1 /* 2 * FreeSec: libcrypt for NetBSD 3 * 4 * Copyright (c) 1994 David Burren 5 * All rights reserved. 6 * 7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet 8 * this file should now *only* export crypt(), in order to make 9 * binaries of libcrypt exportable from the USA 10 * 11 * Adapted for FreeBSD-4.0 by Mark R V Murray 12 * this file should now *only* export crypt_des(), in order to make 13 * a module that can be optionally included in libcrypt. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 3. Neither the name of the author nor the names of other contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * This is an original implementation of the DES and the crypt(3) interfaces 40 * by David Burren <davidb@werj.com.au>. 41 * 42 * An excellent reference on the underlying algorithm (and related 43 * algorithms) is: 44 * 45 * B. Schneier, Applied Cryptography: protocols, algorithms, 46 * and source code in C, John Wiley & Sons, 1994. 47 * 48 * Note that in that book's description of DES the lookups for the initial, 49 * pbox, and final permutations are inverted (this has been brought to the 50 * attention of the author). A list of errata for this book has been 51 * posted to the sci.crypt newsgroup by the author and is available for FTP. 52 * 53 * ARCHITECTURE ASSUMPTIONS: 54 * It is assumed that the 8-byte arrays passed by reference can be 55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about 56 * alignment). 57 */ 58 59 #include <sys/types.h> 60 #include <sys/param.h> 61 #include <arpa/inet.h> 62 #include <pwd.h> 63 #include <string.h> 64 #include "crypt.h" 65 66 /* We can't always assume gcc */ 67 #if defined(__GNUC__) && !defined(lint) 68 #define INLINE inline 69 #else 70 #define INLINE 71 #endif 72 73 74 static const u_char IP[64] = { 75 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 76 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 77 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 78 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 79 }; 80 81 static __thread u_char inv_key_perm[64]; 82 static const u_char key_perm[56] = { 83 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 84 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 85 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 86 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 87 }; 88 89 static const u_char key_shifts[16] = { 90 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 91 }; 92 93 static __thread u_char inv_comp_perm[56]; 94 static const u_char comp_perm[48] = { 95 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 96 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 97 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 98 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 99 }; 100 101 /* 102 * No E box is used, as it's replaced by some ANDs, shifts, and ORs. 103 */ 104 105 static __thread u_char u_sbox[8][64]; 106 static const u_char sbox[8][64] = { 107 { 108 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 109 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 110 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 111 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 112 }, 113 { 114 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 115 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 116 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 117 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 118 }, 119 { 120 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 121 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 122 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 123 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 124 }, 125 { 126 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 127 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 