1 /* $OpenBSD: crypt.c,v 1.14 2001/06/27 00:58:53 lebel Exp $ */ 2 3 /* 4 * FreeSec: libcrypt 5 * 6 * Copyright (c) 1994 David Burren 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in the 16 * documentation and/or other materials provided with the distribution. 17 * 4. Neither the name of the author nor the names of other contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * 34 * This is an original implementation of the DES and the crypt(3) interfaces 35 * by David Burren <davidb@werj.com.au>. 36 * 37 * An excellent reference on the underlying algorithm (and related 38 * algorithms) is: 39 * 40 * B. Schneier, Applied Cryptography: protocols, algorithms, 41 * and source code in C, John Wiley & Sons, 1994. 42 * 43 * Note that in that book's description of DES the lookups for the initial, 44 * pbox, and final permutations are inverted (this has been brought to the 45 * attention of the author). A list of errata for this book has been 46 * posted to the sci.crypt newsgroup by the author and is available for FTP. 47 * 48 * NOTE: 49 * This file has a static version of des_setkey() so that crypt.o exports 50 * only the crypt() interface. This is required to make binaries linked 51 * against crypt.o exportable or re-exportable from the USA. 52 */ 53 54 #if defined(LIBC_SCCS) && !defined(lint) 55 static char rcsid[] = "$OpenBSD: crypt.c,v 1.14 2001/06/27 00:58:53 lebel Exp $"; 56 #endif /* LIBC_SCCS and not lint */ 57 58 #include <sys/types.h> 59 #include <sys/param.h> 60 #include <pwd.h> 61 #include <string.h> 62 63 #ifdef DEBUG 64 # include <stdio.h> 65 #endif 66 67 static u_char IP[64] = { 68 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 69 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 70 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 71 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 72 }; 73 74 static u_char inv_key_perm[64]; 75 static u_char u_key_perm[56]; 76 static u_char key_perm[56] = { 77 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 78 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 79 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 80 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 81 }; 82 83 static u_char key_shifts[16] = { 84 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 85 }; 86 87 static u_char inv_comp_perm[56]; 88 static u_char comp_perm[48] = { 89 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 90 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 91 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 92 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 93 }; 94 95 /* 96 * No E box is used, as it's replaced by some ANDs, shifts, and ORs. 97 */ 98 99 static u_char u_sbox[8][64]; 100 static u_char sbox[8][64] = { 101 { 102 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 103 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 104 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 105 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 106 }, 107 { 108 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 109 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 110 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 111 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 112 }, 113 { 114 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 115 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 116 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 117 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 118 }, 119 { 120 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 121 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 122 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 123 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 124 }, 125 { 126 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 127 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 