source: rtems/cpukit/telnetd/des.c @ 94e04b5

5
Last change on this file since 94e04b5 was f4c59d0, checked in by Sebastian Huber <sebastian.huber@…>, on 04/25/16 at 06:08:35

telnetd: Fix warnings

  • Property mode set to 100644
File size: 23.2 KB
Line 
1/*
2 * FreeSec: libcrypt for NetBSD
3 *
4 * Copyright (c) 1994 David Burren
5 * All rights reserved.
6 *
7 * Ported to RTEMS and made reentrant by Till Straumann, 9/2003
8 *
9 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
10 *      this file should now *only* export crypt(), in order to make
11 *      binaries of libcrypt exportable from the USA
12 *
13 * Adapted for FreeBSD-4.0 by Mark R V Murray
14 *      this file should now *only* export crypt_des(), in order to make
15 *      a module that can be optionally included in libcrypt.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 *    notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 *    notice, this list of conditions and the following disclaimer in the
24 *    documentation and/or other materials provided with the distribution.
25 * 3. Neither the name of the author nor the names of other contributors
26 *    may be used to endorse or promote products derived from this software
27 *    without specific prior written permission.
28 *
29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * SUCH DAMAGE.
40 *
41 * This is an original implementation of the DES and the crypt(3) interfaces
42 * by David Burren <davidb@werj.com.au>.
43 *
44 * An excellent reference on the underlying algorithm (and related
45 * algorithms) is:
46 *
47 *      B. Schneier, Applied Cryptography: protocols, algorithms,
48 *      and source code in C, John Wiley & Sons, 1994.
49 *
50 * Note that in that book's description of DES the lookups for the initial,
51 * pbox, and final permutations are inverted (this has been brought to the
52 * attention of the author).  A list of errata for this book has been
53 * posted to the sci.crypt newsgroup by the author and is available for FTP.
54 *
55 * ARCHITECTURE ASSUMPTIONS:
56 *      It is assumed that the 8-byte arrays passed by reference can be
57 *      addressed as arrays of u_int32_t's (ie. the CPU is not picky about
58 *      alignment).
59 */
60
61#ifdef HAVE_CONFIG_H
62#include "config.h"
63#endif
64
65#define __FORCE_GLIBC
66#include <sys/cdefs.h>
67#include <sys/types.h>
68#include <sys/param.h>
69#include <netinet/in.h>
70#ifndef __rtems__
71#include <pwd.h>
72#include <crypt.h>
73#endif
74#include <string.h>
75#include <stdlib.h>
76
77#include "des.h"
78
79#define REENTRANT
80/* Re-entrantify me -- all this junk needs to be in
81 * struct crypt_data to make this really reentrant... */
82
83/* TS; not really - only the stuff in Des_Context */
84static struct fixed1 {
85u_char  inv_key_perm[64];
86u_char  inv_comp_perm[56];
87u_char  u_sbox[8][64];
88u_char  un_pbox[32];
89} des1_f;
90static struct fixed2 {
91u_int32_t ip_maskl[8][256], ip_maskr[8][256];
92} des2_f;
93static struct fixed3 {
94u_int32_t fp_maskl[8][256], fp_maskr[8][256];
95} des3_f;
96static struct fixed4 {
97u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
98u_int32_t comp_maskl[8][128], comp_maskr[8][128];
99} des4_f;
100
101#define inv_key_perm des1_f.inv_key_perm
102#define inv_comp_perm des1_f.inv_comp_perm
103#define u_sbox des1_f.u_sbox
104#define un_pbox des1_f.un_pbox
105#define ip_maskl des2_f.ip_maskl
106#define ip_maskr des2_f.ip_maskr
107#define fp_maskl des3_f.fp_maskl
108#define fp_maskr des3_f.fp_maskr
109#define key_perm_maskl des4_f.key_perm_maskl
110#define key_perm_maskr des4_f.key_perm_maskr
111#define comp_maskl des4_f.comp_maskl
112#define comp_maskr des4_f.comp_maskr
113
114/* These need to be maintained per-process */
115struct Des_Context {
116u_int32_t en_keysl[16], en_keysr[16];
117u_int32_t de_keysl[16], de_keysr[16];
118u_int32_t saltbits;
119u_int32_t old_salt;
120u_int32_t old_rawkey0, old_rawkey1;
121};
122
123#ifndef REENTRANT
124static struct Des_Context single;
125#endif
126
127#define en_keysl des_ctx->en_keysl
128#define en_keysr des_ctx->en_keysr
129#define de_keysl des_ctx->de_keysl
130#define de_keysr des_ctx->de_keysr
131#define saltbits des_ctx->saltbits
132#define old_salt des_ctx->old_salt
133#define old_rawkey0 des_ctx->old_rawkey0
134#define old_rawkey1 des_ctx->old_rawkey1
135
136/* Static stuff that stays resident and doesn't change after
137 * being initialized, and therefore doesn't need to be made
138 * reentrant. */
139static u_char   init_perm[64], final_perm[64];
140static u_char   m_sbox[4][4096];
141static u_int32_t psbox[4][256];
