summaryrefslogtreecommitdiff
path: root/src/lib/libc/crypt
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libc/crypt')
-rw-r--r--src/lib/libc/crypt/Makefile.inc12
-rw-r--r--src/lib/libc/crypt/arc4random.383
-rw-r--r--src/lib/libc/crypt/arc4random.c176
-rw-r--r--src/lib/libc/crypt/bcrypt.c362
-rw-r--r--src/lib/libc/crypt/blowfish.3104
-rw-r--r--src/lib/libc/crypt/blowfish.c774
-rw-r--r--src/lib/libc/crypt/cast.c779
-rw-r--r--src/lib/libc/crypt/crypt.3298
-rw-r--r--src/lib/libc/crypt/crypt.c714
-rw-r--r--src/lib/libc/crypt/md5crypt.c157
-rw-r--r--src/lib/libc/crypt/morecrypt.c628
11 files changed, 4087 insertions, 0 deletions
diff --git a/src/lib/libc/crypt/Makefile.inc b/src/lib/libc/crypt/Makefile.inc
new file mode 100644
index 0000000000..9d96d657db
--- /dev/null
+++ b/src/lib/libc/crypt/Makefile.inc
@@ -0,0 +1,12 @@
1# $OpenBSD: Makefile.inc,v 1.10 1998/07/21 22:23:20 provos Exp $
2
3.PATH: ${.CURDIR}/arch/${MACHINE_ARCH}/crypt ${.CURDIR}/crypt
4
5SRCS+= cast.c crypt.c morecrypt.c md5crypt.c arc4random.c blowfish.c
6SRCS+= bcrypt.c
7
8MAN+= crypt.3 blowfish.3 arc4random.3
9MLINKS+=crypt.3 encrypt.3 crypt.3 setkey.3 crypt.3 des_cipher.3
10MLINKS+=crypt.3 des_setkey.3 blowfish.3 blf_key.3 blowfish.3 blf_enc.3
11MLINKS+=blowfish.3 blf_dec.3
12MLINKS+=arc4random.3 arc4random_stir.3 arc4random.3 arc4random_addrandom.3
diff --git a/src/lib/libc/crypt/arc4random.3 b/src/lib/libc/crypt/arc4random.3
new file mode 100644
index 0000000000..741965c5ac
--- /dev/null
+++ b/src/lib/libc/crypt/arc4random.3
@@ -0,0 +1,83 @@
1.\" $OpenBSD: arc4random.3,v 1.4 1998/09/07 16:44:34 aaron Exp $
2.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\" notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\" notice, this list of conditions and the following disclaimer in the
12.\" documentation and/or other materials provided with the distribution.
13.\" 3. All advertising materials mentioning features or use of this software
14.\" must display the following acknowledgement:
15.\" This product includes software developed by Niels Provos.
16.\" 4. The name of the author may not be used to endorse or promote products
17.\" derived from this software without specific prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29.\"
30.\" Manual page, using -mandoc macros
31.\"
32.Dd April 15, 1997
33.Dt ARC4RANDOM 3
34.Os "OpenBSD 2.0"
35.Sh NAME
36.Nm arc4random,
37.Nm arc4random_stir,
38.Nm arc4random_addrandom
39.Nd arc4 random number generator.
40.Sh SYNOPSIS
41.Fd #include <stdlib.h>
42.Ft u_int32_t
43.Fn arc4random "void"
44.Ft void
45.Fn arc4random_stir "void"
46.Ft void
47.Fn arc4random_addrandom "u_char *dat" "int datlen"
48.Sh DESCRIPTION
49The
50.Fn arc4random
51function uses the key stream generator employed by the
52arc4 cipher, which uses 8*8 8 bit S-Boxes. The S-Boxes
53can be in about
54.if t 2\u\s71700\s10\d
55.if n (2**1700)
56states.
57.Pp
58The
59.Fn arc4random_stir
60function reads data from
61.Pa /dev/arandom
62and uses it to permutate the S-Boxes via
63.Fn arc4random_addrandom .
64.Pp
65There is no need to call
66.Fn arc4random_stir
67before using
68.Fn arc4random ,
69since
70.Fn arc4random
71automatically initalizes itself.
72.Sh SEE ALSO
73.Xr rand48 3 ,
74.Xr rand 3 ,
75.Xr random 3
76.Sh HISTORY
77.Pa RC4
78has been designed by RSA Data Security, Inc. It was posted anonymously
79to the USENET and was confirmed to be equivalent by several sources who
80had access to the original cipher. Since
81.Pa RC4
82used to be a trade secret, the cipher is now referred to as
83.Pa ARC4 .
diff --git a/src/lib/libc/crypt/arc4random.c b/src/lib/libc/crypt/arc4random.c
new file mode 100644
index 0000000000..5279c21518
--- /dev/null
+++ b/src/lib/libc/crypt/arc4random.c
@@ -0,0 +1,176 @@
1/* $OpenBSD: arc4random.c,v 1.3 1998/03/22 19:01:16 niklas Exp $ */
2
3/*
4 * Arc4 random number generator for OpenBSD.
5 * Copyright 1996 David Mazieres <dm@lcs.mit.edu>.
6 *
7 * Modification and redistribution in source and binary forms is
8 * permitted provided that due credit is given to the author and the
9 * OpenBSD project (for instance by leaving this copyright notice
10 * intact).
11 */
12
13/*
14 * This code is derived from section 17.1 of Applied Cryptography,
15 * second edition, which describes a stream cipher allegedly
16 * compatible with RSA Labs "RC4" cipher (the actual description of
17 * which is a trade secret). The same algorithm is used as a stream
18 * cipher called "arcfour" in Tatu Ylonen's ssh package.
19 *
20 * Here the stream cipher has been modified always to include the time
21 * when initializing the state. That makes it impossible to
22 * regenerate the same random sequence twice, so this can't be used
23 * for encryption, but will generate good random numbers.
24 *
25 * RC4 is a registered trademark of RSA Laboratories.
26 */
27
28#include <fcntl.h>
29#include <stdlib.h>
30#include <unistd.h>
31#include <sys/types.h>
32#include <sys/time.h>
33
34#ifdef __GNUC__
35#define inline __inline
36#else /* !__GNUC__ */
37#define inline
38#endif /* !__GNUC__ */
39
40struct arc4_stream {
41 u_int8_t i;
42 u_int8_t j;
43 u_int8_t s[256];
44};
45
46int rs_initialized;
47static struct arc4_stream rs;
48
49static inline void
50arc4_init(as)
51 struct arc4_stream *as;
52{
53 int n;
54
55 for (n = 0; n < 256; n++)
56 as->s[n] = n;
57 as->i = 0;
58 as->j = 0;
59}
60
61static inline void
62arc4_addrandom(as, dat, datlen)
63 struct arc4_stream *as;
64 u_char *dat;
65 int datlen;
66{
67 int n;
68 u_int8_t si;
69
70 as->i--;
71 for (n = 0; n < 256; n++) {
72 as->i = (as->i + 1);
73 si = as->s[as->i];
74 as->j = (as->j + si + dat[n % datlen]);
75 as->s[as->i] = as->s[as->j];
76 as->s[as->j] = si;
77 }
78}
79
80static void
81arc4_stir(as)
82 struct arc4_stream *as;
83{
84 int fd;
85 struct {
86 struct timeval tv;
87 u_int8_t rnd[128 - sizeof(struct timeval)];
88 } rdat;
89
90 gettimeofday(&rdat.tv, NULL);
91 fd = open("/dev/arandom", O_RDONLY);
92 if (fd >= 0) {
93 read(fd, rdat.rnd, sizeof(rdat.rnd));
94 close(fd);
95 }
96 /* fd < 0? Ah, what the heck. We'll just take whatever was on the
97 * stack... */
98
99 arc4_addrandom(as, (void *) &rdat, sizeof(rdat));
100}
101
102static inline u_int8_t
103arc4_getbyte(as)
104 struct arc4_stream *as;
105{
106 u_int8_t si, sj;
107
108 as->i = (as->i + 1);
109 si = as->s[as->i];
110 as->j = (as->j + si);
111 sj = as->s[as->j];
112 as->s[as->i] = sj;
113 as->s[as->j] = si;
114 return (as->s[(si + sj) & 0xff]);
115}
116
117static inline u_int32_t
118arc4_getword(as)
119 struct arc4_stream *as;
120{
121 u_int32_t val;
122 val = arc4_getbyte(as) << 24;
123 val |= arc4_getbyte(as) << 16;
124 val |= arc4_getbyte(as) << 8;
125 val |= arc4_getbyte(as);
126 return val;
127}
128
129void
130arc4random_stir()
131{
132 if (!rs_initialized) {
133 arc4_init(&rs);
134 rs_initialized = 1;
135 }
136 arc4_stir(&rs);
137}
138
139void
140arc4random_addrandom(dat, datlen)
141 u_char *dat;
142 int datlen;
143{
144 if (!rs_initialized)
145 arc4random_stir();
146 arc4_addrandom(&rs, dat, datlen);
147}
148
149u_int32_t
150arc4random()
151{
152 if (!rs_initialized)
153 arc4random_stir();
154 return arc4_getword(&rs);
155}
156
157#if 0
158/*-------- Test code for i386 --------*/
159#include <stdio.h>
160#include <machine/pctr.h>
161int
162main(int argc, char **argv)
163{
164 const int iter = 1000000;
165 int i;
166 pctrval v;
167
168 v = rdtsc();
169 for (i = 0; i < iter; i++)
170 arc4random();
171 v = rdtsc() - v;
172 v /= iter;
173
174 printf("%qd cycles\n", v);
175}
176#endif
diff --git a/src/lib/libc/crypt/bcrypt.c b/src/lib/libc/crypt/bcrypt.c
new file mode 100644
index 0000000000..1b121fb28f
--- /dev/null
+++ b/src/lib/libc/crypt/bcrypt.c
@@ -0,0 +1,362 @@
1/* $OpenBSD: bcrypt.c,v 1.12 1998/08/10 18:33:07 provos Exp $ */
2
3/*
4 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. All advertising materials mentioning features or use of this software
16 * must display the following acknowledgement:
17 * This product includes software developed by Niels Provos.
18 * 4. The name of the author may not be used to endorse or promote products
19 * derived from this software without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33/* This password hashing algorithm was designed by David Mazieres
34 * <dm@lcs.mit.edu> and works as follows:
35 *
36 * 1. state := InitState ()
37 * 2. state := ExpandKey (state, salt, password) 3.
38 * REPEAT rounds:
39 * state := ExpandKey (state, 0, salt)
40 * state := ExpandKey(state, 0, password)
41 * 4. ctext := "OrpheanBeholderScryDoubt"
42 * 5. REPEAT 64:
43 * ctext := Encrypt_ECB (state, ctext);
44 * 6. RETURN Concatenate (salt, ctext);
45 *
46 */
47
48#if 0
49#include <stdio.h>
50#endif
51
52#include <stdio.h>
53#include <stdlib.h>
54#include <sys/types.h>
55#include <string.h>
56#include <pwd.h>
57#include <blf.h>
58
59/* This implementation is adaptable to current computing power.
60 * You can have up to 2^31 rounds which should be enough for some
61 * time to come.
62 */
63
64#define BCRYPT_VERSION '2'
65#define BCRYPT_MAXSALT 16 /* Precomputation is just so nice */
66#define BCRYPT_BLOCKS 6 /* Ciphertext blocks */
67#define BCRYPT_MINROUNDS 16 /* we have log2(rounds) in salt */
68
69char *bcrypt_gensalt __P((u_int8_t));
70
71static void encode_salt __P((char *, u_int8_t *, u_int16_t, u_int8_t));
72static void encode_base64 __P((u_int8_t *, u_int8_t *, u_int16_t));
73static void decode_base64 __P((u_int8_t *, u_int16_t, u_int8_t *));
74
75static char encrypted[_PASSWORD_LEN];
76static char gsalt[BCRYPT_MAXSALT * 4 / 3 + 1];
77static char error[] = ":";
78
79const static u_int8_t Base64Code[] =
80"./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
81
82const static u_int8_t index_64[128] =
83{
84 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
85 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
86 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
87 255, 255, 255, 255, 255, 255, 255, 255, 255, 255,
88 255, 255, 255, 255, 255, 255, 0, 1, 54, 55,
89 56, 57, 58, 59, 60, 61, 62, 63, 255, 255,
90 255, 255, 255, 255, 255, 2, 3, 4, 5, 6,
91 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
92 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
93 255, 255, 255, 255, 255, 255, 28, 29, 30,
94 31, 32, 33, 34, 35, 36, 37, 38, 39, 40,
95 41, 42, 43, 44, 45, 46, 47, 48, 49, 50,
96 51, 52, 53, 255, 255, 255, 255, 255
97};
98#define CHAR64(c) ( (c) > 127 ? 255 : index_64[(c)])
99
100#ifdef __STDC__
101static void
102decode_base64(u_int8_t *buffer, u_int16_t len, u_int8_t *data)
103#else
104static void
105decode_base64(buffer, len, data)
106 u_int8_t *buffer;
107 u_int16_t len;
108 u_int8_t *data;
109#endif
110{
111 u_int8_t *bp = buffer;
112 u_int8_t *p = data;
113 u_int8_t c1, c2, c3, c4;
114 while (bp < buffer + len) {
115 c1 = CHAR64(*p);
116 c2 = CHAR64(*(p + 1));
117
118 /* Invalid data */
119 if (c1 == 255 || c2 == 255)
120 break;
121
122 *bp++ = (c1 << 2) | ((c2 & 0x30) >> 4);
123 if (bp >= buffer + len)
124 break;
125
126 c3 = CHAR64(*(p + 2));
127 if (c3 == 255)
128 break;
129
130 *bp++ = ((c2 & 0x0f) << 4) | ((c3 & 0x3c) >> 2);
131 if (bp >= buffer + len)
132 break;
133
134 c4 = CHAR64(*(p + 3));
135 if (c4 == 255)
136 break;
137 *bp++ = ((c3 & 0x03) << 6) | c4;
138
139 p += 4;
140 }
141}
142
143#ifdef __STDC__
144static void
145encode_salt(char *salt, u_int8_t *csalt, u_int16_t clen, u_int8_t logr)
146#else
147static void
148encode_salt(salt, csalt, clen, logr)
149 char *salt;
150 u_int8_t *csalt;
151 u_int16_t clen;
152 u_int8_t logr;
153#endif
154{
155 salt[0] = '$';
156 salt[1] = BCRYPT_VERSION;
157 salt[2] = 'a';
158 salt[3] = '$';
159
160 snprintf(salt + 4, 4, "%2.2u$", logr);
161
162 encode_base64((u_int8_t *) salt + 7, csalt, clen);
163}
164/* Generates a salt for this version of crypt.
165 Since versions may change. Keeping this here
166 seems sensible.
167 */
168
169#ifdef __STDC__
170char *
171bcrypt_gensalt(u_int8_t log_rounds)
172#else
173char *
174bcrypt_gensalt(log_rounds)
175 u_int8_t log_rounds;
176#endif
177{
178 u_int8_t csalt[BCRYPT_MAXSALT];
179 u_int16_t i;
180 u_int32_t seed = 0;
181
182 for (i = 0; i < BCRYPT_MAXSALT; i++) {
183 if (i % 4 == 0)
184 seed = arc4random();
185 csalt[i] = seed & 0xff;
186 seed = seed >> 8;
187 }
188
189 if (log_rounds < 4)
190 log_rounds = 4;
191
192 encode_salt(gsalt, csalt, BCRYPT_MAXSALT, log_rounds);
193 return gsalt;
194}
195/* We handle $Vers$log2(NumRounds)$salt+passwd$
196 i.e. $2$04$iwouldntknowwhattosayetKdJ6iFtacBqJdKe6aW7ou */
197
198char *
199bcrypt(key, salt)
200 const char *key;
201 const char *salt;
202{
203 blf_ctx state;
204 u_int32_t rounds, i, k;
205 u_int16_t j;
206 u_int8_t key_len, salt_len, logr, minor;
207 u_int8_t ciphertext[4 * BCRYPT_BLOCKS] = "OrpheanBeholderScryDoubt";
208 u_int8_t csalt[BCRYPT_MAXSALT];
209 u_int32_t cdata[BCRYPT_BLOCKS];
210
211 /* Discard "$" identifier */
212 salt++;
213
214 if (*salt > BCRYPT_VERSION) {
215 /* How do I handle errors ? Return ':' */
216 return error;
217 }
218
219 /* Check for minor versions */
220 if (salt[1] != '$') {
221 switch (salt[1]) {
222 case 'a':
223 /* 'ab' should not yield the same as 'abab' */
224 minor = salt[1];
225 salt++;
226 break;
227 default:
228 return error;
229 }
230 } else
231 minor = 0;
232
233 /* Discard version + "$" identifier */
234 salt += 2;
235
236 if (salt[2] != '$')
237 /* Out of sync with passwd entry */
238 return error;
239
240 /* Computer power doesnt increase linear, 2^x should be fine */
241 if ((rounds = (u_int32_t) 1 << (logr = atoi(salt))) < BCRYPT_MINROUNDS)
242 return error;
243
244 /* Discard num rounds + "$" identifier */
245 salt += 3;
246
247 /* We dont want the base64 salt but the raw data */
248 decode_base64(csalt, BCRYPT_MAXSALT, (u_int8_t *) salt);
249 salt_len = BCRYPT_MAXSALT;
250 key_len = strlen(key) + (minor >= 'a' ? 1 : 0);
251
252 /* Setting up S-Boxes and Subkeys */
253 Blowfish_initstate(&state);
254 Blowfish_expandstate(&state, csalt, salt_len,
255 (u_int8_t *) key, key_len);
256 for (k = 0; k < rounds; k++) {
257 Blowfish_expand0state(&state, (u_int8_t *) key, key_len);
258 Blowfish_expand0state(&state, csalt, salt_len);
259 }
260
261 /* This can be precomputed later */
262 j = 0;
263 for (i = 0; i < BCRYPT_BLOCKS; i++)
264 cdata[i] = Blowfish_stream2word(ciphertext, 4 * BCRYPT_BLOCKS, &j);
265
266 /* Now do the encryption */
267 for (k = 0; k < 64; k++)
268 blf_enc(&state, cdata, BCRYPT_BLOCKS / 2);
269
270 for (i = 0; i < BCRYPT_BLOCKS; i++) {
271 ciphertext[4 * i + 3] = cdata[i] & 0xff;
272 cdata[i] = cdata[i] >> 8;
273 ciphertext[4 * i + 2] = cdata[i] & 0xff;
274 cdata[i] = cdata[i] >> 8;
275 ciphertext[4 * i + 1] = cdata[i] & 0xff;
276 cdata[i] = cdata[i] >> 8;
277 ciphertext[4 * i + 0] = cdata[i] & 0xff;
278 }
279
280
281 i = 0;
282 encrypted[i++] = '$';
283 encrypted[i++] = BCRYPT_VERSION;
284 if (minor)
285 encrypted[i++] = minor;
286 encrypted[i++] = '$';
287
288 snprintf(encrypted + i, 4, "%2.2u$", logr);
289
290 encode_base64((u_int8_t *) encrypted + i + 3, csalt, BCRYPT_MAXSALT);
291 encode_base64((u_int8_t *) encrypted + strlen(encrypted), ciphertext,
292 4 * BCRYPT_BLOCKS - 1);
293 return encrypted;
294}
295
296#ifdef __STDC__
297static void
298encode_base64(u_int8_t *buffer, u_int8_t *data, u_int16_t len)
299#else
300static void
301encode_base64(buffer, data, len)
302 u_int8_t *buffer;
303 u_int8_t *data;
304 u_int16_t len;
305#endif
306{
307 u_int8_t *bp = buffer;
308 u_int8_t *p = data;
309 u_int8_t c1, c2;
310 while (p < data + len) {
311 c1 = *p++;
312 *bp++ = Base64Code[(c1 >> 2)];
313 c1 = (c1 & 0x03) << 4;
314 if (p >= data + len) {
315 *bp++ = Base64Code[c1];
316 break;
317 }
318 c2 = *p++;
319 c1 |= (c2 >> 4) & 0x0f;
320 *bp++ = Base64Code[c1];
321 c1 = (c2 & 0x0f) << 2;
322 if (p >= data + len) {
323 *bp++ = Base64Code[c1];
324 break;
325 }
326 c2 = *p++;
327 c1 |= (c2 >> 6) & 0x03;
328 *bp++ = Base64Code[c1];
329 *bp++ = Base64Code[c2 & 0x3f];
330 }
331 *bp = '\0';
332}
333#if 0
334void
335main()
336{
337 char blubber[73];
338 char salt[100];
339 char *p;
340 salt[0] = '$';
341 salt[1] = BCRYPT_VERSION;
342 salt[2] = '$';
343
344 snprintf(salt + 3, 4, "%2.2u$", 5);
345
346 printf("24 bytes of salt: ");
347 fgets(salt + 6, 94, stdin);
348 salt[99] = 0;
349 printf("72 bytes of password: ");
350 fpurge(stdin);
351 fgets(blubber, 73, stdin);
352 blubber[72] = 0;
353
354 p = crypt(blubber, salt);
355 printf("Passwd entry: %s\n\n", p);
356
357 p = bcrypt_gensalt(5);
358 printf("Generated salt: %s\n", p);
359 p = crypt(blubber, p);
360 printf("Passwd entry: %s\n", p);
361}
362#endif
diff --git a/src/lib/libc/crypt/blowfish.3 b/src/lib/libc/crypt/blowfish.3
new file mode 100644
index 0000000000..02a1ef8738
--- /dev/null
+++ b/src/lib/libc/crypt/blowfish.3
@@ -0,0 +1,104 @@
1.\" $OpenBSD: blowfish.3,v 1.2 1998/08/10 18:40:58 provos Exp $
2.\" Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
3.\" All rights reserved.
