1 /* 2 * FreeSec: libcrypt for NetBSD 3 * 4 * Copyright (c) 1994 David Burren 5 * All rights reserved. 6 * 7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet 8 * crypt.c should now *only* export crypt(), in order to make 9 * binaries of libcrypt exportable from the USA 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 4. Neither the name of the author nor the names of other contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * $Id: crypt.c,v 1.4 1994/09/07 07:47:08 pst Exp $ 36 * 37 * This is an original implementation of the DES and the crypt(3) interfaces 38 * by David Burren <davidb@werj.com.au>. 39 * 40 * An excellent reference on the underlying algorithm (and related 41 * algorithms) is: 42 * 43 * B. Schneier, Applied Cryptography: protocols, algorithms, 44 * and source code in C, John Wiley & Sons, 1994. 45 * 46 * Note that in that book's description of DES the lookups for the initial, 47 * pbox, and final permutations are inverted (this has been brought to the 48 * attention of the author). A list of errata for this book has been 49 * posted to the sci.crypt newsgroup by the author and is available for FTP. 50 * 51 * ARCHITECTURE ASSUMPTIONS: 52 * This code assumes that u_longs are 32 bits. It will probably not 53 * operate on 64-bit machines without modifications. 54 * It is assumed that the 8-byte arrays passed by reference can be 55 * addressed as arrays of u_longs (ie. the CPU is not picky about 56 * alignment). 57 */ 58 #include <sys/types.h> 59 #include <sys/param.h> 60 #include <pwd.h> 61 62 #ifdef DEBUG 63 # include <stdio.h> 64 #endif 65 66 /* We can't always assume gcc */ 67 #ifdef __GNUC__ 68 #define INLINE inline 69 #endif 70 71 72 static u_char IP[64] = { 73 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 74 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 75 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 76 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 77 }; 78 79 static u_char inv_key_perm[64]; 80 static u_char u_key_perm[56]; 81 static u_char key_perm[56] = { 82 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 83 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 84 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 85 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 86 }; 87 88 static u_char key_shifts[16] = { 89 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 90 }; 91 92 static u_char inv_comp_perm[56]; 93 static u_char comp_perm[48] = { 94 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 95 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 96 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 97 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 98 }; 99 100 /* 101 * No E box is used, as it's replaced by some ANDs, shifts, and ORs. 102 */ 103 104 static u_char u_sbox[8][64]; 105 static u_char sbox[8][64] = { 106 { 107 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 108 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 109 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 110 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 111 }, 112 { 113 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 114 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 115 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 116 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 117 }, 118 { 119 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 120 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 121 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 122 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 123 }, 124 { 125 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 126 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 127 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 128 