1 /* 2 * FreeSec: libcrypt for NetBSD 3 * 4 * Copyright (c) 1994 David Burren 5 * All rights reserved. 6 * 7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet 8 * this file should now *only* export crypt(), in order to make 9 * binaries of libcrypt exportable from the USA 10 * 11 * Adapted for FreeBSD-4.0 by Mark R V Murray 12 * this file should now *only* export crypt_des(), in order to make 13 * a module that can be optionally included in libcrypt. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 3. Neither the name of the author nor the names of other contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * This is an original implementation of the DES and the crypt(3) interfaces 40 * by David Burren <davidb@werj.com.au>. 41 * 42 * An excellent reference on the underlying algorithm (and related 43 * algorithms) is: 44 * 45 * B. Schneier, Applied Cryptography: protocols, algorithms, 46 * and source code in C, John Wiley & Sons, 1994. 47 * 48 * Note that in that book's description of DES the lookups for the initial, 49 * pbox, and final permutations are inverted (this has been brought to the 50 * attention of the author). A list of errata for this book has been 51 * posted to the sci.crypt newsgroup by the author and is available for FTP. 52 * 53 * ARCHITECTURE ASSUMPTIONS: 54 * It is assumed that the 8-byte arrays passed by reference can be 55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about 56 * alignment). 57 */ 58 59 #include <sys/cdefs.h> 60 #include <sys/types.h> 61 #include <sys/param.h> 62 #include <arpa/inet.h> 63 #include <pwd.h> 64 #include <string.h> 65 #include "crypt.h" 66 67 /* We can't always assume gcc */ 68 #if defined(__GNUC__) && !defined(lint) 69 #define INLINE inline 70 #else 71 #define INLINE 72 #endif 73 74 75 static const u_char IP[64] = { 76 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 77 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 78 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 79 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 80 }; 81 82 static __thread u_char inv_key_perm[64]; 83 static const u_char key_perm[56] = { 84 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 85 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 86 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 87 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 88 }; 89 90 static const u_char key_shifts[16] = { 91 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 92 }; 93 94 static __thread u_char inv_comp_perm[56]; 95 static const u_char comp_perm[48] = { 96 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 97 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 98 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 99 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 100 }; 101 102 /* 103 * No E box is used, as it's replaced by some ANDs, shifts, and ORs. 104 */ 105 106 static __thread u_char u_sbox[8][64]; 107 static const u_char sbox[8][64] = { 108 { 109 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 110 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 111 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 112 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 113 }, 114 { 115 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 116 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 117 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 118 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 119 }, 120 { 121 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 122 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 123 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 124 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 125 }, 126 { 127 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 128 