source: rtems/cpukit/telnetd/des.c @ 2aa8014

4.104.115
Last change on this file since 2aa8014 was 8ad6681b, checked in by Joel Sherrill <joel.sherrill@…>, on 09/25/07 at 17:14:01

2007-09-25 Joel Sherrill <joel.sherrill@…>

  • telnetd/README, telnetd/pty.c, telnetd/pty.h, telnetd/telnetd.c, telnetd/telnetd.h: telnetd rewrite.
  • telnetd/check_passwd.c, telnetd/des.c, telnetd/genpw.c: New files.
  • Property mode set to 100644
File size: 22.7 KB
RevLine 
[8ad6681b]1/*
2 * FreeSec: libcrypt for NetBSD
3 *
4 * Copyright (c) 1994 David Burren
5 * All rights reserved.
6 *
7 * Ported to RTEMS and made reentrant by Till Straumann, 9/2003
8 *
9 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
10 *      this file should now *only* export crypt(), in order to make
11 *      binaries of libcrypt exportable from the USA
12 *
13 * Adapted for FreeBSD-4.0 by Mark R V Murray
14 *      this file should now *only* export crypt_des(), in order to make
15 *      a module that can be optionally included in libcrypt.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 *    notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 *    notice, this list of conditions and the following disclaimer in the
24 *    documentation and/or other materials provided with the distribution.
25 * 3. Neither the name of the author nor the names of other contributors
26 *    may be used to endorse or promote products derived from this software
27 *    without specific prior written permission.
28 *
29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * SUCH DAMAGE.
40 *
41 * This is an original implementation of the DES and the crypt(3) interfaces
42 * by David Burren <davidb@werj.com.au>.
43 *
44 * An excellent reference on the underlying algorithm (and related
45 * algorithms) is:
46 *
47 *      B. Schneier, Applied Cryptography: protocols, algorithms,
48 *      and source code in C, John Wiley & Sons, 1994.
49 *
50 * Note that in that book's description of DES the lookups for the initial,
51 * pbox, and final permutations are inverted (this has been brought to the
52 * attention of the author).  A list of errata for this book has been
53 * posted to the sci.crypt newsgroup by the author and is available for FTP.
54 *
55 * ARCHITECTURE ASSUMPTIONS:
56 *      It is assumed that the 8-byte arrays passed by reference can be
57 *      addressed as arrays of u_int32_t's (ie. the CPU is not picky about
58 *      alignment).
59 */
60
61#define __FORCE_GLIBC
62#include <sys/cdefs.h>
63#include <sys/types.h>
64#include <sys/param.h>
65#include <netinet/in.h>
66#ifndef __rtems__
67#include <pwd.h>
68#include <string.h>
69#include <crypt.h>
70#endif
71#include <stdlib.h>
72
73#define REENTRANT
74/* Re-entrantify me -- all this junk needs to be in
75 * struct crypt_data to make this really reentrant... */
76
77/* TS; not really - only the stuff in Des_Context */
78static struct fixed {
79u_char  inv_key_perm[64];
80u_char  inv_comp_perm[56];
81u_char  u_sbox[8][64];
82u_char  un_pbox[32];
83u_int32_t ip_maskl[8][256], ip_maskr[8][256];
84u_int32_t fp_maskl[8][256], fp_maskr[8][256];
85u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
86u_int32_t comp_maskl[8][128], comp_maskr[8][128];
87} des_f;
88
89#define inv_key_perm des_f.inv_key_perm
90#define inv_comp_perm des_f.inv_comp_perm
91#define u_sbox des_f.u_sbox
92#define un_pbox des_f.un_pbox
93#define ip_maskl des_f.ip_maskl
94#define ip_maskr des_f.ip_maskr
95#define fp_maskl des_f.fp_maskl
96#define fp_maskr des_f.fp_maskr
97#define key_perm_maskl des_f.key_perm_maskl
98#define key_perm_maskr des_f.key_perm_maskr
99#define comp_maskl des_f.comp_maskl
100#define comp_maskr des_f.comp_maskr
101
102/* These need to be maintained per-process */
103struct Des_Context {
104u_int32_t en_keysl[16], en_keysr[16];
105u_int32_t de_keysl[16], de_keysr[16];
106u_int32_t saltbits;
107u_int32_t old_salt;
108u_int32_t old_rawkey0, old_rawkey1;
109};
110
111#ifndef REENTRANT
112static struct Des_Context single;
113#endif
114
115#define en_keysl des_ctx->en_keysl
116#define en_keysr des_ctx->en_keysr
117#define de_keysl des_ctx->de_keysl
118#define de_keysr des_ctx->de_keysr
119#define saltbits des_ctx->saltbits
120#define old_salt des_ctx->old_salt
121#define old_rawkey0 des_ctx->old_rawkey0
122#define old_rawkey1 des_ctx->old_rawkey1
123
124/* Static stuff that stays resident and doesn't change after
125 * being initialized, and therefore doesn't need to be made
126 * reentrant. */
127static u_char   init_perm[64], final_perm[64];
128static u_char   m_sbox[4][4096];
129static u_int32_t psbox[4][256];
130
131
132
133
134/* A pile of data */
135static const u_char     ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
136
137static const u_char     IP[64] = {
138  58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
139  62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
140  57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
141  61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
142};
143
144static const u_char     key_perm[56] = {
145  57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
146  10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
147  63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
148  14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
149};
150
151static const u_char     key_shifts[16] = {
152  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
153};
154
155static const u_char     comp_perm[48] = {
156  14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
157  23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
158  41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
159  44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
160};
161
162/*
163 *      No E box is used, as it's replaced by some ANDs, shifts, and ORs.
