1 files changed, 696 insertions, 0 deletions
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
new file mode 100644
index 0000000000..15a784532d
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,696 @@
+/*      $OpenBSD: crypt.c,v 1.20 2005/08/08 08:05:33 espie Exp $        */
+/*
+ * FreeSec: libcrypt
+ *
+ * Copyright (c) 1994 David Burren
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 4. Neither the name of the author nor the names of other contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *
+ * This is an original implementation of the DES and the crypt(3) interfaces
+ * by David Burren <davidb@werj.com.au>.
+ *
+ * An excellent reference on the underlying algorithm (and related
+ * algorithms) is:
+ *
+ *      B. Schneier, Applied Cryptography: protocols, algorithms,
+ *      and source code in C, John Wiley & Sons, 1994.
+ *
+ * Note that in that book's description of DES the lookups for the initial,
+ * pbox, and final permutations are inverted (this has been brought to the
+ * attention of the author).  A list of errata for this book has been
+ * posted to the sci.crypt newsgroup by the author and is available for FTP.
+ */
+#include <sys/types.h>
+#include <sys/param.h>
+#include <pwd.h>
+#include <unistd.h>
+#include <string.h>
+#ifdef DEBUG
+# include <stdio.h>
+#endif
+static const u_char     IP[64] = {
+        58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
+        62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
+        57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
+        61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
+};
+static u_char   inv_key_perm[64];
+static u_char   u_key_perm[56];
+static u_char   const key_perm[56] = {
+        57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
+        10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
+        63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
+        14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
+};
+static const u_char     key_shifts[16] = {
+        1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
+};
+static u_char   inv_comp_perm[56];
+static const u_char     comp_perm[48] = {
+        14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
+        23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
+        41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
+        44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
+};
+/*
+ *      No E box is used, as it's replaced by some ANDs, shifts, and ORs.
+ */
+static u_char   u_sbox[8][64];
+static const u_char     sbox[8][64] = {
+        {
+                14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
+                 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
+                 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
+                15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
+        },
+        {
+                15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
+                 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
+                 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
+                13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
+        },
+        {
+                10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
+                13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
+                13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
+                 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
+        },
+        {
+                 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
+                13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
+                10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
+                 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
+        },
+        {
+                 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
+                14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
+                 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
+                11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
+        },
+        {
+                12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
+                10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
+                 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
+                 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
+        },
+        {
+                 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
+                13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
+                 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
+                 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
+        },
+        {
+                13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
+                 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
+                 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
+                 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
+        }
+};
+static u_char   un_pbox[32];
+static const u_char     pbox[32] = {
+        16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
+         2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
+};
+const u_int32_t _des_bits32[32] =
+{
+        0x80000000, 0x40000000, 0x20000000, 0x10000000,
+        0x08000000, 0x04000000, 0x02000000, 0x01000000,
+        0x00800000, 0x00400000, 0x00200000, 0x00100000,
+        0x00080000, 0x00040000, 0x00020000, 0x00010000,
+        0x00008000, 0x00004000, 0x00002000, 0x00001000,
+        0x00000800, 0x00000400, 0x00000200, 0x00000100,
+        0x00000080, 0x00000040, 0x00000020, 0x00000010,
+        0x00000008, 0x00000004, 0x00000002, 0x00000001
+};
+const u_char    _des_bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
+static u_int32_t saltbits;
+static int32_t  old_salt;
+static const u_int32_t *bits28, *bits24;
+static u_char   init_perm[64], final_perm[64];
+static u_int32_t en_keysl[16], en_keysr[16];
+static u_int32_t de_keysl[16], de_keysr[16];
+int     _des_initialised = 0;
+static u_char   m_sbox[4][4096];
+static u_int32_t psbox[4][256];
+static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
+static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
+static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
+static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
+static u_int32_t old_rawkey0, old_rawkey1;
+static u_char   ascii64[] =
+         "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+/*        0000000000111111111122222222223333333333444444444455555555556666 */
+/*        0123456789012345678901234567890123456789012345678901234567890123 */
+static __inline int
+ascii_to_bin(char ch)
+{
+        if (ch > 'z')
+                return(0);
+        if (ch >= 'a')
+                return(ch - 'a' + 38);
+        if (ch > 'Z')
+                return(0);
+        if (ch >= 'A')
+                return(ch - 'A' + 12);
+        if (ch > '9')
+                return(0);
+        if (ch >= '.')
+                return(ch - '.');
+        return(0);
+}
+void
+_des_init(void)
+{
+        int     i, j, b, k, inbit, obit;
+        u_int32_t       *p, *il, *ir, *fl, *fr;
+        old_rawkey0 = old_rawkey1 = 0;
+        saltbits = 0;
+        old_salt = 0;
+        bits24 = (bits28 = _des_bits32 + 4) + 4;
+        /*
+         * Invert the S-boxes, reordering the input bits.
+         */
+        for (i = 0; i < 8; i++)
+                for (j = 0; j < 64; j++) {
+                        b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
+                        u_sbox[i][j] = sbox[i][b];
+                }
+        /*
+         * Convert the inverted S-boxes into 4 arrays of 8 bits.
+         * Each will handle 12 bits of the S-box input.
+         */
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 64; i++)
+                        for (j = 0; j < 64; j++)
+                                m_sbox[b][(i << 6) | j] =
+                                        (u_sbox[(b << 1)][i] << 4) |
+                                        u_sbox[(b << 1) + 1][j];
+        /*
+         * Set up the initial & final permutations into a useful form, and
+         * initialise the inverted key permutation.