142
143
144
145
146/* A pile of data */
147static const u_char     ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
148
149static const u_char     IP[64] = {
150  58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12,  4,
151  62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16,  8,
152  57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11,  3,
153  61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15,  7
154};
155
156static const u_char     key_perm[56] = {
157  57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
158  10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
159  63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
160  14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
161};
162
163static const u_char     key_shifts[16] = {
164  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
165};
166
167static const u_char     comp_perm[48] = {
168  14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
169  23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
170  41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
171  44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
172};
173
174/*
175 *      No E box is used, as it's replaced by some ANDs, shifts, and ORs.
176 */
177
178static const u_char     sbox[8][64] = {
179  {
180    14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7,
181     0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8,
182     4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0,
183    15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13
184  },
185  {
186    15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10,
187     3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5,
188     0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15,
189    13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9
190  },
191  {
192    10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8,
193    13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1,
194    13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7,
195     1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12
196  },
197  {
198     7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15,
199    13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9,
200    10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4,
201     3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14
202  },
203  {
204     2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9,
205    14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6,
206     4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14,
207    11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3
208  },
209  {
210    12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11,
211    10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8,
212     9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6,
213     4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13
214  },
215  {
216     4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1,
217    13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6,
218     1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2,
219     6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12
220  },
221  {
222    13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7,
223     1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2,
224     7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8,
225     2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11
226  }
227};
228
229static const u_char     pbox[32] = {
230  16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
231   2,  8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
232};
233
234static const u_int32_t bits32[32] =
235{
236  0x80000000, 0x40000000, 0x20000000, 0x10000000,
237  0x08000000, 0x04000000, 0x02000000, 0x01000000,
238  0x00800000, 0x00400000, 0x00200000, 0x00100000,
239  0x00080000, 0x00040000, 0x00020000, 0x00010000,
240  0x00008000, 0x00004000, 0x00002000, 0x00001000,
241  0x00000800, 0x00000400, 0x00000200, 0x00000100,
242  0x00000080, 0x00000040, 0x00000020, 0x00000010,
243  0x00000008, 0x00000004, 0x00000002, 0x00000001
244};
245
246static const u_char     bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
247static const u_int32_t *bits28, *bits24;
248
249
250static int
251ascii_to_bin(char ch)
252{
253  if (ch > 'z')
254    return(0);
255  if (ch >= 'a')
256    return(ch - 'a' + 38);
257  if (ch > 'Z')
258    return(0);
259  if (ch >= 'A')
260    return(ch - 'A' + 12);
261  if (ch > '9')
262    return(0);
263  if (ch >= '.')