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 129 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 130 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 131 }, 132 { 133 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 134 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 135 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 136 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 137 }, 138 { 139 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 140 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 141 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 142 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 143 }, 144 { 145 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 146 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 147 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 148 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 149 }, 150 { 151 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 152 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 153 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 154 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 155 } 156 }; 157 158 static __thread u_char un_pbox[32]; 159 static const u_char pbox[32] = { 160 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 161 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 162 }; 163 164 static const u_int32_t bits32[32] = 165 { 166 0x80000000, 0x40000000, 0x20000000, 0x10000000, 167 0x08000000, 0x04000000, 0x02000000, 0x01000000, 168 0x00800000, 0x00400000, 0x00200000, 0x00100000, 169 0x00080000, 0x00040000, 0x00020000, 0x00010000, 170 0x00008000, 0x00004000, 0x00002000, 0x00001000, 171 0x00000800, 0x00000400, 0x00000200, 0x00000100, 172 0x00000080, 0x00000040, 0x00000020, 0x00000010, 173 0x00000008, 0x00000004, 0x00000002, 0x00000001 174 }; 175 176 static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; 177 178 static __thread u_int32_t saltbits; 179 static __thread u_int32_t old_salt; 180 static __thread const u_int32_t *bits28, *bits24; 181 static __thread u_char init_perm[64], final_perm[64]; 182 static __thread u_int32_t en_keysl[16], en_keysr[16]; 183 static __thread u_int32_t de_keysl[16], de_keysr[16]; 184 static __thread int des_initialised = 0; 185 static __thread u_char m_sbox[4][4096]; 186 static __thread u_int32_t psbox[4][256]; 187 static __thread u_int32_t ip_maskl[8][256], ip_maskr[8][256]; 188 static __thread u_int32_t fp_maskl[8][256], fp_maskr[8][256]; 189 static __thread u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; 190 static __thread u_int32_t comp_maskl[8][128], comp_maskr[8][128]; 191 static __thread u_int32_t old_rawkey0, old_rawkey1; 192 193 static const u_char ascii64[] = 194 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 195 /* 0000000000111111111122222222223333333333444444444455555555556666 */ 196 /* 0123456789012345678901234567890123456789012345678901234567890123 */ 197 198 static INLINE int 199 ascii_to_bin(char ch) 200 { 201 if (ch > 'z') 202 return(0); 203 if (ch >= 'a') 204 return(ch - 'a' + 38); 205 if (ch > 'Z') 206 return(0); 207 if (ch >= 'A') 208 return(ch - 'A' + 12); 209 if (ch > '9') 210 return(0); 211 if (ch >= '.') 212 return(ch - '.'); 213 return(0); 214 } 215 216 static void 217 des_init(void) 218 { 219 int i, j, b, k, inbit, obit; 220 u_int32_t *p, *il, *ir, *fl, *fr; 221 222 old_rawkey0 = old_rawkey1 = 0L; 223 saltbits = 0L; 224 old_salt = 0L; 225 bits24 = (bits28 = bits32 + 4) + 4; 226 227 /* 228 * Invert the S-boxes, reordering the input bits. 229 */ 230 for (i = 0; i < 8; i++) 231 for (j = 0; j < 64; j++) { 232 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); 233 u_sbox[i][j] = sbox[i][b]; 234 } 235 236 /* 237 * Convert the inverted S-boxes into 4 arrays of 8 bits. 238 * Each will handle 12 bits of the S-box input. 