xref: /original-bsd/lib/libc/gen/crypt.c (revision 2e5c0888) 
1 #if defined(LIBC_SCCS) && !defined(lint)
2 static char sccsid[] = "@(#)crypt.c	5.3 (Berkeley) 05/11/90";
3 #endif LIBC_SCCS and not lint
4 
5 /*
6  * This program implements the
7  * Proposed Federal Information Processing
8  *  Data Encryption Standard.
9  * See Federal Register, March 17, 1975 (40FR12134)
10  */
11 
12 /*
13  * Initial permutation,
14  */
15 static	char	IP[] = {
16 	58,50,42,34,26,18,10, 2,
17 	60,52,44,36,28,20,12, 4,
18 	62,54,46,38,30,22,14, 6,
19 	64,56,48,40,32,24,16, 8,
20 	57,49,41,33,25,17, 9, 1,
21 	59,51,43,35,27,19,11, 3,
22 	61,53,45,37,29,21,13, 5,
23 	63,55,47,39,31,23,15, 7,
24 };
25 
26 /*
27  * Final permutation, FP = IP^(-1)
28  */
29 static	char	FP[] = {
30 	40, 8,48,16,56,24,64,32,
31 	39, 7,47,15,55,23,63,31,
32 	38, 6,46,14,54,22,62,30,
33 	37, 5,45,13,53,21,61,29,
34 	36, 4,44,12,52,20,60,28,
35 	35, 3,43,11,51,19,59,27,
36 	34, 2,42,10,50,18,58,26,
37 	33, 1,41, 9,49,17,57,25,
38 };
39 
40 /*
41  * Permuted-choice 1 from the key bits
42  * to yield C and D.
43  * Note that bits 8,16... are left out:
44  * They are intended for a parity check.
45  */
46 static	char	PC1_C[] = {
47 	57,49,41,33,25,17, 9,
48 	 1,58,50,42,34,26,18,
49 	10, 2,59,51,43,35,27,
50 	19,11, 3,60,52,44,36,
51 };
52 
53 static	char	PC1_D[] = {
54 	63,55,47,39,31,23,15,
55 	 7,62,54,46,38,30,22,
56 	14, 6,61,53,45,37,29,
57 	21,13, 5,28,20,12, 4,
58 };
59 
60 /*
61  * Sequence of shifts used for the key schedule.
62 */
63 static	char	shifts[] = {
64 	1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
65 };
66 
67 /*
68  * Permuted-choice 2, to pick out the bits from
69  * the CD array that generate the key schedule.
70  */
71 static	char	PC2_C[] = {
72 	14,17,11,24, 1, 5,
73 	 3,28,15, 6,21,10,
74 	23,19,12, 4,26, 8,
75 	16, 7,27,20,13, 2,
76 };
77 
78 static	char	PC2_D[] = {
79 	41,52,31,37,47,55,
80 	30,40,51,45,33,48,
81 	44,49,39,56,34,53,
82 	46,42,50,36,29,32,
83 };
84 
85 /*
86  * The C and D arrays used to calculate the key schedule.
87  */
88 
89 static	char	C[28];
90 static	char	D[28];
91 /*
92  * The key schedule.
93  * Generated from the key.
94  */
95 static	char	KS[16][48];
96 
97 /*
98  * The E bit-selection table.
99  */
100 static	char	E[48];
101 static	char	e[] = {
102 	32, 1, 2, 3, 4, 5,
103 	 4, 5, 6, 7, 8, 9,
104 	 8, 9,10,11,12,13,
105 	12,13,14,15,16,17,
106 	16,17,18,19,20,21,
107 	20,21,22,23,24,25,
108 	24,25,26,27,28,29,
109 	28,29,30,31,32, 1,
110 };
111 
112 /*
113  * Set up the key schedule from the key.
114  */
115 
116 setkey(key)
117 char *key;
118 {
119 	register i, j, k;
120 	int t;
121 
122 	/*
123 	 * First, generate C and D by permuting
124 	 * the key.  The low order bit of each
125 	 * 8-bit char is not used, so C and D are only 28
126 	 * bits apiece.
127 	 */
128 	for (i=0; i<28; i++) {
129 		C[i] = key[PC1_C[i]-1];
130 		D[i] = key[PC1_D[i]-1];
131 	}
132 	/*
133 	 * To generate Ki, rotate C and D according
134 	 * to schedule and pick up a permutation
135 	 * using PC2.
136 	 */
137 	for (i=0; i<16; i++) {
138 		/*
139 		 * rotate.
140 		 */
141 		for (k=0; k<shifts[i]; k++) {
142 			t = C[0];
143 			for (j=0; j<28-1; j++)
144 				C[j] = C[j+1];
145 			C[27] = t;
146 			t = D[0];
147 			for (j=0; j<28-1; j++)
148 				D[j] = D[j+1];
149 			D[27] = t;
150 		}
151 		/*
152 		 * get Ki. Note C and D are concatenated.
153 		 */
154 		for (j=0; j<24; j++) {
155 			KS[i][j] = C[PC2_C[j]-1];
156 			KS[i][j+24] = D[PC2_D[j]-28-1];
157 		}
158 	}
159 
160 	for(i=0;i<48;i++)
161 		E[i] = e[i];
162 }
163 
164 /*
165  * The 8 selection functions.
166  * For some reason, they give a 0-origin
167  * index, unlike everything else.
