1 /*
2 * FreeSec: libcrypt for NetBSD
3 *
4 * Copyright (c) 1994 David Burren
5 * All rights reserved.
6 *
7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8 * this file should now *only* export crypt(), in order to make
9 * binaries of libcrypt exportable from the USA
10 *
11 * Adapted for FreeBSD-4.0 by Mark R V Murray
12 * this file should now *only* export crypt_des(), in order to make
13 * a module that can be optionally included in libcrypt.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. Neither the name of the author nor the names of other contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 *
39 * $FreeBSD: src/secure/lib/libcrypt/crypt-des.c,v 1.12 1999/09/20 12:39:20 markm Exp $
40 *
41 * This is an original implementation of the DES and the crypt(3) interfaces
42 * by David Burren <davidb@werj.com.au>.
43 *
44 * An excellent reference on the underlying algorithm (and related
45 * algorithms) is:
46 *
47 * B. Schneier, Applied Cryptography: protocols, algorithms,
48 * and source code in C, John Wiley & Sons, 1994.
49 *
50 * Note that in that book's description of DES the lookups for the initial,
51 * pbox, and final permutations are inverted (this has been brought to the
52 * attention of the author). A list of errata for this book has been
53 * posted to the sci.crypt newsgroup by the author and is available for FTP.
54 *
55 * ARCHITECTURE ASSUMPTIONS:
56 * It is assumed that the 8-byte arrays passed by reference can be
57 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about
58 * alignment).
59 */
60 #include <sys/types.h>
61 #include <sys/param.h>
62 #include <pwd.h>
63 #include <string.h>
64 #include "crypt.h"
65 #include "local_xsi.h"
66
67 /* We can't always assume gcc */
68 #ifdef __GNUC__
69 #define INLINE inline
70 #endif
71
72
73 static u_char IP[64] = {
74 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
75 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
76 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
77 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
78 };
79
80 static u_char inv_key_perm[64];
81 static u_char u_key_perm[56];
82 static u_char key_perm[56] = {
83 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
84 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
85 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
86 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
87 };
88
89 static u_char key_shifts[16] = {
90 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
91 };
92
93 static u_char inv_comp_perm[56];
94 static u_char comp_perm[48] = {
95 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
96 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
97 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
98 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
99 };
100
101 /*
102 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
103 */
104
105 static u_char u_sbox[8][64];
106 static u_char sbox[8][64] = {
107 {
108 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
109 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
110 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
111 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
112 },
113 {
114 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
115 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
116 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
117 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
118 },
119 {
120 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
121 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
122 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
123 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
124 },
125 {
126 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
127 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
128 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
129 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
130 },
131 {
132 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
133 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
134 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
135 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
136 },
137 {
138 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
139 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
140 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
141 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
142 },
143 {
144 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
145 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
146 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
147 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
148 },
149 {
150 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
151 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
152 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
153 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
154 }
155 };
156
157 static u_char un_pbox[32];
158 static u_char pbox[32] = {
159 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
160 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
161 };
162
163 static u_int32_t bits32[32] =
164 {
165 0x80000000, 0x40000000, 0x20000000, 0x10000000,
166 0x08000000, 0x04000000, 0x02000000, 0x01000000,
167 0x00800000, 0x00400000, 0x00200000, 0x00100000,
168 0x00080000, 0x00040000, 0x00020000, 0x00010000,
169 0x00008000, 0x00004000, 0x00002000, 0x00001000,
170 0x00000800, 0x00000400, 0x00000200, 0x00000100,
171 0x00000080, 0x00000040, 0x00000020, 0x00000010,
172 0x00000008, 0x00000004, 0x00000002, 0x00000001
173 };
174
175 static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
176
177 static u_int32_t saltbits;
178 static long old_salt;
179 static u_int32_t *bits28, *bits24;
180 static u_char init_perm[64], final_perm[64];
181 static u_int32_t en_keysl[16], en_keysr[16];
182 static u_int32_t de_keysl[16], de_keysr[16];
183 static int des_initialised = 0;
184 static u_char m_sbox[4][4096];
185 static u_int32_t psbox[4][256];
186 static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
187 static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
188 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
189 static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
190 static u_int32_t old_rawkey0, old_rawkey1;
191
192 static u_char ascii64[] =
193 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
194 /* 0000000000111111111122222222223333333333444444444455555555556666 */
195 /* 0123456789012345678901234567890123456789012345678901234567890123 */
196
197 static INLINE int
ascii_to_bin(char ch)198 ascii_to_bin(char ch)
199 {
200 if (ch > 'z')
201 return(0);
202 if (ch >= 'a')
203 return(ch - 'a' + 38);
204 if (ch > 'Z')
205 return(0);
206 if (ch >= 'A')
207 return(ch - 'A' + 12);
208 if (ch > '9')
209 return(0);
210 if (ch >= '.')
