CoCalc -- crypt-des.c

GitHub Repository: freebsd/freebsd-src
Path: blob/main/secure/lib/libcrypt/crypt-des.c
³⁹⁵⁰⁷ views
1
/*
2
 * FreeSec: libcrypt for NetBSD
3
 *
4
 * Copyright (c) 1994 David Burren
5
 * All rights reserved.
6
 *
7
 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8
 *	this file should now *only* export crypt(), in order to make
9
 *	binaries of libcrypt exportable from the USA
10
 *
11
 * Adapted for FreeBSD-4.0 by Mark R V Murray
12
 *	this file should now *only* export crypt_des(), in order to make
13
 *	a module that can be optionally included in libcrypt.
14
 *
15
 * Redistribution and use in source and binary forms, with or without
16
 * modification, are permitted provided that the following conditions
17
 * are met:
18
 * 1. Redistributions of source code must retain the above copyright
19
 *    notice, this list of conditions and the following disclaimer.
20
 * 2. Redistributions in binary form must reproduce the above copyright
21
 *    notice, this list of conditions and the following disclaimer in the
22
 *    documentation and/or other materials provided with the distribution.
23
 * 3. Neither the name of the author nor the names of other contributors
24
 *    may be used to endorse or promote products derived from this software
25
 *    without specific prior written permission.
26
 *
27
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37
 * SUCH DAMAGE.
38
 *
39
 * This is an original implementation of the DES and the crypt(3) interfaces
40
 * by David Burren <[email protected]>.
41
 *
42
 * An excellent reference on the underlying algorithm (and related
43
 * algorithms) is:
44
 *
45
 *	B. Schneier, Applied Cryptography: protocols, algorithms,
46
 *	and source code in C, John Wiley & Sons, 1994.
47
 *
48
 * Note that in that book's description of DES the lookups for the initial,
49
 * pbox, and final permutations are inverted (this has been brought to the
50
 * attention of the author).  A list of errata for this book has been
51
 * posted to the sci.crypt newsgroup by the author and is available for FTP.
52
 *
53
 * ARCHITECTURE ASSUMPTIONS:
54
 *	It is assumed that the 8-byte arrays passed by reference can be
55
 *	addressed as arrays of u_int32_t's (ie. the CPU is not picky about
56
 *	alignment).
57
 */
58

59
#include <sys/types.h>
60
#include <sys/param.h>
61
#include <arpa/inet.h>
62
#include <pwd.h>
63
#include <string.h>
64
#include "crypt.h"
65

66
/* We can't always assume gcc */
67
#if	defined(__GNUC__) && !defined(lint)
68
#define INLINE inline
69
#else
70
#define INLINE
71
#endif
72

73

74
static const u_char	IP[64] = {
75
	58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
76
	62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
77
	57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
78
	61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
79
};
80

81
static __thread u_char	inv_key_perm[64];
82
static const u_char	key_perm[56] = {
83
	57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
84
	10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
85
	63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
86
	14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
87
};
88

89
static const u_char	key_shifts[16] = {
90
	1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
91
};
92

93
static __thread u_char	inv_comp_perm[56];
94
static const u_char	comp_perm[48] = {
95
	14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
96
	23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
97
	41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
98
	44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
99
};
100

101
/*
102
 *	No E box is used, as it's replaced by some ANDs, shifts, and ORs.
103
 */
104

105
static __thread u_char	u_sbox[8][64];
106
static const u_char	sbox[8][64] = {
107
	{
108
		14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
109
		 0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
110
		 4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
111
		15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
112
	},
113
	{
114
		15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
115
		 3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
116
		 0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
117
		13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
118
	},
119
	{
120
		10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
121
		13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
122
		13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
123
		 1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
124
	},
125
	{
126
		 7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
127
		13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
128
		10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
129
		 3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
130
	},
131
	{
132
		 2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
133
		14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
134
		 4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
135
		11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
136
	},
137
	{
138
		12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
139
		10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
140
		 9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
141
		 4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
142
	},
143
	{
144
		 4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
145
		13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
146
		 1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
147
		 6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
148
	},
149
	{
150
		13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
151
		 1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
152
		 7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
153
		 2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
154
	}
155
};
156