4.\"
5.\" Redistribution and use in source and binary forms, with or without
6.\" modification, are permitted provided that the following conditions
7.\" are met:
8.\" 1. Redistributions of source code must retain the above copyright
9.\" notice, this list of conditions and the following disclaimer.
10.\" 2. Redistributions in binary form must reproduce the above copyright
11.\" notice, this list of conditions and the following disclaimer in the
12.\" documentation and/or other materials provided with the distribution.
13.\" 3. All advertising materials mentioning features or use of this software
14.\" must display the following acknowledgement:
15.\" This product includes software developed by Niels Provos.
16.\" 4. The name of the author may not be used to endorse or promote products
17.\" derived from this software without specific prior written permission.
18.\"
19.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29.\"
30.\" Manual page, using -mandoc macros
31.\"
32.Dd February 13, 1997
33.Dt BLOWFISH 3
34.Os "OpenBSD 2.0"
35.Sh NAME
36.Nm blf_key,
37.Nm blf_enc,
38.Nm blf_dec
39.Nd Blowfish encryption
40.Sh SYNOPSIS
41.Fd #include <blf.h>
42.Ft void
43.Fn blf_key "blf_ctx *state" "const u_int8_t *key" "u_int16_t keylen"
44.Ft void
45.Fn blf_enc "blf_ctx *state" "u_int32_t *data" "u_int16_t datalen"
46.Ft void
47.Fn blf_dec "blf_ctx *state" "u_int32_t *data" "u_int16_t datalen"
48.Ft void
49.Fn blf_ecb_encrypt "blf_ctx *state" "u_int8_t *data" "u_int32_t datalen"
50.Ft void
51.Fn blf_ecb_decrypt "blf_ctx *state" "u_int8_t *data" "u_int32_t datalen"
52.Ft void
53.Fn blf_cbc_encrypt "blf_ctx *state" "u_int8_t *iv" "u_int8_t *data" "u_int32_t datalen"
54.Ft void
55.Fn blf_cbc_decrypt "blf_ctx *state" "u_int8_t *iv" "u_int8_t *data" "u_int32_t datalen"
56.Sh DESCRIPTION
57.Pa Blowfish
58is a fast unpatented block cipher designed by Bruce Schneier.
59It basically consists of a 16 times iterated Feistel network.
60The block size is 64 bit and the key size is maximal 448 bit.
61.Pp
62The
63.Fn blf_key
64function initializes the 4 8bit S-boxes and the 18 Subkeys with
65the hexadecimal digits of Pi. The key is used for further randomization.
66The first argument to
67.Fn blf_enc
68is the initalized state derived from
69.Fn blf_key .
70The stream of 32-bit words is encrypted in Electronic Codebook
71Mode (ECB) and
72.Pa datalen
73must be even.
74.Fn blf_dec
75is used for decrypting Blowfish encrypted blocks.
76.Pp
77The functions
78.Fn blf_ecb_encrypt
79and
80.Fn blf_ecb_decrypt
81are used for encrypting and decrypting octet streams in ECB mode.
82The functions
83.Fn blf_cbc_encrypt
84and
85.Fn blf_cbc_decrypt
86are used for encrypting and decrypting octet streams in
87Cipherblock Chaining Mode (CBC).
88.Pp
89The functions
90.Fn Blowfish_initstate ,
91.Fn Blowfish_expand0state ,
92.Fn Blowfish_expandstate ,
93.Fn Blowfish_encipher
94and
95.Fn Blowfish_decipher
96are used for customization of the
97.Pa Blowfish
98cipher, e.g. for the blowfish password hashing function.
99.Sh SEE ALSO
100.Xr crypt 3 ,
101.Xr passwd 1 ,
102.Xr passwd 5
103.Sh AUTHOR
104Niels Provos <provos@physnet.uni-hamburg.de>
diff --git a/src/lib/libc/crypt/blowfish.c b/src/lib/libc/crypt/blowfish.c
new file mode 100644
index 0000000000..6cddbc64b3
--- /dev/null
+++ b/src/lib/libc/crypt/blowfish.c
@@ -0,0 +1,774 @@
1/* $OpenBSD: blowfish.c,v 1.12 1998/08/30 22:35:39 niklas Exp $ */
2/*
3 * Blowfish block cipher for OpenBSD
4 * Copyright 1997 Niels Provos <provos@physnet.uni-hamburg.de>
5 * All rights reserved.
6 *
7 * Implementation advice by David Mazieres <dm@lcs.mit.edu>.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 3. All advertising materials mentioning features or use of this software
18 * must display the following acknowledgement:
19 * This product includes software developed by Niels Provos.
20 * 4. The name of the author may not be used to endorse or promote products
21 * derived from this software without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
24 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
25 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
26 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
27 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
28 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
29 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
30 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
32 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35/*
36 * This code is derived from section 14.3 and the given source
37 * in section V of Applied Cryptography, second edition.
38 * Blowfish is an unpatented fast block cipher designed by
39 * Bruce Schneier.
40 */
41
42#if 0
43#include <stdio.h> /* used for debugging */
44#include <string.h>
45#endif
46
47#include <sys/types.h>
48#include <blf.h>
49
50#undef inline
51#ifdef __GNUC__
52#define inline __inline
53#else /* !__GNUC__ */
54#define inline
55#endif /* !__GNUC__ */
56
57/* Function for Feistel Networks */
58
59#define F(bc, x) ((((bc)->S[0][((x) & 0xFF000000) >> 24] \
60 + (bc)->S[1][((x) &0xFF0000 ) >> 16]) \
61 ^ (bc)->S[2][((x) & 0xFF00) >> 8]) \
62 + (bc)->S[3][(x) & 0x00FF])
63
64#define BLFRND(bc,i,j,n) (i ^= F(bc,j) ^ (bc)->P[n])
65
66void
67Blowfish_encipher(c, xl, xr)
68 blf_ctx *c;
69 u_int32_t *xl;
70 u_int32_t *xr;
71{
72 u_int32_t Xl;
73 u_int32_t Xr;
74
75 Xl = *xl;
76 Xr = *xr;
77
78 Xl ^= c->P[0];
79 BLFRND(c, Xr, Xl, 1); BLFRND(c, Xl, Xr, 2);
80 BLFRND(c, Xr, Xl, 3); BLFRND(c, Xl, Xr, 4);
81 BLFRND(c, Xr, Xl, 5); BLFRND(c, Xl, Xr, 6);
82 BLFRND(c, Xr, Xl, 7); BLFRND(c, Xl, Xr, 8);
83 BLFRND(c, Xr, Xl, 9); BLFRND(c, Xl, Xr, 10);
84 BLFRND(c, Xr, Xl, 11); BLFRND(c, Xl, Xr, 12);
85 BLFRND(c, Xr, Xl, 13); BLFRND(c, Xl, Xr, 14);
86 BLFRND(c, Xr, Xl, 15); BLFRND(c, Xl, Xr, 16);
87
88 *xl = Xr ^ c->P[17];
89 *xr = Xl;
90}
91
92void
93Blowfish_decipher(c, xl, xr)
94 blf_ctx *c;
95 u_int32_t *xl;
96 u_int32_t *xr;
97{
98 u_int32_t Xl;
99 u_int32_t Xr;
100
101 Xl = *xl;
102 Xr = *xr;
103
104 Xl ^= c->P[17];
105 BLFRND(c, Xr, Xl, 16); BLFRND(c, Xl, Xr, 15);
106 BLFRND(c, Xr, Xl, 14); BLFRND(c, Xl, Xr, 13);
107 BLFRND(c, Xr, Xl, 12); BLFRND(c, Xl, Xr, 11);
108 BLFRND(c, Xr, Xl, 10); BLFRND(c, Xl, Xr, 9);
109 BLFRND(c, Xr, Xl, 8); BLFRND(c, Xl, Xr, 7);
110 BLFRND(c, Xr, Xl, 6); BLFRND(c, Xl, Xr, 5);
111 BLFRND(c, Xr, Xl, 4); BLFRND(c, Xl, Xr, 3);
112 BLFRND(c, Xr, Xl, 2); BLFRND(c, Xl, Xr, 1);
113
114 *xl = Xr ^ c->P[0];
115 *xr = Xl;
116}
117
118void
119Blowfish_initstate(c)
120 blf_ctx *c;
121{
122
123/* P-box and S-box tables initialized with digits of Pi */
124
125 const blf_ctx initstate =
126
127 { {
128 {
129 0xd1310ba6, 0x98dfb5ac, 0x2ffd72db, 0xd01adfb7,
130 0xb8e1afed, 0x6a267e96, 0xba7c9045, 0xf12c7f99,
131 0x24a19947, 0xb3916cf7, 0x0801f2e2, 0x858efc16,
132 0x636920d8, 0x71574e69, 0xa458fea3, 0xf4933d7e,
133 0x0d95748f, 0x728eb658, 0x718bcd58, 0x82154aee,
134 0x7b54a41d, 0xc25a59b5, 0x9c30d539, 0x2af26013,
135 0xc5d1b023, 0x286085f0, 0xca417918, 0xb8db38ef,
136 0x8e79dcb0, 0x603a180e, 0x6c9e0e8b, 0xb01e8a3e,
137 0xd71577c1, 0xbd314b27, 0x78af2fda, 0x55605c60,
138 0xe65525f3, 0xaa55ab94, 0x57489862, 0x63e81440,
139 0x55ca396a, 0x2aab10b6, 0xb4cc5c34, 0x1141e8ce,
140 0xa15486af, 0x7c72e993, 0xb3ee1411, 0x636fbc2a,
141 0x2ba9c55d, 0x741831f6, 0xce5c3e16, 0x9b87931e,
142 0xafd6ba33, 0x6c24cf5c, 0x7a325381, 0x28958677,
143 0x3b8f4898, 0x6b4bb9af, 0xc4bfe81b, 0x66282193,
144 0x61d809cc, 0xfb21a991, 0x487cac60, 0x5dec8032,
145 0xef845d5d, 0xe98575b1, 0xdc262302, 0xeb651b88,
146 0x23893e81, 0xd396acc5, 0x0f6d6ff3, 0x83f44239,
147 0x2e0b4482, 0xa4842004, 0x69c8f04a, 0x9e1f9b5e,
148 0x21c66842, 0xf6e96c9a, 0x670c9c61, 0xabd388f0,
149 0x6a51a0d2, 0xd8542f68, 0x960fa728, 0xab5133a3,
150 0x6eef0b6c, 0x137a3be4, 0xba3bf050, 0x7efb2a98,
151 0xa1f1651d, 0x39af0176, 0x66ca593e, 0x82430e88,
152 0x8cee8619, 0x456f9fb4, 0x7d84a5c3, 0x3b8b5ebe,
153 0xe06f75d8, 0x85c12073, 0x401a449f, 0x56c16aa6,
154 0x4ed3aa62, 0x363f7706, 0x1bfedf72, 0x429b023d,
155 0x37d0d724, 0xd00a1248, 0xdb0fead3, 0x49f1c09b,
156 0x075372c9, 0x80991b7b, 0x25d479d8, 0xf6e8def7,
157 0xe3fe501a, 0xb6794c3b, 0x976ce0bd, 0x04c006ba,
158 0xc1a94fb6, 0x409f60c4, 0x5e5c9ec2, 0x196a2463,
159 0x68fb6faf, 0x3e6c53b5, 0x1339b2eb, 0x3b52ec6f,
160 0x6dfc511f, 0x9b30952c, 0xcc814544, 0xaf5ebd09,
161 0xbee3d004, 0xde334afd, 0x660f2807, 0x192e4bb3,
162 0xc0cba857, 0x45c8740f, 0xd20b5f39, 0xb9d3fbdb,
163 0x5579c0bd, 0x1a60320a, 0xd6a100c6, 0x402c7279,
164 0x679f25fe, 0xfb1fa3cc, 0x8ea5e9f8, 0xdb3222f8,
165 0x3c7516df, 0xfd616b15, 0x2f501ec8, 0xad0552ab,
166 0x323db5fa, 0xfd238760, 0x53317b48, 0x3e00df82,
167 0x9e5c57bb, 0xca6f8ca0, 0x1a87562e, 0xdf1769db,
168 0xd542a8f6, 0x287effc3, 0xac6732c6, 0x8c4f5573,
169 0x695b27b0, 0xbbca58c8, 0xe1ffa35d, 0xb8f011a0,
170 0x10fa3d98, 0xfd2183b8, 0x4afcb56c, 0x2dd1d35b,
171 0x9a53e479, 0xb6f84565, 0xd28e49bc, 0x4bfb9790,
172 0xe1ddf2da, 0xa4cb7e33, 0x62fb1341, 0xcee4c6e8,
173 0xef20cada, 0x36774c01, 0xd07e9efe, 0x2bf11fb4,
174 0x95dbda4d, 0xae909198, 0xeaad8e71, 0x6b93d5a0,
175 0xd08ed1d0, 0xafc725e0, 0x8e3c5b2f, 0x8e7594b7,
176 0x8ff6e2fb, 0xf2122b64, 0x8888b812, 0x900df01c,
177 0x4fad5ea0, 0x688fc31c, 0xd1cff191, 0xb3a8c1ad,
178 0x2f2f2218, 0xbe0e1777, 0xea752dfe, 0x8b021fa1,
179 0xe5a0cc0f, 0xb56f74e8, 0x18acf3d6, 0xce89e299,
180 0xb4a84fe0, 0xfd13e0b7, 0x7cc43b81, 0xd2ada8d9,
181 0x165fa266, 0x80957705, 0x93cc7314, 0x211a1477,
182 0xe6ad2065, 0x77b5fa86, 0xc75442f5, 0xfb9d35cf,
183 0xebcdaf0c, 0x7b3e89a0, 0xd6411bd3, 0xae1e7e49,
184 0x00250e2d, 0x2071b35e, 0x226800bb, 0x57b8e0af,
185 0x2464369b, 0xf009b91e, 0x5563911d, 0x59dfa6aa,
186 0x78c14389, 0xd95a537f, 0x207d5ba2, 0x02e5b9c5,
187 0x83260376, 0x6295cfa9, 0x11c81968, 0x4e734a41,
188 0xb3472dca, 0x7b14a94a, 0x1b510052, 0x9a532915,
189 0xd60f573f, 0xbc9bc6e4, 0x2b60a476, 0x81e67400,
190 0x08ba6fb5, 0x571be91f, 0xf296ec6b, 0x2a0dd915,
191 0xb6636521, 0xe7b9f9b6, 0xff34052e, 0xc5855664,
192 0x53b02d5d, 0xa99f8fa1, 0x08ba4799, 0x6e85076a},
193 {
194 0x4b7a70e9, 0xb5b32944, 0xdb75092e, 0xc4192623,
195 0xad6ea6b0, 0x49a7df7d, 0x9cee60b8, 0x8fedb266,
196 0xecaa8c71, 0x699a17ff, 0x5664526c, 0xc2b19ee1,
197 0x193602a5, 0x75094c29, 0xa0591340, 0xe4183a3e,
198 0x3f54989a, 0x5b429d65, 0x6b8fe4d6, 0x99f73fd6,
199 0xa1d29c07, 0xefe830f5, 0x4d2d38e6, 0xf0255dc1,
200 0x4cdd2086, 0x8470eb26, 0x6382e9c6, 0x021ecc5e,
201 0x09686b3f, 0x3ebaefc9, 0x3c971814, 0x6b6a70a1,
202 0x687f3584, 0x52a0e286, 0xb79c5305, 0xaa500737,
203 0x3e07841c, 0x7fdeae5c, 0x8e7d44ec, 0x5716f2b8,
204 0xb03ada37, 0xf0500c0d, 0xf01c1f04, 0x0200b3ff,
205 0xae0cf51a, 0x3cb574b2, 0x25837a58, 0xdc0921bd,
206 0xd19113f9, 0x7ca92ff6, 0x94324773, 0x22f54701,
207 0x3ae5e581, 0x37c2dadc, 0xc8b57634, 0x9af3dda7,
208 0xa9446146, 0x0fd0030e, 0xecc8c73e, 0xa4751e41,
209 0xe238cd99, 0x3bea0e2f, 0x3280bba1, 0x183eb331,
210 0x4e548b38, 0x4f6db908, 0x6f420d03, 0xf60a04bf,
211 0x2cb81290, 0x24977c79, 0x5679b072, 0xbcaf89af,
212 0xde9a771f, 0xd9930810, 0xb38bae12, 0xdccf3f2e,
213 0x5512721f, 0x2e6b7124, 0x501adde6, 0x9f84cd87,
214 0x7a584718, 0x7408da17, 0xbc9f9abc, 0xe94b7d8c,
215 0xec7aec3a, 0xdb851dfa, 0x63094366, 0xc464c3d2,
216 0xef1c1847, 0x3215d908, 0xdd433b37, 0x24c2ba16,
217 0x12a14d43, 0x2a65c451, 0x50940002, 0x133ae4dd,
218 0x71dff89e, 0x10314e55, 0x81ac77d6, 0x5f11199b,
219 0x043556f1, 0xd7a3c76b, 0x3c11183b, 0x5924a509,
220 0xf28fe6ed, 0x97f1fbfa, 0x9ebabf2c, 0x1e153c6e,
221 0x86e34570, 0xeae96fb1, 0x860e5e0a, 0x5a3e2ab3,
222 0x771fe71c, 0x4e3d06fa, 0x2965dcb9, 0x99e71d0f,
223 0x803e89d6, 0x5266c825, 0x2e4cc978, 0x9c10b36a,
224 0xc6150eba, 0x94e2ea78, 0xa5fc3c53, 0x1e0a2df4,
225 0xf2f74ea7, 0x361d2b3d, 0x1939260f, 0x19c27960,
226 0x5223a708, 0xf71312b6, 0xebadfe6e, 0xeac31f66,
227 0xe3bc4595, 0xa67bc883, 0xb17f37d1, 0x018cff28,
228 0xc332ddef, 0xbe6c5aa5, 0x65582185, 0x68ab9802,
229 0xeecea50f, 0xdb2f953b, 0x2aef7dad, 0x5b6e2f84,
230 0x1521b628, 0x29076170, 0xecdd4775, 0x619f1510,
231 0x13cca830, 0xeb61bd96, 0x0334fe1e, 0xaa0363cf,
232 0xb5735c90, 0x4c70a239, 0xd59e9e0b, 0xcbaade14,
233 0xeecc86bc, 0x60622ca7, 0x9cab5cab, 0xb2f3846e,
234 0x648b1eaf, 0x19bdf0ca, 0xa02369b9, 0x655abb50,
235 0x40685a32, 0x3c2ab4b3, 0x319ee9d5, 0xc021b8f7,
236 0x9b540b19, 0x875fa099, 0x95f7997e, 0x623d7da8,
237 0xf837889a, 0x97e32d77, 0x11ed935f, 0x16681281,
238 0x0e358829, 0xc7e61fd6, 0x96dedfa1, 0x7858ba99,
239 0x57f584a5, 0x1b227263, 0x9b83c3ff, 0x1ac24696,
240 0xcdb30aeb, 0x532e3054, 0x8fd948e4, 0x6dbc3128,
241 0x58ebf2ef, 0x34c6ffea, 0xfe28ed61, 0xee7c3c73,
242 0x5d4a14d9, 0xe864b7e3, 0x42105d14, 0x203e13e0,
243 0x45eee2b6, 0xa3aaabea, 0xdb6c4f15, 0xfacb4fd0,
244 0xc742f442, 0xef6abbb5, 0x654f3b1d, 0x41cd2105,
245 0xd81e799e, 0x86854dc7, 0xe44b476a, 0x3d816250,
246 0xcf62a1f2, 0x5b8d2646, 0xfc8883a0, 0xc1c7b6a3,
247 0x7f1524c3, 0x69cb7492, 0x47848a0b, 0x5692b285,
248 0x095bbf00, 0xad19489d, 0x1462b174, 0x23820e00,
249 0x58428d2a, 0x0c55f5ea, 0x1dadf43e, 0x233f7061,
250 0x3372f092, 0x8d937e41, 0xd65fecf1, 0x6c223bdb,
251 0x7cde3759, 0xcbee7460, 0x4085f2a7, 0xce77326e,
252 0xa6078084, 0x19f8509e, 0xe8efd855, 0x61d99735,
253 0xa969a7aa, 0xc50c06c2, 0x5a04abfc, 0x800bcadc,
254 0x9e447a2e, 0xc3453484, 0xfdd56705, 0x0e1e9ec9,
255 0xdb73dbd3, 0x105588cd, 0x675fda79, 0xe3674340,
256 0xc5c43465, 0x713e38d8, 0x3d28f89e, 0xf16dff20,
257 0x153e21e7, 0x8fb03d4a, 0xe6e39f2b, 0xdb83adf7},
258 {
259 0xe93d5a68, 0x948140f7, 0xf64c261c, 0x94692934,
260 0x411520f7, 0x7602d4f7, 0xbcf46b2e, 0xd4a20068,
261 0xd4082471, 0x3320f46a, 0x43b7d4b7, 0x500061af,
262 0x1e39f62e, 0x97244546, 0x14214f74, 0xbf8b8840,
263 0x4d95fc1d, 0x96b591af, 0x70f4ddd3, 0x66a02f45,
264 0xbfbc09ec, 0x03bd9785, 0x7fac6dd0, 0x31cb8504,
265 0x96eb27b3, 0x55fd3941, 0xda2547e6, 0xabca0a9a,
266 0x28507825, 0x530429f4, 0x0a2c86da, 0xe9b66dfb,
267 0x68dc1462, 0xd7486900, 0x680ec0a4, 0x27a18dee,
268 0x4f3ffea2, 0xe887ad8c, 0xb58ce006, 0x7af4d6b6,
269 0xaace1e7c, 0xd3375fec, 0xce78a399, 0x406b2a42,
270 0x20fe9e35, 0xd9f385b9, 0xee39d7ab, 0x3b124e8b,
271 0x1dc9faf7, 0x4b6d1856, 0x26a36631, 0xeae397b2,
272 0x3a6efa74, 0xdd5b4332, 0x6841e7f7, 0xca7820fb,
273 0xfb0af54e, 0xd8feb397, 0x454056ac, 0xba489527,
274 0x55533a3a, 0x20838d87, 0xfe6ba9b7, 0xd096954b,
275 0x55a867bc, 0xa1159a58, 0xcca92963, 0x99e1db33,
276 0xa62a4a56, 0x3f3125f9, 0x5ef47e1c, 0x9029317c,
277 0xfdf8e802, 0x04272f70, 0x80bb155c, 0x05282ce3,
278 0x95c11548, 0xe4c66d22, 0x48c1133f, 0xc70f86dc,
279 0x07f9c9ee, 0x41041f0f, 0x404779a4, 0x5d886e17,
280 0x325f51eb, 0xd59bc0d1, 0xf2bcc18f, 0x41113564,
281 0x257b7834, 0x602a9c60, 0xdff8e8a3, 0x1f636c1b,
282 0x0e12b4c2, 0x02e1329e, 0xaf664fd1, 0xcad18115,
283 0x6b2395e0, 0x333e92e1, 0x3b240b62, 0xeebeb922,
284 0x85b2a20e, 0xe6ba0d99, 0xde720c8c, 0x2da2f728,
285 0xd0127845, 0x95b794fd, 0x647d0862, 0xe7ccf5f0,
286 0x5449a36f, 0x877d48fa, 0xc39dfd27, 0xf33e8d1e,
287 0x0a476341, 0x992eff74, 0x3a6f6eab, 0xf4f8fd37,
288 0xa812dc60, 0xa1ebddf8, 0x991be14c, 0xdb6e6b0d,
289 0xc67b5510, 0x6d672c37, 0x2765d43b, 0xdcd0e804,
290 0xf1290dc7, 0xcc00ffa3, 0xb5390f92, 0x690fed0b,
291 0x667b9ffb, 0xcedb7d9c, 0xa091cf0b, 0xd9155ea3,
292 0xbb132f88, 0x515bad24, 0x7b9479bf, 0x763bd6eb,
293 0x37392eb3, 0xcc115979, 0x8026e297, 0xf42e312d,
294 0x6842ada7, 0xc66a2b3b, 0x12754ccc, 0x782ef11c,
295 0x6a124237, 0xb79251e7, 0x06a1bbe6, 0x4bfb6350,
296 0x1a6b1018, 0x11caedfa, 0x3d25bdd8, 0xe2e1c3c9,
297 0x44421659, 0x0a121386, 0xd90cec6e, 0xd5abea2a,
298 0x64af674e, 0xda86a85f, 0xbebfe988, 0x64e4c3fe,
299 0x9dbc8057, 0xf0f7c086, 0x60787bf8, 0x6003604d,
300 0xd1fd8346, 0xf6381fb0, 0x7745ae04, 0xd736fccc,
301 0x83426b33, 0xf01eab71, 0xb0804187, 0x3c005e5f,
302 0x77a057be, 0xbde8ae24, 0x55464299, 0xbf582e61,
303 0x4e58f48f, 0xf2ddfda2, 0xf474ef38, 0x8789bdc2,
304 0x5366f9c3, 0xc8b38e74, 0xb475f255, 0x46fcd9b9,
305 0x7aeb2661, 0x8b1ddf84, 0x846a0e79, 0x915f95e2,
306 0x466e598e, 0x20b45770, 0x8cd55591, 0xc902de4c,
307 0xb90bace1, 0xbb8205d0, 0x11a86248, 0x7574a99e,
308 0xb77f19b6, 0xe0a9dc09, 0x662d09a1, 0xc4324633,
309 0xe85a1f02, 0x09f0be8c, 0x4a99a025, 0x1d6efe10,
310 0x1ab93d1d, 0x0ba5a4df, 0xa186f20f, 0x2868f169,
311 0xdcb7da83, 0x573906fe, 0xa1e2ce9b, 0x4fcd7f52,
312 0x50115e01, 0xa70683fa, 0xa002b5c4, 0x0de6d027,
313 0x9af88c27, 0x773f8641, 0xc3604c06, 0x61a806b5,
314 0xf0177a28, 0xc0f586e0, 0x006058aa, 0x30dc7d62,
315 0x11e69ed7, 0x2338ea63, 0x53c2dd94, 0xc2c21634,
316 0xbbcbee56, 0x90bcb6de, 0xebfc7da1, 0xce591d76,
317 0x6f05e409, 0x4b7c0188, 0x39720a3d, 0x7c927c24,
318 0x86e3725f, 0x724d9db9, 0x1ac15bb4, 0xd39eb8fc,
319 0xed545578, 0x08fca5b5, 0xd83d7cd3, 0x4dad0fc4,
320 0x1e50ef5e, 0xb161e6f8, 0xa28514d9, 0x6c51133c,
321 0x6fd5c7e7, 0x56e14ec4, 0x362abfce, 0xddc6c837,
322 0xd79a3234, 0x92638212, 0x670efa8e, 0x406000e0},
323 {
324 0x3a39ce37, 0xd3faf5cf, 0xabc27737, 0x5ac52d1b,