+         */
+        for (i = 0; i < 64; i++) {
+                init_perm[final_perm[i] = IP[i] - 1] = i;
+                inv_key_perm[i] = 255;
+        }
+        /*
+         * Invert the key permutation and initialise the inverted key
+         * compression permutation.
+         */
+        for (i = 0; i < 56; i++) {
+                u_key_perm[i] = key_perm[i] - 1;
+                inv_key_perm[key_perm[i] - 1] = i;
+                inv_comp_perm[i] = 255;
+        }
+        /*
+         * Invert the key compression permutation.
+         */
+        for (i = 0; i < 48; i++) {
+                inv_comp_perm[comp_perm[i] - 1] = i;
+        }
+        /*
+         * Set up the OR-mask arrays for the initial and final permutations,
+         * and for the key initial and compression permutations.
+         */
+        for (k = 0; k < 8; k++) {
+                for (i = 0; i < 256; i++) {
+                        *(il = &ip_maskl[k][i]) = 0;
+                        *(ir = &ip_maskr[k][i]) = 0;
+                        *(fl = &fp_maskl[k][i]) = 0;
+                        *(fr = &fp_maskr[k][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                inbit = 8 * k + j;
+                                if (i & _des_bits8[j]) {
+                                        if ((obit = init_perm[inbit]) < 32)
+                                                *il |= _des_bits32[obit];
+                                        else
+                                                *ir |= _des_bits32[obit-32];
+                                        if ((obit = final_perm[inbit]) < 32)
+                                                *fl |= _des_bits32[obit];
+                                        else
+                                                *fr |= _des_bits32[obit - 32];
+                                }
+                        }
+                }
+                for (i = 0; i < 128; i++) {
+                        *(il = &key_perm_maskl[k][i]) = 0;
+                        *(ir = &key_perm_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 8 * k + j;
+                                if (i & _des_bits8[j + 1]) {
+                                        if ((obit = inv_key_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 28)
+                                                *il |= bits28[obit];
+                                        else
+                                                *ir |= bits28[obit - 28];
+                                }
+                        }
+                        *(il = &comp_maskl[k][i]) = 0;
+                        *(ir = &comp_maskr[k][i]) = 0;
+                        for (j = 0; j < 7; j++) {
+                                inbit = 7 * k + j;
+                                if (i & _des_bits8[j + 1]) {
+                                        if ((obit=inv_comp_perm[inbit]) == 255)
+                                                continue;
+                                        if (obit < 24)
+                                                *il |= bits24[obit];
+                                        else
+                                                *ir |= bits24[obit - 24];
+                                }
+                        }
+                }
+        }
+        /*
+         * Invert the P-box permutation, and convert into OR-masks for
+         * handling the output of the S-box arrays setup above.
+         */
+        for (i = 0; i < 32; i++)
+                un_pbox[pbox[i] - 1] = i;
+        for (b = 0; b < 4; b++)
+                for (i = 0; i < 256; i++) {
+                        *(p = &psbox[b][i]) = 0;
+                        for (j = 0; j < 8; j++) {
+                                if (i & _des_bits8[j])
+                                        *p |= _des_bits32[un_pbox[8 * b + j]];
+                        }
+                }
+        _des_initialised = 1;
+}
+void
+_des_setup_salt(int32_t salt)
+{
+        u_int32_t       obit, saltbit;
+        int     i;
+        if (salt == old_salt)
+                return;
+        old_salt = salt;
+        saltbits = 0;
+        saltbit = 1;
+        obit = 0x800000;
+        for (i = 0; i < 24; i++) {
+                if (salt & saltbit)
+                        saltbits |= obit;
+                saltbit <<= 1;
+                obit >>= 1;
+        }
+}
+int
+des_setkey(const char *key)
+{
+        u_int32_t k0, k1, rawkey0, rawkey1;
+        int     shifts, round;
+        if (!_des_initialised)
+                _des_init();
+        rawkey0 = ntohl(*(u_int32_t *) key);
+        rawkey1 = ntohl(*(u_int32_t *) (key + 4));
+        if ((rawkey0 | rawkey1)
+            && rawkey0 == old_rawkey0
+            && rawkey1 == old_rawkey1) {
+                /*
+                 * Already setup for this key.
+                 * This optimisation fails on a zero key (which is weak and
+                 * has bad parity anyway) in order to simplify the starting
+                 * conditions.
+                 */
+                return(0);
+        }
+        old_rawkey0 = rawkey0;
+        old_rawkey1 = rawkey1;
+        /*
+         *      Do key permutation and split into two 28-bit subkeys.
+         */
+        k0 = key_perm_maskl[0][rawkey0 >> 25]
+           | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskl[4][rawkey1 >> 25]
+           | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
+        k1 = key_perm_maskr[0][rawkey0 >> 25]
+           | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
+           | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
+           | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
+           | key_perm_maskr[4][rawkey1 >> 25]
+           | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
+           | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
+           | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
+        /*
+         *      Rotate subkeys and do compression permutation.
