 1][j];
+        /*
+         * Set up the initial & final permutations into a useful form, and
+         * initialise the inverted key permutation.
+         */
+        for (i = 0; i < 64; i++) {
+                init_perm[final_perm[i] = IP[i] - 1] = i;
+                inv_key_perm[i] = 255;
+        }
+        /*
+         * Invert the key permutation and initialise the inverted key
+         * compression permutation.
+         */
+        for (i = 0; i < 56; i++) {
+                u_key_perm[i] = key_perm[i] - 1;
+                inv_key_perm[key_perm[i] - 1] = i;
+                inv_comp_perm[i] = 255;
+        }
+        /*
+         * Invert the key compression permutation.
+         */
+        for (i = 0; i < 48; i++) {
+                inv_comp_perm[comp_perm[i] - 1] = i;
+        }
+        /*
+         * Set up the OR-mask arrays for the initial and final permutations,
+         * and for the key initial and compression permutations.
+         */
+        for (k = 0; k < 8; k++) {
+                for (i = 0; i < 256; i++) {
+                        *(il = &ip_maskl[k][i]) = 0;
+                        *(ir = &ip_maskr[k][i]) = 0;
+                        *(fl = &fp_maskl[k][i]) = 0;
+                        *(fr = &fp_maskr[k][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                inbit = 8 * k + j;
+                                if (i & _des_bits8[j]) {
+                                        if ((obit = init_perm[inbit]) < 32)
+                                                *il |= _des_bits32[obit];
+                                        else
+                                                *ir |= _des_bits32[obit-32];
+                                        if ((obit = final_perm[inbit]) < 32)
+                                                *fl |= _des_bits32[obit];
+                                        else
+                                                *fr |= _des_bits32[obit - 32];
+                                }
+                        }
+                }
+                for (i = 0; i < 128; i++) {
+                        *(il = &key_perm_maskl[k][i]) = 0;
+                        *(ir = &key_perm_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 8 * k + j;
+                                if (i & _des_bits8[j + 1]) {
+                                        if ((obit = inv_key_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 28)
+                                                *il |= bits28[obit];
+                                        else
+                                                *ir |= bits28[obit - 28];
+                                }
+                        }
+                        *(il = &comp_maskl[k][i]) = 0;
+                        *(ir = &comp_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 7 * k + j;
+                                if (i & _des_bits8[j + 1]) {
+                                        if ((obit=inv_comp_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 24)
+                                                *il |= bits24[obit];
+                                        else
+                                                *ir |= bits24[obit - 24];
+                                }
+                        }
+                }
+        }
+        /*
+         * Invert the P-box permutation, and convert into OR-masks for
+         * handling the output of the S-box arrays setup above.
+         */
+        for (i = 0; i < 32; i++)
+                un_pbox[pbox[i] - 1] = i;
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 256; i++) {
+                        *(p = &psbox[b][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                if (i & _des_bits8[j])
+                                        *p |= _des_bits32[un_pbox[8 * b + j]];
+                        }
+                }
+        _des_initialised = 1;
+}
+void
+_des_setup_salt(int32_t salt)
+{
+        u_int32_t       obit, saltbit;
+        int     i;
+        if (salt == old_salt)
+                return;
+        old_salt = salt;
+        saltbits = 0;
+        saltbit = 1;
+        obit = 0x800000;
+        for (i = 0; i < 24; i++) {
+                if (salt & saltbit)
+                        saltbits |= obit;
+                saltbit <<= 1;
+                obit >>= 1;
+        }
+}
+int
+des_setkey(const char *key)
+{
+        u_int32_t k0, k1, rawkey0, rawkey1;
+        int     shifts, round;
+        if (!_des_initialised)
+                _des_init();
+        rawkey0 = ntohl(*(u_int32_t *) key);
+        rawkey1 = ntohl(*(u_int32_t *) (key + 4));
+        if ((rawkey0 | rawkey1)
+            && rawkey0 == old_rawkey0
+            && rawkey1 == old_rawkey1) {
+                /*
+                 * Already setup for this key.
+                 * This optimisation fails on a zero key (which is weak and
+                 * has bad parity anyway) in order to simplify the starting
+                 * conditions.
+                 */
+                return(0);
+        }
+        old_rawkey0 = rawkey0;
+        old_rawkey1 = rawkey1;
+        /*
+         *      Do key permutation and split into two 28-bit subkeys.
+         */
+        k0 = key_perm_maskl[0][rawkey0 >> 25]
+           | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskl[4][rawkey1 >> 25]
+           | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
+        k1 = key_perm_maskr[0][rawkey0 >> 25]
+           | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskr[4][rawkey1 >> 25]
+           | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
+        /*
+         *      Rotate subkeys and do compression permutation.
