1 /*
2 * FreeSec: libcrypt for NetBSD
3 *
4 * Copyright (c) 1994 David Burren
5 * All rights reserved.
6 *
7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8 * this file should now *only* export crypt(), in order to make
9 * binaries of libcrypt exportable from the USA
10 *
11 * Adapted for FreeBSD-4.0 by Mark R V Murray
12 * this file should now *only* export crypt_des(), in order to make
13 * a module that can be optionally included in libcrypt.
14 *
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
17 * are met:
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. Neither the name of the author nor the names of other contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
26 *
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
37 * SUCH DAMAGE.
38 *
39 * This is an original implementation of the DES and the crypt(3) interfaces
40 * by David Burren <[email protected]>.
41 *
42 * An excellent reference on the underlying algorithm (and related
43 * algorithms) is:
44 *
45 * B. Schneier, Applied Cryptography: protocols, algorithms,
46 * and source code in C, John Wiley & Sons, 1994.
47 *
48 * Note that in that book's description of DES the lookups for the initial,
49 * pbox, and final permutations are inverted (this has been brought to the
50 * attention of the author). A list of errata for this book has been
51 * posted to the sci.crypt newsgroup by the author and is available for FTP.
52 *
53 * ARCHITECTURE ASSUMPTIONS:
54 * It is assumed that the 8-byte arrays passed by reference can be
55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about
56 * alignment).
57 */
58
59 #include <sys/cdefs.h>
60 __FBSDID("$FreeBSD$");
61
62 #include <sys/types.h>
63 #include <sys/param.h>
64 #include <arpa/inet.h>
65 #include <pwd.h>
66 #include <string.h>
67 #include "crypt.h"
68
69 /* We can't always assume gcc */
70 #if defined(__GNUC__) && !defined(lint)
71 #define INLINE inline
72 #else
73 #define INLINE
74 #endif
75
76
77 static u_char IP[64] = {
78 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
79 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
80 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
81 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
82 };
83
84 static u_char inv_key_perm[64];
85 static u_char key_perm[56] = {
86 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
87 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
88 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
89 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
90 };
91
92 static u_char key_shifts[16] = {
93 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
94 };
95
96 static u_char inv_comp_perm[56];
97 static u_char comp_perm[48] = {
98 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
99 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
100 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
101 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
102 };
103
104 /*
105 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
106 */
107
108 static u_char u_sbox[8][64];
109 static u_char sbox[8][64] = {
110 {
111 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
112 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
113 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
114 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
115 },
116 {
117 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
118 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
119 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
120 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
121 },
122 {
123 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
124 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
125 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
126 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
127 },
128 {
129 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
130 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
131 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
132 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
133 },
134 {
135 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
136 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
137 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
138 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
139 },
140 {
141 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
142 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
143 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
144 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
145 },
146 {
147 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
148 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
149 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
150 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
151 },
152 {
153 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
154 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
155 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
156 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
157 }
158 };
159
160 static u_char un_pbox[32];
161 static u_char pbox[32] = {
162 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
163 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
164 };
165
166 static u_int32_t bits32[32] =
167 {
168 0x80000000, 0x40000000, 0x20000000, 0x10000000,
169 0x08000000, 0x04000000, 0x02000000, 0x01000000,
170 0x00800000, 0x00400000, 0x00200000, 0x00100000,
171 0x00080000, 0x00040000, 0x00020000, 0x00010000,
172 0x00008000, 0x00004000, 0x00002000, 0x00001000,
173 0x00000800, 0x00000400, 0x00000200, 0x00000100,
174 0x00000080, 0x00000040, 0x00000020, 0x00000010,
175 0x00000008, 0x00000004, 0x00000002, 0x00000001
176 };
177
178 static u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
179
180 static u_int32_t saltbits;
181 static u_int32_t old_salt;
182 static u_int32_t *bits28, *bits24;
183 static u_char init_perm[64], final_perm[64];
184 static u_int32_t en_keysl[16], en_keysr[16];
185 static u_int32_t de_keysl[16], de_keysr[16];
186 static int des_initialised = 0;
187 static u_char m_sbox[4][4096];
188 static u_int32_t psbox[4][256];
189 static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
190 static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
191 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
192 static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
193 static u_int32_t old_rawkey0, old_rawkey1;
194
195 static u_char ascii64[] =
196 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
197 /* 0000000000111111111122222222223333333333444444444455555555556666 */
198 /* 0123456789012345678901234567890123456789012345678901234567890123 */
199
200 static INLINE int
ascii_to_bin(char ch)201 ascii_to_bin(char ch)
202 {
203 if (ch > 'z')
204 return(0);
205 if (ch >= 'a')
206 return(ch - 'a' + 38);
207 if (ch > 'Z')
208 return(0);
209 if (ch >= 'A')
210 return(ch - 'A' + 12);
211 if (ch > '9')
212 return(0);
213 if (ch >= '.')