+         */
+        shifts = 0;
+        for (round = 0; round < 16; round++) {
+                u_int32_t       t0, t1;
+                shifts += key_shifts[round];
+                t0 = (k0 << shifts) | (k0 >> (28 - shifts));
+                t1 = (k1 << shifts) | (k1 >> (28 - shifts));
+                de_keysl[15 - round] =
+                en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
+                                | comp_maskl[1][(t0 >> 14) & 0x7f]
+                                | comp_maskl[2][(t0 >> 7) & 0x7f]
+                                | comp_maskl[3][t0 & 0x7f]
+                                | comp_maskl[4][(t1 >> 21) & 0x7f]
+                                | comp_maskl[5][(t1 >> 14) & 0x7f]
+                                | comp_maskl[6][(t1 >> 7) & 0x7f]
+                                | comp_maskl[7][t1 & 0x7f];
+                de_keysr[15 - round] =
+                en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
+                                | comp_maskr[1][(t0 >> 14) & 0x7f]
+                                | comp_maskr[2][(t0 >> 7) & 0x7f]
+                                | comp_maskr[3][t0 & 0x7f]
+                                | comp_maskr[4][(t1 >> 21) & 0x7f]
+                                | comp_maskr[5][(t1 >> 14) & 0x7f]
+                                | comp_maskr[6][(t1 >> 7) & 0x7f]
+                                | comp_maskr[7][t1 & 0x7f];
+        }
+        return(0);
+}
+int
+_des_do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out,
+    int count)
+{
+        /*
+         *      l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
+         */
+        u_int32_t       l, r, *kl, *kr, *kl1, *kr1;
+        u_int32_t       f, r48l, r48r;
+        int             round;
+        if (count == 0) {
+                return(1);
+        } else if (count > 0) {
+                /*
+                 * Encrypting
+                 */
+                kl1 = en_keysl;
+                kr1 = en_keysr;
+        } else {
+                /*
+                 * Decrypting
+                 */
+                count = -count;
+                kl1 = de_keysl;
+                kr1 = de_keysr;
+        }
+        /*
+         *      Do initial permutation (IP).
+         */
+        l = ip_maskl[0][l_in >> 24]
+          | ip_maskl[1][(l_in >> 16) & 0xff]
+          | ip_maskl[2][(l_in >> 8) & 0xff]
+          | ip_maskl[3][l_in & 0xff]
+          | ip_maskl[4][r_in >> 24]
+          | ip_maskl[5][(r_in >> 16) & 0xff]
+          | ip_maskl[6][(r_in >> 8) & 0xff]
+          | ip_maskl[7][r_in & 0xff];
+        r = ip_maskr[0][l_in >> 24]
+          | ip_maskr[1][(l_in >> 16) & 0xff]
+          | ip_maskr[2][(l_in >> 8) & 0xff]
+          | ip_maskr[3][l_in & 0xff]
+          | ip_maskr[4][r_in >> 24]
+          | ip_maskr[5][(r_in >> 16) & 0xff]
+          | ip_maskr[6][(r_in >> 8) & 0xff]
+          | ip_maskr[7][r_in & 0xff];
+        while (count--) {
+                /*
+                 * Do each round.
+                 */
+                kl = kl1;
+                kr = kr1;
+                round = 16;
+                while (round--) {
+                        /*
+                         * Expand R to 48 bits (simulate the E-box).
+                         */
+                        r48l    = ((r & 0x00000001) << 23)
+                                | ((r & 0xf8000000) >> 9)
+                                | ((r & 0x1f800000) >> 11)
+                                | ((r & 0x01f80000) >> 13)
+                                | ((r & 0x001f8000) >> 15);
+                        r48r    = ((r & 0x0001f800) << 7)
+                                | ((r & 0x00001f80) << 5)
+                                | ((r & 0x000001f8) << 3)
+                                | ((r & 0x0000001f) << 1)
+                                | ((r & 0x80000000) >> 31);
+                        /*
+                         * Do salting for crypt() and friends, and
+                         * XOR with the permuted key.
+                         */
+                        f = (r48l ^ r48r) & saltbits;
+                        r48l ^= f ^ *kl++;
+                        r48r ^= f ^ *kr++;
+                        /*
+                         * Do sbox lookups (which shrink it back to 32 bits)
+                         * and do the pbox permutation at the same time.
+                         */
+                        f = psbox[0][m_sbox[0][r48l >> 12]]
+                          | psbox[1][m_sbox[1][r48l & 0xfff]]
+                          | psbox[2][m_sbox[2][r48r >> 12]]
+                          | psbox[3][m_sbox[3][r48r & 0xfff]];
+                        /*
+                         * Now that we've permuted things, complete f().
+                         */
+                        f ^= l;
+                        l = r;
+                        r = f;
+                }
+                r = l;
+                l = f;
+        }
+        /*
+         * Do final permutation (inverse of IP).
+         */
+        *l_out  = fp_maskl[0][l >> 24]
+                | fp_maskl[1][(l >> 16) & 0xff]
+                | fp_maskl[2][(l >> 8) & 0xff]
+                | fp_maskl[3][l & 0xff]
+                | fp_maskl[4][r >> 24]
+                | fp_maskl[5][(r >> 16) & 0xff]
+                | fp_maskl[6][(r >> 8) & 0xff]
+                | fp_maskl[7][r & 0xff];
+        *r_out  = fp_maskr[0][l >> 24]
+                | fp_maskr[1][(l >> 16) & 0xff]
+                | fp_maskr[2][(l >> 8) & 0xff]
+                | fp_maskr[3][l & 0xff]
+                | fp_maskr[4][r >> 24]
+                | fp_maskr[5][(r >> 16) & 0xff]
+                | fp_maskr[6][(r >> 8) & 0xff]
+                | fp_maskr[7][r & 0xff];
+        return(0);
+}
+int
+des_cipher(const char *in, char *out, int32_t salt, int count)
+{
+        u_int32_t l_out, r_out, rawl, rawr;
+        u_int32_t x[2];
+        int     retval;
+        if (!_des_initialised)
+                _des_init();
+        _des_setup_salt(salt);
+        memcpy(x, in, sizeof x);
+        rawl = ntohl(x[0]);
+        rawr = ntohl(x[1]);
+        retval = _des_do_des(rawl, rawr, &l_out, &r_out, count);
+        x[0] = htonl(l_out);
+        x[1] = htonl(r_out);
+        memcpy(out, x, sizeof x);
+        return(retval);
+}
+char *
+crypt(const char *key, const char *setting)
+{
+        int             i;
+        u_int32_t       count, salt, l, r0, r1, keybuf[2];
+        u_char          *p, *q;
+        static u_char   output[21];
+        extern char     *md5crypt(const char *, const char *);
+        extern char     *bcrypt(const char *, const char *);
+        if (setting[0] == '$') {
+                switch (setting[1]) {
+                case '1':
+                        return (md5crypt(key, setting));
+                default:
+                        return bcrypt(key, setting);
+                }
+        }
+        if (!_des_initialised)
+                _des_init();
+        /*
+         * Copy the key, shifting each character up by one bit
+         * and padding with zeros.