239 */ 240 for (b = 0; b < 4; b++) 241 for (i = 0; i < 64; i++) 242 for (j = 0; j < 64; j++) 243 m_sbox[b][(i << 6) | j] = 244 (u_char)((u_sbox[(b << 1)][i] << 4) | 245 u_sbox[(b << 1) + 1][j]); 246 247 /* 248 * Set up the initial & final permutations into a useful form, and 249 * initialise the inverted key permutation. 250 */ 251 for (i = 0; i < 64; i++) { 252 init_perm[final_perm[i] = IP[i] - 1] = (u_char)i; 253 inv_key_perm[i] = 255; 254 } 255 256 /* 257 * Invert the key permutation and initialise the inverted key 258 * compression permutation. 259 */ 260 for (i = 0; i < 56; i++) { 261 inv_key_perm[key_perm[i] - 1] = (u_char)i; 262 inv_comp_perm[i] = 255; 263 } 264 265 /* 266 * Invert the key compression permutation. 267 */ 268 for (i = 0; i < 48; i++) { 269 inv_comp_perm[comp_perm[i] - 1] = (u_char)i; 270 } 271 272 /* 273 * Set up the OR-mask arrays for the initial and final permutations, 274 * and for the key initial and compression permutations. 275 */ 276 for (k = 0; k < 8; k++) { 277 for (i = 0; i < 256; i++) { 278 *(il = &ip_maskl[k][i]) = 0L; 279 *(ir = &ip_maskr[k][i]) = 0L; 280 *(fl = &fp_maskl[k][i]) = 0L; 281 *(fr = &fp_maskr[k][i]) = 0L; 282 for (j = 0; j < 8; j++) { 283 inbit = 8 * k + j; 284 if (i & bits8[j]) { 285 if ((obit = init_perm[inbit]) < 32) 286 *il |= bits32[obit]; 287 else 288 *ir |= bits32[obit-32]; 289 if ((obit = final_perm[inbit]) < 32) 290 *fl |= bits32[obit]; 291 else 292 *fr |= bits32[obit - 32]; 293 } 294 } 295 } 296 for (i = 0; i < 128; i++) { 297 *(il = &key_perm_maskl[k][i]) = 0L; 298 *(ir = &key_perm_maskr[k][i]) = 0L; 299 for (j = 0; j < 7; j++) { 300 inbit = 8 * k + j; 301 if (i & bits8[j + 1]) { 302 if ((obit = inv_key_perm[inbit]) == 255) 303 continue; 304 if (obit < 28) 305 *il |= bits28[obit]; 306 else 307 *ir |= bits28[obit - 28]; 308 } 309 } 310 *(il = &comp_maskl[k][i]) = 0L; 311 *(ir = &comp_maskr[k][i]) = 0L; 312 for (j = 0; j < 7; j++) { 313 inbit = 7 * k + j; 314 if (i & bits8[j + 1]) { 315 if ((obit=inv_comp_perm[inbit]) == 255) 316 continue; 317 if (obit < 24) 318 *il |= bits24[obit]; 319 else 320 *ir |= bits24[obit - 24]; 321 } 322 } 323 } 324 } 325 326 /* 327 * Invert the P-box permutation, and convert into OR-masks for 328 * handling the output of the S-box arrays setup above. 329 */ 330 for (i = 0; i < 32; i++) 331 un_pbox[pbox[i] - 1] = (u_char)i; 332 333 for (b = 0; b < 4; b++) 334 for (i = 0; i < 256; i++) { 335 *(p = &psbox[b][i]) = 0L; 336 for (j = 0; j < 8; j++) { 337 if (i & bits8[j]) 338 *p |= bits32[un_pbox[8 * b + j]]; 339 } 340 } 341 342 des_initialised = 1; 343 } 344 345 static void 346 setup_salt(u_int32_t salt) 347 { 348 u_int32_t obit, saltbit; 349 int i; 350 351 if (salt == old_salt) 352 return; 353 old_salt = salt; 354 355 saltbits = 0L; 356 saltbit = 1; 357 obit = 0x800000; 358 for (i = 0; i < 24; i++) { 359 if (salt & saltbit) 360 saltbits |= obit; 361 saltbit <<= 1; 362 obit >>= 1; 363 } 364 } 365 366 static int 367 des_setkey(const char *key) 368 { 369 u_int32_t k0, k1, rawkey0, rawkey1; 370 int shifts, round; 371 372 if (!des_initialised) 373 des_init(); 374 375 rawkey0 = ntohl(*(const u_int32_t *) key); 376 rawkey1 = ntohl(*(const u_int32_t *) (key + 4)); 377 378 if ((rawkey0 | rawkey1) 379 && rawkey0 == old_rawkey0 380 && rawkey1 == old_rawkey1) { 381 /* 382 * Already setup for this key. 383 * This optimisation fails on a zero key (which is weak and 384 * has bad parity anyway) in order to simplify the starting 385 * conditions. 386 */ 387 return(0); 388 } 389 old_rawkey0 = rawkey0; 390 old_rawkey1 = rawkey1; 391 392 /* 393 * Do key permutation and split into two 28-bit subkeys. 