1 /* $OpenBSD: crypt.c,v 1.20 2005/08/08 08:05:33 espie Exp $ */ 2 3 /* 4 * FreeSec: libcrypt 5 * 6 * Copyright (c) 1994 David Burren 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 4. Neither the name of the author nor the names of other contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * 34 * This is an original implementation of the DES and the crypt(3) interfaces 35 * by David Burren <davidb@werj.com.au>. 36 * 37 * An excellent reference on the underlying algorithm (and related 38 * algorithms) is: 39 * 40 * B. Schneier, Applied Cryptography: protocols, algorithms, 41 * and source code in C, John Wiley & Sons, 1994. 42 * 43 * Note that in that book's description of DES the lookups for the initial, 44 * pbox, and final permutations are inverted (this has been brought to the 45 * attention of the author). A list of errata for this book has been 46 * posted to the sci.crypt newsgroup by the author and is available for FTP. 47 */ 48 49 #include <sys/types.h> 50 #include <sys/param.h> 51 #include <pwd.h> 52 #include <unistd.h> 53 #include <string.h> 54 55 #ifdef DEBUG 56 # include <stdio.h> 57 #endif 58 59 static const u_char IP[64] = { 60 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 61 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 62 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 63 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 64 }; 65 66 static u_char inv_key_perm[64]; 67 static u_char u_key_perm[56]; 68 static u_char const key_perm[56] = { 69 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 70 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 71 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 72 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 73 }; 74 75 static const u_char key_shifts[16] = { 76 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 77 }; 78 79 static u_char inv_comp_perm[56]; 80 static const u_char comp_perm[48] = { 81 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 82 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 83 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 84 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 85 }; 86 87 /* 88 * No E box is used, as it's replaced by some ANDs, shifts, and ORs. 89 */ 90 91 static u_char u_sbox[8][64]; 92 static const u_char sbox[8][64] = { 93 { 94 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 95 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 96 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 97 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 98 }, 99 { 100 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 101 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 102 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 103 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 104 }, 105 { 106 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 107 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 108 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 109 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 110 }, 111 { 112 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 113 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 114 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 115 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 116 }, 117 { 118 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 119 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 120 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 121 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 122 }, 123 { 124 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 125 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 126 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 127 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 