xref: /titanic_52/usr/src/lib/libbc/libc/gen/common/_crypt.c (revision 5d54f3d8999eac1762fe0a8c7177d20f1f201fae) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License, Version 1.0 only
6  * (the "License").  You may not use this file except in compliance
7  * with the License.
8  *
9  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
10  * or http://www.opensolaris.org/os/licensing.
11  * See the License for the specific language governing permissions
12  * and limitations under the License.
13  *
14  * When distributing Covered Code, include this CDDL HEADER in each
15  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
16  * If applicable, add the following below this CDDL HEADER, with the
17  * fields enclosed by brackets "[]" replaced with your own identifying
18  * information: Portions Copyright [yyyy] [name of copyright owner]
19  *
20  * CDDL HEADER END
21  */
22 /*
23  * Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*      Copyright (c) 1984,1988 AT&T */
28 /*        All Rights Reserved   */
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"
31 
32 /*LINTLIBRARY*/
33 /*
34  * This program implements the
35  * Proposed Federal Information Processing
36  *  Data Encryption Standard.
37  * See Federal Register, March 17, 1975 (40FR12134)
38  */
39 
40 /*
41  * Initial permutation,
42  */
43 static	char	IP[] = {
44 	58,50,42,34,26,18,10, 2,
45 	60,52,44,36,28,20,12, 4,
46 	62,54,46,38,30,22,14, 6,
47 	64,56,48,40,32,24,16, 8,
48 	57,49,41,33,25,17, 9, 1,
49 	59,51,43,35,27,19,11, 3,
50 	61,53,45,37,29,21,13, 5,
51 	63,55,47,39,31,23,15, 7,
52 };
53 
54 /*
55  * Final permutation, FP = IP^(-1)
56  */
57 static	char	FP[] = {
58 	40, 8,48,16,56,24,64,32,
59 	39, 7,47,15,55,23,63,31,
60 	38, 6,46,14,54,22,62,30,
61 	37, 5,45,13,53,21,61,29,
62 	36, 4,44,12,52,20,60,28,
63 	35, 3,43,11,51,19,59,27,
64 	34, 2,42,10,50,18,58,26,
65 	33, 1,41, 9,49,17,57,25,
66 };
67 
68 /*
69  * Permuted-choice 1 from the key bits
70  * to yield C and D.
71  * Note that bits 8,16... are left out:
72  * They are intended for a parity check.
73  */
74 static	char	PC1_C[] = {
75 	57,49,41,33,25,17, 9,
76 	 1,58,50,42,34,26,18,
77 	10, 2,59,51,43,35,27,
78 	19,11, 3,60,52,44,36,
79 };
80 
81 static	char	PC1_D[] = {
82 	63,55,47,39,31,23,15,
83 	 7,62,54,46,38,30,22,
84 	14, 6,61,53,45,37,29,
85 	21,13, 5,28,20,12, 4,
86 };
87 
88 /*
89  * Sequence of shifts used for the key schedule.
90  */
91 static	char	shifts[] = {
92 	1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
93 };
94 
95 /*
96  * Permuted-choice 2, to pick out the bits from
97  * the CD array that generate the key schedule.
98  */
99 static	char	PC2_C[] = {
100 	14,17,11,24, 1, 5,
101 	 3,28,15, 6,21,10,
102 	23,19,12, 4,26, 8,
103 	16, 7,27,20,13, 2,
104 };
105 
106 static	char	PC2_D[] = {
107 	41,52,31,37,47,55,
108 	30,40,51,45,33,48,
109 	44,49,39,56,34,53,
110 	46,42,50,36,29,32,
111 };
112 
113 static struct _crypt {
114 	/*
115 	 * The C and D arrays used to calculate the key schedule.
116 	 */
117 	char	_C[28];
118 	char	_D[28];
119 	/*
120 	 * The key schedule.
121 	 * Generated from the key.
122 	 */
123 	char	_KS[16][48];
124 	/*
125 	 * The E bit-selection table.
126 	 */
127 	char	_E[48];
128 	/*
129 	 * The current block, divided into 2 halves.
130 	 */
131 	char	_L[32], _R[32];
132 	char	_tempL[32];
133 	char	_f[32];
134 	/*
135 	 * The combination of the key and the input, before selection.