211 return(ch - '.');
212 return(0);
213 }
214
215 static void
des_init(void)216 des_init(void)
217 {
218 int i, j, b, k, inbit, obit;
219 u_int32_t *p, *il, *ir, *fl, *fr;
220
221 old_rawkey0 = old_rawkey1 = 0L;
222 saltbits = 0L;
223 old_salt = 0L;
224 bits24 = (bits28 = bits32 + 4) + 4;
225
226 /*
227 * Invert the S-boxes, reordering the input bits.
228 */
229 for (i = 0; i < 8; i++)
230 for (j = 0; j < 64; j++) {
231 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
232 u_sbox[i][j] = sbox[i][b];
233 }
234
235 /*
236 * Convert the inverted S-boxes into 4 arrays of 8 bits.
237 * Each will handle 12 bits of the S-box input.
238 */
239 for (b = 0; b < 4; b++)
240 for (i = 0; i < 64; i++)
241 for (j = 0; j < 64; j++)
242 m_sbox[b][(i << 6) | j] =
243 (u_sbox[(b << 1)][i] << 4) |
244 u_sbox[(b << 1) + 1][j];
245
246 /*
247 * Set up the initial & final permutations into a useful form, and
248 * initialise the inverted key permutation.
249 */
250 for (i = 0; i < 64; i++) {
251 init_perm[final_perm[i] = IP[i] - 1] = i;
252 inv_key_perm[i] = 255;
253 }
254
255 /*
256 * Invert the key permutation and initialise the inverted key
257 * compression permutation.
258 */
259 for (i = 0; i < 56; i++) {
260 u_key_perm[i] = key_perm[i] - 1;
261 inv_key_perm[key_perm[i] - 1] = i;
262 inv_comp_perm[i] = 255;
263 }
264
265 /*
266 * Invert the key compression permutation.
267 */
268 for (i = 0; i < 48; i++) {
269 inv_comp_perm[comp_perm[i] - 1] = i;
270 }
271
272 /*
273 * Set up the OR-mask arrays for the initial and final permutations,
274 * and for the key initial and compression permutations.
275 */
276 for (k = 0; k < 8; k++) {
277 for (i = 0; i < 256; i++) {
278 *(il = &ip_maskl[k][i]) = 0L;
279 *(ir = &ip_maskr[k][i]) = 0L;
280 *(fl = &fp_maskl[k][i]) = 0L;
281 *(fr = &fp_maskr[k][i]) = 0L;
282 for (j = 0; j < 8; j++) {
283 inbit = 8 * k + j;
284 if (i & bits8[j]) {
285 if ((obit = init_perm[inbit]) < 32)
286 *il |= bits32[obit];
287 else
288 *ir |= bits32[obit-32];
289 if ((obit = final_perm[inbit]) < 32)
290 *fl |= bits32[obit];
291 else
292 *fr |= bits32[obit - 32];
293 }
294 }
295 }
296 for (i = 0; i < 128; i++) {
297 *(il = &key_perm_maskl[k][i]) = 0L;
298 *(ir = &key_perm_maskr[k][i]) = 0L;
299 for (j = 0; j < 7; j++) {
300 inbit = 8 * k + j;
301 if (i & bits8[j + 1]) {
302 if ((obit = inv_key_perm[inbit]) == 255)
303 continue;
304 if (obit < 28)
305 *il |= bits28[obit];
306 else
307 *ir |= bits28[obit - 28];
308 }
309 }
310 *(il = &comp_maskl[k][i]) = 0L;
311 *(ir = &comp_maskr[k][i]) = 0L;
312 for (j = 0; j < 7; j++) {
313 inbit = 7 * k + j;
314 if (i & bits8[j + 1]) {
315 if ((obit=inv_comp_perm[inbit]) == 255)
316 continue;
317 if (obit < 24)
318 *il |= bits24[obit];
319 else
320 *ir |= bits24[obit - 24];
321 }
322 }
323 }
324 }
325
326 /*
327 * Invert the P-box permutation, and convert into OR-masks for
328 * handling the output of the S-box arrays setup above.
