1 /*
2 * FreeSec: libcrypt for NetBSD
3 *
4 * Copyright (c) 1994 David Burren
5 * All rights reserved.
6 *
7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8 * this file should now *only* export crypt(), in order to make
9 * binaries of libcrypt exportable from the USA
10 *
11 * Adapted for FreeBSD-4.0 by Mark R V Murray
12 * this file should now *only* export crypt_des(), in order to make
13 * a module that can be optionally included in libcrypt.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. Neither the name of the author nor the names of other contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 *
39 * This is an original implementation of the DES and the crypt(3) interfaces
40 * by David Burren <davidb@werj.com.au>.
41 *
42 * An excellent reference on the underlying algorithm (and related
43 * algorithms) is:
44 *
45 * B. Schneier, Applied Cryptography: protocols, algorithms,
46 * and source code in C, John Wiley & Sons, 1994.
47 *
48 * Note that in that book's description of DES the lookups for the initial,
49 * pbox, and final permutations are inverted (this has been brought to the
50 * attention of the author). A list of errata for this book has been
51 * posted to the sci.crypt newsgroup by the author and is available for FTP.
52 *
53 * ARCHITECTURE ASSUMPTIONS:
54 * It is assumed that the 8-byte arrays passed by reference can be
55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about
56 * alignment).
57 */
58
59 #include <sys/cdefs.h>
60 #include <sys/types.h>
61 #include <sys/param.h>
62 #include <netinet/in.h>
63 #include <pwd.h>
64 #include <string.h>
65 #include <crypt.h>
66 #include "libcrypt.h"
67
68 /* Re-entrantify me -- all this junk needs to be in
69 * struct crypt_data to make this really reentrant... */
70 static u_char inv_key_perm[64];
71 static u_char inv_comp_perm[56];
72 static u_char un_pbox[32];
73 static u_int32_t en_keysl[16], en_keysr[16];
74 static u_int32_t de_keysl[16], de_keysr[16];
75 static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
76 static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
77 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
78 static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
79 static u_int32_t saltbits;
80 static u_int32_t old_salt;
81 static u_int32_t old_rawkey0, old_rawkey1;
82
83
84 /* Static stuff that stays resident and doesn't change after
85 * being initialized, and therefore doesn't need to be made
86 * reentrant. */
87 static u_char init_perm[64], final_perm[64];
88 static u_char m_sbox[4][4096];
89 static u_int32_t psbox[4][256];
90
91
92
93
94 /* A pile of data */
95 static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
96
97 static const u_char IP[64] = {
98 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
99 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
100 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
101 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
102 };
103
104 static const u_char key_perm[56] = {
105 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
106 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
107 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
108 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
109 };
110
111 static const u_char key_shifts[16] = {
112 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
113 };
114
115 static const u_char comp_perm[48] = {
116 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
117 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
118 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
119 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
120 };
121
122 /*
123 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
124 */
125
126 static const u_char sbox[8][64] = {
127 {
128 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
129 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
130 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
131 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
132 },
133 {
134 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
135 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
136 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
137 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
138 },
139 {
140 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
141 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
142 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
143 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
144 },
145 {
146 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
147 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
148 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
149 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
150 },
151 {
152 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
153 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
154 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
155 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
156 },
157 {
158 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
159 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
160 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
161 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
162 },
163 {
164 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
165 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
166 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
167 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
168 },
169 {
170 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
171 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
172 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
173 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
174 }
175 };
176
177 static const u_char pbox[32] = {
178 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
179 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
180 };
181
182 static const u_int32_t bits32[32] =
183 {
184 0x80000000, 0x40000000, 0x20000000, 0x10000000,
185 0x08000000, 0x04000000, 0x02000000, 0x01000000,
186 0x00800000, 0x00400000, 0x00200000, 0x00100000,
187 0x00080000, 0x00040000, 0x00020000, 0x00010000,
188 0x00008000, 0x00004000, 0x00002000, 0x00001000,
189 0x00000800, 0x00000400, 0x00000200, 0x00000100,
190 0x00000080, 0x00000040, 0x00000020, 0x00000010,
191 0x00000008, 0x00000004, 0x00000002, 0x00000001
192 };
193
194 static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
195
196
197 static int
ascii_to_bin(char ch)198 ascii_to_bin(char ch)
199 {
200 if (ch > 'z')
201 return(0);
202 if (ch >= 'a')
203 return(ch - 'a' + 38);
204 if (ch > 'Z')
205 return(0);
206 if (ch >= 'A')
207 return(ch - 'A' + 12);
208 if (ch > '9')
209 return(0);
210 if (ch >= '.')