394 */ 395 k0 = key_perm_maskl[0][rawkey0 >> 25] 396 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] 397 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] 398 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] 399 | key_perm_maskl[4][rawkey1 >> 25] 400 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] 401 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] 402 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; 403 k1 = key_perm_maskr[0][rawkey0 >> 25] 404 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] 405 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] 406 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] 407 | key_perm_maskr[4][rawkey1 >> 25] 408 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] 409 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] 410 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; 411 /* 412 * Rotate subkeys and do compression permutation. 413 */ 414 shifts = 0; 415 for (round = 0; round < 16; round++) { 416 u_int32_t t0, t1; 417 418 shifts += key_shifts[round]; 419 420 t0 = (k0 << shifts) | (k0 >> (28 - shifts)); 421 t1 = (k1 << shifts) | (k1 >> (28 - shifts)); 422 423 de_keysl[15 - round] = 424 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] 425 | comp_maskl[1][(t0 >> 14) & 0x7f] 426 | comp_maskl[2][(t0 >> 7) & 0x7f] 427 | comp_maskl[3][t0 & 0x7f] 428 | comp_maskl[4][(t1 >> 21) & 0x7f] 429 | comp_maskl[5][(t1 >> 14) & 0x7f] 430 | comp_maskl[6][(t1 >> 7) & 0x7f] 431 | comp_maskl[7][t1 & 0x7f]; 432 433 de_keysr[15 - round] = 434 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] 435 | comp_maskr[1][(t0 >> 14) & 0x7f] 436 | comp_maskr[2][(t0 >> 7) & 0x7f] 437 | comp_maskr[3][t0 & 0x7f] 438 | comp_maskr[4][(t1 >> 21) & 0x7f] 439 | comp_maskr[5][(t1 >> 14) & 0x7f] 440 | comp_maskr[6][(t1 >> 7) & 0x7f] 441 | comp_maskr[7][t1 & 0x7f]; 442 } 443 return(0); 444 } 445 446 static int 447 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count) 448 { 449 /* 450 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. 451 */ 452 u_int32_t l, r, *kl, *kr, *kl1, *kr1; 453 u_int32_t f, r48l, r48r; 454 int round; 455 456 if (count == 0) { 457 return(1); 458 } else if (count > 0) { 459 /* 460 * Encrypting 461 */ 462 kl1 = en_keysl; 463 kr1 = en_keysr; 464 } else { 465 /* 466 * Decrypting 467 */ 468 count = -count; 469 kl1 = de_keysl; 470 kr1 = de_keysr; 471 } 472 473 /* 474 * Do initial permutation (IP). 475 */ 476 l = ip_maskl[0][l_in >> 24] 477 | ip_maskl[1][(l_in >> 16) & 0xff] 478 | ip_maskl[2][(l_in >> 8) & 0xff] 479 | ip_maskl[3][l_in & 0xff] 480 | ip_maskl[4][r_in >> 24] 481 | ip_maskl[5][(r_in >> 16) & 0xff] 482 | ip_maskl[6][(r_in >> 8) & 0xff] 483 | ip_maskl[7][r_in & 0xff]; 484 r = ip_maskr[0][l_in >> 24] 485 | ip_maskr[1][(l_in >> 16) & 0xff] 486 | ip_maskr[2][(l_in >> 8) & 0xff] 487 | ip_maskr[3][l_in & 0xff] 488 | ip_maskr[4][r_in >> 24] 489 | ip_maskr[5][(r_in >> 16) & 0xff] 490 | ip_maskr[6][(r_in >> 8) & 0xff] 491 | ip_maskr[7][r_in & 0xff]; 492 493 while (count--) { 494 /* 495 * Do each round. 496 */ 497 kl = kl1; 498 kr = kr1; 499 round = 16; 500 while (round--) { 501 /* 502 * Expand R to 48 bits (simulate the E-box). 503 */ 504 r48l = ((r & 0x00000001) << 23) 505 | ((r & 0xf8000000) >> 9) 506 | ((r & 0x1f800000) >> 11) 507 | ((r & 0x01f80000) >> 13) 508 | ((r & 0x001f8000) >> 15); 509 510 r48r = ((r & 0x0001f800) << 7) 511 | ((r & 0x00001f80) << 5) 512 | ((r & 0x000001f8) << 3) 513 | ((r & 0x0000001f) << 1) 514 | ((r & 0x80000000) >> 31); 515 /* 516 * Do salting for crypt() and friends, and 517 * XOR with the permuted key. 518 */ 519 f = (r48l ^ r48r) & saltbits; 520 r48l ^= f ^ *kl++; 521 r48r ^= f ^ *kr++; 522 /* 523 * Do sbox lookups (which shrink it back to 32 bits) 524 * and do the pbox permutation at the same time. 525 */ 526 f = psbox[0][m_sbox[0][r48l >> 12]] 527 | psbox[1][m_sbox[1][r48l & 0xfff]] 528 | psbox[2][m_sbox[2][r48r >> 12]] 529 | psbox[3][m_sbox[3][r48r & 0xfff]]; 530 /* 531 * Now that we've permuted things, complete f(). 