1 /* 2 * FreeSec: libcrypt for NetBSD 3 * 4 * Copyright (c) 1994 David Burren 5 * All rights reserved. 6 * 7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet 8 * this file should now *only* export crypt(), in order to make 9 * binaries of libcrypt exportable from the USA 10 * 11 * Adapted for FreeBSD-4.0 by Mark R V Murray 12 * this file should now *only* export crypt_des(), in order to make 13 * a module that can be optionally included in libcrypt. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 3. Neither the name of the author nor the names of other contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * This is an original implementation of the DES and the crypt(3) interfaces 40 * by David Burren <davidb@werj.com.au>. 41 * 42 * An excellent reference on the underlying algorithm (and related 43 * algorithms) is: 44 * 45 * B. Schneier, Applied Cryptography: protocols, algorithms, 46 * and source code in C, John Wiley & Sons, 1994. 47 * 48 * Note that in that book's description of DES the lookups for the initial, 49 * pbox, and final permutations are inverted (this has been brought to the 50 * attention of the author). A list of errata for this book has been 51 * posted to the sci.crypt newsgroup by the author and is available for FTP. 52 * 53 * ARCHITECTURE ASSUMPTIONS: 54 * It is assumed that the 8-byte arrays passed by reference can be 55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about 56 * alignment). 57 */ 58 59 #include <sys/cdefs.h> 60 __FBSDID("$FreeBSD$"); 61 62 #include <sys/types.h> 63 #include <sys/param.h> 64 #include <pwd.h> 65 #include <string.h> 66 #include "crypt.h" 67 68 /* We can't always assume gcc */ 69 #ifdef __GNUC__ 70 #define INLINE inline 71 #endif 72 73 74 static u_char IP[64] = { 75 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 76 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 77 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 78 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 79 }; 80 81 static u_char inv_key_perm[64]; 82 static u_char u_key_perm[56]; 83 static u_char key_perm[56] = { 84 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 85 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 86 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 87 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 88 }; 89 90 static u_char key_shifts[16] = { 91 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 92 }; 93 94 static u_char inv_comp_perm[56]; 95 static u_char comp_perm[48] = { 96 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 97 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 98 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 99 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 100 }; 101 102 /* 103 * No E box is used, as it's replaced by some ANDs, shifts, and ORs. 104 */ 105 106 static u_char u_sbox[8][64]; 107 static u_char sbox[8][64] = { 108 { 109 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 110 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 111 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 112 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 113 }, 114 { 115 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 116 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 117 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 118 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 119 }, 120 { 121 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 122 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 123 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 124 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 125 }, 126 { 127 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 128 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 129 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 