211 return(ch - '.');
212 return(0);
213 }
214
215 static void
des_init(void)216 des_init(void)
217 {
218 static int des_initialised = 0;
219
220 int i, j, b, k, inbit, obit;
221 u_int32_t *p, *il, *ir, *fl, *fr;
222 const u_int32_t *bits28, *bits24;
223 u_char u_sbox[8][64];
224
225 if (des_initialised==1)
226 return;
227
228 old_rawkey0 = old_rawkey1 = 0L;
229 saltbits = 0L;
230 old_salt = 0L;
231 bits24 = (bits28 = bits32 + 4) + 4;
232
233 /*
234 * Invert the S-boxes, reordering the input bits.
235 */
236 for (i = 0; i < 8; i++)
237 for (j = 0; j < 64; j++) {
238 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
239 u_sbox[i][j] = sbox[i][b];
240 }
241
242 /*
243 * Convert the inverted S-boxes into 4 arrays of 8 bits.
244 * Each will handle 12 bits of the S-box input.
245 */
246 for (b = 0; b < 4; b++)
247 for (i = 0; i < 64; i++)
248 for (j = 0; j < 64; j++)
249 m_sbox[b][(i << 6) | j] =
250 (u_char)((u_sbox[(b << 1)][i] << 4) |
251 u_sbox[(b << 1) + 1][j]);
252
253 /*
254 * Set up the initial & final permutations into a useful form, and
255 * initialise the inverted key permutation.
256 */
257 for (i = 0; i < 64; i++) {
258 init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
259 inv_key_perm[i] = 255;
260 }
261
262 /*
263 * Invert the key permutation and initialise the inverted key
264 * compression permutation.
265 */
266 for (i = 0; i < 56; i++) {
267 inv_key_perm[key_perm[i] - 1] = (u_char)i;
268 inv_comp_perm[i] = 255;
269 }
270
271 /*
272 * Invert the key compression permutation.
273 */
274 for (i = 0; i < 48; i++) {
275 inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
276 }
277
278 /*
279 * Set up the OR-mask arrays for the initial and final permutations,
280 * and for the key initial and compression permutations.
281 */
282 for (k = 0; k < 8; k++) {
283 for (i = 0; i < 256; i++) {
284 *(il = &ip_maskl[k][i]) = 0L;
285 *(ir = &ip_maskr[k][i]) = 0L;
286 *(fl = &fp_maskl[k][i]) = 0L;
287 *(fr = &fp_maskr[k][i]) = 0L;
288 for (j = 0; j < 8; j++) {
289 inbit = 8 * k + j;
290 if (i & bits8[j]) {
291 if ((obit = init_perm[inbit]) < 32)
292 *il |= bits32[obit];
293 else
294 *ir |= bits32[obit-32];
295 if ((obit = final_perm[inbit]) < 32)
296 *fl |= bits32[obit];
297 else
298 *fr |= bits32[obit - 32];
299 }
300 }
301 }
302 for (i = 0; i < 128; i++) {
303 *(il = &key_perm_maskl[k][i]) = 0L;
304 *(ir = &key_perm_maskr[k][i]) = 0L;
305 for (j = 0; j < 7; j++) {
306 inbit = 8 * k + j;
307 if (i & bits8[j + 1]) {
308 if ((obit = inv_key_perm[inbit]) == 255)
309 continue;
310 if (obit < 28)
311 *il |= bits28[obit];
312 else
313 *ir |= bits28[obit - 28];
314 }
315 }
316 *(il = &comp_maskl[k][i]) = 0L;
317 *(ir = &comp_maskr[k][i]) = 0L;
318 for (j = 0; j < 7; j++) {
319 inbit = 7 * k + j;
320 if (i & bits8[j + 1]) {
321 if ((obit=inv_comp_perm[inbit]) == 255)
322 continue;
323 if (obit < 24)
324 *il |= bits24[obit];
325 else
326 *ir |= bits24[obit - 24];
327 }
328 }
329 }
330 }
331
332 /*
333 * Invert the P-box permutation, and convert into OR-masks for
334 * handling the output of the S-box arrays setup above.
