1 /* $OpenBSD: crypt.c,v 1.20 2005/08/08 08:05:33 espie Exp $ */
2
3 /*
4 * FreeSec: libcrypt
5 *
6 * Copyright (c) 1994 David Burren
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
17 * 4. Neither the name of the author nor the names of other contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 *
33 *
34 * This is an original implementation of the DES and the crypt(3) interfaces
35 * by David Burren <davidb@werj.com.au>.
36 *
37 * An excellent reference on the underlying algorithm (and related
38 * algorithms) is:
39 *
40 * B. Schneier, Applied Cryptography: protocols, algorithms,
41 * and source code in C, John Wiley & Sons, 1994.
42 *
43 * Note that in that book's description of DES the lookups for the initial,
44 * pbox, and final permutations are inverted (this has been brought to the
45 * attention of the author). A list of errata for this book has been
46 * posted to the sci.crypt newsgroup by the author and is available for FTP.
47 */
48
49 #include <sys/types.h>
50 #include <sys/param.h>
51 #include <pwd.h>
52 #include <unistd.h>
53 #include <string.h>
54
55 #ifdef DEBUG
56 # include <stdio.h>
57 #endif
58
59 __RCSID("$MirOS: src/lib/libc/crypt/crypt.c,v 1.4 2013/08/14 20:58:45 tg Exp $");
60
61 static char *crypt_internal(const char *, const char *);
62
63 void _des_init(void);
64 void _des_setup_salt(int32_t);
65 int _des_do_des(u_int32_t, u_int32_t, u_int32_t *, u_int32_t *, int);
66
67 static const u_char IP[64] = {
68 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
69 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
70 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
71 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
72 };
73
74 static u_char inv_key_perm[64];
75 static u_char u_key_perm[56];
76 static u_char const key_perm[56] = {
77 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
78 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
79 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
80 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
81 };
82
83 static const u_char key_shifts[16] = {
84 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
85 };
86
87 static u_char inv_comp_perm[56];
88 static const u_char comp_perm[48] = {
89 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
90 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
91 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
92 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
93 };
94
95 /*
96 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
97 */
98
99 static u_char u_sbox[8][64];
100 static const u_char sbox[8][64] = {
101 {
102 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
103 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
104 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
105 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
106 },
107 {
108 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
109 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
110 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
111 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
112 },
113 {
114 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
115 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
116 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
117 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
118 },
119 {
120 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
121 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
122 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
123 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
124 },
125 {
126 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
127 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
128 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
129 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
130 },
131 {
132 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
133 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
134 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
135 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
136 },
137 {
138 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
139 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
140 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
141 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
142 },
143 {
144 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
145 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
146 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
147 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
148 }
149 };
150
151 static u_char un_pbox[32];
152 static const u_char pbox[32] = {
153 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
154 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
155 };
156
157 const u_int32_t _des_bits32[32] =
158 {
159 0x80000000, 0x40000000, 0x20000000, 0x10000000,
160 0x08000000, 0x04000000, 0x02000000, 0x01000000,
161 0x00800000, 0x00400000, 0x00200000, 0x00100000,
162 0x00080000, 0x00040000, 0x00020000, 0x00010000,
163 0x00008000, 0x00004000, 0x00002000, 0x00001000,
164 0x00000800, 0x00000400, 0x00000200, 0x00000100,
165 0x00000080, 0x00000040, 0x00000020, 0x00000010,
166 0x00000008, 0x00000004, 0x00000002, 0x00000001
167 };
168
169 const u_char _des_bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
170
171 static u_int32_t saltbits;
172 static int32_t old_salt;
173 static const u_int32_t *bits28, *bits24;
174 static u_char init_perm[64], final_perm[64];
175 static u_int32_t en_keysl[16], en_keysr[16];
176 static u_int32_t de_keysl[16], de_keysr[16];
177 int _des_initialised = 0;
178 static u_char m_sbox[4][4096];
179 static u_int32_t psbox[4][256];
180 static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
181 static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
182 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
183 static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
184 static u_int32_t old_rawkey0, old_rawkey1;
185
186 extern const uint8_t mbsd_digits_md5crypt[65];
187
188 static __inline int
ascii_to_bin(char ch)189 ascii_to_bin(char ch)
190 {
191 if (ch > 'z')
192 return(0);
193 if (ch >= 'a')
194 return(ch - 'a' + 38);
195 if (ch > 'Z')
196 return(0);
197 if (ch >= 'A')
198 return(ch - 'A' + 12);
199 if (ch > '9')
200 return(0);
201 if (ch >= '.')
