1
/* vi: set sw=4 ts=4: */
3
* The one and only crypt(3) function.
5
* This source code is derived from Minix's pwdauth.c, which was based
6
* on Andy Tanenbaum's book "Computer Networks", and then rewritten in
7
* C by Kees J. Bot, 7 Feb 1994. This code was ported from Minix to
8
* uClibc on June 28, 2001 by Manuel Novoa III, and then reshuffled to
9
* be reentrant by Erik Andersen <andersen@uclibc.org> on June 28, 2001.
11
* This program is free software; you can redistribute it and/or modify it
12
* under the terms of the GNU Library General Public License as published by
13
* the Free Software Foundation; either version 2 of the License, or (at your
14
* option) any later version.
16
* This program is distributed in the hope that it will be useful, but WITHOUT
17
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
18
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License
21
* You should have received a copy of the GNU Library General Public License
22
* along with this program; if not, write to the Free Software Foundation,
23
* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
25
* Original copyright notice is retained at the end of this file.
31
/* This program gets as input the key and salt arguments of the crypt(3)
32
* function as two null terminated strings. The crypt result is output as
33
* one null terminated string. Input and output must be <= 1024 characters.
34
* The exit code will be 1 on any error.
36
* If the key has the form '##name' then the key will be encrypted and the
37
* result checked to be equal to the encrypted password in the shadow password
38
* file. If equal than '##name' will be returned, otherwise exit code 2.
40
* Otherwise the key will be encrypted normally and the result returned.
42
* As a special case, anything matches a null encrypted password to allow
43
* a no-password login.
2
* FreeSec: libcrypt for NetBSD
4
* Copyright (c) 1994 David Burren
7
* Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8
* this file should now *only* export crypt(), in order to make
9
* binaries of libcrypt exportable from the USA
11
* Adapted for FreeBSD-4.0 by Mark R V Murray
12
* this file should now *only* export crypt_des(), in order to make
13
* a module that can be optionally included in libcrypt.
15
* Redistribution and use in source and binary forms, with or without
16
* modification, are permitted provided that the following conditions
18
* 1. Redistributions of source code must retain the above copyright
19
* notice, this list of conditions and the following disclaimer.
20
* 2. Redistributions in binary form must reproduce the above copyright
21
* notice, this list of conditions and the following disclaimer in the
22
* documentation and/or other materials provided with the distribution.
23
* 3. Neither the name of the author nor the names of other contributors
24
* may be used to endorse or promote products derived from this software
25
* without specific prior written permission.
27
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39
* This is an original implementation of the DES and the crypt(3) interfaces
40
* by David Burren <davidb@werj.com.au>.
42
* An excellent reference on the underlying algorithm (and related
45
* B. Schneier, Applied Cryptography: protocols, algorithms,
46
* and source code in C, John Wiley & Sons, 1994.
48
* Note that in that book's description of DES the lookups for the initial,
49
* pbox, and final permutations are inverted (this has been brought to the
50
* attention of the author). A list of errata for this book has been
51
* posted to the sci.crypt newsgroup by the author and is available for FTP.
53
* ARCHITECTURE ASSUMPTIONS:
54
* It is assumed that the 8-byte arrays passed by reference can be
55
* addressed as arrays of u_int32_t's (ie. the CPU is not picky about
60
#include <sys/cdefs.h>
61
#include <sys/types.h>
62
#include <sys/param.h>
63
#include <netinet/in.h>
46
65
#include <string.h>
49
extern char * md5_crypt_r( const char *pw, const char *salt, struct crypt_data * data);
51
static const struct ordering InitialTr = { {
52
58,50,42,34,26,18,10, 2,60,52,44,36,28,20,12, 4,
53
62,54,46,38,30,22,14, 6,64,56,48,40,32,24,16, 8,
54
57,49,41,33,25,17, 9, 1,59,51,43,35,27,19,11, 3,
55
61,53,45,37,29,21,13, 5,63,55,47,39,31,23,15, 7,
58
static const struct ordering FinalTr = { {
59
40, 8,48,16,56,24,64,32,39, 7,47,15,55,23,63,31,
60
38, 6,46,14,54,22,62,30,37, 5,45,13,53,21,61,29,
61
36, 4,44,12,52,20,60,28,35, 3,43,11,51,19,59,27,
62
34, 2,42,10,50,18,58,26,33, 1,41, 9,49,17,57,25,
65
static const struct ordering swap = { {
66
33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,
67
49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,
68
1, 2, 3, 4, 5, 6, 7, 8, 9,10,11,12,13,14,15,16,
69
17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,
72
static const struct ordering KeyTr1 = { {
73
57,49,41,33,25,17, 9, 1,58,50,42,34,26,18,
74
10, 2,59,51,43,35,27,19,11, 3,60,52,44,36,
75
63,55,47,39,31,23,15, 7,62,54,46,38,30,22,
76
14, 6,61,53,45,37,29,21,13, 5,28,20,12, 4,
79
static const struct ordering KeyTr2 = { {
80
14,17,11,24, 1, 5, 3,28,15, 6,21,10,
81
23,19,12, 4,26, 8,16, 7,27,20,13, 2,
82
41,52,31,37,47,55,30,40,51,45,33,48,
83
44,49,39,56,34,53,46,42,50,36,29,32,
