initial import
[ICEs.git] / not-unused / des.c
1 /*
2 * FreeSec: libcrypt for NetBSD
3 *
4 * Copyright (c) 1994 David Burren
5 * All rights reserved.
6 *
7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8 * this file should now *only* export crypt(), in order to make
9 * binaries of libcrypt exportable from the USA
10 *
11 * Adapted for FreeBSD-4.0 by Mark R V Murray
12 * this file should now *only* export crypt_des(), in order to make
13 * a module that can be optionally included in libcrypt.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. Neither the name of the author nor the names of other contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 *
39 * This is an original implementation of the DES and the crypt(3) interfaces
40 * by David Burren <davidb@werj.com.au>.
41 *
42 * An excellent reference on the underlying algorithm (and related
43 * algorithms) is:
44 *
45 * B. Schneier, Applied Cryptography: protocols, algorithms,
46 * and source code in C, John Wiley & Sons, 1994.
47 *
48 * Note that in that book's description of DES the lookups for the initial,
49 * pbox, and final permutations are inverted (this has been brought to the
50 * attention of the author). A list of errata for this book has been
51 * posted to the sci.crypt newsgroup by the author and is available for FTP.
52 *
53 * ARCHITECTURE ASSUMPTIONS:
54 * It is assumed that the 8-byte arrays passed by reference can be
55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about
56 * alignment).
57 */
58
59 #define __FORCE_GLIBC
60 #include <sys/cdefs.h>
61 #include <sys/types.h>
62 #include <sys/param.h>
63 #include <netinet/in.h>
64 #include <pwd.h>
65 #include <string.h>
66 #include <crypt.h>
67
68 /* prototypes for internal crypt functions
69 *
70 * Copyright (C) 2000-2006 by Erik Andersen <andersen@uclibc.org>
71 *
72 * Licensed under the LGPL v2.1, see the file COPYING.LIB in this tarball.
73 */
74
75 #ifndef __LIBCRYPT_H__
76 #define __LIBCRYPT_H__
77
78 extern char *__md5_crypt(const unsigned char *pw, const unsigned char *salt);
79 extern char *__des_crypt(const unsigned char *pw, const unsigned char *salt);
80
81 /* shut up gcc-4.x signed warnings */
82 #define strcpy(dst,src) strcpy((char*)dst,(char*)src)
83 #define strlen(s) strlen((char*)s)
84 #define strncat(dst,src,n) strncat((char*)dst,(char*)src,n)
85 #define strncmp(s1,s2,n) strncmp((char*)s1,(char*)s2,n)
86
87 #endif
88
89 /* Re-entrantify me -- all this junk needs to be in
90 * struct crypt_data to make this really reentrant... */
91 static u_char inv_key_perm[64];
92 static u_char inv_comp_perm[56];
93 static u_char u_sbox[8][64];
94 static u_char un_pbox[32];
95 static u_int32_t en_keysl[16], en_keysr[16];
96 static u_int32_t de_keysl[16], de_keysr[16];
97 static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
98 static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
99 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
100 static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
101 static u_int32_t saltbits;
102 static u_int32_t old_salt;
103 static u_int32_t old_rawkey0, old_rawkey1;
104
105 /* Static stuff that stays resident and doesn't change after
106 * being initialized, and therefore doesn't need to be made
107 * reentrant. */
108 static u_char init_perm[64], final_perm[64];
109 static u_char m_sbox[4][4096];
110 static u_int32_t psbox[4][256];
111
112 /* A pile of data */
113 static const u_char ascii64[] =
114 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
115
116 static const u_char IP[64] = {
117 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
118 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
119 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
120 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
121 };
122
123 static const u_char key_perm[56] = {
124 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
125 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
126 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
127 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
128 };
129
130 static const u_char key_shifts[16] = {
131 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
132 };
133
134 static const u_char comp_perm[48] = {
135 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
136 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
137 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
138 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
139 };
140
141 /*
142 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
143 */
144
145 static const u_char sbox[8][64] = {
146 {
147 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
148 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
149 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
150 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13},
151 {
152 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
153 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
154 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
155 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9},
156 {
157 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
158 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
159 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
160 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12},
161 {
162 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
163 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
164 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
165 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14},
166 {
167 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
168 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
169 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
170 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3},
171 {
172 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
173 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
174 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
175 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13},
176 {
177 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
178 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
179 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
180 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12},
181 {
182 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
183 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
184 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
185 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}
186 };
187
188 static const u_char pbox[32] = {
189 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
190 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
191 };
192
193 static const u_int32_t bits32[32] = {
194 0x80000000, 0x40000000, 0x20000000, 0x10000000,
195 0x08000000, 0x04000000, 0x02000000, 0x01000000,
196 0x00800000, 0x00400000, 0x00200000, 0x00100000,
197 0x00080000, 0x00040000, 0x00020000, 0x00010000,
198 0x00008000, 0x00004000, 0x00002000, 0x00001000,
199 0x00000800, 0x00000400, 0x00000200, 0x00000100,
200 0x00000080, 0x00000040, 0x00000020, 0x00000010,
201 0x00000008, 0x00000004, 0x00000002, 0x00000001
202 };
203
204 static const u_char bits8[8] =
205 { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
206 static const u_int32_t *bits28, *bits24;
207
208 static int ascii_to_bin(char ch)
209 {
210 if (ch > 'z')
211 return (0);
212 if (ch >= 'a')
213 return (ch - 'a' + 38);
214 if (ch > 'Z')
215 return (0);
216 if (ch >= 'A')
217 return (ch - 'A' + 12);
218 if (ch > '9')
219 return (0);
220 if (ch >= '.')