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 129 }, 130 { 131 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 132 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 133 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 134 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 135 }, 136 { 137 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 138 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 139 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 140 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 141 }, 142 { 143 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 144 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 145 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 146 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 147 }, 148 { 149 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 150 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 151 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 152 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 153 } 154 }; 155 156 static u_char un_pbox[32]; 157 static u_char pbox[32] = { 158 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 159 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 160 }; 161 162 static u_long bits32[32] = 163 { 164 0x80000000, 0x40000000, 0x20000000, 0x10000000, 165 0x08000000, 0x04000000, 0x02000000, 0x01000000, 166 0x00800000, 0x00400000, 0x00200000, 0x00100000, 167 0x00080000, 0x00040000, 0x00020000, 0x00010000, 168 0x00008000, 0x00004000, 0x00002000, 0x00001000, 169 0x00000800, 0x00000400, 0x00000200, 0x00000100, 170 0x00000080, 0x00000040, 0x00000020, 0x00000010, 171 0x00000008, 0x00000004, 0x00000002, 0x00000001 172 }; 173 174 static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; 175 176 static u_long saltbits; 177 static long old_salt; 178 static u_long *bits28, *bits24; 179 static u_char init_perm[64], final_perm[64]; 180 static u_long en_keysl[16], en_keysr[16]; 181 static u_long de_keysl[16], de_keysr[16]; 182 static int des_initialised = 0; 183 static u_char m_sbox[4][4096]; 184 static u_long psbox[4][256]; 185 static u_long ip_maskl[8][256], ip_maskr[8][256]; 186 static u_long fp_maskl[8][256], fp_maskr[8][256]; 187 static u_long key_perm_maskl[8][128], key_perm_maskr[8][128]; 188 static u_long comp_maskl[8][128], comp_maskr[8][128]; 189 static u_long old_rawkey0, old_rawkey1; 190 191 static u_char ascii64[] = 192 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 193 /* 0000000000111111111122222222223333333333444444444455555555556666 */ 194 /* 0123456789012345678901234567890123456789012345678901234567890123 */ 195 196 static INLINE int 197 ascii_to_bin(char ch) 198 { 199 if (ch > 'z') 200 return(0); 201 if (ch >= 'a') 202 return(ch - 'a' + 38); 203 if (ch > 'Z') 204 return(0); 205 if (ch >= 'A') 206 return(ch - 'A' + 12); 207 if (ch > '9') 208 return(0); 209 if (ch >= '.') 210 return(ch - '.'); 211 return(0); 212 } 213 214 static void 215 des_init() 216 { 217 int i, j, b, k, inbit, obit; 218 u_long *p, *il, *ir, *fl, *fr; 219 220 old_rawkey0 = old_rawkey1 = 0L; 221 saltbits = 0L; 222 old_salt = 0L; 223 bits24 = (bits28 = bits32 + 4) + 4; 224 225 /* 226 * Invert the S-boxes, reordering the input bits. 227 */ 228 for (i = 0; i < 8; i++) 229 for (j = 0; j < 64; j++) { 230 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); 231 u_sbox[i][j] = sbox[i][b]; 232 } 233 234 /* 235 * Convert the inverted S-boxes into 4 arrays of 8 bits. 236 * Each will handle 12 bits of the S-box input. 237 */ 238 for (b = 0; b < 4; b++) 239 for (i = 0; i < 64; i++) 240 for (j = 0; j < 64; j++) 241 m_sbox[b][(i << 6) | j] = 242 (u_sbox[(b << 1)][i] << 4) | 243 u_sbox[(b << 1) + 1][j]; 244 245 /* 246 * Set up the initial & final permutations into a useful form, and 247 * initialise the inverted key permutation. 