1#if defined(HAVE_UNISTD_H) 2#include <unistd.h> 3#endif 4 5#include <sys/types.h> 6 7#ifdef HAVE_STRING_H 8#include <string.h> 9#endif 10 11#ifdef HAVE_STRINGS_H 12#include <strings.h> 13#endif 14 15#if !defined(HAVE_CRYPT) 16 17/* 18 This bit of code was derived from the UFC-crypt package which 19 carries the following copyright 20 21 Modified for use by Samba by Andrew Tridgell, October 1994 22 23 Note that this routine is only faster on some machines. Under Linux 1.1.51 24 libc 4.5.26 I actually found this routine to be slightly slower. 25 26 Under SunOS I found a huge speedup by using these routines 27 (a factor of 20 or so) 28 29 Warning: I've had a report from Steve Kennedy <steve@gbnet.org> 30 that this crypt routine may sometimes get the wrong answer. Only 31 use UFC_CRYT if you really need it. 32 33*/ 34 35/* 36 * UFC-crypt: ultra fast crypt(3) implementation 37 * 38 * Copyright (C) 1991-1998, Free Software Foundation, Inc. 39 * 40 * This library is free software; you can redistribute it and/or 41 * modify it under the terms of the GNU Lesser General Public 42 * License as published by the Free Software Foundation; either 43 * version 3 of the License, or (at your option) any later version. 44 * 45 * This library is distributed in the hope that it will be useful, 46 * but WITHOUT ANY WARRANTY; without even the implied warranty of 47 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 48 * Library General Public License for more details. 49 * 50 * You should have received a copy of the GNU Lesser General Public 51 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 52 * 53 * @(#)crypt_util.c 2.31 02/08/92 54 * 55 * Support routines 56 * 57 */ 58 59 60#ifndef long32 61#if (SIZEOF_INT == 4) 62#define long32 int 63#elif (SIZEOF_LONG == 4) 64#define long32 long 65#elif (SIZEOF_SHORT == 4) 66#define long32 short 67#else 68/* uggh - no 32 bit type?? probably a CRAY. just hope this works ... */ 69#define long32 int 70#endif 71#endif 72 73#ifndef long64 74#ifdef HAVE_LONGLONG 75#define long64 long long long 76#endif 77#endif 78 79#ifndef ufc_long 80#define ufc_long unsigned 81#endif 82 83#ifndef _UFC_64_ 84#define _UFC_32_ 85#endif 86 87/* 88 * Permutation done once on the 56 bit 89 * key derived from the original 8 byte ASCII key. 90 */ 91static int pc1[56] = { 92 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 93 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 94 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 95 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 96}; 97 98/* 99 * How much to rotate each 28 bit half of the pc1 permutated 100 * 56 bit key before using pc2 to give the i' key 101 */ 102static int rots[16] = { 103 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 104}; 105 106/* 107 * Permutation giving the key 108 * of the i' DES round 109 */ 110static int pc2[48] = { 111 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 112 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 113 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 114 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 115}; 116 117/* 118 * The E expansion table which selects 119 * bits from the 32 bit intermediate result. 120 */ 121static int esel[48] = { 122 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 123 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, 124 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, 125 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 126}; 127static int e_inverse[64]; 128 129/* 130 * Permutation done on the 131 * result of sbox lookups 132 */ 133static int perm32[32] = { 134 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 135 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 136}; 137 138/* 139 * The sboxes 140 */ 141static int sbox[8][4][16]= { 142 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 }, 143 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 }, 144 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 }, 145 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 } 146 }, 147 148 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 }, 149 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 }, 150 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 }, 151 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 } 152 }, 153 154 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 }, 155 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 }, 156 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 }, 157 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 } 158 }, 159 160 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 }, 161 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 }, 162 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 }, 163 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 } 164 }, 165 166 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 }, 167 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 }, 168 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 }, 169 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 } 170 }, 171 172 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 }, 173 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 }, 174 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 }, 175 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 } 176 }, 177 178 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 }, 179 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 }, 180 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 }, 181 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 } 182 }, 183 184 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 }, 185 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 }, 186 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 }, 187 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 } 188 } 189}; 190 191/* 192 * This is the final 193 * permutation matrix 194 */ 195static int final_perm[64] = { 196 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 197 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, 198 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 199 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25 200}; 201 202/* 203 * The 16 DES keys in BITMASK format 204 */ 205#ifdef _UFC_32_ 206long32 _ufc_keytab[16][2]; 207#endif 208 209#ifdef _UFC_64_ 210long64 _ufc_keytab[16]; 211#endif 212 213 214#define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.') 215#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') 216 217/* Macro to set a bit (0..23) */ 218#define BITMASK(i) ( (1<<(11-(i)%12+3)) << ((i)<12?16:0) ) 219 220/* 221 * sb arrays: 222 * 223 * Workhorses of the inner loop of the DES implementation. 224 * They do sbox lookup, shifting of this value, 32 bit 225 * permutation and E permutation for the next round. 226 * 227 * Kept in 'BITMASK' format. 228 */ 229 230#ifdef _UFC_32_ 231long32 _ufc_sb0[8192], _ufc_sb1[8192], _ufc_sb2[8192], _ufc_sb3[8192]; 232static long32 *sb[4] = {_ufc_sb0, _ufc_sb1, _ufc_sb2, _ufc_sb3}; 233#endif 234 235#ifdef _UFC_64_ 236long64 _ufc_sb0[4096], _ufc_sb1[4096], _ufc_sb2[4096], _ufc_sb3[4096]; 237static long64 *sb[4] = {_ufc_sb0, _ufc_sb1, _ufc_sb2, _ufc_sb3}; 238#endif 239 240/* 241 * eperm32tab: do 32 bit permutation and E selection 242 * 243 * The first index is the byte number in the 32 bit value to be permuted 244 * - second - is the value of this byte 245 * - third - selects the two 32 bit values 246 * 247 * The table is used and generated internally in init_des to speed it up 248 */ 249static ufc_long eperm32tab[4][256][2]; 250 251/* 252 * do_pc1: permform pc1 permutation in the key schedule generation. 253 * 254 * The first index is the byte number in the 8 byte ASCII key 255 * - second - - the two 28 bits halfs of the result 256 * - third - selects the 7 bits actually used of each byte 257 * 258 * The result is kept with 28 bit per 32 bit with the 4 most significant 259 * bits zero. 260 */ 261static ufc_long do_pc1[8][2][128]; 262 263/* 264 * do_pc2: permform pc2 permutation in the key schedule generation. 