Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
att
GitHub Repository: att/ast
 Path: blob/master/src/lib/libast/uwin/crypt.c
1811 views
1
#include "FEATURE/uwin"

2


3
#if !_UWIN || _lib_crypt

4


5
void _STUB_crypt(){}

6


7
#else

8


9
/*

10
 * Copyright (c) 1989, 1993

11
 *	The Regents of the University of California.  All rights reserved.

12
 *

13
 * This code is derived from software contributed to Berkeley by

14
 * Tom Truscott.

15
 *

16
 * Redistribution and use in source and binary forms, with or without

17
 * modification, are permitted provided that the following conditions

18
 * are met:

19
 * 1. Redistributions of source code must retain the above copyright

20
 *    notice, this list of conditions and the following disclaimer.

21
 * 2. Redistributions in binary form must reproduce the above copyright

22
 *    notice, this list of conditions and the following disclaimer in the

23
 *    documentation and/or other materials provided with the distribution.

24
 * 3. Neither the name of the University nor the names of its contributors

25
 *    may be used to endorse or promote products derived from this software

26
 *    without specific prior written permission.

27
 *

28
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND

29
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

30
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

31
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE

32
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

33
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

34
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

35
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

36
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

37
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

38
 * SUCH DAMAGE.

39
 */

40


41
#if defined(LIBC_SCCS) && !defined(lint)

42
static char sccsid[] = "@(#)crypt.c	8.1 (Berkeley) 6/4/93";

43
#endif /* LIBC_SCCS and not lint */

44


45
#define crypt		______crypt

46
#define encrypt		______encrypt

47
#define setkey		______setkey

48


49
/* #include <unistd.h> */

50
#include <stdio.h>

51
#include <limits.h>

52
#include <pwd.h>

53


54
#undef	crypt

55
#undef	encrypt

56
#undef	setkey

57


58
#ifndef _PASSWORD_EFMT1

59
#define _PASSWORD_EFMT1 '-'

60
#endif

61


62
#if defined(__EXPORT__)

63
#define extern	__EXPORT__

64
#endif

65


66
/*

67
 * UNIX password, and DES, encryption.

68
 * By Tom Truscott, [email protected],

69
 * from algorithms by Robert W. Baldwin and James Gillogly.

70
 *

71
 * References:

72
 * "Mathematical Cryptology for Computer Scientists and Mathematicians,"

73
 * by Wayne Patterson, 1987, ISBN 0-8476-7438-X.

74
 *

75
 * "Password Security: A Case History," R. Morris and Ken Thompson,

76
 * Communications of the ACM, vol. 22, pp. 594-597, Nov. 1979.

77
 *

78
 * "DES will be Totally Insecure within Ten Years," M.E. Hellman,

79
 * IEEE Spectrum, vol. 16, pp. 32-39, July 1979.

80
 */

81


82
/* =====  Configuration ==================== */

83


84
/*

85
 * define "MUST_ALIGN" if your compiler cannot load/store

86
 * long integers at arbitrary (e.g. odd) memory locations.

87
 * (Either that or never pass unaligned addresses to des_cipher!)

88
 */

89
#if !defined(vax)

90
#define	MUST_ALIGN

91
#endif

92


93
#ifdef CHAR_BITS

94
#if CHAR_BITS != 8

95
	#error C_block structure assumes 8 bit characters

96
#endif

97
#endif

98


99
/*

100
 * define "LONG_IS_32_BITS" only if sizeof(long)==4.

101
 * This avoids use of bit fields (your compiler may be sloppy with them).

102
 */

103
#if !defined(cray)

104
#define	LONG_IS_32_BITS

105
#endif

106


107
/*

108
 * define "B64" to be the declaration for a 64 bit integer.

109
 * XXX this feature is currently unused, see "endian" comment below.

110
 */

111
#if defined(cray)

112
#define	B64	long

113
#endif

114
#if defined(convex)

115
#define	B64	long long

116
#endif

117


118
/*

119
 * define "LARGEDATA" to get faster permutations, by using about 72 kilobytes

120
 * of lookup tables.  This speeds up des_setkey() and des_cipher(), but has

121
 * little effect on crypt().

122
 */

123
#if defined(notdef)

124
#define	LARGEDATA

125
#endif

126


127
/* ==================================== */

128


129
/*

130
 * Cipher-block representation (Bob Baldwin):

131
 *

132
 * DES operates on groups of 64 bits, numbered 1..64 (sigh).  One

133
 * representation is to store one bit per byte in an array of bytes.  Bit N of

134
 * the NBS spec is stored as the LSB of the Nth byte (index N-1) in the array.

135
 * Another representation stores the 64 bits in 8 bytes, with bits 1..8 in the

136
 * first byte, 9..16 in the second, and so on.  The DES spec apparently has

137
 * bit 1 in the MSB of the first byte, but that is particularly noxious so we

138
 * bit-reverse each byte so that bit 1 is the LSB of the first byte, bit 8 is

139
 * the MSB of the first byte.  Specifically, the 64-bit input data and key are

140
 * converted to LSB format, and the output 64-bit block is converted back into

141
 * MSB format.

