1 /* 2 * FreeSec: libcrypt for NetBSD 3 * 4 * Copyright (c) 1994 David Burren 5 * All rights reserved. 6 * 7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet 8 * this file should now *only* export crypt(), in order to make 9 * binaries of libcrypt exportable from the USA 10 * 11 * Adapted for FreeBSD-4.0 by Mark R V Murray 12 * this file should now *only* export crypt_des(), in order to make 13 * a module that can be optionally included in libcrypt. 14 * 15 * Redistribution and use in source and binary forms, with or without 16 * modification, are permitted provided that the following conditions 17 * are met: 18 * 1. Redistributions of source code must retain the above copyright 19 * notice, this list of conditions and the following disclaimer. 20 * 2. Redistributions in binary form must reproduce the above copyright 21 * notice, this list of conditions and the following disclaimer in the 22 * documentation and/or other materials provided with the distribution. 23 * 3. Neither the name of the author nor the names of other contributors 24 * may be used to endorse or promote products derived from this software 25 * without specific prior written permission. 26 * 27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 37 * SUCH DAMAGE. 38 * 39 * This is an original implementation of the DES and the crypt(3) interfaces 40 * by David Burren <davidb@werj.com.au>. 41 * 42 * An excellent reference on the underlying algorithm (and related 43 * algorithms) is: 44 * 45 * B. Schneier, Applied Cryptography: protocols, algorithms, 46 * and source code in C, John Wiley & Sons, 1994. 47 * 48 * Note that in that book's description of DES the lookups for the initial, 49 * pbox, and final permutations are inverted (this has been brought to the 50 * attention of the author). A list of errata for this book has been 51 * posted to the sci.crypt newsgroup by the author and is available for FTP. 52 * 53 * ARCHITECTURE ASSUMPTIONS: 54 * It is assumed that the 8-byte arrays passed by reference can be 55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about 56 * alignment). 57 */ 58 59 #include <sys/cdefs.h> 60 __FBSDID("$FreeBSD$"); 61 62 #include <sys/types.h> 63 #include <sys/param.h> 64 #include <arpa/inet.h> 65 #include <pwd.h> 66 #include <string.h> 67 #include "crypt.h" 68 69 /* We can't always assume gcc */ 70 #ifdef __GNUC__ 71 #define INLINE inline 72 #endif 73 74 75 static u_char IP[64] = { 76 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, 77 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, 78 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, 79 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 80 }; 81 82 static u_char inv_key_perm[64]; 83 static u_char u_key_perm[56]; 84 static u_char key_perm[56] = { 85 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 86 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 87 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 88 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 89 }; 90 91 static u_char key_shifts[16] = { 92 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 93 }; 94 95 static u_char inv_comp_perm[56]; 96 static u_char comp_perm[48] = { 97 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 98 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 99 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 100 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 101 }; 102 103 /* 104 * No E box is used, as it's replaced by some ANDs, shifts, and ORs. 105 */ 106 107 static u_char u_sbox[8][64]; 108 static u_char sbox[8][64] = { 109 { 110 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, 111 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, 112 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, 113 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 114 }, 115 { 116 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, 117 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, 