+         */
+        q = (u_char *) keybuf;
+        while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
+                if ((*q++ = *key << 1))
+                        key++;
+        }
+        if (des_setkey((char *) keybuf))
+                return(NULL);
+        if (*setting == _PASSWORD_EFMT1) {
+                /*
+                 * "new"-style:
+                 *      setting - underscore, 4 bytes of count, 4 bytes of salt
+                 *      key - unlimited characters
+                 */
+                for (i = 1, count = 0; i < 5; i++)
+                        count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
+                for (i = 5, salt = 0; i < 9; i++)
+                        salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
+                while (*key) {
+                        /*
+                         * Encrypt the key with itself.
+                         */
+                        if (des_cipher((char *)keybuf, (char *)keybuf, 0, 1))
+                                return(NULL);
+                        /*
+                         * And XOR with the next 8 characters of the key.
+                         */
+                        q = (u_char *) keybuf;
+                        while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
+                                        *key)
+                                *q++ ^= *key++ << 1;
+                        if (des_setkey((char *) keybuf))
+                                return(NULL);
+                }
+                strlcpy((char *)output, setting, 10);
+                /*
+                 * Double check that we weren't given a short setting.
+                 * If we were, the above code will probably have created
+                 * weird values for count and salt, but we don't really care.
+                 * Just make sure the output string doesn't have an extra
+                 * NUL in it.
+                 */
+                p = output + strlen((const char *)output);
+        } else {
+                /*
+                 * "old"-style:
+                 *      setting - 2 bytes of salt
+                 *      key - up to 8 characters
+                 */
+                count = 25;
+                salt = (ascii_to_bin(setting[1]) << 6)
+                     |  ascii_to_bin(setting[0]);
+                output[0] = setting[0];
+                /*
+                 * If the encrypted password that the salt was extracted from
+                 * is only 1 character long, the salt will be corrupted.  We
+                 * need to ensure that the output string doesn't have an extra
+                 * NUL in it!
+                 */
+                output[1] = setting[1] ? setting[1] : output[0];
+                p = output + 2;
+        }
+        _des_setup_salt(salt);
+        /*
+         * Do it.
+         */
+        if (_des_do_des(0, 0, &r0, &r1, count))
+                return(NULL);
+        /*
+         * Now encode the result...
+         */
+        l = (r0 >> 8);
+        *p++ = ascii64[(l >> 18) & 0x3f];
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        l = (r0 << 16) | ((r1 >> 16) & 0xffff);
+        *p++ = ascii64[(l >> 18) & 0x3f];
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        l = r1 << 2;
+        *p++ = ascii64[(l >> 12) & 0x3f];
+        *p++ = ascii64[(l >> 6) & 0x3f];
+        *p++ = ascii64[l & 0x3f];
+        *p = 0;
+        return((char *)output);
+}

diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c new file mode 100644 index 0000000000..15a784532d --- /dev/null +++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,696 @@
	1	/* $OpenBSD: crypt.c,v 1.20 2005/08/08 08:05:33 espie Exp $ */
	2
	3	/*
	4	* FreeSec: libcrypt
	5	*
	6	* Copyright (c) 1994 David Burren
	7	* All rights reserved.
	8	*
	9	* Redistribution and use in source and binary forms, with or without
	10	* modification, are permitted provided that the following conditions
	11	* are met:
	12	* 1. Redistributions of source code must retain the above copyright
	13	* notice, this list of conditions and the following disclaimer.
	14	* 2. Redistributions in binary form must reproduce the above copyright
	15	* notice, this list of conditions and the following disclaimer in the
	16	* documentation and/or other materials provided with the distribution.
	17	* 4. Neither the name of the author nor the names of other contributors
	18	* may be used to endorse or promote products derived from this software
	19	* without specific prior written permission.
	20	*
	21	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
	22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	24	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	31	* SUCH DAMAGE.
	32	*
	33	*
	34	* This is an original implementation of the DES and the crypt(3) interfaces
	35	* by David Burren <davidb@werj.com.au>.
	36	*
	37	* An excellent reference on the underlying algorithm (and related
	38	* algorithms) is:
	39	*
	40	* B. Schneier, Applied Cryptography: protocols, algorithms,
	41	* and source code in C, John Wiley & Sons, 1994.
	42	*
	43	* Note that in that book's description of DES the lookups for the initial,
	44	* pbox, and final permutations are inverted (this has been brought to the
	45	* attention of the author). A list of errata for this book has been
	46	* posted to the sci.crypt newsgroup by the author and is available for FTP.