130 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 131 }, 132 { 133 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 134 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 135 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 136 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 137 }, 138 { 139 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 140 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 141 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 142 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 143 }, 144 { 145 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 146 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 147 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 148 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 149 }, 150 { 151 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 152 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 153 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 154 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 155 } 156 }; 157 158 static u_char un_pbox[32]; 159 static u_char pbox[32] = { 160 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 161 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 162 }; 163 164 static u_int32_t bits32[32] = 165 { 166 0x80000000, 0x40000000, 0x20000000, 0x10000000, 167 0x08000000, 0x04000000, 0x02000000, 0x01000000, 168 0x00800000, 0x00400000, 0x00200000, 0x00100000, 169 0x00080000, 0x00040000, 0x00020000, 0x00010000, 170 0x00008000, 0x00004000, 0x00002000, 0x00001000, 171 0x00000800, 0x00000400, 0x00000200, 0x00000100, 172 0x00000080, 0x00000040, 0x00000020, 0x00000010, 173 0x00000008, 0x00000004, 0x00000002, 0x00000001 174 }; 175 176 static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; 177 178 static u_int32_t saltbits; 179 static long old_salt; 180 static u_int32_t *bits28, *bits24; 181 static u_char init_perm[64], final_perm[64]; 182 static u_int32_t en_keysl[16], en_keysr[16]; 183 static u_int32_t de_keysl[16], de_keysr[16]; 184 static int des_initialised = 0; 185 static u_char m_sbox[4][4096]; 186 static u_int32_t psbox[4][256]; 187 static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; 188 static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; 189 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; 190 static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; 191 static u_int32_t old_rawkey0, old_rawkey1; 192 193 static u_char ascii64[] = 194 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 195 /* 0000000000111111111122222222223333333333444444444455555555556666 */ 196 /* 0123456789012345678901234567890123456789012345678901234567890123 */ 197 198 static INLINE int 199 ascii_to_bin(char ch) 200 { 201 if (ch > 'z') 202 return(0); 203 if (ch >= 'a') 204 return(ch - 'a' + 38); 205 if (ch > 'Z') 206 return(0); 207 if (ch >= 'A') 208 return(ch - 'A' + 12); 209 if (ch > '9') 210 return(0); 211 if (ch >= '.') 212 return(ch - '.'); 213 return(0); 214 } 215 216 static void 217 des_init() 218 { 219 int i, j, b, k, inbit, obit; 220 u_int32_t *p, *il, *ir, *fl, *fr; 221 222 old_rawkey0 = old_rawkey1 = 0L; 223 saltbits = 0L; 224 old_salt = 0L; 225 bits24 = (bits28 = bits32 + 4) + 4; 226 227 /* 228 * Invert the S-boxes, reordering the input bits. 229 */ 230 for (i = 0; i < 8; i++) 231 for (j = 0; j < 64; j++) { 232 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); 233 u_sbox[i][j] = sbox[i][b]; 234 } 235 236 /* 237 * Convert the inverted S-boxes into 4 arrays of 8 bits. 238 * Each will handle 12 bits of the S-box input. 239 */ 240 for (b = 0; b < 4; b++) 241 for (i = 0; i < 64; i++) 242 for (j = 0; j < 64; j++) 243 m_sbox[b][(i << 6) | j] = 244 (u_sbox[(b << 1)][i] << 4) | 245 u_sbox[(b << 1) + 1][j]; 246 247 /* 248 * Set up the initial & final permutations into a useful form, and 249 * initialise the inverted key permutation. 