168  */
169 static	char	S[8][64] = {
170 	14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
171 	 0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
172 	 4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
173 	15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13,
174 
175 	15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
176 	 3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
177 	 0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
178 	13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9,
179 
180 	10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
181 	13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
182 	13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
183 	 1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12,
184 
185 	 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
186 	13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
187 	10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
188 	 3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14,
189 
190 	 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
191 	14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
192 	 4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
193 	11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3,
194 
195 	12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
196 	10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
197 	 9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
198 	 4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13,
199 
200 	 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
201 	13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
202 	 1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
203 	 6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12,
204 
205 	13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
206 	 1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
207 	 7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
208 	 2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11,
209 };
210 
211 /*
212  * P is a permutation on the selected combination
213  * of the current L and key.
214  */
215 static	char	P[] = {
216 	16, 7,20,21,
217 	29,12,28,17,
218 	 1,15,23,26,
219 	 5,18,31,10,
220 	 2, 8,24,14,
221 	32,27, 3, 9,
222 	19,13,30, 6,
223 	22,11, 4,25,
224 };
225 
226 /*
227  * The current block, divided into 2 halves.
228  */
229 static	char	L[64], *R = L+32;
230 static	char	tempL[32];
231 static	char	f[32];
232 
233 /*
234  * The combination of the key and the input, before selection.
235  */
236 static	char	preS[48];
237 
238 /*
239  * The payoff: encrypt a block.
240  */
241 
242 encrypt(block, edflag)
243 char *block;
244 {
245 	int i, ii;
246 	register t, j, k;
247 
248 	/*
249 	 * First, permute the bits in the input
250 	 */
251 	for (j=0; j<64; j++)
252 		L[j] = block[IP[j]-1];
253 	/*
254 	 * Perform an encryption operation 16 times.
255 	 */
256 	for (ii=0; ii<16; ii++) {
257 		/*
258 		 * Set direction
259 		 */
260 		if (edflag)
261 			i = 15-ii;
262 		else
263 			i = ii;
264 		/*
265 		 * Save the R array,
266 		 * which will be the new L.
267 		 */
268 		for (j=0; j<32; j++)
269 			tempL[j] = R[j];
270 		/*
271 		 * Expand R to 48 bits using the E selector;
272 		 * exclusive-or with the current key bits.
273 		 */
274 		for (j=0; j<48; j++)
275 			preS[j] = R[E[j]-1] ^ KS[i][j];
276 		/*
277 		 * The pre-select bits are now considered
278 		 * in 8 groups of 6 bits each.
279 		 * The 8 selection functions map these
280 		 * 6-bit quantities into 4-bit quantities
281 		 * and the results permuted
282 		 * to make an f(R, K).
283 		 * The indexing into the selection functions
284 		 * is peculiar; it could be simplified by
285 		 * rewriting the tables.
286 		 */
287 		for (j=0; j<8; j++) {
288 			t = 6*j;
289 			k = S[j][(preS[t+0]<<5)+
290 				(preS[t+1]<<3)+
291 				(preS[t+2]<<2)+
292 				(preS[t+3]<<1)+
293 				(preS[t+4]<<0)+
294 				(preS[t+5]<<4)];
295 			t = 4*j;
296 			f[t+0] = (k>>3)&01;
297 			f[t+1] = (k>>2)&01;
298 			f[t+2] = (k>>1)&01;
299 			f[t+3] = (k>>0)&01;
300 		}
301 		/*
302 		 * The new R is L ^ f(R, K).
303 		 * The f here has to be permuted first, though.
304 		 */
305 		for (j=0; j<32; j++)
306 			R[j] = L[j] ^ f[P[j]-1];
307 		/*
308 		 * Finally, the new L (the original R)
309 		 * is copied back.
310 		 */
311 		for (j=0; j<32; j++)
312 			L[j] = tempL[j];
313 	}
314 	/*
315 	 * The output L and R are reversed.
316 	 */
317 	for (j=0; j<32; j++) {
318 		t = L[j];
319 		L[j] = R[j];
320 		R[j] = t;
321 	}
322 	/*
323 	 * The final output
324 	 * gets the inverse permutation of the very original.
325 	 */
326 	for (j=0; j<64; j++)
327 		block[j] = L[FP[j]-1];
328 }
329 
330 char *
331 crypt(pw,salt)
332 char *pw;
333 char *salt;
334 {
335 	register i, j, c;
336 	int temp;
337 	static char block[66], iobuf[16];
338 
339 	for(i=0; i<66; i++)
340 		block[i] = 0;
341 	for(i=0; (c= *pw) && i<64; pw++){
342 		for(j=0; j<7; j++, i++)
343 			block[i] = (c>>(6-j)) & 01;
344 		i++;
345 	}
346 
347 	setkey(block);
348 
349 	for(i=0; i<66; i++)
350 		block[i] = 0;
351 
352 	for(i=0;i<2;i++){
353 		c = *salt++;
354 		iobuf[i] = c;
355 		if(c>'Z') c -= 6;
356 		if(c>'9') c -= 7;
357 		c -= '.';
358 		for(j=0;j<6;j++){
359 			if((c>>j) & 01){
360 				temp = E[6*i+j];
361 				E[6*i+j] = E[6*i+j+24];
362 				E[6*i+j+24] = temp;
363 				}
364 			}
365 		}
366 
367 	for(i=0; i<25; i++)
368 		encrypt(block,0);
369 
370 	for(i=0; i<11; i++){
371 		c = 0;
372 		for(j=0; j<6; j++){
373 			c <<= 1;
374 			c |= block[6*i+j];
375 			}
376 		c += '.';
377 		if(c>'9') c += 7;
378 		if(c>'Z') c += 6;
379 		iobuf[i+2] = c;
380 	}
381 	iobuf[i+2] = 0;
382 	if(iobuf[1]==0)
383 		iobuf[1] = iobuf[0];
384 	return(iobuf);
385 }
386