142
 *

143
 * DES operates internally on groups of 32 bits which are expanded to 48 bits

144
 * by permutation E and shrunk back to 32 bits by the S boxes.  To speed up

145
 * the computation, the expansion is applied only once, the expanded

146
 * representation is maintained during the encryption, and a compression

147
 * permutation is applied only at the end.  To speed up the S-box lookups,

148
 * the 48 bits are maintained as eight 6 bit groups, one per byte, which

149
 * directly feed the eight S-boxes.  Within each byte, the 6 bits are the

150
 * most significant ones.  The low two bits of each byte are zero.  (Thus,

151
 * bit 1 of the 48 bit E expansion is stored as the "4"-valued bit of the

152
 * first byte in the eight byte representation, bit 2 of the 48 bit value is

153
 * the "8"-valued bit, and so on.)  In fact, a combined "SPE"-box lookup is

154
 * used, in which the output is the 64 bit result of an S-box lookup which

155
 * has been permuted by P and expanded by E, and is ready for use in the next

156
 * iteration.  Two 32-bit wide tables, SPE[0] and SPE[1], are used for this

157
 * lookup.  Since each byte in the 48 bit path is a multiple of four, indexed

158
 * lookup of SPE[0] and SPE[1] is simple and fast.  The key schedule and

159
 * "salt" are also converted to this 8*(6+2) format.  The SPE table size is

160
 * 8*64*8 = 4K bytes.

161
 *

162
 * To speed up bit-parallel operations (such as XOR), the 8 byte

163
 * representation is "union"ed with 32 bit values "i0" and "i1", and, on

164
 * machines which support it, a 64 bit value "b64".  This data structure,

165
 * "C_block", has two problems.  First, alignment restrictions must be

166
 * honored.  Second, the byte-order (e.g. little-endian or big-endian) of

167
 * the architecture becomes visible.

168
 *

169
 * The byte-order problem is unfortunate, since on the one hand it is good

170
 * to have a machine-independent C_block representation (bits 1..8 in the

171
 * first byte, etc.), and on the other hand it is good for the LSB of the

172
 * first byte to be the LSB of i0.  We cannot have both these things, so we

173
 * currently use the "little-endian" representation and avoid any multi-byte

174
 * operations that depend on byte order.  This largely precludes use of the

175
 * 64-bit datatype since the relative order of i0 and i1 are unknown.  It

176
 * also inhibits grouping the SPE table to look up 12 bits at a time.  (The

177
 * 12 bits can be stored in a 16-bit field with 3 low-order zeroes and 1

178
 * high-order zero, providing fast indexing into a 64-bit wide SPE.)  On the

179
 * other hand, 64-bit datatypes are currently rare, and a 12-bit SPE lookup

180
 * requires a 128 kilobyte table, so perhaps this is not a big loss.

181
 *

182
 * Permutation representation (Jim Gillogly):

183
 *

184
 * A transformation is defined by its effect on each of the 8 bytes of the

185
 * 64-bit input.  For each byte we give a 64-bit output that has the bits in

186
 * the input distributed appropriately.  The transformation is then the OR

187
 * of the 8 sets of 64-bits.  This uses 8*256*8 = 16K bytes of storage for

188
 * each transformation.  Unless LARGEDATA is defined, however, a more compact

189
 * table is used which looks up 16 4-bit "chunks" rather than 8 8-bit chunks.

190
 * The smaller table uses 16*16*8 = 2K bytes for each transformation.  This

191
 * is slower but tolerable, particularly for password encryption in which

192
 * the SPE transformation is iterated many times.  The small tables total 9K

193
 * bytes, the large tables total 72K bytes.

194
 *

195
 * The transformations used are:

196
 * IE3264: MSB->LSB conversion, initial permutation, and expansion.

197
 *	This is done by collecting the 32 even-numbered bits and applying

198
 *	a 32->64 bit transformation, and then collecting the 32 odd-numbered

199
 *	bits and applying the same transformation.  Since there are only

200
 *	32 input bits, the IE3264 transformation table is half the size of

201
 *	the usual table.

202
 * CF6464: Compression, final permutation, and LSB->MSB conversion.

203
 *	This is done by two trivial 48->32 bit compressions to obtain

204
 *	a 64-bit block (the bit numbering is given in the "CIFP" table)

205
 *	followed by a 64->64 bit "cleanup" transformation.  (It would

206
 *	be possible to group the bits in the 64-bit block so that 2

207
 *	identical 32->32 bit transformations could be used instead,

208
 *	saving a factor of 4 in space and possibly 2 in time, but

209
 *	byte-ordering and other complications rear their ugly head.

210
 *	Similar opportunities/problems arise in the key schedule

211
 *	transforms.)

212
 * PC1ROT: MSB->LSB, PC1 permutation, rotate, and PC2 permutation.

213
 *	This admittedly baroque 64->64 bit transformation is used to

214
 *	produce the first code (in 8*(6+2) format) of the key schedule.

215
 * PC2ROT[0]: Inverse PC2 permutation, rotate, and PC2 permutation.

216
 *	It would be possible to define 15 more transformations, each

217
 *	with a different rotation, to generate the entire key schedule.

