1#if defined(HAVE_UNISTD_H) 2#include <unistd.h> 3#endif 4 5#include <sys/types.h> 6 7#ifdef HAVE_STRING_H 8#include <string.h> 9#endif 10 11#ifdef HAVE_STRINGS_H 12#include <strings.h> 13#endif 14 15#if !defined(HAVE_CRYPT) 16 17/* 18 This bit of code was derived from the UFC-crypt package which 19 carries the following copyright 20 21 Modified for use by Samba by Andrew Tridgell, October 1994 22 23 Note that this routine is only faster on some machines. Under Linux 1.1.51 24 libc 4.5.26 I actually found this routine to be slightly slower. 25 26 Under SunOS I found a huge speedup by using these routines 27 (a factor of 20 or so) 28 29 Warning: I've had a report from Steve Kennedy <steve@gbnet.org> 30 that this crypt routine may sometimes get the wrong answer. Only 31 use UFC_CRYT if you really need it. 32 33*/ 34 35/* 36 * UFC-crypt: ultra fast crypt(3) implementation 37 * 38 * Copyright (C) 1991-1998, Free Software Foundation, Inc. 39 * 40 * This library is free software; you can redistribute it and/or 41 * modify it under the terms of the GNU Library General Public 42 * License as published by the Free Software Foundation; either 43 * version 2 of the License, or (at your option) any later version. 44 * 45 * This library is distributed in the hope that it will be useful, 46 * but WITHOUT ANY WARRANTY; without even the implied warranty of 47 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 48 * Library General Public License for more details. 49 * 50 * You should have received a copy of the GNU Library General Public 51 * License along with this library; if not, write to the Free 52 * Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. 53 * 54 * @(#)crypt_util.c 2.31 02/08/92 55 * 56 * Support routines 57 * 58 */ 59 60 61#ifndef long32 62#if (SIZEOF_INT == 4) 63#define long32 int 64#elif (SIZEOF_LONG == 4) 65#define long32 long 66#elif (SIZEOF_SHORT == 4) 67#define long32 short 68#else 69/* uggh - no 32 bit type?? probably a CRAY. just hope this works ... */ 70#define long32 int 71#endif 72#endif 73 74#ifndef long64 75#ifdef HAVE_LONGLONG 76#define long64 long long long 77#endif 78#endif 79 80#ifndef ufc_long 81#define ufc_long unsigned 82#endif 83 84#ifndef _UFC_64_ 85#define _UFC_32_ 86#endif 87 88/* 89 * Permutation done once on the 56 bit 90 * key derived from the original 8 byte ASCII key. 91 */ 92static int pc1[56] = { 93 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, 94 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, 95 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, 96 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 97}; 98 99/* 100 * How much to rotate each 28 bit half of the pc1 permutated 101 * 56 bit key before using pc2 to give the i' key 102 */ 103static int rots[16] = { 104 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 105}; 106 107/* 108 * Permutation giving the key 109 * of the i' DES round 110 */ 111static int pc2[48] = { 112 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, 113 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, 114 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, 115 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 116}; 117 118/* 119 * The E expansion table which selects 120 * bits from the 32 bit intermediate result. 121 */ 122static int esel[48] = { 123 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, 124 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, 125 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, 126 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 127}; 128static int e_inverse[64]; 129 130/* 131 * Permutation done on the 132 * result of sbox lookups 133 */ 134static int perm32[32] = { 135 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, 136 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 137}; 138 139/* 140 * The sboxes 141 */ 142static int sbox[8][4][16]= { 143 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 }, 144 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 }, 145 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 }, 146 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 } 147 }, 148 149 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 }, 150 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 }, 151 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 }, 152 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 } 153 }, 154 155 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 }, 156 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 }, 157 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 }, 158 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 } 159 }, 160 161 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 }, 162 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 }, 163 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 }, 164 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 } 165 }, 166 167 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 }, 168 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 }, 169 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 }, 170 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 } 171 }, 172 173 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 }, 174 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 }, 175 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 }, 176 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 } 177 }, 178 179 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 }, 180 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 }, 181 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 }, 182 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 } 183 }, 184 185 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 }, 186 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 }, 187 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 }, 188 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 } 189 } 190}; 191 192/* 193 * This is the final 194 * permutation matrix 195 */ 196static int final_perm[64] = { 197 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, 198 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, 199 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, 200 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25 201}; 202 203/* 204 * The 16 DES keys in BITMASK format 205 */ 206#ifdef _UFC_32_ 207long32 _ufc_keytab[16][2]; 208#endif 209 210#ifdef _UFC_64_ 211long64 _ufc_keytab[16]; 212#endif 213 214 215#define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.') 216#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') 217 218/* Macro to set a bit (0..23) */ 219#define BITMASK(i) ( (1<<(11-(i)%12+3)) << ((i)<12?16:0) ) 220 221/* 222 * sb arrays: 223 * 224 * Workhorses of the inner loop of the DES implementation. 225 * They do sbox lookup, shifting of this value, 32 bit 226 * permutation and E permutation for the next round. 227 * 228 * Kept in 'BITMASK' format. 229 */ 230 231#ifdef _UFC_32_ 232long32 _ufc_sb0[8192], _ufc_sb1[8192], _ufc_sb2[8192], _ufc_sb3[8192]; 233static long32 *sb[4] = {_ufc_sb0, _ufc_sb1, _ufc_sb2, _ufc_sb3}; 234#endif 235 236#ifdef _UFC_64_ 237long64 _ufc_sb0[4096], _ufc_sb1[4096], _ufc_sb2[4096], _ufc_sb3[4096]; 238static long64 *sb[4] = {_ufc_sb0, _ufc_sb1, _ufc_sb2, _ufc_sb3}; 239#endif 240 241/* 242 * eperm32tab: do 32 bit permutation and E selection 243 * 244 * The first index is the byte number in the 32 bit value to be permuted 245 * - second - is the value of this byte 246 * - third - selects the two 32 bit values 247 * 248 * The table is used and generated internally in init_des to speed it up 249 */ 250static ufc_long eperm32tab[4][256][2]; 251 252/* 253 * do_pc1: permform pc1 permutation in the key schedule generation. 254 * 255 * The first index is the byte number in the 8 byte ASCII key 256 * - second - - the two 28 bits halfs of the result 257 * - third - selects the 7 bits actually used of each byte 258 * 259 * The result is kept with 28 bit per 32 bit with the 4 most significant 260 * bits zero. 261 */ 262static ufc_long do_pc1[8][2][128]; 263 264/* 265 * do_pc2: permform pc2 permutation in the key schedule generation. 