86
static const struct ordering etr = { {
87
32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
88
8, 9,10,11,12,13,12,13,14,15,16,17,
89
16,17,18,19,20,21,20,21,22,23,24,25,
90
24,25,26,27,28,29,28,29,30,31,32, 1,
93
static const struct ordering ptr = { {
94
16, 7,20,21,29,12,28,17, 1,15,23,26, 5,18,31,10,
95
2, 8,24,14,32,27, 3, 9,19,13,30, 6,22,11, 4,25,
98
static const unsigned char s_boxes[8][64] = {
99
{ 14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7,
100
0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8,
101
4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0,
102
15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13,
105
{ 15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10,
106
3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5,
107
0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15,
108
13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9,
111
{ 10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8,
112
13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1,
113
13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7,
114
1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12,
117
{ 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15,
118
13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9,
119
10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4,
120
3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14,
123
{ 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9,
124
14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6,
125
4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14,
126
11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3,
129
{ 12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11,
130
10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8,
131
9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6,
132
4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13,
135
{ 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1,
136
13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6,
137
1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2,
138
6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12,
141
{ 13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7,
142
1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2,
143
7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8,
144
2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11,
148
static const int rots[] = {
149
1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1,
152
static void transpose(struct block *data, const struct ordering *t, int n)
159
data->b_data[n] = x.b_data[t->o_data[n] - 1];
163
static void rotate(struct block *key)
165
unsigned char *p = key->b_data;
166
unsigned char *ep = &(key->b_data[55]);
167
int data0 = key->b_data[0], data28 = key->b_data[28];
169
while (p++ < ep) *(p-1) = *p;
170
key->b_data[27] = data0;
171
key->b_data[55] = data28;
174
static void f(int i, struct block *key, struct block *a, struct block *x, struct crypt_data *data)
176
struct block e, ikey, y;
178
unsigned char *p, *q, *r;
181
transpose(&e, data->EP, 48);
182
for (k = rots[i]; k; k--) rotate(key);
184
transpose(&ikey, &KeyTr2, 48);
187
r = &(ikey.b_data[48]);
188
while (p > y.b_data) {
68
/* Re-entrantify me -- all this junk needs to be in
69
* struct crypt_data to make this really reentrant... */
70
static u_char inv_key_perm[64];
71
static u_char inv_comp_perm[56];
72
static u_char u_sbox[8][64];
73
static u_char un_pbox[32];
74
static u_int32_t en_keysl[16], en_keysr[16];
75
static u_int32_t de_keysl[16], de_keysr[16];
76
static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
77
static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
78
static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
79
static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
80
static u_int32_t saltbits;
81
static u_int32_t old_salt;
82
static u_int32_t old_rawkey0, old_rawkey1;
85
/* Static stuff that stays resident and doesn't change after
86
* being initialized, and therefore doesn't need to be made
88
static u_char init_perm[64], final_perm[64];
89
static u_char m_sbox[4][4096];
90
static u_int32_t psbox[4][256];
96
static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
98
static const u_char IP[64] = {
99
58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
100
62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
101
57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
102
61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
105
static const u_char key_perm[56] = {
106
57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
107
10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
108
63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
109
14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
112
static const u_char key_shifts[16] = {
113
1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
116
static const u_char comp_perm[48] = {
117
14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
118
23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
119
41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
120
44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
124
* No E box is used, as it's replaced by some ANDs, shifts, and ORs.