128 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 129 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 130 }, 131 { 132 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 133 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 134 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 135 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 136 }, 137 { 138 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 139 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 140 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 141 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 142 }, 143 { 144 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 145 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 146 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 147 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 148 }, 149 { 150 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 151 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 152 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 153 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 154 } 155 }; 156 157 static __thread u_char un_pbox[32]; 158 static const u_char pbox[32] = { 159 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 160 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 161 }; 162 163 static const u_int32_t bits32[32] = 164 { 165 0x80000000, 0x40000000, 0x20000000, 0x10000000, 166 0x08000000, 0x04000000, 0x02000000, 0x01000000, 167 0x00800000, 0x00400000, 0x00200000, 0x00100000, 168 0x00080000, 0x00040000, 0x00020000, 0x00010000, 169 0x00008000, 0x00004000, 0x00002000, 0x00001000, 170 0x00000800, 0x00000400, 0x00000200, 0x00000100, 171 0x00000080, 0x00000040, 0x00000020, 0x00000010, 172 0x00000008, 0x00000004, 0x00000002, 0x00000001 173 }; 174 175 static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; 176 177 static __thread u_int32_t saltbits; 178 static __thread u_int32_t old_salt; 179 static __thread const u_int32_t *bits28, *bits24; 180 static __thread u_char init_perm[64], final_perm[64]; 181 static __thread u_int32_t en_keysl[16], en_keysr[16]; 182 static __thread u_int32_t de_keysl[16], de_keysr[16]; 183 static __thread int des_initialised = 0; 184 static __thread u_char m_sbox[4][4096]; 185 static __thread u_int32_t psbox[4][256]; 186 static __thread u_int32_t ip_maskl[8][256], ip_maskr[8][256]; 187 static __thread u_int32_t fp_maskl[8][256], fp_maskr[8][256]; 188 static __thread u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; 189 static __thread u_int32_t comp_maskl[8][128], comp_maskr[8][128]; 190 static __thread u_int32_t old_rawkey0, old_rawkey1; 191 192 static const u_char ascii64[] = 193 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 194 /* 0000000000111111111122222222223333333333444444444455555555556666 */ 195 /* 0123456789012345678901234567890123456789012345678901234567890123 */ 196 197 static INLINE int 198 ascii_to_bin(char ch) 199 { 200 if (ch > 'z') 201 return(0); 202 if (ch >= 'a') 203 return(ch - 'a' + 38); 204 if (ch > 'Z') 205 return(0); 206 if (ch >= 'A') 207 return(ch - 'A' + 12); 208 if (ch > '9') 209 return(0); 210 if (ch >= '.') 211 return(ch - '.'); 212 return(0); 213 } 214 215 static void 216 des_init(void) 217 { 218 int i, j, b, k, inbit, obit; 219 u_int32_t *p, *il, *ir, *fl, *fr; 220 221 old_rawkey0 = old_rawkey1 = 0L; 222 saltbits = 0L; 223 old_salt = 0L; 224 bits24 = (bits28 = bits32 + 4) + 4; 225 226 /* 227 * Invert the S-boxes, reordering the input bits. 228 */ 229 for (i = 0; i < 8; i++) 230 for (j = 0; j < 64; j++) { 231 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); 232 u_sbox[i][j] = sbox[i][b]; 233 } 234 235 /* 236 * Convert the inverted S-boxes into 4 arrays of 8 bits. 237 * Each will handle 12 bits of the S-box input. 