218
 *	To save space, however, we instead permute each code into the

219
 *	next by using a transformation that "undoes" the PC2 permutation,

220
 *	rotates the code, and then applies PC2.  Unfortunately, PC2

221
 *	transforms 56 bits into 48 bits, dropping 8 bits, so PC2 is not

222
 *	invertible.  We get around that problem by using a modified PC2

223
 *	which retains the 8 otherwise-lost bits in the unused low-order

224
 *	bits of each byte.  The low-order bits are cleared when the

225
 *	codes are stored into the key schedule.

226
 * PC2ROT[1]: Same as PC2ROT[0], but with two rotations.

227
 *	This is faster than applying PC2ROT[0] twice,

228
 *

229
 * The Bell Labs "salt" (Bob Baldwin):

230
 *

231
 * The salting is a simple permutation applied to the 48-bit result of E.

232
 * Specifically, if bit i (1 <= i <= 24) of the salt is set then bits i and

233
 * i+24 of the result are swapped.  The salt is thus a 24 bit number, with

234
 * 16777216 possible values.  (The original salt was 12 bits and could not

235
 * swap bits 13..24 with 36..48.)

236
 *

237
 * It is possible, but ugly, to warp the SPE table to account for the salt

238
 * permutation.  Fortunately, the conditional bit swapping requires only

239
 * about four machine instructions and can be done on-the-fly with about an

240
 * 8% performance penalty.

241
 */

242


243
typedef union {

244
	unsigned char b[8];

245
	struct  {

246
#if defined(LONG_IS_32_BITS)

247
		/* long is often faster than a 32-bit bit field */

248
		long	i0;

249
		long	i1;

250
#else

251
		long	i0: 32;

252
		long	i1: 32;

253
#endif

254
	} b32;

255
#if defined(B64)

256
	B64	b64;

257
#endif

258
} C_block;

259


260
/*

261
 * Convert twenty-four-bit long in host-order

262
 * to six bits (and 2 low-order zeroes) per char little-endian format.

263
 */

264
#define	TO_SIX_BIT(rslt, src) {				\

265
		C_block cvt;				\

266
		cvt.b[0] = (unsigned char) src; src >>= 6;		\

267
		cvt.b[1] = (unsigned char) src; src >>= 6;		\

268
		cvt.b[2] = (unsigned char) src; src >>= 6;		\

269
		cvt.b[3] = (unsigned char) src;				\

270
		rslt = (cvt.b32.i0 & 0x3f3f3f3fL) << 2;	\

271
	}

272


273
/*

274
 * These macros may someday permit efficient use of 64-bit integers.

275
 */

276
#define	ZERO(d,d0,d1)			d0 = 0, d1 = 0

277
#define	LOAD(d,d0,d1,bl)		d0 = (bl).b32.i0, d1 = (bl).b32.i1

278
#define	LOADREG(d,d0,d1,s,s0,s1)	d0 = s0, d1 = s1

279
#define	OR(d,d0,d1,bl)			d0 |= (bl).b32.i0, d1 |= (bl).b32.i1

280
#define	STORE(s,s0,s1,bl)		(bl).b32.i0 = s0, (bl).b32.i1 = s1

281
#define	DCL_BLOCK(d,d0,d1)		long d0, d1

282
/* proto(1) workarounds -- barf */

283
#define DCL_BLOCK_D			DCL_BLOCK(D,D0,D1)

284
#define DCL_BLOCK_K			DCL_BLOCK(K,K0,K1)

285


286
#if defined(LARGEDATA)

287
	/* Waste memory like crazy.  Also, do permutations in line */

288
#define	LGCHUNKBITS	3

289
#define	CHUNKBITS	(1<<LGCHUNKBITS)

290
#define	PERM6464(d,d0,d1,cpp,p)				\

291
	LOAD(d,d0,d1,(p)[(0<<CHUNKBITS)+(cpp)[0]]);		\

292
	OR (d,d0,d1,(p)[(1<<CHUNKBITS)+(cpp)[1]]);		\

293
	OR (d,d0,d1,(p)[(2<<CHUNKBITS)+(cpp)[2]]);		\

294
	OR (d,d0,d1,(p)[(3<<CHUNKBITS)+(cpp)[3]]);		\

295
	OR (d,d0,d1,(p)[(4<<CHUNKBITS)+(cpp)[4]]);		\

296
	OR (d,d0,d1,(p)[(5<<CHUNKBITS)+(cpp)[5]]);		\

297
	OR (d,d0,d1,(p)[(6<<CHUNKBITS)+(cpp)[6]]);		\

298
	OR (d,d0,d1,(p)[(7<<CHUNKBITS)+(cpp)[7]]);

299
#define	PERM3264(d,d0,d1,cpp,p)				\

300
	LOAD(d,d0,d1,(p)[(0<<CHUNKBITS)+(cpp)[0]]);		\

301
	OR (d,d0,d1,(p)[(1<<CHUNKBITS)+(cpp)[1]]);		\

302
	OR (d,d0,d1,(p)[(2<<CHUNKBITS)+(cpp)[2]]);		\

303
	OR (d,d0,d1,(p)[(3<<CHUNKBITS)+(cpp)[3]]);

304
#else

305
	/* "small data" */

306
#define	LGCHUNKBITS	2

307
#define	CHUNKBITS	(1<<LGCHUNKBITS)