265 * 266 * The first index is the septet number in the two 28 bit intermediate values 267 * - second - - - septet values 268 * 269 * Knowledge of the structure of the pc2 permutation is used. 270 * 271 * The result is kept with 28 bit per 32 bit with the 4 most significant 272 * bits zero. 273 */ 274static ufc_long do_pc2[8][128]; 275 276/* 277 * efp: undo an extra e selection and do final 278 * permutation giving the DES result. 279 * 280 * Invoked 6 bit a time on two 48 bit values 281 * giving two 32 bit longs. 282 */ 283static ufc_long efp[16][64][2]; 284 285static unsigned char bytemask[8] = { 286 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 287}; 288 289static ufc_long longmask[32] = { 290 0x80000000, 0x40000000, 0x20000000, 0x10000000, 291 0x08000000, 0x04000000, 0x02000000, 0x01000000, 292 0x00800000, 0x00400000, 0x00200000, 0x00100000, 293 0x00080000, 0x00040000, 0x00020000, 0x00010000, 294 0x00008000, 0x00004000, 0x00002000, 0x00001000, 295 0x00000800, 0x00000400, 0x00000200, 0x00000100, 296 0x00000080, 0x00000040, 0x00000020, 0x00000010, 297 0x00000008, 0x00000004, 0x00000002, 0x00000001 298}; 299 300 301/* 302 * Silly rewrite of 'bzero'. I do so 303 * because some machines don't have 304 * bzero and some don't have memset. 305 */ 306 307static void clearmem(char *start, int cnt) 308 { while(cnt--) 309 *start++ = '\0'; 310 } 311 312static int initialized = 0; 313 314/* lookup a 6 bit value in sbox */ 315 316#define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf]; 317 318/* 319 * Initialize unit - may be invoked directly 320 * by fcrypt users. 321 */ 322 323static void ufc_init_des(void) 324 { int comes_from_bit; 325 int bit, sg; 326 ufc_long j; 327 ufc_long mask1, mask2; 328 329 /* 330 * Create the do_pc1 table used 331 * to affect pc1 permutation 332 * when generating keys 333 */ 334 for(bit = 0; bit < 56; bit++) { 335 comes_from_bit = pc1[bit] - 1; 336 mask1 = bytemask[comes_from_bit % 8 + 1]; 337 mask2 = longmask[bit % 28 + 4]; 338 for(j = 0; j < 128; j++) { 339 if(j & mask1) 340 do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2; 341 } 342 } 343 344 /* 345 * Create the do_pc2 table used 346 * to affect pc2 permutation when 347 * generating keys 348 */ 349 for(bit = 0; bit < 48; bit++) { 350 comes_from_bit = pc2[bit] - 1; 351 mask1 = bytemask[comes_from_bit % 7 + 1]; 352 mask2 = BITMASK(bit % 24); 353 for(j = 0; j < 128; j++) { 354 if(j & mask1) 355 do_pc2[comes_from_bit / 7][j] |= mask2; 356 } 357 } 358 359 /* 360 * Now generate the table used to do combined 361 * 32 bit permutation and e expansion 362 * 363 * We use it because we have to permute 16384 32 bit 364 * longs into 48 bit in order to initialize sb. 365 * 366 * Looping 48 rounds per permutation becomes 367 * just too slow... 368 * 369 */ 370 371 clearmem((char*)eperm32tab, sizeof(eperm32tab)); 372 373 for(bit = 0; bit < 48; bit++) { 374 ufc_long inner_mask1,comes_from; 375 376 comes_from = perm32[esel[bit]-1]-1; 377 inner_mask1 = bytemask[comes_from % 8]; 378 379 for(j = 256; j--;) { 380 if(j & inner_mask1) 381 eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK(bit % 24); 382 } 383 } 384 385 /* 386 * Create the sb tables: 387 * 388 * For each 12 bit segment of an 48 bit intermediate 389 * result, the sb table precomputes the two 4 bit 390 * values of the sbox lookups done with the two 6 391 * bit halves, shifts them to their proper place, 392 * sends them through perm32 and finally E expands 393 * them so that they are ready for the next 394 * DES round. 