1 /* 2 * FreeSec: libcrypt for NetBSD 3 * 4 * Copyright (c) 1994 David Burren 5 * All rights reserved. 6 * 7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet 8 * crypt.c should now *only* export crypt(), in order to make 9 * binaries of libcrypt exportable from the USA 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 4. Neither the name of the author nor the names of other contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 * 35 * $Id$ 36 * 37 * This is an original implementation of the DES and the crypt(3) interfaces 38 * by David Burren <davidb@werj.com.au>. 39 * 40 * An excellent reference on the underlying algorithm (and related 41 * algorithms) is: 42 * 43 * B. Schneier, Applied Cryptography: protocols, algorithms, 44 * and source code in C, John Wiley & Sons, 1994. 45 * 46 * Note that in that book's description of DES the lookups for the initial, 47 * pbox, and final permutations are inverted (this has been brought to the 48 * attention of the author). A list of errata for this book has been 49 * posted to the sci.crypt newsgroup by the author and is available for FTP. 50 * 51 * ARCHITECTURE ASSUMPTIONS: 52 * This code assumes that u_longs are 32 bits. It will probably not 53 * operate on 64-bit machines without modifications. 54 * It is assumed that the 8-byte arrays passed by reference can be 55 * addressed as arrays of u_longs (ie. the CPU is not picky about 56 * alignment). 57 */ 58 #include <sys/types.h> 59 #include <sys/param.h> 60 #include <pwd.h> 61 #include <string.h> 62 63 char *crypt_md5(const char *pw, const char *salt); 64 65 /* We can't always assume gcc */ 66 #ifdef __GNUC__ 67 #define INLINE inline 68 #endif 69 70 71 static u_char IP[64] = { 72 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 73 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 74 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 75 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 76 }; 77 78 static u_char inv_key_perm[64]; 79 static u_char u_key_perm[56]; 80 static u_char key_perm[56] = { 81 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 82 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 83 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 84 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 85 }; 86 87 static u_char key_shifts[16] = { 88 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 89 }; 90 91 static u_char inv_comp_perm[56]; 92 static u_char comp_perm[48] = { 93 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 94 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 95 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 96 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 97 }; 98 99 /* 100 * No E box is used, as it's replaced by some ANDs, shifts, and ORs. 101 */ 102 103 static u_char u_sbox[8][64]; 104 static u_char sbox[8][64] = { 105 { 106 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 107 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 108 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 109 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 110 }, 111 { 112 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 113 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 114 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 115 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 116 }, 117 { 118 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 119 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 120 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 121 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 122 }, 123 { 124 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 125 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 126 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 127 