308
#define	PERM6464(d,d0,d1,cpp,p)				\

309
	{ C_block tblk; permute(cpp,&tblk,p,8); LOAD (d,d0,d1,tblk); }

310
#define	PERM3264(d,d0,d1,cpp,p)				\

311
	{ C_block tblk; permute(cpp,&tblk,p,4); LOAD (d,d0,d1,tblk); }

312


313
static void permute(unsigned char *cp, C_block *out, register C_block *p, int chars_in) {

314
	register DCL_BLOCK_D;

315
	register C_block *tp;

316
	register int t;

317


318
	ZERO(D,D0,D1);

319
	do {

320
		t = *cp++;

321
		tp = &p[t&0xf]; OR(D,D0,D1,*tp); p += (1<<CHUNKBITS);

322
		tp = &p[t>>4];  OR(D,D0,D1,*tp); p += (1<<CHUNKBITS);

323
	} while (--chars_in > 0);

324
	STORE(D,D0,D1,*out);

325
}

326
#endif /* LARGEDATA */

327


328


329
/* =====  (mostly) Standard DES Tables ==================== */

330


331
static unsigned char IP[] = {		/* initial permutation */

332
	58, 50, 42, 34, 26, 18, 10,  2,

333
	60, 52, 44, 36, 28, 20, 12,  4,

334
	62, 54, 46, 38, 30, 22, 14,  6,

335
	64, 56, 48, 40, 32, 24, 16,  8,

336
	57, 49, 41, 33, 25, 17,  9,  1,

337
	59, 51, 43, 35, 27, 19, 11,  3,

338
	61, 53, 45, 37, 29, 21, 13,  5,

339
	63, 55, 47, 39, 31, 23, 15,  7,

340
};

341


342
/* The final permutation is the inverse of IP - no table is necessary */

343


344
static unsigned char ExpandTr[] = {	/* expansion operation */

345
	32,  1,  2,  3,  4,  5,

346
	 4,  5,  6,  7,  8,  9,

347
	 8,  9, 10, 11, 12, 13,

348
	12, 13, 14, 15, 16, 17,

349
	16, 17, 18, 19, 20, 21,

350
	20, 21, 22, 23, 24, 25,

351
	24, 25, 26, 27, 28, 29,

352
	28, 29, 30, 31, 32,  1,

353
};

354


355
static unsigned char PC1[] = {		/* permuted choice table 1 */

356
	57, 49, 41, 33, 25, 17,  9,

357
	 1, 58, 50, 42, 34, 26, 18,

358
	10,  2, 59, 51, 43, 35, 27,

359
	19, 11,  3, 60, 52, 44, 36,

360


361
	63, 55, 47, 39, 31, 23, 15,

362
	 7, 62, 54, 46, 38, 30, 22,

363
	14,  6, 61, 53, 45, 37, 29,

364
	21, 13,  5, 28, 20, 12,  4,

365
};

366


367
static unsigned char Rotates[] = {	/* PC1 rotation schedule */

368
	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1,

369
};

370


371
/* note: each "row" of PC2 is left-padded with bits that make it invertible */

372
static unsigned char PC2[] = {		/* permuted choice table 2 */

373
	 9, 18,    14, 17, 11, 24,  1,  5,

374
	22, 25,     3, 28, 15,  6, 21, 10,

375
	35, 38,    23, 19, 12,  4, 26,  8,

376
	43, 54,    16,  7, 27, 20, 13,  2,

377


378
	 0,  0,    41, 52, 31, 37, 47, 55,

379
	 0,  0,    30, 40, 51, 45, 33, 48,

380
	 0,  0,    44, 49, 39, 56, 34, 53,

381
	 0,  0,    46, 42, 50, 36, 29, 32,

382
};

383


384
static unsigned char S[8][64] = {	/* 48->32 bit substitution tables */

385
					/* S[1]			*/

386
	14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,

387
	 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,

388
	 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,

389
	15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13,

390
					/* S[2]			*/

391
	15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,

392
	 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,

393
	 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,

394
	13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9,

395
					/* S[3]			*/

396
	10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,

397
	13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,

398
	13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,

399
	 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12,

400
					/* S[4]			*/

401
	 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,

402
	13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,

403
	10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,

404
	 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14,

405
					/* S[5]			*/

406
	 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,

407
	14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,

408
	 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,

409
	11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3,

410
					/* S[6]			*/

411
	12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,

412
	10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,

413
	 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,

414
	 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13,

415
					/* S[7]			*/

416
	 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,

417
	13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,

418
	 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,

419
	 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12,

420
					/* S[8]			*/

421
	13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,

422
	 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,

423
	 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,

424
	 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11,

425
};

426


427
static unsigned char P32Tr[] = {	/* 32-bit permutation function */

428
	16,  7, 20, 21,

429
	29, 12, 28, 17,

430
	 1, 15, 23, 26,

431
	 5, 18, 31, 10,

432
	 2,  8, 24, 14,

433
	32, 27,  3,  9,

434
	19, 13, 30,  6,

435
	22, 11,  4, 25,

436
};