264    return(ch - '.');
265  return(0);
266}
267
268static struct Des_Context *
269des_ctx_init(void)
270{
271struct Des_Context *des_ctx;
272#ifdef REENTRANT
273  des_ctx = malloc(sizeof(*des_ctx));
274#else
275  des_ctx = &single;
276#endif
277  old_rawkey0 = old_rawkey1 = 0L;
278  saltbits = 0L;
279  old_salt = 0L;
280
281  return des_ctx;
282}
283
284static void
285des_init(void)
286{
287  int   i, j, b, k, inbit, obit;
288  u_int32_t     *p, *il, *ir, *fl, *fr;
289  static int des_initialised = 0;
290
291  if (des_initialised==1)
292      return;
293
294#ifndef REENTRANT
295  des_ctx_init();
296#endif
297
298  bits24 = (bits28 = bits32 + 4) + 4;
299
300  /*
301   * Invert the S-boxes, reordering the input bits.
302   */
303  for (i = 0; i < 8; i++)
304    for (j = 0; j < 64; j++) {
305      b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
306      u_sbox[i][j] = sbox[i][b];
307    }
308
309  /*
310   * Convert the inverted S-boxes into 4 arrays of 8 bits.
311   * Each will handle 12 bits of the S-box input.
312   */
313  for (b = 0; b < 4; b++)
314    for (i = 0; i < 64; i++)
315      for (j = 0; j < 64; j++)
316        m_sbox[b][(i << 6) | j] =
317          (u_char)((u_sbox[(b << 1)][i] << 4) |
318          u_sbox[(b << 1) + 1][j]);
319
320  /*
321   * Set up the initial & final permutations into a useful form, and
322   * initialise the inverted key permutation.
323   */
324  for (i = 0; i < 64; i++) {
325    init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
326    inv_key_perm[i] = 255;
327  }
328
329  /*
330   * Invert the key permutation and initialise the inverted key
331   * compression permutation.
332   */
333  for (i = 0; i < 56; i++) {
334    inv_key_perm[key_perm[i] - 1] = (u_char)i;
335    inv_comp_perm[i] = 255;
336  }
337
338  /*
339   * Invert the key compression permutation.
340   */
341  for (i = 0; i < 48; i++) {
342    inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
343  }
344
345  /*
346   * Set up the OR-mask arrays for the initial and final permutations,
347   * and for the key initial and compression permutations.
348   */
349  for (k = 0; k < 8; k++) {
350    for (i = 0; i < 256; i++) {
351      *(il = &ip_maskl[k][i]) = 0L;
352      *(ir = &ip_maskr[k][i]) = 0L;
353      *(fl = &fp_maskl[k][i]) = 0L;
354      *(fr = &fp_maskr[k][i]) = 0L;
355      for (j = 0; j < 8; j++) {
356        inbit = 8 * k + j;
357        if (i & bits8[j]) {
358          if ((obit = init_perm[inbit]) < 32)
359            *il |= bits32[obit];
360          else
361            *ir |= bits32[obit-32];
362          if ((obit = final_perm[inbit]) < 32)
363            *fl |= bits32[obit];
364          else
365            *fr |= bits32[obit - 32];
366        }
367      }
368    }
369    for (i = 0; i < 128; i++) {
370      *(il = &key_perm_maskl[k][i]) = 0L;
371      *(ir = &key_perm_maskr[k][i]) = 0L;
372      for (j = 0; j < 7; j++) {
373        inbit = 8 * k + j;
374        if (i & bits8[j + 1]) {
375          if ((obit = inv_key_perm[inbit]) == 255)
376            continue;
377          if (obit < 28)
378            *il |= bits28[obit];
379          else
380            *ir |= bits28[obit - 28];
381        }
382      }
383      *(il = &comp_maskl[k][i]) = 0L;
384      *(ir = &comp_maskr[k][i]) = 0L;
385      for (j = 0; j < 7; j++) {
386        inbit = 7 * k + j;
387        if (i & bits8[j + 1]) {
388          if ((obit=inv_comp_perm[inbit]) == 255)
389            continue;
390          if (obit < 24)
391            *il |= bits24[obit];
392          else
393            *ir |= bits24[obit - 24];
394        }
395      }
396    }
397  }
398
399  /*
400   * Invert the P-box permutation, and convert into OR-masks for
401   * handling the output of the S-box arrays setup above.