214 return(ch - '.');
215 return(0);
216 }
217
218 static void
des_init(void)219 des_init(void)
220 {
221 int i, j, b, k, inbit, obit;
222 u_int32_t *p, *il, *ir, *fl, *fr;
223
224 old_rawkey0 = old_rawkey1 = 0L;
225 saltbits = 0L;
226 old_salt = 0L;
227 bits24 = (bits28 = bits32 + 4) + 4;
228
229 /*
230 * Invert the S-boxes, reordering the input bits.
231 */
232 for (i = 0; i < 8; i++)
233 for (j = 0; j < 64; j++) {
234 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
235 u_sbox[i][j] = sbox[i][b];
236 }
237
238 /*
239 * Convert the inverted S-boxes into 4 arrays of 8 bits.
240 * Each will handle 12 bits of the S-box input.
241 */
242 for (b = 0; b < 4; b++)
243 for (i = 0; i < 64; i++)
244 for (j = 0; j < 64; j++)
245 m_sbox[b][(i << 6) | j] =
246 (u_char)((u_sbox[(b << 1)][i] << 4) |
247 u_sbox[(b << 1) + 1][j]);
248
249 /*
250 * Set up the initial & final permutations into a useful form, and
251 * initialise the inverted key permutation.
252 */
253 for (i = 0; i < 64; i++) {
254 init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
255 inv_key_perm[i] = 255;
256 }
257
258 /*
259 * Invert the key permutation and initialise the inverted key
260 * compression permutation.
261 */
262 for (i = 0; i < 56; i++) {
263 inv_key_perm[key_perm[i] - 1] = (u_char)i;
264 inv_comp_perm[i] = 255;
265 }
266
267 /*
268 * Invert the key compression permutation.
269 */
270 for (i = 0; i < 48; i++) {
271 inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
272 }
273
274 /*
275 * Set up the OR-mask arrays for the initial and final permutations,
276 * and for the key initial and compression permutations.
277 */
278 for (k = 0; k < 8; k++) {
279 for (i = 0; i < 256; i++) {
280 *(il = &ip_maskl[k][i]) = 0L;
281 *(ir = &ip_maskr[k][i]) = 0L;
282 *(fl = &fp_maskl[k][i]) = 0L;
283 *(fr = &fp_maskr[k][i]) = 0L;
284 for (j = 0; j < 8; j++) {
285 inbit = 8 * k + j;
286 if (i & bits8[j]) {
287 if ((obit = init_perm[inbit]) < 32)
288 *il |= bits32[obit];
289 else
290 *ir |= bits32[obit-32];
291 if ((obit = final_perm[inbit]) < 32)
292 *fl |= bits32[obit];
293 else
294 *fr |= bits32[obit - 32];
295 }
296 }
297 }
298 for (i = 0; i < 128; i++) {
299 *(il = &key_perm_maskl[k][i]) = 0L;
300 *(ir = &key_perm_maskr[k][i]) = 0L;
301 for (j = 0; j < 7; j++) {
302 inbit = 8 * k + j;
303 if (i & bits8[j + 1]) {
304 if ((obit = inv_key_perm[inbit]) == 255)
305 continue;
306 if (obit < 28)
307 *il |= bits28[obit];
308 else
309 *ir |= bits28[obit - 28];
310 }
311 }
312 *(il = &comp_maskl[k][i]) = 0L;
313 *(ir = &comp_maskr[k][i]) = 0L;
314 for (j = 0; j < 7; j++) {
315 inbit = 7 * k + j;
316 if (i & bits8[j + 1]) {
317 if ((obit=inv_comp_perm[inbit]) == 255)
318 continue;
319 if (obit < 24)
320 *il |= bits24[obit];
321 else
322 *ir |= bits24[obit - 24];
323 }
324 }
325 }
326 }
327
328 /*
329 * Invert the P-box permutation, and convert into OR-masks for
330 * handling the output of the S-box arrays setup above.