118 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, 119 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 120 }, 121 { 122 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, 123 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, 124 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, 125 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 126 }, 127 { 128 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, 129 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, 130 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, 131 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 132 }, 133 { 134 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, 135 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, 136 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, 137 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 138 }, 139 { 140 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, 141 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, 142 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, 143 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 144 }, 145 { 146 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, 147 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, 148 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, 149 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 150 }, 151 { 152 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, 153 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, 154 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, 155 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 156 } 157 }; 158 159 static u_char un_pbox[32]; 160 static u_char pbox[32] = { 161 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 162 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 163 }; 164 165 static u_int32_t bits32[32] = 166 { 167 0x80000000, 0x40000000, 0x20000000, 0x10000000, 168 0x08000000, 0x04000000, 0x02000000, 0x01000000, 169 0x00800000, 0x00400000, 0x00200000, 0x00100000, 170 0x00080000, 0x00040000, 0x00020000, 0x00010000, 171 0x00008000, 0x00004000, 0x00002000, 0x00001000, 172 0x00000800, 0x00000400, 0x00000200, 0x00000100, 173 0x00000080, 0x00000040, 0x00000020, 0x00000010, 174 0x00000008, 0x00000004, 0x00000002, 0x00000001 175 }; 176 177 static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; 178 179 static u_int32_t saltbits; 180 static long old_salt; 181 static u_int32_t *bits28, *bits24; 182 static u_char init_perm[64], final_perm[64]; 183 static u_int32_t en_keysl[16], en_keysr[16]; 184 static u_int32_t de_keysl[16], de_keysr[16]; 185 static int des_initialised = 0; 186 static u_char m_sbox[4][4096]; 187 static u_int32_t psbox[4][256]; 188 static u_int32_t ip_maskl[8][256], ip_maskr[8][256]; 189 static u_int32_t fp_maskl[8][256], fp_maskr[8][256]; 190 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; 191 static u_int32_t comp_maskl[8][128], comp_maskr[8][128]; 192 static u_int32_t old_rawkey0, old_rawkey1; 193 194 static u_char ascii64[] = 195 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; 196 /* 0000000000111111111122222222223333333333444444444455555555556666 */ 197 /* 0123456789012345678901234567890123456789012345678901234567890123 */ 198 199 static INLINE int 200 ascii_to_bin(char ch) 201 { 202 if (ch > 'z') 203 return(0); 204 if (ch >= 'a') 205 return(ch - 'a' + 38); 206 if (ch > 'Z') 207 return(0); 208 if (ch >= 'A') 209 return(ch - 'A' + 12); 210 if (ch > '9') 211 return(0); 212 if (ch >= '.') 213 return(ch - '.'); 214 return(0); 215 } 216 217 static void 218 des_init() 219 { 220 int i, j, b, k, inbit, obit; 221 u_int32_t *p, *il, *ir, *fl, *fr; 222 223 old_rawkey0 = old_rawkey1 = 0L; 224 saltbits = 0L; 225 old_salt = 0L; 226 bits24 = (bits28 = bits32 + 4) + 4; 227 228 /* 229 * Invert the S-boxes, reordering the input bits. 230 */ 231 for (i = 0; i < 8; i++) 232 for (j = 0; j < 64; j++) { 233 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); 234 u_sbox[i][j] = sbox[i][b]; 235 } 236 237 /* 238 * Convert the inverted S-boxes into 4 arrays of 8 bits. 239 * Each will handle 12 bits of the S-box input. 