164 */
165
166static const u_char     sbox[8][64] = {
167  {
168    14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
169     0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
170     4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
171    15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
172  },
173  {
174    15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
175     3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
176     0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
177    13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
178  },
179  {
180    10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
181    13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
182    13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
183     1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
184  },
185  {
186     7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
187    13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
188    10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
189     3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
190  },
191  {
192     2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
193    14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
194     4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
195    11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
196  },
197  {
198    12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
199    10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
200     9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
201     4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
202  },
203  {
204     4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
205    13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
206     1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
207     6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
208  },
209  {
210    13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
211     1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
212     7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
213     2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
214  }
215};
216
217static const u_char     pbox[32] = {
218  16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
219   2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
220};
221
222static const u_int32_t bits32[32] =
223{
224  0x80000000, 0x40000000, 0x20000000, 0x10000000,
225  0x08000000, 0x04000000, 0x02000000, 0x01000000,
226  0x00800000, 0x00400000, 0x00200000, 0x00100000,
227  0x00080000, 0x00040000, 0x00020000, 0x00010000,
228  0x00008000, 0x00004000, 0x00002000, 0x00001000,
229  0x00000800, 0x00000400, 0x00000200, 0x00000100,
230  0x00000080, 0x00000040, 0x00000020, 0x00000010,
231  0x00000008, 0x00000004, 0x00000002, 0x00000001
232};
233
234static const u_char     bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
235static const u_int32_t *bits28, *bits24;
236
237
238static int
239ascii_to_bin(char ch)
240{
241  if (ch > 'z')
242    return(0);
243  if (ch >= 'a')
244    return(ch - 'a' + 38);
245  if (ch > 'Z')
246    return(0);
247  if (ch >= 'A')
248    return(ch - 'A' + 12);
249  if (ch > '9')
250    return(0);
251  if (ch >= '.')
252    return(ch - '.');
253  return(0);
254}
255
256struct Des_Context *
257des_ctx_init(void)
258{
259struct Des_Context *des_ctx;
260#ifdef REENTRANT
261  des_ctx = malloc(sizeof(*des_ctx));
262#else
263  des_ctx = &single;
264#endif
265  old_rawkey0 = old_rawkey1 = 0L;
266  saltbits = 0L;
267  old_salt = 0L;
268
269  return des_ctx;
270}
271
272static void
273des_init(void)
274{
275  int   i, j, b, k, inbit, obit;
276  u_int32_t     *p, *il, *ir, *fl, *fr;
277  static int des_initialised = 0;
278
279  if (des_initialised==1)
280      return;
281
282#ifndef REENTRANT
283  des_ctx_init();
284#endif
285
286  bits24 = (bits28 = bits32 + 4) + 4;
287
288  /*
289   * Invert the S-boxes, reordering the input bits.
290   */
291  for (i = 0; i < 8; i++)
292    for (j = 0; j < 64; j++) {
293      b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
294      u_sbox[i][j] = sbox[i][b];
295    }
296
297  /*
298   * Convert the inverted S-boxes into 4 arrays of 8 bits.
299   * Each will handle 12 bits of the S-box input.