157
static __thread u_char	un_pbox[32];
158
static const u_char	pbox[32] = {
159
	16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
160
	 2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
161
};
162

163
static const u_int32_t	bits32[32] =
164
{
165
	0x80000000, 0x40000000, 0x20000000, 0x10000000,
166
	0x08000000, 0x04000000, 0x02000000, 0x01000000,
167
	0x00800000, 0x00400000, 0x00200000, 0x00100000,
168
	0x00080000, 0x00040000, 0x00020000, 0x00010000,
169
	0x00008000, 0x00004000, 0x00002000, 0x00001000,
170
	0x00000800, 0x00000400, 0x00000200, 0x00000100,
171
	0x00000080, 0x00000040, 0x00000020, 0x00000010,
172
	0x00000008, 0x00000004, 0x00000002, 0x00000001
173
};
174

175
static const u_char	bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
176

177
static __thread u_int32_t	saltbits;
178
static __thread u_int32_t	old_salt;
179
static __thread const u_int32_t	*bits28, *bits24;
180
static __thread u_char		init_perm[64], final_perm[64];
181
static __thread u_int32_t	en_keysl[16], en_keysr[16];
182
static __thread u_int32_t	de_keysl[16], de_keysr[16];
183
static __thread int		des_initialised = 0;
184
static __thread u_char		m_sbox[4][4096];
185
static __thread u_int32_t	psbox[4][256];
186
static __thread u_int32_t	ip_maskl[8][256], ip_maskr[8][256];
187
static __thread u_int32_t	fp_maskl[8][256], fp_maskr[8][256];
188
static __thread u_int32_t	key_perm_maskl[8][128], key_perm_maskr[8][128];
189
static __thread u_int32_t	comp_maskl[8][128], comp_maskr[8][128];
190
static __thread u_int32_t	old_rawkey0, old_rawkey1;
191

192
static const u_char	ascii64[] =
193
	 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
194
/*	  0000000000111111111122222222223333333333444444444455555555556666 */
195
/*	  0123456789012345678901234567890123456789012345678901234567890123 */
196

197
static INLINE int
198
ascii_to_bin(char ch)
199
{
200
	if (ch > 'z')
201
		return(0);
202
	if (ch >= 'a')
203
		return(ch - 'a' + 38);
204
	if (ch > 'Z')
205
		return(0);
206
	if (ch >= 'A')
207
		return(ch - 'A' + 12);
208
	if (ch > '9')
209
		return(0);
210
	if (ch >= '.')
211
		return(ch - '.');
212
	return(0);
213
}
214

215
static void
216
des_init(void)
217
{
218
	int	i, j, b, k, inbit, obit;
219
	u_int32_t	*p, *il, *ir, *fl, *fr;
220

221
	old_rawkey0 = old_rawkey1 = 0L;
222
	saltbits = 0L;
223
	old_salt = 0L;
224
	bits24 = (bits28 = bits32 + 4) + 4;
225

226
	/*
227
	 * Invert the S-boxes, reordering the input bits.
228
	 */
229
	for (i = 0; i < 8; i++)
230
		for (j = 0; j < 64; j++) {
231
			b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
232
			u_sbox[i][j] = sbox[i][b];
233
		}
234

235
	/*
236
	 * Convert the inverted S-boxes into 4 arrays of 8 bits.
237
	 * Each will handle 12 bits of the S-box input.
238
	 */
239
	for (b = 0; b < 4; b++)
240
		for (i = 0; i < 64; i++)
241
			for (j = 0; j < 64; j++)
242
				m_sbox[b][(i << 6) | j] =
243
					(u_char)((u_sbox[(b << 1)][i] << 4) |
244
					u_sbox[(b << 1) + 1][j]);
245