128 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 129 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 130 }, 131 { 132 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 133 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 134 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 135 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 136 }, 137 { 138 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 139 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 140 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 141 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 142 }, 143 { 144 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 145 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 146 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 147 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 148 } 149 }; 150 151 static u_char un_pbox[32]; 152 static u_char pbox[32] = { 153 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 154 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 155 }; 156 157 static u_int32_t bits32[32] = 158 { 159 0x80000000, 0x40000000, 0x20000000, 0x10000000, 160 0x08000000, 0x04000000, 0x02000000, 0x01000000, 161 0x00800000, 0x00400000, 0x00200000, 0x00100000, 162 0x00080000, 0x00040000, 0x00020000, 0x00010000, 163 0x00008000, 0x00004000, 0x00002000, 0x00001000, 164 0x00000800, 0x00000400, 0x00000200, 0x00000100, 165 0x00000080, 0x00000040, 0x00000020, 0x00000010, 166 0x00000008, 0x00000004, 0x00000002, 0x00000001 167 }; 168 169 static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; 170 171 static u_int32_t saltbits; 172 static int32_t old_salt; 173 static u_int32_t *bits28, *bits24; 174 static u_char init_perm[64], final_perm[64]; 175 static u_int32_t en_keysl[16], en_keysr[16]; 176 static u_int32_t de_keysl[16], de_keysr[16]; 177 static int des_initialised = 0; 178 static u_char m_sbox[4][4096]; 179 static u_int32_t psbox[4][256]; 180 static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; 181 static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; 182 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; 183 static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; 184 static u_int32_t old_rawkey0, old_rawkey1; 185 186 static u_char ascii64[] = 187 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 188 /* 0000000000111111111122222222223333333333444444444455555555556666 */ 189 /* 0123456789012345678901234567890123456789012345678901234567890123 */ 190 191 static __inline int 192 ascii_to_bin(ch) 193 char ch; 194 { 195 if (ch > 'z') 196 return(0); 197 if (ch >= 'a') 198 return(ch - 'a' + 38); 199 if (ch > 'Z') 200 return(0); 201 if (ch >= 'A') 202 return(ch - 'A' + 12); 203 if (ch > '9') 204 return(0); 205 if (ch >= '.') 206 return(ch - '.'); 207 return(0); 208 } 209 210 static void 211 des_init() 212 { 213 int i, j, b, k, inbit, obit; 214 u_int32_t *p, *il, *ir, *fl, *fr; 215 216 old_rawkey0 = old_rawkey1 = 0; 217 saltbits = 0; 218 old_salt = 0; 219 bits24 = (bits28 = bits32 + 4) + 4; 220 221 /* 222 * Invert the S-boxes, reordering the input bits. 223 */ 224 for (i = 0; i < 8; i++) 225 for (j = 0; j < 64; j++) { 226 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); 227 u_sbox[i][j] = sbox[i][b]; 228 } 229 230 /* 231 * Convert the inverted S-boxes into 4 arrays of 8 bits. 232 * Each will handle 12 bits of the S-box input. 233 */ 234 for (b = 0; b < 4; b++) 235 for (i = 0; i < 64; i++) 236 for (j = 0; j < 64; j++) 237 m_sbox[b][(i << 6) | j] = 238 (u_sbox[(b << 1)][i] << 4) | 239 u_sbox[(b << 1) + 1][j]; 240 241 /* 242 * Set up the initial & final permutations into a useful form, and 243 * initialise the inverted key permutation. 244 */ 245 for (i = 0; i < 64; i++) { 246 init_perm[final_perm[i] = IP[i] - 1] = i; 247 inv_key_perm[i] = 255; 248 } 249 250 /* 251 * Invert the key permutation and initialise the inverted key 252 * compression permutation. 