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 128 }, 129 { 130 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 131 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 132 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 133 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 134 }, 135 { 136 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 137 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 138 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 139 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 140 }, 141 { 142 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 143 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 144 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 145 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 146 }, 147 { 148 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 149 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 150 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 151 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 152 } 153 }; 154 155 static u_char un_pbox[32]; 156 static u_char pbox[32] = { 157 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 158 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 159 }; 160 161 static u_long bits32[32] = 162 { 163 0x80000000, 0x40000000, 0x20000000, 0x10000000, 164 0x08000000, 0x04000000, 0x02000000, 0x01000000, 165 0x00800000, 0x00400000, 0x00200000, 0x00100000, 166 0x00080000, 0x00040000, 0x00020000, 0x00010000, 167 0x00008000, 0x00004000, 0x00002000, 0x00001000, 168 0x00000800, 0x00000400, 0x00000200, 0x00000100, 169 0x00000080, 0x00000040, 0x00000020, 0x00000010, 170 0x00000008, 0x00000004, 0x00000002, 0x00000001 171 }; 172 173 static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; 174 175 static u_long saltbits; 176 static long old_salt; 177 static u_long *bits28, *bits24; 178 static u_char init_perm[64], final_perm[64]; 179 static u_long en_keysl[16], en_keysr[16]; 180 static u_long de_keysl[16], de_keysr[16]; 181 static int des_initialised = 0; 182 static u_char m_sbox[4][4096]; 183 static u_long psbox[4][256]; 184 static u_long ip_maskl[8][256], ip_maskr[8][256]; 185 static u_long fp_maskl[8][256], fp_maskr[8][256]; 186 static u_long key_perm_maskl[8][128], key_perm_maskr[8][128]; 187 static u_long comp_maskl[8][128], comp_maskr[8][128]; 188 static u_long old_rawkey0, old_rawkey1; 189 190 static u_char ascii64[] = 191 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 192 /* 0000000000111111111122222222223333333333444444444455555555556666 */ 193 /* 0123456789012345678901234567890123456789012345678901234567890123 */ 194 195 static INLINE int 196 ascii_to_bin(char ch) 197 { 198 if (ch > 'z') 199 return(0); 200 if (ch >= 'a') 201 return(ch - 'a' + 38); 202 if (ch > 'Z') 203 return(0); 204 if (ch >= 'A') 205 return(ch - 'A' + 12); 206 if (ch > '9') 207 return(0); 208 if (ch >= '.') 209 return(ch - '.'); 210 return(0); 211 } 212 213 static void 214 des_init() 215 { 216 int i, j, b, k, inbit, obit; 217 u_long *p, *il, *ir, *fl, *fr; 218 219 old_rawkey0 = old_rawkey1 = 0L; 220 saltbits = 0L; 221 old_salt = 0L; 222 bits24 = (bits28 = bits32 + 4) + 4; 223 224 /* 225 * Invert the S-boxes, reordering the input bits. 226 */ 227 for (i = 0; i < 8; i++) 228 for (j = 0; j < 64; j++) { 229 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); 230 u_sbox[i][j] = sbox[i][b]; 231 } 232 233 /* 234 * Convert the inverted S-boxes into 4 arrays of 8 bits. 235 * Each will handle 12 bits of the S-box input. 236 */ 237 for (b = 0; b < 4; b++) 238 for (i = 0; i < 64; i++) 239 for (j = 0; j < 64; j++) 240 m_sbox[b][(i << 6) | j] = 241 (u_sbox[(b << 1)][i] << 4) | 242 u_sbox[(b << 1) + 1][j]; 243 244 /* 245 * Set up the initial & final permutations into a useful form, and 246 * initialise the inverted key permutation. 