136 	 */
137 	char	_preS[48];
138 	/*
139 	 * Temps for crypt
140 	 */
141 	char	_ablock[66], _iobuf[16];
142 } *__crypt;
143 #define	C	(_c->_C)
144 #define	D	(_c->_D)
145 #define	KS	(_c->_KS)
146 #define	E	(_c->_E)
147 #define	L	(_c->_L)
148 #define	R	(_c->_R)
149 #define	tempL	(_c->_tempL)
150 #define	f	(_c->_f)
151 #define	preS	(_c->_preS)
152 #define	ablock	(_c->_ablock)
153 #define	iobuf	(_c->_iobuf)
154 
155 static void	_cryptinit(void);
156 
157 /*
158  * Set up the key schedule from the key.
159  */
160 
161 #ifndef CRYPT
162 static
163 #endif
164 void
165 setkey(char *key)
166 {
167 	int i, j, k;
168 	int t;
169 	struct _crypt *_c = __crypt;
170 
171 	if (!_c) {
172 		_cryptinit();
173 		_c = __crypt;
174 	}
175 	/*
176 	 * First, generate C and D by permuting
177 	 * the key.  The low order bit of each
178 	 * 8-bit char is not used, so C and D are only 28
179 	 * bits apiece.
180 	 */
181 	for (i=0; i<28; i++) {
182 		C[i] = key[PC1_C[i]-1];
183 		D[i] = key[PC1_D[i]-1];
184 	}
185 	/*
186 	 * To generate Ki, rotate C and D according
187 	 * to schedule and pick up a permutation
188 	 * using PC2.
189 	 */
190 	for (i=0; i<16; i++) {
191 		/*
192 		 * rotate.
193 		 */
194 		for (k=0; k<shifts[i]; k++) {
195 			t = C[0];
196 			for (j=0; j<28-1; j++)
197 				C[j] = C[j+1];
198 			C[27] = t;
199 			t = D[0];
200 			for (j=0; j<28-1; j++)
201 				D[j] = D[j+1];
202 			D[27] = t;
203 		}
204 		/*
205 		 * get Ki. Note C and D are concatenated.
206 		 */
207 		for (j=0; j<24; j++) {
208 			KS[i][j] = C[PC2_C[j]-1];
209 			KS[i][j+24] = D[PC2_D[j]-28-1];
210 		}
211 	}
212 }
213 
214 /*
215  * The E bit-selection table.
216  */
217 static	char	e[] = {
218 	32, 1, 2, 3, 4, 5,
219 	 4, 5, 6, 7, 8, 9,
220 	 8, 9,10,11,12,13,
221 	12,13,14,15,16,17,
222 	16,17,18,19,20,21,
223 	20,21,22,23,24,25,
224 	24,25,26,27,28,29,
225 	28,29,30,31,32, 1,
226 };
227 
228 /*
229  * The 8 selection functions.
230  * For some reason, they give a 0-origin
231  * index, unlike everything else.
232  */
233 static	char	S[8][64] = {
234 	14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
235 	 0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
236 	 4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
237 	15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13,
238 
239 	15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
240 	 3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
241 	 0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
242 	13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9,
243 
244 	10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
245 	13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
246 	13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
247 	 1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12,
248 
249 	 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
250 	13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
251 	10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
252 	 3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14,
253 
254 	 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
255 	14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
256 	 4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
257 	11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3,
258 
259 	12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
260 	10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
261 	 9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
262 	 4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13,
263 
264 	 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
265 	13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
266 	 1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
267 	 6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12,
268 
269 	13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
270 	 1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
271 	 7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
272 	 2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11,
273 };
274 
275 /*
276  * P is a permutation on the selected combination
277  * of the current L and key.
278  */
279 static	char	P[] = {
280 	16, 7,20,21,
281 	29,12,28,17,
282 	 1,15,23,26,
283 	 5,18,31,10,
284 	 2, 8,24,14,
285 	32,27, 3, 9,
286 	19,13,30, 6,
287 	22,11, 4,25,
288 };
289 
290 
291 /*
292  * The payoff: encrypt a block.
293  */
294 
295 void
296 encrypt(char *block, int edflag)
297 {
298 	int	i, ii;
299 	int t, j, k;
300 	struct _crypt *_c = __crypt;
301 
302 	if (!_c) {
303 		_cryptinit();
304 		_c = __crypt;
305 	}
306 	/*
307 	 * First, permute the bits in the input
308 	 */
309 	for (j=0; j<64; j++)
310 		L[j] = block[IP[j]-1];
311 	/*
312 	 * Perform an encryption operation 16 times.
313 	 */
314 	for (ii=0; ii<16; ii++) {
315 		/*
316 		 * Set direction
317 		 */
318 #ifdef CRYPT
319 		if (edflag)
320 			i = 15-ii;
321 		else
322 #endif
323 			i = ii;
324 		/*
325 		 * Save the R array,
326 		 * which will be the new L.