532 */ 533 f ^= l; 534 l = r; 535 r = f; 536 } 537 r = l; 538 l = f; 539 } 540 /* 541 * Do final permutation (inverse of IP). 542 */ 543 *l_out = fp_maskl[0][l >> 24] 544 | fp_maskl[1][(l >> 16) & 0xff] 545 | fp_maskl[2][(l >> 8) & 0xff] 546 | fp_maskl[3][l & 0xff] 547 | fp_maskl[4][r >> 24] 548 | fp_maskl[5][(r >> 16) & 0xff] 549 | fp_maskl[6][(r >> 8) & 0xff] 550 | fp_maskl[7][r & 0xff]; 551 *r_out = fp_maskr[0][l >> 24] 552 | fp_maskr[1][(l >> 16) & 0xff] 553 | fp_maskr[2][(l >> 8) & 0xff] 554 | fp_maskr[3][l & 0xff] 555 | fp_maskr[4][r >> 24] 556 | fp_maskr[5][(r >> 16) & 0xff] 557 | fp_maskr[6][(r >> 8) & 0xff] 558 | fp_maskr[7][r & 0xff]; 559 return(0); 560 } 561 562 static int 563 des_cipher(const char *in, char *out, u_long salt, int count) 564 { 565 u_int32_t l_out, r_out, rawl, rawr; 566 int retval; 567 union { 568 u_int32_t *ui32; 569 const char *c; 570 } trans; 571 572 if (!des_initialised) 573 des_init(); 574 575 setup_salt(salt); 576 577 trans.c = in; 578 rawl = ntohl(*trans.ui32++); 579 rawr = ntohl(*trans.ui32); 580 581 retval = do_des(rawl, rawr, &l_out, &r_out, count); 582 583 trans.c = out; 584 *trans.ui32++ = htonl(l_out); 585 *trans.ui32 = htonl(r_out); 586 return(retval); 587 } 588 589 int 590 crypt_des(const char *key, const char *setting, char *buffer) 591 { 592 int i; 593 u_int32_t count, salt, l, r0, r1, keybuf[2]; 594 u_char *q; 595 596 if (!des_initialised) 597 des_init(); 598 599 /* 600 * Copy the key, shifting each character up by one bit 601 * and padding with zeros. 602 */ 603 q = (u_char *)keybuf; 604 while (q - (u_char *)keybuf - 8) { 605 *q++ = *key << 1; 606 if (*key != '\0') 607 key++; 608 } 609 if (des_setkey((char *)keybuf)) 610 return (-1); 611 612 if (*setting == _PASSWORD_EFMT1) { 613 /* 614 * "new"-style: 615 * setting - underscore, 4 bytes of count, 4 bytes of salt 616 * key - unlimited characters 617 */ 618 for (i = 1, count = 0L; i < 5; i++) 619 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6); 620 621 for (i = 5, salt = 0L; i < 9; i++) 622 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6); 623 624 while (*key) { 625 /* 626 * Encrypt the key with itself. 627 */ 628 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1)) 629 return (-1); 630 /* 631 * And XOR with the next 8 characters of the key. 632 */ 633 q = (u_char *)keybuf; 634 while (q - (u_char *)keybuf - 8 && *key) 635 *q++ ^= *key++ << 1; 636 637 if (des_setkey((char *)keybuf)) 638 return (-1); 639 } 640 buffer = stpncpy(buffer, setting, 9); 641 } else { 642 /* 643 * "old"-style: 644 * setting - 2 bytes of salt 645 * key - up to 8 characters 646 */ 647 count = 25; 648 649 salt = (ascii_to_bin(setting[1]) << 6) 650 | ascii_to_bin(setting[0]); 651 652 *buffer++ = setting[0]; 653 /* 654 * If the encrypted password that the salt was extracted from 655 * is only 1 character long, the salt will be corrupted. We 656 * need to ensure that the output string doesn't have an extra 657 * NUL in it! 658 */ 659 *buffer++ = setting[1] ? setting[1] : setting[0]; 660 } 661 setup_salt(salt); 662 /* 663 * Do it. 664 */ 665 if (do_des(0L, 0L, &r0, &r1, (int)count)) 666 return (-1); 667 /* 668 * Now encode the result... 669 */ 670 l = (r0 >> 8); 671 *buffer++ = ascii64[(l >> 18) & 0x3f]; 672 *buffer++ = ascii64[(l >> 12) & 0x3f]; 673 *buffer++ = ascii64[(l >> 6) & 0x3f]; 674 *buffer++ = ascii64[l & 0x3f]; 675 676 l = (r0 << 16) | ((r1 >> 16) & 0xffff); 677 *buffer++ = ascii64[(l >> 18) & 0x3f]; 678 *buffer++ = ascii64[(l >> 12) & 0x3f]; 679 *buffer++ = ascii64[(l >> 6) & 0x3f]; 680 *buffer++ = ascii64[l & 0x3f]; 681 682 l = r1 << 2; 683 *buffer++ = ascii64[(l >> 12) & 0x3f]; 684 *buffer++ = ascii64[(l >> 6) & 0x3f]; 685 *buffer++ = ascii64[l & 0x3f]; 686 *buffer = '\0'; 687 688 return (0); 689 } 690