247 */ 248 for (i = 0; i < 64; i++) { 249 init_perm[final_perm[i] = IP[i] - 1] = i; 250 inv_key_perm[i] = 255; 251 } 252 253 /* 254 * Invert the key permutation and initialise the inverted key 255 * compression permutation. 256 */ 257 for (i = 0; i < 56; i++) { 258 u_key_perm[i] = key_perm[i] - 1; 259 inv_key_perm[key_perm[i] - 1] = i; 260 inv_comp_perm[i] = 255; 261 } 262 263 /* 264 * Invert the key compression permutation. 265 */ 266 for (i = 0; i < 48; i++) { 267 inv_comp_perm[comp_perm[i] - 1] = i; 268 } 269 270 /* 271 * Set up the OR-mask arrays for the initial and final permutations, 272 * and for the key initial and compression permutations. 273 */ 274 for (k = 0; k < 8; k++) { 275 for (i = 0; i < 256; i++) { 276 *(il = &ip_maskl[k][i]) = 0L; 277 *(ir = &ip_maskr[k][i]) = 0L; 278 *(fl = &fp_maskl[k][i]) = 0L; 279 *(fr = &fp_maskr[k][i]) = 0L; 280 for (j = 0; j < 8; j++) { 281 inbit = 8 * k + j; 282 if (i & bits8[j]) { 283 if ((obit = init_perm[inbit]) < 32) 284 *il |= bits32[obit]; 285 else 286 *ir |= bits32[obit-32]; 287 if ((obit = final_perm[inbit]) < 32) 288 *fl |= bits32[obit]; 289 else 290 *fr |= bits32[obit - 32]; 291 } 292 } 293 } 294 for (i = 0; i < 128; i++) { 295 *(il = &key_perm_maskl[k][i]) = 0L; 296 *(ir = &key_perm_maskr[k][i]) = 0L; 297 for (j = 0; j < 7; j++) { 298 inbit = 8 * k + j; 299 if (i & bits8[j + 1]) { 300 if ((obit = inv_key_perm[inbit]) == 255) 301 continue; 302 if (obit < 28) 303 *il |= bits28[obit]; 304 else 305 *ir |= bits28[obit - 28]; 306 } 307 } 308 *(il = &comp_maskl[k][i]) = 0L; 309 *(ir = &comp_maskr[k][i]) = 0L; 310 for (j = 0; j < 7; j++) { 311 inbit = 7 * k + j; 312 if (i & bits8[j + 1]) { 313 if ((obit=inv_comp_perm[inbit]) == 255) 314 continue; 315 if (obit < 24) 316 *il |= bits24[obit]; 317 else 318 *ir |= bits24[obit - 24]; 319 } 320 } 321 } 322 } 323 324 /* 325 * Invert the P-box permutation, and convert into OR-masks for 326 * handling the output of the S-box arrays setup above. 327 */ 328 for (i = 0; i < 32; i++) 329 un_pbox[pbox[i] - 1] = i; 330 331 for (b = 0; b < 4; b++) 332 for (i = 0; i < 256; i++) { 333 *(p = &psbox[b][i]) = 0L; 334 for (j = 0; j < 8; j++) { 335 if (i & bits8[j]) 336 *p |= bits32[un_pbox[8 * b + j]]; 337 } 338 } 339 340 des_initialised = 1; 341 } 342 343 static void 344 setup_salt(long salt) 345 { 346 u_long obit, saltbit; 347 int i; 348 349 if (salt == old_salt) 350 return; 351 old_salt = salt; 352 353 saltbits = 0L; 354 saltbit = 1; 355 obit = 0x800000; 356 for (i = 0; i < 24; i++) { 357 if (salt & saltbit) 358 saltbits |= obit; 359 saltbit <<= 1; 360 obit >>= 1; 361 } 362 } 363 364 static int 365 des_setkey(const char *key) 366 { 367 u_long k0, k1, rawkey0, rawkey1; 368 int shifts, round; 369 370 if (!des_initialised) 371 des_init(); 372 373 rawkey0 = ntohl(*(u_long *) key); 374 rawkey1 = ntohl(*(u_long *) (key + 4)); 375 376 if ((rawkey0 | rawkey1) 377 && rawkey0 == old_rawkey0 378 && rawkey1 == old_rawkey1) { 379 /* 380 * Already setup for this key. 381 * This optimisation fails on a zero key (which is weak and 382 * has bad parity anyway) in order to simplify the starting 383 * conditions. 384 */ 385 return(0); 386 } 387 old_rawkey0 = rawkey0; 388 old_rawkey1 = rawkey1; 389 390 /* 391 * Do key permutation and split into two 28-bit subkeys. 392 */ 393 k0 = key_perm_maskl[0][rawkey0 >> 25] 394 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] 395 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] 396 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] 397 | key_perm_maskl[4][rawkey1 >> 25] 398 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] 399 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] 400 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; 401 k1 = key_perm_maskr[0][rawkey0 >> 25] 402 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] 403 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] 404 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] 405 | key_perm_maskr[4][rawkey1 >> 25] 406 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] 407 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] 408 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; 409 /* 410 * Rotate subkeys and do compression permutation. 