+         */
+        shifts = 0;
+        for (round = 0; round < 16; round++) {
+                u_int32_t       t0, t1;
+                shifts += key_shifts[round];
+                t0 = (k0 << shifts) | (k0 >> (28 - shifts));
+                t1 = (k1 << shifts) | (k1 >> (28 - shifts));
+                de_keysl[15 - round] =
+                en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
+                                | comp_maskl[1][(t0 >> 14) & 0x7f]
+                                | comp_maskl[2][(t0 >> 7) & 0x7f]
+                                | comp_maskl[3][t0 & 0x7f]
+                                | comp_maskl[4][(t1 >> 21) & 0x7f]
+                                | comp_maskl[5][(t1 >> 14) & 0x7f]
+                                | comp_maskl[6][(t1 >> 7) & 0x7f]
+                                | comp_maskl[7][t1 & 0x7f];
+                de_keysr[15 - round] =
+                en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
+                                | comp_maskr[1][(t0 >> 14) & 0x7f]
+                                | comp_maskr[2][(t0 >> 7) & 0x7f]
+                                | comp_maskr[3][t0 & 0x7f]
+                                | comp_maskr[4][(t1 >> 21) & 0x7f]
+                                | comp_maskr[5][(t1 >> 14) & 0x7f]
+                                | comp_maskr[6][(t1 >> 7) & 0x7f]
+                                | comp_maskr[7][t1 & 0x7f];
+        }
+        return(0);
+}
+int
+_des_do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out,
+    int count)
+{
+        /*
+         *      l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
+         */
+        u_int32_t       l, r, *kl, *kr, *kl1, *kr1;
+        u_int32_t       f, r48l, r48r;
+        int             round;
+        if (count == 0) {
+                return(1);
+        } else if (count > 0) {
+                /*
+                 * Encrypting
+                 */
+                kl1 = en_keysl;
+                kr1 = en_keysr;
+        } else {
+                /*
+                 * Decrypting
+                 */
+                count = -count;
+                kl1 = de_keysl;
+                kr1 = de_keysr;
+        }
+        /*
+         *      Do initial permutation (IP).
+         */
+        l = ip_maskl[0][l_in >> 24]
+          | ip_maskl[1][(l_in >> 16) & 0xff]
+          | ip_maskl[2][(l_in >> 8) & 0xff]
+          | ip_maskl[3][l_in & 0xff]
+          | ip_maskl[4][r_in >> 24]
+          | ip_maskl[5][(r_in >> 16) & 0xff]
+          | ip_maskl[6][(r_in >> 8) & 0xff]
+          | ip_maskl[7][r_in & 0xff];
+        r = ip_maskr[0][l_in >> 24]
+          | ip_maskr[1][(l_in >> 16) & 0xff]
+          | ip_maskr[2][(l_in >> 8) & 0xff]
+          | ip_maskr[3][l_in & 0xff]
+          | ip_maskr[4][r_in >> 24]
+          | ip_maskr[5][(r_in >> 16) & 0xff]
+          | ip_maskr[6][(r_in >> 8) & 0xff]
+          | ip_maskr[7][r_in & 0xff];
+        while (count--) {
+                /*
+                 * Do each round.
+                 */
+                kl = kl1;
+                kr = kr1;
+                round = 16;
+                while (round--) {
+                        /*
+                         * Expand R to 48 bits (simulate the E-box).
+                         */
+                        r48l    = ((r & 0x00000001) << 23)
+                                | ((r & 0xf8000000) >> 9)
+                                | ((r & 0x1f800000) >> 11)
+                                | ((r & 0x01f80000) >> 13)
+                                | ((r & 0x001f8000) >> 15);
+                        r48r    = ((r & 0x0001f800) << 7)
+                                | ((r & 0x00001f80) << 5)
+                                | ((r & 0x000001f8) << 3)
+                                | ((r & 0x0000001f) << 1)
+                                | ((r & 0x80000000) >> 31);
+                        /*
+                         * Do salting for crypt() and friends, and
+                         * XOR with the permuted key.
+                         */
+                        f = (r48l ^ r48r) & saltbits;
+                        r48l ^= f ^ *kl++;
+                        r48r ^= f ^ *kr++;
+                        /*
+                         * Do sbox lookups (which shrink it back to 32 bits)
+                         * and do the pbox permutation at the same time.
+                         */
+                        f = psbox[0][m_sbox[0][r48l >> 12]]
+                          | psbox[1][m_sbox[1][r48l & 0xfff]]
+                          | psbox[2][m_sbox[2][r48r >> 12]]
+                          | psbox[3][m_sbox[3][r48r & 0xfff]];
+                        /*
+                         * Now that we've permuted things, complete f().
+                         */
+                        f ^= l;
+                        l = r;
+                        r = f;
+                }
+                r = l;
+                l = f;
+        }
+        /*
+         * Do final permutation (inverse of IP).
