source: rtems-libbsd/rtemsbsd/telnetd/des.c @ 0f1d2f6

55-freebsd-126-freebsd-12
Last change on this file since 0f1d2f6 was a197a48, checked in by Sebastian Huber <sebastian.huber@…>, on 09/18/14 at 07:49:32

telnetd: Import from RTEMS sources

  • Property mode set to 100644
File size: 23.4 KB
Line 
1/*
2 * FreeSec: libcrypt for NetBSD
3 *
4 * Copyright (c) 1994 David Burren
5 * All rights reserved.
6 *
7 * Ported to RTEMS and made reentrant by Till Straumann, 9/2003
8 *
9 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
10 *      this file should now *only* export crypt(), in order to make
11 *      binaries of libcrypt exportable from the USA
12 *
13 * Adapted for FreeBSD-4.0 by Mark R V Murray
14 *      this file should now *only* export crypt_des(), in order to make
15 *      a module that can be optionally included in libcrypt.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 *    notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 *    notice, this list of conditions and the following disclaimer in the
24 *    documentation and/or other materials provided with the distribution.
25 * 3. Neither the name of the author nor the names of other contributors
26 *    may be used to endorse or promote products derived from this software
27 *    without specific prior written permission.
28 *
29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * SUCH DAMAGE.
40 *
41 * This is an original implementation of the DES and the crypt(3) interfaces
42 * by David Burren <davidb@werj.com.au>.
43 *
44 * An excellent reference on the underlying algorithm (and related
45 * algorithms) is:
46 *
47 *      B. Schneier, Applied Cryptography: protocols, algorithms,
48 *      and source code in C, John Wiley & Sons, 1994.
49 *
50 * Note that in that book's description of DES the lookups for the initial,
51 * pbox, and final permutations are inverted (this has been brought to the
52 * attention of the author).  A list of errata for this book has been
53 * posted to the sci.crypt newsgroup by the author and is available for FTP.
54 *
55 * ARCHITECTURE ASSUMPTIONS:
56 *      It is assumed that the 8-byte arrays passed by reference can be
57 *      addressed as arrays of u_int32_t's (ie. the CPU is not picky about
58 *      alignment).
59 */
60
61#ifdef HAVE_CONFIG_H
62#include "config.h"
63#endif
64
65#define __FORCE_GLIBC
66#include <sys/cdefs.h>
67#include <sys/types.h>
68#include <sys/param.h>
69#include <netinet/in.h>
70#ifndef __rtems__
71#include <pwd.h>
72#include <crypt.h>
73#endif
74#include <string.h>
75#include <stdlib.h>
76
77#define REENTRANT
78/* Re-entrantify me -- all this junk needs to be in
79 * struct crypt_data to make this really reentrant... */
80
81/* TS; not really - only the stuff in Des_Context */
82static struct fixed1 {
83u_char  inv_key_perm[64];
84u_char  inv_comp_perm[56];
85u_char  u_sbox[8][64];
86u_char  un_pbox[32];
87} des1_f;
88static struct fixed2 {
89u_int32_t ip_maskl[8][256], ip_maskr[8][256];
90} des2_f;
91static struct fixed3 {
92u_int32_t fp_maskl[8][256], fp_maskr[8][256];
93} des3_f;
94static struct fixed4 {
95u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
96u_int32_t comp_maskl[8][128], comp_maskr[8][128];
97} des4_f;
98
99#define inv_key_perm des1_f.inv_key_perm
100#define inv_comp_perm des1_f.inv_comp_perm
101#define u_sbox des1_f.u_sbox
102#define un_pbox des1_f.un_pbox
103#define ip_maskl des2_f.ip_maskl
104#define ip_maskr des2_f.ip_maskr
105#define fp_maskl des3_f.fp_maskl
106#define fp_maskr des3_f.fp_maskr
107#define key_perm_maskl des4_f.key_perm_maskl
108#define key_perm_maskr des4_f.key_perm_maskr
109#define comp_maskl des4_f.comp_maskl
110#define comp_maskr des4_f.comp_maskr
111
112/* These need to be maintained per-process */
113struct Des_Context {
114u_int32_t en_keysl[16], en_keysr[16];
115u_int32_t de_keysl[16], de_keysr[16];
116u_int32_t saltbits;
117u_int32_t old_salt;
118u_int32_t old_rawkey0, old_rawkey1;
119};
120
121#ifndef REENTRANT
122static struct Des_Context single;
123#endif
124
125#define en_keysl des_ctx->en_keysl
126#define en_keysr des_ctx->en_keysr
127#define de_keysl des_ctx->de_keysl
128#define de_keysr des_ctx->de_keysr
129#define saltbits des_ctx->saltbits
130#define old_salt des_ctx->old_salt
131#define old_rawkey0 des_ctx->old_rawkey0
132#define old_rawkey1 des_ctx->old_rawkey1
133
134/* Static stuff that stays resident and doesn't change after
135 * being initialized, and therefore doesn't need to be made
136 * reentrant. */
137static u_char   init_perm[64], final_perm[64];