221 return (ch - '.');
222 return (0);
223 }
224
225 static void des_init(void)
226 {
227 int i, j, b, k, inbit, obit;
228 u_int32_t *p, *il, *ir, *fl, *fr;
229 static int des_initialised = 0;
230
231 if (des_initialised == 1)
232 return;
233
234 old_rawkey0 = old_rawkey1 = 0L;
235 saltbits = 0L;
236 old_salt = 0L;
237 bits24 = (bits28 = bits32 + 4) + 4;
238
239 /*
240 * Invert the S-boxes, reordering the input bits.
241 */
242 for (i = 0; i < 8; i++)
243 for (j = 0; j < 64; j++) {
244 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
245 u_sbox[i][j] = sbox[i][b];
246 }
247
248 /*
249 * Convert the inverted S-boxes into 4 arrays of 8 bits.
250 * Each will handle 12 bits of the S-box input.
251 */
252 for (b = 0; b < 4; b++)
253 for (i = 0; i < 64; i++)
254 for (j = 0; j < 64; j++)
255 m_sbox[b][(i << 6) | j] =
256 (u_char) ((u_sbox[(b << 1)][i] << 4) |
257 u_sbox[(b << 1) + 1][j]);
258
259 /*
260 * Set up the initial & final permutations into a useful form, and
261 * initialise the inverted key permutation.
262 */
263 for (i = 0; i < 64; i++) {
264 init_perm[final_perm[i] = IP[i] - 1] = (u_char) i;
265 inv_key_perm[i] = 255;
266 }
267
268 /*
269 * Invert the key permutation and initialise the inverted key
270 * compression permutation.
271 */
272 for (i = 0; i < 56; i++) {
273 inv_key_perm[key_perm[i] - 1] = (u_char) i;
274 inv_comp_perm[i] = 255;
275 }
276
277 /*
278 * Invert the key compression permutation.
279 */
280 for (i = 0; i < 48; i++) {
281 inv_comp_perm[comp_perm[i] - 1] = (u_char) i;
282 }
283
284 /*
285 * Set up the OR-mask arrays for the initial and final permutations,
286 * and for the key initial and compression permutations.
287 */
288 for (k = 0; k < 8; k++) {
289 for (i = 0; i < 256; i++) {
290 *(il = &ip_maskl[k][i]) = 0L;
291 *(ir = &ip_maskr[k][i]) = 0L;
292 *(fl = &fp_maskl[k][i]) = 0L;
293 *(fr = &fp_maskr[k][i]) = 0L;
294 for (j = 0; j < 8; j++) {
295 inbit = 8 * k + j;
296 if (i & bits8[j]) {
297 if ((obit = init_perm[inbit]) < 32)
298 *il |= bits32[obit];
299 else
300 *ir |= bits32[obit - 32];
301 if ((obit = final_perm[inbit]) < 32)
302 *fl |= bits32[obit];
303 else
304 *fr |= bits32[obit - 32];
305 }
306 }
307 }
308 for (i = 0; i < 128; i++) {
309 *(il = &key_perm_maskl[k][i]) = 0L;
310 *(ir = &key_perm_maskr[k][i]) = 0L;
311 for (j = 0; j < 7; j++) {
312 inbit = 8 * k + j;
313 if (i & bits8[j + 1]) {
314 if ((obit = inv_key_perm[inbit]) == 255)
315 continue;
316 if (obit < 28)
317 *il |= bits28[obit];
318 else
319 *ir |= bits28[obit - 28];
320 }
321 }
322 *(il = &comp_maskl[k][i]) = 0L;
323 *(ir = &comp_maskr[k][i]) = 0L;
324 for (j = 0; j < 7; j++) {
325 inbit = 7 * k + j;
326 if (i & bits8[j + 1]) {
327 if ((obit =
328 inv_comp_perm[inbit]) == 255)
329 continue;
330 if (obit < 24)
331 *il |= bits24[obit];
332 else
333 *ir |= bits24[obit - 24];
334 }
335 }
336 }
337 }
338
339 /*
340 * Invert the P-box permutation, and convert into OR-masks for
341 * handling the output of the S-box arrays setup above.