248 */ 249 for (i = 0; i < 64; i++) { 250 init_perm[final_perm[i] = IP[i] - 1] = i; 251 inv_key_perm[i] = 255; 252 } 253 254 /* 255 * Invert the key permutation and initialise the inverted key 256 * compression permutation. 257 */ 258 for (i = 0; i < 56; i++) { 259 u_key_perm[i] = key_perm[i] - 1; 260 inv_key_perm[key_perm[i] - 1] = i; 261 inv_comp_perm[i] = 255; 262 } 263 264 /* 265 * Invert the key compression permutation. 266 */ 267 for (i = 0; i < 48; i++) { 268 inv_comp_perm[comp_perm[i] - 1] = i; 269 } 270 271 /* 272 * Set up the OR-mask arrays for the initial and final permutations, 273 * and for the key initial and compression permutations. 274 */ 275 for (k = 0; k < 8; k++) { 276 for (i = 0; i < 256; i++) { 277 *(il = &ip_maskl[k][i]) = 0L; 278 *(ir = &ip_maskr[k][i]) = 0L; 279 *(fl = &fp_maskl[k][i]) = 0L; 280 *(fr = &fp_maskr[k][i]) = 0L; 281 for (j = 0; j < 8; j++) { 282 inbit = 8 * k + j; 283 if (i & bits8[j]) { 284 if ((obit = init_perm[inbit]) < 32) 285 *il |= bits32[obit]; 286 else 287 *ir |= bits32[obit-32]; 288 if ((obit = final_perm[inbit]) < 32) 289 *fl |= bits32[obit]; 290 else 291 *fr |= bits32[obit - 32]; 292 } 293 } 294 } 295 for (i = 0; i < 128; i++) { 296 *(il = &key_perm_maskl[k][i]) = 0L; 297 *(ir = &key_perm_maskr[k][i]) = 0L; 298 for (j = 0; j < 7; j++) { 299 inbit = 8 * k + j; 300 if (i & bits8[j + 1]) { 301 if ((obit = inv_key_perm[inbit]) == 255) 302 continue; 303 if (obit < 28) 304 *il |= bits28[obit]; 305 else 306 *ir |= bits28[obit - 28]; 307 } 308 } 309 *(il = &comp_maskl[k][i]) = 0L; 310 *(ir = &comp_maskr[k][i]) = 0L; 311 for (j = 0; j < 7; j++) { 312 inbit = 7 * k + j; 313 if (i & bits8[j + 1]) { 314 if ((obit=inv_comp_perm[inbit]) == 255) 315 continue; 316 if (obit < 24) 317 *il |= bits24[obit]; 318 else 319 *ir |= bits24[obit - 24]; 320 } 321 } 322 } 323 } 324 325 /* 326 * Invert the P-box permutation, and convert into OR-masks for 327 * handling the output of the S-box arrays setup above. 328 */ 329 for (i = 0; i < 32; i++) 330 un_pbox[pbox[i] - 1] = i; 331 332 for (b = 0; b < 4; b++) 333 for (i = 0; i < 256; i++) { 334 *(p = &psbox[b][i]) = 0L; 335 for (j = 0; j < 8; j++) { 336 if (i & bits8[j]) 337 *p |= bits32[un_pbox[8 * b + j]]; 338 } 339 } 340 341 des_initialised = 1; 342 } 343 344 static void 345 setup_salt(long salt) 346 { 347 u_long obit, saltbit; 348 int i; 349 350 if (salt == old_salt) 351 return; 352 old_salt = salt; 353 354 saltbits = 0L; 355 saltbit = 1; 356 obit = 0x800000; 357 for (i = 0; i < 24; i++) { 358 if (salt & saltbit) 359 saltbits |= obit; 360 saltbit <<= 1; 361 obit >>= 1; 362 } 363 } 364 365 static int 366 des_setkey(const char *key) 367 { 368 u_long k0, k1, rawkey0, rawkey1; 369 int shifts, i, b, round; 370 371 if (!des_initialised) 372 des_init(); 373 374 rawkey0 = ntohl(*(u_long *) key); 375 rawkey1 = ntohl(*(u_long *) (key + 4)); 376 377 if ((rawkey0 | rawkey1) 378 && rawkey0 == old_rawkey0 379 && rawkey1 == old_rawkey1) { 380 /* 381 * Already setup for this key. 382 * This optimisation fails on a zero key (which is weak and 383 * has bad parity anyway) in order to simplify the starting 384 * conditions. 385 */ 386 return(0); 387 } 388 old_rawkey0 = rawkey0; 389 old_rawkey1 = rawkey1; 390 391 /* 392 * Do key permutation and split into two 28-bit subkeys. 