335 */
336 for (i = 0; i < 32; i++)
337 un_pbox[pbox[i] - 1] = (u_char)i;
338
339 for (b = 0; b < 4; b++)
340 for (i = 0; i < 256; i++) {
341 *(p = &psbox[b][i]) = 0L;
342 for (j = 0; j < 8; j++) {
343 if (i & bits8[j])
344 *p |= bits32[un_pbox[8 * b + j]];
345 }
346 }
347
348 des_initialised = 1;
349 }
350
351
352 static void
setup_salt(u_int32_t salt)353 setup_salt(u_int32_t salt)
354 {
355 u_int32_t obit, saltbit;
356 int i;
357
358 if (salt == old_salt)
359 return;
360 old_salt = salt;
361
362 saltbits = 0L;
363 saltbit = 1;
364 obit = 0x800000;
365 for (i = 0; i < 24; i++) {
366 if (salt & saltbit)
367 saltbits |= obit;
368 saltbit <<= 1;
369 obit >>= 1;
370 }
371 }
372
373
374 static void
des_setkey(const char * key)375 des_setkey(const char *key)
376 {
377 u_int32_t k0, k1, rawkey0, rawkey1;
378 int shifts, round;
379
380 des_init();
381
382 rawkey0 = ntohl(*(const u_int32_t *) key);
383 rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
384
385 if ((rawkey0 | rawkey1)
386 && rawkey0 == old_rawkey0
387 && rawkey1 == old_rawkey1) {
388 /*
389 * Already setup for this key.
390 * This optimisation fails on a zero key (which is weak and
391 * has bad parity anyway) in order to simplify the starting
392 * conditions.
393 */
394 return;
395 }
396 old_rawkey0 = rawkey0;
397 old_rawkey1 = rawkey1;
398
399 /*
400 * Do key permutation and split into two 28-bit subkeys.
401 */
402 k0 = key_perm_maskl[0][rawkey0 >> 25]
403 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
404 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
405 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
406 | key_perm_maskl[4][rawkey1 >> 25]
407 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
408 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
409 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
410 k1 = key_perm_maskr[0][rawkey0 >> 25]
411 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
412 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
413 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
414 | key_perm_maskr[4][rawkey1 >> 25]
415 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
416 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
417 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
418 /*
419 * Rotate subkeys and do compression permutation.
420 */
421 shifts = 0;
422 for (round = 0; round < 16; round++) {
423 u_int32_t t0, t1;
424
425 shifts += key_shifts[round];
426
427 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
428 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
429
430 de_keysl[15 - round] =
431 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
432 | comp_maskl[1][(t0 >> 14) & 0x7f]
433 | comp_maskl[2][(t0 >> 7) & 0x7f]
434 | comp_maskl[3][t0 & 0x7f]
435 | comp_maskl[4][(t1 >> 21) & 0x7f]
436 | comp_maskl[5][(t1 >> 14) & 0x7f]
437 | comp_maskl[6][(t1 >> 7) & 0x7f]
438 | comp_maskl[7][t1 & 0x7f];
439
440 de_keysr[15 - round] =
441 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
442 | comp_maskr[1][(t0 >> 14) & 0x7f]
443 | comp_maskr[2][(t0 >> 7) & 0x7f]
444 | comp_maskr[3][t0 & 0x7f]
445 | comp_maskr[4][(t1 >> 21) & 0x7f]
446 | comp_maskr[5][(t1 >> 14) & 0x7f]
447 | comp_maskr[6][(t1 >> 7) & 0x7f]
448 | comp_maskr[7][t1 & 0x7f];
449 }
450 }
451
452
453 static int
do_des(u_int32_t l_in,u_int32_t r_in,u_int32_t * l_out,u_int32_t * r_out,int count)454 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
455 {
456 /* l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. */
457 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
458 u_int32_t f, r48l, r48r;
459 int round;
460
461 if (count == 0) {
462 return 1;
463 }
464 if (count > 0) {
465 /* Encrypting */
466 kl1 = en_keysl;
467 kr1 = en_keysr;
468 } else {
469 /* Decrypting */
470 count = -count;
471 kl1 = de_keysl;
472 kr1 = de_keysr;
473 }
474
475 /* Do initial permutation (IP). */
476 l = ip_maskl[0][l_in >> 24]