266 * 267 * The first index is the septet number in the two 28 bit intermediate values 268 * - second - - - septet values 269 * 270 * Knowledge of the structure of the pc2 permutation is used. 271 * 272 * The result is kept with 28 bit per 32 bit with the 4 most significant 273 * bits zero. 274 */ 275static ufc_long do_pc2[8][128]; 276 277/* 278 * efp: undo an extra e selection and do final 279 * permutation giving the DES result. 280 * 281 * Invoked 6 bit a time on two 48 bit values 282 * giving two 32 bit longs. 283 */ 284static ufc_long efp[16][64][2]; 285 286static unsigned char bytemask[8] = { 287 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 288}; 289 290static ufc_long longmask[32] = { 291 0x80000000, 0x40000000, 0x20000000, 0x10000000, 292 0x08000000, 0x04000000, 0x02000000, 0x01000000, 293 0x00800000, 0x00400000, 0x00200000, 0x00100000, 294 0x00080000, 0x00040000, 0x00020000, 0x00010000, 295 0x00008000, 0x00004000, 0x00002000, 0x00001000, 296 0x00000800, 0x00000400, 0x00000200, 0x00000100, 297 0x00000080, 0x00000040, 0x00000020, 0x00000010, 298 0x00000008, 0x00000004, 0x00000002, 0x00000001 299}; 300 301 302/* 303 * Silly rewrite of 'bzero'. I do so 304 * because some machines don't have 305 * bzero and some don't have memset. 306 */ 307 308static void clearmem(char *start, int cnt) 309 { while(cnt--) 310 *start++ = '\0'; 311 } 312 313static int initialized = 0; 314 315/* lookup a 6 bit value in sbox */ 316 317#define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf]; 318 319/* 320 * Initialize unit - may be invoked directly 321 * by fcrypt users. 322 */ 323 324static void ufc_init_des(void) 325 { int comes_from_bit; 326 int bit, sg; 327 ufc_long j; 328 ufc_long mask1, mask2; 329 330 /* 331 * Create the do_pc1 table used 332 * to affect pc1 permutation 333 * when generating keys 334 */ 335 for(bit = 0; bit < 56; bit++) { 336 comes_from_bit = pc1[bit] - 1; 337 mask1 = bytemask[comes_from_bit % 8 + 1]; 338 mask2 = longmask[bit % 28 + 4]; 339 for(j = 0; j < 128; j++) { 340 if(j & mask1) 341 do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2; 342 } 343 } 344 345 /* 346 * Create the do_pc2 table used 347 * to affect pc2 permutation when 348 * generating keys 349 */ 350 for(bit = 0; bit < 48; bit++) { 351 comes_from_bit = pc2[bit] - 1; 352 mask1 = bytemask[comes_from_bit % 7 + 1]; 353 mask2 = BITMASK(bit % 24); 354 for(j = 0; j < 128; j++) { 355 if(j & mask1) 356 do_pc2[comes_from_bit / 7][j] |= mask2; 357 } 358 } 359 360 /* 361 * Now generate the table used to do combined 362 * 32 bit permutation and e expansion 363 * 364 * We use it because we have to permute 16384 32 bit 365 * longs into 48 bit in order to initialize sb. 366 * 367 * Looping 48 rounds per permutation becomes 368 * just too slow... 369 * 370 */ 371 372 clearmem((char*)eperm32tab, sizeof(eperm32tab)); 373 374 for(bit = 0; bit < 48; bit++) { 375 ufc_long inner_mask1,comes_from; 376 377 comes_from = perm32[esel[bit]-1]-1; 378 inner_mask1 = bytemask[comes_from % 8]; 379 380 for(j = 256; j--;) { 381 if(j & inner_mask1) 382 eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK(bit % 24); 383 } 384 } 385 386 /* 387 * Create the sb tables: 388 * 389 * For each 12 bit segment of an 48 bit intermediate 390 * result, the sb table precomputes the two 4 bit 391 * values of the sbox lookups done with the two 6 392 * bit halves, shifts them to their proper place, 393 * sends them through perm32 and finally E expands 394 * them so that they are ready for the next 395 * DES round. 