250 */ 251 for (i = 0; i < 64; i++) { 252 init_perm[final_perm[i] = IP[i] - 1] = i; 253 inv_key_perm[i] = 255; 254 } 255 256 /* 257 * Invert the key permutation and initialise the inverted key 258 * compression permutation. 259 */ 260 for (i = 0; i < 56; i++) { 261 u_key_perm[i] = key_perm[i] - 1; 262 inv_key_perm[key_perm[i] - 1] = i; 263 inv_comp_perm[i] = 255; 264 } 265 266 /* 267 * Invert the key compression permutation. 268 */ 269 for (i = 0; i < 48; i++) { 270 inv_comp_perm[comp_perm[i] - 1] = i; 271 } 272 273 /* 274 * Set up the OR-mask arrays for the initial and final permutations, 275 * and for the key initial and compression permutations. 276 */ 277 for (k = 0; k < 8; k++) { 278 for (i = 0; i < 256; i++) { 279 *(il = &ip_maskl[k][i]) = 0L; 280 *(ir = &ip_maskr[k][i]) = 0L; 281 *(fl = &fp_maskl[k][i]) = 0L; 282 *(fr = &fp_maskr[k][i]) = 0L; 283 for (j = 0; j < 8; j++) { 284 inbit = 8 * k + j; 285 if (i & bits8[j]) { 286 if ((obit = init_perm[inbit]) < 32) 287 *il |= bits32[obit]; 288 else 289 *ir |= bits32[obit-32]; 290 if ((obit = final_perm[inbit]) < 32) 291 *fl |= bits32[obit]; 292 else 293 *fr |= bits32[obit - 32]; 294 } 295 } 296 } 297 for (i = 0; i < 128; i++) { 298 *(il = &key_perm_maskl[k][i]) = 0L; 299 *(ir = &key_perm_maskr[k][i]) = 0L; 300 for (j = 0; j < 7; j++) { 301 inbit = 8 * k + j; 302 if (i & bits8[j + 1]) { 303 if ((obit = inv_key_perm[inbit]) == 255) 304 continue; 305 if (obit < 28) 306 *il |= bits28[obit]; 307 else 308 *ir |= bits28[obit - 28]; 309 } 310 } 311 *(il = &comp_maskl[k][i]) = 0L; 312 *(ir = &comp_maskr[k][i]) = 0L; 313 for (j = 0; j < 7; j++) { 314 inbit = 7 * k + j; 315 if (i & bits8[j + 1]) { 316 if ((obit=inv_comp_perm[inbit]) == 255) 317 continue; 318 if (obit < 24) 319 *il |= bits24[obit]; 320 else 321 *ir |= bits24[obit - 24]; 322 } 323 } 324 } 325 } 326 327 /* 328 * Invert the P-box permutation, and convert into OR-masks for 329 * handling the output of the S-box arrays setup above. 330 */ 331 for (i = 0; i < 32; i++) 332 un_pbox[pbox[i] - 1] = i; 333 334 for (b = 0; b < 4; b++) 335 for (i = 0; i < 256; i++) { 336 *(p = &psbox[b][i]) = 0L; 337 for (j = 0; j < 8; j++) { 338 if (i & bits8[j]) 339 *p |= bits32[un_pbox[8 * b + j]]; 340 } 341 } 342 343 des_initialised = 1; 344 } 345 346 static void 347 setup_salt(long salt) 348 { 349 u_int32_t obit, saltbit; 350 int i; 351 352 if (salt == old_salt) 353 return; 354 old_salt = salt; 355 356 saltbits = 0L; 357 saltbit = 1; 358 obit = 0x800000; 359 for (i = 0; i < 24; i++) { 360 if (salt & saltbit) 361 saltbits |= obit; 362 saltbit <<= 1; 363 obit >>= 1; 364 } 365 } 366 367 static int 368 des_setkey(const char *key) 369 { 370 u_int32_t k0, k1, rawkey0, rawkey1; 371 int shifts, round; 372 373 if (!des_initialised) 374 des_init(); 375 376 rawkey0 = ntohl(*(u_int32_t *) key); 377 rawkey1 = ntohl(*(u_int32_t *) (key + 4)); 378 379 if ((rawkey0 | rawkey1) 380 && rawkey0 == old_rawkey0 381 && rawkey1 == old_rawkey1) { 382 /* 383 * Already setup for this key. 384 * This optimisation fails on a zero key (which is weak and 385 * has bad parity anyway) in order to simplify the starting 386 * conditions. 387 */ 388 return(0); 389 } 390 old_rawkey0 = rawkey0; 391 old_rawkey1 = rawkey1; 392 393 /* 394 * Do key permutation and split into two 28-bit subkeys. 