238 */ 239 for (b = 0; b < 4; b++) 240 for (i = 0; i < 64; i++) 241 for (j = 0; j < 64; j++) 242 m_sbox[b][(i << 6) | j] = 243 (u_char)((u_sbox[(b << 1)][i] << 4) | 244 u_sbox[(b << 1) + 1][j]); 245 246 /* 247 * Set up the initial & final permutations into a useful form, and 248 * initialise the inverted key permutation. 249 */ 250 for (i = 0; i < 64; i++) { 251 init_perm[final_perm[i] = IP[i] - 1] = (u_char)i; 252 inv_key_perm[i] = 255; 253 } 254 255 /* 256 * Invert the key permutation and initialise the inverted key 257 * compression permutation. 258 */ 259 for (i = 0; i < 56; i++) { 260 inv_key_perm[key_perm[i] - 1] = (u_char)i; 261 inv_comp_perm[i] = 255; 262 } 263 264 /* 265 * Invert the key compression permutation. 266 */ 267 for (i = 0; i < 48; i++) { 268 inv_comp_perm[comp_perm[i] - 1] = (u_char)i; 269 } 270 271 /* 272 * Set up the OR-mask arrays for the initial and final permutations, 273 * and for the key initial and compression permutations. 274 */ 275 for (k = 0; k < 8; k++) { 276 for (i = 0; i < 256; i++) { 277 *(il = &ip_maskl[k][i]) = 0L; 278 *(ir = &ip_maskr[k][i]) = 0L; 279 *(fl = &fp_maskl[k][i]) = 0L; 280 *(fr = &fp_maskr[k][i]) = 0L; 281 for (j = 0; j < 8; j++) { 282 inbit = 8 * k + j; 283 if (i & bits8[j]) { 284 if ((obit = init_perm[inbit]) < 32) 285 *il |= bits32[obit]; 286 else 287 *ir |= bits32[obit-32]; 288 if ((obit = final_perm[inbit]) < 32) 289 *fl |= bits32[obit]; 290 else 291 *fr |= bits32[obit - 32]; 292 } 293 } 294 } 295 for (i = 0; i < 128; i++) { 296 *(il = &key_perm_maskl[k][i]) = 0L; 297 *(ir = &key_perm_maskr[k][i]) = 0L; 298 for (j = 0; j < 7; j++) { 299 inbit = 8 * k + j; 300 if (i & bits8[j + 1]) { 301 if ((obit = inv_key_perm[inbit]) == 255) 302 continue; 303 if (obit < 28) 304 *il |= bits28[obit]; 305 else 306 *ir |= bits28[obit - 28]; 307 } 308 } 309 *(il = &comp_maskl[k][i]) = 0L; 310 *(ir = &comp_maskr[k][i]) = 0L; 311 for (j = 0; j < 7; j++) { 312 inbit = 7 * k + j; 313 if (i & bits8[j + 1]) { 314 if ((obit=inv_comp_perm[inbit]) == 255) 315 continue; 316 if (obit < 24) 317 *il |= bits24[obit]; 318 else 319 *ir |= bits24[obit - 24]; 320 } 321 } 322 } 323 } 324 325 /* 326 * Invert the P-box permutation, and convert into OR-masks for 327 * handling the output of the S-box arrays setup above. 328 */ 329 for (i = 0; i < 32; i++) 330 un_pbox[pbox[i] - 1] = (u_char)i; 331 332 for (b = 0; b < 4; b++) 333 for (i = 0; i < 256; i++) { 334 *(p = &psbox[b][i]) = 0L; 335 for (j = 0; j < 8; j++) { 336 if (i & bits8[j]) 337 *p |= bits32[un_pbox[8 * b + j]]; 338 } 339 } 340 341 des_initialised = 1; 342 } 343 344 static void 345 setup_salt(u_int32_t salt) 346 { 347 u_int32_t obit, saltbit; 348 int i; 349 350 if (salt == old_salt) 351 return; 352 old_salt = salt; 353 354 saltbits = 0L; 355 saltbit = 1; 356 obit = 0x800000; 357 for (i = 0; i < 24; i++) { 358 if (salt & saltbit) 359 saltbits |= obit; 360 saltbit <<= 1; 361 obit >>= 1; 362 } 363 } 364 365 static int 366 des_setkey(const char *key) 367 { 368 u_int32_t k0, k1, rawkey0, rawkey1; 369 int shifts, round; 370 371 if (!des_initialised) 372 des_init(); 373 374 rawkey0 = ntohl(*(const u_int32_t *) key); 375 rawkey1 = ntohl(*(const u_int32_t *) (key + 4)); 376 377 if ((rawkey0 | rawkey1) 378 && rawkey0 == old_rawkey0 379 && rawkey1 == old_rawkey1) { 380 /* 381 * Already setup for this key. 382 * This optimisation fails on a zero key (which is weak and 383 * has bad parity anyway) in order to simplify the starting 384 * conditions. 385 */ 386 return(0); 387 } 388 old_rawkey0 = rawkey0; 389 old_rawkey1 = rawkey1; 390 391 /* 392 * Do key permutation and split into two 28-bit subkeys. 