138static u_char   m_sbox[4][4096];
139static u_int32_t psbox[4][256];
140
141
142
143
144/* A pile of data */
145static const u_char     ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
146
147static const u_char     IP[64] = {
148  58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
149  62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
150  57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
151  61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
152};
153
154static const u_char     key_perm[56] = {
155  57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
156  10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
157  63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
158  14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
159};
160
161static const u_char     key_shifts[16] = {
162  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
163};
164
165static const u_char     comp_perm[48] = {
166  14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
167  23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
168  41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
169  44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
170};
171
172/*
173 *      No E box is used, as it's replaced by some ANDs, shifts, and ORs.
174 */
175
176static const u_char     sbox[8][64] = {
177  {
178    14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
179     0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
180     4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
181    15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
182  },
183  {
184    15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
185     3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
186     0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
187    13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
188  },
189  {
190    10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
191    13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
192    13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
193     1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
194  },
195  {
196     7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
197    13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
198    10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
199     3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
200  },
201  {
202     2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
203    14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
204     4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
205    11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
206  },
207  {
208    12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
209    10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
210     9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
211     4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
212  },
213  {
214     4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
215    13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
216     1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
217     6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
218  },
219  {
220    13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
221     1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
222     7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
223     2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
224  }
225};
226
227static const u_char     pbox[32] = {
228  16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
229   2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
230};
231
232static const u_int32_t bits32[32] =
233{
234  0x80000000, 0x40000000, 0x20000000, 0x10000000,
235  0x08000000, 0x04000000, 0x02000000, 0x01000000,
236  0x00800000, 0x00400000, 0x00200000, 0x00100000,
237  0x00080000, 0x00040000, 0x00020000, 0x00010000,
238  0x00008000, 0x00004000, 0x00002000, 0x00001000,
239  0x00000800, 0x00000400, 0x00000200, 0x00000100,
240  0x00000080, 0x00000040, 0x00000020, 0x00000010,
241  0x00000008, 0x00000004, 0x00000002, 0x00000001
242};
243
244static const u_char     bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
245static const u_int32_t *bits28, *bits24;
246
247
248static int
249ascii_to_bin(char ch)
250{
251  if (ch > 'z')
252    return(0);
253  if (ch >= 'a')
254    return(ch - 'a' + 38);
255  if (ch > 'Z')
256    return(0);
257  if (ch >= 'A')
258    return(ch - 'A' + 12);
259  if (ch > '9')
260    return(0);
261  if (ch >= '.')