240 */ 241 for (b = 0; b < 4; b++) 242 for (i = 0; i < 64; i++) 243 for (j = 0; j < 64; j++) 244 m_sbox[b][(i << 6) | j] = 245 (u_sbox[(b << 1)][i] << 4) | 246 u_sbox[(b << 1) + 1][j]; 247 248 /* 249 * Set up the initial & final permutations into a useful form, and 250 * initialise the inverted key permutation. 251 */ 252 for (i = 0; i < 64; i++) { 253 init_perm[final_perm[i] = IP[i] - 1] = i; 254 inv_key_perm[i] = 255; 255 } 256 257 /* 258 * Invert the key permutation and initialise the inverted key 259 * compression permutation. 260 */ 261 for (i = 0; i < 56; i++) { 262 u_key_perm[i] = key_perm[i] - 1; 263 inv_key_perm[key_perm[i] - 1] = i; 264 inv_comp_perm[i] = 255; 265 } 266 267 /* 268 * Invert the key compression permutation. 269 */ 270 for (i = 0; i < 48; i++) { 271 inv_comp_perm[comp_perm[i] - 1] = i; 272 } 273 274 /* 275 * Set up the OR-mask arrays for the initial and final permutations, 276 * and for the key initial and compression permutations. 277 */ 278 for (k = 0; k < 8; k++) { 279 for (i = 0; i < 256; i++) { 280 *(il = &ip_maskl[k][i]) = 0L; 281 *(ir = &ip_maskr[k][i]) = 0L; 282 *(fl = &fp_maskl[k][i]) = 0L; 283 *(fr = &fp_maskr[k][i]) = 0L; 284 for (j = 0; j < 8; j++) { 285 inbit = 8 * k + j; 286 if (i & bits8[j]) { 287 if ((obit = init_perm[inbit]) < 32) 288 *il |= bits32[obit]; 289 else 290 *ir |= bits32[obit-32]; 291 if ((obit = final_perm[inbit]) < 32) 292 *fl |= bits32[obit]; 293 else 294 *fr |= bits32[obit - 32]; 295 } 296 } 297 } 298 for (i = 0; i < 128; i++) { 299 *(il = &key_perm_maskl[k][i]) = 0L; 300 *(ir = &key_perm_maskr[k][i]) = 0L; 301 for (j = 0; j < 7; j++) { 302 inbit = 8 * k + j; 303 if (i & bits8[j + 1]) { 304 if ((obit = inv_key_perm[inbit]) == 255) 305 continue; 306 if (obit < 28) 307 *il |= bits28[obit]; 308 else 309 *ir |= bits28[obit - 28]; 310 } 311 } 312 *(il = &comp_maskl[k][i]) = 0L; 313 *(ir = &comp_maskr[k][i]) = 0L; 314 for (j = 0; j < 7; j++) { 315 inbit = 7 * k + j; 316 if (i & bits8[j + 1]) { 317 if ((obit=inv_comp_perm[inbit]) == 255) 318 continue; 319 if (obit < 24) 320 *il |= bits24[obit]; 321 else 322 *ir |= bits24[obit - 24]; 323 } 324 } 325 } 326 } 327 328 /* 329 * Invert the P-box permutation, and convert into OR-masks for 330 * handling the output of the S-box arrays setup above. 331 */ 332 for (i = 0; i < 32; i++) 333 un_pbox[pbox[i] - 1] = i; 334 335 for (b = 0; b < 4; b++) 336 for (i = 0; i < 256; i++) { 337 *(p = &psbox[b][i]) = 0L; 338 for (j = 0; j < 8; j++) { 339 if (i & bits8[j]) 340 *p |= bits32[un_pbox[8 * b + j]]; 341 } 342 } 343 344 des_initialised = 1; 345 } 346 347 static void 348 setup_salt(long salt) 349 { 350 u_int32_t obit, saltbit; 351 int i; 352 353 if (salt == old_salt) 354 return; 355 old_salt = salt; 356 357 saltbits = 0L; 358 saltbit = 1; 359 obit = 0x800000; 360 for (i = 0; i < 24; i++) { 361 if (salt & saltbit) 362 saltbits |= obit; 363 saltbit <<= 1; 364 obit >>= 1; 365 } 366 } 367 368 static int 369 des_setkey(const char *key) 370 { 371 u_int32_t k0, k1, rawkey0, rawkey1; 372 int shifts, round; 373 374 if (!des_initialised) 375 des_init(); 376 377 rawkey0 = ntohl(*(u_int32_t *) key); 378 rawkey1 = ntohl(*(u_int32_t *) (key + 4)); 379 380 if ((rawkey0 | rawkey1) 381 && rawkey0 == old_rawkey0 382 && rawkey1 == old_rawkey1) { 383 /* 384 * Already setup for this key. 385 * This optimisation fails on a zero key (which is weak and 386 * has bad parity anyway) in order to simplify the starting 387 * conditions. 388 */ 389 return(0); 390 } 391 old_rawkey0 = rawkey0; 392 old_rawkey1 = rawkey1; 393 394 /* 395 * Do key permutation and split into two 28-bit subkeys. 