253 */ 254 for (i = 0; i < 56; i++) { 255 u_key_perm[i] = key_perm[i] - 1; 256 inv_key_perm[key_perm[i] - 1] = i; 257 inv_comp_perm[i] = 255; 258 } 259 260 /* 261 * Invert the key compression permutation. 262 */ 263 for (i = 0; i < 48; i++) { 264 inv_comp_perm[comp_perm[i] - 1] = i; 265 } 266 267 /* 268 * Set up the OR-mask arrays for the initial and final permutations, 269 * and for the key initial and compression permutations. 270 */ 271 for (k = 0; k < 8; k++) { 272 for (i = 0; i < 256; i++) { 273 *(il = &ip_maskl[k][i]) = 0; 274 *(ir = &ip_maskr[k][i]) = 0; 275 *(fl = &fp_maskl[k][i]) = 0; 276 *(fr = &fp_maskr[k][i]) = 0; 277 for (j = 0; j < 8; j++) { 278 inbit = 8 * k + j; 279 if (i & bits8[j]) { 280 if ((obit = init_perm[inbit]) < 32) 281 *il |= bits32[obit]; 282 else 283 *ir |= bits32[obit-32]; 284 if ((obit = final_perm[inbit]) < 32) 285 *fl |= bits32[obit]; 286 else 287 *fr |= bits32[obit - 32]; 288 } 289 } 290 } 291 for (i = 0; i < 128; i++) { 292 *(il = &key_perm_maskl[k][i]) = 0; 293 *(ir = &key_perm_maskr[k][i]) = 0; 294 for (j = 0; j < 7; j++) { 295 inbit = 8 * k + j; 296 if (i & bits8[j + 1]) { 297 if ((obit = inv_key_perm[inbit]) == 255) 298 continue; 299 if (obit < 28) 300 *il |= bits28[obit]; 301 else 302 *ir |= bits28[obit - 28]; 303 } 304 } 305 *(il = &comp_maskl[k][i]) = 0; 306 *(ir = &comp_maskr[k][i]) = 0; 307 for (j = 0; j < 7; j++) { 308 inbit = 7 * k + j; 309 if (i & bits8[j + 1]) { 310 if ((obit=inv_comp_perm[inbit]) == 255) 311 continue; 312 if (obit < 24) 313 *il |= bits24[obit]; 314 else 315 *ir |= bits24[obit - 24]; 316 } 317 } 318 } 319 } 320 321 /* 322 * Invert the P-box permutation, and convert into OR-masks for 323 * handling the output of the S-box arrays setup above. 324 */ 325 for (i = 0; i < 32; i++) 326 un_pbox[pbox[i] - 1] = i; 327 328 for (b = 0; b < 4; b++) 329 for (i = 0; i < 256; i++) { 330 *(p = &psbox[b][i]) = 0; 331 for (j = 0; j < 8; j++) { 332 if (i & bits8[j]) 333 *p |= bits32[un_pbox[8 * b + j]]; 334 } 335 } 336 337 des_initialised = 1; 338 } 339 340 static void 341 setup_salt(salt) 342 int32_t salt; 343 { 344 u_int32_t obit, saltbit; 345 int i; 346 347 if (salt == old_salt) 348 return; 349 old_salt = salt; 350 351 saltbits = 0; 352 saltbit = 1; 353 obit = 0x800000; 354 for (i = 0; i < 24; i++) { 355 if (salt & saltbit) 356 saltbits |= obit; 357 saltbit <<= 1; 358 obit >>= 1; 359 } 360 } 361 362 static int 363 des_setkey(key) 364 const char *key; 365 { 366 u_int32_t k0, k1, rawkey0, rawkey1; 367 int shifts, round; 368 369 if (!des_initialised) 370 des_init(); 371 372 rawkey0 = ntohl(*(u_int32_t *) key); 373 rawkey1 = ntohl(*(u_int32_t *) (key + 4)); 374 375 if ((rawkey0 | rawkey1) 376 && rawkey0 == old_rawkey0 377 && rawkey1 == old_rawkey1) { 378 /* 379 * Already setup for this key. 380 * This optimisation fails on a zero key (which is weak and 381 * has bad parity anyway) in order to simplify the starting 382 * conditions. 383 */ 384 return(0); 385 } 386 old_rawkey0 = rawkey0; 387 old_rawkey1 = rawkey1; 388 389 /* 390 * Do key permutation and split into two 28-bit subkeys. 391 */ 392 k0 = key_perm_maskl[0][rawkey0 >> 25] 393 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] 394 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] 395 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] 396 | key_perm_maskl[4][rawkey1 >> 25] 397 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] 398 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] 399 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; 400 k1 = key_perm_maskr[0][rawkey0 >> 25] 401 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] 402 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] 403 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] 404 | key_perm_maskr[4][rawkey1 >> 25] 405 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] 406 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] 407 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; 408 /* 409 * Rotate subkeys and do compression permutation. 