402   */
403  for (i = 0; i < 32; i++)
404    un_pbox[pbox[i] - 1] = (u_char)i;
405
406  for (b = 0; b < 4; b++)
407    for (i = 0; i < 256; i++) {
408      *(p = &psbox[b][i]) = 0L;
409      for (j = 0; j < 8; j++) {
410        if (i & bits8[j])
411          *p |= bits32[un_pbox[8 * b + j]];
412      }
413    }
414
415  des_initialised = 1;
416}
417
418
419static void
420setup_salt(long salt, struct Des_Context *des_ctx)
421{
422  u_int32_t     obit, saltbit;
423  int   i;
424
425  if (salt == old_salt)
426    return;
427  old_salt = salt;
428
429  saltbits = 0L;
430  saltbit = 1;
431  obit = 0x800000;
432  for (i = 0; i < 24; i++) {
433    if (salt & saltbit)
434      saltbits |= obit;
435    saltbit <<= 1;
436    obit >>= 1;
437  }
438}
439
440
441static int
442des_setkey(const char *key, struct Des_Context *des_ctx)
443{
444  u_int32_t     k0, k1, rawkey0, rawkey1;
445  int           shifts, round;
446
447  des_init();
448
449  rawkey0 = ntohl(*(const u_int32_t *) key);
450  rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
451
452  if ((rawkey0 | rawkey1)
453      && rawkey0 == old_rawkey0
454      && rawkey1 == old_rawkey1) {
455    /*
456     * Already setup for this key.
457     * This optimisation fails on a zero key (which is weak and
458     * has bad parity anyway) in order to simplify the starting
459     * conditions.
460     */
461    return(0);
462  }
463  old_rawkey0 = rawkey0;
464  old_rawkey1 = rawkey1;
465
466  /*
467   *    Do key permutation and split into two 28-bit subkeys.
468   */
469  k0 = key_perm_maskl[0][rawkey0 >> 25]
470     | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
471     | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
472     | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
473     | key_perm_maskl[4][rawkey1 >> 25]
474     | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
475     | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
476     | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
477  k1 = key_perm_maskr[0][rawkey0 >> 25]
478     | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
479     | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
480     | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
481     | key_perm_maskr[4][rawkey1 >> 25]
482     | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
483     | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
484     | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
485  /*
486   *    Rotate subkeys and do compression permutation.
487   */
488  shifts = 0;
489  for (round = 0; round < 16; round++) {
490    u_int32_t   t0, t1;
491
492    shifts += key_shifts[round];
493
494    t0 = (k0 << shifts) | (k0 >> (28 - shifts));
495    t1 = (k1 << shifts) | (k1 >> (28 - shifts));
496
497    de_keysl[15 - round] =
498    en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
499        | comp_maskl[1][(t0 >> 14) & 0x7f]
500        | comp_maskl[2][(t0 >> 7) & 0x7f]
501        | comp_maskl[3][t0 & 0x7f]
502        | comp_maskl[4][(t1 >> 21) & 0x7f]
503        | comp_maskl[5][(t1 >> 14) & 0x7f]
504        | comp_maskl[6][(t1 >> 7) & 0x7f]
505        | comp_maskl[7][t1 & 0x7f];
506
507    de_keysr[15 - round] =
508    en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
509        | comp_maskr[1][(t0 >> 14) & 0x7f]
510        | comp_maskr[2][(t0 >> 7) & 0x7f]
511        | comp_maskr[3][t0 & 0x7f]
512        | comp_maskr[4][(t1 >> 21) & 0x7f]
513        | comp_maskr[5][(t1 >> 14) & 0x7f]
514        | comp_maskr[6][(t1 >> 7) & 0x7f]
515        | comp_maskr[7][t1 & 0x7f];
516  }
517  return(0);
518}
519
520
521static int
522do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count, struct Des_Context *des_ctx)
523{
524  /*
525   *    l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
526   */
527  u_int32_t     l, r, *kl, *kr, *kl1, *kr1;
528  u_int32_t     f, r48l, r48r;
529  int           round;
530
531  if (count == 0) {
532    return(1);
533  } else if (count > 0) {
534    /*
535     * Encrypting
536     */
537    kl1 = en_keysl;
538    kr1 = en_keysr;
539  } else {
540    /*
541     * Decrypting
542     */
543    count = -count;
544    kl1 = de_keysl;
545    kr1 = de_keysr;
546  }
547
548  /*
549   *    Do initial permutation (IP).