395 * 396 */ 397 for(sg = 0; sg < 4; sg++) { 398 int j1, j2; 399 int s1, s2; 400 401 for(j1 = 0; j1 < 64; j1++) { 402 s1 = s_lookup(2 * sg, j1); 403 for(j2 = 0; j2 < 64; j2++) { 404 ufc_long to_permute, inx; 405 406 s2 = s_lookup(2 * sg + 1, j2); 407 to_permute = ((s1 << 4) | s2) << (24 - 8 * sg); 408 409#ifdef _UFC_32_ 410 inx = ((j1 << 6) | j2) << 1; 411 sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0]; 412 sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1]; 413 sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0]; 414 sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1]; 415 sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0]; 416 sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1]; 417 sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0]; 418 sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1]; 419#endif 420#ifdef _UFC_64_ 421 inx = ((j1 << 6) | j2); 422 sb[sg][inx] = 423 ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) | 424 (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1]; 425 sb[sg][inx] |= 426 ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) | 427 (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1]; 428 sb[sg][inx] |= 429 ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) | 430 (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1]; 431 sb[sg][inx] |= 432 ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) | 433 (long64)eperm32tab[3][(to_permute) & 0xff][1]; 434#endif 435 } 436 } 437 } 438 439 /* 440 * Create an inverse matrix for esel telling 441 * where to plug out bits if undoing it 442 */ 443 for(bit=48; bit--;) { 444 e_inverse[esel[bit] - 1 ] = bit; 445 e_inverse[esel[bit] - 1 + 32] = bit + 48; 446 } 447 448 /* 449 * create efp: the matrix used to 450 * undo the E expansion and effect final permutation 451 */ 452 clearmem((char*)efp, sizeof efp); 453 for(bit = 0; bit < 64; bit++) { 454 int o_bit, o_long; 455 ufc_long word_value, inner_mask1, inner_mask2; 456 int comes_from_f_bit, comes_from_e_bit; 457 int comes_from_word, bit_within_word; 458 459 /* See where bit i belongs in the two 32 bit long's */ 460 o_long = bit / 32; /* 0..1 */ 461 o_bit = bit % 32; /* 0..31 */ 462 463 /* 464 * And find a bit in the e permutated value setting this bit. 465 * 466 * Note: the e selection may have selected the same bit several 467 * times. By the initialization of e_inverse, we only look 468 * for one specific instance. 469 */ 470 comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */ 471 comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */ 472 comes_from_word = comes_from_e_bit / 6; /* 0..15 */ 473 bit_within_word = comes_from_e_bit % 6; /* 0..5 */ 474 475 inner_mask1 = longmask[bit_within_word + 26]; 476 inner_mask2 = longmask[o_bit]; 477 478 for(word_value = 64; word_value--;) { 479 if(word_value & inner_mask1) 480 efp[comes_from_word][word_value][o_long] |= inner_mask2; 481 } 482 } 483 initialized++; 484 } 485 486/* 487 * Process the elements of the sb table permuting the 488 * bits swapped in the expansion by the current salt. 489 */ 490 491#ifdef _UFC_32_ 492static void shuffle_sb(long32 *k, ufc_long saltbits) 493 { ufc_long j; 494 long32 x; 495 for(j=4096; j--;) { 496 x = (k[0] ^ k[1]) & (long32)saltbits; 497 *k++ ^= x; 498 *k++ ^= x; 499 } 500 } 501#endif 502 503#ifdef _UFC_64_ 504static void shuffle_sb(long64 *k, ufc_long saltbits) 505 { ufc_long j; 506 long64 x; 507 for(j=4096; j--;) { 508 x = ((*k >> 32) ^ *k) & (long64)saltbits; 509 *k++ ^= (x << 32) | x; 510 } 511 } 512#endif 513 514/* 515 * Setup the unit for a new salt 516 * Hopefully we'll not see a new salt in each crypt call. 517 */ 518 519static unsigned char current_salt[3] = "&&"; /* invalid value */ 520static ufc_long current_saltbits = 0; 521static int direction = 0; 522 523static void setup_salt(const char *s1) 524 { ufc_long i, j, saltbits; 525 const unsigned char *s2 = (const unsigned char *)s1; 526 527 if(!initialized) 528 ufc_init_des(); 529 530 if(s2[0] == current_salt[0] && s2[1] == current_salt[1]) 531 return; 532 current_salt[0] = s2[0]; current_salt[1] = s2[1]; 533 534 /* 535 * This is the only crypt change to DES: 536 * entries are swapped in the expansion table 537 * according to the bits set in the salt. 538 */ 539 saltbits = 0; 540 for(i = 0; i < 2; i++) { 541 long c=ascii_to_bin(s2[i]); 