262    return(ch - '.');
263  return(0);
264}
265
266struct Des_Context *
267des_ctx_init(void)
268{
269struct Des_Context *des_ctx;
270#ifdef REENTRANT
271  des_ctx = malloc(sizeof(*des_ctx));
272#else
273  des_ctx = &single;
274#endif
275  old_rawkey0 = old_rawkey1 = 0L;
276  saltbits = 0L;
277  old_salt = 0L;
278
279  return des_ctx;
280}
281
282static void
283des_init(void)
284{
285  int   i, j, b, k, inbit, obit;
286  u_int32_t     *p, *il, *ir, *fl, *fr;
287  static int des_initialised = 0;
288
289  if (des_initialised==1)
290      return;
291
292#ifndef REENTRANT
293  des_ctx_init();
294#endif
295
296  bits24 = (bits28 = bits32 + 4) + 4;
297
298  /*
299   * Invert the S-boxes, reordering the input bits.
300   */
301  for (i = 0; i < 8; i++)
302    for (j = 0; j < 64; j++) {
303      b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
304      u_sbox[i][j] = sbox[i][b];
305    }
306
307  /*
308   * Convert the inverted S-boxes into 4 arrays of 8 bits.
309   * Each will handle 12 bits of the S-box input.
310   */
311  for (b = 0; b < 4; b++)
312    for (i = 0; i < 64; i++)
313      for (j = 0; j < 64; j++)
314        m_sbox[b][(i << 6) | j] =
315          (u_char)((u_sbox[(b << 1)][i] << 4) |
316          u_sbox[(b << 1) + 1][j]);
317
318  /*
319   * Set up the initial & final permutations into a useful form, and
320   * initialise the inverted key permutation.
321   */
322  for (i = 0; i < 64; i++) {
323    init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
324    inv_key_perm[i] = 255;
325  }
326
327  /*
328   * Invert the key permutation and initialise the inverted key
329   * compression permutation.
330   */
331  for (i = 0; i < 56; i++) {
332    inv_key_perm[key_perm[i] - 1] = (u_char)i;
333    inv_comp_perm[i] = 255;
334  }
335
336  /*
337   * Invert the key compression permutation.
338   */
339  for (i = 0; i < 48; i++) {
340    inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
341  }
342
343  /*
344   * Set up the OR-mask arrays for the initial and final permutations,
345   * and for the key initial and compression permutations.
346   */
347  for (k = 0; k < 8; k++) {
348    for (i = 0; i < 256; i++) {
349      *(il = &ip_maskl[k][i]) = 0L;
350      *(ir = &ip_maskr[k][i]) = 0L;
351      *(fl = &fp_maskl[k][i]) = 0L;
352      *(fr = &fp_maskr[k][i]) = 0L;
353      for (j = 0; j < 8; j++) {
354        inbit = 8 * k + j;
355        if (i & bits8[j]) {
356          if ((obit = init_perm[inbit]) < 32)
357            *il |= bits32[obit];
358          else
359            *ir |= bits32[obit-32];
360          if ((obit = final_perm[inbit]) < 32)
361            *fl |= bits32[obit];
362          else
363            *fr |= bits32[obit - 32];
364        }
365      }
366    }
367    for (i = 0; i < 128; i++) {
368      *(il = &key_perm_maskl[k][i]) = 0L;
369      *(ir = &key_perm_maskr[k][i]) = 0L;
370      for (j = 0; j < 7; j++) {
371        inbit = 8 * k + j;
372        if (i & bits8[j + 1]) {
373          if ((obit = inv_key_perm[inbit]) == 255)
374            continue;
375          if (obit < 28)
376            *il |= bits28[obit];
377          else
378            *ir |= bits28[obit - 28];
379        }
380      }
381      *(il = &comp_maskl[k][i]) = 0L;
382      *(ir = &comp_maskr[k][i]) = 0L;
383      for (j = 0; j < 7; j++) {
384        inbit = 7 * k + j;
385        if (i & bits8[j + 1]) {
386          if ((obit=inv_comp_perm[inbit]) == 255)
387            continue;
388          if (obit < 24)
389            *il |= bits24[obit];
390          else
391            *ir |= bits24[obit - 24];
392        }
393      }
394    }
395  }
396
397  /*
398   * Invert the P-box permutation, and convert into OR-masks for
399   * handling the output of the S-box arrays setup above.