329 */
330 for (i = 0; i < 32; i++)
331 un_pbox[pbox[i] - 1] = i;
332
333 for (b = 0; b < 4; b++)
334 for (i = 0; i < 256; i++) {
335 *(p = &psbox[b][i]) = 0L;
336 for (j = 0; j < 8; j++) {
337 if (i & bits8[j])
338 *p |= bits32[un_pbox[8 * b + j]];
339 }
340 }
341
342 des_initialised = 1;
343 }
344
345 static void
setup_salt(long salt)346 setup_salt(long salt)
347 {
348 u_int32_t obit, saltbit;
349 int i;
350
351 if (salt == old_salt)
352 return;
353 old_salt = salt;
354
355 saltbits = 0L;
356 saltbit = 1;
357 obit = 0x800000;
358 for (i = 0; i < 24; i++) {
359 if (salt & saltbit)
360 saltbits |= obit;
361 saltbit <<= 1;
362 obit >>= 1;
363 }
364 }
365
366 static int
des_setkey(const char * key)367 des_setkey(const char *key)
368 {
369 u_int32_t k0, k1, rawkey0, rawkey1;
370 int shifts, round;
371
372 if (!des_initialised)
373 des_init();
374
375 rawkey0 = ntohl(*(u_int32_t *) key);
376 rawkey1 = ntohl(*(u_int32_t *) (key + 4));
377
378 if ((rawkey0 | rawkey1)
379 && rawkey0 == old_rawkey0
380 && rawkey1 == old_rawkey1) {
381 /*
382 * Already setup for this key.
383 * This optimisation fails on a zero key (which is weak and
384 * has bad parity anyway) in order to simplify the starting
385 * conditions.
386 */
387 return(0);
388 }
389 old_rawkey0 = rawkey0;
390 old_rawkey1 = rawkey1;
391
392 /*
393 * Do key permutation and split into two 28-bit subkeys.
394 */
395 k0 = key_perm_maskl[0][rawkey0 >> 25]
396 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
397 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
398 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
399 | key_perm_maskl[4][rawkey1 >> 25]
400 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
401 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
402 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
403 k1 = key_perm_maskr[0][rawkey0 >> 25]
404 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
405 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
406 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
407 | key_perm_maskr[4][rawkey1 >> 25]
408 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
409 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
410 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
411 /*
412 * Rotate subkeys and do compression permutation.
413 */
414 shifts = 0;
415 for (round = 0; round < 16; round++) {
416 u_int32_t t0, t1;
417
418 shifts += key_shifts[round];
419
420 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
421 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
422
423 de_keysl[15 - round] =
424 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
425 | comp_maskl[1][(t0 >> 14) & 0x7f]
426 | comp_maskl[2][(t0 >> 7) & 0x7f]
427 | comp_maskl[3][t0 & 0x7f]
428 | comp_maskl[4][(t1 >> 21) & 0x7f]
429 | comp_maskl[5][(t1 >> 14) & 0x7f]
430 | comp_maskl[6][(t1 >> 7) & 0x7f]
431 | comp_maskl[7][t1 & 0x7f];
432
433 de_keysr[15 - round] =
434 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
435 | comp_maskr[1][(t0 >> 14) & 0x7f]
436 | comp_maskr[2][(t0 >> 7) & 0x7f]
437 | comp_maskr[3][t0 & 0x7f]
438 | comp_maskr[4][(t1 >> 21) & 0x7f]
439 | comp_maskr[5][(t1 >> 14) & 0x7f]
440 | comp_maskr[6][(t1 >> 7) & 0x7f]
441 | comp_maskr[7][t1 & 0x7f];
442 }
443 return(0);
444 }
445
446 static int
do_des(u_int32_t l_in,u_int32_t r_in,u_int32_t * l_out,u_int32_t * r_out,int count)447 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
448 {
449 /*
450 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
451 */
452 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
453 u_int32_t f, r48l, r48r;
454 int round;
455
456 if (count == 0) {
457 return(1);
458 } else if (count > 0) {
459 /*
460 * Encrypting
461 */
462 kl1 = en_keysl;
463 kr1 = en_keysr;
464 } else {
465 /*
466 * Decrypting
467 */
468 count = -count;
469 kl1 = de_keysl;
470 kr1 = de_keysr;
471 }
472
473 /*
474 * Do initial permutation (IP).