128 }, 129 { 130 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 131 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 132 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 133 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 134 }, 135 { 136 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 137 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 138 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 139 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 140 } 141 }; 142 143 static u_char un_pbox[32]; 144 static const u_char pbox[32] = { 145 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 146 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 147 }; 148 149 const u_int32_t _des_bits32[32] = 150 { 151 0x80000000, 0x40000000, 0x20000000, 0x10000000, 152 0x08000000, 0x04000000, 0x02000000, 0x01000000, 153 0x00800000, 0x00400000, 0x00200000, 0x00100000, 154 0x00080000, 0x00040000, 0x00020000, 0x00010000, 155 0x00008000, 0x00004000, 0x00002000, 0x00001000, 156 0x00000800, 0x00000400, 0x00000200, 0x00000100, 157 0x00000080, 0x00000040, 0x00000020, 0x00000010, 158 0x00000008, 0x00000004, 0x00000002, 0x00000001 159 }; 160 161 const u_char _des_bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; 162 163 static u_int32_t saltbits; 164 static int32_t old_salt; 165 static const u_int32_t *bits28, *bits24; 166 static u_char init_perm[64], final_perm[64]; 167 static u_int32_t en_keysl[16], en_keysr[16]; 168 static u_int32_t de_keysl[16], de_keysr[16]; 169 int _des_initialised = 0; 170 static u_char m_sbox[4][4096]; 171 static u_int32_t psbox[4][256]; 172 static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; 173 static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; 174 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; 175 static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; 176 static u_int32_t old_rawkey0, old_rawkey1; 177 178 static u_char ascii64[] = 179 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 180 /* 0000000000111111111122222222223333333333444444444455555555556666 */ 181 /* 0123456789012345678901234567890123456789012345678901234567890123 */ 182 183 static __inline int 184 ascii_to_bin(char ch) 185 { 186 if (ch > 'z') 187 return(0); 188 if (ch >= 'a') 189 return(ch - 'a' + 38); 190 if (ch > 'Z') 191 return(0); 192 if (ch >= 'A') 193 return(ch - 'A' + 12); 194 if (ch > '9') 195 return(0); 196 if (ch >= '.') 197 return(ch - '.'); 198 return(0); 199 } 200 201 void 202 _des_init(void) 203 { 204 int i, j, b, k, inbit, obit; 205 u_int32_t *p, *il, *ir, *fl, *fr; 206 207 old_rawkey0 = old_rawkey1 = 0; 208 saltbits = 0; 209 old_salt = 0; 210 bits24 = (bits28 = _des_bits32 + 4) + 4; 211 212 /* 213 * Invert the S-boxes, reordering the input bits. 214 */ 215 for (i = 0; i < 8; i++) 216 for (j = 0; j < 64; j++) { 217 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); 218 u_sbox[i][j] = sbox[i][b]; 219 } 220 221 /* 222 * Convert the inverted S-boxes into 4 arrays of 8 bits. 223 * Each will handle 12 bits of the S-box input. 224 */ 225 for (b = 0; b < 4; b++) 226 for (i = 0; i < 64; i++) 227 for (j = 0; j < 64; j++) 228 m_sbox[b][(i << 6) | j] = 229 (u_sbox[(b << 1)][i] << 4) | 230 u_sbox[(b << 1) + 1][j]; 231 232 /* 233 * Set up the initial & final permutations into a useful form, and 234 * initialise the inverted key permutation. 235 */ 236 for (i = 0; i < 64; i++) { 237 init_perm[final_perm[i] = IP[i] - 1] = i; 238 inv_key_perm[i] = 255; 239 } 240 241 /* 242 * Invert the key permutation and initialise the inverted key 243 * compression permutation. 244 */ 245 for (i = 0; i < 56; i++) { 246 u_key_perm[i] = key_perm[i] - 1; 247 inv_key_perm[key_perm[i] - 1] = i; 248 inv_comp_perm[i] = 255; 249 } 250 251 /* 252 * Invert the key compression permutation. 