325 0x5cb0679e, 0x4fa33742, 0xd3822740, 0x99bc9bbe,
326 0xd5118e9d, 0xbf0f7315, 0xd62d1c7e, 0xc700c47b,
327 0xb78c1b6b, 0x21a19045, 0xb26eb1be, 0x6a366eb4,
328 0x5748ab2f, 0xbc946e79, 0xc6a376d2, 0x6549c2c8,
329 0x530ff8ee, 0x468dde7d, 0xd5730a1d, 0x4cd04dc6,
330 0x2939bbdb, 0xa9ba4650, 0xac9526e8, 0xbe5ee304,
331 0xa1fad5f0, 0x6a2d519a, 0x63ef8ce2, 0x9a86ee22,
332 0xc089c2b8, 0x43242ef6, 0xa51e03aa, 0x9cf2d0a4,
333 0x83c061ba, 0x9be96a4d, 0x8fe51550, 0xba645bd6,
334 0x2826a2f9, 0xa73a3ae1, 0x4ba99586, 0xef5562e9,
335 0xc72fefd3, 0xf752f7da, 0x3f046f69, 0x77fa0a59,
336 0x80e4a915, 0x87b08601, 0x9b09e6ad, 0x3b3ee593,
337 0xe990fd5a, 0x9e34d797, 0x2cf0b7d9, 0x022b8b51,
338 0x96d5ac3a, 0x017da67d, 0xd1cf3ed6, 0x7c7d2d28,
339 0x1f9f25cf, 0xadf2b89b, 0x5ad6b472, 0x5a88f54c,
340 0xe029ac71, 0xe019a5e6, 0x47b0acfd, 0xed93fa9b,
341 0xe8d3c48d, 0x283b57cc, 0xf8d56629, 0x79132e28,
342 0x785f0191, 0xed756055, 0xf7960e44, 0xe3d35e8c,
343 0x15056dd4, 0x88f46dba, 0x03a16125, 0x0564f0bd,
344 0xc3eb9e15, 0x3c9057a2, 0x97271aec, 0xa93a072a,
345 0x1b3f6d9b, 0x1e6321f5, 0xf59c66fb, 0x26dcf319,
346 0x7533d928, 0xb155fdf5, 0x03563482, 0x8aba3cbb,
347 0x28517711, 0xc20ad9f8, 0xabcc5167, 0xccad925f,
348 0x4de81751, 0x3830dc8e, 0x379d5862, 0x9320f991,
349 0xea7a90c2, 0xfb3e7bce, 0x5121ce64, 0x774fbe32,
350 0xa8b6e37e, 0xc3293d46, 0x48de5369, 0x6413e680,
351 0xa2ae0810, 0xdd6db224, 0x69852dfd, 0x09072166,
352 0xb39a460a, 0x6445c0dd, 0x586cdecf, 0x1c20c8ae,
353 0x5bbef7dd, 0x1b588d40, 0xccd2017f, 0x6bb4e3bb,
354 0xdda26a7e, 0x3a59ff45, 0x3e350a44, 0xbcb4cdd5,
355 0x72eacea8, 0xfa6484bb, 0x8d6612ae, 0xbf3c6f47,
356 0xd29be463, 0x542f5d9e, 0xaec2771b, 0xf64e6370,
357 0x740e0d8d, 0xe75b1357, 0xf8721671, 0xaf537d5d,
358 0x4040cb08, 0x4eb4e2cc, 0x34d2466a, 0x0115af84,
359 0xe1b00428, 0x95983a1d, 0x06b89fb4, 0xce6ea048,
360 0x6f3f3b82, 0x3520ab82, 0x011a1d4b, 0x277227f8,
361 0x611560b1, 0xe7933fdc, 0xbb3a792b, 0x344525bd,
362 0xa08839e1, 0x51ce794b, 0x2f32c9b7, 0xa01fbac9,
363 0xe01cc87e, 0xbcc7d1f6, 0xcf0111c3, 0xa1e8aac7,
364 0x1a908749, 0xd44fbd9a, 0xd0dadecb, 0xd50ada38,
365 0x0339c32a, 0xc6913667, 0x8df9317c, 0xe0b12b4f,
366 0xf79e59b7, 0x43f5bb3a, 0xf2d519ff, 0x27d9459c,
367 0xbf97222c, 0x15e6fc2a, 0x0f91fc71, 0x9b941525,
368 0xfae59361, 0xceb69ceb, 0xc2a86459, 0x12baa8d1,
369 0xb6c1075e, 0xe3056a0c, 0x10d25065, 0xcb03a442,
370 0xe0ec6e0e, 0x1698db3b, 0x4c98a0be, 0x3278e964,
371 0x9f1f9532, 0xe0d392df, 0xd3a0342b, 0x8971f21e,
372 0x1b0a7441, 0x4ba3348c, 0xc5be7120, 0xc37632d8,
373 0xdf359f8d, 0x9b992f2e, 0xe60b6f47, 0x0fe3f11d,
374 0xe54cda54, 0x1edad891, 0xce6279cf, 0xcd3e7e6f,
375 0x1618b166, 0xfd2c1d05, 0x848fd2c5, 0xf6fb2299,
376 0xf523f357, 0xa6327623, 0x93a83531, 0x56cccd02,
377 0xacf08162, 0x5a75ebb5, 0x6e163697, 0x88d273cc,
378 0xde966292, 0x81b949d0, 0x4c50901b, 0x71c65614,
379 0xe6c6c7bd, 0x327a140a, 0x45e1d006, 0xc3f27b9a,
380 0xc9aa53fd, 0x62a80f00, 0xbb25bfe2, 0x35bdd2f6,
381 0x71126905, 0xb2040222, 0xb6cbcf7c, 0xcd769c2b,
382 0x53113ec0, 0x1640e3d3, 0x38abbd60, 0x2547adf0,
383 0xba38209c, 0xf746ce76, 0x77afa1c5, 0x20756060,
384 0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
385 0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
386 0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
387 0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6}
388 },
389 {
390 0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
391 0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
392 0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
393 0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
394 0x9216d5d9, 0x8979fb1b
395 } };
396
397 *c = initstate;
398
399}
400
401#ifdef __STDC__
402u_int32_t
403Blowfish_stream2word(const u_int8_t *data, u_int16_t databytes, u_int16_t *current)
404#else
405u_int32_t
406Blowfish_stream2word(data, databytes, current)
407 const u_int8_t *data;
408 u_int16_t databytes;
409 u_int16_t *current;
410#endif
411{
412 u_int8_t i;
413 u_int16_t j;
414 u_int32_t temp;
415
416 temp = 0x00000000;
417 j = *current;
418
419 for (i = 0; i < 4; i++, j++) {
420 if (j >= databytes)
421 j = 0;
422 temp = (temp << 8) | data[j];
423 }
424
425 *current = j;
426 return temp;
427}
428
429#if __STDC__
430void
431Blowfish_expand0state(blf_ctx *c, const u_int8_t *key, u_int16_t keybytes)
432#else
433void
434Blowfish_expand0state(c, key, keybytes)
435 blf_ctx *c;
436 const u_int8_t *key;
437 u_int16_t keybytes;
438#endif
439{
440 u_int16_t i;
441 u_int16_t j;
442 u_int16_t k;
443 u_int32_t temp;
444 u_int32_t datal;
445 u_int32_t datar;
446
447 j = 0;
448 for (i = 0; i < BLF_N + 2; i++) {
449 /* Extract 4 int8 to 1 int32 from keystream */
450 temp = Blowfish_stream2word(key, keybytes, &j);
451 c->P[i] = c->P[i] ^ temp;
452 }
453
454 j = 0;
455 datal = 0x00000000;
456 datar = 0x00000000;
457 for (i = 0; i < BLF_N + 2; i += 2) {
458 Blowfish_encipher(c, &datal, &datar);
459
460 c->P[i] = datal;
461 c->P[i + 1] = datar;
462 }
463
464 for (i = 0; i < 4; i++) {
465 for (k = 0; k < 256; k += 2) {
466 Blowfish_encipher(c, &datal, &datar);
467
468 c->S[i][k] = datal;
469 c->S[i][k + 1] = datar;
470 }
471 }
472}
473
474
475#if __STDC__
476void
477Blowfish_expandstate(blf_ctx *c, const u_int8_t *data, u_int16_t databytes,
478 const u_int8_t *key, u_int16_t keybytes)
479#else
480void
481Blowfish_expandstate(c, data, databytes, key, keybytes)
482 blf_ctx *c;
483 const u_int8_t *data;
484 u_int16_t databytes;
485 const u_int8_t *key;
486 u_int16_t keybytes;
487#endif
488{
489 u_int16_t i;
490 u_int16_t j;
491 u_int16_t k;
492 u_int32_t temp;
493 u_int32_t datal;
494 u_int32_t datar;
495
496 j = 0;
497 for (i = 0; i < BLF_N + 2; i++) {
498 /* Extract 4 int8 to 1 int32 from keystream */
499 temp = Blowfish_stream2word(key, keybytes, &j);
500 c->P[i] = c->P[i] ^ temp;
501 }
502
503 j = 0;
504 datal = 0x00000000;
505 datar = 0x00000000;
506 for (i = 0; i < BLF_N + 2; i += 2) {
507 datal ^= Blowfish_stream2word(data, databytes, &j);
508 datar ^= Blowfish_stream2word(data, databytes, &j);
509 Blowfish_encipher(c, &datal, &datar);
510
511 c->P[i] = datal;
512 c->P[i + 1] = datar;
513 }
514
515 for (i = 0; i < 4; i++) {
516 for (k = 0; k < 256; k += 2) {
517 datal ^= Blowfish_stream2word(data, databytes, &j);
518 datar ^= Blowfish_stream2word(data, databytes, &j);
519 Blowfish_encipher(c, &datal, &datar);
520
521 c->S[i][k] = datal;
522 c->S[i][k + 1] = datar;
523 }
524 }
525
526}
527
528#if __STDC__
529void
530blf_key(blf_ctx *c, const u_int8_t *k, u_int16_t len)
531#else
532void
533blf_key(c, k, len)
534 blf_ctx *c;
535 const u_int8_t *k;
536 u_int16_t len;
537#endif
538{
539 /* Initalize S-boxes and subkeys with Pi */
540 Blowfish_initstate(c);
541
542 /* Transform S-boxes and subkeys with key */
543 Blowfish_expand0state(c, k, len);
544}
545
546#if __STDC__
547void
548blf_enc(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
549#else
550void
551blf_enc(c, data, blocks)
552 blf_ctx *c;
553 u_int32_t *data;
554 u_int16_t blocks;
555#endif
556{
557 u_int32_t *d;
558 u_int16_t i;
559
560 d = data;
561 for (i = 0; i < blocks; i++) {
562 Blowfish_encipher(c, d, d + 1);
563 d += 2;
564 }
565}
566
567#if __STDC__
568void
569blf_dec(blf_ctx *c, u_int32_t *data, u_int16_t blocks)
570#else
571void
572blf_dec(c, data, blocks)
573 blf_ctx *c;
574 u_int32_t *data;
575 u_int16_t blocks;
576#endif
577{
578 u_int32_t *d;
579 u_int16_t i;
580
581 d = data;
582 for (i = 0; i < blocks; i++) {
583 Blowfish_decipher(c, d, d + 1);
584 d += 2;
585 }
586}
587
588#if __STDC__
589void
590blf_ecb_encrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
591#else
592void
593blf_ecb_encrypt(c, data, len)
594 blf_ctx *c;
595 u_int8_t *data;
596 u_int32_t len;
597#endif
598{
599 u_int32_t l, r;
600 u_int32_t i;
601
602 for (i = 0; i < len; i += 8) {
603 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
604 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
605 Blowfish_encipher(c, &l, &r);
606 data[0] = l >> 24 & 0xff;
607 data[1] = l >> 16 & 0xff;
608 data[2] = l >> 8 & 0xff;
609 data[3] = l & 0xff;
610 data[4] = r >> 24 & 0xff;
611 data[5] = r >> 16 & 0xff;
612 data[6] = r >> 8 & 0xff;
613 data[7] = r & 0xff;
614 data += 8;
615 }
616}
617
618#if __STDC__
619void
620blf_ecb_decrypt(blf_ctx *c, u_int8_t *data, u_int32_t len)
621#else
622void
623blf_ecb_decrypt(c, data, len)
624 blf_ctx *c;
625 u_int8_t *data;
626 u_int32_t len;
627#endif
628{
629 u_int32_t l, r;
630 u_int32_t i;
631
632 for (i = 0; i < len; i += 8) {
633 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
634 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
635 Blowfish_decipher(c, &l, &r);
636 data[0] = l >> 24 & 0xff;
637 data[1] = l >> 16 & 0xff;
638 data[2] = l >> 8 & 0xff;
639 data[3] = l & 0xff;
640 data[4] = r >> 24 & 0xff;
641 data[5] = r >> 16 & 0xff;
642 data[6] = r >> 8 & 0xff;
643 data[7] = r & 0xff;
644 data += 8;
645 }
646}
647
648#if __STDC__
649void
650blf_cbc_encrypt(blf_ctx *c, u_int8_t *iv, u_int8_t *data, u_int32_t len)
651#else
652void
653blf_cbc_encrypt(c, iv, data, len)
654 blf_ctx *c;
655 u_int8_t *iv;
656 u_int8_t *data;
657 u_int32_t len;
658#endif
659{
660 u_int32_t l, r;
661 u_int32_t i, j;
662
663 for (i = 0; i < len; i += 8) {
664 for (j = 0; j < 8; j++)
665 data[j] ^= iv[j];
666 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
667 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
668 Blowfish_encipher(c, &l, &r);
669 data[0] = l >> 24 & 0xff;
670 data[1] = l >> 16 & 0xff;
671 data[2] = l >> 8 & 0xff;
672 data[3] = l & 0xff;
673 data[4] = r >> 24 & 0xff;
674 data[5] = r >> 16 & 0xff;
675 data[6] = r >> 8 & 0xff;
676 data[7] = r & 0xff;
677 iv = data;
678 data += 8;
679 }
680}
681
682#if __STDC__
683void
684blf_cbc_decrypt(blf_ctx *c, u_int8_t *iva, u_int8_t *data, u_int32_t len)
685#else
686void
687blf_cbc_decrypt(c, iva, data, len)
688 blf_ctx *c;
689 u_int8_t *iva;
690 u_int8_t *data;
691 u_int32_t len;
692#endif
693{
694 u_int32_t l, r;
695 u_int8_t *iv;
696 u_int32_t i, j;
697
698 iv = data + len - 16;
699 data = data + len - 8;
700 for (i = len - 8; i >= 8; i -= 8) {
701 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
702 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
703 Blowfish_decipher(c, &l, &r);
704 data[0] = l >> 24 & 0xff;
705 data[1] = l >> 16 & 0xff;
706 data[2] = l >> 8 & 0xff;
707 data[3] = l & 0xff;
708 data[4] = r >> 24 & 0xff;
709 data[5] = r >> 16 & 0xff;
710 data[6] = r >> 8 & 0xff;
711 data[7] = r & 0xff;
712 for (j = 0; j < 8; j++)
713 data[j] ^= iv[j];
714 iv = data;
715 data -= 8;
716 }
717 l = data[0] << 24 | data[1] << 16 | data[2] << 8 | data[3];
718 r = data[4] << 24 | data[5] << 16 | data[6] << 8 | data[7];
719 Blowfish_decipher(c, &l, &r);
720 data[0] = l >> 24 & 0xff;
721 data[1] = l >> 16 & 0xff;
722 data[2] = l >> 8 & 0xff;
723 data[3] = l & 0xff;
724 data[4] = r >> 24 & 0xff;
725 data[5] = r >> 16 & 0xff;
726 data[6] = r >> 8 & 0xff;
727 data[7] = r & 0xff;
728 for (j = 0; j < 8; j++)
729 data[j] ^= iva[j];
730}
731
732#if 0
733void
734report(u_int32_t data[], u_int16_t len)
735{
736 u_int16_t i;
737 for (i = 0; i < len; i += 2)
738 printf("Block %0hd: %08lx %08lx.\n",
739 i / 2, data[i], data[i + 1]);
740}
741void
742main(void)
743{
744
745 blf_ctx c;
746 char key[] = "AAAAA";
747 char key2[] = "abcdefghijklmnopqrstuvwxyz";
748
749 u_int32_t data[10];
750 u_int32_t data2[] =
751 {0x424c4f57l, 0x46495348l};
752
753 u_int16_t i;
754
755 /* First test */
756 for (i = 0; i < 10; i++)
757 data[i] = i;
758
759 blf_key(&c, (u_int8_t *) key, 5);
760 blf_enc(&c, data, 5);
761 blf_dec(&c, data, 1);
762 blf_dec(&c, data + 2, 4);
763 printf("Should read as 0 - 9.\n");
764 report(data, 10);
765
766 /* Second test */
767 blf_key(&c, (u_int8_t *) key2, strlen(key2));
768 blf_enc(&c, data2, 1);
769 printf("\nShould read as: 0x324ed0fe 0xf413a203.\n");
770 report(data2, 2);
771 blf_dec(&c, data2, 1);
772 report(data2, 2);
773}
774#endif
diff --git a/src/lib/libc/crypt/cast.c b/src/lib/libc/crypt/cast.c
new file mode 100644
index 0000000000..264138f03e
--- /dev/null
+++ b/src/lib/libc/crypt/cast.c
@@ -0,0 +1,779 @@
1/* $OpenBSD: cast.c,v 1.2 1998/07/21 22:42:03 provos Exp $ */
2/*
3 * CAST-128 in C
4 * Written by Steve Reid <sreid@sea-to-sky.net>
5 * 100% Public Domain - no warranty
6 * Released 1997.10.11
7 */
8
9#include <sys/types.h>
10
11#include <cast.h>
12
13/* CAST S-Boxes */
14
15static const u_int32_t cast_sbox1[256] = {
16 0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A,
17 0x1E213F2F, 0x9C004DD3, 0x6003E540, 0xCF9FC949,
18 0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
19 0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E,
20 0x28683B6F, 0xC07FD059, 0xFF2379C8, 0x775F50E2,
21 0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
22 0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F,
23 0x2ABE32E1, 0xAA54166B, 0x22568E3A, 0xA2D341D0,
24 0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
25 0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7,
26 0xB82CBAEF, 0xD751D159, 0x6FF7F0ED, 0x5A097A1F,
27 0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
28 0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D,
29 0xB7332290, 0xE93B159F, 0xB48EE411, 0x4BFF345D,
30 0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
31 0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50,
32 0x882240F2, 0x0C6E4F38, 0xA4E4BFD7, 0x4F5BA272,
33 0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
34 0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D,
35 0x57538AD5, 0x6A390493, 0xE63D37E0, 0x2A54F6B3,
36 0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
37 0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167,
38 0x38901091, 0xC6B505EB, 0x84C7CB8C, 0x2AD75A0F,
39 0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
40 0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9,
41 0x6C00B32D, 0x73E2BB14, 0xA0BEBC3C, 0x54623779,
42 0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
43 0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2,
44 0x81383F05, 0x6963C5C8, 0x76CB5AD6, 0xD49974C9,
45 0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
46 0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E,
47 0x31366241, 0x051EF495, 0xAA573B04, 0x4A805D8D,
48 0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
49 0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5,
50 0x6B54BFAB, 0x2B0B1426, 0xAB4CC9D7, 0x449CCD82,
51 0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
52 0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC,
53 0xEADF55B3, 0xD5BD9E98, 0xE31231B2, 0x2AD5AD6C,
54 0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
55 0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC,
56 0x7B5A41F0, 0xD37CFBAD, 0x1B069505, 0x41ECE491,
57 0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
58 0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE,
59 0xE01063DA, 0x4736F464, 0x5AD328D8, 0xB347CC96,
60 0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
61 0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A,
62 0x3F04442F, 0x6188B153, 0xE0397A2E, 0x5727CB79,
63 0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
64 0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779,
65 0x4744EAD4, 0xB11C3274, 0xDD24CB9E, 0x7E1C54BD,
66 0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
67 0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6,
68 0x580304F0, 0xCA042CF1, 0x011A37EA, 0x8DBFAADB,
69 0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
70 0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0,
71 0x7C63B2CF, 0x700B45E1, 0xD5EA50F1, 0x85A92872,
72 0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
73 0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C,
74 0x474D6AD7, 0x7C0C5E5C, 0xD1231959, 0x381B7298,
75 0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
76 0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571,
77 0x962BDA1C, 0xE1E696FF, 0xB141AB08, 0x7CCA89B9,
78 0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
79 0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF
80};
81
82static const u_int32_t cast_sbox2[256] = {
83 0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380,
84 0xFE61CF7A, 0xEEC5207A, 0x55889C94, 0x72FC0651,
85 0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
86 0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3,
87 0xA0B52F7B, 0x59E83605, 0xEE15B094, 0xE9FFD909,
88 0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
89 0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B,
90 0x01420DDB, 0xE4E7EF5B, 0x25A1FF41, 0xE180F806,
91 0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
92 0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B,
93 0xE113C85B, 0xACC40083, 0xD7503525, 0xF7EA615F,
94 0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