202 return(ch - '.');
203 return(0);
204 }
205
206 void
_des_init(void)207 _des_init(void)
208 {
209 int i, j, b, k, inbit, obit;
210 u_int32_t *p, *il, *ir, *fl, *fr;
211
212 old_rawkey0 = old_rawkey1 = 0;
213 saltbits = 0;
214 old_salt = 0;
215 bits24 = (bits28 = _des_bits32 + 4) + 4;
216
217 /*
218 * Invert the S-boxes, reordering the input bits.
219 */
220 for (i = 0; i < 8; i++)
221 for (j = 0; j < 64; j++) {
222 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
223 u_sbox[i][j] = sbox[i][b];
224 }
225
226 /*
227 * Convert the inverted S-boxes into 4 arrays of 8 bits.
228 * Each will handle 12 bits of the S-box input.
229 */
230 for (b = 0; b < 4; b++)
231 for (i = 0; i < 64; i++)
232 for (j = 0; j < 64; j++)
233 m_sbox[b][(i << 6) | j] =
234 (u_sbox[(b << 1)][i] << 4) |
235 u_sbox[(b << 1) + 1][j];
236
237 /*
238 * Set up the initial & final permutations into a useful form, and
239 * initialise the inverted key permutation.
240 */
241 for (i = 0; i < 64; i++) {
242 init_perm[final_perm[i] = IP[i] - 1] = i;
243 inv_key_perm[i] = 255;
244 }
245
246 /*
247 * Invert the key permutation and initialise the inverted key
248 * compression permutation.
249 */
250 for (i = 0; i < 56; i++) {
251 u_key_perm[i] = key_perm[i] - 1;
252 inv_key_perm[key_perm[i] - 1] = i;
253 inv_comp_perm[i] = 255;
254 }
255
256 /*
257 * Invert the key compression permutation.
258 */
259 for (i = 0; i < 48; i++) {
260 inv_comp_perm[comp_perm[i] - 1] = i;
261 }
262
263 /*
264 * Set up the OR-mask arrays for the initial and final permutations,
265 * and for the key initial and compression permutations.
266 */
267 for (k = 0; k < 8; k++) {
268 for (i = 0; i < 256; i++) {
269 *(il = &ip_maskl[k][i]) = 0;
270 *(ir = &ip_maskr[k][i]) = 0;
271 *(fl = &fp_maskl[k][i]) = 0;
272 *(fr = &fp_maskr[k][i]) = 0;
273 for (j = 0; j < 8; j++) {
274 inbit = 8 * k + j;
275 if (i & _des_bits8[j]) {
276 if ((obit = init_perm[inbit]) < 32)
277 *il |= _des_bits32[obit];
278 else
279 *ir |= _des_bits32[obit-32];
280 if ((obit = final_perm[inbit]) < 32)
281 *fl |= _des_bits32[obit];
282 else
283 *fr |= _des_bits32[obit - 32];
284 }
285 }
286 }
287 for (i = 0; i < 128; i++) {
288 *(il = &key_perm_maskl[k][i]) = 0;
289 *(ir = &key_perm_maskr[k][i]) = 0;
290 for (j = 0; j < 7; j++) {
291 inbit = 8 * k + j;
292 if (i & _des_bits8[j + 1]) {
293 if ((obit = inv_key_perm[inbit]) == 255)
294 continue;
295 if (obit < 28)
296 *il |= bits28[obit];
297 else
298 *ir |= bits28[obit - 28];
299 }
300 }
301 *(il = &comp_maskl[k][i]) = 0;
302 *(ir = &comp_maskr[k][i]) = 0;
303 for (j = 0; j < 7; j++) {
304 inbit = 7 * k + j;
305 if (i & _des_bits8[j + 1]) {
306 if ((obit=inv_comp_perm[inbit]) == 255)
307 continue;
308 if (obit < 24)
309 *il |= bits24[obit];
310 else
311 *ir |= bits24[obit - 24];
312 }
313 }
314 }
315 }
316
317 /*
318 * Invert the P-box permutation, and convert into OR-masks for
319 * handling the output of the S-box arrays setup above.