246
	/*
247
	 * Set up the initial & final permutations into a useful form, and
248
	 * initialise the inverted key permutation.
249
	 */
250
	for (i = 0; i < 64; i++) {
251
		init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
252
		inv_key_perm[i] = 255;
253
	}
254

255
	/*
256
	 * Invert the key permutation and initialise the inverted key
257
	 * compression permutation.
258
	 */
259
	for (i = 0; i < 56; i++) {
260
		inv_key_perm[key_perm[i] - 1] = (u_char)i;
261
		inv_comp_perm[i] = 255;
262
	}
263

264
	/*
265
	 * Invert the key compression permutation.
266
	 */
267
	for (i = 0; i < 48; i++) {
268
		inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
269
	}
270

271
	/*
272
	 * Set up the OR-mask arrays for the initial and final permutations,
273
	 * and for the key initial and compression permutations.
274
	 */
275
	for (k = 0; k < 8; k++) {
276
		for (i = 0; i < 256; i++) {
277
			*(il = &ip_maskl[k][i]) = 0L;
278
			*(ir = &ip_maskr[k][i]) = 0L;
279
			*(fl = &fp_maskl[k][i]) = 0L;
280
			*(fr = &fp_maskr[k][i]) = 0L;
281
			for (j = 0; j < 8; j++) {
282
				inbit = 8 * k + j;
283
				if (i & bits8[j]) {
284
					if ((obit = init_perm[inbit]) < 32)
285
						*il |= bits32[obit];
286
					else
287
						*ir |= bits32[obit-32];
288
					if ((obit = final_perm[inbit]) < 32)
289
						*fl |= bits32[obit];
290
					else
291
						*fr |= bits32[obit - 32];
292
				}
293
			}
294
		}
295
		for (i = 0; i < 128; i++) {
296
			*(il = &key_perm_maskl[k][i]) = 0L;
297
			*(ir = &key_perm_maskr[k][i]) = 0L;
298
			for (j = 0; j < 7; j++) {
299
				inbit = 8 * k + j;
300
				if (i & bits8[j + 1]) {
301
					if ((obit = inv_key_perm[inbit]) == 255)
302
						continue;
303
					if (obit < 28)
304
						*il |= bits28[obit];
305
					else
306
						*ir |= bits28[obit - 28];
307
				}
308
			}
309
			*(il = &comp_maskl[k][i]) = 0L;
310
			*(ir = &comp_maskr[k][i]) = 0L;
311
			for (j = 0; j < 7; j++) {
312
				inbit = 7 * k + j;
313
				if (i & bits8[j + 1]) {
314
					if ((obit=inv_comp_perm[inbit]) == 255)
315
						continue;
316
					if (obit < 24)
317
						*il |= bits24[obit];
318
					else
319
						*ir |= bits24[obit - 24];
320
				}
321
			}
322
		}
323
	}
324

325
	/*
326
	 * Invert the P-box permutation, and convert into OR-masks for
327
	 * handling the output of the S-box arrays setup above.
328
	 */
329
	for (i = 0; i < 32; i++)
330
		un_pbox[pbox[i] - 1] = (u_char)i;
331

332
	for (b = 0; b < 4; b++)
333
		for (i = 0; i < 256; i++) {
334
			*(p = &psbox[b][i]) = 0L;
335
			for (j = 0; j < 8; j++) {
336
				if (i & bits8[j])
337
					*p |= bits32[un_pbox[8 * b + j]];
338
			}
339
		}
340

341
	des_initialised = 1;
342
}
343

344
static void
345
setup_salt(u_int32_t salt)
346
{
347
	u_int32_t	obit, saltbit;
348
	int		i;
349

350
	if (salt == old_salt)
351
		return;
352
	old_salt = salt;
353

354
	saltbits = 0L;
355
	saltbit = 1;
356
	obit = 0x800000;
357
	for (i = 0; i < 24; i++) {
358
		if (salt & saltbit)
359
			saltbits |= obit;
360
		saltbit <<= 1;
361
		obit >>= 1;
362
	}
363
}
364