437


438
static unsigned char CIFP[] = {		/* compressed/interleaved permutation */

439
	 1,  2,  3,  4,   17, 18, 19, 20,

440
	 5,  6,  7,  8,   21, 22, 23, 24,

441
	 9, 10, 11, 12,   25, 26, 27, 28,

442
	13, 14, 15, 16,   29, 30, 31, 32,

443


444
	33, 34, 35, 36,   49, 50, 51, 52,

445
	37, 38, 39, 40,   53, 54, 55, 56,

446
	41, 42, 43, 44,   57, 58, 59, 60,

447
	45, 46, 47, 48,   61, 62, 63, 64,

448
};

449


450
static unsigned char itoa64[] =		/* 0..63 => ascii-64 */

451
	"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";

452


453


454
/* =====  Tables that are initialized at run time  ==================== */

455


456


457
static unsigned char a64toi[128];	/* ascii-64 => 0..63 */

458


459
/* Initial key schedule permutation */

460
static C_block	PC1ROT[64/CHUNKBITS][1<<CHUNKBITS];

461


462
/* Subsequent key schedule rotation permutations */

463
static C_block	PC2ROT[2][64/CHUNKBITS][1<<CHUNKBITS];

464


465
/* Initial permutation/expansion table */

466
static C_block	IE3264[32/CHUNKBITS][1<<CHUNKBITS];

467


468
/* Table that combines the S, P, and E operations.  */

469
static long SPE[2][8][64];

470


471
/* compressed/interleaved => final permutation table */

472
static C_block	CF6464[64/CHUNKBITS][1<<CHUNKBITS];

473


474


475
/* ==================================== */

476


477
static C_block	constdatablock;			/* encryption constant */

478
static char	cryptresult[1+4+4+11+1];	/* encrypted result */

479


480
/*

481
 * Initialize "perm" to represent transformation "p", which rearranges

482
 * (perhaps with expansion and/or contraction) one packed array of bits

483
 * (of size "chars_in" characters) into another array (of size "chars_out"

484
 * characters).

485
 *

486
 * "perm" must be all-zeroes on entry to this routine.

487
 */

488
static void init_perm(C_block perm[64/CHUNKBITS][1<<CHUNKBITS], 

489
	unsigned char p[64], int chars_in, int chars_out) {

490
	register int i, j, k, l;

491


492
	for (k = 0; k < chars_out*8; k++) {	/* each output bit position */

493
		l = p[k] - 1;		/* where this bit comes from */

494
		if (l < 0)

495
			continue;	/* output bit is always 0 */

496
		i = l>>LGCHUNKBITS;	/* which chunk this bit comes from */

497
		l = 1<<(l&(CHUNKBITS-1));	/* mask for this bit */

498
		for (j = 0; j < (1<<CHUNKBITS); j++) {	/* each chunk value */

499
			if ((j & l) != 0)

500
				perm[i][j].b[k>>3] |= 1<<(k&07);

501
		}

502
	}

503
}

504


505
/*

506
 * Initialize various tables.  This need only be done once.  It could even be

507
 * done at compile time, if the compiler were capable of that sort of thing.

508
 */

509
static void init_des(void) {

510
	register int i, j;

511
	register long k;

512
	register int tableno;

513
	static unsigned char perm[64], tmp32[32];	/* "static" for speed */

514


515
	/*

516
	 * table that converts chars "./0-9A-Za-z"to integers 0-63.

517
	 */

518
	for (i = 0; i < 64; i++)

519
		a64toi[itoa64[i]] = i;

520


521
	/*

522
	 * PC1ROT - bit reverse, then PC1, then Rotate, then PC2.

523
	 */

524
	for (i = 0; i < 64; i++)

525
		perm[i] = 0;

526
	for (i = 0; i < 64; i++) {

527
		if ((k = PC2[i]) == 0)

528
			continue;

529
		k += Rotates[0]-1;

530
		if ((k%28) < Rotates[0]) k -= 28;

531
		k = PC1[k];

532
		if (k > 0) {

533
			k--;

534
			k = (k|07) - (k&07);

535
			k++;

536
		}

537
		perm[i] = (unsigned char) k;

538
	}

539
#ifdef DEBUG

540
	prtab("pc1tab", perm, 8);

541
#endif

542
	init_perm(PC1ROT, perm, 8, 8);

543


544
	/*

545
	 * PC2ROT - PC2 inverse, then Rotate (once or twice), then PC2.

546
	 */

547
	for (j = 0; j < 2; j++) {

548
		unsigned char pc2inv[64];

549
		for (i = 0; i < 64; i++)

550
			perm[i] = pc2inv[i] = 0;

551
		for (i = 0; i < 64; i++) {

552
			if ((k = PC2[i]) == 0)

553
				continue;

554
			pc2inv[k-1] = i+1;

555
		}

556
		for (i = 0; i < 64; i++) {

557
			if ((k = PC2[i]) == 0)

558
				continue;

559
			k += j;

560
			if ((k%28) <= j) k -= 28;

561
			perm[i] = pc2inv[k];

562
		}

563
#ifdef DEBUG

564
		prtab("pc2tab", perm, 8);

565
#endif

566
		init_perm(PC2ROT[j], perm, 8, 8);

567
	}

568


569
	/*

570
	 * Bit reverse, then initial permutation, then expansion.