320 */
321 for (i = 0; i < 32; i++)
322 un_pbox[pbox[i] - 1] = i;
323
324 for (b = 0; b < 4; b++)
325 for (i = 0; i < 256; i++) {
326 *(p = &psbox[b][i]) = 0;
327 for (j = 0; j < 8; j++) {
328 if (i & _des_bits8[j])
329 *p |= _des_bits32[un_pbox[8 * b + j]];
330 }
331 }
332
333 _des_initialised = 1;
334 }
335
336 void
_des_setup_salt(int32_t salt)337 _des_setup_salt(int32_t salt)
338 {
339 u_int32_t obit, saltbit;
340 int i;
341
342 if (salt == old_salt)
343 return;
344 old_salt = salt;
345
346 saltbits = 0;
347 saltbit = 1;
348 obit = 0x800000;
349 for (i = 0; i < 24; i++) {
350 if (salt & saltbit)
351 saltbits |= obit;
352 saltbit <<= 1;
353 obit >>= 1;
354 }
355 }
356
357 int
des_setkey(const char * key)358 des_setkey(const char *key)
359 {
360 u_int32_t k0, k1, rawkey0, rawkey1;
361 int shifts, round;
362
363 if (!_des_initialised)
364 _des_init();
365
366 rawkey0 = ntohl(*(const u_int32_t *) key);
367 rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
368
369 if ((rawkey0 | rawkey1)
370 && rawkey0 == old_rawkey0
371 && rawkey1 == old_rawkey1) {
372 /*
373 * Already setup for this key.
374 * This optimisation fails on a zero key (which is weak and
375 * has bad parity anyway) in order to simplify the starting
376 * conditions.
377 */
378 return(0);
379 }
380 old_rawkey0 = rawkey0;
381 old_rawkey1 = rawkey1;
382
383 /*
384 * Do key permutation and split into two 28-bit subkeys.
385 */
386 k0 = key_perm_maskl[0][rawkey0 >> 25]
387 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
388 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
389 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
390 | key_perm_maskl[4][rawkey1 >> 25]
391 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
392 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
393 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
394 k1 = key_perm_maskr[0][rawkey0 >> 25]
395 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
396 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
397 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
398 | key_perm_maskr[4][rawkey1 >> 25]
399 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
400 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
401 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
402 /*
403 * Rotate subkeys and do compression permutation.
404 */
405 shifts = 0;
406 for (round = 0; round < 16; round++) {
407 u_int32_t t0, t1;
408
409 shifts += key_shifts[round];
410
411 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
412 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
413
414 de_keysl[15 - round] =
415 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
416 | comp_maskl[1][(t0 >> 14) & 0x7f]
417 | comp_maskl[2][(t0 >> 7) & 0x7f]
418 | comp_maskl[3][t0 & 0x7f]
419 | comp_maskl[4][(t1 >> 21) & 0x7f]
420 | comp_maskl[5][(t1 >> 14) & 0x7f]
421 | comp_maskl[6][(t1 >> 7) & 0x7f]
422 | comp_maskl[7][t1 & 0x7f];
423
424 de_keysr[15 - round] =
425 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
426 | comp_maskr[1][(t0 >> 14) & 0x7f]
427 | comp_maskr[2][(t0 >> 7) & 0x7f]
428 | comp_maskr[3][t0 & 0x7f]
429 | comp_maskr[4][(t1 >> 21) & 0x7f]
430 | comp_maskr[5][(t1 >> 14) & 0x7f]
431 | comp_maskr[6][(t1 >> 7) & 0x7f]
432 | comp_maskr[7][t1 & 0x7f];
433 }
434 return(0);
435 }
436
437 int
_des_do_des(u_int32_t l_in,u_int32_t r_in,u_int32_t * l_out,u_int32_t * r_out,int count)438 _des_do_des(u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out,
439 int count)
440 {
441 /*
442 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
443 */
444 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
445 u_int32_t f, r48l, r48r;
446 int round;
447
448 if (count == 0) {
449 return(1);
450 } else if (count > 0) {
451 /*
452 * Encrypting
453 */
454 kl1 = en_keysl;
455 kr1 = en_keysr;
456 } else {
457 /*
458 * Decrypting
459 */
460 count = -count;
461 kl1 = de_keysl;
462 kr1 = de_keysr;
463 }
464
465 /*
466 * Do initial permutation (IP).