365
static int
366
des_setkey(const char *key)
367
{
368
	u_int32_t	k0, k1, rawkey0, rawkey1;
369
	int		shifts, round;
370

371
	if (!des_initialised)
372
		des_init();
373

374
	rawkey0 = ntohl(*(const u_int32_t *) key);
375
	rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
376

377
	if ((rawkey0 | rawkey1)
378
	    && rawkey0 == old_rawkey0
379
	    && rawkey1 == old_rawkey1) {
380
		/*
381
		 * Already setup for this key.
382
		 * This optimisation fails on a zero key (which is weak and
383
		 * has bad parity anyway) in order to simplify the starting
384
		 * conditions.
385
		 */
386
		return(0);
387
	}
388
	old_rawkey0 = rawkey0;
389
	old_rawkey1 = rawkey1;
390

391
	/*
392
	 *	Do key permutation and split into two 28-bit subkeys.
393
	 */
394
	k0 = key_perm_maskl[0][rawkey0 >> 25]
395
	   | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
396
	   | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
397
	   | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
398
	   | key_perm_maskl[4][rawkey1 >> 25]
399
	   | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
400
	   | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
401
	   | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
402
	k1 = key_perm_maskr[0][rawkey0 >> 25]
403
	   | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
404
	   | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
405
	   | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
406
	   | key_perm_maskr[4][rawkey1 >> 25]
407
	   | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
408
	   | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
409
	   | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
410
	/*
411
	 *	Rotate subkeys and do compression permutation.
412
	 */
413
	shifts = 0;
414
	for (round = 0; round < 16; round++) {
415
		u_int32_t	t0, t1;
416

417
		shifts += key_shifts[round];
418

419
		t0 = (k0 << shifts) | (k0 >> (28 - shifts));
420
		t1 = (k1 << shifts) | (k1 >> (28 - shifts));
421

422
		de_keysl[15 - round] =
423
		en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
424
				| comp_maskl[1][(t0 >> 14) & 0x7f]
425
				| comp_maskl[2][(t0 >> 7) & 0x7f]
426
				| comp_maskl[3][t0 & 0x7f]
427
				| comp_maskl[4][(t1 >> 21) & 0x7f]
428
				| comp_maskl[5][(t1 >> 14) & 0x7f]
429
				| comp_maskl[6][(t1 >> 7) & 0x7f]
430
				| comp_maskl[7][t1 & 0x7f];
431

432
		de_keysr[15 - round] =
433
		en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
434
				| comp_maskr[1][(t0 >> 14) & 0x7f]
435
				| comp_maskr[2][(t0 >> 7) & 0x7f]
436
				| comp_maskr[3][t0 & 0x7f]
437
				| comp_maskr[4][(t1 >> 21) & 0x7f]
438
				| comp_maskr[5][(t1 >> 14) & 0x7f]
439
				| comp_maskr[6][(t1 >> 7) & 0x7f]
440
				| comp_maskr[7][t1 & 0x7f];
441
	}
442
	return(0);
443
}
444

445
static int
446
do_des(	u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
447
{
448
	/*
449
	 *	l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
450
	 */
451
	u_int32_t	l, r, *kl, *kr, *kl1, *kr1;
452
	u_int32_t	f, r48l, r48r;
453
	int		round;
454

455
	if (count == 0) {
456
		return(1);
457
	} else if (count > 0) {
458
		/*
459
		 * Encrypting
460
		 */
461
		kl1 = en_keysl;
462
		kr1 = en_keysr;
463
	} else {
464
		/*
465
		 * Decrypting
466
		 */
467
		count = -count;
468
		kl1 = de_keysl;
469
		kr1 = de_keysr;
470
	}
471