550   */
551  l = ip_maskl[0][l_in >> 24]
552    | ip_maskl[1][(l_in >> 16) & 0xff]
553    | ip_maskl[2][(l_in >> 8) & 0xff]
554    | ip_maskl[3][l_in & 0xff]
555    | ip_maskl[4][r_in >> 24]
556    | ip_maskl[5][(r_in >> 16) & 0xff]
557    | ip_maskl[6][(r_in >> 8) & 0xff]
558    | ip_maskl[7][r_in & 0xff];
559  r = ip_maskr[0][l_in >> 24]
560    | ip_maskr[1][(l_in >> 16) & 0xff]
561    | ip_maskr[2][(l_in >> 8) & 0xff]
562    | ip_maskr[3][l_in & 0xff]
563    | ip_maskr[4][r_in >> 24]
564    | ip_maskr[5][(r_in >> 16) & 0xff]
565    | ip_maskr[6][(r_in >> 8) & 0xff]
566    | ip_maskr[7][r_in & 0xff];
567
568  while (count--) {
569    /*
570     * Do each round.
571     */
572    kl = kl1;
573    kr = kr1;
574    round = 16;
575    while (round--) {
576      /*
577       * Expand R to 48 bits (simulate the E-box).
578       */
579      r48l      = ((r & 0x00000001) << 23)
580        | ((r & 0xf8000000) >> 9)
581        | ((r & 0x1f800000) >> 11)
582        | ((r & 0x01f80000) >> 13)
583        | ((r & 0x001f8000) >> 15);
584
585      r48r      = ((r & 0x0001f800) << 7)
586        | ((r & 0x00001f80) << 5)
587        | ((r & 0x000001f8) << 3)
588        | ((r & 0x0000001f) << 1)
589        | ((r & 0x80000000) >> 31);
590      /*
591       * Do salting for crypt() and friends, and
592       * XOR with the permuted key.
593       */
594      f = (r48l ^ r48r) & saltbits;
595      r48l ^= f ^ *kl++;
596      r48r ^= f ^ *kr++;
597      /*
598       * Do sbox lookups (which shrink it back to 32 bits)
599       * and do the pbox permutation at the same time.
600       */
601      f = psbox[0][m_sbox[0][r48l >> 12]]
602        | psbox[1][m_sbox[1][r48l & 0xfff]]
603        | psbox[2][m_sbox[2][r48r >> 12]]
604        | psbox[3][m_sbox[3][r48r & 0xfff]];
605      /*
606       * Now that we've permuted things, complete f().
607       */
608      f ^= l;
609      l = r;
610      r = f;
611    }
612    r = l;
613    l = f;
614  }
615  /*
616   * Do final permutation (inverse of IP).