342 */
343 for (i = 0; i < 32; i++)
344 un_pbox[pbox[i] - 1] = (u_char) i;
345
346 for (b = 0; b < 4; b++)
347 for (i = 0; i < 256; i++) {
348 *(p = &psbox[b][i]) = 0L;
349 for (j = 0; j < 8; j++) {
350 if (i & bits8[j])
351 *p |= bits32[un_pbox[8 * b + j]];
352 }
353 }
354
355 des_initialised = 1;
356 }
357
358 static void setup_salt(u_int32_t salt)
359 {
360 u_int32_t obit, saltbit;
361 int i;
362
363 if (salt == old_salt)
364 return;
365 old_salt = salt;
366
367 saltbits = 0L;
368 saltbit = 1;
369 obit = 0x800000;
370 for (i = 0; i < 24; i++) {
371 if (salt & saltbit)
372 saltbits |= obit;
373 saltbit <<= 1;
374 obit >>= 1;
375 }
376 }
377
378 static int des_setkey(const char *key)
379 {
380 u_int32_t k0, k1, rawkey0, rawkey1;
381 int shifts, round;
382
383 des_init();
384
385 rawkey0 = ntohl(*(const u_int32_t *)key);
386 rawkey1 = ntohl(*(const u_int32_t *)(key + 4));
387
388 if ((rawkey0 | rawkey1)
389 && rawkey0 == old_rawkey0 && rawkey1 == old_rawkey1) {
390 /*
391 * Already setup for this key.
392 * This optimisation fails on a zero key (which is weak and
393 * has bad parity anyway) in order to simplify the starting
394 * conditions.
395 */
396 return (0);
397 }
398 old_rawkey0 = rawkey0;
399 old_rawkey1 = rawkey1;
400
401 /*
402 * Do key permutation and split into two 28-bit subkeys.
403 */
404 k0 = key_perm_maskl[0][rawkey0 >> 25]
405 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
406 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
407 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
408 | key_perm_maskl[4][rawkey1 >> 25]
409 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
410 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
411 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
412 k1 = key_perm_maskr[0][rawkey0 >> 25]
413 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
414 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
415 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
416 | key_perm_maskr[4][rawkey1 >> 25]
417 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
418 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
419 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
420 /*
421 * Rotate subkeys and do compression permutation.
422 */
423 shifts = 0;
424 for (round = 0; round < 16; round++) {
425 u_int32_t t0, t1;
426
427 shifts += key_shifts[round];
428
429 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
430 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
431
432 de_keysl[15 - round] =
433 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
434 | comp_maskl[1][(t0 >> 14) & 0x7f]
435 | comp_maskl[2][(t0 >> 7) & 0x7f]
436 | comp_maskl[3][t0 & 0x7f]
437 | comp_maskl[4][(t1 >> 21) & 0x7f]
438 | comp_maskl[5][(t1 >> 14) & 0x7f]
439 | comp_maskl[6][(t1 >> 7) & 0x7f]
440 | comp_maskl[7][t1 & 0x7f];
441
442 de_keysr[15 - round] =
443 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
444 | comp_maskr[1][(t0 >> 14) & 0x7f]
445 | comp_maskr[2][(t0 >> 7) & 0x7f]
446 | comp_maskr[3][t0 & 0x7f]
447 | comp_maskr[4][(t1 >> 21) & 0x7f]
448 | comp_maskr[5][(t1 >> 14) & 0x7f]
449 | comp_maskr[6][(t1 >> 7) & 0x7f]
450 | comp_maskr[7][t1 & 0x7f];
451 }
452 return (0);
453 }
454
455 static int
456 do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t * l_out, u_int32_t * r_out,
457 int count)
458 {
459 /*
460 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
461 */
462 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
463 u_int32_t f, r48l, r48r;
464 int round;
465
466 if (count == 0) {
467 return (1);
468 } else if (count > 0) {
469 /*
470 * Encrypting
471 */
472 kl1 = en_keysl;
473 kr1 = en_keysr;
474 } else {
475 /*
476 * Decrypting
477 */
478 count = -count;
479 kl1 = de_keysl;
480 kr1 = de_keysr;
481 }
482
483 /*
484 * Do initial permutation (IP).