95 0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21,
96 0x071F6181, 0x39F7627F, 0x361E3084, 0xE4EB573B,
97 0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
98 0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C,
99 0x10843094, 0x2537A95E, 0xF46F6FFE, 0xA1FF3B1F,
100 0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
101 0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D,
102 0x8A45388C, 0x1D804366, 0x721D9BFD, 0xA58684BB,
103 0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
104 0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD,
105 0xC5D655DD, 0xEB667064, 0x77840B4D, 0xA1B6A801,
106 0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
107 0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755,
108 0xB5625DBF, 0x68561BE6, 0x83CA6B94, 0x2D6ED23B,
109 0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
110 0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304,
111 0x81ED6F61, 0x20E74364, 0xB45E1378, 0xDE18639B,
112 0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
113 0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C,
114 0x488CB402, 0x1BA4FE5B, 0xA4B09F6B, 0x1CA815CF,
115 0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
116 0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C,
117 0xEE41E729, 0x6E1D2D7C, 0x50045286, 0x1E6685F3,
118 0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
119 0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9,
120 0xCDFF33A6, 0xA02B1741, 0x7CBAD9A2, 0x2180036F,
121 0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
122 0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6,
123 0xCDF0B680, 0x17844D3B, 0x31EEF84D, 0x7E0824E4,
124 0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
125 0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43,
126 0xB3FAEC54, 0x157FD7FA, 0xEF8579CC, 0xD152DE58,
127 0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
128 0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906,
129 0xB8DA230C, 0x80823028, 0xDCDEF3C8, 0xD35FB171,
130 0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
131 0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89,
132 0x8B1C34BC, 0x301E16E6, 0x273BE979, 0xB0FFEAA6,
133 0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
134 0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4,
135 0xDC8637A0, 0x16A7D3B1, 0x9FC393B7, 0xA7136EEB,
136 0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
137 0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E,
138 0xDB92F2FB, 0x5EEA29CB, 0x145892F5, 0x91584F7F,
139 0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
140 0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249,
141 0xB284600C, 0xD835731D, 0xDCB1C647, 0xAC4C56EA,
142 0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
143 0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD,
144 0x649DA589, 0xA345415E, 0x5C038323, 0x3E5D3BB9,
145 0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
146 0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1
147};
148
149static const u_int32_t cast_sbox3[256] = {
150 0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907,
151 0x47607FFF, 0x369FE44B, 0x8C1FC644, 0xAECECA90,
152 0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
153 0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5,
154 0x11107D9F, 0x07647DB9, 0xB2E3E4D4, 0x3D4F285E,
155 0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
156 0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC,
157 0x21FFFCEE, 0x825B1BFD, 0x9255C5ED, 0x1257A240,
158 0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
159 0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5,
160 0xA8C01DB7, 0x579FC264, 0x67094F31, 0xF2BD3F5F,
161 0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
162 0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99,
163 0xA197C81C, 0x4A012D6E, 0xC5884A28, 0xCCC36F71,
164 0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
165 0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04,
166 0xA747D2D0, 0x1651192E, 0xAF70BF3E, 0x58C31380,
167 0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
168 0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8,
169 0x8427F4A0, 0x1EAC5790, 0x796FB449, 0x8252DC15,
170 0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
171 0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2,
172 0x23EFE941, 0xA903F12E, 0x60270DF2, 0x0276E4B6,
173 0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
174 0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E,
175 0x842F7D83, 0x340CE5C8, 0x96BBB682, 0x93B4B148,
176 0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
177 0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC,
178 0x8B907CEE, 0xB51FD240, 0xE7C07CE3, 0xE566B4A1,
179 0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
180 0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C,
181 0xF76CEDD9, 0xBDA8229C, 0x127DADAA, 0x438A074E,
182 0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
183 0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51,
184 0x68CC7BFB, 0xD90F2788, 0x12490181, 0x5DE5FFD4,
185 0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
186 0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B,
187 0x6D498623, 0x193CBCFA, 0x27627545, 0x825CF47A,
188 0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
189 0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B,
190 0x285BA1C8, 0x3C62F44F, 0x35C0EAA5, 0xE805D231,
191 0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
192 0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889,
193 0x694BCC11, 0x236A5CAE, 0x12DECA4D, 0x2C3F8CC5,
194 0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
195 0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45,
196 0x3A609437, 0xEC00C9A9, 0x44715253, 0x0A874B49,
197 0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
198 0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D,
199 0x07478CD1, 0x006E1888, 0xA2E53F55, 0xB9E6D4BC,
200 0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
201 0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0,
202 0x947B0001, 0x570075D2, 0xF9BB88F8, 0x8942019E,
203 0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
204 0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767,
205 0xCF1FEBD2, 0x61EFC8C2, 0xF1AC2571, 0xCC8239C2,
206 0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
207 0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49,
208 0x5727C148, 0x2BE98A1D, 0x8AB41738, 0x20E1BE24,
209 0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
210 0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0,
211 0x642B1E31, 0x9C305A00, 0x52BCE688, 0x1B03588A,
212 0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
213 0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783
214};
215
216static const u_int32_t cast_sbox4[256] = {
217 0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298,
218 0x4A4F7BDB, 0x64AD8C57, 0x85510443, 0xFA020ED1,
219 0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
220 0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF,
221 0x28147F5F, 0x4FA2B8CD, 0xC9430040, 0x0CC32220,
222 0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
223 0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE,
224 0x1A05645F, 0x0C13FEFE, 0x081B08CA, 0x05170121,
225 0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
226 0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25,
227 0xCE84FFDF, 0xF5718801, 0x3DD64B04, 0xA26F263B,
228 0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
229 0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93,
230 0xD3772061, 0x11B638E1, 0x72500E03, 0xF80EB2BB,
231 0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
232 0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5,
233 0x4D351805, 0x7F3D5CE3, 0xA6C866C6, 0x5D5BCCA9,
234 0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
235 0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB,
236 0x022083B8, 0x3FB6180C, 0x18F8931E, 0x281658E6,
237 0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
238 0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23,
239 0x69DEAD38, 0x1574CA16, 0xDF871B62, 0x211C40B7,
240 0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
241 0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340,
242 0x557BE8DE, 0x00EAE4A7, 0x0CE5C2EC, 0x4DB4BBA6,
243 0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
244 0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119,
245 0x6E85CB75, 0xBE07C002, 0xC2325577, 0x893FF4EC,
246 0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
247 0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205,
248 0xAAC9548A, 0xECA1D7C7, 0x041AFA32, 0x1D16625A,
249 0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
250 0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79,
251 0x026A4CEB, 0x52437EFF, 0x2F8F76B4, 0x0DF980A5,
252 0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
253 0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C,
254 0x1741A254, 0xE5B6A035, 0x213D42F6, 0x2C1C7C26,
255 0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
256 0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB,
257 0x63315C21, 0x5E0A72EC, 0x49BAFEFD, 0x187908D9,
258 0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
259 0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF,
260 0x71EAE2A1, 0x1F9AF36E, 0xCFCBD12F, 0xC1DE8417,
261 0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
262 0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2,
263 0x6F7DE532, 0x58FD7EB6, 0xD01EE900, 0x24ADFFC2,
264 0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
265 0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF,
266 0x29908415, 0x7FBB977F, 0xAF9EB3DB, 0x29C9ED2A,
267 0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
268 0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919,
269 0x77079103, 0xDEA03AF6, 0x78A8565E, 0xDEE356DF,
270 0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
271 0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF,
272 0xAFE67AFB, 0xF470C4B2, 0xF3E0EB5B, 0xD6CC9876,
273 0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
274 0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB,
275 0xB5676E69, 0x9BD3DDDA, 0xDF7E052F, 0xDB25701C,
276 0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
277 0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43,
278 0x41823979, 0x932BCDF6, 0xB657C34D, 0x4EDFD282,
279 0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
280 0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2
281};
282
283static const u_int32_t cast_sbox5[256] = {
284 0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911,
285 0xB86A7FFF, 0x1DD358F5, 0x44DD9D44, 0x1731167F,
286 0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00,
287 0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A,
288 0xE6A2E77F, 0xF0C720CD, 0xC4494816, 0xCCF5C180,
289 0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF,
290 0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2,
291 0x4E40B48D, 0x248EB6FB, 0x8DBA1CFE, 0x41A99B02,
292 0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725,
293 0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A,
294 0xF2F3F763, 0x68AF8040, 0xED0C9E56, 0x11B4958B,
295 0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7,
296 0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571,
297 0x0C05372A, 0x578535F2, 0x2261BE02, 0xD642A0C9,
298 0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC,
299 0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981,
300 0x5C1FF900, 0xFE38D399, 0x0C4EFF0B, 0x062407EA,
301 0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774,
302 0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263,
303 0xDF65001F, 0x0EC50966, 0xDFDD55BC, 0x29DE0655,
304 0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468,
305 0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2,
306 0xBCF3F0AA, 0x87AC36E9, 0xE53A7426, 0x01B3D82B,
307 0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910,
308 0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284,
309 0x636737B6, 0x50F5B616, 0xF24766E3, 0x8ECA36C1,
310 0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4,
311 0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA,
312 0x26E46695, 0xB7566419, 0xF654EFC5, 0xD08D58B7,
313 0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049,
314 0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE,
315 0xC62BF3CD, 0x9E0885F9, 0x68CB3E47, 0x086C010F,
316 0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6,
317 0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA,
318 0x0AB378D5, 0xD951FB0C, 0xDED7DA56, 0x4124BBE4,
319 0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE,
320 0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561,
321 0xC3DC0280, 0x05687715, 0x646C6BD7, 0x44904DB3,
322 0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6,
323 0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840,
324 0x76F0AE02, 0x083BE84D, 0x28421C9A, 0x44489406,
325 0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4,
326 0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472,
327 0x3CA5D717, 0x7D161BBA, 0x9CAD9010, 0xAF462BA2,
328 0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487,
329 0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7,
330 0x445F7382, 0x175683F4, 0xCDC66A97, 0x70BE0288,
331 0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5,
332 0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2,
333 0x1C5C1572, 0xF6721B2C, 0x1AD2FFF3, 0x8C25404E,
334 0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78,
335 0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E,
336 0x44094F85, 0x3F481D87, 0xFCFEAE7B, 0x77B5FF76,
337 0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801,
338 0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0,
339 0xDF3B0874, 0x95055110, 0x1B5AD7A8, 0xF61ED5AD,
340 0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58,
341 0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0,
342 0x5CE96C28, 0xE176EDA3, 0x6BAC307F, 0x376829D2,
343 0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20,
344 0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE,
345 0xF9E0659A, 0xEEB9491D, 0x34010718, 0xBB30CAB8,
346 0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55,
347 0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4
348};
349
350static const u_int32_t cast_sbox6[256] = {
351 0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C,
352 0x95DB08E7, 0x016843B4, 0xECED5CBC, 0x325553AC,
353 0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9,
354 0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138,
355 0x33F14961, 0xC01937BD, 0xF506C6DA, 0xE4625E7E,
356 0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367,
357 0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866,
358 0xA084DB2D, 0x09A8486F, 0xA888614A, 0x2900AF98,
359 0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C,
360 0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072,
361 0xFD41197E, 0x9305A6B0, 0xE86BE3DA, 0x74BED3CD,
362 0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3,
363 0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53,
364 0x5C3D9C01, 0x64BDB941, 0x2C0E636A, 0xBA7DD9CD,
365 0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D,
366 0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8,
367 0x284CAF89, 0xAA928223, 0x9334BE53, 0x3B3A21BF,
368 0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9,
369 0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807,
370 0x5B7C5ECC, 0x221DB3A6, 0x9A69A02F, 0x68818A54,
371 0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A,
372 0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387,
373 0x53BDDB65, 0xE76FFBE7, 0xE967FD78, 0x0BA93563,
374 0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC,
375 0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0,
376 0xE81F994F, 0x9528CD89, 0xFD339FED, 0xB87834BF,
377 0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE,
378 0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF,
379 0x4EC75B95, 0x24F2C3C0, 0x42D15D99, 0xCD0D7FA0,
380 0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F,
381 0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2,
382 0x372B74AF, 0x692573E4, 0xE9A9D848, 0xF3160289,
383 0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853,
384 0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950,
385 0x36F73523, 0x4CFB6E87, 0x7DA4CEC0, 0x6C152DAA,
386 0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F,
387 0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9,
388 0x2B05D08D, 0x48B9D585, 0xDC049441, 0xC8098F9B,
389 0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751,
390 0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE,
