initial import
[ICEs.git] / not-unused / des.c.0
1 /*
2 * FreeSec: libcrypt for NetBSD
3 *
4 * Copyright (c) 1994 David Burren
5 * All rights reserved.
6 *
7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8 * this file should now *only* export crypt(), in order to make
9 * binaries of libcrypt exportable from the USA
10 *
11 * Adapted for FreeBSD-4.0 by Mark R V Murray
12 * this file should now *only* export crypt_des(), in order to make
13 * a module that can be optionally included in libcrypt.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. Neither the name of the author nor the names of other contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 *
39 * This is an original implementation of the DES and the crypt(3) interfaces
40 * by David Burren <davidb@werj.com.au>.
41 *
42 * An excellent reference on the underlying algorithm (and related
43 * algorithms) is:
44 *
45 * B. Schneier, Applied Cryptography: protocols, algorithms,
46 * and source code in C, John Wiley & Sons, 1994.
47 *
48 * Note that in that book's description of DES the lookups for the initial,
49 * pbox, and final permutations are inverted (this has been brought to the
50 * attention of the author). A list of errata for this book has been
51 * posted to the sci.crypt newsgroup by the author and is available for FTP.
52 *
53 * ARCHITECTURE ASSUMPTIONS:
54 * It is assumed that the 8-byte arrays passed by reference can be
55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about
56 * alignment).
57 */
58
59 #define __FORCE_GLIBC
60 #include <sys/cdefs.h>
61 #include <sys/types.h>
62 #include <sys/param.h>
63 #include <netinet/in.h>
64 #include <pwd.h>
65 #include <string.h>
66 #include <crypt.h>
67
68 /* prototypes for internal crypt functions
69 *
70 * Copyright (C) 2000-2006 by Erik Andersen <andersen@uclibc.org>
71 *
72 * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
73 */
74
75 #ifndef __LIBCRYPT_H__
76 #define __LIBCRYPT_H__
77
78 extern char *__md5_crypt(const unsigned char *pw, const unsigned char *salt);
79 extern char *__des_crypt(const unsigned char *pw, const unsigned char *salt);
80
81 /* shut up gcc-4.x signed warnings */
82 #define strcpy(dst,src) strcpy((char*)dst,(char*)src)
83 #define strlen(s) strlen((char*)s)
84 #define strncat(dst,src,n) strncat((char*)dst,(char*)src,n)
85 #define strncmp(s1,s2,n) strncmp((char*)s1,(char*)s2,n)
86
87 #endif
88
89 /* Re-entrantify me -- all this junk needs to be in
90 * struct crypt_data to make this really reentrant... */
91 static u_char inv_key_perm[64];
92 static u_char inv_comp_perm[56];
93 static u_char u_sbox[8][64];
94 static u_char un_pbox[32];
95 static u_int32_t en_keysl[16], en_keysr[16];
96 static u_int32_t de_keysl[16], de_keysr[16];
97 static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
98 static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
99 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
100 static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
101 static u_int32_t saltbits;
102 static u_int32_t old_salt;
103 static u_int32_t old_rawkey0, old_rawkey1;
104
105
106 /* Static stuff that stays resident and doesn't change after
107 * being initialized, and therefore doesn't need to be made
108 * reentrant. */
109 static u_char init_perm[64], final_perm[64];
110 static u_char m_sbox[4][4096];
111 static u_int32_t psbox[4][256];
112
113
114
115
116 /* A pile of data */
117 static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
118
119 static const u_char IP[64] = {
120 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
121 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
122 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
123 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
124 };
125
126 static const u_char key_perm[56] = {
127 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
128 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
129 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
130 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
131 };
132
133 static const u_char key_shifts[16] = {
134 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
135 };
136
137 static const u_char comp_perm[48] = {
138 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
139 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
140 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
141 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
142 };
143
144 /*
145 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
146 */
147
148 static const u_char sbox[8][64] = {
149 {
150 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
151 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
152 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
153 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
154 },
155 {
156 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
157 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
158 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
159 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
160 },
161 {
162 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
163 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
164 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
165 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
166 },
167 {
168 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
169 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
170 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
171 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
172 },
173 {
174 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
175 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
176 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
177 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
178 },
179 {
180 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
181 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
182 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
183 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
184 },
185 {
186 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
187 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
188 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
189 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
190 },
191 {
192 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
193 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
194 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
195 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
196 }
197 };
198
199 static const u_char pbox[32] = {
200 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
201 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
202 };
203
204 static const u_int32_t bits32[32] =
205 {
206 0x80000000, 0x40000000, 0x20000000, 0x10000000,
207 0x08000000, 0x04000000, 0x02000000, 0x01000000,
208 0x00800000, 0x00400000, 0x00200000, 0x00100000,
209 0x00080000, 0x00040000, 0x00020000, 0x00010000,
210 0x00008000, 0x00004000, 0x00002000, 0x00001000,
211 0x00000800, 0x00000400, 0x00000200, 0x00000100,
212 0x00000080, 0x00000040, 0x00000020, 0x00000010,
213 0x00000008, 0x00000004, 0x00000002, 0x00000001
214 };
215
216 static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
217 static const u_int32_t *bits28, *bits24;
218
219
220 static int
221 ascii_to_bin(char ch)
222 {
223 if (ch > 'z')
224 return(0);
225 if (ch >= 'a')
226 return(ch - 'a' + 38);
227 if (ch > 'Z')
228 return(0);
229 if (ch >= 'A')
230 return(ch - 'A' + 12);
231 if (ch > '9')
232 return(0);
233 if (ch >= '.')