411 */ 412 shifts = 0; 413 for (round = 0; round < 16; round++) { 414 u_long t0, t1; 415 416 shifts += key_shifts[round]; 417 418 t0 = (k0 << shifts) | (k0 >> (28 - shifts)); 419 t1 = (k1 << shifts) | (k1 >> (28 - shifts)); 420 421 de_keysl[15 - round] = 422 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] 423 | comp_maskl[1][(t0 >> 14) & 0x7f] 424 | comp_maskl[2][(t0 >> 7) & 0x7f] 425 | comp_maskl[3][t0 & 0x7f] 426 | comp_maskl[4][(t1 >> 21) & 0x7f] 427 | comp_maskl[5][(t1 >> 14) & 0x7f] 428 | comp_maskl[6][(t1 >> 7) & 0x7f] 429 | comp_maskl[7][t1 & 0x7f]; 430 431 de_keysr[15 - round] = 432 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] 433 | comp_maskr[1][(t0 >> 14) & 0x7f] 434 | comp_maskr[2][(t0 >> 7) & 0x7f] 435 | comp_maskr[3][t0 & 0x7f] 436 | comp_maskr[4][(t1 >> 21) & 0x7f] 437 | comp_maskr[5][(t1 >> 14) & 0x7f] 438 | comp_maskr[6][(t1 >> 7) & 0x7f] 439 | comp_maskr[7][t1 & 0x7f]; 440 } 441 return(0); 442 } 443 444 static int 445 do_des( u_long l_in, u_long r_in, u_long *l_out, u_long *r_out, int count) 446 { 447 /* 448 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. 449 */ 450 u_long l, r, *kl, *kr, *kl1, *kr1; 451 u_long f, r48l, r48r; 452 int round; 453 454 if (count == 0) { 455 return(1); 456 } else if (count > 0) { 457 /* 458 * Encrypting 459 */ 460 kl1 = en_keysl; 461 kr1 = en_keysr; 462 } else { 463 /* 464 * Decrypting 465 */ 466 count = -count; 467 kl1 = de_keysl; 468 kr1 = de_keysr; 469 } 470 471 /* 472 * Do initial permutation (IP). 473 */ 474 l = ip_maskl[0][l_in >> 24] 475 | ip_maskl[1][(l_in >> 16) & 0xff] 476 | ip_maskl[2][(l_in >> 8) & 0xff] 477 | ip_maskl[3][l_in & 0xff] 478 | ip_maskl[4][r_in >> 24] 479 | ip_maskl[5][(r_in >> 16) & 0xff] 480 | ip_maskl[6][(r_in >> 8) & 0xff] 481 | ip_maskl[7][r_in & 0xff]; 482 r = ip_maskr[0][l_in >> 24] 483 | ip_maskr[1][(l_in >> 16) & 0xff] 484 | ip_maskr[2][(l_in >> 8) & 0xff] 485 | ip_maskr[3][l_in & 0xff] 486 | ip_maskr[4][r_in >> 24] 487 | ip_maskr[5][(r_in >> 16) & 0xff] 488 | ip_maskr[6][(r_in >> 8) & 0xff] 489 | ip_maskr[7][r_in & 0xff]; 490 491 while (count--) { 492 /* 493 * Do each round. 494 */ 495 kl = kl1; 496 kr = kr1; 497 round = 16; 498 while (round--) { 499 /* 500 * Expand R to 48 bits (simulate the E-box). 501 */ 502 r48l = ((r & 0x00000001) << 23) 503 | ((r & 0xf8000000) >> 9) 504 | ((r & 0x1f800000) >> 11) 505 | ((r & 0x01f80000) >> 13) 506 | ((r & 0x001f8000) >> 15); 507 508 r48r = ((r & 0x0001f800) << 7) 509 | ((r & 0x00001f80) << 5) 510 | ((r & 0x000001f8) << 3) 511 | ((r & 0x0000001f) << 1) 512 | ((r & 0x80000000) >> 31); 513 /* 514 * Do salting for crypt() and friends, and 515 * XOR with the permuted key. 516 */ 517 f = (r48l ^ r48r) & saltbits; 518 r48l ^= f ^ *kl++; 519 r48r ^= f ^ *kr++; 520 /* 521 * Do sbox lookups (which shrink it back to 32 bits) 522 * and do the pbox permutation at the same time. 523 */ 524 f = psbox[0][m_sbox[0][r48l >> 12]] 525 | psbox[1][m_sbox[1][r48l & 0xfff]] 526 | psbox[2][m_sbox[2][r48r >> 12]] 527 | psbox[3][m_sbox[3][r48r & 0xfff]]; 528 /* 529 * Now that we've permuted things, complete f(). 530 */ 531 f ^= l; 532 l = r; 533 r = f; 534 } 535 r = l; 536 l = f; 537 } 538 /* 539 * Do final permutation (inverse of IP). 