300   */
301  for (b = 0; b < 4; b++)
302    for (i = 0; i < 64; i++)
303      for (j = 0; j < 64; j++)
304        m_sbox[b][(i << 6) | j] =
305          (u_char)((u_sbox[(b << 1)][i] << 4) |
306          u_sbox[(b << 1) + 1][j]);
307
308  /*
309   * Set up the initial & final permutations into a useful form, and
310   * initialise the inverted key permutation.
311   */
312  for (i = 0; i < 64; i++) {
313    init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
314    inv_key_perm[i] = 255;
315  }
316
317  /*
318   * Invert the key permutation and initialise the inverted key
319   * compression permutation.
320   */
321  for (i = 0; i < 56; i++) {
322    inv_key_perm[key_perm[i] - 1] = (u_char)i;
323    inv_comp_perm[i] = 255;
324  }
325
326  /*
327   * Invert the key compression permutation.
328   */
329  for (i = 0; i < 48; i++) {
330    inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
331  }
332
333  /*
334   * Set up the OR-mask arrays for the initial and final permutations,
335   * and for the key initial and compression permutations.
336   */
337  for (k = 0; k < 8; k++) {
338    for (i = 0; i < 256; i++) {
339      *(il = &ip_maskl[k][i]) = 0L;
340      *(ir = &ip_maskr[k][i]) = 0L;
341      *(fl = &fp_maskl[k][i]) = 0L;
342      *(fr = &fp_maskr[k][i]) = 0L;
343      for (j = 0; j < 8; j++) {
344        inbit = 8 * k + j;
345        if (i & bits8[j]) {
346          if ((obit = init_perm[inbit]) < 32)
347            *il |= bits32[obit];
348          else
349            *ir |= bits32[obit-32];
350          if ((obit = final_perm[inbit]) < 32)
351            *fl |= bits32[obit];
352          else
353            *fr |= bits32[obit - 32];
354        }
355      }
356    }
357    for (i = 0; i < 128; i++) {
358      *(il = &key_perm_maskl[k][i]) = 0L;
359      *(ir = &key_perm_maskr[k][i]) = 0L;
360      for (j = 0; j < 7; j++) {
361        inbit = 8 * k + j;
362        if (i & bits8[j + 1]) {
363          if ((obit = inv_key_perm[inbit]) == 255)
364            continue;
365          if (obit < 28)
366            *il |= bits28[obit];
367          else
368            *ir |= bits28[obit - 28];
369        }
370      }
371      *(il = &comp_maskl[k][i]) = 0L;
372      *(ir = &comp_maskr[k][i]) = 0L;
373      for (j = 0; j < 7; j++) {
374        inbit = 7 * k + j;
375        if (i & bits8[j + 1]) {
376          if ((obit=inv_comp_perm[inbit]) == 255)
377            continue;
378          if (obit < 24)
379            *il |= bits24[obit];
380          else
381            *ir |= bits24[obit - 24];
382        }
383      }
384    }
385  }
386
387  /*
388   * Invert the P-box permutation, and convert into OR-masks for
389   * handling the output of the S-box arrays setup above.
390   */
391  for (i = 0; i < 32; i++)
392    un_pbox[pbox[i] - 1] = (u_char)i;
393
394  for (b = 0; b < 4; b++)
395    for (i = 0; i < 256; i++) {
396      *(p = &psbox[b][i]) = 0L;
397      for (j = 0; j < 8; j++) {
398        if (i & bits8[j])
399          *p |= bits32[un_pbox[8 * b + j]];
400      }
401    }
402
403  des_initialised = 1;
404}
405
406
407static void
408setup_salt(long salt, struct Des_Context *des_ctx)
409{
410  u_int32_t     obit, saltbit;
411  int   i;
412
413  if (salt == old_salt)
414    return;
415  old_salt = salt;
416
417  saltbits = 0L;
418  saltbit = 1;
419  obit = 0x800000;
420  for (i = 0; i < 24; i++) {
421    if (salt & saltbit)
422      saltbits |= obit;
423    saltbit <<= 1;
424    obit >>= 1;
425  }
426}
427
428
429static int
430des_setkey(const char *key, struct Des_Context *des_ctx)
431{
432  u_int32_t     k0, k1, rawkey0, rawkey1;
433  int           shifts, round;
434
435  des_init();
436
437  rawkey0 = ntohl(*(const u_int32_t *) key);
438  rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
439
440  if ((rawkey0 | rawkey1)
441      && rawkey0 == old_rawkey0
442      && rawkey1 == old_rawkey1) {
443    /*
444     * Already setup for this key.