393 */ 394 k0 = key_perm_maskl[0][rawkey0 >> 25] 395 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] 396 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] 397 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] 398 | key_perm_maskl[4][rawkey1 >> 25] 399 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] 400 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] 401 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; 402 k1 = key_perm_maskr[0][rawkey0 >> 25] 403 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] 404 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] 405 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] 406 | key_perm_maskr[4][rawkey1 >> 25] 407 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] 408 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] 409 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; 410 /* 411 * Rotate subkeys and do compression permutation. 412 */ 413 shifts = 0; 414 for (round = 0; round < 16; round++) { 415 u_long t0, t1; 416 int bit; 417 418 shifts += key_shifts[round]; 419 420 t0 = (k0 << shifts) | (k0 >> (28 - shifts)); 421 t1 = (k1 << shifts) | (k1 >> (28 - shifts)); 422 423 de_keysl[15 - round] = 424 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] 425 | comp_maskl[1][(t0 >> 14) & 0x7f] 426 | comp_maskl[2][(t0 >> 7) & 0x7f] 427 | comp_maskl[3][t0 & 0x7f] 428 | comp_maskl[4][(t1 >> 21) & 0x7f] 429 | comp_maskl[5][(t1 >> 14) & 0x7f] 430 | comp_maskl[6][(t1 >> 7) & 0x7f] 431 | comp_maskl[7][t1 & 0x7f]; 432 433 de_keysr[15 - round] = 434 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] 435 | comp_maskr[1][(t0 >> 14) & 0x7f] 436 | comp_maskr[2][(t0 >> 7) & 0x7f] 437 | comp_maskr[3][t0 & 0x7f] 438 | comp_maskr[4][(t1 >> 21) & 0x7f] 439 | comp_maskr[5][(t1 >> 14) & 0x7f] 440 | comp_maskr[6][(t1 >> 7) & 0x7f] 441 | comp_maskr[7][t1 & 0x7f]; 442 } 443 return(0); 444 } 445 446 static int 447 do_des( u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count) 448 { 449 /* 450 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. 451 */ 452 u_long mask, rawl, rawr, l, r, *kl, *kr, *kl1, *kr1; 453 u_long f, r48l, r48r; 454 int i, j, b, round; 455 456 if (count == 0) { 457 return(1); 458 } else if (count > 0) { 459 /* 460 * Encrypting 461 */ 462 kl1 = en_keysl; 463 kr1 = en_keysr; 464 } else { 465 /* 466 * Decrypting 467 */ 468 count = -count; 469 kl1 = de_keysl; 470 kr1 = de_keysr; 471 } 472 473 /* 474 * Do initial permutation (IP). 475 */ 476 l = ip_maskl[0][l_in >> 24] 477 | ip_maskl[1][(l_in >> 16) & 0xff] 478 | ip_maskl[2][(l_in >> 8) & 0xff] 479 | ip_maskl[3][l_in & 0xff] 480 | ip_maskl[4][r_in >> 24] 481 | ip_maskl[5][(r_in >> 16) & 0xff] 482 | ip_maskl[6][(r_in >> 8) & 0xff] 483 | ip_maskl[7][r_in & 0xff]; 484 r = ip_maskr[0][l_in >> 24] 485 | ip_maskr[1][(l_in >> 16) & 0xff] 486 | ip_maskr[2][(l_in >> 8) & 0xff] 487 | ip_maskr[3][l_in & 0xff] 488 | ip_maskr[4][r_in >> 24] 489 | ip_maskr[5][(r_in >> 16) & 0xff] 490 | ip_maskr[6][(r_in >> 8) & 0xff] 491 | ip_maskr[7][r_in & 0xff]; 492 493 while (count--) { 494 /* 495 * Do each round. 496 */ 497 kl = kl1; 498 kr = kr1; 499 round = 16; 500 while (round--) { 501 /* 502 * Expand R to 48 bits (simulate the E-box). 503 */ 504 r48l = ((r & 0x00000001) << 23) 505 | ((r & 0xf8000000) >> 9) 506 | ((r & 0x1f800000) >> 11) 507 | ((r & 0x01f80000) >> 13) 508 | ((r & 0x001f8000) >> 15); 509 510 r48r = ((r & 0x0001f800) << 7) 511 | ((r & 0x00001f80) << 5) 512 | ((r & 0x000001f8) << 3) 513 | ((r & 0x0000001f) << 1) 514 | ((r & 0x80000000) >> 31); 515 /* 516 * Do salting for crypt() and friends, and 517 * XOR with the permuted key. 518 */ 519 f = (r48l ^ r48r) & saltbits; 520 r48l ^= f ^ *kl++; 521 r48r ^= f ^ *kr++; 522 /* 523 * Do sbox lookups (which shrink it back to 32 bits) 524 * and do the pbox permutation at the same time. 525 */ 526 f = psbox[0][m_sbox[0][r48l >> 12]] 527 | psbox[1][m_sbox[1][r48l & 0xfff]] 528 | psbox[2][m_sbox[2][r48r >> 12]] 529 | psbox[3][m_sbox[3][r48r & 0xfff]]; 530 /* 531 * Now that we've permuted things, complete f(). 532 */ 533 f ^= l; 534 l = r; 535 r = f; 536 } 537 r = l; 538 l = f; 539 } 540 /* 541 * Do final permutation (inverse of IP). 