331 */
332 for (i = 0; i < 32; i++)
333 un_pbox[pbox[i] - 1] = (u_char)i;
334
335 for (b = 0; b < 4; b++)
336 for (i = 0; i < 256; i++) {
337 *(p = &psbox[b][i]) = 0L;
338 for (j = 0; j < 8; j++) {
339 if (i & bits8[j])
340 *p |= bits32[un_pbox[8 * b + j]];
341 }
342 }
343
344 des_initialised = 1;
345 }
346
347 static void
setup_salt(u_int32_t salt)348 setup_salt(u_int32_t salt)
349 {
350 u_int32_t obit, saltbit;
351 int i;
352
353 if (salt == old_salt)
354 return;
355 old_salt = salt;
356
357 saltbits = 0L;
358 saltbit = 1;
359 obit = 0x800000;
360 for (i = 0; i < 24; i++) {
361 if (salt & saltbit)
362 saltbits |= obit;
363 saltbit <<= 1;
364 obit >>= 1;
365 }
366 }
367
368 static int
des_setkey(const char * key)369 des_setkey(const char *key)
370 {
371 u_int32_t k0, k1, rawkey0, rawkey1;
372 int shifts, round;
373
374 if (!des_initialised)
375 des_init();
376
377 rawkey0 = ntohl(*(const u_int32_t *) key);
378 rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
379
380 if ((rawkey0 | rawkey1)
381 && rawkey0 == old_rawkey0
382 && rawkey1 == old_rawkey1) {
383 /*
384 * Already setup for this key.
385 * This optimisation fails on a zero key (which is weak and
386 * has bad parity anyway) in order to simplify the starting
387 * conditions.
388 */
389 return(0);
390 }
391 old_rawkey0 = rawkey0;
392 old_rawkey1 = rawkey1;
393
394 /*
395 * Do key permutation and split into two 28-bit subkeys.
396 */
397 k0 = key_perm_maskl[0][rawkey0 >> 25]
398 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
399 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
400 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
401 | key_perm_maskl[4][rawkey1 >> 25]
402 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
403 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
404 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
405 k1 = key_perm_maskr[0][rawkey0 >> 25]
406 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
407 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
408 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
409 | key_perm_maskr[4][rawkey1 >> 25]
410 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
411 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
412 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
413 /*
414 * Rotate subkeys and do compression permutation.
415 */
416 shifts = 0;
417 for (round = 0; round < 16; round++) {
418 u_int32_t t0, t1;
419
420 shifts += key_shifts[round];
421
422 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
423 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
424
425 de_keysl[15 - round] =
426 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
427 | comp_maskl[1][(t0 >> 14) & 0x7f]
428 | comp_maskl[2][(t0 >> 7) & 0x7f]
429 | comp_maskl[3][t0 & 0x7f]
430 | comp_maskl[4][(t1 >> 21) & 0x7f]
431 | comp_maskl[5][(t1 >> 14) & 0x7f]
432 | comp_maskl[6][(t1 >> 7) & 0x7f]
433 | comp_maskl[7][t1 & 0x7f];
434
435 de_keysr[15 - round] =
436 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
437 | comp_maskr[1][(t0 >> 14) & 0x7f]
438 | comp_maskr[2][(t0 >> 7) & 0x7f]
439 | comp_maskr[3][t0 & 0x7f]
440 | comp_maskr[4][(t1 >> 21) & 0x7f]
441 | comp_maskr[5][(t1 >> 14) & 0x7f]
442 | comp_maskr[6][(t1 >> 7) & 0x7f]
443 | comp_maskr[7][t1 & 0x7f];
444 }
445 return(0);
446 }
447
448 static int
do_des(u_int32_t l_in,u_int32_t r_in,u_int32_t * l_out,u_int32_t * r_out,int count)449 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
450 {
451 /*
452 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
453 */
454 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
455 u_int32_t f, r48l, r48r;
456 int round;
457
458 if (count == 0) {
459 return(1);
460 } else if (count > 0) {
461 /*
462 * Encrypting
463 */
464 kl1 = en_keysl;
465 kr1 = en_keysr;
466 } else {
467 /*
468 * Decrypting
469 */
470 count = -count;
471 kl1 = de_keysl;
472 kr1 = de_keysr;
473 }
474
475 /*
476 * Do initial permutation (IP).