410 */ 411 shifts = 0; 412 for (round = 0; round < 16; round++) { 413 u_int32_t t0, t1; 414 415 shifts += key_shifts[round]; 416 417 t0 = (k0 << shifts) | (k0 >> (28 - shifts)); 418 t1 = (k1 << shifts) | (k1 >> (28 - shifts)); 419 420 de_keysl[15 - round] = 421 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] 422 | comp_maskl[1][(t0 >> 14) & 0x7f] 423 | comp_maskl[2][(t0 >> 7) & 0x7f] 424 | comp_maskl[3][t0 & 0x7f] 425 | comp_maskl[4][(t1 >> 21) & 0x7f] 426 | comp_maskl[5][(t1 >> 14) & 0x7f] 427 | comp_maskl[6][(t1 >> 7) & 0x7f] 428 | comp_maskl[7][t1 & 0x7f]; 429 430 de_keysr[15 - round] = 431 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] 432 | comp_maskr[1][(t0 >> 14) & 0x7f] 433 | comp_maskr[2][(t0 >> 7) & 0x7f] 434 | comp_maskr[3][t0 & 0x7f] 435 | comp_maskr[4][(t1 >> 21) & 0x7f] 436 | comp_maskr[5][(t1 >> 14) & 0x7f] 437 | comp_maskr[6][(t1 >> 7) & 0x7f] 438 | comp_maskr[7][t1 & 0x7f]; 439 } 440 return(0); 441 } 442 443 static int 444 do_des(l_in, r_in, l_out, r_out, count) 445 u_int32_t l_in, r_in, *l_out, *r_out; 446 int count; 447 { 448 /* 449 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. 450 */ 451 u_int32_t l, r, *kl, *kr, *kl1, *kr1; 452 u_int32_t f, r48l, r48r; 453 int round; 454 455 if (count == 0) { 456 return(1); 457 } else if (count > 0) { 458 /* 459 * Encrypting 460 */ 461 kl1 = en_keysl; 462 kr1 = en_keysr; 463 } else { 464 /* 465 * Decrypting 466 */ 467 count = -count; 468 kl1 = de_keysl; 469 kr1 = de_keysr; 470 } 471 472 /* 473 * Do initial permutation (IP). 474 */ 475 l = ip_maskl[0][l_in >> 24] 476 | ip_maskl[1][(l_in >> 16) & 0xff] 477 | ip_maskl[2][(l_in >> 8) & 0xff] 478 | ip_maskl[3][l_in & 0xff] 479 | ip_maskl[4][r_in >> 24] 480 | ip_maskl[5][(r_in >> 16) & 0xff] 481 | ip_maskl[6][(r_in >> 8) & 0xff] 482 | ip_maskl[7][r_in & 0xff]; 483 r = ip_maskr[0][l_in >> 24] 484 | ip_maskr[1][(l_in >> 16) & 0xff] 485 | ip_maskr[2][(l_in >> 8) & 0xff] 486 | ip_maskr[3][l_in & 0xff] 487 | ip_maskr[4][r_in >> 24] 488 | ip_maskr[5][(r_in >> 16) & 0xff] 489 | ip_maskr[6][(r_in >> 8) & 0xff] 490 | ip_maskr[7][r_in & 0xff]; 491 492 while (count--) { 493 /* 494 * Do each round. 495 */ 496 kl = kl1; 497 kr = kr1; 498 round = 16; 499 while (round--) { 500 /* 501 * Expand R to 48 bits (simulate the E-box). 502 */ 503 r48l = ((r & 0x00000001) << 23) 504 | ((r & 0xf8000000) >> 9) 505 | ((r & 0x1f800000) >> 11) 506 | ((r & 0x01f80000) >> 13) 507 | ((r & 0x001f8000) >> 15); 508 509 r48r = ((r & 0x0001f800) << 7) 510 | ((r & 0x00001f80) << 5) 511 | ((r & 0x000001f8) << 3) 512 | ((r & 0x0000001f) << 1) 513 | ((r & 0x80000000) >> 31); 514 /* 515 * Do salting for crypt() and friends, and 516 * XOR with the permuted key. 517 */ 518 f = (r48l ^ r48r) & saltbits; 519 r48l ^= f ^ *kl++; 520 r48r ^= f ^ *kr++; 521 /* 522 * Do sbox lookups (which shrink it back to 32 bits) 523 * and do the pbox permutation at the same time. 524 */ 525 f = psbox[0][m_sbox[0][r48l >> 12]] 526 | psbox[1][m_sbox[1][r48l & 0xfff]] 527 | psbox[2][m_sbox[2][r48r >> 12]] 528 | psbox[3][m_sbox[3][r48r & 0xfff]]; 529 /* 530 * Now that we've permuted things, complete f(). 531 */ 532 f ^= l; 533 l = r; 534 r = f; 535 } 536 r = l; 537 l = f; 538 } 539 /* 540 * Do final permutation (inverse of IP). 