400   */
401  for (i = 0; i < 32; i++)
402    un_pbox[pbox[i] - 1] = (u_char)i;
403
404  for (b = 0; b < 4; b++)
405    for (i = 0; i < 256; i++) {
406      *(p = &psbox[b][i]) = 0L;
407      for (j = 0; j < 8; j++) {
408        if (i & bits8[j])
409          *p |= bits32[un_pbox[8 * b + j]];
410      }
411    }
412
413  des_initialised = 1;
414}
415
416
417static void
418setup_salt(long salt, struct Des_Context *des_ctx)
419{
420  u_int32_t     obit, saltbit;
421  int   i;
422
423  if (salt == old_salt)
424    return;
425  old_salt = salt;
426
427  saltbits = 0L;
428  saltbit = 1;
429  obit = 0x800000;
430  for (i = 0; i < 24; i++) {
431    if (salt & saltbit)
432      saltbits |= obit;
433    saltbit <<= 1;
434    obit >>= 1;
435  }
436}
437
438
439static int
440des_setkey(const char *key, struct Des_Context *des_ctx)
441{
442  u_int32_t     k0, k1, rawkey0, rawkey1;
443  int           shifts, round;
444
445  des_init();
446
447  rawkey0 = ntohl(*(const u_int32_t *) key);
448  rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
449
450  if ((rawkey0 | rawkey1)
451      && rawkey0 == old_rawkey0
452      && rawkey1 == old_rawkey1) {
453    /*
454     * Already setup for this key.
455     * This optimisation fails on a zero key (which is weak and
456     * has bad parity anyway) in order to simplify the starting
457     * conditions.
458     */
459    return(0);
460  }
461  old_rawkey0 = rawkey0;
462  old_rawkey1 = rawkey1;
463
464  /*
465   *    Do key permutation and split into two 28-bit subkeys.
466   */
467  k0 = key_perm_maskl[0][rawkey0 >> 25]
468     | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
469     | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
470     | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
471     | key_perm_maskl[4][rawkey1 >> 25]
472     | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
473     | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
474     | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
475  k1 = key_perm_maskr[0][rawkey0 >> 25]
476     | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
477     | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
478     | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
479     | key_perm_maskr[4][rawkey1 >> 25]
480     | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
481     | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
482     | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
483  /*
484   *    Rotate subkeys and do compression permutation.
485   */
486  shifts = 0;
487  for (round = 0; round < 16; round++) {
488    u_int32_t   t0, t1;
489
490    shifts += key_shifts[round];
491
492    t0 = (k0 << shifts) | (k0 >> (28 - shifts));
493    t1 = (k1 << shifts) | (k1 >> (28 - shifts));
494
495    de_keysl[15 - round] =
496    en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
497        | comp_maskl[1][(t0 >> 14) & 0x7f]
498        | comp_maskl[2][(t0 >> 7) & 0x7f]
499        | comp_maskl[3][t0 & 0x7f]
500        | comp_maskl[4][(t1 >> 21) & 0x7f]
501        | comp_maskl[5][(t1 >> 14) & 0x7f]
502        | comp_maskl[6][(t1 >> 7) & 0x7f]
503        | comp_maskl[7][t1 & 0x7f];
504
505    de_keysr[15 - round] =
506    en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
507        | comp_maskr[1][(t0 >> 14) & 0x7f]
508        | comp_maskr[2][(t0 >> 7) & 0x7f]
509        | comp_maskr[3][t0 & 0x7f]
510        | comp_maskr[4][(t1 >> 21) & 0x7f]
511        | comp_maskr[5][(t1 >> 14) & 0x7f]
512        | comp_maskr[6][(t1 >> 7) & 0x7f]
513        | comp_maskr[7][t1 & 0x7f];
514  }
515  return(0);
516}
517
518
519static int
520do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count, struct Des_Context *des_ctx)
521{
522  /*
523   *    l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
524   */
525  u_int32_t     l, r, *kl, *kr, *kl1, *kr1;
526  u_int32_t     f, r48l, r48r;
527  int           round;
528
529  if (count == 0) {
530    return(1);
531  } else if (count > 0) {
532    /*
533     * Encrypting
534     */
535    kl1 = en_keysl;
536    kr1 = en_keysr;
537  } else {
538    /*
539     * Decrypting
540     */
541    count = -count;
542    kl1 = de_keysl;
543    kr1 = de_keysr;
544  }
545
546  /*
547   *    Do initial permutation (IP).