+         */
+        *l_out  = fp_maskl[0][l >> 24]
+                | fp_maskl[1][(l >> 16) & 0xff]
+                | fp_maskl[2][(l >> 8) & 0xff]
+                | fp_maskl[3][l & 0xff]
+                | fp_maskl[4][r >> 24]
+                | fp_maskl[5][(r >> 16) & 0xff]
+                | fp_maskl[6][(r >> 8) & 0xff]
+                | fp_maskl[7][r & 0xff];
+        *r_out  = fp_maskr[0][l >> 24]
+                | fp_maskr[1][(l >> 16) & 0xff]
+                | fp_maskr[2][(l >> 8) & 0xff]
+                | fp_maskr[3][l & 0xff]
+                | fp_maskr[4][r >> 24]
+                | fp_maskr[5][(r >> 16) & 0xff]
+                | fp_maskr[6][(r >> 8) & 0xff]
+                | fp_maskr[7][r & 0xff];
+        return(0);
+}
+int
+des_cipher(const char *in, char *out, int32_t salt, int count)
+{
+        u_int32_t l_out, r_out, rawl, rawr;
+        u_int32_t x[2];
+        int     retval;
+        if (!_des_initialised)
+                _des_init();
+        _des_setup_salt(salt);
+        memcpy(x, in, sizeof x);
+        rawl = ntohl(x[0]);
+        rawr = ntohl(x[1]);
+        retval = _des_do_des(rawl, rawr, &l_out, &r_out, count);
+        x[0] = htonl(l_out);
+        x[1] = htonl(r_out);
+        memcpy(out, x, sizeof x);
+        return(retval);
+}
+char *
+crypt(const char *key, const char *setting)
+{
+        int             i;
+        u_int32_t       count, salt, l, r0, r1, keybuf[2];
+        u_char          *p, *q;
+        static u_char   output[21];
+        extern char     *md5crypt(const char *, const char *);
+        extern char     *bcrypt(const char *, const char *);
+        if (setting[0] == '$') {
+                switch (setting[1]) {
+                case '1':
+                        return (md5crypt(key, setting));
+                default:
+                        return bcrypt(key, setting);
+                }
+        }
+        if (!_des_initialised)
+                _des_init();
+        /*
+         * Copy the key, shifting each character up by one bit
+         * and padding with zeros.
+         */
+        q = (u_char *) keybuf;
+        while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
+                if ((*q++ = *key << 1))
+                        key++;
+        }
+        if (des_setkey((u_char *) keybuf))
+                return(NULL);
+        if (*setting == _PASSWORD_EFMT1) {
+                /*
+                 * "new"-style:
+                 *      setting - underscore, 4 bytes of count, 4 bytes of salt
+                 *      key - unlimited characters
+                 */
+                for (i = 1, count = 0; i < 5; i++)
+                        count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
+                for (i = 5, salt = 0; i < 9; i++)
+                        salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
+                while (*key) {
+                        /*
+                         * Encrypt the key with itself.
+                         */
+                        if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0, 1))
+                                return(NULL);
+                        /*
+                         * And XOR with the next 8 characters of the key.
+                         */
+                        q = (u_char *) keybuf;
+                        while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
+                                        *key)
+                                *q++ ^= *key++ << 1;
+                        if (des_setkey((u_char *) keybuf))
+                                return(NULL);
+                }
+                strlcpy((char *)output, setting, 10);
+                /*
+                 * Double check that we weren't given a short setting.
+                 * If we were, the above code will probably have created
+                 * weird values for count and salt, but we don't really care.
+                 * Just make sure the output string doesn't have an extra
+                 * NUL in it.
+                 */
+                p = output + strlen((const char *)output);
+        } else {
+                /*
+                 * "old"-style:
+                 *      setting - 2 bytes of salt
+                 *      key - up to 8 characters
+                 */
+                count = 25;
+                salt = (ascii_to_bin(setting[1]) << 6)
+                     |  ascii_to_bin(setting[0]);
+                output[0] = setting[0];
+                /*
+                 * If the encrypted password that the salt was extracted from
+                 * is only 1 character long, the salt will be corrupted.  We
+                 * need to ensure that the output string doesn't have an extra
+                 * NUL in it!
+                 */
+                output[1] = setting[1] ? setting[1] : output[0];
+                p = output + 2;
+        }
+        _des_setup_salt(salt);
+        /*
+         * Do it.
+         */
+        if (_des_do_des(0, 0, &r0, &r1, count))
+                return(NULL);
+        /*
+         * Now encode the result...