396 * 397 */ 398 for(sg = 0; sg < 4; sg++) { 399 int j1, j2; 400 int s1, s2; 401 402 for(j1 = 0; j1 < 64; j1++) { 403 s1 = s_lookup(2 * sg, j1); 404 for(j2 = 0; j2 < 64; j2++) { 405 ufc_long to_permute, inx; 406 407 s2 = s_lookup(2 * sg + 1, j2); 408 to_permute = ((s1 << 4) | s2) << (24 - 8 * sg); 409 410#ifdef _UFC_32_ 411 inx = ((j1 << 6) | j2) << 1; 412 sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0]; 413 sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1]; 414 sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0]; 415 sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1]; 416 sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0]; 417 sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1]; 418 sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0]; 419 sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1]; 420#endif 421#ifdef _UFC_64_ 422 inx = ((j1 << 6) | j2); 423 sb[sg][inx] = 424 ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) | 425 (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1]; 426 sb[sg][inx] |= 427 ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) | 428 (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1]; 429 sb[sg][inx] |= 430 ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) | 431 (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1]; 432 sb[sg][inx] |= 433 ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) | 434 (long64)eperm32tab[3][(to_permute) & 0xff][1]; 435#endif 436 } 437 } 438 } 439 440 /* 441 * Create an inverse matrix for esel telling 442 * where to plug out bits if undoing it 443 */ 444 for(bit=48; bit--;) { 445 e_inverse[esel[bit] - 1 ] = bit; 446 e_inverse[esel[bit] - 1 + 32] = bit + 48; 447 } 448 449 /* 450 * create efp: the matrix used to 451 * undo the E expansion and effect final permutation 452 */ 453 clearmem((char*)efp, sizeof efp); 454 for(bit = 0; bit < 64; bit++) { 455 int o_bit, o_long; 456 ufc_long word_value, inner_mask1, inner_mask2; 457 int comes_from_f_bit, comes_from_e_bit; 458 int comes_from_word, bit_within_word; 459 460 /* See where bit i belongs in the two 32 bit long's */ 461 o_long = bit / 32; /* 0..1 */ 462 o_bit = bit % 32; /* 0..31 */ 463 464 /* 465 * And find a bit in the e permutated value setting this bit. 466 * 467 * Note: the e selection may have selected the same bit several 468 * times. By the initialization of e_inverse, we only look 469 * for one specific instance. 470 */ 471 comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */ 472 comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */ 473 comes_from_word = comes_from_e_bit / 6; /* 0..15 */ 474 bit_within_word = comes_from_e_bit % 6; /* 0..5 */ 475 476 inner_mask1 = longmask[bit_within_word + 26]; 477 inner_mask2 = longmask[o_bit]; 478 479 for(word_value = 64; word_value--;) { 480 if(word_value & inner_mask1) 481 efp[comes_from_word][word_value][o_long] |= inner_mask2; 482 } 483 } 484 initialized++; 485 } 486 487/* 488 * Process the elements of the sb table permuting the 489 * bits swapped in the expansion by the current salt. 490 */ 491 492#ifdef _UFC_32_ 493static void shuffle_sb(long32 *k, ufc_long saltbits) 494 { ufc_long j; 495 long32 x; 496 for(j=4096; j--;) { 497 x = (k[0] ^ k[1]) & (long32)saltbits; 498 *k++ ^= x; 499 *k++ ^= x; 500 } 501 } 502#endif 503 504#ifdef _UFC_64_ 505static void shuffle_sb(long64 *k, ufc_long saltbits) 506 { ufc_long j; 507 long64 x; 508 for(j=4096; j--;) { 509 x = ((*k >> 32) ^ *k) & (long64)saltbits; 510 *k++ ^= (x << 32) | x; 511 } 512 } 513#endif 514 515/* 516 * Setup the unit for a new salt 517 * Hopefully we'll not see a new salt in each crypt call. 518 */ 519 520static unsigned char current_salt[3] = "&&"; /* invalid value */ 521static ufc_long current_saltbits = 0; 522static int direction = 0; 523 524static void setup_salt(const char *s1) 525 { ufc_long i, j, saltbits; 526 const unsigned char *s2 = (const unsigned char *)s1; 527 528 if(!initialized) 529 ufc_init_des(); 530 531 if(s2[0] == current_salt[0] && s2[1] == current_salt[1]) 532 return; 533 current_salt[0] = s2[0]; current_salt[1] = s2[1]; 534 535 /* 536 * This is the only crypt change to DES: 537 * entries are swapped in the expansion table 538 * according to the bits set in the salt. 539 */ 540 saltbits = 0; 541 for(i = 0; i < 2; i++) { 542 long