541 */ 542 *l_out = fp_maskl[0][l >> 24] 543 | fp_maskl[1][(l >> 16) & 0xff] 544 | fp_maskl[2][(l >> 8) & 0xff] 545 | fp_maskl[3][l & 0xff] 546 | fp_maskl[4][r >> 24] 547 | fp_maskl[5][(r >> 16) & 0xff] 548 | fp_maskl[6][(r >> 8) & 0xff] 549 | fp_maskl[7][r & 0xff]; 550 *r_out = fp_maskr[0][l >> 24] 551 | fp_maskr[1][(l >> 16) & 0xff] 552 | fp_maskr[2][(l >> 8) & 0xff] 553 | fp_maskr[3][l & 0xff] 554 | fp_maskr[4][r >> 24] 555 | fp_maskr[5][(r >> 16) & 0xff] 556 | fp_maskr[6][(r >> 8) & 0xff] 557 | fp_maskr[7][r & 0xff]; 558 return(0); 559 } 560 561 static int 562 des_cipher(in, out, salt, count) 563 const char *in; 564 char *out; 565 int32_t salt; 566 int count; 567 { 568 u_int32_t l_out, r_out, rawl, rawr; 569 u_int32_t x[2]; 570 int retval; 571 572 if (!des_initialised) 573 des_init(); 574 575 setup_salt(salt); 576 577 memcpy(x, in, sizeof x); 578 rawl = ntohl(x[0]); 579 rawr = ntohl(x[1]); 580 retval = do_des(rawl, rawr, &l_out, &r_out, count); 581 582 x[0] = htonl(l_out); 583 x[1] = htonl(r_out); 584 memcpy(out, x, sizeof x); 585 return(retval); 586 } 587 588 char * 589 crypt(key, setting) 590 const char *key; 591 const char *setting; 592 { 593 int i; 594 u_int32_t count, salt, l, r0, r1, keybuf[2]; 595 u_char *p, *q; 596 static u_char output[21]; 597 extern char *md5crypt __P((const char *, const char *)); 598 extern char *bcrypt __P((const char *, const char *)); 599 600 if (setting[0] == '$') { 601 switch (setting[1]) { 602 case '1': 603 return (md5crypt(key, setting)); 604 default: 605 return bcrypt(key, setting); 606 } 607 } 608 609 if (!des_initialised) 610 des_init(); 611 612 /* 613 * Copy the key, shifting each character up by one bit 614 * and padding with zeros. 615 */ 616 q = (u_char *) keybuf; 617 while ((q - (u_char *) keybuf) < sizeof(keybuf)) { 618 if ((*q++ = *key << 1)) 619 key++; 620 } 621 if (des_setkey((u_char *) keybuf)) 622 return(NULL); 623 624 if (*setting == _PASSWORD_EFMT1) { 625 /* 626 * "new"-style: 627 * setting - underscore, 4 bytes of count, 4 bytes of salt 628 * key - unlimited characters 629 */ 630 for (i = 1, count = 0; i < 5; i++) 631 count |= ascii_to_bin(setting[i]) << (i - 1) * 6; 632 633 for (i = 5, salt = 0; i < 9; i++) 634 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; 635 636 while (*key) { 637 /* 638 * Encrypt the key with itself. 639 */ 640 if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0, 1)) 641 return(NULL); 642 /* 643 * And XOR with the next 8 characters of the key. 644 */ 645 q = (u_char *) keybuf; 646 while (((q - (u_char *) keybuf) < sizeof(keybuf)) && 647 *key) 648 *q++ ^= *key++ << 1; 649 650 if (des_setkey((u_char *) keybuf)) 651 return(NULL); 652 } 653 strlcpy((char *)output, setting, 10); 654 655 /* 656 * Double check that we weren't given a short setting. 657 * If we were, the above code will probably have created 658 * wierd values for count and salt, but we don't really care. 659 * Just make sure the output string doesn't have an extra 660 * NUL in it. 661 */ 662 p = output + strlen((const char *)output); 663 } else { 664 /* 665 * "old"-style: 666 * setting - 2 bytes of salt 667 * key - up to 8 characters 668 */ 669 count = 25; 670 671 salt = (ascii_to_bin(setting[1]) << 6) 672 | ascii_to_bin(setting[0]); 673 674 output[0] = setting[0]; 675 /* 676 * If the encrypted password that the salt was extracted from 677 * is only 1 character long, the salt will be corrupted. We 678 * need to ensure that the output string doesn't have an extra 679 * NUL in it! 680 */ 681 output[1] = setting[1] ? setting[1] : output[0]; 682 683 p = output + 2; 684 } 685 setup_salt(salt); 686 /* 687 * Do it. 688 */ 689 if (do_des(0, 0, &r0, &r1, count)) 690 return(NULL); 691 /* 692 * Now encode the result... 693 */ 694 l = (r0 >> 8); 695 *p++ = ascii64[(l >> 18) & 0x3f]; 696 *p++ = ascii64[(l >> 12) & 0x3f]; 697 *p++ = ascii64[(l >> 6) & 0x3f]; 698 *p++ = ascii64[l & 0x3f]; 699 700 l = (r0 << 16) | ((r1 >> 16) & 0xffff); 701 *p++ = ascii64[(l >> 18) & 0x3f]; 702 *p++ = ascii64[(l >> 12) & 0x3f]; 703 *p++ = ascii64[(l >> 6) & 0x3f]; 704 *p++ = ascii64[l & 0x3f]; 705 706 l = r1 << 2; 707 *p++ = ascii64[(l >> 12) & 0x3f]; 708 *p++ = ascii64[(l >> 6) & 0x3f]; 709 *p++ = ascii64[l & 0x3f]; 710 *p = 0; 711 712 return((char *)output); 713 } 714