234 return(ch - '.');
235 return(0);
236 }
237
238 static void
239 des_init(void)
240 {
241 int i, j, b, k, inbit, obit;
242 u_int32_t *p, *il, *ir, *fl, *fr;
243 static int des_initialised = 0;
244
245 if (des_initialised==1)
246 return;
247
248 old_rawkey0 = old_rawkey1 = 0L;
249 saltbits = 0L;
250 old_salt = 0L;
251 bits24 = (bits28 = bits32 + 4) + 4;
252
253 /*
254 * Invert the S-boxes, reordering the input bits.
255 */
256 for (i = 0; i < 8; i++)
257 for (j = 0; j < 64; j++) {
258 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
259 u_sbox[i][j] = sbox[i][b];
260 }
261
262 /*
263 * Convert the inverted S-boxes into 4 arrays of 8 bits.
264 * Each will handle 12 bits of the S-box input.
265 */
266 for (b = 0; b < 4; b++)
267 for (i = 0; i < 64; i++)
268 for (j = 0; j < 64; j++)
269 m_sbox[b][(i << 6) | j] =
270 (u_char)((u_sbox[(b << 1)][i] << 4) |
271 u_sbox[(b << 1) + 1][j]);
272
273 /*
274 * Set up the initial & final permutations into a useful form, and
275 * initialise the inverted key permutation.
276 */
277 for (i = 0; i < 64; i++) {
278 init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
279 inv_key_perm[i] = 255;
280 }
281
282 /*
283 * Invert the key permutation and initialise the inverted key
284 * compression permutation.
285 */
286 for (i = 0; i < 56; i++) {
287 inv_key_perm[key_perm[i] - 1] = (u_char)i;
288 inv_comp_perm[i] = 255;
289 }
290
291 /*
292 * Invert the key compression permutation.
293 */
294 for (i = 0; i < 48; i++) {
295 inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
296 }
297
298 /*
299 * Set up the OR-mask arrays for the initial and final permutations,
300 * and for the key initial and compression permutations.
301 */
302 for (k = 0; k < 8; k++) {
303 for (i = 0; i < 256; i++) {
304 *(il = &ip_maskl[k][i]) = 0L;
305 *(ir = &ip_maskr[k][i]) = 0L;
306 *(fl = &fp_maskl[k][i]) = 0L;
307 *(fr = &fp_maskr[k][i]) = 0L;
308 for (j = 0; j < 8; j++) {
309 inbit = 8 * k + j;
310 if (i & bits8[j]) {
311 if ((obit = init_perm[inbit]) < 32)
312 *il |= bits32[obit];
313 else
314 *ir |= bits32[obit-32];
315 if ((obit = final_perm[inbit]) < 32)
316 *fl |= bits32[obit];
317 else
318 *fr |= bits32[obit - 32];
319 }
320 }
321 }
322 for (i = 0; i < 128; i++) {
323 *(il = &key_perm_maskl[k][i]) = 0L;
324 *(ir = &key_perm_maskr[k][i]) = 0L;
325 for (j = 0; j < 7; j++) {
326 inbit = 8 * k + j;
327 if (i & bits8[j + 1]) {
328 if ((obit = inv_key_perm[inbit]) == 255)
329 continue;
330 if (obit < 28)
331 *il |= bits28[obit];
332 else
333 *ir |= bits28[obit - 28];
334 }
335 }
336 *(il = &comp_maskl[k][i]) = 0L;
337 *(ir = &comp_maskr[k][i]) = 0L;
338 for (j = 0; j < 7; j++) {
339 inbit = 7 * k + j;
340 if (i & bits8[j + 1]) {
341 if ((obit=inv_comp_perm[inbit]) == 255)
342 continue;
343 if (obit < 24)
344 *il |= bits24[obit];
345 else
346 *ir |= bits24[obit - 24];
347 }
348 }
349 }
350 }
351
352 /*
353 * Invert the P-box permutation, and convert into OR-masks for
354 * handling the output of the S-box arrays setup above.