+         */
+        l = (r0 >> 8);
+        *p++ = ascii64[(l >> 18) & 0x3f];
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        l = (r0 << 16) | ((r1 >> 16) & 0xffff);
+        *p++ = ascii64[(l >> 18) & 0x3f];
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        l = r1 << 2;
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        *p = 0;
+        return((char *)output);
+}

diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c new file mode 100644 index 0000000000..e0f5e8364a --- /dev/null +++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,700 @@
	1	/* $OpenBSD: crypt.c,v 1.18 2003/08/12 01:22:17 deraadt Exp $ */
	2
	3	/*
	4	* FreeSec: libcrypt
	5	*
	6	* Copyright (c) 1994 David Burren
	7	* All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	* 2. Redistributions in binary form must reproduce the above copyright
	15	* notice, this list of conditions and the following disclaimer in the
	16	* documentation and/or other materials provided with the distribution.
	17	* 4. Neither the name of the author nor the names of other contributors
	18	* may be used to endorse or promote products derived from this software
	19	* without specific prior written permission.
	20	*
	21	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
	22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	24	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	31	* SUCH DAMAGE.
	32	*
	33	*
	34	* This is an original implementation of the DES and the crypt(3) interfaces
	35	* by David Burren <davidb@werj.com.au>.
	36	*
	37	* An excellent reference on the underlying algorithm (and related
	38	* algorithms) is:
	39	*
	40	* B. Schneier, Applied Cryptography: protocols, algorithms,
	41	* and source code in C, John Wiley & Sons, 1994.
	42	*
	43	* Note that in that book's description of DES the lookups for the initial,
	44	* pbox, and final permutations are inverted (this has been brought to the
	45	* attention of the author). A list of errata for this book has been
	46	* posted to the sci.crypt newsgroup by the author and is available for FTP.
	47	*/
	48
	49	#if defined(LIBC_SCCS) && !defined(lint)
	50	static char rcsid[] = "$OpenBSD: crypt.c,v 1.18 2003/08/12 01:22:17 deraadt Exp $";
	51	#endif /* LIBC_SCCS and not lint */
	52
	53	#include <sys/types.h>
	54	#include <sys/param.h>
	55	#include <pwd.h>
	56	#include <unistd.h>
	57	#include <string.h>
	58
	59	#ifdef DEBUG
	60	# include <stdio.h>
	61	#endif
	62
	63	static const u_char IP[64] = {
	64	58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
	65	62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
	66	57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
	67	61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
	68	};
	69
	70	static u_char inv_key_perm[64];
	71	static u_char u_key_perm[56];
	72	static u_char const key_perm[56] = {
	73	57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
	74	10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
	75	63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
	76	14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
	77	};
	78
	79	static const u_char key_shifts[16] = {
	80	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
	81	};
	82
	83	static u_char inv_comp_perm[56];
	84	static const u_char comp_perm[48] = {
	85	14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
	86	23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
	87	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
	88	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
	89	};
	90
	91	/*
	92	* No E box is used, as it's replaced by some ANDs, shifts, and ORs.
	93	*/
	94
	95	static u_char u_sbox[8][64];
	96	static const u_char sbox[8][64] = {
	97	{
	98	14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
	99	0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
	100	4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
	101	15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
	102	},
	103	{
	104	15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
	105	3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
	106	0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
	107	13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
	108	},
	109	{
	110	10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
	111	13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
	112	13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
	113	1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
	114	},
	115	{
	116	7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
	117	13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
	118	10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
	119	3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
	120	},
	121	{
	122	2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
	123	14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
	124	4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
	125	11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
	126	},
	127	{
	128	12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
	129	10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
	130	9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
	131	4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
	132	},
	133	{
	134	4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
	135	13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
	136	1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
	137	6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
	138	},
	139	{
	140	13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
	141	1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
	142	7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
	143	2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
	144	}
	145	};
	146
	147	static u_char un_pbox[32];
	148	static const u_char pbox[32] = {
	149	16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
	150	2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
	151	};
	152
	153	const u_int32_t _des_bits32[32] =
	154	{
	155	0x80000000, 0x40000000, 0x20000000, 0x10000000,
	156	0x08000000, 0x04000000, 0x02000000, 0x01000000,
	157	0x00800000, 0x00400000, 0x00200000, 0x00100000,
	158	0x00080000, 0x00040000, 0x00020000, 0x00010000,
	159	0x00008000, 0x00004000, 0x00002000, 0x00001000,
	160	0x00000800, 0x00000400, 0x00000200, 0x00000100,
	161	0x00000080, 0x00000040, 0x00000020, 0x00000010,
	162	0x00000008, 0x00000004, 0x00000002, 0x00000001
	163	};
	164
	165	const u_char _des_bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
	166
	167	static u_int32_t saltbits;
	168	static int32_t old_salt;
	169	static const u_int32_t bits28, bits24;
	170	static u_char init_perm[64], final_perm[64];
	171	static u_int32_t en_keysl[16], en_keysr[16];
	172	static u_int32_t de_keysl[16], de_keysr[16];
	173	int _des_initialised = 0;
	174	static u_char m_sbox[4][4096];
	175	static u_int32_t psbox[4][256];
	176	static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
	177	static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
	178	static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
	179	static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
	180	static u_int32_t old_rawkey0, old_rawkey1;
	181
	182	static u_char ascii64[] =
	183	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
	184	/* 0000000000111111111122222222223333333333444444444455555555556666 */
	185	/* 0123456789012345678901234567890123456789012345678901234567890123 */
	186
	187	static __inline int
	188	ascii_to_bin(char ch)
	189	{
	190	if (ch > 'z')
	191	return(0);
	192	if (ch >= 'a')
	193	return(ch - 'a' + 38);
	194	if (ch > 'Z')
	195	return(0);
	196	if (ch >= 'A')
	197	return(ch - 'A' + 12);
	198	if (ch > '9')
	199	return(0);
	200	if (ch >= '.')