571
	 */

572
	for (i = 0; i < 8; i++) {

573
		for (j = 0; j < 8; j++) {

574
			k = (j < 2)? 0: IP[ExpandTr[i*6+j-2]-1];

575
			if (k > 32)

576
				k -= 32;

577
			else if (k > 0)

578
				k--;

579
			if (k > 0) {

580
				k--;

581
				k = (k|07) - (k&07);

582
				k++;

583
			}

584
			perm[i*8+j] = (unsigned char) k;

585
		}

586
	}

587
#ifdef DEBUG

588
	prtab("ietab", perm, 8);

589
#endif

590
	init_perm(IE3264, perm, 4, 8);

591


592
	/*

593
	 * Compression, then final permutation, then bit reverse.

594
	 */

595
	for (i = 0; i < 64; i++) {

596
		k = IP[CIFP[i]-1];

597
		if (k > 0) {

598
			k--;

599
			k = (k|07) - (k&07);

600
			k++;

601
		}

602
		perm[k-1] = i+1;

603
	}

604
#ifdef DEBUG

605
	prtab("cftab", perm, 8);

606
#endif

607
	init_perm(CF6464, perm, 8, 8);

608


609
	/*

610
	 * SPE table

611
	 */

612
	for (i = 0; i < 48; i++)

613
		perm[i] = P32Tr[ExpandTr[i]-1];

614
	for (tableno = 0; tableno < 8; tableno++) {

615
		for (j = 0; j < 64; j++)  {

616
			k = (((j >> 0) &01) << 5)|

617
			    (((j >> 1) &01) << 3)|

618
			    (((j >> 2) &01) << 2)|

619
			    (((j >> 3) &01) << 1)|

620
			    (((j >> 4) &01) << 0)|

621
			    (((j >> 5) &01) << 4);

622
			k = S[tableno][k];

623
			k = (((k >> 3)&01) << 0)|

624
			    (((k >> 2)&01) << 1)|

625
			    (((k >> 1)&01) << 2)|

626
			    (((k >> 0)&01) << 3);

627
			for (i = 0; i < 32; i++)

628
				tmp32[i] = 0;

629
			for (i = 0; i < 4; i++)

630
				tmp32[4 * tableno + i] = (k >> i) & 01;

631
			k = 0;

632
			for (i = 24; --i >= 0; )

633
				k = (k<<1) | tmp32[perm[i]-1];

634
			TO_SIX_BIT(SPE[0][tableno][j], k);

635
			k = 0;

636
			for (i = 24; --i >= 0; )

637
				k = (k<<1) | tmp32[perm[i+24]-1];

638
			TO_SIX_BIT(SPE[1][tableno][j], k);

639
		}

640
	}

641
}

642


643
/*

644
 * The Key Schedule, filled in by des_setkey() or setkey().

645
 */

646
#define	KS_SIZE	16

647
static C_block	KS[KS_SIZE];

648


649
/*

650
 * Set up the key schedule from the key.

651
 */

652
static int des_setkey(register const char *key) {

653
	register DCL_BLOCK_K;

654
	register C_block *ptabp;

655
	register int i;

656
	static int des_ready = 0;

657


658
	if (!des_ready) {

659
		init_des();

660
		des_ready = 1;

661
	}

662


663
	PERM6464(K,K0,K1,(unsigned char *)key,(C_block *)PC1ROT);

664
	key = (char *)&KS[0];

665
	STORE(K&~0x03030303L, K0&~0x03030303L, K1, *(C_block *)key);

666
	for (i = 1; i < 16; i++) {

667
		key += sizeof(C_block);

668
		STORE(K,K0,K1,*(C_block *)key);

669
		ptabp = (C_block *)PC2ROT[Rotates[i]-1];

670
		PERM6464(K,K0,K1,(unsigned char *)key,ptabp);

671
		STORE(K&~0x03030303L, K0&~0x03030303L, K1, *(C_block *)key);

672
	}

673
	return (0);

674
}

675


676
/*

677
 * Encrypt (or decrypt if num_iter < 0) the 8 chars at "in" with abs(num_iter)

678
 * iterations of DES, using the the given 24-bit salt and the pre-computed key

679
 * schedule, and store the resulting 8 chars at "out" (in == out is permitted).

680
 *

681
 * NOTE: the performance of this routine is critically dependent on your

682
 * compiler and machine architecture.

683
 */

684
static int des_cipher(const char *in, char *out, long salt, int num_iter) {

685
	/* variables that we want in registers, most important first */

686
#if defined(pdp11)

687
	register int j;

688
#endif

689
	register long L0, L1, R0, R1, k;

690
	register C_block *kp;

691
	register int ks_inc, loop_count;

692
	C_block B;

693


694
	L0 = salt;

695
	TO_SIX_BIT(salt, L0);	/* convert to 4*(6+2) format */

696


697
#if defined(vax) || defined(pdp11)

698
	salt = ~salt;	/* "x &~ y" is faster than "x & y". */

699
#define	SALT (~salt)

700
#else

701
#define	SALT salt

702
#endif

703


704
#if defined(MUST_ALIGN)