617   */
618  *l_out        = fp_maskl[0][l >> 24]
619    | fp_maskl[1][(l >> 16) & 0xff]
620    | fp_maskl[2][(l >> 8) & 0xff]
621    | fp_maskl[3][l & 0xff]
622    | fp_maskl[4][r >> 24]
623    | fp_maskl[5][(r >> 16) & 0xff]
624    | fp_maskl[6][(r >> 8) & 0xff]
625    | fp_maskl[7][r & 0xff];
626  *r_out        = fp_maskr[0][l >> 24]
627    | fp_maskr[1][(l >> 16) & 0xff]
628    | fp_maskr[2][(l >> 8) & 0xff]
629    | fp_maskr[3][l & 0xff]
630    | fp_maskr[4][r >> 24]
631    | fp_maskr[5][(r >> 16) & 0xff]
632    | fp_maskr[6][(r >> 8) & 0xff]
633    | fp_maskr[7][r & 0xff];
634  return(0);
635}
636
637
638#if 0
639static int
640des_cipher(const char *in, char *out, u_int32_t salt, int count)
641{
642  u_int32_t     l_out, r_out, rawl, rawr;
643  int           retval;
644  union {
645    u_int32_t   *ui32;
646    const char  *c;
647  } trans;
648
649  des_init();
650
651  setup_salt(salt);
652
653  trans.c = in;
654  rawl = ntohl(*trans.ui32++);
655  rawr = ntohl(*trans.ui32);
656
657  retval = do_des(rawl, rawr, &l_out, &r_out, count);
658
659  trans.c = out;
660  *trans.ui32++ = htonl(l_out);
661  *trans.ui32 = htonl(r_out);
662  return(retval);
663}
664#endif
665
666
667#ifndef REENTRANT
668void
669setkey(const char *key)
670{
671  int   i, j;
672  u_int32_t     packed_keys[2];
673  u_char        *p;
674
675  p = (u_char *) packed_keys;
676
677  for (i = 0; i < 8; i++) {
678    p[i] = 0;
679    for (j = 0; j < 8; j++)
680      if (*key++ & 1)
681        p[i] |= bits8[j];
682  }
683  des_setkey(p, &single);
684}
685#endif
686
687
688#ifndef REENTRANT
689void
690encrypt(char *block, int flag)
691{
692  u_int32_t     io[2];
693  u_char        *p;
694  int   i, j;
695
696  des_init();
697
698  setup_salt(0L, &single);
699  p = block;
700  for (i = 0; i < 2; i++) {
701    io[i] = 0L;
702    for (j = 0; j < 32; j++)
703      if (*p++ & 1)
704        io[i] |= bits32[j];
705  }
706  do_des(io[0], io[1], io, io + 1, flag ? -1 : 1, &single);
707  for (i = 0; i < 2; i++)
708    for (j = 0; j < 32; j++)
709      block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
710}
711
712#endif
713
714char *
715__des_crypt_r(const char *key, const char *setting, char *output, int sz)
716{
717  char *rval = 0;
718  struct Des_Context *des_ctx;
719  u_int32_t     count, salt, l, r0, r1, keybuf[2];
720  u_char                *p, *q;
721
722  if (sz < 21)
723    return NULL;
724
725  des_init();
726  des_ctx = des_ctx_init();
727
728  /*
729   * Copy the key, shifting each character up by one bit
730   * and padding with zeros.
731   */
732  q = (u_char *)keybuf;
733  while (q - (u_char *)keybuf - 8) {
734    *q++ = *key << 1;
735    if (*(q - 1))
736      key++;
737  }
738  if (des_setkey((char *)keybuf, des_ctx))
739    goto bailout;
740
741#if 0
742  if (*setting == _PASSWORD_EFMT1) {
743    int         i;
744    /*
745     * "new"-style:
746     *  setting - underscore, 4 bytes of count, 4 bytes of salt
747     *  key - unlimited characters
748     */
749    for (i = 1, count = 0L; i < 5; i++)
750      count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
751
752    for (i = 5, salt = 0L; i < 9; i++)
753      salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
754
755    while (*key) {
756      /*
757       * Encrypt the key with itself.
758       */
759      if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
760        goto bailout;
761      /*
762       * And XOR with the next 8 characters of the key.
763       */
764      q = (u_char *)keybuf;
765      while (q - (u_char *)keybuf - 8 && *key)
766        *q++ ^= *key++ << 1;
767
768      if (des_setkey((char *)keybuf))
769        goto bailout;
770    }
771    strncpy(output, setting, 9);
772
773    /*
774     * Double check that we weren't given a short setting.