355 */
356 for (i = 0; i < 32; i++)
357 un_pbox[pbox[i] - 1] = (u_char)i;
358
359 for (b = 0; b < 4; b++)
360 for (i = 0; i < 256; i++) {
361 *(p = &psbox[b][i]) = 0L;
362 for (j = 0; j < 8; j++) {
363 if (i & bits8[j])
364 *p |= bits32[un_pbox[8 * b + j]];
365 }
366 }
367
368 des_initialised = 1;
369 }
370
371
372 static void
373 setup_salt(u_int32_t salt)
374 {
375 u_int32_t obit, saltbit;
376 int i;
377
378 if (salt == old_salt)
379 return;
380 old_salt = salt;
381
382 saltbits = 0L;
383 saltbit = 1;
384 obit = 0x800000;
385 for (i = 0; i < 24; i++) {
386 if (salt & saltbit)
387 saltbits |= obit;
388 saltbit <<= 1;
389 obit >>= 1;
390 }
391 }
392
393
394 static int
395 des_setkey(const char *key)
396 {
397 u_int32_t k0, k1, rawkey0, rawkey1;
398 int shifts, round;
399
400 des_init();
401
402 rawkey0 = ntohl(*(const u_int32_t *) key);
403 rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
404
405 if ((rawkey0 | rawkey1)
406 && rawkey0 == old_rawkey0
407 && rawkey1 == old_rawkey1) {
408 /*
409 * Already setup for this key.
410 * This optimisation fails on a zero key (which is weak and
411 * has bad parity anyway) in order to simplify the starting
412 * conditions.
413 */
414 return(0);
415 }
416 old_rawkey0 = rawkey0;
417 old_rawkey1 = rawkey1;
418
419 /*
420 * Do key permutation and split into two 28-bit subkeys.
421 */
422 k0 = key_perm_maskl[0][rawkey0 >> 25]
423 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
424 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
425 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
426 | key_perm_maskl[4][rawkey1 >> 25]
427 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
428 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
429 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
430 k1 = key_perm_maskr[0][rawkey0 >> 25]
431 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
432 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
433 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
434 | key_perm_maskr[4][rawkey1 >> 25]
435 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
436 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
437 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
438 /*
439 * Rotate subkeys and do compression permutation.
440 */
441 shifts = 0;
442 for (round = 0; round < 16; round++) {
443 u_int32_t t0, t1;
444
445 shifts += key_shifts[round];
446
447 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
448 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
449
450 de_keysl[15 - round] =
451 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
452 | comp_maskl[1][(t0 >> 14) & 0x7f]
453 | comp_maskl[2][(t0 >> 7) & 0x7f]
454 | comp_maskl[3][t0 & 0x7f]
455 | comp_maskl[4][(t1 >> 21) & 0x7f]
456 | comp_maskl[5][(t1 >> 14) & 0x7f]
457 | comp_maskl[6][(t1 >> 7) & 0x7f]
458 | comp_maskl[7][t1 & 0x7f];
459
460 de_keysr[15 - round] =
461 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
462 | comp_maskr[1][(t0 >> 14) & 0x7f]
463 | comp_maskr[2][(t0 >> 7) & 0x7f]
464 | comp_maskr[3][t0 & 0x7f]
465 | comp_maskr[4][(t1 >> 21) & 0x7f]
466 | comp_maskr[5][(t1 >> 14) & 0x7f]
467 | comp_maskr[6][(t1 >> 7) & 0x7f]
468 | comp_maskr[7][t1 & 0x7f];
469 }
470 return(0);
471 }
472
473
474 static int
475 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
476 {
477 /*
478 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
479 */
480 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
481 u_int32_t f, r48l, r48r;
482 int round;
483
484 if (count == 0) {
485 return(1);
486 } else if (count > 0) {
487 /*
488 * Encrypting
489 */
490 kl1 = en_keysl;
491 kr1 = en_keysr;
492 } else {
493 /*
494 * Decrypting
495 */
496 count = -count;
497 kl1 = de_keysl;
498 kr1 = de_keysr;
499 }
500
501 /*
502 * Do initial permutation (IP).