327 		 */
328 		for (j=0; j<32; j++)
329 			tempL[j] = R[j];
330 		/*
331 		 * Expand R to 48 bits using the E selector;
332 		 * exclusive-or with the current key bits.
333 		 */
334 		for (j=0; j<48; j++)
335 			preS[j] = R[E[j]-1] ^ KS[i][j];
336 		/*
337 		 * The pre-select bits are now considered
338 		 * in 8 groups of 6 bits each.
339 		 * The 8 selection functions map these
340 		 * 6-bit quantities into 4-bit quantities
341 		 * and the results permuted
342 		 * to make an f(R, K).
343 		 * The indexing into the selection functions
344 		 * is peculiar; it could be simplified by
345 		 * rewriting the tables.
346 		 */
347 		for (j=0; j<8; j++) {
348 			t = 6*j;
349 			k = S[j][(preS[t+0]<<5)+
350 				(preS[t+1]<<3)+
351 				(preS[t+2]<<2)+
352 				(preS[t+3]<<1)+
353 				(preS[t+4]<<0)+
354 				(preS[t+5]<<4)];
355 			t = 4*j;
356 			f[t+0] = (k>>3)&01;
357 			f[t+1] = (k>>2)&01;
358 			f[t+2] = (k>>1)&01;
359 			f[t+3] = (k>>0)&01;
360 		}
361 		/*
362 		 * The new R is L ^ f(R, K).
363 		 * The f here has to be permuted first, though.
364 		 */
365 		for (j=0; j<32; j++)
366 			R[j] = L[j] ^ f[P[j]-1];
367 		/*
368 		 * Finally, the new L (the original R)
369 		 * is copied back.
370 		 */
371 		for (j=0; j<32; j++)
372 			L[j] = tempL[j];
373 	}
374 	/*
375 	 * The output L and R are reversed.
376 	 */
377 	for (j=0; j<32; j++) {
378 		t = L[j];
379 		L[j] = R[j];
380 		R[j] = t;
381 	}
382 	/*
383 	 * The final output
384 	 * gets the inverse permutation of the very original.
385 	 */
386 	for (j=0; j<64; j++)
387 		block[j] = L[FP[j]-1];
388 }
389 
390 char *
391 _crypt(char *pw, char *salt)
392 {
393 	int i, j, c;
394 	int	temp;
395 	struct _crypt *_c = __crypt;
396 
397 	if (!_c) {
398 		_cryptinit();
399 		_c = __crypt;
400 	}
401 	for(i=0; i<66; i++)
402 		ablock[i] = 0;
403 	for(i=0; (c= *pw) && i<64; pw++){
404 		for(j=0; j<7; j++, i++)
405 			ablock[i] = (c>>(6-j)) & 01;
406 		i++;
407 	}
408 
409 	setkey(ablock);
410 
411 	for(i=0; i<66; i++)
412 		ablock[i] = 0;
413 
414 	for(i=0;i<48;i++)
415 		E[i] = e[i];
416 
417 	for(i=0;i<2;i++){
418 		c = *salt++;
419 		iobuf[i] = c;
420 		if(c > 'Z')
421 			c -= 6;
422 		if(c > '9')
423 			c -= 7;
424 		c -= '.';
425 		for(j=0;j<6;j++){
426 			if((c>>j) & 01){
427 				temp = E[6*i+j];
428 				E[6*i+j] = E[6*i+j+24];
429 				E[6*i+j+24] = temp;
430 			}
431 		}
432 	}
433 
434 	for(i=0; i<25; i++)
435 		encrypt(ablock,0);
436 
437 	for(i=0; i < 11; i++) {
438 		c = 0;
439 		for(j=0; j<6; j++){
440 			c <<= 1;
441 			c |= ablock[6*i+j];
442 		}
443 		c += '.';
444 		if(c > '9')
445 			c += 7;
446 		if(c > 'Z')
447 			c += 6;
448 		iobuf[i+2] = c;
449 	}
450 	iobuf[i+2] = 0;
451 	if(iobuf[1]==0)
452 		iobuf[1] = iobuf[0];
453 	return(iobuf);
454 }
455 
456 static void
457 _cryptinit(void)
458 {
459 	struct _crypt *_c = __crypt;
460 	int i;
461 
462 	if (_c)
463 		return;
464 	_c = __crypt = (struct _crypt *)calloc(1, sizeof (struct _crypt));
465 	if (_c == 0)
466 		abort();
467 
468 	for(i=0;i<48;i++)
469 		E[i] = e[i];
470 }
471