445     * This optimisation fails on a zero key (which is weak and
446     * has bad parity anyway) in order to simplify the starting
447     * conditions.
448     */
449    return(0);
450  }
451  old_rawkey0 = rawkey0;
452  old_rawkey1 = rawkey1;
453
454  /*
455   *    Do key permutation and split into two 28-bit subkeys.
456   */
457  k0 = key_perm_maskl[0][rawkey0 >> 25]
458     | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
459     | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
460     | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
461     | key_perm_maskl[4][rawkey1 >> 25]
462     | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
463     | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
464     | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
465  k1 = key_perm_maskr[0][rawkey0 >> 25]
466     | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
467     | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
468     | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
469     | key_perm_maskr[4][rawkey1 >> 25]
470     | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
471     | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
472     | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
473  /*
474   *    Rotate subkeys and do compression permutation.
475   */
476  shifts = 0;
477  for (round = 0; round < 16; round++) {
478    u_int32_t   t0, t1;
479
480    shifts += key_shifts[round];
481
482    t0 = (k0 << shifts) | (k0 >> (28 - shifts));
483    t1 = (k1 << shifts) | (k1 >> (28 - shifts));
484
485    de_keysl[15 - round] =
486    en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
487        | comp_maskl[1][(t0 >> 14) & 0x7f]
488        | comp_maskl[2][(t0 >> 7) & 0x7f]
489        | comp_maskl[3][t0 & 0x7f]
490        | comp_maskl[4][(t1 >> 21) & 0x7f]
491        | comp_maskl[5][(t1 >> 14) & 0x7f]
492        | comp_maskl[6][(t1 >> 7) & 0x7f]
493        | comp_maskl[7][t1 & 0x7f];
494
495    de_keysr[15 - round] =
496    en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
497        | comp_maskr[1][(t0 >> 14) & 0x7f]
498        | comp_maskr[2][(t0 >> 7) & 0x7f]
499        | comp_maskr[3][t0 & 0x7f]
500        | comp_maskr[4][(t1 >> 21) & 0x7f]
501        | comp_maskr[5][(t1 >> 14) & 0x7f]
502        | comp_maskr[6][(t1 >> 7) & 0x7f]
503        | comp_maskr[7][t1 & 0x7f];
504  }
505  return(0);
506}
507
508
509static int
510do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count, struct Des_Context *des_ctx)
511{
512  /*
513   *    l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
514   */
515  u_int32_t     l, r, *kl, *kr, *kl1, *kr1;
516  u_int32_t     f, r48l, r48r;
517  int           round;
518
519  if (count == 0) {
520    return(1);
521  } else if (count > 0) {
522    /*
523     * Encrypting
524     */
525    kl1 = en_keysl;
526    kr1 = en_keysr;
527  } else {
528    /*
529     * Decrypting
530     */
531    count = -count;
532    kl1 = de_keysl;
533    kr1 = de_keysr;
534  }
535
536  /*
537   *    Do initial permutation (IP).
538   */
539  l = ip_maskl[0][l_in >> 24]
540    | ip_maskl[1][(l_in >> 16) & 0xff]
541    | ip_maskl[2][(l_in >> 8) & 0xff]
542    | ip_maskl[3][l_in & 0xff]
543    | ip_maskl[4][r_in >> 24]
544    | ip_maskl[5][(r_in >> 16) & 0xff]
545    | ip_maskl[6][(r_in >> 8) & 0xff]
546    | ip_maskl[7][r_in & 0xff];
547  r = ip_maskr[0][l_in >> 24]
548    | ip_maskr[1][(l_in >> 16) & 0xff]
549    | ip_maskr[2][(l_in >> 8) & 0xff]
550    | ip_maskr[3][l_in & 0xff]
551    | ip_maskr[4][r_in >> 24]
552    | ip_maskr[5][(r_in >> 16) & 0xff]
553    | ip_maskr[6][(r_in >> 8) & 0xff]
554    | ip_maskr[7][r_in & 0xff];
555
556  while (count--) {
557    /*
558     * Do each round.
559     */
560    kl = kl1;
561    kr = kr1;
562    round = 16;
563    while (round--) {
564      /*
565       * Expand R to 48 bits (simulate the E-box).