705
	B.b[0] = in[0]; B.b[1] = in[1]; B.b[2] = in[2]; B.b[3] = in[3];

706
	B.b[4] = in[4]; B.b[5] = in[5]; B.b[6] = in[6]; B.b[7] = in[7];

707
	LOAD(L,L0,L1,B);

708
#else

709
	LOAD(L,L0,L1,*(C_block *)in);

710
#endif

711
	LOADREG(R,R0,R1,L,L0,L1);

712
	L0 &= 0x55555555L;

713
	L1 &= 0x55555555L;

714
	L0 = (L0 << 1) | L1;	/* L0 is the even-numbered input bits */

715
	R0 &= 0xaaaaaaaaL;

716
	R1 = (R1 >> 1) & 0x55555555L;

717
	L1 = R0 | R1;		/* L1 is the odd-numbered input bits */

718
	STORE(L,L0,L1,B);

719
	PERM3264(L,L0,L1,B.b,  (C_block *)IE3264);	/* even bits */

720
	PERM3264(R,R0,R1,B.b+4,(C_block *)IE3264);	/* odd bits */

721


722
	if (num_iter >= 0)

723
	{		/* encryption */

724
		kp = &KS[0];

725
		ks_inc  = sizeof(*kp);

726
	}

727
	else

728
	{		/* decryption */

729
		num_iter = -num_iter;

730
		kp = &KS[KS_SIZE-1];

731
		ks_inc  = -((int) sizeof(*kp));

732
	}

733


734
	while (--num_iter >= 0) {

735
		loop_count = 8;

736
		do {

737


738
#define	SPTAB(t, i)	(*(long *)((unsigned char *)t + i*(sizeof(long)/4)))

739
#if defined(gould)

740
			/* use this if B.b[i] is evaluated just once ... */

741
#define	DOXOR(x,y,i)	x^=SPTAB(SPE[0][i],B.b[i]); y^=SPTAB(SPE[1][i],B.b[i]);

742
#else

743
#if defined(pdp11)

744
			/* use this if your "long" int indexing is slow */

745
#define	DOXOR(x,y,i)	j=B.b[i]; x^=SPTAB(SPE[0][i],j); y^=SPTAB(SPE[1][i],j);

746
#else

747
			/* use this if "k" is allocated to a register ... */

748
#define	DOXOR(x,y,i)	k=B.b[i]; x^=SPTAB(SPE[0][i],k); y^=SPTAB(SPE[1][i],k);

749
#endif

750
#endif

751


752
#define	CRUNCH(p0, p1, q0, q1)	\

753
			k = (q0 ^ q1) & SALT;	\

754
			B.b32.i0 = k ^ q0 ^ kp->b32.i0;		\

755
			B.b32.i1 = k ^ q1 ^ kp->b32.i1;		\

756
			kp = (C_block *)((char *)kp+ks_inc);	\

757
							\

758
			DOXOR(p0, p1, 0);		\

759
			DOXOR(p0, p1, 1);		\

760
			DOXOR(p0, p1, 2);		\

761
			DOXOR(p0, p1, 3);		\

762
			DOXOR(p0, p1, 4);		\

763
			DOXOR(p0, p1, 5);		\

764
			DOXOR(p0, p1, 6);		\

765
			DOXOR(p0, p1, 7);

766


767
			CRUNCH(L0, L1, R0, R1);

768
			CRUNCH(R0, R1, L0, L1);

769
		} while (--loop_count != 0);

770
		kp = (C_block *)((char *)kp-(ks_inc*KS_SIZE));

771


772


773
		/* swap L and R */

774
		L0 ^= R0;  L1 ^= R1;

775
		R0 ^= L0;  R1 ^= L1;

776
		L0 ^= R0;  L1 ^= R1;

777
	}

778


779
	/* store the encrypted (or decrypted) result */

780
	L0 = ((L0 >> 3) & 0x0f0f0f0fL) | ((L1 << 1) & 0xf0f0f0f0L);

781
	L1 = ((R0 >> 3) & 0x0f0f0f0fL) | ((R1 << 1) & 0xf0f0f0f0L);

782
	STORE(L,L0,L1,B);

783
	PERM6464(L,L0,L1,B.b, (C_block *)CF6464);

784
#if defined(MUST_ALIGN)

785
	STORE(L,L0,L1,B);

786
	out[0] = B.b[0]; out[1] = B.b[1]; out[2] = B.b[2]; out[3] = B.b[3];

787
	out[4] = B.b[4]; out[5] = B.b[5]; out[6] = B.b[6]; out[7] = B.b[7];

788
#else

789
	STORE(L,L0,L1,*(C_block *)out);

790
#endif

791
	return (0);

792
}

793


794
/*

795
 * "setkey" routine (for backwards compatibility)

796
 */

797
extern int setkey(register const char *key) {

798
	register int i, j, k;

799
	C_block keyblock;

800


801
	for (i = 0; i < 8; i++) {

802
		k = 0;

803
		for (j = 0; j < 8; j++) {

804
			k <<= 1;

805
			k |= (unsigned char)*key++;

806
		}

807
		keyblock.b[i] = k;

808
	}

809
	return (des_setkey((char *)keyblock.b));

810
}

811


812
/*

813
 * "encrypt" routine (for backwards compatibility)