485 */
486 l = ip_maskl[0][l_in >> 24]
487 | ip_maskl[1][(l_in >> 16) & 0xff]
488 | ip_maskl[2][(l_in >> 8) & 0xff]
489 | ip_maskl[3][l_in & 0xff]
490 | ip_maskl[4][r_in >> 24]
491 | ip_maskl[5][(r_in >> 16) & 0xff]
492 | ip_maskl[6][(r_in >> 8) & 0xff]
493 | ip_maskl[7][r_in & 0xff];
494 r = ip_maskr[0][l_in >> 24]
495 | ip_maskr[1][(l_in >> 16) & 0xff]
496 | ip_maskr[2][(l_in >> 8) & 0xff]
497 | ip_maskr[3][l_in & 0xff]
498 | ip_maskr[4][r_in >> 24]
499 | ip_maskr[5][(r_in >> 16) & 0xff]
500 | ip_maskr[6][(r_in >> 8) & 0xff]
501 | ip_maskr[7][r_in & 0xff];
502
503 while (count--) {
504 /*
505 * Do each round.
506 */
507 kl = kl1;
508 kr = kr1;
509 round = 16;
510 while (round--) {
511 /*
512 * Expand R to 48 bits (simulate the E-box).
513 */
514 r48l = ((r & 0x00000001) << 23)
515 | ((r & 0xf8000000) >> 9)
516 | ((r & 0x1f800000) >> 11)
517 | ((r & 0x01f80000) >> 13)
518 | ((r & 0x001f8000) >> 15);
519
520 r48r = ((r & 0x0001f800) << 7)
521 | ((r & 0x00001f80) << 5)
522 | ((r & 0x000001f8) << 3)
523 | ((r & 0x0000001f) << 1)
524 | ((r & 0x80000000) >> 31);
525 /*
526 * Do salting for crypt() and friends, and
527 * XOR with the permuted key.
528 */
529 f = (r48l ^ r48r) & saltbits;
530 r48l ^= f ^ *kl++;
531 r48r ^= f ^ *kr++;
532 /*
533 * Do sbox lookups (which shrink it back to 32 bits)
534 * and do the pbox permutation at the same time.
535 */
536 f = psbox[0][m_sbox[0][r48l >> 12]]
537 | psbox[1][m_sbox[1][r48l & 0xfff]]
538 | psbox[2][m_sbox[2][r48r >> 12]]
539 | psbox[3][m_sbox[3][r48r & 0xfff]];
540 /*
541 * Now that we've permuted things, complete f().
542 */
543 f ^= l;
544 l = r;
545 r = f;
546 }
547 r = l;
548 l = f;
549 }
550 /*
551 * Do final permutation (inverse of IP).
552 */
553 *l_out = fp_maskl[0][l >> 24]
554 | fp_maskl[1][(l >> 16) & 0xff]
555 | fp_maskl[2][(l >> 8) & 0xff]
556 | fp_maskl[3][l & 0xff]
557 | fp_maskl[4][r >> 24]
558 | fp_maskl[5][(r >> 16) & 0xff]
559 | fp_maskl[6][(r >> 8) & 0xff]
560 | fp_maskl[7][r & 0xff];
561 *r_out = fp_maskr[0][l >> 24]
562 | fp_maskr[1][(l >> 16) & 0xff]
563 | fp_maskr[2][(l >> 8) & 0xff]
564 | fp_maskr[3][l & 0xff]
565 | fp_maskr[4][r >> 24]
566 | fp_maskr[5][(r >> 16) & 0xff]
567 | fp_maskr[6][(r >> 8) & 0xff]
568 | fp_maskr[7][r & 0xff];
569 return (0);
570 }
571
572 #if 0
573 static int des_cipher(const char *in, char *out, u_int32_t salt, int count)
574 {
575 u_int32_t l_out, r_out, rawl, rawr;
576 int retval;
577 union {
578 u_int32_t *ui32;
579 const char *c;
580 } trans;
581
582 des_init();
583
584 setup_salt(salt);
585
586 trans.c = in;
587 rawl = ntohl(*trans.ui32++);
588 rawr = ntohl(*trans.ui32);
589
590 retval = do_des(rawl, rawr, &l_out, &r_out, count);
591
592 trans.c = out;
593 *trans.ui32++ = htonl(l_out);
594 *trans.ui32 = htonl(r_out);
595 return (retval);
596 }
597 #endif
598
599 void setkey(const char *key)
600 {
601 int i, j;
602 u_int32_t packed_keys[2];
603 u_char *p;
604
605 p = (u_char *) packed_keys;
606
607 for (i = 0; i < 8; i++) {
608 p[i] = 0;
609 for (j = 0; j < 8; j++)
610 if (*key++ & 1)
611 p[i] |= bits8[j];
612 }
613 des_setkey((char *)p);
614 }
615
616 void encrypt(char *block, int flag)
617 {
618 u_int32_t io[2];
619 u_char *p;
620 int i, j;
621
622 des_init();
623
624 setup_salt(0L);