	47	*/
	48
	49	#include <sys/types.h>
	50	#include <sys/param.h>
	51	#include <pwd.h>
	52	#include <unistd.h>
	53	#include <string.h>
	54
	55	#ifdef DEBUG
	56	# include <stdio.h>
	57	#endif
	58
	59	static const u_char IP[64] = {
	60	58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
	61	62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
	62	57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
	63	61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
	64	};
	65
	66	static u_char inv_key_perm[64];
	67	static u_char u_key_perm[56];
	68	static u_char const key_perm[56] = {
	69	57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
	70	10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
	71	63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
	72	14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
	73	};
	74
	75	static const u_char key_shifts[16] = {
	76	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
	77	};
	78
	79	static u_char inv_comp_perm[56];
	80	static const u_char comp_perm[48] = {
	81	14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
	82	23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
	83	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
	84	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
	85	};
	86
	87	/*
	88	* No E box is used, as it's replaced by some ANDs, shifts, and ORs.
	89	*/
	90
	91	static u_char u_sbox[8][64];
	92	static const u_char sbox[8][64] = {
	93	{
	94	14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
	95	0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
	96	4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
	97	15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
	98	},
	99	{
	100	15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
	101	3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
	102	0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
	103	13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
	104	},
	105	{
	106	10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
	107	13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
	108	13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
	109	1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
	110	},
	111	{
	112	7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
	113	13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
	114	10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
	115	3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
	116	},
	117	{
	118	2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
	119	14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
	120	4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
	121	11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
	122	},
	123	{
	124	12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
	125	10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
	126	9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
	127	4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
	128	},
	129	{
	130	4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
	131	13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
	132	1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
	133	6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
	134	},
	135	{
	136	13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
	137	1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
	138	7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
	139	2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
	140	}
	141	};
	142
	143	static u_char un_pbox[32];
	144	static const u_char pbox[32] = {
	145	16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
	146	2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
	147	};
	148
	149	const u_int32_t _des_bits32[32] =
	150	{
	151	0x80000000, 0x40000000, 0x20000000, 0x10000000,
	152	0x08000000, 0x04000000, 0x02000000, 0x01000000,
	153	0x00800000, 0x00400000, 0x00200000, 0x00100000,
	154	0x00080000, 0x00040000, 0x00020000, 0x00010000,
	155	0x00008000, 0x00004000, 0x00002000, 0x00001000,
	156	0x00000800, 0x00000400, 0x00000200, 0x00000100,
	157	0x00000080, 0x00000040, 0x00000020, 0x00000010,
	158	0x00000008, 0x00000004, 0x00000002, 0x00000001
	159	};
	160
	161	const u_char _des_bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
	162
	163	static u_int32_t saltbits;
	164	static int32_t old_salt;
	165	static const u_int32_t bits28, bits24;
	166	static u_char init_perm[64], final_perm[64];
	167	static u_int32_t en_keysl[16], en_keysr[16];
	168	static u_int32_t de_keysl[16], de_keysr[16];
	169	int _des_initialised = 0;
	170	static u_char m_sbox[4][4096];
	171	static u_int32_t psbox[4][256];
	172	static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
	173	static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
	174	static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
	175	static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
	176	static u_int32_t old_rawkey0, old_rawkey1;
	177
	178	static u_char ascii64[] =
	179	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
	180	/* 0000000000111111111122222222223333333333444444444455555555556666 */
	181	/* 0123456789012345678901234567890123456789012345678901234567890123 */
	182
	183	static __inline int
	184	ascii_to_bin(char ch)
	185	{
	186	if (ch > 'z')
	187	return(0);
	188	if (ch >= 'a')
	189	return(ch - 'a' + 38);
	190	if (ch > 'Z')
	191	return(0);
	192	if (ch >= 'A')
	193	return(ch - 'A' + 12);
	194	if (ch > '9')
	195	return(0);
	196	if (ch >= '.')
	197	return(ch - '.');
	198	return(0);
	199	}
	200
	201	void
	202	_des_init(void)
	203	{
	204	int i, j, b, k, inbit, obit;
	205	u_int32_t p, il, ir, fl, *fr;
	206
	207	old_rawkey0 = old_rawkey1 = 0;
	208	saltbits = 0;
	209	old_salt = 0;
	210	bits24 = (bits28 = _des_bits32 + 4) + 4;
	211
	212	/*
	213	* Invert the S-boxes, reordering the input bits.
	214	*/
	215	for (i = 0; i < 8; i++)
	216	for (j = 0; j < 64; j++) {
	217	b = (j & 0x20) \| ((j & 1) << 4) \| ((j >> 1) & 0xf);
	218	u_sbox[i][j] = sbox[i][b];
	219	}
	220
	221	/*
	222	* Convert the inverted S-boxes into 4 arrays of 8 bits.
	223	* Each will handle 12 bits of the S-box input.
	224	*/
	225	for (b = 0; b < 4; b++)
	226	for (i = 0; i < 64; i++)
	227	for (j = 0; j < 64; j++)
	228	m_sbox[b][(i << 6) \| j] =
	229	(u_sbox[(b << 1)][i] << 4) \|
	230	u_sbox[(b << 1) + 1][j];
	231
	232	/*
	233	* Set up the initial & final permutations into a useful form, and
	234	* initialise the inverted key permutation.
	235	*/
	236	for (i = 0; i < 64; i++) {
	237	init_perm[final_perm[i] = IP[i] - 1] = i;
	238	inv_key_perm[i] = 255;
	239	}
	240
	241	/*
	242	* Invert the key permutation and initialise the inverted key
	243	* compression permutation.