566       */
567      r48l      = ((r & 0x00000001) << 23)
568        | ((r & 0xf8000000) >> 9)
569        | ((r & 0x1f800000) >> 11)
570        | ((r & 0x01f80000) >> 13)
571        | ((r & 0x001f8000) >> 15);
572
573      r48r      = ((r & 0x0001f800) << 7)
574        | ((r & 0x00001f80) << 5)
575        | ((r & 0x000001f8) << 3)
576        | ((r & 0x0000001f) << 1)
577        | ((r & 0x80000000) >> 31);
578      /*
579       * Do salting for crypt() and friends, and
580       * XOR with the permuted key.
581       */
582      f = (r48l ^ r48r) & saltbits;
583      r48l ^= f ^ *kl++;
584      r48r ^= f ^ *kr++;
585      /*
586       * Do sbox lookups (which shrink it back to 32 bits)
587       * and do the pbox permutation at the same time.
588       */
589      f = psbox[0][m_sbox[0][r48l >> 12]]
590        | psbox[1][m_sbox[1][r48l & 0xfff]]
591        | psbox[2][m_sbox[2][r48r >> 12]]
592        | psbox[3][m_sbox[3][r48r & 0xfff]];
593      /*
594       * Now that we've permuted things, complete f().
595       */
596      f ^= l;
597      l = r;
598      r = f;
599    }
600    r = l;
601    l = f;
602  }
603  /*
604   * Do final permutation (inverse of IP).
605   */
606  *l_out        = fp_maskl[0][l >> 24]
607    | fp_maskl[1][(l >> 16) & 0xff]
608    | fp_maskl[2][(l >> 8) & 0xff]
609    | fp_maskl[3][l & 0xff]
610    | fp_maskl[4][r >> 24]
611    | fp_maskl[5][(r >> 16) & 0xff]
612    | fp_maskl[6][(r >> 8) & 0xff]
613    | fp_maskl[7][r & 0xff];
614  *r_out        = fp_maskr[0][l >> 24]
615    | fp_maskr[1][(l >> 16) & 0xff]
616    | fp_maskr[2][(l >> 8) & 0xff]
617    | fp_maskr[3][l & 0xff]
618    | fp_maskr[4][r >> 24]
619    | fp_maskr[5][(r >> 16) & 0xff]
620    | fp_maskr[6][(r >> 8) & 0xff]
621    | fp_maskr[7][r & 0xff];
622  return(0);
623}
624
625
626#if 0
627static int
628des_cipher(const char *in, char *out, u_int32_t salt, int count)
629{
630  u_int32_t     l_out, r_out, rawl, rawr;
631  int           retval;
632  union {
633    u_int32_t   *ui32;
634    const char  *c;
635  } trans;
636
637  des_init();
638
639  setup_salt(salt);
640
641  trans.c = in;
642  rawl = ntohl(*trans.ui32++);
643  rawr = ntohl(*trans.ui32);
644
645  retval = do_des(rawl, rawr, &l_out, &r_out, count);
646
647  trans.c = out;
648  *trans.ui32++ = htonl(l_out);
649  *trans.ui32 = htonl(r_out);
650  return(retval);
651}
652#endif
653
654
655#ifndef REENTRANT
656void
657setkey(const char *key)
658{
659  int   i, j;
660  u_int32_t     packed_keys[2];
661  u_char        *p;
662
663  p = (u_char *) packed_keys;
664
665  for (i = 0; i < 8; i++) {
666    p[i] = 0;
667    for (j = 0; j < 8; j++)
668      if (*key++ & 1)
669        p[i] |= bits8[j];
670  }
671  des_setkey(p, &single);
672}
673#endif
674
675
676#ifndef REENTRANT
677void
678encrypt(char *block, int flag)
679{
680  u_int32_t     io[2];
681  u_char        *p;
682  int   i, j;
683
684  des_init();
685
686  setup_salt(0L, &single);
687  p = block;
688  for (i = 0; i < 2; i++) {
689    io[i] = 0L;
690    for (j = 0; j < 32; j++)
691      if (*p++ & 1)
692        io[i] |= bits32[j];
693  }
694  do_des(io[0], io[1], io, io + 1, flag ? -1 : 1, &single);
695  for (i = 0; i < 2; i++)
696    for (j = 0; j < 32; j++)
697      block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
698}
699
700#endif
701
702char *
703__des_crypt_r(const char *key, const char *setting, char *output, int sz)
704{
705  char *rval = 0;
706  struct Des_Context *des_ctx;
707  u_int32_t     count, salt, l, r0, r1, keybuf[2];
708  u_char                *p, *q;
709
710  if (sz < 21)
711    return NULL;
712
713  des_init();
714  des_ctx = des_ctx_init();
715
716  /*
717   * Copy the key, shifting each character up by one bit
718   * and padding with zeros.