542 */ 543 *l_out = fp_maskl[0][l >> 24] 544 | fp_maskl[1][(l >> 16) & 0xff] 545 | fp_maskl[2][(l >> 8) & 0xff] 546 | fp_maskl[3][l & 0xff] 547 | fp_maskl[4][r >> 24] 548 | fp_maskl[5][(r >> 16) & 0xff] 549 | fp_maskl[6][(r >> 8) & 0xff] 550 | fp_maskl[7][r & 0xff]; 551 *r_out = fp_maskr[0][l >> 24] 552 | fp_maskr[1][(l >> 16) & 0xff] 553 | fp_maskr[2][(l >> 8) & 0xff] 554 | fp_maskr[3][l & 0xff] 555 | fp_maskr[4][r >> 24] 556 | fp_maskr[5][(r >> 16) & 0xff] 557 | fp_maskr[6][(r >> 8) & 0xff] 558 | fp_maskr[7][r & 0xff]; 559 return(0); 560 } 561 562 static int 563 des_cipher(const char *in, char *out, long salt, int count) 564 { 565 u_long l_out, r_out, rawl, rawr; 566 int retval; 567 568 if (!des_initialised) 569 des_init(); 570 571 setup_salt(salt); 572 573 rawl = ntohl(*((u_long *) in)++); 574 rawr = ntohl(*((u_long *) in)); 575 576 retval = do_des(rawl, rawr, &l_out, &r_out, count); 577 578 *((u_long *) out)++ = htonl(l_out); 579 *((u_long *) out) = htonl(r_out); 580 return(retval); 581 } 582 583 584 char * 585 crypt(char *key, char *setting) 586 { 587 int i; 588 u_long count, salt, l, r0, r1, keybuf[2]; 589 u_char *p, *q; 590 static u_char output[21]; 591 592 if (!des_initialised) 593 des_init(); 594 595 596 /* 597 * Copy the key, shifting each character up by one bit 598 * and padding with zeros. 599 */ 600 q = (u_char *) keybuf; 601 while (q - (u_char *) keybuf - 8) { 602 if (*q++ = *key << 1) 603 key++; 604 } 605 if (des_setkey((u_char *) keybuf)) 606 return(NULL); 607 608 if (*setting == _PASSWORD_EFMT1) { 609 /* 610 * "new"-style: 611 * setting - underscore, 4 bytes of count, 4 bytes of salt 612 * key - unlimited characters 613 */ 614 for (i = 1, count = 0L; i < 5; i++) 615 count |= ascii_to_bin(setting[i]) << (i - 1) * 6; 616 617 for (i = 5, salt = 0L; i < 9; i++) 618 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; 619 620 while (*key) { 621 /* 622 * Encrypt the key with itself. 623 */ 624 if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1)) 625 return(NULL); 626 /* 627 * And XOR with the next 8 characters of the key. 628 */ 629 q = (u_char *) keybuf; 630 while (q - (u_char *) keybuf - 8 && *key) 631 *q++ ^= *key++ << 1; 632 633 if (des_setkey((u_char *) keybuf)) 634 return(NULL); 635 } 636 strncpy(output, setting, 9); 637 638 /* 639 * Double check that we weren't given a short setting. 640 * If we were, the above code will probably have created 641 * wierd values for count and salt, but we don't really care. 642 * Just make sure the output string doesn't have an extra 643 * NUL in it. 644 */ 645 output[9] = '\0'; 646 p = output + strlen(output); 647 } else { 648 /* 649 * "old"-style: 650 * setting - 2 bytes of salt 651 * key - up to 8 characters 652 */ 653 count = 25; 654 655 salt = (ascii_to_bin(setting[1]) << 6) 656 | ascii_to_bin(setting[0]); 657 658 output[0] = setting[0]; 659 /* 660 * If the encrypted password that the salt was extracted from 661 * is only 1 character long, the salt will be corrupted. We 662 * need to ensure that the output string doesn't have an extra 663 * NUL in it! 664 */ 665 output[1] = setting[1] ? setting[1] : output[0]; 666 667 p = output + 2; 668 } 669 setup_salt(salt); 670 /* 671 * Do it. 672 */ 673 if (do_des(0L, 0L, &r0, &r1, count)) 674 return(NULL); 675 /* 676 * Now encode the result... 677 */ 678 l = (r0 >> 8); 679 *p++ = ascii64[(l >> 18) & 0x3f]; 680 *p++ = ascii64[(l >> 12) & 0x3f]; 681 *p++ = ascii64[(l >> 6) & 0x3f]; 682 *p++ = ascii64[l & 0x3f]; 683 684 l = (r0 << 16) | ((r1 >> 16) & 0xffff); 685 *p++ = ascii64[(l >> 18) & 0x3f]; 686 *p++ = ascii64[(l >> 12) & 0x3f]; 687 *p++ = ascii64[(l >> 6) & 0x3f]; 688 *p++ = ascii64[l & 0x3f]; 689 690 l = r1 << 2; 691 *p++ = ascii64[(l >> 12) & 0x3f]; 692 *p++ = ascii64[(l >> 6) & 0x3f]; 693 *p++ = ascii64[l & 0x3f]; 694 *p = 0; 695 696 return(output); 697 } 698