127
static const u_char sbox[8][64] = {
129
14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
130
0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
131
4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
132
15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
135
15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
136
3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
137
0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
138
13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
141
10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
142
13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
143
13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
144
1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
147
7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
148
13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
149
10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
150
3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
153
2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
154
14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
155
4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
156
11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
159
12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
160
10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
161
9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
162
4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
165
4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
166
13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
167
1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
168
6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
171
13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
172
1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
173
7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
174
2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
178
static const u_char pbox[32] = {
179
16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
180
2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
183
static const u_int32_t bits32[32] =
185
0x80000000, 0x40000000, 0x20000000, 0x10000000,
186
0x08000000, 0x04000000, 0x02000000, 0x01000000,
187
0x00800000, 0x00400000, 0x00200000, 0x00100000,
188
0x00080000, 0x00040000, 0x00020000, 0x00010000,
189
0x00008000, 0x00004000, 0x00002000, 0x00001000,
190
0x00000800, 0x00000400, 0x00000200, 0x00000100,
191
0x00000080, 0x00000040, 0x00000020, 0x00000010,
192
0x00000008, 0x00000004, 0x00000002, 0x00000001
195
static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
196
static const u_int32_t *bits28, *bits24;
200
ascii_to_bin(char ch)
205
return(ch - 'a' + 38);
209
return(ch - 'A' + 12);
220
int i, j, b, k, inbit, obit;
221
u_int32_t *p, *il, *ir, *fl, *fr;
222
static int des_initialised = 0;
224
if (des_initialised==1)
227
old_rawkey0 = old_rawkey1 = 0L;
230
bits24 = (bits28 = bits32 + 4) + 4;
233
* Invert the S-boxes, reordering the input bits.
235
for (i = 0; i < 8; i++)
236
for (j = 0; j < 64; j++) {
237
b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
238
u_sbox[i][j] = sbox[i][b];
242
* Convert the inverted S-boxes into 4 arrays of 8 bits.
243
* Each will handle 12 bits of the S-box input.
245
for (b = 0; b < 4; b++)
246
for (i = 0; i < 64; i++)
247
for (j = 0; j < 64; j++)
248
m_sbox[b][(i << 6) | j] =
249
(u_char)((u_sbox[(b << 1)][i] << 4) |
250
u_sbox[(b << 1) + 1][j]);
253
* Set up the initial & final permutations into a useful form, and
254
* initialise the inverted key permutation.
256
for (i = 0; i < 64; i++) {
257
init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
258
inv_key_perm[i] = 255;
262
* Invert the key permutation and initialise the inverted key
263
* compression permutation.
265
for (i = 0; i < 56; i++) {
266
inv_key_perm[key_perm[i] - 1] = (u_char)i;
267
inv_comp_perm[i] = 255;
271
* Invert the key compression permutation.
273
for (i = 0; i < 48; i++) {
274
inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
278
* Set up the OR-mask arrays for the initial and final permutations,
279
* and for the key initial and compression permutations.
192
281
for (k = 0; k < 8; k++) {
204
*q++ = (xb >> 3) & 1;
209
transpose(x, &ptr, 32);
212
void setkey_r(const char *k, struct crypt_data *data)
214
struct block *key = &(data->key);
215
memcpy(key, k, (sizeof(struct block)));
216
transpose(key, &KeyTr1, 56);
219
extern void encrypt_r(char *blck, int edflag, struct crypt_data *data)
221
struct block *key = &(data->key);
222
struct block *p = (struct block *) blck;
225
transpose(p, &InitialTr, 64);
226
for (i = 15; i>= 0; i--) {
227
int j = edflag ? i : 15 - i;