391 0xBF32679D, 0xD45B5B75, 0xB353FD00, 0xCBB0E358,
392 0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13,
393 0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397,
394 0x47CF8E7A, 0xB6C85283, 0x3CC2ACFB, 0x3FC06976,
395 0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459,
396 0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0,
397 0x3007CD3E, 0x74719EEF, 0xDC872681, 0x073340D4,
398 0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891,
399 0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F,
400 0x6FE4AC98, 0xB173ECC0, 0xBC60B42A, 0x953498DA,
401 0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB,
402 0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC,
403 0xE8816F4A, 0x3814F200, 0xA3F94043, 0x9C7A54C2,
404 0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084,
405 0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB,
406 0xBA5AC7B5, 0xB6F6DEAF, 0x3A479C3A, 0x5302DA25,
407 0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B,
408 0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121,
409 0xB81A928A, 0x60ED5869, 0x97C55B96, 0xEAEC991B,
410 0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5,
411 0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855,
412 0xD36B4CF1, 0xF544EDEB, 0xB0E93524, 0xBEBB8FBD,
413 0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454,
414 0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F
415};
416
417static const u_int32_t cast_sbox7[256] = {
418 0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693,
419 0x2A8D7F6F, 0xAB9BC912, 0xDE6008A1, 0x2028DA1F,
420 0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82,
421 0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE,
422 0xA05FBCF6, 0xCD4181E9, 0xE150210C, 0xE24EF1BD,
423 0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43,
424 0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F,
425 0x089766BE, 0xBAEEADF4, 0x1286BECF, 0xB6EACB19,
426 0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9,
427 0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2,
428 0x107789BE, 0xB3B2E9CE, 0x0502AA8F, 0x0BC0351E,
429 0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516,
430 0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83,
431 0x334266CE, 0x8C9341B7, 0xD0D854C0, 0xCB3A6C88,
432 0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E,
433 0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816,
434 0x0A961288, 0xE1A5C06E, 0x13749E67, 0x72FC081A,
435 0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756,
436 0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F,
437 0xBC8EC511, 0x38BC46E9, 0xC6E6FA14, 0xBAE8584A,
438 0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B,
439 0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264,
440 0x92544A8B, 0x009B4FC3, 0xABA68CED, 0x9AC96F78,
441 0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688,
442 0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D,
443 0xF7DEBB85, 0x61FE033C, 0x16746233, 0x3C034C28,
444 0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802,
445 0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3,
446 0x0C4FB99A, 0xBB325778, 0x3EC6D97B, 0x6E77A6A9,
447 0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7,
448 0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302,
449 0xB96D8C32, 0xEBD4E7BE, 0xBE8B9D2D, 0x7979FB06,
450 0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858,
451 0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033,
452 0xF28EBFB0, 0xF5B9C310, 0xA0EAC280, 0x08B9767A,
453 0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A,
454 0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4,
455 0x826D2BEF, 0x4EEB8476, 0x488DCF25, 0x36C9D566,
456 0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF,
457 0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509,
458 0xF22B017D, 0xA4173F70, 0xDD1E16C3, 0x15E0D7F9,
459 0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962,
460 0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C,
461 0x93D29A22, 0xE32DBF9A, 0x058745B9, 0x3453DC1E,
462 0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07,
463 0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C,
464 0x66626C1C, 0x7154C24C, 0xEA082B2A, 0x93EB2939,
465 0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C,
466 0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E,
467 0xD3A0C108, 0xA1E7160E, 0xE4F2DFA6, 0x693ED285,
468 0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378,
469 0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301,
470 0xC79F022F, 0x3C997E7E, 0x5E4F9504, 0x3FFAFBBD,
471 0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE,
472 0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567,
473 0x5592A33D, 0xB5229301, 0xCFD2A87F, 0x60AEB767,
474 0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2,
475 0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647,
476 0x97FD61A9, 0xEA7759F4, 0x2D57539D, 0x569A58CF,
477 0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914,
478 0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2,
479 0x3FFA50BC, 0x3D40F021, 0xC3C0BDAE, 0x4958C24C,
480 0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA,
481 0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3
482};
483
484static const u_int32_t cast_sbox8[256] = {
485 0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095,
486 0x7789F8B7, 0xE6C1121B, 0x0E241600, 0x052CE8B5,
487 0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174,
488 0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC,
489 0xDE9ADEB1, 0x0A0CC32C, 0xBE197029, 0x84A00940,
490 0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD,
491 0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42,
492 0xC7ECE831, 0x3F8F95E7, 0x72DF191B, 0x7580330D,
493 0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164,
494 0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2,
495 0x12A8DDEC, 0xFDAA335D, 0x176F43E8, 0x71FB46D4,
496 0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862,
497 0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0,
498 0x4CFDE06F, 0xC28EC4B8, 0x57E8726E, 0x647A78FC,
499 0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6,
500 0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C,
501 0xBBD35049, 0x2998DF04, 0x980CF42A, 0x9B6DF491,
502 0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E,
503 0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B,
504 0x3CF1D2E2, 0x19B47A38, 0x424F7618, 0x35856039,
505 0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8,
506 0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8,
507 0x7170C608, 0x2D5E3354, 0xD4DE495A, 0x64C6D006,
508 0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42,
509 0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564,
510 0xF8D7E54E, 0x3E378160, 0x7895CDA5, 0x859C15A5,
511 0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB,
512 0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472,
513 0x835FFCB8, 0x6DF4C1F2, 0x96F5B195, 0xFD0AF0FC,
514 0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225,
515 0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8,
516 0xC4618187, 0xEA7A6E98, 0x7CD16EFC, 0x1436876C,
517 0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441,
518 0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB,
519 0xA842EEDF, 0xFDBA60B4, 0xF1907B75, 0x20E3030F,
520 0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054,
521 0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504,
522 0xF1E47D8D, 0x844A1BE5, 0xBAE7DFDC, 0x42CBDA70,
523 0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C,
524 0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC,
525 0x77853B53, 0x37EFFCB5, 0xC5068778, 0xE580B3E6,
526 0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C,
527 0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD,
528 0xDD06CAA2, 0x37DF932B, 0xC4248289, 0xACF3EBC3,
529 0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4,
530 0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4,
531 0xE87B40E4, 0xE98EA084, 0x5889E9E1, 0xEFD390FC,
532 0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101,
533 0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA,
534 0x646F1282, 0x7523D24A, 0xE0779695, 0xF9C17A8F,
535 0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF,
536 0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E,
537 0x11403092, 0x00DA6D77, 0x4A0CDD61, 0xAD1F4603,
538 0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A,
539 0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37,
540 0x2DE705CA, 0x8951570F, 0xDF09822B, 0xBD691A6C,
541 0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819,
542 0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384,
543 0x5938FA0F, 0x42399EF3, 0x36997B07, 0x0E84093D,
544 0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C,
545 0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347,
546 0x589E8D82, 0x0D2059D1, 0xA466BB1E, 0xF8DA0A82,
547 0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D,
548 0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E
549};
550
551/* Macros to access 8-bit bytes out of a 32-bit word */
552#define U8a(x) ( (u_int8_t) (x>>24) )
553#define U8b(x) ( (u_int8_t) ((x>>16)&255) )
554#define U8c(x) ( (u_int8_t) ((x>>8)&255) )
555#define U8d(x) ( (u_int8_t) ((x)&255) )
556
557/* Circular left shift */
558#define ROL(x, n) ( ((x)<<(n)) | ((x)>>(32-(n))) )
559
560/* CAST-128 uses three different round functions */
561#define F1(l, r, i) \
562 t = ROL(key->xkey[i] + r, key->xkey[i+16]); \
563 l ^= ((cast_sbox1[U8a(t)] ^ cast_sbox2[U8b(t)]) - \
564 cast_sbox3[U8c(t)]) + cast_sbox4[U8d(t)];
565#define F2(l, r, i) \
566 t = ROL(key->xkey[i] ^ r, key->xkey[i+16]); \
567 l ^= ((cast_sbox1[U8a(t)] - cast_sbox2[U8b(t)]) + \
568 cast_sbox3[U8c(t)]) ^ cast_sbox4[U8d(t)];
569#define F3(l, r, i) \
570 t = ROL(key->xkey[i] - r, key->xkey[i+16]); \
571 l ^= ((cast_sbox1[U8a(t)] + cast_sbox2[U8b(t)]) ^ \
572 cast_sbox3[U8c(t)]) - cast_sbox4[U8d(t)];
573
574
575/***** Encryption Function *****/
576
577void cast_encrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock)
578{
579u_int32_t t, l, r;
580
581 /* Get inblock into l,r */
582 l = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
583 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
584 r = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
585 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
586 /* Do the work */
587 F1(l, r, 0);
588 F2(r, l, 1);
589 F3(l, r, 2);
590 F1(r, l, 3);
591 F2(l, r, 4);
592 F3(r, l, 5);
593 F1(l, r, 6);
594 F2(r, l, 7);
595 F3(l, r, 8);
596 F1(r, l, 9);
597 F2(l, r, 10);
598 F3(r, l, 11);
599 /* Only do full 16 rounds if key length > 80 bits */
600 if (key->rounds > 12) {
601 F1(l, r, 12);
602 F2(r, l, 13);
603 F3(l, r, 14);
604 F1(r, l, 15);
605 }
606 /* Put l,r into outblock */
607 outblock[0] = U8a(r);
608 outblock[1] = U8b(r);
609 outblock[2] = U8c(r);
610 outblock[3] = U8d(r);
611 outblock[4] = U8a(l);
612 outblock[5] = U8b(l);
613 outblock[6] = U8c(l);
614 outblock[7] = U8d(l);
615 /* Wipe clean */
616 t = l = r = 0;
617}
618
619
620/***** Decryption Function *****/
621
622void cast_decrypt(cast_key* key, u_int8_t* inblock, u_int8_t* outblock)
623{
624u_int32_t t, l, r;
625
626 /* Get inblock into l,r */
627 r = ((u_int32_t)inblock[0] << 24) | ((u_int32_t)inblock[1] << 16) |
628 ((u_int32_t)inblock[2] << 8) | (u_int32_t)inblock[3];
629 l = ((u_int32_t)inblock[4] << 24) | ((u_int32_t)inblock[5] << 16) |
630 ((u_int32_t)inblock[6] << 8) | (u_int32_t)inblock[7];
631 /* Do the work */
632 /* Only do full 16 rounds if key length > 80 bits */
633 if (key->rounds > 12) {
634 F1(r, l, 15);
635 F3(l, r, 14);
636 F2(r, l, 13);
637 F1(l, r, 12);
638 }
639 F3(r, l, 11);
640 F2(l, r, 10);
641 F1(r, l, 9);
642 F3(l, r, 8);
643 F2(r, l, 7);
644 F1(l, r, 6);
645 F3(r, l, 5);
646 F2(l, r, 4);
647 F1(r, l, 3);
648 F3(l, r, 2);
649 F2(r, l, 1);
650 F1(l, r, 0);
651 /* Put l,r into outblock */
652 outblock[0] = U8a(l);
653 outblock[1] = U8b(l);
654 outblock[2] = U8c(l);
655 outblock[3] = U8d(l);
656 outblock[4] = U8a(r);
657 outblock[5] = U8b(r);
658 outblock[6] = U8c(r);
659 outblock[7] = U8d(r);
660 /* Wipe clean */
661 t = l = r = 0;
662}
663
664
665/***** Key Schedual *****/
666
667void cast_setkey(cast_key* key, u_int8_t* rawkey, int keybytes)
668{
669u_int32_t t[4], z[4], x[4];
670int i;
671
672 /* Set number of rounds to 12 or 16, depending on key length */
673 key->rounds = (keybytes <= 10 ? 12 : 16);
674
675 /* Copy key to workspace x */
676 for (i = 0; i < 4; i++) {
677 x[i] = 0;
678 if ((i*4+0) < keybytes) x[i] = (u_int32_t)rawkey[i*4+0] << 24;
679 if ((i*4+1) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+1] << 16;
680 if ((i*4+2) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+2] << 8;
681 if ((i*4+3) < keybytes) x[i] |= (u_int32_t)rawkey[i*4+3];
682 }
683 /* Generate 32 subkeys, four at a time */
684 for (i = 0; i < 32; i+=4) {
685 switch (i & 4) {
686 case 0:
687 t[0] = z[0] = x[0] ^ cast_sbox5[U8b(x[3])] ^
688 cast_sbox6[U8d(x[3])] ^ cast_sbox7[U8a(x[3])] ^
689 cast_sbox8[U8c(x[3])] ^ cast_sbox7[U8a(x[2])];
690 t[1] = z[1] = x[2] ^ cast_sbox5[U8a(z[0])] ^
691 cast_sbox6[U8c(z[0])] ^ cast_sbox7[U8b(z[0])] ^
692 cast_sbox8[U8d(z[0])] ^ cast_sbox8[U8c(x[2])];
693 t[2] = z[2] = x[3] ^ cast_sbox5[U8d(z[1])] ^
694 cast_sbox6[U8c(z[1])] ^ cast_sbox7[U8b(z[1])] ^
695 cast_sbox8[U8a(z[1])] ^ cast_sbox5[U8b(x[2])];
696 t[3] = z[3] = x[1] ^ cast_sbox5[U8c(z[2])] ^
697 cast_sbox6[U8b(z[2])] ^ cast_sbox7[U8d(z[2])] ^
698 cast_sbox8[U8a(z[2])] ^ cast_sbox6[U8d(x[2])];
699 break;
700 case 4:
701 t[0] = x[0] = z[2] ^ cast_sbox5[U8b(z[1])] ^
702 cast_sbox6[U8d(z[1])] ^ cast_sbox7[U8a(z[1])] ^
703 cast_sbox8[U8c(z[1])] ^ cast_sbox7[U8a(z[0])];
704 t[1] = x[1] = z[0] ^ cast_sbox5[U8a(x[0])] ^
705 cast_sbox6[U8c(x[0])] ^ cast_sbox7[U8b(x[0])] ^
706 cast_sbox8[U8d(x[0])] ^ cast_sbox8[U8c(z[0])];
707 t[2] = x[2] = z[1] ^ cast_sbox5[U8d(x[1])] ^
708 cast_sbox6[U8c(x[1])] ^ cast_sbox7[U8b(x[1])] ^
709 cast_sbox8[U8a(x[1])] ^ cast_sbox5[U8b(z[0])];
710 t[3] = x[3] = z[3] ^ cast_sbox5[U8c(x[2])] ^
711 cast_sbox6[U8b(x[2])] ^ cast_sbox7[U8d(x[2])] ^
712 cast_sbox8[U8a(x[2])] ^ cast_sbox6[U8d(z[0])];
713 break;
714 }
715 switch (i & 12) {
716 case 0:
717 case 12:
718 key->xkey[i+0] = cast_sbox5[U8a(t[2])] ^ cast_sbox6[U8b(t[2])] ^
719 cast_sbox7[U8d(t[1])] ^ cast_sbox8[U8c(t[1])];
720 key->xkey[i+1] = cast_sbox5[U8c(t[2])] ^ cast_sbox6[U8d(t[2])] ^
721 cast_sbox7[U8b(t[1])] ^ cast_sbox8[U8a(t[1])];
722 key->xkey[i+2] = cast_sbox5[U8a(t[3])] ^ cast_sbox6[U8b(t[3])] ^
723 cast_sbox7[U8d(t[0])] ^ cast_sbox8[U8c(t[0])];
724 key->xkey[i+3] = cast_sbox5[U8c(t[3])] ^ cast_sbox6[U8d(t[3])] ^
725 cast_sbox7[U8b(t[0])] ^ cast_sbox8[U8a(t[0])];
726 break;
727 case 4:
728 case 8:
729 key->xkey[i+0] = cast_sbox5[U8d(t[0])] ^ cast_sbox6[U8c(t[0])] ^
730 cast_sbox7[U8a(t[3])] ^ cast_sbox8[U8b(t[3])];
731 key->xkey[i+1] = cast_sbox5[U8b(t[0])] ^ cast_sbox6[U8a(t[0])] ^
732 cast_sbox7[U8c(t[3])] ^ cast_sbox8[U8d(t[3])];
733 key->xkey[i+2] = cast_sbox5[U8d(t[1])] ^ cast_sbox6[U8c(t[1])] ^
734 cast_sbox7[U8a(t[2])] ^ cast_sbox8[U8b(t[2])];
735 key->xkey[i+3] = cast_sbox5[U8b(t[1])] ^ cast_sbox6[U8a(t[1])] ^
736 cast_sbox7[U8c(t[2])] ^ cast_sbox8[U8d(t[2])];
737 break;
738 }
739 switch (i & 12) {
740 case 0:
741 key->xkey[i+0] ^= cast_sbox5[U8c(z[0])];
742 key->xkey[i+1] ^= cast_sbox6[U8c(z[1])];
743 key->xkey[i+2] ^= cast_sbox7[U8b(z[2])];
744 key->xkey[i+3] ^= cast_sbox8[U8a(z[3])];
745 break;
746 case 4:
747 key->xkey[i+0] ^= cast_sbox5[U8a(x[2])];
748 key->xkey[i+1] ^= cast_sbox6[U8b(x[3])];
749 key->xkey[i+2] ^= cast_sbox7[U8d(x[0])];
750 key->xkey[i+3] ^= cast_sbox8[U8d(x[1])];
751 break;
752 case 8:
753 key->xkey[i+0] ^= cast_sbox5[U8b(z[2])];
754 key->xkey[i+1] ^= cast_sbox6[U8a(z[3])];
755 key->xkey[i+2] ^= cast_sbox7[U8c(z[0])];
756 key->xkey[i+3] ^= cast_sbox8[U8c(z[1])];
757 break;
758 case 12:
759 key->xkey[i+0] ^= cast_sbox5[U8d(x[0])];
760 key->xkey[i+1] ^= cast_sbox6[U8d(x[1])];
761 key->xkey[i+2] ^= cast_sbox7[U8a(x[2])];
762 key->xkey[i+3] ^= cast_sbox8[U8b(x[3])];
763 break;
764 }
765 if (i >= 16) {
766 key->xkey[i+0] &= 31;
767 key->xkey[i+1] &= 31;
768 key->xkey[i+2] &= 31;
769 key->xkey[i+3] &= 31;
770 }
771 }
772 /* Wipe clean */
773 for (i = 0; i < 4; i++) {
774 t[i] = x[i] = z[i] = 0;
775 }
776}
777
778/* Made in Canada */
779
diff --git a/src/lib/libc/crypt/crypt.3 b/src/lib/libc/crypt/crypt.3
new file mode 100644
index 0000000000..524645de55
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.3
@@ -0,0 +1,298 @@
1.\" $OpenBSD: crypt.3,v 1.11 1998/02/27 12:17:45 deraadt Exp $
2.\"
3.\" FreeSec: libcrypt
4.\"
5.\" Copyright (c) 1994 David Burren
6.\" All rights reserved.