475 */
476 l = ip_maskl[0][l_in >> 24]
477 | ip_maskl[1][(l_in >> 16) & 0xff]
478 | ip_maskl[2][(l_in >> 8) & 0xff]
479 | ip_maskl[3][l_in & 0xff]
480 | ip_maskl[4][r_in >> 24]
481 | ip_maskl[5][(r_in >> 16) & 0xff]
482 | ip_maskl[6][(r_in >> 8) & 0xff]
483 | ip_maskl[7][r_in & 0xff];
484 r = ip_maskr[0][l_in >> 24]
485 | ip_maskr[1][(l_in >> 16) & 0xff]
486 | ip_maskr[2][(l_in >> 8) & 0xff]
487 | ip_maskr[3][l_in & 0xff]
488 | ip_maskr[4][r_in >> 24]
489 | ip_maskr[5][(r_in >> 16) & 0xff]
490 | ip_maskr[6][(r_in >> 8) & 0xff]
491 | ip_maskr[7][r_in & 0xff];
492
493 while (count--) {
494 /*
495 * Do each round.
496 */
497 kl = kl1;
498 kr = kr1;
499 round = 16;
500 while (round--) {
501 /*
502 * Expand R to 48 bits (simulate the E-box).
503 */
504 r48l = ((r & 0x00000001) << 23)
505 | ((r & 0xf8000000) >> 9)
506 | ((r & 0x1f800000) >> 11)
507 | ((r & 0x01f80000) >> 13)
508 | ((r & 0x001f8000) >> 15);
509
510 r48r = ((r & 0x0001f800) << 7)
511 | ((r & 0x00001f80) << 5)
512 | ((r & 0x000001f8) << 3)
513 | ((r & 0x0000001f) << 1)
514 | ((r & 0x80000000) >> 31);
515 /*
516 * Do salting for crypt() and friends, and
517 * XOR with the permuted key.
518 */
519 f = (r48l ^ r48r) & saltbits;
520 r48l ^= f ^ *kl++;
521 r48r ^= f ^ *kr++;
522 /*
523 * Do sbox lookups (which shrink it back to 32 bits)
524 * and do the pbox permutation at the same time.
525 */
526 f = psbox[0][m_sbox[0][r48l >> 12]]
527 | psbox[1][m_sbox[1][r48l & 0xfff]]
528 | psbox[2][m_sbox[2][r48r >> 12]]
529 | psbox[3][m_sbox[3][r48r & 0xfff]];
530 /*
531 * Now that we've permuted things, complete f().
532 */
533 f ^= l;
534 l = r;
535 r = f;
536 }
537 r = l;
538 l = f;
539 }
540 /*
541 * Do final permutation (inverse of IP).
542 */
543 *l_out = fp_maskl[0][l >> 24]
544 | fp_maskl[1][(l >> 16) & 0xff]
545 | fp_maskl[2][(l >> 8) & 0xff]
546 | fp_maskl[3][l & 0xff]
547 | fp_maskl[4][r >> 24]
548 | fp_maskl[5][(r >> 16) & 0xff]
549 | fp_maskl[6][(r >> 8) & 0xff]
550 | fp_maskl[7][r & 0xff];
551 *r_out = fp_maskr[0][l >> 24]
552 | fp_maskr[1][(l >> 16) & 0xff]
553 | fp_maskr[2][(l >> 8) & 0xff]
554 | fp_maskr[3][l & 0xff]
555 | fp_maskr[4][r >> 24]
556 | fp_maskr[5][(r >> 16) & 0xff]
557 | fp_maskr[6][(r >> 8) & 0xff]
558 | fp_maskr[7][r & 0xff];
559 return(0);
560 }
561
562 static int
des_cipher(const char * in,char * out,long salt,int count)563 des_cipher(const char *in, char *out, long salt, int count)
564 {
565 const uint32_t *in32;
566 uint32_t l_out, r_out, rawl, rawr, *out32;
567 int retval;
568
569 if (!des_initialised)
570 des_init();
571
572 setup_salt(salt);
573
574 in32 = (const uint32_t *)in;
575 out32 = (uint32_t *)out;
576
577 rawl = ntohl(*in32++);
578 rawr = ntohl(*in32);
579
580 retval = do_des(rawl, rawr, &l_out, &r_out, count);
581
582 *out32++ = htonl(l_out);
583 *out32 = htonl(r_out);
584 return(retval);
585 }
586
587 char *
crypt_des(const char * key,const char * setting)588 crypt_des(const char *key, const char *setting)
589 {
590 int i;
591 u_int32_t count, salt, l, r0, r1, keybuf[2];
592 u_char *p, *q;
593 static u_char output[21];
594
595 if (!des_initialised)
596 des_init();
597
598
599 /*
600 * Copy the key, shifting each character up by one bit
601 * and padding with zeros.