625 p = (u_char *) block;
626 for (i = 0; i < 2; i++) {
627 io[i] = 0L;
628 for (j = 0; j < 32; j++)
629 if (*p++ & 1)
630 io[i] |= bits32[j];
631 }
632 do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
633 for (i = 0; i < 2; i++)
634 for (j = 0; j < 32; j++)
635 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
636 }
637
638 char *__des_crypt(const unsigned char *key, const unsigned char *setting)
639 {
640 u_int32_t count, salt, l, r0, r1, keybuf[2];
641 u_char *p, *q;
642 static char output[21];
643
644 des_init();
645
646 /*
647 * Copy the key, shifting each character up by one bit
648 * and padding with zeros.
649 */
650 q = (u_char *) keybuf;
651 while (q - (u_char *) keybuf - 8) {
652 *q++ = *key << 1;
653 if (*(q - 1))
654 key++;
655 }
656 if (des_setkey((char *)keybuf))
657 return (NULL);
658
659 #if 0
660 if (*setting == _PASSWORD_EFMT1) {
661 int i;
662 /*
663 * "new"-style:
664 * setting - underscore, 4 bytes of count, 4 bytes of salt
665 * key - unlimited characters
666 */
667 for (i = 1, count = 0L; i < 5; i++)
668 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
669
670 for (i = 5, salt = 0L; i < 9; i++)
671 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
672
673 while (*key) {
674 /*
675 * Encrypt the key with itself.
676 */
677 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
678 return (NULL);
679 /*
680 * And XOR with the next 8 characters of the key.
681 */
682 q = (u_char *) keybuf;
683 while (q - (u_char *) keybuf - 8 && *key)
684 *q++ ^= *key++ << 1;
685
686 if (des_setkey((char *)keybuf))
687 return (NULL);
688 }
689 strncpy(output, setting, 9);
690
691 /*
692 * Double check that we weren't given a short setting.
693 * If we were, the above code will probably have created
694 * wierd values for count and salt, but we don't really care.
695 * Just make sure the output string doesn't have an extra
696 * NUL in it.
697 */
698 output[9] = '\0';
699 p = (u_char *) output + strlen(output);
700 } else
701 #endif
702 {
703 /*
704 * "old"-style:
705 * setting - 2 bytes of salt
706 * key - up to 8 characters
707 */
708 count = 25;
709
710 salt = (ascii_to_bin(setting[1]) << 6)
711 | ascii_to_bin(setting[0]);
712
713 output[0] = setting[0];
714 /*
715 * If the encrypted password that the salt was extracted from
716 * is only 1 character long, the salt will be corrupted. We
717 * need to ensure that the output string doesn't have an extra
718 * NUL in it!
719 */
720 output[1] = setting[1] ? setting[1] : output[0];
721
722 p = (u_char *) output + 2;
723 }
724 setup_salt(salt);
725 /*
726 * Do it.
727 */
728 if (do_des(0L, 0L, &r0, &r1, (int)count))
729 return (NULL);
730 /*
731 * Now encode the result...
732 */
733 l = (r0 >> 8);
734 *p++ = ascii64[(l >> 18) & 0x3f];
735 *p++ = ascii64[(l >> 12) & 0x3f];
736 *p++ = ascii64[(l >> 6) & 0x3f];
737 *p++ = ascii64[l & 0x3f];
738
739 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
740 *p++ = ascii64[(l >> 18) & 0x3f];
741 *p++ = ascii64[(l >> 12) & 0x3f];
742 *p++ = ascii64[(l >> 6) & 0x3f];
743 *p++ = ascii64[l & 0x3f];
744
745 l = r1 << 2;
746 *p++ = ascii64[(l >> 12) & 0x3f];
747 *p++ = ascii64[(l >> 6) & 0x3f];
748 *p++ = ascii64[l & 0x3f];
749 *p = 0;
750
751 return (output);
752 }