	244	*/
	245	for (i = 0; i < 56; i++) {
	246	u_key_perm[i] = key_perm[i] - 1;
	247	inv_key_perm[key_perm[i] - 1] = i;
	248	inv_comp_perm[i] = 255;
	249	}
	250
	251	/*
	252	* Invert the key compression permutation.
	253	*/
	254	for (i = 0; i < 48; i++) {
	255	inv_comp_perm[comp_perm[i] - 1] = i;
	256	}
	257
	258	/*
	259	* Set up the OR-mask arrays for the initial and final permutations,
	260	* and for the key initial and compression permutations.
	261	*/
	262	for (k = 0; k < 8; k++) {
	263	for (i = 0; i < 256; i++) {
	264	*(il = &ip_maskl[k][i]) = 0;
	265	*(ir = &ip_maskr[k][i]) = 0;
	266	*(fl = &fp_maskl[k][i]) = 0;
	267	*(fr = &fp_maskr[k][i]) = 0;
	268	for (j = 0; j < 8; j++) {
	269	inbit = 8 * k + j;
	270	if (i & _des_bits8[j]) {
	271	if ((obit = init_perm[inbit]) < 32)
	272	*il \|= _des_bits32[obit];
	273	else
	274	*ir \|= _des_bits32[obit-32];
	275	if ((obit = final_perm[inbit]) < 32)
	276	*fl \|= _des_bits32[obit];
	277	else
	278	*fr \|= _des_bits32[obit - 32];
	279	}
	280	}
	281	}
	282	for (i = 0; i < 128; i++) {
	283	*(il = &key_perm_maskl[k][i]) = 0;
	284	*(ir = &key_perm_maskr[k][i]) = 0;
	285	for (j = 0; j < 7; j++) {
	286	inbit = 8 * k + j;
	287	if (i & _des_bits8[j + 1]) {
	288	if ((obit = inv_key_perm[inbit]) == 255)
	289	continue;
	290	if (obit < 28)
	291	*il \|= bits28[obit];
	292	else
	293	*ir \|= bits28[obit - 28];
	294	}
	295	}
	296	*(il = &comp_maskl[k][i]) = 0;
	297	*(ir = &comp_maskr[k][i]) = 0;
	298	for (j = 0; j < 7; j++) {
	299	inbit = 7 * k + j;
	300	if (i & _des_bits8[j + 1]) {
	301	if ((obit=inv_comp_perm[inbit]) == 255)
	302	continue;
	303	if (obit < 24)
	304	*il \|= bits24[obit];
	305	else
	306	*ir \|= bits24[obit - 24];
	307	}
	308	}
	309	}
	310	}
	311
	312	/*
	313	* Invert the P-box permutation, and convert into OR-masks for
	314	* handling the output of the S-box arrays setup above.
	315	*/
	316	for (i = 0; i < 32; i++)
	317	un_pbox[pbox[i] - 1] = i;
	318
	319	for (b = 0; b < 4; b++)
	320	for (i = 0; i < 256; i++) {
	321	*(p = &psbox[b][i]) = 0;
	322	for (j = 0; j < 8; j++) {
	323	if (i & _des_bits8[j])
	324	p \|= _des_bits32[un_pbox[8 b + j]];
	325	}
	326	}
	327
	328	_des_initialised = 1;
	329	}
	330
	331	void
	332	_des_setup_salt(int32_t salt)
	333	{
	334	u_int32_t obit, saltbit;
	335	int i;
	336
	337	if (salt == old_salt)
	338	return;
	339	old_salt = salt;
	340
	341	saltbits = 0;
	342	saltbit = 1;
	343	obit = 0x800000;
	344	for (i = 0; i < 24; i++) {
	345	if (salt & saltbit)
	346	saltbits \|= obit;
	347	saltbit <<= 1;
	348	obit >>= 1;
	349	}
	350	}
	351
	352	int
	353	des_setkey(const char *key)
	354	{
	355	u_int32_t k0, k1, rawkey0, rawkey1;
	356	int shifts, round;
	357
	358	if (!_des_initialised)
	359	_des_init();
	360
	361	rawkey0 = ntohl((u_int32_t ) key);
	362	rawkey1 = ntohl((u_int32_t ) (key + 4));
	363
	364	if ((rawkey0 \| rawkey1)
	365	&& rawkey0 == old_rawkey0
	366	&& rawkey1 == old_rawkey1) {
	367	/*
	368	* Already setup for this key.
	369	* This optimisation fails on a zero key (which is weak and
	370	* has bad parity anyway) in order to simplify the starting
	371	* conditions.
	372	*/
	373	return(0);
	374	}
	375	old_rawkey0 = rawkey0;
	376	old_rawkey1 = rawkey1;
	377
	378	/*
	379	* Do key permutation and split into two 28-bit subkeys.
	380	*/
	381	k0 = key_perm_maskl[0][rawkey0 >> 25]
	382	\| key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
	383	\| key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
	384	\| key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
	385	\| key_perm_maskl[4][rawkey1 >> 25]
	386	\| key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
	387	\| key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
	388	\| key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
	389	k1 = key_perm_maskr[0][rawkey0 >> 25]
	390	\| key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
	391	\| key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
	392	\| key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
	393	\| key_perm_maskr[4][rawkey1 >> 25]
	394	\| key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
	395	\| key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
	396	\| key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
	397	/*
	398	* Rotate subkeys and do compression permutation.