602 */
603 q = (u_char *) keybuf;
604 while (q - (u_char *) keybuf - 8) {
605 *q++ = *key << 1;
606 if (*key != '\0')
607 key++;
608 }
609 if (des_setkey((u_char *) keybuf))
610 return(NULL);
611
612 if (*setting == _PASSWORD_EFMT1) {
613 /*
614 * "new"-style:
615 * setting - underscore, 4 bytes of count, 4 bytes of salt
616 * key - unlimited characters
617 */
618 for (i = 1, count = 0L; i < 5; i++)
619 count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
620
621 for (i = 5, salt = 0L; i < 9; i++)
622 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
623
624 while (*key) {
625 /*
626 * Encrypt the key with itself.
627 */
628 if (des_cipher((u_char*)keybuf, (u_char*)keybuf, 0L, 1))
629 return(NULL);
630 /*
631 * And XOR with the next 8 characters of the key.
632 */
633 q = (u_char *) keybuf;
634 while (q - (u_char *) keybuf - 8 && *key)
635 *q++ ^= *key++ << 1;
636
637 if (des_setkey((u_char *) keybuf))
638 return(NULL);
639 }
640 strncpy(output, setting, 9);
641
642 /*
643 * Double check that we weren't given a short setting.
644 * If we were, the above code will probably have created
645 * weird values for count and salt, but we don't really care.
646 * Just make sure the output string doesn't have an extra
647 * NUL in it.
648 */
649 output[9] = '\0';
650 p = output + strlen(output);
651 } else {
652 /*
653 * "old"-style:
654 * setting - 2 bytes of salt
655 * key - up to 8 characters
656 */
657 count = 25;
658
659 salt = (ascii_to_bin(setting[1]) << 6)
660 | ascii_to_bin(setting[0]);
661
662 output[0] = setting[0];
663 /*
664 * If the encrypted password that the salt was extracted from
665 * is only 1 character long, the salt will be corrupted. We
666 * need to ensure that the output string doesn't have an extra
667 * NUL in it!
668 */
669 output[1] = setting[1] ? setting[1] : output[0];
670
671 p = output + 2;
672 }
673 setup_salt(salt);
674 /*
675 * Do it.
676 */
677 if (do_des(0L, 0L, &r0, &r1, count))
678 return(NULL);
679 /*
680 * Now encode the result...
681 */
682 l = (r0 >> 8);
683 *p++ = ascii64[(l >> 18) & 0x3f];
684 *p++ = ascii64[(l >> 12) & 0x3f];
685 *p++ = ascii64[(l >> 6) & 0x3f];
686 *p++ = ascii64[l & 0x3f];
687
688 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
689 *p++ = ascii64[(l >> 18) & 0x3f];
690 *p++ = ascii64[(l >> 12) & 0x3f];
691 *p++ = ascii64[(l >> 6) & 0x3f];
692 *p++ = ascii64[l & 0x3f];
693
694 l = r1 << 2;
695 *p++ = ascii64[(l >> 12) & 0x3f];
696 *p++ = ascii64[(l >> 6) & 0x3f];
697 *p++ = ascii64[l & 0x3f];
698 *p = 0;
699
700 return(output);
701 }
702
703 /*
704 * For crypt_xsi.c compatibility.
705 */
706
707 typedef union {
708 unsigned char b[8];
709 struct {
710 int32_t i0;
711 int32_t i1;
712 } b32;
713 } C_block;
714
715 int
__crypt_setkey(const char * key)716 __crypt_setkey(const char *key)
717 {
718 int i, j, k;
719 C_block keyblock;
720
721 for (i = 0; i < 8; i++) {
722 k = 0;
723 for (j = 0; j < 8; j++) {
724 k <<= 1;
725 k |= (unsigned char)*key++;
726 }
727 keyblock.b[i] = k;
728 }
729 return (des_setkey((char *)keyblock.b));
730 }
731
732 int
__crypt_encrypt(char * block,int flag)733 __crypt_encrypt(char *block, int flag)
734 {
735 int i, j, k;
736 C_block cblock;
737
738 for (i = 0; i < 8; i++) {
739 k = 0;
740 for (j = 0; j < 8; j++) {
741 k <<= 1;
742 k |= (unsigned char)*block++;
743 }
744 cblock.b[i] = k;
745 }
746 if (des_cipher((char *)&cblock, (char *)&cblock, 0L, (flag ? -1: 1)))
747 return (1);
748 for (i = 7; i >= 0; i--) {
749 k = cblock.b[i];
750 for (j = 7; j >= 0; j--) {
751 *--block = k&01;
752 k >>= 1;
753 }
754 }
755 return (0);
756 }
757