	201	return(ch - '.');
	202	return(0);
	203	}
	204
	205	void
	206	_des_init(void)
	207	{
	208	int i, j, b, k, inbit, obit;
	209	u_int32_t p, il, ir, fl, *fr;
	210
	211	old_rawkey0 = old_rawkey1 = 0;
	212	saltbits = 0;
	213	old_salt = 0;
	214	bits24 = (bits28 = _des_bits32 + 4) + 4;
	215
	216	/*
	217	* Invert the S-boxes, reordering the input bits.
	218	*/
	219	for (i = 0; i < 8; i++)
	220	for (j = 0; j < 64; j++) {
	221	b = (j & 0x20) \| ((j & 1) << 4) \| ((j >> 1) & 0xf);
	222	u_sbox[i][j] = sbox[i][b];
	223	}
	224
	225	/*
	226	* Convert the inverted S-boxes into 4 arrays of 8 bits.
	227	* Each will handle 12 bits of the S-box input.
	228	*/
	229	for (b = 0; b < 4; b++)
	230	for (i = 0; i < 64; i++)
	231	for (j = 0; j < 64; j++)
	232	m_sbox[b][(i << 6) \| j] =
	233	(u_sbox[(b << 1)][i] << 4) \|
	234	u_sbox[(b << 1) + 1][j];
	235
	236	/*
	237	* Set up the initial & final permutations into a useful form, and
	238	* initialise the inverted key permutation.
	239	*/
	240	for (i = 0; i < 64; i++) {
	241	init_perm[final_perm[i] = IP[i] - 1] = i;
	242	inv_key_perm[i] = 255;
	243	}
	244
	245	/*
	246	* Invert the key permutation and initialise the inverted key
	247	* compression permutation.
	248	*/
	249	for (i = 0; i < 56; i++) {
	250	u_key_perm[i] = key_perm[i] - 1;
	251	inv_key_perm[key_perm[i] - 1] = i;
	252	inv_comp_perm[i] = 255;
	253	}
	254
	255	/*
	256	* Invert the key compression permutation.
	257	*/
	258	for (i = 0; i < 48; i++) {
	259	inv_comp_perm[comp_perm[i] - 1] = i;
	260	}
	261
	262	/*
	263	* Set up the OR-mask arrays for the initial and final permutations,
	264	* and for the key initial and compression permutations.
	265	*/
	266	for (k = 0; k < 8; k++) {
	267	for (i = 0; i < 256; i++) {
	268	*(il = &ip_maskl[k][i]) = 0;
	269	*(ir = &ip_maskr[k][i]) = 0;
	270	*(fl = &fp_maskl[k][i]) = 0;
	271	*(fr = &fp_maskr[k][i]) = 0;
	272	for (j = 0; j < 8; j++) {
	273	inbit = 8 * k + j;
	274	if (i & _des_bits8[j]) {
	275	if ((obit = init_perm[inbit]) < 32)
	276	*il \|= _des_bits32[obit];
	277	else
	278	*ir \|= _des_bits32[obit-32];
	279	if ((obit = final_perm[inbit]) < 32)
	280	*fl \|= _des_bits32[obit];
	281	else
	282	*fr \|= _des_bits32[obit - 32];
	283	}
	284	}
	285	}
	286	for (i = 0; i < 128; i++) {
	287	*(il = &key_perm_maskl[k][i]) = 0;
	288	*(ir = &key_perm_maskr[k][i]) = 0;
	289	for (j = 0; j < 7; j++) {
	290	inbit = 8 * k + j;
	291	if (i & _des_bits8[j + 1]) {
	292	if ((obit = inv_key_perm[inbit]) == 255)
	293	continue;
	294	if (obit < 28)
	295	*il \|= bits28[obit];
	296	else
	297	*ir \|= bits28[obit - 28];
	298	}
	299	}
	300	*(il = &comp_maskl[k][i]) = 0;
	301	*(ir = &comp_maskr[k][i]) = 0;
	302	for (j = 0; j < 7; j++) {
	303	inbit = 7 * k + j;
	304	if (i & _des_bits8[j + 1]) {
	305	if ((obit=inv_comp_perm[inbit]) == 255)
	306	continue;
	307	if (obit < 24)
	308	*il \|= bits24[obit];
	309	else
	310	*ir \|= bits24[obit - 24];
	311	}
	312	}
	313	}
	314	}
	315
	316	/*
	317	* Invert the P-box permutation, and convert into OR-masks for
	318	* handling the output of the S-box arrays setup above.