253 */ 254 for (i = 0; i < 48; i++) { 255 inv_comp_perm[comp_perm[i] - 1] = i; 256 } 257 258 /* 259 * Set up the OR-mask arrays for the initial and final permutations, 260 * and for the key initial and compression permutations. 261 */ 262 for (k = 0; k < 8; k++) { 263 for (i = 0; i < 256; i++) { 264 *(il = &ip_maskl[k][i]) = 0; 265 *(ir = &ip_maskr[k][i]) = 0; 266 *(fl = &fp_maskl[k][i]) = 0; 267 *(fr = &fp_maskr[k][i]) = 0; 268 for (j = 0; j < 8; j++) { 269 inbit = 8 * k + j; 270 if (i & _des_bits8[j]) { 271 if ((obit = init_perm[inbit]) < 32) 272 *il |= _des_bits32[obit]; 273 else 274 *ir |= _des_bits32[obit-32]; 275 if ((obit = final_perm[inbit]) < 32) 276 *fl |= _des_bits32[obit]; 277 else 278 *fr |= _des_bits32[obit - 32]; 279 } 280 } 281 } 282 for (i = 0; i < 128; i++) { 283 *(il = &key_perm_maskl[k][i]) = 0; 284 *(ir = &key_perm_maskr[k][i]) = 0; 285 for (j = 0; j < 7; j++) { 286 inbit = 8 * k + j; 287 if (i & _des_bits8[j + 1]) { 288 if ((obit = inv_key_perm[inbit]) == 255) 289 continue; 290 if (obit < 28) 291 *il |= bits28[obit]; 292 else 293 *ir |= bits28[obit - 28]; 294 } 295 } 296 *(il = &comp_maskl[k][i]) = 0; 297 *(ir = &comp_maskr[k][i]) = 0; 298 for (j = 0; j < 7; j++) { 299 inbit = 7 * k + j; 300 if (i & _des_bits8[j + 1]) { 301 if ((obit=inv_comp_perm[inbit]) == 255) 302 continue; 303 if (obit < 24) 304 *il |= bits24[obit]; 305 else 306 *ir |= bits24[obit - 24]; 307 } 308 } 309 } 310 } 311 312 /* 313 * Invert the P-box permutation, and convert into OR-masks for 314 * handling the output of the S-box arrays setup above. 315 */ 316 for (i = 0; i < 32; i++) 317 un_pbox[pbox[i] - 1] = i; 318 319 for (b = 0; b < 4; b++) 320 for (i = 0; i < 256; i++) { 321 *(p = &psbox[b][i]) = 0; 322 for (j = 0; j < 8; j++) { 323 if (i & _des_bits8[j]) 324 *p |= _des_bits32[un_pbox[8 * b + j]]; 325 } 326 } 327 328 _des_initialised = 1; 329 } 330 331 void 332 _des_setup_salt(int32_t salt) 333 { 334 u_int32_t obit, saltbit; 335 int i; 336 337 if (salt == old_salt) 338 return; 339 old_salt = salt; 340 341 saltbits = 0; 342 saltbit = 1; 343 obit = 0x800000; 344 for (i = 0; i < 24; i++) { 345 if (salt & saltbit) 346 saltbits |= obit; 347 saltbit <<= 1; 348 obit >>= 1; 349 } 350 } 351 352 int 353 des_setkey(const char *key) 354 { 355 u_int32_t k0, k1, rawkey0, rawkey1; 356 int shifts, round; 357 358 if (!_des_initialised) 359 _des_init(); 360 361 rawkey0 = ntohl(*(u_int32_t *) key); 362 rawkey1 = ntohl(*(u_int32_t *) (key + 4)); 363 364 if ((rawkey0 | rawkey1) 365 && rawkey0 == old_rawkey0 366 && rawkey1 == old_rawkey1) { 367 /* 368 * Already setup for this key. 369 * This optimisation fails on a zero key (which is weak and 370 * has bad parity anyway) in order to simplify the starting 371 * conditions. 372 */ 373 return(0); 374 } 375 old_rawkey0 = rawkey0; 376 old_rawkey1 = rawkey1; 377 378 /* 379 * Do key permutation and split into two 28-bit subkeys. 380 */ 381 k0 = key_perm_maskl[0][rawkey0 >> 25] 382 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] 383 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] 384 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] 385 | key_perm_maskl[4][rawkey1 >> 25] 386 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] 387 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] 388 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; 389 k1 = key_perm_maskr[0][rawkey0 >> 25] 390 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] 391 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] 392 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] 393 | key_perm_maskr[4][rawkey1 >> 25] 394 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] 395 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] 396 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; 397 /* 398 * Rotate subkeys and do compression permutation. 