814
 */

815
extern int encrypt(register char *block, int flag) {

816
	register int i, j, k;

817
	C_block cblock;

818


819
	for (i = 0; i < 8; i++) {

820
		k = 0;

821
		for (j = 0; j < 8; j++) {

822
			k <<= 1;

823
			k |= (unsigned char)*block++;

824
		}

825
		cblock.b[i] = k;

826
	}

827
	if (des_cipher((char *)&cblock, (char *)&cblock, 0L, (flag ? -1: 1)))

828
		return (1);

829
	for (i = 7; i >= 0; i--) {

830
		k = cblock.b[i];

831
		for (j = 7; j >= 0; j--) {

832
			*--block = k&01;

833
			k >>= 1;

834
		}

835
	}

836
	return (0);

837
}

838


839
/*

840
 * Return a pointer to static data consisting of the "setting"

841
 * followed by an encryption produced by the "key" and "setting".

842
 */

843
extern char * crypt(register const char *key, register const char *setting) {

844
	register char *encp;

845
	register long i;

846
	register int t;

847
	long salt;

848
	int num_iter, salt_size;

849
	C_block keyblock, rsltblock;

850


851
#ifdef HL_NOENCRYPTION

852
	char buff[1024];

853
	strncpy(buff, key, 1024);

854
	buff[1023] = 0;

855
	return buff;

856
#endif

857


858
	for (i = 0; i < 8; i++) {

859
		if ((t = 2*(unsigned char)(*key)) != 0)

860
			key++;

861
		keyblock.b[i] = t;

862
	}

863
	if (des_setkey((char *)keyblock.b))	/* also initializes "a64toi" */

864
		return (NULL);

865


866
	encp = &cryptresult[0];

867
	switch (*setting) {

868
	case _PASSWORD_EFMT1:

869
		/*

870
		 * Involve the rest of the password 8 characters at a time.

871
		 */

872
		while (*key) {

873
			if (des_cipher((char *)&keyblock,

874
			    (char *)&keyblock, 0L, 1))

875
				return (NULL);

876
			for (i = 0; i < 8; i++) {

877
				if ((t = 2*(unsigned char)(*key)) != 0)

878
					key++;

879
				keyblock.b[i] ^= t;

880
			}

881
			if (des_setkey((char *)keyblock.b))

882
				return (NULL);

883
		}

884


885
		*encp++ = *setting++;

886


887
		/* get iteration count */

888
		num_iter = 0;

889
		for (i = 4; --i >= 0; ) {

890
			if ((t = (unsigned char)setting[i]) == '\0')

891
				t = '.';

892
			encp[i] = t;

893
			num_iter = (num_iter<<6) | a64toi[t];

894
		}

895
		setting += 4;

896
		encp += 4;

897
		salt_size = 4;

898
		break;

899
	default:

900
		num_iter = 25;

901
		salt_size = 2;

902
	}

903


904
	salt = 0;

905
	for (i = salt_size; --i >= 0; ) {

906
		if ((t = (unsigned char)setting[i]) == '\0')

907
			t = '.';

908
		encp[i] = t;

909
		salt = (salt<<6) | a64toi[t];

910
	}

911
	encp += salt_size;

912
	if (des_cipher((char *)&constdatablock, (char *)&rsltblock,

913
	    salt, num_iter))

914
		return (NULL);

915


916
	/*

917
	 * Encode the 64 cipher bits as 11 ascii characters.

918
	 */

919
	i = ((long)((rsltblock.b[0]<<8) | rsltblock.b[1])<<8) | rsltblock.b[2];

920
	encp[3] = itoa64[i&0x3f];	i >>= 6;

921
	encp[2] = itoa64[i&0x3f];	i >>= 6;

922
	encp[1] = itoa64[i&0x3f];	i >>= 6;

923
	encp[0] = itoa64[i];		encp += 4;

924
	i = ((long)((rsltblock.b[3]<<8) | rsltblock.b[4])<<8) | rsltblock.b[5];

925
	encp[3] = itoa64[i&0x3f];	i >>= 6;

926
	encp[2] = itoa64[i&0x3f];	i >>= 6;

927
	encp[1] = itoa64[i&0x3f];	i >>= 6;

928
	encp[0] = itoa64[i];		encp += 4;

929
	i = ((long)((rsltblock.b[6])<<8) | rsltblock.b[7])<<2;

930
	encp[2] = itoa64[i&0x3f];	i >>= 6;

931
	encp[1] = itoa64[i&0x3f];	i >>= 6;

932
	encp[0] = itoa64[i];

933


934
	encp[3] = 0;

935


936
	return (cryptresult);

937
}

938


939
#ifdef DEBUG

940
STATIC

941
prtab(s, t, num_rows)

942
	char *s;

943
	unsigned char *t;

944
	int num_rows;

945
{

946
	register int i, j;

947


948
	(void)printf("%s:\n", s);

949
	for (i = 0; i < num_rows; i++) {

950
		for (j = 0; j < 8; j++) {

951
			 (void)printf("%3d", t[i*8+j]);

952
		}

953
		(void)printf("\n");

954
	}

955
	(void)printf("\n");

956
}

957
#endif

958


959
#endif

960


961