	319	*/
	320	for (i = 0; i < 32; i++)
	321	un_pbox[pbox[i] - 1] = i;
	322
	323	for (b = 0; b < 4; b++)
	324	for (i = 0; i < 256; i++) {
	325	*(p = &psbox[b][i]) = 0;
	326	for (j = 0; j < 8; j++) {
	327	if (i & _des_bits8[j])
	328	p \|= _des_bits32[un_pbox[8 b + j]];
	329	}
	330	}
	331
	332	_des_initialised = 1;
	333	}
	334
	335	void
	336	_des_setup_salt(int32_t salt)
	337	{
	338	u_int32_t obit, saltbit;
	339	int i;
	340
	341	if (salt == old_salt)
	342	return;
	343	old_salt = salt;
	344
	345	saltbits = 0;
	346	saltbit = 1;
	347	obit = 0x800000;
	348	for (i = 0; i < 24; i++) {
	349	if (salt & saltbit)
	350	saltbits \|= obit;
	351	saltbit <<= 1;
	352	obit >>= 1;
	353	}
	354	}
	355
	356	int
	357	des_setkey(const char *key)
	358	{
	359	u_int32_t k0, k1, rawkey0, rawkey1;
	360	int shifts, round;
	361
	362	if (!_des_initialised)
	363	_des_init();
	364
	365	rawkey0 = ntohl((u_int32_t ) key);
	366	rawkey1 = ntohl((u_int32_t ) (key + 4));
	367
	368	if ((rawkey0 \| rawkey1)
	369	&& rawkey0 == old_rawkey0
	370	&& rawkey1 == old_rawkey1) {
	371	/*
	372	* Already setup for this key.
	373	* This optimisation fails on a zero key (which is weak and
	374	* has bad parity anyway) in order to simplify the starting
	375	* conditions.
	376	*/
	377	return(0);
	378	}
	379	old_rawkey0 = rawkey0;
	380	old_rawkey1 = rawkey1;
	381
	382	/*
	383	* Do key permutation and split into two 28-bit subkeys.
	384	*/
	385	k0 = key_perm_maskl[0][rawkey0 >> 25]
	386	\| key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
	387	\| key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
	388	\| key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
	389	\| key_perm_maskl[4][rawkey1 >> 25]
	390	\| key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
	391	\| key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
	392	\| key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
	393	k1 = key_perm_maskr[0][rawkey0 >> 25]
	394	\| key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
	395	\| key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
	396	\| key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
	397	\| key_perm_maskr[4][rawkey1 >> 25]
	398	\| key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
	399	\| key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
	400	\| key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
	401	/*
	402	* Rotate subkeys and do compression permutation.
	403	*/
	404	shifts = 0;
	405	for (round = 0; round < 16; round++) {
	406	u_int32_t t0, t1;
	407
	408	shifts += key_shifts[round];
	409
	410	t0 = (k0 << shifts) \| (k0 >> (28 - shifts));
	411	t1 = (k1 << shifts) \| (k1 >> (28 - shifts));
	412
	413	de_keysl[15 - round] =
	414	en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
	415	\| comp_maskl[1][(t0 >> 14) & 0x7f]
	416	\| comp_maskl[2][(t0 >> 7) & 0x7f]
	417	\| comp_maskl[3][t0 & 0x7f]
	418	\| comp_maskl[4][(t1 >> 21) & 0x7f]
	419	\| comp_maskl[5][(t1 >> 14) & 0x7f]
	420	\| comp_maskl[6][(t1 >> 7) & 0x7f]
	421	\| comp_maskl[7][t1 & 0x7f];
	422
	423	de_keysr[15 - round] =
	424	en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
	425	\| comp_maskr[1][(t0 >> 14) & 0x7f]
	426	\| comp_maskr[2][(t0 >> 7) & 0x7f]
	427	\| comp_maskr[3][t0 & 0x7f]
	428	\| comp_maskr[4][(t1 >> 21) & 0x7f]
	429	\| comp_maskr[5][(t1 >> 14) & 0x7f]
	430	\| comp_maskr[6][(t1 >> 7) & 0x7f]
	431	\| comp_maskr[7][t1 & 0x7f];
	432	}
	433	return(0);
	434	}
	435
	436	int
	437	_des_do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t l_out, u_int32_t r_out,
	438	int count)
	439	{
	440	/*
	441	* l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
	442	*/
	443	u_int32_t l, r, kl, kr, kl1, kr1;
	444	u_int32_t f, r48l, r48r;
	445	int round;
	446
	447	if (count == 0) {
	448	return(1);
	449	} else if (count > 0) {
	450	/*
	451	* Encrypting
	452	*/
	453	kl1 = en_keysl;
	454	kr1 = en_keysr;
	455	} else {
	456	/*
	457	* Decrypting
	458	*/
	459	count = -count;
	460	kl1 = de_keysl;
	461	kr1 = de_keysr;
	462	}
	463
	464	/*
	465	* Do initial permutation (IP).