503 */
504 l = ip_maskl[0][l_in >> 24]
505 | ip_maskl[1][(l_in >> 16) & 0xff]
506 | ip_maskl[2][(l_in >> 8) & 0xff]
507 | ip_maskl[3][l_in & 0xff]
508 | ip_maskl[4][r_in >> 24]
509 | ip_maskl[5][(r_in >> 16) & 0xff]
510 | ip_maskl[6][(r_in >> 8) & 0xff]
511 | ip_maskl[7][r_in & 0xff];
512 r = ip_maskr[0][l_in >> 24]
513 | ip_maskr[1][(l_in >> 16) & 0xff]
514 | ip_maskr[2][(l_in >> 8) & 0xff]
515 | ip_maskr[3][l_in & 0xff]
516 | ip_maskr[4][r_in >> 24]
517 | ip_maskr[5][(r_in >> 16) & 0xff]
518 | ip_maskr[6][(r_in >> 8) & 0xff]
519 | ip_maskr[7][r_in & 0xff];
520
521 while (count--) {
522 /*
523 * Do each round.
524 */
525 kl = kl1;
526 kr = kr1;
527 round = 16;
528 while (round--) {
529 /*
530 * Expand R to 48 bits (simulate the E-box).
531 */
532 r48l = ((r & 0x00000001) << 23)
533 | ((r & 0xf8000000) >> 9)
534 | ((r & 0x1f800000) >> 11)
535 | ((r & 0x01f80000) >> 13)
536 | ((r & 0x001f8000) >> 15);
537
538 r48r = ((r & 0x0001f800) << 7)
539 | ((r & 0x00001f80) << 5)
540 | ((r & 0x000001f8) << 3)
541 | ((r & 0x0000001f) << 1)
542 | ((r & 0x80000000) >> 31);
543 /*
544 * Do salting for crypt() and friends, and
545 * XOR with the permuted key.
546 */
547 f = (r48l ^ r48r) & saltbits;
548 r48l ^= f ^ *kl++;
549 r48r ^= f ^ *kr++;
550 /*
551 * Do sbox lookups (which shrink it back to 32 bits)
552 * and do the pbox permutation at the same time.
553 */
554 f = psbox[0][m_sbox[0][r48l >> 12]]
555 | psbox[1][m_sbox[1][r48l & 0xfff]]
556 | psbox[2][m_sbox[2][r48r >> 12]]
557 | psbox[3][m_sbox[3][r48r & 0xfff]];
558 /*
559 * Now that we've permuted things, complete f().
560 */
561 f ^= l;
562 l = r;
563 r = f;
564 }
565 r = l;
566 l = f;
567 }
568 /*
569 * Do final permutation (inverse of IP).
570 */
571 *l_out = fp_maskl[0][l >> 24]
572 | fp_maskl[1][(l >> 16) & 0xff]
573 | fp_maskl[2][(l >> 8) & 0xff]
574 | fp_maskl[3][l & 0xff]
575 | fp_maskl[4][r >> 24]
576 | fp_maskl[5][(r >> 16) & 0xff]
577 | fp_maskl[6][(r >> 8) & 0xff]
578 | fp_maskl[7][r & 0xff];
579 *r_out = fp_maskr[0][l >> 24]
580 | fp_maskr[1][(l >> 16) & 0xff]
581 | fp_maskr[2][(l >> 8) & 0xff]
582 | fp_maskr[3][l & 0xff]
583 | fp_maskr[4][r >> 24]
584 | fp_maskr[5][(r >> 16) & 0xff]
585 | fp_maskr[6][(r >> 8) & 0xff]
586 | fp_maskr[7][r & 0xff];
587 return(0);
588 }
589
590
591 #if 0
592 static int
593 des_cipher(const char *in, char *out, u_int32_t salt, int count)
594 {
595 u_int32_t l_out, r_out, rawl, rawr;
596 int retval;
597 union {
598 u_int32_t *ui32;
599 const char *c;
600 } trans;
601
602 des_init();
603
604 setup_salt(salt);
605
606 trans.c = in;
607 rawl = ntohl(*trans.ui32++);
608 rawr = ntohl(*trans.ui32);
609
610 retval = do_des(rawl, rawr, &l_out, &r_out, count);
611
612 trans.c = out;
613 *trans.ui32++ = htonl(l_out);
614 *trans.ui32 = htonl(r_out);
615 return(retval);
616 }
617 #endif
618
619
620 void
621 setkey(const char *key)
622 {
623 int i, j;
624 u_int32_t packed_keys[2];
625 u_char *p;
626
627 p = (u_char *) packed_keys;
628
629 for (i = 0; i < 8; i++) {
630 p[i] = 0;
631 for (j = 0; j < 8; j++)
632 if (*key++ & 1)
633 p[i] |= bits8[j];
634 }
635 des_setkey((char *)p);
636 }
637
638
639 void
640 encrypt(char *block, int flag)
641 {
642 u_int32_t io[2];
643 u_char *p;
644 int i, j;
645
646 des_init();
647
648 setup_salt(0L);
649 p = (u_char*)block;
650 for (i = 0; i < 2; i++) {
651 io[i] = 0L;
652 for (j = 0; j < 32; j++)
653 if (*p++ & 1)
654 io[i] |= bits32[j];
655 }
656 do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
657 for (i = 0; i < 2; i++)
658 for (j = 0; j < 32; j++)
659 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
660 }
661
662 char *__des_crypt(const unsigned char *key, const unsigned char *setting)
663 {
664 u_int32_t count, salt, l, r0, r1, keybuf[2];
665 u_char *p, *q;
666 static char output[21];
667
668 des_init();
669
670 /*
671 * Copy the key, shifting each character up by one bit
672 * and padding with zeros.