477 | ip_maskl[1][(l_in >> 16) & 0xff]
478 | ip_maskl[2][(l_in >> 8) & 0xff]
479 | ip_maskl[3][l_in & 0xff]
480 | ip_maskl[4][r_in >> 24]
481 | ip_maskl[5][(r_in >> 16) & 0xff]
482 | ip_maskl[6][(r_in >> 8) & 0xff]
483 | ip_maskl[7][r_in & 0xff];
484 r = ip_maskr[0][l_in >> 24]
485 | ip_maskr[1][(l_in >> 16) & 0xff]
486 | ip_maskr[2][(l_in >> 8) & 0xff]
487 | ip_maskr[3][l_in & 0xff]
488 | ip_maskr[4][r_in >> 24]
489 | ip_maskr[5][(r_in >> 16) & 0xff]
490 | ip_maskr[6][(r_in >> 8) & 0xff]
491 | ip_maskr[7][r_in & 0xff];
492
493 while (count--) {
494 /* Do each round. */
495 kl = kl1;
496 kr = kr1;
497 round = 16;
498 do {
499 /* Expand R to 48 bits (simulate the E-box). */
500 r48l = ((r & 0x00000001) << 23)
501 | ((r & 0xf8000000) >> 9)
502 | ((r & 0x1f800000) >> 11)
503 | ((r & 0x01f80000) >> 13)
504 | ((r & 0x001f8000) >> 15);
505 r48r = ((r & 0x0001f800) << 7)
506 | ((r & 0x00001f80) << 5)
507 | ((r & 0x000001f8) << 3)
508 | ((r & 0x0000001f) << 1)
509 | ((r & 0x80000000) >> 31);
510 /*
511 * Do salting for crypt() and friends, and
512 * XOR with the permuted key.
513 */
514 f = (r48l ^ r48r) & saltbits;
515 r48l ^= f ^ *kl++;
516 r48r ^= f ^ *kr++;
517 /*
518 * Do sbox lookups (which shrink it back to 32 bits)
519 * and do the pbox permutation at the same time.
520 */
521 f = psbox[0][m_sbox[0][r48l >> 12]]
522 | psbox[1][m_sbox[1][r48l & 0xfff]]
523 | psbox[2][m_sbox[2][r48r >> 12]]
524 | psbox[3][m_sbox[3][r48r & 0xfff]];
525 /* Now that we've permuted things, complete f(). */
526 f ^= l;
527 l = r;
528 r = f;
529 } while (--round);
530 r = l;
531 l = f;
532 }
533 /* Do final permutation (inverse of IP). */
534 *l_out = fp_maskl[0][l >> 24]
535 | fp_maskl[1][(l >> 16) & 0xff]
536 | fp_maskl[2][(l >> 8) & 0xff]
537 | fp_maskl[3][l & 0xff]
538 | fp_maskl[4][r >> 24]
539 | fp_maskl[5][(r >> 16) & 0xff]
540 | fp_maskl[6][(r >> 8) & 0xff]
541 | fp_maskl[7][r & 0xff];
542 *r_out = fp_maskr[0][l >> 24]
543 | fp_maskr[1][(l >> 16) & 0xff]
544 | fp_maskr[2][(l >> 8) & 0xff]
545 | fp_maskr[3][l & 0xff]
546 | fp_maskr[4][r >> 24]
547 | fp_maskr[5][(r >> 16) & 0xff]
548 | fp_maskr[6][(r >> 8) & 0xff]
549 | fp_maskr[7][r & 0xff];
550 return(0);
551 }
552
553
554 #if 0
555 static int
556 des_cipher(const char *in, char *out, u_int32_t salt, int count)
557 {
558 u_int32_t l_out, r_out, rawl, rawr;
559 int retval;
560 union {
561 u_int32_t *ui32;
562 const char *c;
563 } trans;
564
565 des_init();
566
567 setup_salt(salt);
568
569 trans.c = in;
570 rawl = ntohl(*trans.ui32++);
571 rawr = ntohl(*trans.ui32);
572
573 retval = do_des(rawl, rawr, &l_out, &r_out, count);
574
575 trans.c = out;
576 *trans.ui32++ = htonl(l_out);
577 *trans.ui32 = htonl(r_out);
578 return(retval);
579 }
580 #endif
581
582
583 void
setkey(const char * key)584 setkey(const char *key)
585 {
586 int i, j;
587 u_int32_t packed_keys[2];
588 u_char *p;
589
590 p = (u_char *) packed_keys;
591
592 for (i = 0; i < 8; i++) {
593 p[i] = 0;
594 for (j = 0; j < 8; j++)
595 if (*key++ & 1)
596 p[i] |= bits8[j];
597 }
598 des_setkey((char *)p);
599 }
600
601
602 void
encrypt(char * block,int flag)603 encrypt(char *block, int flag)
604 {
605 u_int32_t io[2];
606 u_char *p;
607 int i, j;
608
609 des_init();
610
611 setup_salt(0L);
612 p = (u_char*)block;
613 for (i = 0; i < 2; i++) {
614 io[i] = 0L;
615 for (j = 0; j < 32; j++)
616 if (*p++ & 1)
617 io[i] |= bits32[j];
618 }
619 do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
620 for (i = 0; i < 2; i++)
621 for (j = 0; j < 32; j++)
622 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
623 }
624
__des_crypt(const unsigned char * key,const unsigned char * setting)625 char *__des_crypt(const unsigned char *key, const unsigned char *setting)
626 {
627 u_int32_t count, salt, l, r0, r1, keybuf[2];
628 u_char *p, *q;
629 static char output[21];
630
631 des_init();
632
633 /*
634 * Copy the key, shifting each character up by one bit
635 * and padding with zeros.