540 */ 541 *l_out = fp_maskl[0][l >> 24] 542 | fp_maskl[1][(l >> 16) & 0xff] 543 | fp_maskl[2][(l >> 8) & 0xff] 544 | fp_maskl[3][l & 0xff] 545 | fp_maskl[4][r >> 24] 546 | fp_maskl[5][(r >> 16) & 0xff] 547 | fp_maskl[6][(r >> 8) & 0xff] 548 | fp_maskl[7][r & 0xff]; 549 *r_out = fp_maskr[0][l >> 24] 550 | fp_maskr[1][(l >> 16) & 0xff] 551 | fp_maskr[2][(l >> 8) & 0xff] 552 | fp_maskr[3][l & 0xff] 553 | fp_maskr[4][r >> 24] 554 | fp_maskr[5][(r >> 16) & 0xff] 555 | fp_maskr[6][(r >> 8) & 0xff] 556 | fp_maskr[7][r & 0xff]; 557 return(0); 558 } 559 560 static int 561 des_cipher(const char *in, char *out, long salt, int count) 562 { 563 u_long l_out, r_out, rawl, rawr; 564 int retval; 565 566 if (!des_initialised) 567 des_init(); 568 569 setup_salt(salt); 570 571 rawl = ntohl(*((u_long *) in)++); 572 rawr = ntohl(*((u_long *) in)); 573 574 retval = do_des(rawl, rawr, &l_out, &r_out, count); 575 576 *((u_long *) out)++ = htonl(l_out); 577 *((u_long *) out) = htonl(r_out); 578 return(retval); 579 } 580 581 char * 582 crypt(char *key, char *setting) 583 { 584 int i; 585 u_long count, salt, l, r0, r1, keybuf[2]; 586 u_char *p, *q; 587 static u_char output[21]; 588 589 if (!strncmp(setting, "$1$", 3)) 590 return crypt_md5(key, setting); 591 592 if (!des_initialised) 593 des_init(); 594 595 596 /* 597 * Copy the key, shifting each character up by one bit 598 * and padding with zeros. 599 */ 600 q = (u_char *) keybuf; 601 while (q - (u_char *) keybuf - 8) { 602 if ((*q++ = *key << 1)) 603 key++; 604 } 605 if (des_setkey((u_char *) keybuf)) 606 return(NULL); 607 608 if (*setting == _PASSWORD_EFMT1) { 609 /* 610 * "new"-style: 611 * setting - underscore, 4 bytes of count, 4 bytes of salt 612 * key - unlimited characters 613 */ 614 for (i = 1, count = 0L; i < 5; i++) 615 count |= ascii_to_bin(setting[i]) << (i - 1) * 6; 616 617 for (i = 5, salt = 0L; i < 9; i++) 618 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; 619 620 while (*key) { 621 /* 622 * Encrypt the key with itself. 623 */ 624 if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1)) 625 return(NULL); 626 /* 627 * And XOR with the next 8 characters of the key. 628 */ 629 q = (u_char *) keybuf; 630 while (q - (u_char *) keybuf - 8 && *key) 631 *q++ ^= *key++ << 1; 632 633 if (des_setkey((u_char *) keybuf)) 634 return(NULL); 635 } 636 strncpy(output, setting, 9); 637 638 /* 639 * Double check that we weren't given a short setting. 640 * If we were, the above code will probably have created 641 * wierd values for count and salt, but we don't really care. 642 * Just make sure the output string doesn't have an extra 643 * NUL in it. 644 */ 645 output[9] = '\0'; 646 p = output + strlen(output); 647 } else { 648 /* 649 * "old"-style: 650 * setting - 2 bytes of salt 651 * key - up to 8 characters 652 */ 653 count = 25; 654 655 salt = (ascii_to_bin(setting[1]) << 6) 656 | ascii_to_bin(setting[0]); 657 658 output[0] = setting[0]; 659 /* 660 * If the encrypted password that the salt was extracted from 661 * is only 1 character long, the salt will be corrupted. We 662 * need to ensure that the output string doesn't have an extra 663 * NUL in it! 664 */ 665 output[1] = setting[1] ? setting[1] : output[0]; 666 667 p = output + 2; 668 } 669 setup_salt(salt); 670 /* 671 * Do it. 672 */ 673 if (do_des(0L, 0L, &r0, &r1, count)) 674 return(NULL); 675 /* 676 * Now encode the result... 677 */ 678 l = (r0 >> 8); 679 *p++ = ascii64[(l >> 18) & 0x3f]; 680 *p++ = ascii64[(l >> 12) & 0x3f]; 681 *p++ = ascii64[(l >> 6) & 0x3f]; 682 *p++ = ascii64[l & 0x3f]; 683 684 l = (r0 << 16) | ((r1 >> 16) & 0xffff); 685 *p++ = ascii64[(l >> 18) & 0x3f]; 686 *p++ = ascii64[(l >> 12) & 0x3f]; 687 *p++ = ascii64[(l >> 6) & 0x3f]; 688 *p++ = ascii64[l & 0x3f]; 689 690 l = r1 << 2; 691 *p++ = ascii64[(l >> 12) & 0x3f]; 692 *p++ = ascii64[(l >> 6) & 0x3f]; 693 *p++ = ascii64[l & 0x3f]; 694 *p = 0; 695 696 return(output); 697 } 698