542 if(c < 0 || c > 63) 543 c = 0; 544 for(j = 0; j < 6; j++) { 545 if((c >> j) & 0x1) 546 saltbits |= BITMASK(6 * i + j); 547 } 548 } 549 550 /* 551 * Permute the sb table values 552 * to reflect the changed e 553 * selection table 554 */ 555 shuffle_sb(_ufc_sb0, current_saltbits ^ saltbits); 556 shuffle_sb(_ufc_sb1, current_saltbits ^ saltbits); 557 shuffle_sb(_ufc_sb2, current_saltbits ^ saltbits); 558 shuffle_sb(_ufc_sb3, current_saltbits ^ saltbits); 559 560 current_saltbits = saltbits; 561 } 562 563static void ufc_mk_keytab(char *key) 564 { ufc_long v1, v2, *k1; 565 int i; 566#ifdef _UFC_32_ 567 long32 v, *k2 = &_ufc_keytab[0][0]; 568#endif 569#ifdef _UFC_64_ 570 long64 v, *k2 = &_ufc_keytab[0]; 571#endif 572 573 v1 = v2 = 0; k1 = &do_pc1[0][0][0]; 574 for(i = 8; i--;) { 575 v1 |= k1[*key & 0x7f]; k1 += 128; 576 v2 |= k1[*key++ & 0x7f]; k1 += 128; 577 } 578 579 for(i = 0; i < 16; i++) { 580 k1 = &do_pc2[0][0]; 581 582 v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i])); 583 v = k1[(v1 >> 21) & 0x7f]; k1 += 128; 584 v |= k1[(v1 >> 14) & 0x7f]; k1 += 128; 585 v |= k1[(v1 >> 7) & 0x7f]; k1 += 128; 586 v |= k1[(v1 ) & 0x7f]; k1 += 128; 587 588#ifdef _UFC_32_ 589 *k2++ = v; 590 v = 0; 591#endif 592#ifdef _UFC_64_ 593 v <<= 32; 594#endif 595 596 v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i])); 597 v |= k1[(v2 >> 21) & 0x7f]; k1 += 128; 598 v |= k1[(v2 >> 14) & 0x7f]; k1 += 128; 599 v |= k1[(v2 >> 7) & 0x7f]; k1 += 128; 600 v |= k1[(v2 ) & 0x7f]; 601 602 *k2++ = v; 603 } 604 605 direction = 0; 606 } 607 608/* 609 * Undo an extra E selection and do final permutations 610 */ 611 612ufc_long *_ufc_dofinalperm(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2) 613 { ufc_long v1, v2, x; 614 static ufc_long ary[2]; 615 616 x = (l1 ^ l2) & current_saltbits; l1 ^= x; l2 ^= x; 617 x = (r1 ^ r2) & current_saltbits; r1 ^= x; r2 ^= x; 618 619 v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3; 620 621 v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1]; 622 v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1]; 623 v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1]; 624 v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1]; 625 626 v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1]; 627 v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1]; 628 v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1]; 629 v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1]; 630 631 v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1]; 632 v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1]; 633 v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1]; 634 v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1]; 635 636 v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1]; 637 v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1]; 638 v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1]; 639 v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1]; 640 641 ary[0] = v1; ary[1] = v2; 642 return ary; 643 } 644 645/* 646 * crypt only: convert from 64 bit to 11 bit ASCII 647 * prefixing with the salt 648 */ 649 650static char *output_conversion(ufc_long v1, ufc_long v2, const char *salt) 651 { static char outbuf[14]; 652 int i, s; 653 654 outbuf[0] = salt[0]; 655 outbuf[1] = salt[1] ? salt[1] : salt[0]; 656 657 for(i = 0; i < 5; i++) 658 outbuf[i + 2] = bin_to_ascii((v1 >> (26 - 6 * i)) & 0x3f); 659 660 s = (v2 & 0xf) << 2; 661 v2 = (v2 >> 2) | ((v1 & 0x3) << 30); 662 663 for(i = 5; i < 10; i++) 664 outbuf[i + 2] = bin_to_ascii((v2 >> (56 - 6 * i)) & 0x3f); 665 666 outbuf[12] = bin_to_ascii(s); 667 outbuf[13] = 0; 668 669 return outbuf; 670 } 671 672/* 673 * UNIX crypt function 674 */ 675 676static ufc_long *_ufc_doit(ufc_long , ufc_long, ufc_long, ufc_long, ufc_long); 677 678char *ufc_crypt(const char *key,const char *salt) 679 { ufc_long *s; 680 char ktab[9]; 681 682 /* 683 * Hack DES tables according to salt 684 */ 685 setup_salt(salt); 686 687 /* 688 * Setup key schedule 689 */ 690 clearmem(ktab, sizeof ktab); 691 strncpy(ktab, key, 8); 692 ufc_mk_keytab(ktab); 693 694 /* 695 * Go for the 25 DES encryptions 696 */ 697 s = _ufc_doit((ufc_long)0, (ufc_long)0, 698 (ufc_long)0, (ufc_long)0, (ufc_long)25); 699 700 /* 701 * And convert back to 6 bit ASCII 702 */ 703 return output_conversion(s[0], s[1], salt); 704 } 705 706 707#ifdef _UFC_32_ 708 709/* 710 * 32 bit version 711 */ 712 713extern long32 _ufc_keytab[16][2]; 714extern long32 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[]; 715 716#define SBA(sb, v) (*(long32*)((char*)(sb)+(v))) 717 718static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr) 719 { int i; 720 long32 s, *k; 721 722 while(itr--) { 723 k = &_ufc_keytab[0][0]; 724 for(i=8; i--; ) { 725 s = *k++ ^ r1; 726 l1 ^= SBA(_ufc_sb1, s & 0xffff); l2 ^= SBA(_ufc_sb1, (s & 0xffff)+4); 727 l1 ^= SBA(_ufc_sb0, s >>= 16); l2 ^= SBA(_ufc_sb0, (s) +4); 728 s = *k++ ^ r2; 729 l1 ^= SBA(_ufc_sb3, s & 0xffff); l2 ^= SBA(_ufc_sb3, (s & 0xffff)+4); 730 l1 ^= SBA(_ufc_sb2, s >>= 16); l2 ^= SBA(_ufc_sb2, (s) +4); 731 732 s = *k++ ^ l1; 733 r1 ^= SBA(_ufc_sb1, s & 0xffff); r2 ^= SBA(_ufc_sb1, (s & 0xffff)+4); 734 r1 ^= SBA(_ufc_sb0, s >>= 16); r2 ^= SBA(_ufc_sb0, (s) +4); 735 s = *k++ ^ l2; 736 r1 ^= SBA(_ufc_sb3, s & 0xffff); r2 ^= SBA(_ufc_sb3, (s & 0xffff)+4); 737 r1 ^= SBA(_ufc_sb2, s >>= 16); r2 ^= SBA(_ufc_sb2, (s) +4); 738 } 739 s=l1; l1=r1; r1=s; s=l2; l2=r2; r2=s; 740 } 741 return _ufc_dofinalperm(l1, l2, r1, r2); 742 } 743 744#endif 745 746#ifdef _UFC_64_ 747 748/* 749 * 64 bit version 750 */ 751 752extern long64 _ufc_keytab[16]; 753extern long64 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[]; 754 755#define SBA(sb, v) (*(long64*)((char*)(sb)+(v))) 756 757static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr) 758 { int i; 759 long64 l, r, s, *k; 760 761 l = (((long64)l1) << 32) | ((long64)l2); 762 r = (((long64)r1) << 32) | ((long64)r2); 763 764 while(itr--) { 765 k = &_ufc_keytab[0]; 766 for(i=8; i--; ) { 767 s = *k++ ^ r; 768 l ^= SBA(_ufc_sb3, (s >> 0) & 0xffff); 769 l ^= SBA(_ufc_sb2, (s >> 16) & 0xffff); 770 l ^= SBA(_ufc_sb1, (s >> 32) & 0xffff); 771 l ^= SBA(_ufc_sb0, (s >> 48) & 0xffff); 772 773 s = *k++ ^ l; 774 r ^= SBA(_ufc_sb3, (s >> 0) & 0xffff); 775 r ^= SBA(_ufc_sb2, (s >> 16) & 0xffff); 776 r ^= SBA(_ufc_sb1, (s >> 32) & 0xffff); 777 r ^= SBA(_ufc_sb0, (s >> 48) & 0xffff); 778 } 779 s=l; l=r; r=s; 780 } 781 782 l1 = l >> 32; l2 = l & 0xffffffff; 783 r1 = r >> 32; r2 = r & 0xffffffff; 784 return _ufc_dofinalperm(l1, l2, r1, r2); 785 } 786 787#endif 788 789#define crypt ufc_crypt 790#endif 791 792main() 793{ 794 char passwd[9]; 795 char salt[9]; 796 char c_out1[256]; 797 char c_out2[256]; 798 799 char expected_out[14]; 800 801 strcpy(expected_out, "12yJ.Of/NQ.Pk"); 802 strcpy(passwd, "12345678"); 803 strcpy(salt, "12345678"); 804 805 strcpy(c_out1, crypt(passwd, salt)); 806 salt[2] = '\0'; 807 strcpy(c_out2, crypt(passwd, salt)); 808 809 /* 810 * If the non-trucated salt fails but the 811 * truncated salt succeeds then exit 1. 812 */ 813 814 if((strcmp(c_out1, expected_out) != 0) && 815 (strcmp(c_out2, expected_out) == 0)) 816 exit(1); 817 818#ifdef HAVE_BIGCRYPT 819 /* 820 * Try the same with bigcrypt... 821 */ 822 823 { 824 char big_passwd[17]; 825 char big_salt[17]; 826 char big_c_out1[256]; 827 char big_c_out2[256]; 828 char big_expected_out[27]; 829 830 strcpy(big_passwd, "1234567812345678"); 831 strcpy(big_salt, "1234567812345678"); 832 strcpy(big_expected_out, "12yJ.Of/NQ.PklfyCuHi/rwM"); 833 834 strcpy(big_c_out1, bigcrypt(big_passwd, big_salt)); 835 big_salt[2] = '\0'; 836 strcpy(big_c_out2, bigcrypt(big_passwd, big_salt)); 837 838 /* 839 * If the non-trucated salt fails but the 840 * truncated salt succeeds then exit 1. 841 */ 842 843 if((strcmp(big_c_out1, big_expected_out) != 0) && 844 (strcmp(big_c_out2, big_expected_out) == 0)) 845 exit(1); 846 847 } 848#endif 849 850 exit(0); 851} 852