395 */ 396 k0 = key_perm_maskl[0][rawkey0 >> 25] 397 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] 398 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] 399 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] 400 | key_perm_maskl[4][rawkey1 >> 25] 401 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] 402 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] 403 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; 404 k1 = key_perm_maskr[0][rawkey0 >> 25] 405 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] 406 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] 407 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] 408 | key_perm_maskr[4][rawkey1 >> 25] 409 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] 410 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] 411 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; 412 /* 413 * Rotate subkeys and do compression permutation. 414 */ 415 shifts = 0; 416 for (round = 0; round < 16; round++) { 417 u_int32_t t0, t1; 418 419 shifts += key_shifts[round]; 420 421 t0 = (k0 << shifts) | (k0 >> (28 - shifts)); 422 t1 = (k1 << shifts) | (k1 >> (28 - shifts)); 423 424 de_keysl[15 - round] = 425 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] 426 | comp_maskl[1][(t0 >> 14) & 0x7f] 427 | comp_maskl[2][(t0 >> 7) & 0x7f] 428 | comp_maskl[3][t0 & 0x7f] 429 | comp_maskl[4][(t1 >> 21) & 0x7f] 430 | comp_maskl[5][(t1 >> 14) & 0x7f] 431 | comp_maskl[6][(t1 >> 7) & 0x7f] 432 | comp_maskl[7][t1 & 0x7f]; 433 434 de_keysr[15 - round] = 435 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] 436 | comp_maskr[1][(t0 >> 14) & 0x7f] 437 | comp_maskr[2][(t0 >> 7) & 0x7f] 438 | comp_maskr[3][t0 & 0x7f] 439 | comp_maskr[4][(t1 >> 21) & 0x7f] 440 | comp_maskr[5][(t1 >> 14) & 0x7f] 441 | comp_maskr[6][(t1 >> 7) & 0x7f] 442 | comp_maskr[7][t1 & 0x7f]; 443 } 444 return(0); 445 } 446 447 static int 448 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count) 449 { 450 /* 451 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. 452 */ 453 u_int32_t l, r, *kl, *kr, *kl1, *kr1; 454 u_int32_t f, r48l, r48r; 455 int round; 456 457 if (count == 0) { 458 return(1); 459 } else if (count > 0) { 460 /* 461 * Encrypting 462 */ 463 kl1 = en_keysl; 464 kr1 = en_keysr; 465 } else { 466 /* 467 * Decrypting 468 */ 469 count = -count; 470 kl1 = de_keysl; 471 kr1 = de_keysr; 472 } 473 474 /* 475 * Do initial permutation (IP). 476 */ 477 l = ip_maskl[0][l_in >> 24] 478 | ip_maskl[1][(l_in >> 16) & 0xff] 479 | ip_maskl[2][(l_in >> 8) & 0xff] 480 | ip_maskl[3][l_in & 0xff] 481 | ip_maskl[4][r_in >> 24] 482 | ip_maskl[5][(r_in >> 16) & 0xff] 483 | ip_maskl[6][(r_in >> 8) & 0xff] 484 | ip_maskl[7][r_in & 0xff]; 485 r = ip_maskr[0][l_in >> 24] 486 | ip_maskr[1][(l_in >> 16) & 0xff] 487 | ip_maskr[2][(l_in >> 8) & 0xff] 488 | ip_maskr[3][l_in & 0xff] 489 | ip_maskr[4][r_in >> 24] 490 | ip_maskr[5][(r_in >> 16) & 0xff] 491 | ip_maskr[6][(r_in >> 8) & 0xff] 492 | ip_maskr[7][r_in & 0xff]; 493 494 while (count--) { 495 /* 496 * Do each round. 497 */ 498 kl = kl1; 499 kr = kr1; 500 round = 16; 501 while (round--) { 502 /* 503 * Expand R to 48 bits (simulate the E-box). 504 */ 505 r48l = ((r & 0x00000001) << 23) 506 | ((r & 0xf8000000) >> 9) 507 | ((r & 0x1f800000) >> 11) 508 | ((r & 0x01f80000) >> 13) 509 | ((r & 0x001f8000) >> 15); 510 511 r48r = ((r & 0x0001f800) << 7) 512 | ((r & 0x00001f80) << 5) 513 | ((r & 0x000001f8) << 3) 514 | ((r & 0x0000001f) << 1) 515 | ((r & 0x80000000) >> 31); 516 /* 517 * Do salting for crypt() and friends, and 518 * XOR with the permuted key. 519 */ 520 f = (r48l ^ r48r) & saltbits; 521 r48l ^= f ^ *kl++; 522 r48r ^= f ^ *kr++; 523 /* 524 * Do sbox lookups (which shrink it back to 32 bits) 525 * and do the pbox permutation at the same time. 526 */ 527 f = psbox[0][m_sbox[0][r48l >> 12]] 528 | psbox[1][m_sbox[1][r48l & 0xfff]] 529 | psbox[2][m_sbox[2][r48r >> 12]] 530 | psbox[3][m_sbox[3][r48r & 0xfff]]; 531 /* 532 * Now that we've permuted things, complete f(). 533 */ 534 f ^= l; 535 l = r; 536 r = f; 537 } 538 r = l; 539 l = f; 540 } 541 /* 542 * Do final permutation (inverse of IP). 