673 */
674 q = (u_char *)keybuf;
675 while (q - (u_char *)keybuf - 8) {
676 *q++ = *key << 1;
677 if (*(q - 1))
678 key++;
679 }
680 if (des_setkey((char *)keybuf))
681 return(NULL);
682
683 #if 0
684 if (*setting == _PASSWORD_EFMT1) {
685 int i;
686 /*
687 * "new"-style:
688 * setting - underscore, 4 bytes of count, 4 bytes of salt
689 * key - unlimited characters
690 */
691 for (i = 1, count = 0L; i < 5; i++)
692 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
693
694 for (i = 5, salt = 0L; i < 9; i++)
695 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
696
697 while (*key) {
698 /*
699 * Encrypt the key with itself.
700 */
701 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
702 return(NULL);
703 /*
704 * And XOR with the next 8 characters of the key.
705 */
706 q = (u_char *)keybuf;
707 while (q - (u_char *)keybuf - 8 && *key)
708 *q++ ^= *key++ << 1;
709
710 if (des_setkey((char *)keybuf))
711 return(NULL);
712 }
713 strncpy(output, setting, 9);
714
715 /*
716 * Double check that we weren't given a short setting.
717 * If we were, the above code will probably have created
718 * wierd values for count and salt, but we don't really care.
719 * Just make sure the output string doesn't have an extra
720 * NUL in it.
721 */
722 output[9] = '\0';
723 p = (u_char *)output + strlen(output);
724 } else
725 #endif
726 {
727 /*
728 * "old"-style:
729 * setting - 2 bytes of salt
730 * key - up to 8 characters
731 */
732 count = 25;
733
734 salt = (ascii_to_bin(setting[1]) << 6)
735 | ascii_to_bin(setting[0]);
736
737 output[0] = setting[0];
738 /*
739 * If the encrypted password that the salt was extracted from
740 * is only 1 character long, the salt will be corrupted. We
741 * need to ensure that the output string doesn't have an extra
742 * NUL in it!
743 */
744 output[1] = setting[1] ? setting[1] : output[0];
745
746 p = (u_char *)output + 2;
747 }
748 setup_salt(salt);
749 /*
750 * Do it.
751 */
752 if (do_des(0L, 0L, &r0, &r1, (int)count))
753 return(NULL);
754 /*
755 * Now encode the result...
756 */
757 l = (r0 >> 8);
758 *p++ = ascii64[(l >> 18) & 0x3f];
759 *p++ = ascii64[(l >> 12) & 0x3f];
760 *p++ = ascii64[(l >> 6) & 0x3f];
761 *p++ = ascii64[l & 0x3f];
762
763 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
764 *p++ = ascii64[(l >> 18) & 0x3f];
765 *p++ = ascii64[(l >> 12) & 0x3f];
766 *p++ = ascii64[(l >> 6) & 0x3f];
767 *p++ = ascii64[l & 0x3f];
768
769 l = r1 << 2;
770 *p++ = ascii64[(l >> 12) & 0x3f];
771 *p++ = ascii64[(l >> 6) & 0x3f];
772 *p++ = ascii64[l & 0x3f];
773 *p = 0;
774
775 return(output);
776 }
777