c=ascii_to_bin(s2[i]); 543 if(c < 0 || c > 63) 544 c = 0; 545 for(j = 0; j < 6; j++) { 546 if((c >> j) & 0x1) 547 saltbits |= BITMASK(6 * i + j); 548 } 549 } 550 551 /* 552 * Permute the sb table values 553 * to reflect the changed e 554 * selection table 555 */ 556 shuffle_sb(_ufc_sb0, current_saltbits ^ saltbits); 557 shuffle_sb(_ufc_sb1, current_saltbits ^ saltbits); 558 shuffle_sb(_ufc_sb2, current_saltbits ^ saltbits); 559 shuffle_sb(_ufc_sb3, current_saltbits ^ saltbits); 560 561 current_saltbits = saltbits; 562 } 563 564static void ufc_mk_keytab(char *key) 565 { ufc_long v1, v2, *k1; 566 int i; 567#ifdef _UFC_32_ 568 long32 v, *k2 = &_ufc_keytab[0][0]; 569#endif 570#ifdef _UFC_64_ 571 long64 v, *k2 = &_ufc_keytab[0]; 572#endif 573 574 v1 = v2 = 0; k1 = &do_pc1[0][0][0]; 575 for(i = 8; i--;) { 576 v1 |= k1[*key & 0x7f]; k1 += 128; 577 v2 |= k1[*key++ & 0x7f]; k1 += 128; 578 } 579 580 for(i = 0; i < 16; i++) { 581 k1 = &do_pc2[0][0]; 582 583 v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i])); 584 v = k1[(v1 >> 21) & 0x7f]; k1 += 128; 585 v |= k1[(v1 >> 14) & 0x7f]; k1 += 128; 586 v |= k1[(v1 >> 7) & 0x7f]; k1 += 128; 587 v |= k1[(v1 ) & 0x7f]; k1 += 128; 588 589#ifdef _UFC_32_ 590 *k2++ = v; 591 v = 0; 592#endif 593#ifdef _UFC_64_ 594 v <<= 32; 595#endif 596 597 v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i])); 598 v |= k1[(v2 >> 21) & 0x7f]; k1 += 128; 599 v |= k1[(v2 >> 14) & 0x7f]; k1 += 128; 600 v |= k1[(v2 >> 7) & 0x7f]; k1 += 128; 601 v |= k1[(v2 ) & 0x7f]; 602 603 *k2++ = v; 604 } 605 606 direction = 0; 607 } 608 609/* 610 * Undo an extra E selection and do final permutations 611 */ 612 613ufc_long *_ufc_dofinalperm(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2) 614 { ufc_long v1, v2, x; 615 static ufc_long ary[2]; 616 617 x = (l1 ^ l2) & current_saltbits; l1 ^= x; l2 ^= x; 618 x = (r1 ^ r2) & current_saltbits; r1 ^= x; r2 ^= x; 619 620 v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3; 621 622 v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1]; 623 v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1]; 624 v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1]; 625 v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1]; 626 627 v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1]; 628 v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1]; 629 v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1]; 630 v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1]; 631 632 v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1]; 633 v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1]; 634 v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1]; 635 v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1]; 636 637 v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1]; 638 v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1]; 639 v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1]; 640 v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1]; 641 642 ary[0] = v1; ary[1] = v2; 643 return ary; 644 } 645 646/* 647 * crypt only: convert from 64 bit to 11 bit ASCII 648 * prefixing with the salt 649 */ 650 651static char *output_conversion(ufc_long v1, ufc_long v2, const char *salt) 652 { static char outbuf[14]; 653 int i, s; 654 655 outbuf[0] = salt[0]; 656 outbuf[1] = salt[1] ? salt[1] : salt[0]; 657 658 for(i = 0; i < 5; i++) 659 outbuf[i + 2] = bin_to_ascii((v1 >> (26 - 6 * i)) & 0x3f); 660 661 s = (v2 & 0xf) << 2; 662 v2 = (v2 >> 2) | ((v1 & 0x3) << 30); 663 664 for(i = 5; i < 10; i++) 665 outbuf[i + 2] = bin_to_ascii((v2 >> (56 - 6 * i)) & 0x3f); 666 667 outbuf[12] = bin_to_ascii(s); 668 outbuf[13] = 0; 669 670 return outbuf; 671 } 672 673/* 674 * UNIX crypt function 675 */ 676 677static ufc_long *_ufc_doit(ufc_long , ufc_long, ufc_long, ufc_long, ufc_long); 678 679char *ufc_crypt(const char *key,const char *salt) 680 { ufc_long *s; 681 char ktab[9]; 682 683 /* 684 * Hack DES tables according to salt 685 */ 686 setup_salt(salt); 687 688 /* 689 * Setup key schedule 690 */ 691 clearmem(ktab, sizeof ktab); 692 strncpy(ktab, key, 8); 693 ufc_mk_keytab(ktab); 694 695 /* 696 * Go for the 25 DES encryptions 697 */ 698 s = _ufc_doit((ufc_long)0, (ufc_long)0, 699 (ufc_long)0, (ufc_long)0, (ufc_long)25); 700 701 /* 702 * And convert back to 6 bit ASCII 703 */ 704 return output_conversion(s[0], s[1], salt); 705 } 706 707 708#ifdef _UFC_32_ 709 710/* 711 * 32 bit version 712 */ 713 714extern long32 _ufc_keytab[16][2]; 715extern long32 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[]; 716 717#define SBA(sb, v) (*(long32*)((char*)(sb)+(v))) 718 719static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr) 720 { int i; 721 long32 s, *k; 722 723 while(itr--) { 724 k = &_ufc_keytab[0][0]; 725 for(i=8; i--; ) { 726 s = *k++ ^ r1; 727 l1 ^= SBA(_ufc_sb1, s & 0xffff); l2 ^= SBA(_ufc_sb1, (s & 0xffff)+4); 728 l1 ^= SBA(_ufc_sb0, s >>= 16); l2 ^= SBA(_ufc_sb0, (s) +4); 729 s = *k++ ^ r2; 730 l1 ^= SBA(_ufc_sb3, s & 0xffff); l2 ^= SBA(_ufc_sb3, (s & 0xffff)+4); 731 l1 ^= SBA(_ufc_sb2, s >>= 16); l2 ^= SBA(_ufc_sb2, (s) +4); 732 733 s = *k++ ^ l1; 734 r1 ^= SBA(_ufc_sb1, s & 0xffff); r2 ^= SBA(_ufc_sb1, (s & 0xffff)+4); 735 r1 ^= SBA(_ufc_sb0, s >>= 16); r2 ^= SBA(_ufc_sb0, (s) +4); 736 s = *k++ ^ l2; 737 r1 ^= SBA(_ufc_sb3, s & 0xffff); r2 ^= SBA(_ufc_sb3, (s & 0xffff)+4); 738 r1 ^= SBA(_ufc_sb2, s >>= 16); r2 ^= SBA(_ufc_sb2, (s) +4); 739 } 740 s=l1; l1=r1; r1=s; s=l2; l2=r2; r2=s; 741 } 742 return _ufc_dofinalperm(l1, l2, r1, r2); 743 } 744 745#endif 746 747#ifdef _UFC_64_ 748 749/* 750 * 64 bit version 751 */ 752 753extern long64 _ufc_keytab[16]; 754extern long64 _ufc_sb0[], _ufc_sb1[], _ufc_sb2[], _ufc_sb3[]; 755 756#define SBA(sb, v) (*(long64*)((char*)(sb)+(v))) 757 758static ufc_long *_ufc_doit(ufc_long l1, ufc_long l2, ufc_long r1, ufc_long r2, ufc_long itr) 759 { int i; 760 long64 l, r, s, *k; 761 762 l = (((long64)l1) << 32) | ((long64)l2); 763 r = (((long64)r1) << 32) | ((long64)r2); 764 765 while(itr--) { 766 k = &_ufc_keytab[0]; 767 for(i=8; i--; ) { 768 s = *k++ ^ r; 769 l ^= SBA(_ufc_sb3, (s >> 0) & 0xffff); 770 l ^= SBA(_ufc_sb2, (s >> 16) & 0xffff); 771 l ^= SBA(_ufc_sb1, (s >> 32) & 0xffff); 772 l ^= SBA(_ufc_sb0, (s >> 48) & 0xffff); 773 774 s = *k++ ^ l; 775 r ^= SBA(_ufc_sb3, (s >> 0) & 0xffff); 776 r ^= SBA(_ufc_sb2, (s >> 16) & 0xffff); 777 r ^= SBA(_ufc_sb1, (s >> 32) & 0xffff); 778 r ^= SBA(_ufc_sb0, (s >> 48) & 0xffff); 779 } 780 s=l; l=r; r=s; 781 } 782 783 l1 = l >> 32; l2 = l & 0xffffffff; 784 r1 = r >> 32; r2 = r & 0xffffffff; 785 return _ufc_dofinalperm(l1, l2, r1, r2); 786 } 787 788#endif 789 790#define crypt ufc_crypt 791#endif 792 793main() 794{ 795 char passwd[9]; 796 char salt[9]; 797 char c_out1[256]; 798 char c_out2[256]; 799 800 char expected_out[14]; 801 802 strcpy(expected_out, "12yJ.Of/NQ.Pk"); 803 strcpy(passwd, "12345678"); 804 strcpy(salt, "12345678"); 805 806 strcpy(c_out1, crypt(passwd, salt)); 807 salt[2] = '\0'; 808 strcpy(c_out2, crypt(passwd, salt)); 809 810 /* 811 * If the non-trucated salt fails but the 812 * truncated salt succeeds then exit 1. 813 */ 814 815 if((strcmp(c_out1, expected_out) != 0) && 816 (strcmp(c_out2, expected_out) == 0)) 817 exit(1); 818 819#ifdef HAVE_BIGCRYPT 820 /* 821 * Try the same with bigcrypt... 822 */ 823 824 { 825 char big_passwd[17]; 826 char big_salt[17]; 827 char big_c_out1[256]; 828 char big_c_out2[256]; 829 char big_expected_out[27]; 830 831 strcpy(big_passwd, "1234567812345678"); 832 strcpy(big_salt, "1234567812345678"); 833 strcpy(big_expected_out, "12yJ.Of/NQ.PklfyCuHi/rwM"); 834 835 strcpy(big_c_out1, bigcrypt(big_passwd, big_salt)); 836 big_salt[2] = '\0'; 837 strcpy(big_c_out2, bigcrypt(big_passwd, big_salt)); 838 839 /* 840 * If the non-trucated salt fails but the 841 * truncated salt succeeds then exit 1. 842 */ 843 844 if((strcmp(big_c_out1, big_expected_out) != 0) && 845 (strcmp(big_c_out2, big_expected_out) == 0)) 846 exit(1); 847 848 } 849#endif 850 851 exit(0); 852} 853