548   */
549  l = ip_maskl[0][l_in >> 24]
550    | ip_maskl[1][(l_in >> 16) & 0xff]
551    | ip_maskl[2][(l_in >> 8) & 0xff]
552    | ip_maskl[3][l_in & 0xff]
553    | ip_maskl[4][r_in >> 24]
554    | ip_maskl[5][(r_in >> 16) & 0xff]
555    | ip_maskl[6][(r_in >> 8) & 0xff]
556    | ip_maskl[7][r_in & 0xff];
557  r = ip_maskr[0][l_in >> 24]
558    | ip_maskr[1][(l_in >> 16) & 0xff]
559    | ip_maskr[2][(l_in >> 8) & 0xff]
560    | ip_maskr[3][l_in & 0xff]
561    | ip_maskr[4][r_in >> 24]
562    | ip_maskr[5][(r_in >> 16) & 0xff]
563    | ip_maskr[6][(r_in >> 8) & 0xff]
564    | ip_maskr[7][r_in & 0xff];
565
566  while (count--) {
567    /*
568     * Do each round.
569     */
570    kl = kl1;
571    kr = kr1;
572    round = 16;
573    while (round--) {
574      /*
575       * Expand R to 48 bits (simulate the E-box).
576       */
577      r48l      = ((r & 0x00000001) << 23)
578        | ((r & 0xf8000000) >> 9)
579        | ((r & 0x1f800000) >> 11)
580        | ((r & 0x01f80000) >> 13)
581        | ((r & 0x001f8000) >> 15);
582
583      r48r      = ((r & 0x0001f800) << 7)
584        | ((r & 0x00001f80) << 5)
585        | ((r & 0x000001f8) << 3)
586        | ((r & 0x0000001f) << 1)
587        | ((r & 0x80000000) >> 31);
588      /*
589       * Do salting for crypt() and friends, and
590       * XOR with the permuted key.
591       */
592      f = (r48l ^ r48r) & saltbits;
593      r48l ^= f ^ *kl++;
594      r48r ^= f ^ *kr++;
595      /*
596       * Do sbox lookups (which shrink it back to 32 bits)
597       * and do the pbox permutation at the same time.
598       */
599      f = psbox[0][m_sbox[0][r48l >> 12]]
600        | psbox[1][m_sbox[1][r48l & 0xfff]]
601        | psbox[2][m_sbox[2][r48r >> 12]]
602        | psbox[3][m_sbox[3][r48r & 0xfff]];
603      /*
604       * Now that we've permuted things, complete f().
605       */
606      f ^= l;
607      l = r;
608      r = f;
609    }
610    r = l;
611    l = f;
612  }
613  /*
614   * Do final permutation (inverse of IP).