7.\"
8.\" Redistribution and use in source and binary forms, with or without
9.\" modification, are permitted provided that the following conditions
10.\" are met:
11.\" 1. Redistributions of source code must retain the above copyright
12.\" notice, this list of conditions and the following disclaimer.
13.\" 2. Redistributions in binary form must reproduce the above copyright
14.\" notice, this list of conditions and the following disclaimer in the
15.\" documentation and/or other materials provided with the distribution.
16.\" 4. Neither the name of the author nor the names of other contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" Manual page, using -mandoc macros
33.\"
34.Dd March 9, 1994
35.Dt CRYPT 3
36.Os
37.Sh NAME
38.Nm crypt ,
39.Nm setkey ,
40.Nm encrypt ,
41.Nm des_setkey ,
42.Nm des_cipher
43.Nd DES encryption
44.Sh SYNOPSIS
45.Fd #include <unistd.h>
46.Ft char
47.Fn *crypt "const char *key" "const char *setting"
48.Ft int
49.Fn setkey "char *key"
50.Ft int
51.Fn encrypt "char *block" "int flag"
52.Ft int
53.Fn des_setkey "const char *key"
54.Ft int
55.Fn des_cipher "const char *in" "char *out" "int32_t salt" "int count"
56.Sh DESCRIPTION
57The
58.Fn crypt
59function performs password encryption, based on the
60.Tn NBS
61Data Encryption Standard (DES).
62Additional code has been added to deter key search attempts and to use
63stronger hashing algorithms.
64The first argument to
65.Fn crypt
66is a
67.Dv null Ns -terminated
68string, typically a user's typed password.
69The second is in one of three forms:
70if it begins with an underscore (``_'') then an extended format is used
71in interpreting both the key and the setting, as outlined below. If it begins
72with an string character (``$'') and a number then a different algorithm
73is used depending on the number. At the moment a ``$1'' chooses MD5 hashing
74and a ``$2'' chooses Blowfish hashing, see below for more information.
75.Ss Extended crypt:
76.Pp
77The
78.Ar key
79is divided into groups of 8 characters (the last group is null-padded)
80and the low-order 7 bits of each each character (56 bits per group) are
81used to form the DES key as follows:
82the first group of 56 bits becomes the initial DES key.
83For each additional group, the XOR of the encryption of the current DES
84key with itself and the group bits becomes the next DES key.
85.Pp
86The setting is a 9-character array consisting of an underscore followed
87by 4 bytes of iteration count and 4 bytes of salt.
88These are encoded as printable characters, 6 bits per character,
89least significant character first.
90The values 0 to 63 are encoded as ``./0-9A-Za-z''.
91This allows 24 bits for both
92.Fa count
93and
94.Fa salt .
95.Ss "MD5" crypt:
96.Pp
97For
98.Tn MD5
99crypt the version number,
100.Fa salt
101and the hashed password are separated
102by the ``$'' character. The maximum length of a password is limited by
103the length counter of the MD5 context, which is about
1042**64. A valid MD5 password entry looks like this:
105.Pp
106``$1$caeiHQwX$hsKqOjrFRRN6K32OWkCBf1''.
107.Pp
108The whole MD5 password string is passed as
109.Fa setting
110for interpretation.
111.Ss "Blowfish" crypt:
112.Pp
113The
114.Tn Blowfish
115version of crypt has 128 bits of
116.Fa salt
117in order to make building
118dictionaries of common passwords space consuming. The initial state
119of the
120.Tn Blowfish
121cipher is expanded using the
122.Fa salt
123and the
124.Fa password
125repeating the process a variable number of rounds, which is encoded in
126the password string. The maximum password length is 72. The final Blowfish
127password entry is created by encrypting
128the string ``OrpheanBeholderScryDoubt'' with the
129.Tn Blowfish
130state 64 times.
131.Pp
132The version number, the logarithm of the number of rounds and
133the concatenation of salt and
134hashed password are separated by the ``$'' character. An encoded ``8''
135would specify 256 rounds.
136A valid Blowfish password looks like this:
137.Pp
138``$2a$12$eIAq8PR8sIUnJ1HaohxX2O9x9Qlm2vK97LJ5dsXdmB.eXF42qjchC''.
139.Pp
140The whole Blowfish password string is passed as
141.Fa setting
142for interpretation.
143.Ss "Traditional" crypt:
144.Pp
145The first 8 bytes of the key are null-padded, and the low-order 7 bits of
146each character is used to form the 56-bit
147.Tn DES
148key.
149.Pp
150The setting is a 2-character array of the ASCII-encoded salt.
151Thus only 12 bits of
152.Fa salt
153are used.
154.Fa count
155is set to 25.
156.Ss DES Algorithm:
157.Pp
158The
159.Fa salt
160introduces disorder in the
161.Tn DES
162algorithm in one of 16777216 or 4096 possible ways
163(ie. with 24 or 12 bits: if bit
164.Em i
165of the
166.Ar salt
167is set, then bits
168.Em i
169and
170.Em i+24
171are swapped in the
172.Tn DES
173E-box output).
174.Pp
175The DES key is used to encrypt a 64-bit constant using
176.Ar count
177iterations of
178.Tn DES .
179The value returned is a
180.Dv null Ns -terminated
181string, 20 or 13 bytes (plus null) in length, consisting of the
182.Ar setting
183followed by the encoded 64-bit encryption.
184.Pp
185The functions,
186.Fn encrypt ,
187.Fn setkey ,
188.Fn des_setkey
189and
190.Fn des_cipher
191provide access to the
192.Tn DES
193algorithm itself.
194.Fn setkey
195is passed a 64-byte array of binary values (numeric 0 or 1).
196A 56-bit key is extracted from this array by dividing the
197array into groups of 8, and ignoring the last bit in each group.
198That bit is reserved for a byte parity check by DES, but is ignored
199by these functions.
200.Pp
201The
202.Fa block
203argument to
204.Fn encrypt
205is also a 64-byte array of binary values.
206If the value of
207.Fa flag
208is 0,
209.Fa block
210is encrypted otherwise it is decrypted.
211The result is returned in the original array
212.Fa block
213after using the key specified by
214.Fn setkey
215to process it.
216.Pp
217The argument to
218.Fn des_setkey
219is a character array of length 8.
220The least significant bit (the parity bit) in each character is ignored,
221and the remaining bits are concatenated to form a 56-bit key.
222The function
223.Fn des_cipher
224encrypts (or decrypts if
225.Fa count
226is negative) the 64-bits stored in the 8 characters at
227.Fa in
228using
229.Xr abs 3
230of
231.Fa count
232iterations of
233.Tn DES
234and stores the 64-bit result in the 8 characters at
235.Fa out
236(which may be the same as
237.Fa in
238).
239The
240.Fa salt
241specifies perturbations to the
242.Tn DES
243E-box output as described above.
244.Pp
245The function
246.Fn crypt
247returns a pointer to the encrypted value on success, and NULL on failure.
248The functions
249.Fn setkey ,
250.Fn encrypt ,
251.Fn des_setkey ,
252and
253.Fn des_cipher
254return 0 on success and 1 on failure.
255.Pp
256The
257.Fn crypt ,
258.Fn setkey
259and
260.Fn des_setkey
261functions all manipulate the same key space.
262.Sh SEE ALSO
263.Xr login 1 ,
264.Xr passwd 1 ,
265.Xr blowfish 3 ,
266.Xr getpass 3 ,
267.Xr md5 3 ,
268.Xr passwd 5
269.Sh BUGS
270The
271.Fn crypt
272function returns a pointer to static data, and subsequent calls to
273.Fn crypt
274will modify the same object.
275.Sh HISTORY
276A rotor-based
277.Fn crypt
278function appeared in
279.At v6 .
280The current style
281.Fn crypt
282first appeared in
283.At v7 .
284.Pp
285This library (FreeSec 1.0) was developed outside the United States of America
286as an unencumbered replacement for the U.S.-only libcrypt encryption
287library.
288Programs linked against the
289.Fn crypt
290interface may be exported from the U.S.A. only if they use
291.Fn crypt
292solely for authentication purposes and avoid use of
293the other programmer interfaces listed above. Special care has been taken
294in the library so that programs which only use the
295.Fn crypt
296interface do not pull in the other components.
297.Sh AUTHOR
298David Burren <davidb@werj.com.au>
diff --git a/src/lib/libc/crypt/crypt.c b/src/lib/libc/crypt/crypt.c
new file mode 100644
index 0000000000..8fd319a4f3
--- /dev/null
+++ b/src/lib/libc/crypt/crypt.c
@@ -0,0 +1,714 @@
1/* $OpenBSD: crypt.c,v 1.13 1998/03/22 19:01:18 niklas Exp $ */
2
3/*
4 * FreeSec: libcrypt
5 *
6 * Copyright (c) 1994 David Burren
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 4. Neither the name of the author nor the names of other contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *
34 * This is an original implementation of the DES and the crypt(3) interfaces
35 * by David Burren <davidb@werj.com.au>.
36 *
37 * An excellent reference on the underlying algorithm (and related
38 * algorithms) is:
39 *
40 * B. Schneier, Applied Cryptography: protocols, algorithms,
41 * and source code in C, John Wiley & Sons, 1994.
42 *
43 * Note that in that book's description of DES the lookups for the initial,
44 * pbox, and final permutations are inverted (this has been brought to the
45 * attention of the author). A list of errata for this book has been
46 * posted to the sci.crypt newsgroup by the author and is available for FTP.
47 *
48 * NOTE:
49 * This file has a static version of des_setkey() so that crypt.o exports
50 * only the crypt() interface. This is required to make binaries linked
51 * against crypt.o exportable or re-exportable from the USA.
52 */
53
54#if defined(LIBC_SCCS) && !defined(lint)
55static char rcsid[] = "$OpenBSD: crypt.c,v 1.13 1998/03/22 19:01:18 niklas Exp $";
56#endif /* LIBC_SCCS and not lint */
57
58#include <sys/types.h>
59#include <sys/param.h>
60#include <pwd.h>
61#include <string.h>
62
63#ifdef DEBUG
64# include <stdio.h>
65#endif
66
67static u_char IP[64] = {
68 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
69 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
70 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
71 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
72};
73
74static u_char inv_key_perm[64];
75static u_char u_key_perm[56];
76static u_char key_perm[56] = {
77 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
78 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
79 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
80 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
81};
82
83static u_char key_shifts[16] = {
84 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
85};
86
87static u_char inv_comp_perm[56];
88static u_char comp_perm[48] = {
89 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
90 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
91 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
92 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
93};
94
95/*
96 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
97 */
98
99static u_char u_sbox[8][64];
100static u_char sbox[8][64] = {
101 {
102 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
103 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
104 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
105 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
106 },
107 {
108 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
109 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
110 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
111 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
112 },
113 {
114 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
115 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
116 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
117 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
118 },
119 {
120 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
121 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
122 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
123 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
124 },
125 {
126 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
127 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
128 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
129 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
130 },
131 {
132 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
133 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
134 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
135 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
136 },
137 {
138 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
139 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
140 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
141 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
142 },
143 {
144 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
145 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
146 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
147 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
148 }
149};
150
151static u_char un_pbox[32];
152static u_char pbox[32] = {
153 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
154 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
155};
156
157static u_int32_t bits32[32] =
158{
159 0x80000000, 0x40000000, 0x20000000, 0x10000000,
160 0x08000000, 0x04000000, 0x02000000, 0x01000000,
161 0x00800000, 0x00400000, 0x00200000, 0x00100000,
162 0x00080000, 0x00040000, 0x00020000, 0x00010000,
163 0x00008000, 0x00004000, 0x00002000, 0x00001000,
164 0x00000800, 0x00000400, 0x00000200, 0x00000100,
165 0x00000080, 0x00000040, 0x00000020, 0x00000010,
166 0x00000008, 0x00000004, 0x00000002, 0x00000001
167};
168
169static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
170
171static u_int32_t saltbits;
172static int32_t old_salt;
173static u_int32_t *bits28, *bits24;
174static u_char init_perm[64], final_perm[64];
175static u_int32_t en_keysl[16], en_keysr[16];
176static u_int32_t de_keysl[16], de_keysr[16];
177static int des_initialised = 0;
178static u_char m_sbox[4][4096];
179static u_int32_t psbox[4][256];
180static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
181static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
182static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
183static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
184static u_int32_t old_rawkey0, old_rawkey1;
185
186static u_char ascii64[] =
187 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
188/* 0000000000111111111122222222223333333333444444444455555555556666 */
189/* 0123456789012345678901234567890123456789012345678901234567890123 */
190
191static __inline int
192ascii_to_bin(ch)
193 char ch;
194{
195 if (ch > 'z')
196 return(0);
197 if (ch >= 'a')
198 return(ch - 'a' + 38);
199 if (ch > 'Z')
200 return(0);
201 if (ch >= 'A')
202 return(ch - 'A' + 12);
203 if (ch > '9')
204 return(0);
205 if (ch >= '.')
206 return(ch - '.');
207 return(0);
208}
209
210static void
211des_init()
212{
213 int i, j, b, k, inbit, obit;
214 u_int32_t *p, *il, *ir, *fl, *fr;
215
216 old_rawkey0 = old_rawkey1 = 0;
217 saltbits = 0;
218 old_salt = 0;
219 bits24 = (bits28 = bits32 + 4) + 4;
220
221 /*
222 * Invert the S-boxes, reordering the input bits.
223 */
224 for (i = 0; i < 8; i++)
225 for (j = 0; j < 64; j++) {
226 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
227 u_sbox[i][j] = sbox[i][b];
228 }
229
230 /*
231 * Convert the inverted S-boxes into 4 arrays of 8 bits.
232 * Each will handle 12 bits of the S-box input.
233 */
234 for (b = 0; b < 4; b++)
235 for (i = 0; i < 64; i++)
236 for (j = 0; j < 64; j++)
237 m_sbox[b][(i << 6) | j] =
238 (u_sbox[(b << 1)][i] << 4) |
239 u_sbox[(b << 1) + 1][j];
240
241 /*
242 * Set up the initial & final permutations into a useful form, and
243 * initialise the inverted key permutation.