393 */ 394 k0 = key_perm_maskl[0][rawkey0 >> 25] 395 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] 396 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] 397 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] 398 | key_perm_maskl[4][rawkey1 >> 25] 399 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] 400 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] 401 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; 402 k1 = key_perm_maskr[0][rawkey0 >> 25] 403 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] 404 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] 405 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] 406 | key_perm_maskr[4][rawkey1 >> 25] 407 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] 408 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] 409 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; 410 /* 411 * Rotate subkeys and do compression permutation. 412 */ 413 shifts = 0; 414 for (round = 0; round < 16; round++) { 415 u_int32_t t0, t1; 416 417 shifts += key_shifts[round]; 418 419 t0 = (k0 << shifts) | (k0 >> (28 - shifts)); 420 t1 = (k1 << shifts) | (k1 >> (28 - shifts)); 421 422 de_keysl[15 - round] = 423 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] 424 | comp_maskl[1][(t0 >> 14) & 0x7f] 425 | comp_maskl[2][(t0 >> 7) & 0x7f] 426 | comp_maskl[3][t0 & 0x7f] 427 | comp_maskl[4][(t1 >> 21) & 0x7f] 428 | comp_maskl[5][(t1 >> 14) & 0x7f] 429 | comp_maskl[6][(t1 >> 7) & 0x7f] 430 | comp_maskl[7][t1 & 0x7f]; 431 432 de_keysr[15 - round] = 433 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] 434 | comp_maskr[1][(t0 >> 14) & 0x7f] 435 | comp_maskr[2][(t0 >> 7) & 0x7f] 436 | comp_maskr[3][t0 & 0x7f] 437 | comp_maskr[4][(t1 >> 21) & 0x7f] 438 | comp_maskr[5][(t1 >> 14) & 0x7f] 439 | comp_maskr[6][(t1 >> 7) & 0x7f] 440 | comp_maskr[7][t1 & 0x7f]; 441 } 442 return(0); 443 } 444 445 static int 446 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count) 447 { 448 /* 449 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. 450 */ 451 u_int32_t l, r, *kl, *kr, *kl1, *kr1; 452 u_int32_t f, r48l, r48r; 453 int round; 454 455 if (count == 0) { 456 return(1); 457 } else if (count > 0) { 458 /* 459 * Encrypting 460 */ 461 kl1 = en_keysl; 462 kr1 = en_keysr; 463 } else { 464 /* 465 * Decrypting 466 */ 467 count = -count; 468 kl1 = de_keysl; 469 kr1 = de_keysr; 470 } 471 472 /* 473 * Do initial permutation (IP). 474 */ 475 l = ip_maskl[0][l_in >> 24] 476 | ip_maskl[1][(l_in >> 16) & 0xff] 477 | ip_maskl[2][(l_in >> 8) & 0xff] 478 | ip_maskl[3][l_in & 0xff] 479 | ip_maskl[4][r_in >> 24] 480 | ip_maskl[5][(r_in >> 16) & 0xff] 481 | ip_maskl[6][(r_in >> 8) & 0xff] 482 | ip_maskl[7][r_in & 0xff]; 483 r = ip_maskr[0][l_in >> 24] 484 | ip_maskr[1][(l_in >> 16) & 0xff] 485 | ip_maskr[2][(l_in >> 8) & 0xff] 486 | ip_maskr[3][l_in & 0xff] 487 | ip_maskr[4][r_in >> 24] 488 | ip_maskr[5][(r_in >> 16) & 0xff] 489 | ip_maskr[6][(r_in >> 8) & 0xff] 490 | ip_maskr[7][r_in & 0xff]; 491 492 while (count--) { 493 /* 494 * Do each round. 495 */ 496 kl = kl1; 497 kr = kr1; 498 round = 16; 499 while (round--) { 500 /* 501 * Expand R to 48 bits (simulate the E-box). 502 */ 503 r48l = ((r & 0x00000001) << 23) 504 | ((r & 0xf8000000) >> 9) 505 | ((r & 0x1f800000) >> 11) 506 | ((r & 0x01f80000) >> 13) 507 | ((r & 0x001f8000) >> 15); 508 509 r48r = ((r & 0x0001f800) << 7) 510 | ((r & 0x00001f80) << 5) 511 | ((r & 0x000001f8) << 3) 512 | ((r & 0x0000001f) << 1) 513 | ((r & 0x80000000) >> 31); 514 /* 515 * Do salting for crypt() and friends, and 516 * XOR with the permuted key. 517 */ 518 f = (r48l ^ r48r) & saltbits; 519 r48l ^= f ^ *kl++; 520 r48r ^= f ^ *kr++; 521 /* 522 * Do sbox lookups (which shrink it back to 32 bits) 523 * and do the pbox permutation at the same time. 524 */ 525 f = psbox[0][m_sbox[0][r48l >> 12]] 526 | psbox[1][m_sbox[1][r48l & 0xfff]] 527 | psbox[2][m_sbox[2][r48r >> 12]] 528 | psbox[3][m_sbox[3][r48r & 0xfff]]; 529 /* 530 * Now that we've permuted things, complete f(). 