232
for (k = 31; k >= 0; k--) {
233
p->b_data[k] = b.b_data[k + 32];
235
f(j, key, p, &x, data);
236
for (k = 31; k >= 0; k--) {
237
p->b_data[k+32] = b.b_data[k] ^ x.b_data[k];
240
transpose(p, &swap, 64);
241
transpose(p, &FinalTr, 64);
244
extern char *crypt_r(const char *pw, const char *salt, struct crypt_data *data)
248
static char result[16];
250
struct ordering new_etr;
253
/* First, check if we are supposed to be using the MD5 replacement
254
* instead of DES... */
255
if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$')
256
return md5_crypt_r(pw, salt, data);
259
while (*pw && p < &pwb[64]) {
263
*p++ = (*pw >> j) & 01;
268
while (p < &pwb[64]) *p++ = 0;
270
setkey_r(p = pwb, data);
272
while (p < &pwb[66]) *p++ = 0;
276
if (salt[0] == 0 || salt[1] == 0) salt = "**";
282
for (i = 0; i < 256; i++) {
283
*(il = &ip_maskl[k][i]) = 0L;
284
*(ir = &ip_maskr[k][i]) = 0L;
285
*(fl = &fp_maskl[k][i]) = 0L;
286
*(fr = &fp_maskr[k][i]) = 0L;
287
for (j = 0; j < 8; j++) {
290
if ((obit = init_perm[inbit]) < 32)
293
*ir |= bits32[obit-32];
294
if ((obit = final_perm[inbit]) < 32)
297
*fr |= bits32[obit - 32];
301
for (i = 0; i < 128; i++) {
302
*(il = &key_perm_maskl[k][i]) = 0L;
303
*(ir = &key_perm_maskr[k][i]) = 0L;
304
for (j = 0; j < 7; j++) {
306
if (i & bits8[j + 1]) {
307
if ((obit = inv_key_perm[inbit]) == 255)
312
*ir |= bits28[obit - 28];
315
*(il = &comp_maskl[k][i]) = 0L;
316
*(ir = &comp_maskr[k][i]) = 0L;
317
for (j = 0; j < 7; j++) {
319
if (i & bits8[j + 1]) {
320
if ((obit=inv_comp_perm[inbit]) == 255)
325
*ir |= bits24[obit - 24];
332
* Invert the P-box permutation, and convert into OR-masks for
333
* handling the output of the S-box arrays setup above.
335
for (i = 0; i < 32; i++)
336
un_pbox[pbox[i] - 1] = (u_char)i;
338
for (b = 0; b < 4; b++)
339
for (i = 0; i < 256; i++) {
340
*(p = &psbox[b][i]) = 0L;
341
for (j = 0; j < 8; j++) {
343
*p |= bits32[un_pbox[8 * b + j]];
352
setup_salt(long salt)
354
u_int32_t obit, saltbit;
357
if (salt == old_salt)
364
for (i = 0; i < 24; i++) {
374
des_setkey(const char *key)
376
u_int32_t k0, k1, rawkey0, rawkey1;
381
rawkey0 = ntohl(*(const u_int32_t *) key);
382
rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
384
if ((rawkey0 | rawkey1)
385
&& rawkey0 == old_rawkey0
386
&& rawkey1 == old_rawkey1) {
388
* Already setup for this key.
389
* This optimisation fails on a zero key (which is weak and
390
* has bad parity anyway) in order to simplify the starting
395
old_rawkey0 = rawkey0;
396
old_rawkey1 = rawkey1;
399
* Do key permutation and split into two 28-bit subkeys.
401
k0 = key_perm_maskl[0][rawkey0 >> 25]
402
| key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
403
| key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
404
| key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
405
| key_perm_maskl[4][rawkey1 >> 25]
406
| key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
407
| key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
408
| key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
409
k1 = key_perm_maskr[0][rawkey0 >> 25]
410
| key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
411
| key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
412
| key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
413
| key_perm_maskr[4][rawkey1 >> 25]
414
| key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
415
| key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
416
| key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
418
* Rotate subkeys and do compression permutation.
421
for (round = 0; round < 16; round++) {
424
shifts += key_shifts[round];
426
t0 = (k0 << shifts) | (k0 >> (28 - shifts));
427
t1 = (k1 << shifts) | (k1 >> (28 - shifts));
429
de_keysl[15 - round] =
430
en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
431
| comp_maskl[1][(t0 >> 14) & 0x7f]
432
| comp_maskl[2][(t0 >> 7) & 0x7f]
433
| comp_maskl[3][t0 & 0x7f]
434
| comp_maskl[4][(t1 >> 21) & 0x7f]
435
| comp_maskl[5][(t1 >> 14) & 0x7f]
436
| comp_maskl[6][(t1 >> 7) & 0x7f]
437
| comp_maskl[7][t1 & 0x7f];
439
de_keysr[15 - round] =
440
en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
441
| comp_maskr[1][(t0 >> 14) & 0x7f]
442
| comp_maskr[2][(t0 >> 7) & 0x7f]
443
| comp_maskr[3][t0 & 0x7f]
444
| comp_maskr[4][(t1 >> 21) & 0x7f]
445
| comp_maskr[5][(t1 >> 14) & 0x7f]
446
| comp_maskr[6][(t1 >> 7) & 0x7f]
447
| comp_maskr[7][t1 & 0x7f];
454
do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
457
* l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
459
u_int32_t l, r, *kl, *kr, *kl1, *kr1;
460
u_int32_t f, r48l, r48r;
465
} else if (count > 0) {
481
* Do initial permutation (IP).