472
	/*
473
	 *	Do initial permutation (IP).
474
	 */
475
	l = ip_maskl[0][l_in >> 24]
476
	  | ip_maskl[1][(l_in >> 16) & 0xff]
477
	  | ip_maskl[2][(l_in >> 8) & 0xff]
478
	  | ip_maskl[3][l_in & 0xff]
479
	  | ip_maskl[4][r_in >> 24]
480
	  | ip_maskl[5][(r_in >> 16) & 0xff]
481
	  | ip_maskl[6][(r_in >> 8) & 0xff]
482
	  | ip_maskl[7][r_in & 0xff];
483
	r = ip_maskr[0][l_in >> 24]
484
	  | ip_maskr[1][(l_in >> 16) & 0xff]
485
	  | ip_maskr[2][(l_in >> 8) & 0xff]
486
	  | ip_maskr[3][l_in & 0xff]
487
	  | ip_maskr[4][r_in >> 24]
488
	  | ip_maskr[5][(r_in >> 16) & 0xff]
489
	  | ip_maskr[6][(r_in >> 8) & 0xff]
490
	  | ip_maskr[7][r_in & 0xff];
491

492
	while (count--) {
493
		/*
494
		 * Do each round.
495
		 */
496
		kl = kl1;
497
		kr = kr1;
498
		round = 16;
499
		while (round--) {
500
			/*
501
			 * Expand R to 48 bits (simulate the E-box).
502
			 */
503
			r48l	= ((r & 0x00000001) << 23)
504
				| ((r & 0xf8000000) >> 9)
505
				| ((r & 0x1f800000) >> 11)
506
				| ((r & 0x01f80000) >> 13)
507
				| ((r & 0x001f8000) >> 15);
508

509
			r48r	= ((r & 0x0001f800) << 7)
510
				| ((r & 0x00001f80) << 5)
511
				| ((r & 0x000001f8) << 3)
512
				| ((r & 0x0000001f) << 1)
513
				| ((r & 0x80000000) >> 31);
514
			/*
515
			 * Do salting for crypt() and friends, and
516
			 * XOR with the permuted key.
517
			 */
518
			f = (r48l ^ r48r) & saltbits;
519
			r48l ^= f ^ *kl++;
520
			r48r ^= f ^ *kr++;
521
			/*
522
			 * Do sbox lookups (which shrink it back to 32 bits)
523
			 * and do the pbox permutation at the same time.
524
			 */
525
			f = psbox[0][m_sbox[0][r48l >> 12]]
526
			  | psbox[1][m_sbox[1][r48l & 0xfff]]
527
			  | psbox[2][m_sbox[2][r48r >> 12]]
528
			  | psbox[3][m_sbox[3][r48r & 0xfff]];
529
			/*
530
			 * Now that we've permuted things, complete f().
531
			 */
532
			f ^= l;
533
			l = r;
534
			r = f;
535
		}
536
		r = l;
537
		l = f;
538
	}
539
	/*
540
	 * Do final permutation (inverse of IP).
541
	 */
542
	*l_out	= fp_maskl[0][l >> 24]
543
		| fp_maskl[1][(l >> 16) & 0xff]
544
		| fp_maskl[2][(l >> 8) & 0xff]
545
		| fp_maskl[3][l & 0xff]
546
		| fp_maskl[4][r >> 24]
547
		| fp_maskl[5][(r >> 16) & 0xff]
548
		| fp_maskl[6][(r >> 8) & 0xff]
549
		| fp_maskl[7][r & 0xff];
550
	*r_out	= fp_maskr[0][l >> 24]
551
		| fp_maskr[1][(l >> 16) & 0xff]
552
		| fp_maskr[2][(l >> 8) & 0xff]
553
		| fp_maskr[3][l & 0xff]
554
		| fp_maskr[4][r >> 24]
555
		| fp_maskr[5][(r >> 16) & 0xff]
556
		| fp_maskr[6][(r >> 8) & 0xff]
557
		| fp_maskr[7][r & 0xff];
558
	return(0);
559
}
560

561
static int
562
des_cipher(const char *in, char *out, u_long salt, int count)
563
{
564
	u_int32_t	l_out, r_out, rawl, rawr;
565
	int		retval;
566
	union {
567
		u_int32_t	*ui32;
568
		const char	*c;
569
	} trans;
570