636 */
637 q = (u_char *)keybuf;
638 while (q - (u_char *)keybuf - 8) {
639 *q++ = *key << 1;
640 if (*(q - 1))
641 key++;
642 }
643 des_setkey((char *)keybuf);
644
645 #if 0
646 if (*setting == _PASSWORD_EFMT1) {
647 int i;
648 /*
649 * "new"-style:
650 * setting - underscore, 4 bytes of count, 4 bytes of salt
651 * key - unlimited characters
652 */
653 for (i = 1, count = 0L; i < 5; i++)
654 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
655
656 for (i = 5, salt = 0L; i < 9; i++)
657 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
658
659 while (*key) {
660 /*
661 * Encrypt the key with itself.
662 */
663 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
664 return(NULL);
665 /*
666 * And XOR with the next 8 characters of the key.
667 */
668 q = (u_char *)keybuf;
669 while (q - (u_char *)keybuf - 8 && *key)
670 *q++ ^= *key++ << 1;
671
672 des_setkey((char *)keybuf);
673 }
674 strncpy(output, setting, 9);
675
676 /*
677 * Double check that we weren't given a short setting.
678 * If we were, the above code will probably have created
679 * wierd values for count and salt, but we don't really care.
680 * Just make sure the output string doesn't have an extra
681 * NUL in it.
682 */
683 output[9] = '\0';
684 p = (u_char *)output + strlen(output);
685 } else
686 #endif
687 {
688 /*
689 * "old"-style:
690 * setting - 2 bytes of salt
691 * key - up to 8 characters
692 */
693 count = 25;
694
695 salt = (ascii_to_bin(setting[1]) << 6)
696 | ascii_to_bin(setting[0]);
697
698 output[0] = setting[0];
699 /*
700 * If the encrypted password that the salt was extracted from
701 * is only 1 character long, the salt will be corrupted. We
702 * need to ensure that the output string doesn't have an extra
703 * NUL in it!
704 */
705 output[1] = setting[1] ? setting[1] : output[0];
706
707 p = (u_char *)output + 2;
708 }
709 setup_salt(salt);
710 /*
711 * Do it.
712 */
713 if (do_des(0L, 0L, &r0, &r1, (int)count))
714 return(NULL);
715 /*
716 * Now encode the result...
717 */
718 l = (r0 >> 8);
719 *p++ = ascii64[(l >> 18) & 0x3f];
720 *p++ = ascii64[(l >> 12) & 0x3f];
721 *p++ = ascii64[(l >> 6) & 0x3f];
722 *p++ = ascii64[l & 0x3f];
723
724 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
725 *p++ = ascii64[(l >> 18) & 0x3f];
726 *p++ = ascii64[(l >> 12) & 0x3f];
727 *p++ = ascii64[(l >> 6) & 0x3f];
728 *p++ = ascii64[l & 0x3f];
729
730 l = r1 << 2;
731 *p++ = ascii64[(l >> 12) & 0x3f];
732 *p++ = ascii64[(l >> 6) & 0x3f];
733 *p++ = ascii64[l & 0x3f];
734 *p = 0;
735
736 return(output);
737 }
738
739