483
l = ip_maskl[0][l_in >> 24]
484
| ip_maskl[1][(l_in >> 16) & 0xff]
485
| ip_maskl[2][(l_in >> 8) & 0xff]
486
| ip_maskl[3][l_in & 0xff]
487
| ip_maskl[4][r_in >> 24]
488
| ip_maskl[5][(r_in >> 16) & 0xff]
489
| ip_maskl[6][(r_in >> 8) & 0xff]
490
| ip_maskl[7][r_in & 0xff];
491
r = ip_maskr[0][l_in >> 24]
492
| ip_maskr[1][(l_in >> 16) & 0xff]
493
| ip_maskr[2][(l_in >> 8) & 0xff]
494
| ip_maskr[3][l_in & 0xff]
495
| ip_maskr[4][r_in >> 24]
496
| ip_maskr[5][(r_in >> 16) & 0xff]
497
| ip_maskr[6][(r_in >> 8) & 0xff]
498
| ip_maskr[7][r_in & 0xff];
509
* Expand R to 48 bits (simulate the E-box).
511
r48l = ((r & 0x00000001) << 23)
512
| ((r & 0xf8000000) >> 9)
513
| ((r & 0x1f800000) >> 11)
514
| ((r & 0x01f80000) >> 13)
515
| ((r & 0x001f8000) >> 15);
517
r48r = ((r & 0x0001f800) << 7)
518
| ((r & 0x00001f80) << 5)
519
| ((r & 0x000001f8) << 3)
520
| ((r & 0x0000001f) << 1)
521
| ((r & 0x80000000) >> 31);
523
* Do salting for crypt() and friends, and
524
* XOR with the permuted key.
526
f = (r48l ^ r48r) & saltbits;
530
* Do sbox lookups (which shrink it back to 32 bits)
531
* and do the pbox permutation at the same time.
533
f = psbox[0][m_sbox[0][r48l >> 12]]
534
| psbox[1][m_sbox[1][r48l & 0xfff]]
535
| psbox[2][m_sbox[2][r48r >> 12]]
536
| psbox[3][m_sbox[3][r48r & 0xfff]];
538
* Now that we've permuted things, complete f().
548
* Do final permutation (inverse of IP).
550
*l_out = fp_maskl[0][l >> 24]
551
| fp_maskl[1][(l >> 16) & 0xff]
552
| fp_maskl[2][(l >> 8) & 0xff]
553
| fp_maskl[3][l & 0xff]
554
| fp_maskl[4][r >> 24]
555
| fp_maskl[5][(r >> 16) & 0xff]
556
| fp_maskl[6][(r >> 8) & 0xff]
557
| fp_maskl[7][r & 0xff];
558
*r_out = fp_maskr[0][l >> 24]
559
| fp_maskr[1][(l >> 16) & 0xff]
560
| fp_maskr[2][(l >> 8) & 0xff]
561
| fp_maskr[3][l & 0xff]
562
| fp_maskr[4][r >> 24]
563
| fp_maskr[5][(r >> 16) & 0xff]
564
| fp_maskr[6][(r >> 8) & 0xff]
565
| fp_maskr[7][r & 0xff];
572
des_cipher(const char *in, char *out, u_int32_t salt, int count)
574
u_int32_t l_out, r_out, rawl, rawr;
586
rawl = ntohl(*trans.ui32++);
587
rawr = ntohl(*trans.ui32);
589
retval = do_des(rawl, rawr, &l_out, &r_out, count);
592
*trans.ui32++ = htonl(l_out);
593
*trans.ui32 = htonl(r_out);
600
setkey(const char *key)
603
u_int32_t packed_keys[2];
606
p = (u_char *) packed_keys;
608
for (i = 0; i < 8; i++) {
610
for (j = 0; j < 8; j++)
619
encrypt(char *block, int flag)
277
629
for (i = 0; i < 2; i++) {
282
if ( c > 'Z') c -= 6 + 7 + '.'; /* c was a lower case letter */
283
else if ( c > '9') c -= 7 + '.';/* c was upper case letter */
284
else c -= '.'; /* c was digit, '.' or '/'. */
285
/* now, 0 <= c <= 63 */
286
for (j = 0; j < 6; j++) {
289
int temp = new_etr.o_data[t];
290
new_etr.o_data[t] = new_etr.o_data[t+24];
291
new_etr.o_data[t+24] = temp;
296
if (result[1] == 0) result[1] = result[0];
298
for (i = 0; i < 25; i++) encrypt_r(pwb,0, data);
303
while (p < &pwb[66]) {
311
c += '.'; /* becomes >= '.' */
312
if (c > '9') c += 7; /* not in [./0-9], becomes upper */
313
if (c > 'Z') c += 6; /* not in [A-Z], becomes lower */
322
* Copyright (c) 1987,1997, Prentice Hall
323
* All rights reserved.