467 */
468 l = ip_maskl[0][l_in >> 24]
469 | ip_maskl[1][(l_in >> 16) & 0xff]
470 | ip_maskl[2][(l_in >> 8) & 0xff]
471 | ip_maskl[3][l_in & 0xff]
472 | ip_maskl[4][r_in >> 24]
473 | ip_maskl[5][(r_in >> 16) & 0xff]
474 | ip_maskl[6][(r_in >> 8) & 0xff]
475 | ip_maskl[7][r_in & 0xff];
476 r = ip_maskr[0][l_in >> 24]
477 | ip_maskr[1][(l_in >> 16) & 0xff]
478 | ip_maskr[2][(l_in >> 8) & 0xff]
479 | ip_maskr[3][l_in & 0xff]
480 | ip_maskr[4][r_in >> 24]
481 | ip_maskr[5][(r_in >> 16) & 0xff]
482 | ip_maskr[6][(r_in >> 8) & 0xff]
483 | ip_maskr[7][r_in & 0xff];
484
485 while (count--) {
486 /*
487 * Do each round.
488 */
489 kl = kl1;
490 kr = kr1;
491 round = 16;
492 while (round--) {
493 /*
494 * Expand R to 48 bits (simulate the E-box).
495 */
496 r48l = ((r & 0x00000001) << 23)
497 | ((r & 0xf8000000) >> 9)
498 | ((r & 0x1f800000) >> 11)
499 | ((r & 0x01f80000) >> 13)
500 | ((r & 0x001f8000) >> 15);
501
502 r48r = ((r & 0x0001f800) << 7)
503 | ((r & 0x00001f80) << 5)
504 | ((r & 0x000001f8) << 3)
505 | ((r & 0x0000001f) << 1)
506 | ((r & 0x80000000) >> 31);
507 /*
508 * Do salting for crypt() and friends, and
509 * XOR with the permuted key.
510 */
511 f = (r48l ^ r48r) & saltbits;
512 r48l ^= f ^ *kl++;
513 r48r ^= f ^ *kr++;
514 /*
515 * Do sbox lookups (which shrink it back to 32 bits)
516 * and do the pbox permutation at the same time.
517 */
518 f = psbox[0][m_sbox[0][r48l >> 12]]
519 | psbox[1][m_sbox[1][r48l & 0xfff]]
520 | psbox[2][m_sbox[2][r48r >> 12]]
521 | psbox[3][m_sbox[3][r48r & 0xfff]];
522 /*
523 * Now that we've permuted things, complete f().
524 */
525 f ^= l;
526 l = r;
527 r = f;
528 }
529 r = l;
530 l = f;
531 }
532 /*
533 * Do final permutation (inverse of IP).