244 */
245 for (i = 0; i < 64; i++) {
246 init_perm[final_perm[i] = IP[i] - 1] = i;
247 inv_key_perm[i] = 255;
248 }
249
250 /*
251 * Invert the key permutation and initialise the inverted key
252 * compression permutation.
253 */
254 for (i = 0; i < 56; i++) {
255 u_key_perm[i] = key_perm[i] - 1;
256 inv_key_perm[key_perm[i] - 1] = i;
257 inv_comp_perm[i] = 255;
258 }
259
260 /*
261 * Invert the key compression permutation.
262 */
263 for (i = 0; i < 48; i++) {
264 inv_comp_perm[comp_perm[i] - 1] = i;
265 }
266
267 /*
268 * Set up the OR-mask arrays for the initial and final permutations,
269 * and for the key initial and compression permutations.
270 */
271 for (k = 0; k < 8; k++) {
272 for (i = 0; i < 256; i++) {
273 *(il = &ip_maskl[k][i]) = 0;
274 *(ir = &ip_maskr[k][i]) = 0;
275 *(fl = &fp_maskl[k][i]) = 0;
276 *(fr = &fp_maskr[k][i]) = 0;
277 for (j = 0; j < 8; j++) {
278 inbit = 8 * k + j;
279 if (i & bits8[j]) {
280 if ((obit = init_perm[inbit]) < 32)
281 *il |= bits32[obit];
282 else
283 *ir |= bits32[obit-32];
284 if ((obit = final_perm[inbit]) < 32)
285 *fl |= bits32[obit];
286 else
287 *fr |= bits32[obit - 32];
288 }
289 }
290 }
291 for (i = 0; i < 128; i++) {
292 *(il = &key_perm_maskl[k][i]) = 0;
293 *(ir = &key_perm_maskr[k][i]) = 0;
294 for (j = 0; j < 7; j++) {
295 inbit = 8 * k + j;
296 if (i & bits8[j + 1]) {
297 if ((obit = inv_key_perm[inbit]) == 255)
298 continue;
299 if (obit < 28)
300 *il |= bits28[obit];
301 else
302 *ir |= bits28[obit - 28];
303 }
304 }
305 *(il = &comp_maskl[k][i]) = 0;
306 *(ir = &comp_maskr[k][i]) = 0;
307 for (j = 0; j < 7; j++) {
308 inbit = 7 * k + j;
309 if (i & bits8[j + 1]) {
310 if ((obit=inv_comp_perm[inbit]) == 255)
311 continue;
312 if (obit < 24)
313 *il |= bits24[obit];
314 else
315 *ir |= bits24[obit - 24];
316 }
317 }
318 }
319 }
320
321 /*
322 * Invert the P-box permutation, and convert into OR-masks for
323 * handling the output of the S-box arrays setup above.
324 */
325 for (i = 0; i < 32; i++)
326 un_pbox[pbox[i] - 1] = i;
327
328 for (b = 0; b < 4; b++)
329 for (i = 0; i < 256; i++) {
330 *(p = &psbox[b][i]) = 0;
331 for (j = 0; j < 8; j++) {
332 if (i & bits8[j])
333 *p |= bits32[un_pbox[8 * b + j]];
334 }
335 }
336
337 des_initialised = 1;
338}
339
340static void
341setup_salt(salt)
342 int32_t salt;
343{
344 u_int32_t obit, saltbit;
345 int i;
346
347 if (salt == old_salt)
348 return;
349 old_salt = salt;
350
351 saltbits = 0;
352 saltbit = 1;
353 obit = 0x800000;
354 for (i = 0; i < 24; i++) {
355 if (salt & saltbit)
356 saltbits |= obit;
357 saltbit <<= 1;
358 obit >>= 1;
359 }
360}
361
362static int
363des_setkey(key)
364 const char *key;
365{
366 u_int32_t k0, k1, rawkey0, rawkey1;
367 int shifts, round;
368
369 if (!des_initialised)
370 des_init();
371
372 rawkey0 = ntohl(*(u_int32_t *) key);
373 rawkey1 = ntohl(*(u_int32_t *) (key + 4));
374
375 if ((rawkey0 | rawkey1)
376 && rawkey0 == old_rawkey0
377 && rawkey1 == old_rawkey1) {
378 /*
379 * Already setup for this key.
380 * This optimisation fails on a zero key (which is weak and
381 * has bad parity anyway) in order to simplify the starting
382 * conditions.
383 */
384 return(0);
385 }
386 old_rawkey0 = rawkey0;
387 old_rawkey1 = rawkey1;
388
389 /*
390 * Do key permutation and split into two 28-bit subkeys.
391 */
392 k0 = key_perm_maskl[0][rawkey0 >> 25]
393 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
394 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
395 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
396 | key_perm_maskl[4][rawkey1 >> 25]
397 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
398 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
399 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
400 k1 = key_perm_maskr[0][rawkey0 >> 25]
401 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
402 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
403 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
404 | key_perm_maskr[4][rawkey1 >> 25]
405 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
406 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
407 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
408 /*
409 * Rotate subkeys and do compression permutation.
410 */
411 shifts = 0;
412 for (round = 0; round < 16; round++) {
413 u_int32_t t0, t1;
414
415 shifts += key_shifts[round];
416
417 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
418 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
419
420 de_keysl[15 - round] =
421 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
422 | comp_maskl[1][(t0 >> 14) & 0x7f]
423 | comp_maskl[2][(t0 >> 7) & 0x7f]
424 | comp_maskl[3][t0 & 0x7f]
425 | comp_maskl[4][(t1 >> 21) & 0x7f]
426 | comp_maskl[5][(t1 >> 14) & 0x7f]
427 | comp_maskl[6][(t1 >> 7) & 0x7f]
428 | comp_maskl[7][t1 & 0x7f];
429
430 de_keysr[15 - round] =
431 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
432 | comp_maskr[1][(t0 >> 14) & 0x7f]
433 | comp_maskr[2][(t0 >> 7) & 0x7f]
434 | comp_maskr[3][t0 & 0x7f]
435 | comp_maskr[4][(t1 >> 21) & 0x7f]
436 | comp_maskr[5][(t1 >> 14) & 0x7f]
437 | comp_maskr[6][(t1 >> 7) & 0x7f]
438 | comp_maskr[7][t1 & 0x7f];
439 }
440 return(0);
441}
442
443static int
444do_des(l_in, r_in, l_out, r_out, count)
445 u_int32_t l_in, r_in, *l_out, *r_out;
446 int count;
447{
448 /*
449 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
450 */
451 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
452 u_int32_t f, r48l, r48r;
453 int round;
454
455 if (count == 0) {
456 return(1);
457 } else if (count > 0) {
458 /*
459 * Encrypting
460 */
461 kl1 = en_keysl;
462 kr1 = en_keysr;
463 } else {
464 /*
465 * Decrypting
466 */
467 count = -count;
468 kl1 = de_keysl;
469 kr1 = de_keysr;
470 }
471
472 /*
473 * Do initial permutation (IP).
474 */
475 l = ip_maskl[0][l_in >> 24]
476 | ip_maskl[1][(l_in >> 16) & 0xff]
477 | ip_maskl[2][(l_in >> 8) & 0xff]
478 | ip_maskl[3][l_in & 0xff]
479 | ip_maskl[4][r_in >> 24]
480 | ip_maskl[5][(r_in >> 16) & 0xff]
481 | ip_maskl[6][(r_in >> 8) & 0xff]
482 | ip_maskl[7][r_in & 0xff];
483 r = ip_maskr[0][l_in >> 24]
484 | ip_maskr[1][(l_in >> 16) & 0xff]
485 | ip_maskr[2][(l_in >> 8) & 0xff]
486 | ip_maskr[3][l_in & 0xff]
487 | ip_maskr[4][r_in >> 24]
488 | ip_maskr[5][(r_in >> 16) & 0xff]
489 | ip_maskr[6][(r_in >> 8) & 0xff]
490 | ip_maskr[7][r_in & 0xff];
491
492 while (count--) {
493 /*
494 * Do each round.
495 */
496 kl = kl1;
497 kr = kr1;
498 round = 16;
499 while (round--) {
500 /*
501 * Expand R to 48 bits (simulate the E-box).
502 */
503 r48l = ((r & 0x00000001) << 23)
504 | ((r & 0xf8000000) >> 9)
505 | ((r & 0x1f800000) >> 11)
506 | ((r & 0x01f80000) >> 13)
507 | ((r & 0x001f8000) >> 15);
508
509 r48r = ((r & 0x0001f800) << 7)
510 | ((r & 0x00001f80) << 5)
511 | ((r & 0x000001f8) << 3)
512 | ((r & 0x0000001f) << 1)
513 | ((r & 0x80000000) >> 31);
514 /*
515 * Do salting for crypt() and friends, and
516 * XOR with the permuted key.
517 */
518 f = (r48l ^ r48r) & saltbits;
519 r48l ^= f ^ *kl++;
520 r48r ^= f ^ *kr++;
521 /*
522 * Do sbox lookups (which shrink it back to 32 bits)
523 * and do the pbox permutation at the same time.
524 */
525 f = psbox[0][m_sbox[0][r48l >> 12]]
526 | psbox[1][m_sbox[1][r48l & 0xfff]]
527 | psbox[2][m_sbox[2][r48r >> 12]]
528 | psbox[3][m_sbox[3][r48r & 0xfff]];
529 /*
530 * Now that we've permuted things, complete f().
531 */
532 f ^= l;
533 l = r;
534 r = f;
535 }
536 r = l;
537 l = f;
538 }
539 /*
540 * Do final permutation (inverse of IP).
541 */
542 *l_out = fp_maskl[0][l >> 24]
543 | fp_maskl[1][(l >> 16) & 0xff]
544 | fp_maskl[2][(l >> 8) & 0xff]
545 | fp_maskl[3][l & 0xff]
546 | fp_maskl[4][r >> 24]
547 | fp_maskl[5][(r >> 16) & 0xff]
548 | fp_maskl[6][(r >> 8) & 0xff]
549 | fp_maskl[7][r & 0xff];
550 *r_out = fp_maskr[0][l >> 24]
551 | fp_maskr[1][(l >> 16) & 0xff]
552 | fp_maskr[2][(l >> 8) & 0xff]
553 | fp_maskr[3][l & 0xff]
554 | fp_maskr[4][r >> 24]
555 | fp_maskr[5][(r >> 16) & 0xff]
556 | fp_maskr[6][(r >> 8) & 0xff]
557 | fp_maskr[7][r & 0xff];
558 return(0);
559}
560
561static int
562des_cipher(in, out, salt, count)
563 const char *in;
564 char *out;
565 int32_t salt;
566 int count;
567{
568 u_int32_t l_out, r_out, rawl, rawr;
569 u_int32_t x[2];
570 int retval;
571
572 if (!des_initialised)
573 des_init();
574
575 setup_salt(salt);
576
577 memcpy(x, in, sizeof x);
578 rawl = ntohl(x[0]);
579 rawr = ntohl(x[1]);
580 retval = do_des(rawl, rawr, &l_out, &r_out, count);
581
582 x[0] = htonl(l_out);
583 x[1] = htonl(r_out);
584 memcpy(out, x, sizeof x);
585 return(retval);
586}
587
588char *
589crypt(key, setting)
590 const char *key;
591 const char *setting;
592{
593 int i;
594 u_int32_t count, salt, l, r0, r1, keybuf[2];
595 u_char *p, *q;
596 static u_char output[21];
597 extern char *md5crypt __P((const char *, const char *));
598 extern char *bcrypt __P((const char *, const char *));
599
600 if (setting[0] == '$') {
601 switch (setting[1]) {
602 case '1':
603 return (md5crypt(key, setting));
604 default:
605 return bcrypt(key, setting);
606 }
607 }
608
609 if (!des_initialised)
610 des_init();
611
612 /*
613 * Copy the key, shifting each character up by one bit
614 * and padding with zeros.
615 */
616 q = (u_char *) keybuf;
617 while ((q - (u_char *) keybuf) < sizeof(keybuf)) {
618 if ((*q++ = *key << 1))
619 key++;
620 }
621 if (des_setkey((u_char *) keybuf))
622 return(NULL);
623
624 if (*setting == _PASSWORD_EFMT1) {
625 /*
626 * "new"-style:
627 * setting - underscore, 4 bytes of count, 4 bytes of salt
628 * key - unlimited characters
629 */
630 for (i = 1, count = 0; i < 5; i++)
631 count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
632
633 for (i = 5, salt = 0; i < 9; i++)
634 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
635
636 while (*key) {
637 /*
638 * Encrypt the key with itself.
639 */
640 if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0, 1))
641 return(NULL);
642 /*
643 * And XOR with the next 8 characters of the key.
644 */
645 q = (u_char *) keybuf;
646 while (((q - (u_char *) keybuf) < sizeof(keybuf)) &&
647 *key)
648 *q++ ^= *key++ << 1;
649
650 if (des_setkey((u_char *) keybuf))
651 return(NULL);
652 }
653 strncpy((char *)output, setting, 9);
654
655 /*
656 * Double check that we weren't given a short setting.
657 * If we were, the above code will probably have created
658 * wierd values for count and salt, but we don't really care.
659 * Just make sure the output string doesn't have an extra
660 * NUL in it.
661 */
662 output[9] = '\0';
663 p = output + strlen((const char *)output);
664 } else {
665 /*
666 * "old"-style:
667 * setting - 2 bytes of salt
668 * key - up to 8 characters
669 */
670 count = 25;
671
672 salt = (ascii_to_bin(setting[1]) << 6)
673 | ascii_to_bin(setting[0]);
674
675 output[0] = setting[0];
676 /*
677 * If the encrypted password that the salt was extracted from
678 * is only 1 character long, the salt will be corrupted. We
679 * need to ensure that the output string doesn't have an extra
680 * NUL in it!
681 */
682 output[1] = setting[1] ? setting[1] : output[0];
683
684 p = output + 2;
685 }
686 setup_salt(salt);
687 /*
688 * Do it.
689 */
690 if (do_des(0, 0, &r0, &r1, count))
691 return(NULL);
692 /*
693 * Now encode the result...
694 */
695 l = (r0 >> 8);
696 *p++ = ascii64[(l >> 18) & 0x3f];
697 *p++ = ascii64[(l >> 12) & 0x3f];
698 *p++ = ascii64[(l >> 6) & 0x3f];
699 *p++ = ascii64[l & 0x3f];
700
701 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
702 *p++ = ascii64[(l >> 18) & 0x3f];
703 *p++ = ascii64[(l >> 12) & 0x3f];
704 *p++ = ascii64[(l >> 6) & 0x3f];
705 *p++ = ascii64[l & 0x3f];
706
707 l = r1 << 2;
708 *p++ = ascii64[(l >> 12) & 0x3f];
709 *p++ = ascii64[(l >> 6) & 0x3f];
710 *p++ = ascii64[l & 0x3f];
711 *p = 0;
712
713 return((char *)output);
714}
diff --git a/src/lib/libc/crypt/md5crypt.c b/src/lib/libc/crypt/md5crypt.c
new file mode 100644
index 0000000000..7ec60f38e0
--- /dev/null
+++ b/src/lib/libc/crypt/md5crypt.c
@@ -0,0 +1,157 @@
1/* $OpenBSD: md5crypt.c,v 1.9 1997/07/23 20:58:27 kstailey Exp $ */
2
3/*
4 * ----------------------------------------------------------------------------
5 * "THE BEER-WARE LICENSE" (Revision 42):
6 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
7 * can do whatever you want with this stuff. If we meet some day, and you think
8 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
9 * ----------------------------------------------------------------------------
10 *
11 * $FreeBSD: crypt.c,v 1.5 1996/10/14 08:34:02 phk Exp $
12 *
13 */
14
15#if defined(LIBC_SCCS) && !defined(lint)
16static char rcsid[] = "$OpenBSD: md5crypt.c,v 1.9 1997/07/23 20:58:27 kstailey Exp $";
17#endif /* LIBC_SCCS and not lint */
18
19#include <unistd.h>
20#include <stdio.h>
21#include <string.h>
22#include <md5.h>
23#include <string.h>
24
25static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */
26 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
27
28static void to64 __P((char *, u_int32_t, int));
29
30static void
31to64(s, v, n)
32 char *s;
33 u_int32_t v;
34 int n;
35{
36 while (--n >= 0) {
37 *s++ = itoa64[v&0x3f];
38 v >>= 6;
39 }
40}
41
42/*
43 * UNIX password
44 *
45 * Use MD5 for what it is best at...
46 */
47
48char *
49md5crypt(pw, salt)
50 register const char *pw;
51 register const char *salt;
52{
53 /*
54 * This string is magic for this algorithm. Having
55 * it this way, we can get get better later on
56 */
57 static unsigned char *magic = (unsigned char *)"$1$";
58
59 static char passwd[120], *p;
60 static const unsigned char *sp,*ep;
61 unsigned char final[16];
62 int sl,pl,i;
63 MD5_CTX ctx,ctx1;
64 u_int32_t l;
65
66 /* Refine the Salt first */
67 sp = (const unsigned char *)salt;
68
69 /* If it starts with the magic string, then skip that */
70 if(!strncmp((const char *)sp,(const char *)magic,strlen((const char *)magic)))
71 sp += strlen((const char *)magic);
72
73 /* It stops at the first '$', max 8 chars */
74 for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
75 continue;
76
77 /* get the length of the true salt */
78 sl = ep - sp;
79
80 MD5Init(&ctx);
81
82 /* The password first, since that is what is most unknown */
83 MD5Update(&ctx,(const unsigned char *)pw,strlen(pw));
84
85 /* Then our magic string */
86 MD5Update(&ctx,magic,strlen((const char *)magic));
87
88 /* Then the raw salt */
89 MD5Update(&ctx,sp,sl);
90
91 /* Then just as many characters of the MD5(pw,salt,pw) */
92 MD5Init(&ctx1);
93 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
94 MD5Update(&ctx1,sp,sl);
95 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
96 MD5Final(final,&ctx1);
97 for(pl = strlen(pw); pl > 0; pl -= 16)
98 MD5Update(&ctx,final,pl>16 ? 16 : pl);
99
100 /* Don't leave anything around in vm they could use. */
101 memset(final,0,sizeof final);
102
103 /* Then something really weird... */
104 for (i = strlen(pw); i ; i >>= 1)
105 if(i&1)
106 MD5Update(&ctx, final, 1);
107 else
108 MD5Update(&ctx, (const unsigned char *)pw, 1);
109
110 /* Now make the output string */
111 strcpy(passwd,(const char *)magic);
112 strncat(passwd,(const char *)sp,sl);
113 strcat(passwd,"$");
114
115 MD5Final(final,&ctx);
116
117 /*
118 * and now, just to make sure things don't run too fast
119 * On a 60 Mhz Pentium this takes 34 msec, so you would
120 * need 30 seconds to build a 1000 entry dictionary...