719   */
720  q = (u_char *)keybuf;
721  while (q - (u_char *)keybuf - 8) {
722    *q++ = *key << 1;
723    if (*(q - 1))
724      key++;
725  }
726  if (des_setkey((char *)keybuf, des_ctx))
727    goto bailout;
728
729#if 0
730  if (*setting == _PASSWORD_EFMT1) {
731    int         i;
732    /*
733     * "new"-style:
734     *  setting - underscore, 4 bytes of count, 4 bytes of salt
735     *  key - unlimited characters
736     */
737    for (i = 1, count = 0L; i < 5; i++)
738      count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
739
740    for (i = 5, salt = 0L; i < 9; i++)
741      salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
742
743    while (*key) {
744      /*
745       * Encrypt the key with itself.
746       */
747      if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
748        goto bailout;
749      /*
750       * And XOR with the next 8 characters of the key.
751       */
752      q = (u_char *)keybuf;
753      while (q - (u_char *)keybuf - 8 && *key)
754        *q++ ^= *key++ << 1;
755
756      if (des_setkey((char *)keybuf))
757        goto bailout;
758    }
759    strncpy(output, setting, 9);
760
761    /*
762     * Double check that we weren't given a short setting.
763     * If we were, the above code will probably have created
764     * wierd values for count and salt, but we don't really care.
765     * Just make sure the output string doesn't have an extra
766     * NUL in it.
767     */
768    output[9] = '\0';
769    p = (u_char *)output + strlen(output);
770  } else
771#endif
772  {
773    /*
774     * "old"-style:
775     *  setting - 2 bytes of salt
776     *  key - up to 8 characters
777     */
778    count = 25;
779
780    salt = (ascii_to_bin(setting[1]) << 6)
781         |  ascii_to_bin(setting[0]);
782
783    output[0] = setting[0];
784    /*
785     * If the encrypted password that the salt was extracted from
786     * is only 1 character long, the salt will be corrupted.  We
787     * need to ensure that the output string doesn't have an extra
788     * NUL in it!
789     */
790    output[1] = setting[1] ? setting[1] : output[0];
791
792    p = (u_char *)output + 2;
793  }
794  setup_salt(salt, des_ctx);
795  /*
796   * Do it.
797   */
798  if (do_des(0L, 0L, &r0, &r1, (int)count, des_ctx))
799    goto bailout;
800  /*
801   * Now encode the result...
802   */
803  l = (r0 >> 8);
804  *p++ = ascii64[(l >> 18) & 0x3f];
805  *p++ = ascii64[(l >> 12) & 0x3f];
806  *p++ = ascii64[(l >> 6) & 0x3f];
807  *p++ = ascii64[l & 0x3f];
808
809  l = (r0 << 16) | ((r1 >> 16) & 0xffff);
810  *p++ = ascii64[(l >> 18) & 0x3f];
811  *p++ = ascii64[(l >> 12) & 0x3f];
812  *p++ = ascii64[(l >> 6) & 0x3f];
813  *p++ = ascii64[l & 0x3f];
814
815  l = r1 << 2;
816  *p++ = ascii64[(l >> 12) & 0x3f];
817  *p++ = ascii64[(l >> 6) & 0x3f];
818  *p++ = ascii64[l & 0x3f];
819  *p = 0;
820
821  rval = output;
822bailout:
823  free(des_ctx);
824  return rval;
825}
826
827char *
828__des_crypt(const char *key, const char *setting)
829{
830  static char   output[21];
831  return __des_crypt_r(key, setting, output, sizeof(output));
832}
833
834
835#ifdef DEBUG
836
837void
838des_snap(void **pf, void **pd)
839{
840  *pf = malloc(sizeof(struct fixed));
841  memcpy(*pf, &des_f, sizeof(des_f));
842//      *pd = malloc(sizeof(struct Des_Context));
843//      memcpy(*pd, &des_ctx, sizeof(des_ctx));
844}
845
846void
847des_check(void *pf, void *pd)
848{
849  printf("Fixed: do%s differ"/*", Context: do%s differ"*/"\n",
850      memcmp(pf, &des_f, sizeof(des_f)) ? "" : "nt"
851//                      ,memcmp(pd, &des_ctx, sizeof(des_ctx)) ? "" : "nt"
852      );
853}
854
855#endif
Note: See TracBrowser for help on using the repository browser.