	466	*/
	467	l = ip_maskl[0][l_in >> 24]
	468	\| ip_maskl[1][(l_in >> 16) & 0xff]
	469	\| ip_maskl[2][(l_in >> 8) & 0xff]
	470	\| ip_maskl[3][l_in & 0xff]
	471	\| ip_maskl[4][r_in >> 24]
	472	\| ip_maskl[5][(r_in >> 16) & 0xff]
	473	\| ip_maskl[6][(r_in >> 8) & 0xff]
	474	\| ip_maskl[7][r_in & 0xff];
	475	r = ip_maskr[0][l_in >> 24]
	476	\| ip_maskr[1][(l_in >> 16) & 0xff]
	477	\| ip_maskr[2][(l_in >> 8) & 0xff]
	478	\| ip_maskr[3][l_in & 0xff]
	479	\| ip_maskr[4][r_in >> 24]
	480	\| ip_maskr[5][(r_in >> 16) & 0xff]
	481	\| ip_maskr[6][(r_in >> 8) & 0xff]
	482	\| ip_maskr[7][r_in & 0xff];
	483
	484	while (count--) {
	485	/*
	486	* Do each round.
	487	*/
	488	kl = kl1;
	489	kr = kr1;
	490	round = 16;
	491	while (round--) {
	492	/*
	493	* Expand R to 48 bits (simulate the E-box).
	494	*/
	495	r48l = ((r & 0x00000001) << 23)
	496	\| ((r & 0xf8000000) >> 9)
	497	\| ((r & 0x1f800000) >> 11)
	498	\| ((r & 0x01f80000) >> 13)
	499	\| ((r & 0x001f8000) >> 15);
	500
	501	r48r = ((r & 0x0001f800) << 7)
	502	\| ((r & 0x00001f80) << 5)
	503	\| ((r & 0x000001f8) << 3)
	504	\| ((r & 0x0000001f) << 1)
	505	\| ((r & 0x80000000) >> 31);
	506	/*
	507	* Do salting for crypt() and friends, and
	508	* XOR with the permuted key.
	509	*/
	510	f = (r48l ^ r48r) & saltbits;
	511	r48l ^= f ^ *kl++;
	512	r48r ^= f ^ *kr++;
	513	/*
	514	* Do sbox lookups (which shrink it back to 32 bits)
	515	* and do the pbox permutation at the same time.
	516	*/
	517	f = psbox[0][m_sbox[0][r48l >> 12]]
	518	\| psbox[1][m_sbox[1][r48l & 0xfff]]
	519	\| psbox[2][m_sbox[2][r48r >> 12]]
	520	\| psbox[3][m_sbox[3][r48r & 0xfff]];
	521	/*
	522	* Now that we've permuted things, complete f().
	523	*/
	524	f ^= l;
	525	l = r;
	526	r = f;
	527	}
	528	r = l;
	529	l = f;
	530	}
	531	/*
	532	* Do final permutation (inverse of IP).