399 */ 400 shifts = 0; 401 for (round = 0; round < 16; round++) { 402 u_int32_t t0, t1; 403 404 shifts += key_shifts[round]; 405 406 t0 = (k0 << shifts) | (k0 >> (28 - shifts)); 407 t1 = (k1 << shifts) | (k1 >> (28 - shifts)); 408 409 de_keysl[15 - round] = 410 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] 411 | comp_maskl[1][(t0 >> 14) & 0x7f] 412 | comp_maskl[2][(t0 >> 7) & 0x7f] 413 | comp_maskl[3][t0 & 0x7f] 414 | comp_maskl[4][(t1 >> 21) & 0x7f] 415 | comp_maskl[5][(t1 >> 14) & 0x7f] 416 | comp_maskl[6][(t1 >> 7) & 0x7f] 417 | comp_maskl[7][t1 & 0x7f]; 418 419 de_keysr[15 - round] = 420 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] 421 | comp_maskr[1][(t0 >> 14) & 0x7f] 422 | comp_maskr[2][(t0 >> 7) & 0x7f] 423 | comp_maskr[3][t0 & 0x7f] 424 | comp_maskr[4][(t1 >> 21) & 0x7f] 425 | comp_maskr[5][(t1 >> 14) & 0x7f] 426 | comp_maskr[6][(t1 >> 7) & 0x7f] 427 | comp_maskr[7][t1 & 0x7f]; 428 } 429 return(0); 430 } 431 432 int 433 _des_do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, 434 int count) 435 { 436 /* 437 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. 438 */ 439 u_int32_t l, r, *kl, *kr, *kl1, *kr1; 440 u_int32_t f, r48l, r48r; 441 int round; 442 443 if (count == 0) { 444 return(1); 445 } else if (count > 0) { 446 /* 447 * Encrypting 448 */ 449 kl1 = en_keysl; 450 kr1 = en_keysr; 451 } else { 452 /* 453 * Decrypting 454 */ 455 count = -count; 456 kl1 = de_keysl; 457 kr1 = de_keysr; 458 } 459 460 /* 461 * Do initial permutation (IP). 462 */ 463 l = ip_maskl[0][l_in >> 24] 464 | ip_maskl[1][(l_in >> 16) & 0xff] 465 | ip_maskl[2][(l_in >> 8) & 0xff] 466 | ip_maskl[3][l_in & 0xff] 467 | ip_maskl[4][r_in >> 24] 468 | ip_maskl[5][(r_in >> 16) & 0xff] 469 | ip_maskl[6][(r_in >> 8) & 0xff] 470 | ip_maskl[7][r_in & 0xff]; 471 r = ip_maskr[0][l_in >> 24] 472 | ip_maskr[1][(l_in >> 16) & 0xff] 473 | ip_maskr[2][(l_in >> 8) & 0xff] 474 | ip_maskr[3][l_in & 0xff] 475 | ip_maskr[4][r_in >> 24] 476 | ip_maskr[5][(r_in >> 16) & 0xff] 477 | ip_maskr[6][(r_in >> 8) & 0xff] 478 | ip_maskr[7][r_in & 0xff]; 479 480 while (count--) { 481 /* 482 * Do each round. 483 */ 484 kl = kl1; 485 kr = kr1; 486 round = 16; 487 while (round--) { 488 /* 489 * Expand R to 48 bits (simulate the E-box). 490 */ 491 r48l = ((r & 0x00000001) << 23) 492 | ((r & 0xf8000000) >> 9) 493 | ((r & 0x1f800000) >> 11) 494 | ((r & 0x01f80000) >> 13) 495 | ((r & 0x001f8000) >> 15); 496 497 r48r = ((r & 0x0001f800) << 7) 498 | ((r & 0x00001f80) << 5) 499 | ((r & 0x000001f8) << 3) 500 | ((r & 0x0000001f) << 1) 501 | ((r & 0x80000000) >> 31); 502 /* 503 * Do salting for crypt() and friends, and 504 * XOR with the permuted key. 505 */ 506 f = (r48l ^ r48r) & saltbits; 507 r48l ^= f ^ *kl++; 508 r48r ^= f ^ *kr++; 509 /* 510 * Do sbox lookups (which shrink it back to 32 bits) 511 * and do the pbox permutation at the same time. 512 */ 513 f = psbox[0][m_sbox[0][r48l >> 12]] 514 | psbox[1][m_sbox[1][r48l & 0xfff]] 515 | psbox[2][m_sbox[2][r48r >> 12]] 516 | psbox[3][m_sbox[3][r48r & 0xfff]]; 517 /* 518 * Now that we've permuted things, complete f(). 519 */ 520 f ^= l; 521 l = r; 522 r = f; 523 } 524 r = l; 525 l = f; 526 } 527 /* 528 * Do final permutation (inverse of IP). 529 */ 530 *l_out = fp_maskl[0][l >> 24] 531 | fp_maskl[1][(l >> 16) & 0xff] 532 | fp_maskl[2][(l >> 8) & 0xff] 533 | fp_maskl[3][l & 0xff] 534 | fp_maskl[4][r >> 24] 535 | fp_maskl[5][(r >> 16) & 0xff] 536 | fp_maskl[6][(r >> 8) & 0xff] 537 | fp_maskl[7][r & 0xff]; 538 *r_out = fp_maskr[0][l >> 24] 539 | fp_maskr[1][(l >> 16) & 0xff] 540 | fp_maskr[2][(l >> 8) & 0xff] 541 | fp_maskr[3][l & 0xff] 542 | fp_maskr[4][r >> 24] 543 | fp_maskr[5][(r >> 16) & 0xff] 544 | fp_maskr[6][(r >> 8) & 0xff] 545 | fp_maskr[7][r & 0xff]; 546 return(0); 547 } 548 549 int 550 des_cipher(const char *in, char *out, int32_t salt, int count) 551 { 552 u_int32_t l_out, r_out, rawl, rawr; 553 u_int32_t x[2]; 554 int retval; 555 556 if (!