775     * If we were, the above code will probably have created
776     * wierd values for count and salt, but we don't really care.
777     * Just make sure the output string doesn't have an extra
778     * NUL in it.
779     */
780    output[9] = '\0';
781    p = (u_char *)output + strlen(output);
782  } else
783#endif
784  {
785    /*
786     * "old"-style:
787     *  setting - 2 bytes of salt
788     *  key - up to 8 characters
789     */
790    count = 25;
791
792    salt = (ascii_to_bin(setting[1]) << 6)
793         |  ascii_to_bin(setting[0]);
794
795    output[0] = setting[0];
796    /*
797     * If the encrypted password that the salt was extracted from
798     * is only 1 character long, the salt will be corrupted.  We
799     * need to ensure that the output string doesn't have an extra
800     * NUL in it!
801     */
802    output[1] = setting[1] ? setting[1] : output[0];
803
804    p = (u_char *)output + 2;
805  }
806  setup_salt(salt, des_ctx);
807  /*
808   * Do it.
809   */
810  if (do_des(0L, 0L, &r0, &r1, (int)count, des_ctx))
811    goto bailout;
812  /*
813   * Now encode the result...
814   */
815  l = (r0 >> 8);
816  *p++ = ascii64[(l >> 18) & 0x3f];
817  *p++ = ascii64[(l >> 12) & 0x3f];
818  *p++ = ascii64[(l >> 6) & 0x3f];
819  *p++ = ascii64[l & 0x3f];
820
821  l = (r0 << 16) | ((r1 >> 16) & 0xffff);
822  *p++ = ascii64[(l >> 18) & 0x3f];
823  *p++ = ascii64[(l >> 12) & 0x3f];
824  *p++ = ascii64[(l >> 6) & 0x3f];
825  *p++ = ascii64[l & 0x3f];
826
827  l = r1 << 2;
828  *p++ = ascii64[(l >> 12) & 0x3f];
829  *p++ = ascii64[(l >> 6) & 0x3f];
830  *p++ = ascii64[l & 0x3f];
831  *p = 0;
832
833  rval = output;
834bailout:
835  free(des_ctx);
836  return rval;
837}
838
839#ifdef DEBUG
840
841void
842des_snap(void **pf, void **pd)
843{
844  uint8* pfc;
845  *pf = malloc(sizeof(struct fixed1) + sizeof(struct fixed2) + sizeof(struct fixed3) + sizeof(struct fixed4));
846  pfc = *pf;
847  memcpy(pfc, &des1_f, sizeof(des1_f));
848  pfc += sizeof(des1_f);
849  memcpy(pfc, &des2_f, sizeof(des2_f));
850  pfc += sizeof(des2_f);
851  memcpy(pfc, &des3_f, sizeof(des3_f));
852  pfc += sizeof(des3_f);
853  memcpy(pfc, &des4_f, sizeof(des4_f));
854//      *pd = malloc(sizeof(struct Des_Context));
855//      memcpy(*pd, &des_ctx, sizeof(des_ctx));
856}
857
858void
859des_check(void *pf, void *pd)
860{
861  uint8* pfc1, pfc2, pfc3, pfc4;
862  pfc1 = pf;
863  pfc2 = pfc1 + sizeof(des1_f);
864  pfc3 = pfc2 + sizeof(des2_f);
865  pfc4 = pfc3 + sizeof(des3_f);
866  printf("Fixed: do%s differ"/*", Context: do%s differ"*/"\n",
867         (memcmp(pfc1, &des1_f, sizeof(des1_f)) ||
868          memcmp(pfc2, &des2_f, sizeof(des2_f)) ||
869          memcmp(pfc3, &des4_f, sizeof(des3_f)) ||
870          memcmp(pfc4, &des4_f, sizeof(des4_f))) ? "" : "nt");
871}
872
873#endif
Note: See TracBrowser for help on using the repository browser.