543 */ 544 *l_out = fp_maskl[0][l >> 24] 545 | fp_maskl[1][(l >> 16) & 0xff] 546 | fp_maskl[2][(l >> 8) & 0xff] 547 | fp_maskl[3][l & 0xff] 548 | fp_maskl[4][r >> 24] 549 | fp_maskl[5][(r >> 16) & 0xff] 550 | fp_maskl[6][(r >> 8) & 0xff] 551 | fp_maskl[7][r & 0xff]; 552 *r_out = fp_maskr[0][l >> 24] 553 | fp_maskr[1][(l >> 16) & 0xff] 554 | fp_maskr[2][(l >> 8) & 0xff] 555 | fp_maskr[3][l & 0xff] 556 | fp_maskr[4][r >> 24] 557 | fp_maskr[5][(r >> 16) & 0xff] 558 | fp_maskr[6][(r >> 8) & 0xff] 559 | fp_maskr[7][r & 0xff]; 560 return(0); 561 } 562 563 static int 564 des_cipher(const char *in, char *out, long salt, int count) 565 { 566 u_int32_t l_out, r_out, rawl, rawr; 567 int retval; 568 569 if (!des_initialised) 570 des_init(); 571 572 setup_salt(salt); 573 574 rawl = ntohl(*((u_int32_t *) in)++); 575 rawr = ntohl(*((u_int32_t *) in)); 576 577 retval = do_des(rawl, rawr, &l_out, &r_out, count); 578 579 *((u_int32_t *) out)++ = htonl(l_out); 580 *((u_int32_t *) out) = htonl(r_out); 581 return(retval); 582 } 583 584 char * 585 crypt_des(const char *key, const char *setting) 586 { 587 int i; 588 u_int32_t count, salt, l, r0, r1, keybuf[2]; 589 u_char *p, *q; 590 static u_char output[21]; 591 592 if (!des_initialised) 593 des_init(); 594 595 596 /* 597 * Copy the key, shifting each character up by one bit 598 * and padding with zeros. 599 */ 600 q = (u_char *) keybuf; 601 while (q - (u_char *) keybuf - 8) { 602 if ((*q++ = *key << 1)) 603 key++; 604 } 605 if (des_setkey((u_char *) keybuf)) 606 return(NULL); 607 608 if (*setting == _PASSWORD_EFMT1) { 609 /* 610 * "new"-style: 611 * setting - underscore, 4 bytes of count, 4 bytes of salt 612 * key - unlimited characters 613 */ 614 for (i = 1, count = 0L; i < 5; i++) 615 count |= ascii_to_bin(setting[i]) << (i - 1) * 6; 616 617 for (i = 5, salt = 0L; i < 9; i++) 618 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; 619 620 while (*key) { 621 /* 622 * Encrypt the key with itself. 623 */ 624 if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1)) 625 return(NULL); 626 /* 627 * And XOR with the next 8 characters of the key. 628 */ 629 q = (u_char *) keybuf; 630 while (q - (u_char *) keybuf - 8 && *key) 631 *q++ ^= *key++ << 1; 632 633 if (des_setkey((u_char *) keybuf)) 634 return(NULL); 635 } 636 strncpy(output, setting, 9); 637 638 /* 639 * Double check that we weren't given a short setting. 640 * If we were, the above code will probably have created 641 * wierd values for count and salt, but we don't really care. 642 * Just make sure the output string doesn't have an extra 643 * NUL in it. 644 */ 645 output[9] = '\0'; 646 p = output + strlen(output); 647 } else { 648 /* 649 * "old"-style: 650 * setting - 2 bytes of salt 651 * key - up to 8 characters 652 */ 653 count = 25; 654 655 salt = (ascii_to_bin(setting[1]) << 6) 656 | ascii_to_bin(setting[0]); 657 658 output[0] = setting[0]; 659 /* 660 * If the encrypted password that the salt was extracted from 661 * is only 1 character long, the salt will be corrupted. We 662 * need to ensure that the output string doesn't have an extra 663 * NUL in it! 664 */ 665 output[1] = setting[1] ? setting[1] : output[0]; 666 667 p = output + 2; 668 } 669 setup_salt(salt); 670 /* 671 * Do it. 672 */ 673 if (do_des(0L, 0L, &r0, &r1, count)) 674 return(NULL); 675 /* 676 * Now encode the result... 677 */ 678 l = (r0 >> 8); 679 *p++ = ascii64[(l >> 18) & 0x3f]; 680 *p++ = ascii64[(l >> 12) & 0x3f]; 681 *p++ = ascii64[(l >> 6) & 0x3f]; 682 *p++ = ascii64[l & 0x3f]; 683 684 l = (r0 << 16) | ((r1 >> 16) & 0xffff); 685 *p++ = ascii64[(l >> 18) & 0x3f]; 686 *p++ = ascii64[(l >> 12) & 0x3f]; 687 *p++ = ascii64[(l >> 6) & 0x3f]; 688 *p++ = ascii64[l & 0x3f]; 689 690 l = r1 << 2; 691 *p++ = ascii64[(l >> 12) & 0x3f]; 692 *p++ = ascii64[(l >> 6) & 0x3f]; 693 *p++ = ascii64[l & 0x3f]; 694 *p = 0; 695 696 return(output); 697 } 698