477 */
478 l = ip_maskl[0][l_in >> 24]
479 | ip_maskl[1][(l_in >> 16) & 0xff]
480 | ip_maskl[2][(l_in >> 8) & 0xff]
481 | ip_maskl[3][l_in & 0xff]
482 | ip_maskl[4][r_in >> 24]
483 | ip_maskl[5][(r_in >> 16) & 0xff]
484 | ip_maskl[6][(r_in >> 8) & 0xff]
485 | ip_maskl[7][r_in & 0xff];
486 r = ip_maskr[0][l_in >> 24]
487 | ip_maskr[1][(l_in >> 16) & 0xff]
488 | ip_maskr[2][(l_in >> 8) & 0xff]
489 | ip_maskr[3][l_in & 0xff]
490 | ip_maskr[4][r_in >> 24]
491 | ip_maskr[5][(r_in >> 16) & 0xff]
492 | ip_maskr[6][(r_in >> 8) & 0xff]
493 | ip_maskr[7][r_in & 0xff];
494
495 while (count--) {
496 /*
497 * Do each round.
498 */
499 kl = kl1;
500 kr = kr1;
501 round = 16;
502 while (round--) {
503 /*
504 * Expand R to 48 bits (simulate the E-box).
505 */
506 r48l = ((r & 0x00000001) << 23)
507 | ((r & 0xf8000000) >> 9)
508 | ((r & 0x1f800000) >> 11)
509 | ((r & 0x01f80000) >> 13)
510 | ((r & 0x001f8000) >> 15);
511
512 r48r = ((r & 0x0001f800) << 7)
513 | ((r & 0x00001f80) << 5)
514 | ((r & 0x000001f8) << 3)
515 | ((r & 0x0000001f) << 1)
516 | ((r & 0x80000000) >> 31);
517 /*
518 * Do salting for crypt() and friends, and
519 * XOR with the permuted key.
520 */
521 f = (r48l ^ r48r) & saltbits;
522 r48l ^= f ^ *kl++;
523 r48r ^= f ^ *kr++;
524 /*
525 * Do sbox lookups (which shrink it back to 32 bits)
526 * and do the pbox permutation at the same time.
527 */
528 f = psbox[0][m_sbox[0][r48l >> 12]]
529 | psbox[1][m_sbox[1][r48l & 0xfff]]
530 | psbox[2][m_sbox[2][r48r >> 12]]
531 | psbox[3][m_sbox[3][r48r & 0xfff]];
532 /*
533 * Now that we've permuted things, complete f().
534 */
535 f ^= l;
536 l = r;
537 r = f;
538 }
539 r = l;
540 l = f;
541 }
542 /*
543 * Do final permutation (inverse of IP).