_des_initialised) 557 _des_init(); 558 559 _des_setup_salt(salt); 560 561 memcpy(x, in, sizeof x); 562 rawl = ntohl(x[0]); 563 rawr = ntohl(x[1]); 564 retval = _des_do_des(rawl, rawr, &l_out, &r_out, count); 565 566 x[0] = htonl(l_out); 567 x[1] = htonl(r_out); 568 memcpy(out, x, sizeof x); 569 return(retval); 570 } 571 572 char * 573 crypt(const char *key, const char *setting) 574 { 575 int i; 576 u_int32_t count, salt, l, r0, r1, keybuf[2]; 577 u_char *p, *q; 578 static u_char output[21]; 579 extern char *md5crypt(const char *, const char *); 580 extern char *bcrypt(const char *, const char *); 581 582 if (setting[0] == '$') { 583 switch (setting[1]) { 584 case '1': 585 return (md5crypt(key, setting)); 586 default: 587 return bcrypt(key, setting); 588 } 589 } 590 591 if (!_des_initialised) 592 _des_init(); 593 594 /* 595 * Copy the key, shifting each character up by one bit 596 * and padding with zeros. 597 */ 598 q = (u_char *) keybuf; 599 while ((q - (u_char *) keybuf) < sizeof(keybuf)) { 600 if ((*q++ = *key << 1)) 601 key++; 602 } 603 if (des_setkey((char *) keybuf)) 604 return(NULL); 605 606 if (*setting == _PASSWORD_EFMT1) { 607 /* 608 * "new"-style: 609 * setting - underscore, 4 bytes of count, 4 bytes of salt 610 * key - unlimited characters 611 */ 612 for (i = 1, count = 0; i < 5; i++) 613 count |= ascii_to_bin(setting[i]) << (i - 1) * 6; 614 615 for (i = 5, salt = 0; i < 9; i++) 616 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; 617 618 while (*key) { 619 /* 620 * Encrypt the key with itself. 621 */ 622 if (des_cipher((char *)keybuf, (char *)keybuf, 0, 1)) 623 return(NULL); 624 /* 625 * And XOR with the next 8 characters of the key. 626 */ 627 q = (u_char *) keybuf; 628 while (((q - (u_char *) keybuf) < sizeof(keybuf)) && 629 *key) 630 *q++ ^= *key++ << 1; 631 632 if (des_setkey((char *) keybuf)) 633 return(NULL); 634 } 635 strlcpy((char *)output, setting, 10); 636 637 /* 638 * Double check that we weren't given a short setting. 639 * If we were, the above code will probably have created 640 * weird values for count and salt, but we don't really care. 641 * Just make sure the output string doesn't have an extra 642 * NUL in it. 643 */ 644 p = output + strlen((const char *)output); 645 } else { 646 /* 647 * "old"-style: 648 * setting - 2 bytes of salt 649 * key - up to 8 characters 650 */ 651 count = 25; 652 653 salt = (ascii_to_bin(setting[1]) << 6) 654 | ascii_to_bin(setting[0]); 655 656 output[0] = setting[0]; 657 /* 658 * If the encrypted password that the salt was extracted from 659 * is only 1 character long, the salt will be corrupted. We 660 * need to ensure that the output string doesn't have an extra 661 * NUL in it! 662 */ 663 output[1] = setting[1] ? setting[1] : output[0]; 664 665 p = output + 2; 666 } 667 _des_setup_salt(salt); 668 669 /* 670 * Do it. 671 */ 672 if (_des_do_des(0, 0, &r0, &r1, count)) 673 return(NULL); 674 /* 675 * Now encode the result... 676 */ 677 l = (r0 >> 8); 678 *p++ = ascii64[(l >> 18) & 0x3f]; 679 *p++ = ascii64[(l >> 12) & 0x3f]; 680 *p++ = ascii64[(l >> 6) & 0x3f]; 681 *p++ = ascii64[l & 0x3f]; 682 683 l = (r0 << 16) | ((r1 >> 16) & 0xffff); 684 *p++ = ascii64[(l >> 18) & 0x3f]; 685 *p++ = ascii64[(l >> 12) & 0x3f]; 686 *p++ = ascii64[(l >> 6) & 0x3f]; 687 *p++ = ascii64[l & 0x3f]; 688 689 l = r1 << 2; 690 *p++ = ascii64[(l >> 12) & 0x3f]; 691 *p++ = ascii64[(l >> 6) & 0x3f]; 692 *p++ = ascii64[l & 0x3f]; 693 *p = 0; 694 695 return((char *)output); 696 } 697