571
	if (!des_initialised)
572
		des_init();
573

574
	setup_salt(salt);
575

576
	trans.c = in;
577
	rawl = ntohl(*trans.ui32++);
578
	rawr = ntohl(*trans.ui32);
579

580
	retval = do_des(rawl, rawr, &l_out, &r_out, count);
581

582
	trans.c = out;
583
	*trans.ui32++ = htonl(l_out);
584
	*trans.ui32 = htonl(r_out);
585
	return(retval);
586
}
587

588
int
589
crypt_des(const char *key, const char *setting, char *buffer)
590
{
591
	int		i;
592
	u_int32_t	count, salt, l, r0, r1, keybuf[2];
593
	u_char		*q;
594

595
	if (!des_initialised)
596
		des_init();
597

598
	/*
599
	 * Copy the key, shifting each character up by one bit
600
	 * and padding with zeros.
601
	 */
602
	q = (u_char *)keybuf;
603
	while (q - (u_char *)keybuf - 8) {
604
		*q++ = *key << 1;
605
		if (*key != '\0')
606
			key++;
607
	}
608
	if (des_setkey((char *)keybuf))
609
		return (-1);
610

611
	if (*setting == _PASSWORD_EFMT1) {
612
		/*
613
		 * "new"-style:
614
		 *	setting - underscore, 4 bytes of count, 4 bytes of salt
615
		 *	key - unlimited characters
616
		 */
617
		for (i = 1, count = 0L; i < 5; i++)
618
			count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
619

620
		for (i = 5, salt = 0L; i < 9; i++)
621
			salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
622

623
		while (*key) {
624
			/*
625
			 * Encrypt the key with itself.
626
			 */
627
			if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
628
				return (-1);
629
			/*
630
			 * And XOR with the next 8 characters of the key.
631
			 */
632
			q = (u_char *)keybuf;
633
			while (q - (u_char *)keybuf - 8 && *key)
634
				*q++ ^= *key++ << 1;
635

636
			if (des_setkey((char *)keybuf))
637
				return (-1);
638
		}
639
		buffer = stpncpy(buffer, setting, 9);
640
	} else {
641
		/*
642
		 * "old"-style:
643
		 *	setting - 2 bytes of salt
644
		 *	key - up to 8 characters
645
		 */
646
		count = 25;
647

648
		salt = (ascii_to_bin(setting[1]) << 6)
649
		     |  ascii_to_bin(setting[0]);
650

651
		*buffer++ = setting[0];
652
		/*
653
		 * If the encrypted password that the salt was extracted from
654
		 * is only 1 character long, the salt will be corrupted.  We
655
		 * need to ensure that the output string doesn't have an extra
656
		 * NUL in it!
657
		 */
658
		*buffer++ = setting[1] ? setting[1] : setting[0];
659
	}
660
	setup_salt(salt);
661
	/*
662
	 * Do it.
663
	 */
664
	if (do_des(0L, 0L, &r0, &r1, (int)count))
665
		return (-1);
666
	/*
667
	 * Now encode the result...
668
	 */
669
	l = (r0 >> 8);
670
	*buffer++ = ascii64[(l >> 18) & 0x3f];
671
	*buffer++ = ascii64[(l >> 12) & 0x3f];
672
	*buffer++ = ascii64[(l >> 6) & 0x3f];
673
	*buffer++ = ascii64[l & 0x3f];
674

675
	l = (r0 << 16) | ((r1 >> 16) & 0xffff);
676
	*buffer++ = ascii64[(l >> 18) & 0x3f];
677
	*buffer++ = ascii64[(l >> 12) & 0x3f];
678
	*buffer++ = ascii64[(l >> 6) & 0x3f];
679
	*buffer++ = ascii64[l & 0x3f];
680

681
	l = r1 << 2;
682
	*buffer++ = ascii64[(l >> 12) & 0x3f];
683
	*buffer++ = ascii64[(l >> 6) & 0x3f];
684
	*buffer++ = ascii64[l & 0x3f];
685
	*buffer = '\0';
686

687
	return (0);
688
}
689

690
Product

Resources

Company