544 */
545 *l_out = fp_maskl[0][l >> 24]
546 | fp_maskl[1][(l >> 16) & 0xff]
547 | fp_maskl[2][(l >> 8) & 0xff]
548 | fp_maskl[3][l & 0xff]
549 | fp_maskl[4][r >> 24]
550 | fp_maskl[5][(r >> 16) & 0xff]
551 | fp_maskl[6][(r >> 8) & 0xff]
552 | fp_maskl[7][r & 0xff];
553 *r_out = fp_maskr[0][l >> 24]
554 | fp_maskr[1][(l >> 16) & 0xff]
555 | fp_maskr[2][(l >> 8) & 0xff]
556 | fp_maskr[3][l & 0xff]
557 | fp_maskr[4][r >> 24]
558 | fp_maskr[5][(r >> 16) & 0xff]
559 | fp_maskr[6][(r >> 8) & 0xff]
560 | fp_maskr[7][r & 0xff];
561 return(0);
562 }
563
564 static int
des_cipher(const char * in,char * out,u_long salt,int count)565 des_cipher(const char *in, char *out, u_long salt, int count)
566 {
567 u_int32_t l_out, r_out, rawl, rawr;
568 int retval;
569 union {
570 u_int32_t *ui32;
571 const char *c;
572 } trans;
573
574 if (!des_initialised)
575 des_init();
576
577 setup_salt(salt);
578
579 trans.c = in;
580 rawl = ntohl(*trans.ui32++);
581 rawr = ntohl(*trans.ui32);
582
583 retval = do_des(rawl, rawr, &l_out, &r_out, count);
584
585 trans.c = out;
586 *trans.ui32++ = htonl(l_out);
587 *trans.ui32 = htonl(r_out);
588 return(retval);
589 }
590
591 int
crypt_des(const char * key,const char * setting,char * buffer)592 crypt_des(const char *key, const char *setting, char *buffer)
593 {
594 int i;
595 u_int32_t count, salt, l, r0, r1, keybuf[2];
596 u_char *q;
597
598 if (!des_initialised)
599 des_init();
600
601 /*
602 * Copy the key, shifting each character up by one bit
603 * and padding with zeros.
604 */
605 q = (u_char *)keybuf;
606 while (q - (u_char *)keybuf - 8) {
607 *q++ = *key << 1;
608 if (*key != '\0')
609 key++;
610 }
611 if (des_setkey((char *)keybuf))
612 return (-1);
613
614 if (*setting == _PASSWORD_EFMT1) {
615 /*
616 * "new"-style:
617 * setting - underscore, 4 bytes of count, 4 bytes of salt
618 * key - unlimited characters
619 */
620 for (i = 1, count = 0L; i < 5; i++)
621 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
622
623 for (i = 5, salt = 0L; i < 9; i++)
624 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
625
626 while (*key) {
627 /*
628 * Encrypt the key with itself.
629 */
630 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
631 return (-1);
632 /*
633 * And XOR with the next 8 characters of the key.
634 */
635 q = (u_char *)keybuf;
636 while (q - (u_char *)keybuf - 8 && *key)
637 *q++ ^= *key++ << 1;
638
639 if (des_setkey((char *)keybuf))
640 return (-1);
641 }
642 buffer = stpncpy(buffer, setting, 9);
643 } else {
644 /*
645 * "old"-style:
646 * setting - 2 bytes of salt
647 * key - up to 8 characters
648 */
649 count = 25;
650
651 salt = (ascii_to_bin(setting[1]) << 6)
652 | ascii_to_bin(setting[0]);
653
654 *buffer++ = setting[0];
655 /*
656 * If the encrypted password that the salt was extracted from
657 * is only 1 character long, the salt will be corrupted. We
658 * need to ensure that the output string doesn't have an extra
659 * NUL in it!
660 */
661 *buffer++ = setting[1] ? setting[1] : setting[0];
662 }
663 setup_salt(salt);
664 /*
665 * Do it.
666 */
667 if (do_des(0L, 0L, &r0, &r1, (int)count))
668 return (-1);
669 /*
670 * Now encode the result...
671 */
672 l = (r0 >> 8);
673 *buffer++ = ascii64[(l >> 18) & 0x3f];
674 *buffer++ = ascii64[(l >> 12) & 0x3f];
675 *buffer++ = ascii64[(l >> 6) & 0x3f];
676 *buffer++ = ascii64[l & 0x3f];
677
678 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
679 *buffer++ = ascii64[(l >> 18) & 0x3f];
680 *buffer++ = ascii64[(l >> 12) & 0x3f];
681 *buffer++ = ascii64[(l >> 6) & 0x3f];
682 *buffer++ = ascii64[l & 0x3f];
683
684 l = r1 << 2;
685 *buffer++ = ascii64[(l >> 12) & 0x3f];
686 *buffer++ = ascii64[(l >> 6) & 0x3f];
687 *buffer++ = ascii64[l & 0x3f];
688 *buffer = '\0';
689
690 return (0);
691 }
692