396 */ 397 k0 = key_perm_maskl[0][rawkey0 >> 25] 398 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] 399 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] 400 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] 401 | key_perm_maskl[4][rawkey1 >> 25] 402 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] 403 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] 404 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; 405 k1 = key_perm_maskr[0][rawkey0 >> 25] 406 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] 407 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] 408 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] 409 | key_perm_maskr[4][rawkey1 >> 25] 410 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] 411 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] 412 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; 413 /* 414 * Rotate subkeys and do compression permutation. 415 */ 416 shifts = 0; 417 for (round = 0; round < 16; round++) { 418 u_int32_t t0, t1; 419 420 shifts += key_shifts[round]; 421 422 t0 = (k0 << shifts) | (k0 >> (28 - shifts)); 423 t1 = (k1 << shifts) | (k1 >> (28 - shifts)); 424 425 de_keysl[15 - round] = 426 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] 427 | comp_maskl[1][(t0 >> 14) & 0x7f] 428 | comp_maskl[2][(t0 >> 7) & 0x7f] 429 | comp_maskl[3][t0 & 0x7f] 430 | comp_maskl[4][(t1 >> 21) & 0x7f] 431 | comp_maskl[5][(t1 >> 14) & 0x7f] 432 | comp_maskl[6][(t1 >> 7) & 0x7f] 433 | comp_maskl[7][t1 & 0x7f]; 434 435 de_keysr[15 - round] = 436 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] 437 | comp_maskr[1][(t0 >> 14) & 0x7f] 438 | comp_maskr[2][(t0 >> 7) & 0x7f] 439 | comp_maskr[3][t0 & 0x7f] 440 | comp_maskr[4][(t1 >> 21) & 0x7f] 441 | comp_maskr[5][(t1 >> 14) & 0x7f] 442 | comp_maskr[6][(t1 >> 7) & 0x7f] 443 | comp_maskr[7][t1 & 0x7f]; 444 } 445 return(0); 446 } 447 448 static int 449 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count) 450 { 451 /* 452 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. 453 */ 454 u_int32_t l, r, *kl, *kr, *kl1, *kr1; 455 u_int32_t f, r48l, r48r; 456 int round; 457 458 if (count == 0) { 459 return(1); 460 } else if (count > 0) { 461 /* 462 * Encrypting 463 */ 464 kl1 = en_keysl; 465 kr1 = en_keysr; 466 } else { 467 /* 468 * Decrypting 469 */ 470 count = -count; 471 kl1 = de_keysl; 472 kr1 = de_keysr; 473 } 474 475 /* 476 * Do initial permutation (IP). 477 */ 478 l = ip_maskl[0][l_in >> 24] 479 | ip_maskl[1][(l_in >> 16) & 0xff] 480 | ip_maskl[2][(l_in >> 8) & 0xff] 481 | ip_maskl[3][l_in & 0xff] 482 | ip_maskl[4][r_in >> 24] 483 | ip_maskl[5][(r_in >> 16) & 0xff] 484 | ip_maskl[6][(r_in >> 8) & 0xff] 485 | ip_maskl[7][r_in & 0xff]; 486 r = ip_maskr[0][l_in >> 24] 487 | ip_maskr[1][(l_in >> 16) & 0xff] 488 | ip_maskr[2][(l_in >> 8) & 0xff] 489 | ip_maskr[3][l_in & 0xff] 490 | ip_maskr[4][r_in >> 24] 491 | ip_maskr[5][(r_in >> 16) & 0xff] 492 | ip_maskr[6][(r_in >> 8) & 0xff] 493 | ip_maskr[7][r_in & 0xff]; 494 495 while (count--) { 496 /* 497 * Do each round. 498 */ 499 kl = kl1; 500 kr = kr1; 501 round = 16; 502 while (round--) { 503 /* 504 * Expand R to 48 bits (simulate the E-box). 505 */ 506 r48l = ((r & 0x00000001) << 23) 507 | ((r & 0xf8000000) >> 9) 508 | ((r & 0x1f800000) >> 11) 509 | ((r & 0x01f80000) >> 13) 510 | ((r & 0x001f8000) >> 15); 511 512 r48r = ((r & 0x0001f800) << 7) 513 | ((r & 0x00001f80) << 5) 514 | ((r & 0x000001f8) << 3) 515 | ((r & 0x0000001f) << 1) 516 | ((r & 0x80000000) >> 31); 517 /* 518 * Do salting for crypt() and friends, and 519 * XOR with the permuted key. 520 */ 521 f = (r48l ^ r48r) & saltbits; 522 r48l ^= f ^ *kl++; 523 r48r ^= f ^ *kr++; 524 /* 525 * Do sbox lookups (which shrink it back to 32 bits) 526 * and do the pbox permutation at the same time. 527 */ 528 f = psbox[0][m_sbox[0][r48l >> 12]] 529 | psbox[1][m_sbox[1][r48l & 0xfff]] 530 | psbox[2][m_sbox[2][r48r >> 12]] 531 | psbox[3][m_sbox[3][r48r & 0xfff]]; 532 /* 533 * Now that we've permuted things, complete f(). 