	399	*/
	400	shifts = 0;
	401	for (round = 0; round < 16; round++) {
	402	u_int32_t t0, t1;
	403
	404	shifts += key_shifts[round];
	405
	406	t0 = (k0 << shifts) \| (k0 >> (28 - shifts));
	407	t1 = (k1 << shifts) \| (k1 >> (28 - shifts));
	408
	409	de_keysl[15 - round] =
	410	en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
	411	\| comp_maskl[1][(t0 >> 14) & 0x7f]
	412	\| comp_maskl[2][(t0 >> 7) & 0x7f]
	413	\| comp_maskl[3][t0 & 0x7f]
	414	\| comp_maskl[4][(t1 >> 21) & 0x7f]
	415	\| comp_maskl[5][(t1 >> 14) & 0x7f]
	416	\| comp_maskl[6][(t1 >> 7) & 0x7f]
	417	\| comp_maskl[7][t1 & 0x7f];
	418
	419	de_keysr[15 - round] =
	420	en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
	421	\| comp_maskr[1][(t0 >> 14) & 0x7f]
	422	\| comp_maskr[2][(t0 >> 7) & 0x7f]
	423	\| comp_maskr[3][t0 & 0x7f]
	424	\| comp_maskr[4][(t1 >> 21) & 0x7f]
	425	\| comp_maskr[5][(t1 >> 14) & 0x7f]
	426	\| comp_maskr[6][(t1 >> 7) & 0x7f]
	427	\| comp_maskr[7][t1 & 0x7f];
	428	}
	429	return(0);
	430	}
	431
	432	int
	433	_des_do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t l_out, u_int32_t r_out,
	434	int count)
	435	{
	436	/*
	437	* l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
	438	*/
	439	u_int32_t l, r, kl, kr, kl1, kr1;
	440	u_int32_t f, r48l, r48r;
	441	int round;
	442
	443	if (count == 0) {
	444	return(1);
	445	} else if (count > 0) {
	446	/*
	447	* Encrypting
	448	*/
	449	kl1 = en_keysl;
	450	kr1 = en_keysr;
	451	} else {
	452	/*
	453	* Decrypting
	454	*/
	455	count = -count;
	456	kl1 = de_keysl;
	457	kr1 = de_keysr;
	458	}
	459
	460	/*
	461	* Do initial permutation (IP).
	462	*/
	463	l = ip_maskl[0][l_in >> 24]
	464	\| ip_maskl[1][(l_in >> 16) & 0xff]
	465	\| ip_maskl[2][(l_in >> 8) & 0xff]
	466	\| ip_maskl[3][l_in & 0xff]
	467	\| ip_maskl[4][r_in >> 24]
	468	\| ip_maskl[5][(r_in >> 16) & 0xff]
	469	\| ip_maskl[6][(r_in >> 8) & 0xff]
	470	\| ip_maskl[7][r_in & 0xff];
	471	r = ip_maskr[0][l_in >> 24]
	472	\| ip_maskr[1][(l_in >> 16) & 0xff]
	473	\| ip_maskr[2][(l_in >> 8) & 0xff]
	474	\| ip_maskr[3][l_in & 0xff]
	475	\| ip_maskr[4][r_in >> 24]
	476	\| ip_maskr[5][(r_in >> 16) & 0xff]
	477	\| ip_maskr[6][(r_in >> 8) & 0xff]
	478	\| ip_maskr[7][r_in & 0xff];
	479
	480	while (count--) {
	481	/*
	482	* Do each round.
	483	*/
	484	kl = kl1;
	485	kr = kr1;
	486	round = 16;
	487	while (round--) {
	488	/*
	489	* Expand R to 48 bits (simulate the E-box).
	490	*/
	491	r48l = ((r & 0x00000001) << 23)
	492	\| ((r & 0xf8000000) >> 9)
	493	\| ((r & 0x1f800000) >> 11)
	494	\| ((r & 0x01f80000) >> 13)
	495	\| ((r & 0x001f8000) >> 15);
	496
	497	r48r = ((r & 0x0001f800) << 7)
	498	\| ((r & 0x00001f80) << 5)
	499	\| ((r & 0x000001f8) << 3)
	500	\| ((r & 0x0000001f) << 1)
	501	\| ((r & 0x80000000) >> 31);
	502	/*
	503	* Do salting for crypt() and friends, and
	504	* XOR with the permuted key.
	505	*/
	506	f = (r48l ^ r48r) & saltbits;
	507	r48l ^= f ^ *kl++;
	508	r48r ^= f ^ *kr++;
	509	/*
	510	* Do sbox lookups (which shrink it back to 32 bits)
	511	* and do the pbox permutation at the same time.
	512	*/
	513	f = psbox[0][m_sbox[0][r48l >> 12]]
	514	\| psbox[1][m_sbox[1][r48l & 0xfff]]
	515	\| psbox[2][m_sbox[2][r48r >> 12]]
	516	\| psbox[3][m_sbox[3][r48r & 0xfff]];
	517	/*
	518	* Now that we've permuted things, complete f().
	519	*/
	520	f ^= l;
	521	l = r;
	522	r = f;
	523	}
	524	r = l;
	525	l = f;
	526	}
	527	/*
	528	* Do final permutation (inverse of IP).