615   */
616  *l_out        = fp_maskl[0][l >> 24]
617    | fp_maskl[1][(l >> 16) & 0xff]
618    | fp_maskl[2][(l >> 8) & 0xff]
619    | fp_maskl[3][l & 0xff]
620    | fp_maskl[4][r >> 24]
621    | fp_maskl[5][(r >> 16) & 0xff]
622    | fp_maskl[6][(r >> 8) & 0xff]
623    | fp_maskl[7][r & 0xff];
624  *r_out        = fp_maskr[0][l >> 24]
625    | fp_maskr[1][(l >> 16) & 0xff]
626    | fp_maskr[2][(l >> 8) & 0xff]
627    | fp_maskr[3][l & 0xff]
628    | fp_maskr[4][r >> 24]
629    | fp_maskr[5][(r >> 16) & 0xff]
630    | fp_maskr[6][(r >> 8) & 0xff]
631    | fp_maskr[7][r & 0xff];
632  return(0);
633}
634
635
636#if 0
637static int
638des_cipher(const char *in, char *out, u_int32_t salt, int count)
639{
640  u_int32_t     l_out, r_out, rawl, rawr;
641  int           retval;
642  union {
643    u_int32_t   *ui32;
644    const char  *c;
645  } trans;
646
647  des_init();
648
649  setup_salt(salt);
650
651  trans.c = in;
652  rawl = ntohl(*trans.ui32++);
653  rawr = ntohl(*trans.ui32);
654
655  retval = do_des(rawl, rawr, &l_out, &r_out, count);
656
657  trans.c = out;
658  *trans.ui32++ = htonl(l_out);
659  *trans.ui32 = htonl(r_out);
660  return(retval);
661}
662#endif
663
664
665#ifndef REENTRANT
666void
667setkey(const char *key)
668{
669  int   i, j;
670  u_int32_t     packed_keys[2];
671  u_char        *p;
672
673  p = (u_char *) packed_keys;
674
675  for (i = 0; i < 8; i++) {
676    p[i] = 0;
677    for (j = 0; j < 8; j++)
678      if (*key++ & 1)
679        p[i] |= bits8[j];
680  }
681  des_setkey(p, &single);
682}
683#endif
684
685
686#ifndef REENTRANT
687void
688encrypt(char *block, int flag)
689{
690  u_int32_t     io[2];
691  u_char        *p;
692  int   i, j;
693
694  des_init();
695
696  setup_salt(0L, &single);
697  p = block;
698  for (i = 0; i < 2; i++) {
699    io[i] = 0L;
700    for (j = 0; j < 32; j++)
701      if (*p++ & 1)
702        io[i] |= bits32[j];
703  }
704  do_des(io[0], io[1], io, io + 1, flag ? -1 : 1, &single);
705  for (i = 0; i < 2; i++)
706    for (j = 0; j < 32; j++)
707      block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
708}
709
710#endif
711
712char *
713__des_crypt_r(const char *key, const char *setting, char *output, int sz)
714{
715  char *rval = 0;
716  struct Des_Context *des_ctx;
717  u_int32_t     count, salt, l, r0, r1, keybuf[2];
718  u_char                *p, *q;
719
720  if (sz < 21)
721    return NULL;
722
723  des_init();
724  des_ctx = des_ctx_init();
725
726  /*
727   * Copy the key, shifting each character up by one bit
728   * and padding with zeros.
729   */
730  q = (u_char *)keybuf;
731  while (q - (u_char *)keybuf - 8) {
732    *q++ = *key << 1;
733    if (*(q - 1))
734      key++;
735  }
736  if (des_setkey((char *)keybuf, des_ctx))
737    goto bailout;
738
739#if 0
740  if (*setting == _PASSWORD_EFMT1) {
741    int         i;
742    /*
743     * "new"-style:
744     *  setting - underscore, 4 bytes of count, 4 bytes of salt
745     *  key - unlimited characters
746     */
747    for (i = 1, count = 0L; i < 5; i++)
748      count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
749
750    for (i = 5, salt = 0L; i < 9; i++)
751      salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
752
753    while (*key) {
754      /*
755       * Encrypt the key with itself.
756       */
757      if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
758        goto bailout;
759      /*
760       * And XOR with the next 8 characters of the key.
761       */
762      q = (u_char *)keybuf;
763      while (q - (u_char *)keybuf - 8 && *key)
764        *q++ ^= *key++ << 1;
765
766      if (des_setkey((char *)keybuf))
767        goto bailout;
768    }
769    strncpy(output, setting, 9);
770
771    /*
772     * Double check that we weren't given a short setting.
773     * If we were, the above code will probably have created
774     * wierd values for count and salt, but we don't really care.