534 */ 535 f ^= l; 536 l = r; 537 r = f; 538 } 539 r = l; 540 l = f; 541 } 542 /* 543 * Do final permutation (inverse of IP). 544 */ 545 *l_out = fp_maskl[0][l >> 24] 546 | fp_maskl[1][(l >> 16) & 0xff] 547 | fp_maskl[2][(l >> 8) & 0xff] 548 | fp_maskl[3][l & 0xff] 549 | fp_maskl[4][r >> 24] 550 | fp_maskl[5][(r >> 16) & 0xff] 551 | fp_maskl[6][(r >> 8) & 0xff] 552 | fp_maskl[7][r & 0xff]; 553 *r_out = fp_maskr[0][l >> 24] 554 | fp_maskr[1][(l >> 16) & 0xff] 555 | fp_maskr[2][(l >> 8) & 0xff] 556 | fp_maskr[3][l & 0xff] 557 | fp_maskr[4][r >> 24] 558 | fp_maskr[5][(r >> 16) & 0xff] 559 | fp_maskr[6][(r >> 8) & 0xff] 560 | fp_maskr[7][r & 0xff]; 561 return(0); 562 } 563 564 static int 565 des_cipher(const char *in, char *out, long salt, int count) 566 { 567 u_int32_t l_out, r_out, rawl, rawr; 568 int retval; 569 570 if (!des_initialised) 571 des_init(); 572 573 setup_salt(salt); 574 575 rawl = ntohl(*((u_int32_t *) in)++); 576 rawr = ntohl(*((u_int32_t *) in)); 577 578 retval = do_des(rawl, rawr, &l_out, &r_out, count); 579 580 *((u_int32_t *) out)++ = htonl(l_out); 581 *((u_int32_t *) out) = htonl(r_out); 582 return(retval); 583 } 584 585 char * 586 crypt_des(const char *key, const char *setting) 587 { 588 int i; 589 u_int32_t count, salt, l, r0, r1, keybuf[2]; 590 u_char *p, *q; 591 static u_char output[21]; 592 593 if (!des_initialised) 594 des_init(); 595 596 597 /* 598 * Copy the key, shifting each character up by one bit 599 * and padding with zeros. 600 */ 601 q = (u_char *) keybuf; 602 while (q - (u_char *) keybuf - 8) { 603 if ((*q++ = *key << 1)) 604 key++; 605 } 606 if (des_setkey((u_char *) keybuf)) 607 return(NULL); 608 609 if (*setting == _PASSWORD_EFMT1) { 610 /* 611 * "new"-style: 612 * setting - underscore, 4 bytes of count, 4 bytes of salt 613 * key - unlimited characters 614 */ 615 for (i = 1, count = 0L; i < 5; i++) 616 count |= ascii_to_bin(setting[i]) << (i - 1) * 6; 617 618 for (i = 5, salt = 0L; i < 9; i++) 619 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6; 620 621 while (*key) { 622 /* 623 * Encrypt the key with itself. 624 */ 625 if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1)) 626 return(NULL); 627 /* 628 * And XOR with the next 8 characters of the key. 629 */ 630 q = (u_char *) keybuf; 631 while (q - (u_char *) keybuf - 8 && *key) 632 *q++ ^= *key++ << 1; 633 634 if (des_setkey((u_char *) keybuf)) 635 return(NULL); 636 } 637 strncpy(output, setting, 9); 638 639 /* 640 * Double check that we weren't given a short setting. 641 * If we were, the above code will probably have created 642 * wierd values for count and salt, but we don't really care. 643 * Just make sure the output string doesn't have an extra 644 * NUL in it. 645 */ 646 output[9] = '\0'; 647 p = output + strlen(output); 648 } else { 649 /* 650 * "old"-style: 651 * setting - 2 bytes of salt 652 * key - up to 8 characters 653 */ 654 count = 25; 655 656 salt = (ascii_to_bin(setting[1]) << 6) 657 | ascii_to_bin(setting[0]); 658 659 output[0] = setting[0]; 660 /* 661 * If the encrypted password that the salt was extracted from 662 * is only 1 character long, the salt will be corrupted. We 663 * need to ensure that the output string doesn't have an extra 664 * NUL in it! 665 */ 666 output[1] = setting[1] ? setting[1] : output[0]; 667 668 p = output + 2; 669 } 670 setup_salt(salt); 671 /* 672 * Do it. 673 */ 674 if (do_des(0L, 0L, &r0, &r1, count)) 675 return(NULL); 676 /* 677 * Now encode the result... 678 */ 679 l = (r0 >> 8); 680 *p++ = ascii64[(l >> 18) & 0x3f]; 681 *p++ = ascii64[(l >> 12) & 0x3f]; 682 *p++ = ascii64[(l >> 6) & 0x3f]; 683 *p++ = ascii64[l & 0x3f]; 684 685 l = (r0 << 16) | ((r1 >> 16) & 0xffff); 686 *p++ = ascii64[(l >> 18) & 0x3f]; 687 *p++ = ascii64[(l >> 12) & 0x3f]; 688 *p++ = ascii64[(l >> 6) & 0x3f]; 689 *p++ = ascii64[l & 0x3f]; 690 691 l = r1 << 2; 692 *p++ = ascii64[(l >> 12) & 0x3f]; 693 *p++ = ascii64[(l >> 6) & 0x3f]; 694 *p++ = ascii64[l & 0x3f]; 695 *p = 0; 696 697 return(output); 698 } 699