	529	*/
	530	*l_out = fp_maskl[0][l >> 24]
	531	\| fp_maskl[1][(l >> 16) & 0xff]
	532	\| fp_maskl[2][(l >> 8) & 0xff]
	533	\| fp_maskl[3][l & 0xff]
	534	\| fp_maskl[4][r >> 24]
	535	\| fp_maskl[5][(r >> 16) & 0xff]
	536	\| fp_maskl[6][(r >> 8) & 0xff]
	537	\| fp_maskl[7][r & 0xff];
	538	*r_out = fp_maskr[0][l >> 24]
	539	\| fp_maskr[1][(l >> 16) & 0xff]
	540	\| fp_maskr[2][(l >> 8) & 0xff]
	541	\| fp_maskr[3][l & 0xff]
	542	\| fp_maskr[4][r >> 24]
	543	\| fp_maskr[5][(r >> 16) & 0xff]
	544	\| fp_maskr[6][(r >> 8) & 0xff]
	545	\| fp_maskr[7][r & 0xff];
	546	return(0);
	547	}
	548
	549	int
	550	des_cipher(const char in, char out, int32_t salt, int count)
	551	{
	552	u_int32_t l_out, r_out, rawl, rawr;
	553	u_int32_t x[2];
	554	int retval;
	555
	556	if (!_des_initialised)
	557	_des_init();
	558
	559	_des_setup_salt(salt);
	560
	561	memcpy(x, in, sizeof x);
	562	rawl = ntohl(x[0]);
	563	rawr = ntohl(x[1]);
	564	retval = _des_do_des(rawl, rawr, &l_out, &r_out, count);
	565
	566	x[0] = htonl(l_out);
	567	x[1] = htonl(r_out);
	568	memcpy(out, x, sizeof x);
	569	return(retval);
	570	}
	571
	572	char *
	573	crypt(const char key, const char setting)
	574	{
	575	int i;
	576	u_int32_t count, salt, l, r0, r1, keybuf[2];
	577	u_char p, q;
	578	static u_char output[21];
	579	extern char md5crypt(const char , const char *);
	580	extern char bcrypt(const char , const char *);
	581
	582	if (setting[0] == '$') {
	583	switch (setting[1]) {
	584	case '1':
	585	return (md5crypt(key, setting));
	586	default:
	587	return bcrypt(key, setting);
	588	}
	589	}
	590
	591	if (!_des_initialised)
	592	_des_init();
	593
	594	/*
	595	* Copy the key, shifting each character up by one bit
	596	* and padding with zeros.
	597	*/
	598	q = (u_char *) keybuf;
	599	while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
	600	if ((q++ = key << 1))
	601	key++;
	602	}
	603	if (des_setkey((char *) keybuf))
	604	return(NULL);
	605
	606	if (*setting == _PASSWORD_EFMT1) {
	607	/*
	608	* "new"-style:
	609	* setting - underscore, 4 bytes of count, 4 bytes of salt
	610	* key - unlimited characters
	611	*/
	612	for (i = 1, count = 0; i < 5; i++)
	613	count \|= ascii_to_bin(setting[i]) << (i - 1) * 6;
	614
	615	for (i = 5, salt = 0; i < 9; i++)
	616	salt \|= ascii_to_bin(setting[i]) << (i - 5) * 6;
	617
	618	while (*key) {
	619	/*
	620	* Encrypt the key with itself.
	621	*/
	622	if (des_cipher((char )keybuf, (char )keybuf, 0, 1))
	623	return(NULL);
	624	/*
	625	* And XOR with the next 8 characters of the key.
	626	*/
	627	q = (u_char *) keybuf;
	628	while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
	629	*key)
	630	q++ ^= key++ << 1;
	631
	632	if (des_setkey((char *) keybuf))
	633	return(NULL);
	634	}
	635	strlcpy((char *)output, setting, 10);
	636
	637	/*
	638	* Double check that we weren't given a short setting.
	639	* If we were, the above code will probably have created
	640	* weird values for count and salt, but we don't really care.
	641	* Just make sure the output string doesn't have an extra
	642	* NUL in it.
	643	*/
	644	p = output + strlen((const char *)output);
	645	} else {
	646	/*
	647	* "old"-style:
	648	* setting - 2 bytes of salt
	649	* key - up to 8 characters
	650	*/
	651	count = 25;
	652
	653	salt = (ascii_to_bin(setting[1]) << 6)
	654	\| ascii_to_bin(setting[0]);
	655
	656	output[0] = setting[0];
	657	/*
	658	* If the encrypted password that the salt was extracted from
	659	* is only 1 character long, the salt will be corrupted. We
	660	* need to ensure that the output string doesn't have an extra
	661	* NUL in it!
	662	*/
	663	output[1] = setting[1] ? setting[1] : output[0];
	664
	665	p = output + 2;
	666	}
	667	_des_setup_salt(salt);
	668
	669	/*
	670	* Do it.
	671	*/
	672	if (_des_do_des(0, 0, &r0, &r1, count))
	673	return(NULL);
	674	/*
	675	* Now encode the result...
	676	*/
	677	l = (r0 >> 8);
	678	*p++ = ascii64[(l >> 18) & 0x3f];
	679	*p++ = ascii64[(l >> 12) & 0x3f];
	680	*p++ = ascii64[(l >> 6) & 0x3f];
	681	*p++ = ascii64[l & 0x3f];
	682
	683	l = (r0 << 16) \| ((r1 >> 16) & 0xffff);
	684	*p++ = ascii64[(l >> 18) & 0x3f];
	685	*p++ = ascii64[(l >> 12) & 0x3f];
	686	*p++ = ascii64[(l >> 6) & 0x3f];
	687	*p++ = ascii64[l & 0x3f];
	688
	689	l = r1 << 2;
	690	*p++ = ascii64[(l >> 12) & 0x3f];
	691	*p++ = ascii64[(l >> 6) & 0x3f];
	692	*p++ = ascii64[l & 0x3f];
	693	*p = 0;
	694
	695	return((char *)output);
	696	}