531 */ 532 f ^= l; 533 l = r; 534 r = f; 535 } 536 r = l; 537 l = f; 538 } 539 /* 540 * Do final permutation (inverse of IP). 541 */ 542 *l_out = fp_maskl[0][l >> 24] 543 | fp_maskl[1][(l >> 16) & 0xff] 544 | fp_maskl[2][(l >> 8) & 0xff] 545 | fp_maskl[3][l & 0xff] 546 | fp_maskl[4][r >> 24] 547 | fp_maskl[5][(r >> 16) & 0xff] 548 | fp_maskl[6][(r >> 8) & 0xff] 549 | fp_maskl[7][r & 0xff]; 550 *r_out = fp_maskr[0][l >> 24] 551 | fp_maskr[1][(l >> 16) & 0xff] 552 | fp_maskr[2][(l >> 8) & 0xff] 553 | fp_maskr[3][l & 0xff] 554 | fp_maskr[4][r >> 24] 555 | fp_maskr[5][(r >> 16) & 0xff] 556 | fp_maskr[6][(r >> 8) & 0xff] 557 | fp_maskr[7][r & 0xff]; 558 return(0); 559 } 560 561 static int 562 des_cipher(const char *in, char *out, u_long salt, int count) 563 { 564 u_int32_t l_out, r_out, rawl, rawr; 565 int retval; 566 union { 567 u_int32_t *ui32; 568 const char *c; 569 } trans; 570 571 if (!des_initialised) 572 des_init(); 573 574 setup_salt(salt); 575 576 trans.c = in; 577 rawl = ntohl(*trans.ui32++); 578 rawr = ntohl(*trans.ui32); 579 580 retval = do_des(rawl, rawr, &l_out, &r_out, count); 581 582 trans.c = out; 583 *trans.ui32++ = htonl(l_out); 584 *trans.ui32 = htonl(r_out); 585 return(retval); 586 } 587 588 int 589 crypt_des(const char *key, const char *setting, char *buffer) 590 { 591 int i; 592 u_int32_t count, salt, l, r0, r1, keybuf[2]; 593 u_char *q; 594 595 if (!des_initialised) 596 des_init(); 597 598 /* 599 * Copy the key, shifting each character up by one bit 600 * and padding with zeros. 601 */ 602 q = (u_char *)keybuf; 603 while (q - (u_char *)keybuf - 8) { 604 *q++ = *key << 1; 605 if (*key != '\0') 606 key++; 607 } 608 if (des_setkey((char *)keybuf)) 609 return (-1); 610 611 if (*setting == _PASSWORD_EFMT1) { 612 /* 613 * "new"-style: 614 * setting - underscore, 4 bytes of count, 4 bytes of salt 615 * key - unlimited characters 616 */ 617 for (i = 1, count = 0L; i < 5; i++) 618 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6); 619 620 for (i = 5, salt = 0L; i < 9; i++) 621 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6); 622 623 while (*key) { 624 /* 625 * Encrypt the key with itself. 626 */ 627 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1)) 628 return (-1); 629 /* 630 * And XOR with the next 8 characters of the key. 631 */ 632 q = (u_char *)keybuf; 633 while (q - (u_char *)keybuf - 8 && *key) 634 *q++ ^= *key++ << 1; 635 636 if (des_setkey((char *)keybuf)) 637 return (-1); 638 } 639 buffer = stpncpy(buffer, setting, 9); 640 } else { 641 /* 642 * "old"-style: 643 * setting - 2 bytes of salt 644 * key - up to 8 characters 645 */ 646 count = 25; 647 648 salt = (ascii_to_bin(setting[1]) << 6) 649 | ascii_to_bin(setting[0]); 650 651 *buffer++ = setting[0]; 652 /* 653 * If the encrypted password that the salt was extracted from 654 * is only 1 character long, the salt will be corrupted. We 655 * need to ensure that the output string doesn't have an extra 656 * NUL in it! 657 */ 658 *buffer++ = setting[1] ? setting[1] : setting[0]; 659 } 660 setup_salt(salt); 661 /* 662 * Do it. 663 */ 664 if (do_des(0L, 0L, &r0, &r1, (int)count)) 665 return (-1); 666 /* 667 * Now encode the result... 668 */ 669 l = (r0 >> 8); 670 *buffer++ = ascii64[(l >> 18) & 0x3f]; 671 *buffer++ = ascii64[(l >> 12) & 0x3f]; 672 *buffer++ = ascii64[(l >> 6) & 0x3f]; 673 *buffer++ = ascii64[l & 0x3f]; 674 675 l = (r0 << 16) | ((r1 >> 16) & 0xffff); 676 *buffer++ = ascii64[(l >> 18) & 0x3f]; 677 *buffer++ = ascii64[(l >> 12) & 0x3f]; 678 *buffer++ = ascii64[(l >> 6) & 0x3f]; 679 *buffer++ = ascii64[l & 0x3f]; 680 681 l = r1 << 2; 682 *buffer++ = ascii64[(l >> 12) & 0x3f]; 683 *buffer++ = ascii64[(l >> 6) & 0x3f]; 684 *buffer++ = ascii64[l & 0x3f]; 685 *buffer = '\0'; 686 687 return (0); 688 } 689