	533	*/
	534	*l_out = fp_maskl[0][l >> 24]
	535	\| fp_maskl[1][(l >> 16) & 0xff]
	536	\| fp_maskl[2][(l >> 8) & 0xff]
	537	\| fp_maskl[3][l & 0xff]
	538	\| fp_maskl[4][r >> 24]
	539	\| fp_maskl[5][(r >> 16) & 0xff]
	540	\| fp_maskl[6][(r >> 8) & 0xff]
	541	\| fp_maskl[7][r & 0xff];
	542	*r_out = fp_maskr[0][l >> 24]
	543	\| fp_maskr[1][(l >> 16) & 0xff]
	544	\| fp_maskr[2][(l >> 8) & 0xff]
	545	\| fp_maskr[3][l & 0xff]
	546	\| fp_maskr[4][r >> 24]
	547	\| fp_maskr[5][(r >> 16) & 0xff]
	548	\| fp_maskr[6][(r >> 8) & 0xff]
	549	\| fp_maskr[7][r & 0xff];
	550	return(0);
	551	}
	552
	553	int
	554	des_cipher(const char in, char out, int32_t salt, int count)
	555	{
	556	u_int32_t l_out, r_out, rawl, rawr;
	557	u_int32_t x[2];
	558	int retval;
	559
	560	if (!_des_initialised)
	561	_des_init();
	562
	563	_des_setup_salt(salt);
	564
	565	memcpy(x, in, sizeof x);
	566	rawl = ntohl(x[0]);
	567	rawr = ntohl(x[1]);
	568	retval = _des_do_des(rawl, rawr, &l_out, &r_out, count);
	569
	570	x[0] = htonl(l_out);
	571	x[1] = htonl(r_out);
	572	memcpy(out, x, sizeof x);
	573	return(retval);
	574	}
	575
	576	char *
	577	crypt(const char key, const char setting)
	578	{
	579	int i;
	580	u_int32_t count, salt, l, r0, r1, keybuf[2];
	581	u_char p, q;
	582	static u_char output[21];
	583	extern char md5crypt(const char , const char *);
	584	extern char bcrypt(const char , const char *);
	585
	586	if (setting[0] == '$') {
	587	switch (setting[1]) {
	588	case '1':
	589	return (md5crypt(key, setting));
	590	default:
	591	return bcrypt(key, setting);
	592	}
	593	}
	594
	595	if (!_des_initialised)
	596	_des_init();
	597
	598	/*
	599	* Copy the key, shifting each character up by one bit
	600	* and padding with zeros.
	601	*/
	602	q = (u_char *) keybuf;
	603	while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
	604	if ((q++ = key << 1))
	605	key++;
	606	}
	607	if (des_setkey((u_char *) keybuf))
	608	return(NULL);
	609
	610	if (*setting == _PASSWORD_EFMT1) {
	611	/*
	612	* "new"-style:
	613	* setting - underscore, 4 bytes of count, 4 bytes of salt
	614	* key - unlimited characters
	615	*/
	616	for (i = 1, count = 0; i < 5; i++)
	617	count \|= ascii_to_bin(setting[i]) << (i - 1) * 6;
	618
	619	for (i = 5, salt = 0; i < 9; i++)
	620	salt \|= ascii_to_bin(setting[i]) << (i - 5) * 6;
	621
	622	while (*key) {
	623	/*
	624	* Encrypt the key with itself.
	625	*/
	626	if (des_cipher((u_char)keybuf, (u_char)keybuf, 0, 1))
	627	return(NULL);
	628	/*
	629	* And XOR with the next 8 characters of the key.
	630	*/
	631	q = (u_char *) keybuf;
	632	while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
	633	*key)
	634	q++ ^= key++ << 1;
	635
	636	if (des_setkey((u_char *) keybuf))
	637	return(NULL);
	638	}
	639	strlcpy((char *)output, setting, 10);
	640
	641	/*
	642	* Double check that we weren't given a short setting.
	643	* If we were, the above code will probably have created
	644	* weird values for count and salt, but we don't really care.
	645	* Just make sure the output string doesn't have an extra
	646	* NUL in it.
	647	*/
	648	p = output + strlen((const char *)output);
	649	} else {
	650	/*
	651	* "old"-style:
	652	* setting - 2 bytes of salt
	653	* key - up to 8 characters
	654	*/
	655	count = 25;
	656
	657	salt = (ascii_to_bin(setting[1]) << 6)
	658	\| ascii_to_bin(setting[0]);
	659
	660	output[0] = setting[0];
	661	/*
	662	* If the encrypted password that the salt was extracted from
	663	* is only 1 character long, the salt will be corrupted. We
	664	* need to ensure that the output string doesn't have an extra
	665	* NUL in it!
	666	*/
	667	output[1] = setting[1] ? setting[1] : output[0];
	668
	669	p = output + 2;
	670	}
	671	_des_setup_salt(salt);
	672
	673	/*
	674	* Do it.
	675	*/
	676	if (_des_do_des(0, 0, &r0, &r1, count))
	677	return(NULL);
	678	/*
	679	* Now encode the result...
	680	*/
	681	l = (r0 >> 8);
	682	*p++ = ascii64[(l >> 18) & 0x3f];
	683	*p++ = ascii64[(l >> 12) & 0x3f];
	684	*p++ = ascii64[(l >> 6) & 0x3f];
	685	*p++ = ascii64[l & 0x3f];
	686
	687	l = (r0 << 16) \| ((r1 >> 16) & 0xffff);
	688	*p++ = ascii64[(l >> 18) & 0x3f];
	689	*p++ = ascii64[(l >> 12) & 0x3f];
	690	*p++ = ascii64[(l >> 6) & 0x3f];
	691	*p++ = ascii64[l & 0x3f];
	692
	693	l = r1 << 2;
	694	*p++ = ascii64[(l >> 12) & 0x3f];
	695	*p++ = ascii64[(l >> 6) & 0x3f];
	696	*p++ = ascii64[l & 0x3f];
	697	*p = 0;
	698
	699	return((char *)output);
	700	}