325
* Redistribution and use of the MINIX operating system in source and
326
* binary forms, with or without modification, are permitted provided
327
* that the following conditions are met:
329
* Redistributions of source code must retain the above copyright
330
* notice, this list of conditions and the following disclaimer.
332
* Redistributions in binary form must reproduce the above
333
* copyright notice, this list of conditions and the following
334
* disclaimer in the documentation and/or other materials provided
335
* with the distribution.
337
* Neither the name of Prentice Hall nor the names of the software
338
* authors or contributors may be used to endorse or promote
339
* products derived from this software without specific prior
340
* written permission.
342
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS, AUTHORS, AND
343
* CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
344
* INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
345
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
346
* IN NO EVENT SHALL PRENTICE HALL OR ANY AUTHORS OR CONTRIBUTORS BE
347
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
348
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
349
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
350
* BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
351
* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
352
* OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
353
* EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
631
for (j = 0; j < 32; j++)
635
do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
636
for (i = 0; i < 2; i++)
637
for (j = 0; j < 32; j++)
638
block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
642
__des_crypt(const char *key, const char *setting)
644
u_int32_t count, salt, l, r0, r1, keybuf[2];
646
static char output[21];
651
* Copy the key, shifting each character up by one bit
652
* and padding with zeros.
654
q = (u_char *)keybuf;
655
while (q - (u_char *)keybuf - 8) {
660
if (des_setkey((char *)keybuf))
664
if (*setting == _PASSWORD_EFMT1) {
668
* setting - underscore, 4 bytes of count, 4 bytes of salt
669
* key - unlimited characters
671
for (i = 1, count = 0L; i < 5; i++)
672
count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
674
for (i = 5, salt = 0L; i < 9; i++)
675
salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
679
* Encrypt the key with itself.
681
if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
684
* And XOR with the next 8 characters of the key.
686
q = (u_char *)keybuf;
687
while (q - (u_char *)keybuf - 8 && *key)
690
if (des_setkey((char *)keybuf))
693
strncpy(output, setting, 9);
696
* Double check that we weren't given a short setting.
697
* If we were, the above code will probably have created
698
* wierd values for count and salt, but we don't really care.
699
* Just make sure the output string doesn't have an extra
703
p = (u_char *)output + strlen(output);
709
* setting - 2 bytes of salt
710
* key - up to 8 characters
714
salt = (ascii_to_bin(setting[1]) << 6)
715
| ascii_to_bin(setting[0]);
717
output[0] = setting[0];
719
* If the encrypted password that the salt was extracted from
720
* is only 1 character long, the salt will be corrupted. We
721
* need to ensure that the output string doesn't have an extra
724
output[1] = setting[1] ? setting[1] : output[0];
726
p = (u_char *)output + 2;
732
if (do_des(0L, 0L, &r0, &r1, (int)count))
735
* Now encode the result...
738
*p++ = ascii64[(l >> 18) & 0x3f];
739
*p++ = ascii64[(l >> 12) & 0x3f];
740
*p++ = ascii64[(l >> 6) & 0x3f];
741
*p++ = ascii64[l & 0x3f];
743
l = (r0 << 16) | ((r1 >> 16) & 0xffff);
744
*p++ = ascii64[(l >> 18) & 0x3f];
745
*p++ = ascii64[(l >> 12) & 0x3f];
746
*p++ = ascii64[(l >> 6) & 0x3f];
747
*p++ = ascii64[l & 0x3f];
750
*p++ = ascii64[(l >> 12) & 0x3f];
751
*p++ = ascii64[(l >> 6) & 0x3f];
752
*p++ = ascii64[l & 0x3f];
added
removed
libcrypt/des.c