121 */
122 for(i=0;i<1000;i++) {
123 MD5Init(&ctx1);
124 if(i & 1)
125 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
126 else
127 MD5Update(&ctx1,final,16);
128
129 if(i % 3)
130 MD5Update(&ctx1,sp,sl);
131
132 if(i % 7)
133 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
134
135 if(i & 1)
136 MD5Update(&ctx1,final,16);
137 else
138 MD5Update(&ctx1,(const unsigned char *)pw,strlen(pw));
139 MD5Final(final,&ctx1);
140 }
141
142 p = passwd + strlen(passwd);
143
144 l = (final[ 0]<<16) | (final[ 6]<<8) | final[12]; to64(p,l,4); p += 4;
145 l = (final[ 1]<<16) | (final[ 7]<<8) | final[13]; to64(p,l,4); p += 4;
146 l = (final[ 2]<<16) | (final[ 8]<<8) | final[14]; to64(p,l,4); p += 4;
147 l = (final[ 3]<<16) | (final[ 9]<<8) | final[15]; to64(p,l,4); p += 4;
148 l = (final[ 4]<<16) | (final[10]<<8) | final[ 5]; to64(p,l,4); p += 4;
149 l = final[11] ; to64(p,l,2); p += 2;
150 *p = '\0';
151
152 /* Don't leave anything around in vm they could use. */
153 memset(final,0,sizeof final);
154
155 return passwd;
156}
157
diff --git a/src/lib/libc/crypt/morecrypt.c b/src/lib/libc/crypt/morecrypt.c
new file mode 100644
index 0000000000..e9e0ced4c1
--- /dev/null
+++ b/src/lib/libc/crypt/morecrypt.c
@@ -0,0 +1,628 @@
1/* $OpenBSD: morecrypt.c,v 1.9 1998/03/22 19:01:20 niklas Exp $ */
2
3/*
4 * FreeSec: libcrypt
5 *
6 * Copyright (c) 1994 David Burren
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 4. Neither the name of the author nor the names of other contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *
34 * This is an original implementation of the DES and the crypt(3) interfaces
35 * by David Burren <davidb@werj.com.au>.
36 *
37 * An excellent reference on the underlying algorithm (and related
38 * algorithms) is:
39 *
40 * B. Schneier, Applied Cryptography: protocols, algorithms,
41 * and source code in C, John Wiley & Sons, 1994.
42 *
43 * Note that in that book's description of DES the lookups for the initial,
44 * pbox, and final permutations are inverted (this has been brought to the
45 * attention of the author). A list of errata for this book has been
46 * posted to the sci.crypt newsgroup by the author and is available for FTP.
47 *
48 * NOTE:
49 * This file must copy certain chunks of crypt.c for legal reasons.
50 * crypt.c can only export the interface crypt(), to make binaries
51 * exportable from the USA. Hence, to also have the other crypto interfaces
52 * available we have to copy pieces...
53 */
54
55#if defined(LIBC_SCCS) && !defined(lint)
56static char rcsid[] = "$OpenBSD: morecrypt.c,v 1.9 1998/03/22 19:01:20 niklas Exp $";
57#endif /* LIBC_SCCS and not lint */
58
59#include <sys/types.h>
60#include <sys/param.h>
61#include <pwd.h>
62#include <string.h>
63
64#ifdef DEBUG
65# include <stdio.h>
66#endif
67
68static u_char IP[64] = {
69 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
70 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
71 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
72 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
73};
74
75static u_char inv_key_perm[64];
76static u_char u_key_perm[56];
77static u_char key_perm[56] = {
78 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
79 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
80 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
81 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
82};
83
84static u_char key_shifts[16] = {
85 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
86};
87
88static u_char inv_comp_perm[56];
89static u_char comp_perm[48] = {
90 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
91 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
92 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
93 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
94};
95
96/*
97 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
98 */
99
100static u_char u_sbox[8][64];
101static u_char sbox[8][64] = {
102 {
103 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
104 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
105 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
106 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
107 },
108 {
109 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
110 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
111 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
112 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
113 },
114 {
115 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
116 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
117 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
118 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
119 },
120 {
121 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
122 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
123 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
124 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
125 },
126 {
127 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
128 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
129 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
130 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
131 },
132 {
133 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
134 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
135 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
136 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
137 },
138 {
139 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
140 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
141 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
142 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
143 },
144 {
145 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
146 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
147 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
148 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
149 }
150};
151
152static u_char un_pbox[32];
153static u_char pbox[32] = {
154 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
155 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
156};
157
158static u_int32_t bits32[32] =
159{
160 0x80000000, 0x40000000, 0x20000000, 0x10000000,
161 0x08000000, 0x04000000, 0x02000000, 0x01000000,
162 0x00800000, 0x00400000, 0x00200000, 0x00100000,
163 0x00080000, 0x00040000, 0x00020000, 0x00010000,
164 0x00008000, 0x00004000, 0x00002000, 0x00001000,
165 0x00000800, 0x00000400, 0x00000200, 0x00000100,
166 0x00000080, 0x00000040, 0x00000020, 0x00000010,
167 0x00000008, 0x00000004, 0x00000002, 0x00000001
168};
169
170static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
171
172static u_int32_t saltbits;
173static int32_t old_salt;
174static u_int32_t *bits28, *bits24;
175static u_char init_perm[64], final_perm[64];
176static u_int32_t en_keysl[16], en_keysr[16];
177static u_int32_t de_keysl[16], de_keysr[16];
178static int des_initialised = 0;
179static u_char m_sbox[4][4096];
180static u_int32_t psbox[4][256];
181static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
182static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
183static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
184static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
185static u_int32_t old_rawkey0, old_rawkey1;
186
187static __inline int
188ascii_to_bin(ch)
189 char ch;
190{
191 if (ch > 'z')
192 return(0);
193 if (ch >= 'a')
194 return(ch - 'a' + 38);
195 if (ch > 'Z')
196 return(0);
197 if (ch >= 'A')
198 return(ch - 'A' + 12);
199 if (ch > '9')
200 return(0);
201 if (ch >= '.')
202 return(ch - '.');
203 return(0);
204}
205
206void
207des_init()
208{
209 int i, j, b, k, inbit, obit;
210 u_int32_t *p, *il, *ir, *fl, *fr;
211
212 old_rawkey0 = old_rawkey1 = 0;
213 saltbits = 0;
214 old_salt = 0;
215 bits24 = (bits28 = bits32 + 4) + 4;
216
217 /*
218 * Invert the S-boxes, reordering the input bits.
219 */
220 for (i = 0; i < 8; i++)
221 for (j = 0; j < 64; j++) {
222 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
223 u_sbox[i][j] = sbox[i][b];
224 }
225
226 /*
227 * Convert the inverted S-boxes into 4 arrays of 8 bits.
228 * Each will handle 12 bits of the S-box input.
229 */
230 for (b = 0; b < 4; b++)
231 for (i = 0; i < 64; i++)
232 for (j = 0; j < 64; j++)
233 m_sbox[b][(i << 6) | j] =
234 (u_sbox[(b << 1)][i] << 4) |
235 u_sbox[(b << 1) + 1][j];
236
237 /*
238 * Set up the initial & final permutations into a useful form, and
239 * initialise the inverted key permutation.
240 */
241 for (i = 0; i < 64; i++) {
242 init_perm[final_perm[i] = IP[i] - 1] = i;
243 inv_key_perm[i] = 255;
244 }
245
246 /*
247 * Invert the key permutation and initialise the inverted key
248 * compression permutation.
249 */
250 for (i = 0; i < 56; i++) {
251 u_key_perm[i] = key_perm[i] - 1;
252 inv_key_perm[key_perm[i] - 1] = i;
253 inv_comp_perm[i] = 255;
254 }
255
256 /*
257 * Invert the key compression permutation.
258 */
259 for (i = 0; i < 48; i++) {
260 inv_comp_perm[comp_perm[i] - 1] = i;
261 }
262
263 /*
264 * Set up the OR-mask arrays for the initial and final permutations,
265 * and for the key initial and compression permutations.
266 */
267 for (k = 0; k < 8; k++) {
268 for (i = 0; i < 256; i++) {
269 *(il = &ip_maskl[k][i]) = 0;
270 *(ir = &ip_maskr[k][i]) = 0;
271 *(fl = &fp_maskl[k][i]) = 0;
272 *(fr = &fp_maskr[k][i]) = 0;
273 for (j = 0; j < 8; j++) {
274 inbit = 8 * k + j;
275 if (i & bits8[j]) {
276 if ((obit = init_perm[inbit]) < 32)
277 *il |= bits32[obit];
278 else
279 *ir |= bits32[obit-32];
280 if ((obit = final_perm[inbit]) < 32)
281 *fl |= bits32[obit];
282 else
283 *fr |= bits32[obit - 32];
284 }
285 }
286 }
287 for (i = 0; i < 128; i++) {
288 *(il = &key_perm_maskl[k][i]) = 0;
289 *(ir = &key_perm_maskr[k][i]) = 0;
290 for (j = 0; j < 7; j++) {
291 inbit = 8 * k + j;
292 if (i & bits8[j + 1]) {
293 if ((obit = inv_key_perm[inbit]) == 255)
294 continue;
295 if (obit < 28)
296 *il |= bits28[obit];
297 else
298 *ir |= bits28[obit - 28];
299 }
300 }
301 *(il = &comp_maskl[k][i]) = 0;
302 *(ir = &comp_maskr[k][i]) = 0;
303 for (j = 0; j < 7; j++) {
304 inbit = 7 * k + j;
305 if (i & bits8[j + 1]) {
306 if ((obit=inv_comp_perm[inbit]) == 255)
307 continue;
308 if (obit < 24)
309 *il |= bits24[obit];
310 else
311 *ir |= bits24[obit - 24];
312 }
313 }
314 }
315 }
316
317 /*
318 * Invert the P-box permutation, and convert into OR-masks for
319 * handling the output of the S-box arrays setup above.
320 */
321 for (i = 0; i < 32; i++)
322 un_pbox[pbox[i] - 1] = i;
323
324 for (b = 0; b < 4; b++)
325 for (i = 0; i < 256; i++) {
326 *(p = &psbox[b][i]) = 0;
327 for (j = 0; j < 8; j++) {
328 if (i & bits8[j])
329 *p |= bits32[un_pbox[8 * b + j]];
330 }
331 }
332
333 des_initialised = 1;
334}
335
336void
337setup_salt(salt)
338 int32_t salt;
339{
340 u_int32_t obit, saltbit;
341 int i;
342
343 if (salt == old_salt)
344 return;
345 old_salt = salt;
346
347 saltbits = 0;
348 saltbit = 1;
349 obit = 0x800000;
350 for (i = 0; i < 24; i++) {
351 if (salt & saltbit)
352 saltbits |= obit;
353 saltbit <<= 1;
354 obit >>= 1;
355 }
356}
357
358int
359do_des(l_in, r_in, l_out, r_out, count)
360 u_int32_t l_in, r_in, *l_out, *r_out;
361 int count;
362{
363 /*
364 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
365 */
366 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
367 u_int32_t f, r48l, r48r;
368 int round;
369
370 if (count == 0) {
371 return(1);
372 } else if (count > 0) {
373 /*
374 * Encrypting
375 */
376 kl1 = en_keysl;
377 kr1 = en_keysr;
378 } else {
379 /*
380 * Decrypting
381 */
382 count = -count;
383 kl1 = de_keysl;
384 kr1 = de_keysr;
385 }
386
387 /*
388 * Do initial permutation (IP).
389 */
390 l = ip_maskl[0][l_in >> 24]
391 | ip_maskl[1][(l_in >> 16) & 0xff]
392 | ip_maskl[2][(l_in >> 8) & 0xff]
393 | ip_maskl[3][l_in & 0xff]
394 | ip_maskl[4][r_in >> 24]
395 | ip_maskl[5][(r_in >> 16) & 0xff]
396 | ip_maskl[6][(r_in >> 8) & 0xff]
397 | ip_maskl[7][r_in & 0xff];
398 r = ip_maskr[0][l_in >> 24]
399 | ip_maskr[1][(l_in >> 16) & 0xff]
400 | ip_maskr[2][(l_in >> 8) & 0xff]
401 | ip_maskr[3][l_in & 0xff]
402 | ip_maskr[4][r_in >> 24]
403 | ip_maskr[5][(r_in >> 16) & 0xff]
404 | ip_maskr[6][(r_in >> 8) & 0xff]
405 | ip_maskr[7][r_in & 0xff];
406
407 while (count--) {
408 /*
409 * Do each round.
410 */
411 kl = kl1;
412 kr = kr1;
413 round = 16;
414 while (round--) {
415 /*
416 * Expand R to 48 bits (simulate the E-box).
417 */
418 r48l = ((r & 0x00000001) << 23)
419 | ((r & 0xf8000000) >> 9)
420 | ((r & 0x1f800000) >> 11)
421 | ((r & 0x01f80000) >> 13)
422 | ((r & 0x001f8000) >> 15);
423
424 r48r = ((r & 0x0001f800) << 7)
425 | ((r & 0x00001f80) << 5)
426 | ((r & 0x000001f8) << 3)
427 | ((r & 0x0000001f) << 1)
428 | ((r & 0x80000000) >> 31);
429 /*
430 * Do salting for crypt() and friends, and
431 * XOR with the permuted key.
432 */
433 f = (r48l ^ r48r) & saltbits;
434 r48l ^= f ^ *kl++;
435 r48r ^= f ^ *kr++;
436 /*
437 * Do sbox lookups (which shrink it back to 32 bits)
438 * and do the pbox permutation at the same time.
439 */
440 f = psbox[0][m_sbox[0][r48l >> 12]]
441 | psbox[1][m_sbox[1][r48l & 0xfff]]
442 | psbox[2][m_sbox[2][r48r >> 12]]
443 | psbox[3][m_sbox[3][r48r & 0xfff]];
444 /*
445 * Now that we've permuted things, complete f().
446 */
447 f ^= l;
448 l = r;
449 r = f;
450 }
451 r = l;
452 l = f;
453 }
454 /*
455 * Do final permutation (inverse of IP).
456 */
457 *l_out = fp_maskl[0][l >> 24]
458 | fp_maskl[1][(l >> 16) & 0xff]
459 | fp_maskl[2][(l >> 8) & 0xff]
460 | fp_maskl[3][l & 0xff]
461 | fp_maskl[4][r >> 24]
462 | fp_maskl[5][(r >> 16) & 0xff]
463 | fp_maskl[6][(r >> 8) & 0xff]
464 | fp_maskl[7][r & 0xff];
465 *r_out = fp_maskr[0][l >> 24]
466 | fp_maskr[1][(l >> 16) & 0xff]
467 | fp_maskr[2][(l >> 8) & 0xff]
468 | fp_maskr[3][l & 0xff]
469 | fp_maskr[4][r >> 24]
470 | fp_maskr[5][(r >> 16) & 0xff]
471 | fp_maskr[6][(r >> 8) & 0xff]
472 | fp_maskr[7][r & 0xff];
473 return(0);
474}
475
476int
477des_cipher(in, out, salt, count)
478 const char *in;
479 char *out;
480 long salt;
481 int count;
482{
483 u_int32_t l_out, r_out, rawl, rawr;
484 u_int32_t x[2];
485 int retval;
486
487 if (!des_initialised)
488 des_init();
489
490 setup_salt((int32_t)salt);
491
492 memcpy(x, in, sizeof x);
493 rawl = ntohl(x[0]);
494 rawr = ntohl(x[1]);
495 retval = do_des(rawl, rawr, &l_out, &r_out, count);
496
497 x[0] = htonl(l_out);
498 x[1] = htonl(r_out);
499 memcpy(out, x, sizeof x);
500 return(retval);
501}
502
503int
504des_setkey(key)
505 const char *key;
506{
507 u_int32_t k0, k1, rawkey0, rawkey1;
508 int shifts, round;
509
510 if (!des_initialised)
511 des_init();
512
513 rawkey0 = ntohl(*(u_int32_t *) key);
514 rawkey1 = ntohl(*(u_int32_t *) (key + 4));
515
516 if ((rawkey0 | rawkey1)
517 && rawkey0 == old_rawkey0
518 && rawkey1 == old_rawkey1) {
519 /*
520 * Already setup for this key.
521 * This optimisation fails on a zero key (which is weak and
522 * has bad parity anyway) in order to simplify the starting
523 * conditions.
524 */
525 return(0);
526 }
527 old_rawkey0 = rawkey0;
528 old_rawkey1 = rawkey1;
529
530 /*
531 * Do key permutation and split into two 28-bit subkeys.
532 */
533 k0 = key_perm_maskl[0][rawkey0 >> 25]
534 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
535 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
536 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
537 | key_perm_maskl[4][rawkey1 >> 25]
538 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
539 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
540 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
541 k1 = key_perm_maskr[0][rawkey0 >> 25]
542 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
543 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
544 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
545 | key_perm_maskr[4][rawkey1 >> 25]
546 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
547 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
548 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
549 /*
550 * Rotate subkeys and do compression permutation.
551 */
552 shifts = 0;
553 for (round = 0; round < 16; round++) {
554 u_int32_t t0, t1;
555
556 shifts += key_shifts[round];
557
558 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
559 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
560
561 de_keysl[15 - round] =
562 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
563 | comp_maskl[1][(t0 >> 14) & 0x7f]
564 | comp_maskl[2][(t0 >> 7) & 0x7f]
565 | comp_maskl[3][t0 & 0x7f]
566 | comp_maskl[4][(t1 >> 21) & 0x7f]
567 | comp_maskl[5][(t1 >> 14) & 0x7f]
568 | comp_maskl[6][(t1 >> 7) & 0x7f]
569 | comp_maskl[7][t1 & 0x7f];
570
571 de_keysr[15 - round] =
572 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
573 | comp_maskr[1][(t0 >> 14) & 0x7f]
574 | comp_maskr[2][(t0 >> 7) & 0x7f]
575 | comp_maskr[3][t0 & 0x7f]
576 | comp_maskr[4][(t1 >> 21) & 0x7f]
577 | comp_maskr[5][(t1 >> 14) & 0x7f]
578 | comp_maskr[6][(t1 >> 7) & 0x7f]
579 | comp_maskr[7][t1 & 0x7f];
580 }
581 return(0);
582}
583
584int
585setkey(key)
586 const char *key;
587{
588 int i, j;
589 u_int32_t packed_keys[2];
590 u_char *p;
591
592 p = (u_char *) packed_keys;
593
594 for (i = 0; i < 8; i++) {
595 p[i] = 0;
596 for (j = 0; j < 8; j++)
597 if (*key++ & 1)
598 p[i] |= bits8[j];
599 }
600 return(des_setkey(p));
601}
602
603int
604encrypt(block, flag)
605 char *block;
606 int flag;
607{
608 u_int32_t io[2];
609 u_char *p;
610 int i, j, retval;
611
612 if (!des_initialised)
613 des_init();
614
615 setup_salt((int32_t)0);
616 p = (u_char *)block;
617 for (i = 0; i < 2; i++) {
618 io[i] = 0L;
619 for (j = 0; j < 32; j++)
620 if (*p++ & 1)
621 io[i] |= bits32[j];
622 }
623 retval = do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
624 for (i = 0; i < 2; i++)
625 for (j = 0; j < 32; j++)
626 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
627 return(retval);
628}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-08 07:39:03 +0000