775     * Just make sure the output string doesn't have an extra
776     * NUL in it.
777     */
778    output[9] = '\0';
779    p = (u_char *)output + strlen(output);
780  } else
781#endif
782  {
783    /*
784     * "old"-style:
785     *  setting - 2 bytes of salt
786     *  key - up to 8 characters
787     */
788    count = 25;
789
790    salt = (ascii_to_bin(setting[1]) << 6)
791         |  ascii_to_bin(setting[0]);
792
793    output[0] = setting[0];
794    /*
795     * If the encrypted password that the salt was extracted from
796     * is only 1 character long, the salt will be corrupted.  We
797     * need to ensure that the output string doesn't have an extra
798     * NUL in it!
799     */
800    output[1] = setting[1] ? setting[1] : output[0];
801
802    p = (u_char *)output + 2;
803  }
804  setup_salt(salt, des_ctx);
805  /*
806   * Do it.
807   */
808  if (do_des(0L, 0L, &r0, &r1, (int)count, des_ctx))
809    goto bailout;
810  /*
811   * Now encode the result...
812   */
813  l = (r0 >> 8);
814  *p++ = ascii64[(l >> 18) & 0x3f];
815  *p++ = ascii64[(l >> 12) & 0x3f];
816  *p++ = ascii64[(l >> 6) & 0x3f];
817  *p++ = ascii64[l & 0x3f];
818
819  l = (r0 << 16) | ((r1 >> 16) & 0xffff);
820  *p++ = ascii64[(l >> 18) & 0x3f];
821  *p++ = ascii64[(l >> 12) & 0x3f];
822  *p++ = ascii64[(l >> 6) & 0x3f];
823  *p++ = ascii64[l & 0x3f];
824
825  l = r1 << 2;
826  *p++ = ascii64[(l >> 12) & 0x3f];
827  *p++ = ascii64[(l >> 6) & 0x3f];
828  *p++ = ascii64[l & 0x3f];
829  *p = 0;
830
831  rval = output;
832bailout:
833  free(des_ctx);
834  return rval;
835}
836
837char *
838__des_crypt(const char *key, const char *setting)
839{
840  static char   output[21];
841  return __des_crypt_r(key, setting, output, sizeof(output));
842}
843
844
845#ifdef DEBUG
846
847void
848des_snap(void **pf, void **pd)
849{
850  uint8* pfc;
851  *pf = malloc(sizeof(struct fixed1) + sizeof(struct fixed2) + sizeof(struct fixed3) + sizeof(struct fixed4));
852  pfc = *pf;
853  memcpy(pfc, &des1_f, sizeof(des1_f));
854  pfc += sizeof(des1_f);
855  memcpy(pfc, &des2_f, sizeof(des2_f));
856  pfc += sizeof(des2_f);
857  memcpy(pfc, &des3_f, sizeof(des3_f));
858  pfc += sizeof(des3_f);
859  memcpy(pfc, &des4_f, sizeof(des4_f));
860//      *pd = malloc(sizeof(struct Des_Context));
861//      memcpy(*pd, &des_ctx, sizeof(des_ctx));
862}
863
864void
865des_check(void *pf, void *pd)
866{
867  uint8* pfc1, pfc2, pfc3, pfc4;
868  pfc1 = pf;
869  pfc2 = pfc1 + sizeof(des1_f);
870  pfc3 = pfc2 + sizeof(des2_f);
871  pfc4 = pfc3 + sizeof(des3_f);
872  printf("Fixed: do%s differ"/*", Context: do%s differ"*/"\n",
873         (memcmp(pfc1, &des1_f, sizeof(des1_f)) ||
874          memcmp(pfc2, &des2_f, sizeof(des2_f)) ||
875          memcmp(pfc3, &des4_f, sizeof(des3_f)) ||
876          memcmp(pfc4, &des4_f, sizeof(des4_f))) ? "" : "nt");
877}
878
879#endif
Note: See TracBrowser for help on using the repository browser.