534 */
535 *l_out = fp_maskl[0][l >> 24]
536 | fp_maskl[1][(l >> 16) & 0xff]
537 | fp_maskl[2][(l >> 8) & 0xff]
538 | fp_maskl[3][l & 0xff]
539 | fp_maskl[4][r >> 24]
540 | fp_maskl[5][(r >> 16) & 0xff]
541 | fp_maskl[6][(r >> 8) & 0xff]
542 | fp_maskl[7][r & 0xff];
543 *r_out = fp_maskr[0][l >> 24]
544 | fp_maskr[1][(l >> 16) & 0xff]
545 | fp_maskr[2][(l >> 8) & 0xff]
546 | fp_maskr[3][l & 0xff]
547 | fp_maskr[4][r >> 24]
548 | fp_maskr[5][(r >> 16) & 0xff]
549 | fp_maskr[6][(r >> 8) & 0xff]
550 | fp_maskr[7][r & 0xff];
551 return(0);
552 }
553
554 int
des_cipher(const char * in,char * out,int32_t salt,int count)555 des_cipher(const char *in, char *out, int32_t salt, int count)
556 {
557 u_int32_t l_out, r_out, rawl, rawr;
558 u_int32_t x[2];
559 int retval;
560
561 if (!_des_initialised)
562 _des_init();
563
564 _des_setup_salt(salt);
565
566 memcpy(x, in, sizeof x);
567 rawl = ntohl(x[0]);
568 rawr = ntohl(x[1]);
569 retval = _des_do_des(rawl, rawr, &l_out, &r_out, count);
570
571 x[0] = htonl(l_out);
572 x[1] = htonl(r_out);
573 memcpy(out, x, sizeof x);
574 return(retval);
575 }
576
577 char *
crypt(const char * key,const char * setting)578 crypt(const char *key, const char *setting)
579 {
580 char *rv;
581 static char buf[2];
582
583 if ((rv = crypt_internal(key, setting)) == NULL) {
584 buf[0] = setting && (*setting == 'x') ? '*' : 'x';
585 buf[1] = '\0';
586 rv = buf;
587 }
588
589 return (rv);
590 }
591
592 static char *
crypt_internal(const char * key,const char * setting)593 crypt_internal(const char *key, const char *setting)
594 {
595 int i;
596 u_int32_t count, salt, l, r0, r1, keybuf[2];
597 u_char *p, *q;
598 static u_char output[21];
599
600 if (setting[0] == '$') {
601 switch (setting[1]) {
602 case '1':
603 return (md5crypt(key, setting));
604 default:
605 return bcrypt(key, setting);
606 }
607 }
608
609 if (!_des_initialised)
610 _des_init();
611
612 /*
613 * Copy the key, shifting each character up by one bit
614 * and padding with zeros.
615 */
616 q = (u_char *) keybuf;
617 while ((size_t)((q - (u_char *) keybuf)) < sizeof(keybuf)) {
618 if ((*q++ = *key << 1))
619 key++;
620 }
621 if (des_setkey((char *) keybuf))
622 return(NULL);
623
624 if (*setting == _PASSWORD_EFMT1) {
625 /*
626 * "new"-style:
627 * setting - underscore, 4 bytes of count, 4 bytes of salt
628 * key - unlimited characters
629 */
630 for (i = 1, count = 0; i < 5; i++)
631 count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
632
633 for (i = 5, salt = 0; i < 9; i++)
634 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
635
636 while (*key) {
637 /*
638 * Encrypt the key with itself.
639 */
640 if (des_cipher((char *)keybuf, (char *)keybuf, 0, 1))
641 return(NULL);
642 /*
643 * And XOR with the next 8 characters of the key.
644 */
645 q = (u_char *) keybuf;
646 while ((((size_t)(q - (u_char *) keybuf) <
647 sizeof(keybuf))) && *key)
648 *q++ ^= *key++ << 1;
649
650 if (des_setkey((char *) keybuf))
651 return(NULL);
652 }
653 strlcpy((char *)output, setting, 10);
654
655 /*
656 * Double check that we weren't given a short setting.
657 * If we were, the above code will probably have created
658 * weird values for count and salt, but we don't really care.
659 * Just make sure the output string doesn't have an extra
660 * NUL in it.
661 */
662 p = output + strlen((const char *)output);
663 } else {
664 /*
665 * "old"-style:
666 * setting - 2 bytes of salt
667 * key - up to 8 characters
668 */
669 count = 25;
670
671 salt = (ascii_to_bin(setting[1]) << 6)
672 | ascii_to_bin(setting[0]);
673
674 output[0] = setting[0];
675 /*
676 * If the encrypted password that the salt was extracted from
677 * is only 1 character long, the salt will be corrupted. We
678 * need to ensure that the output string doesn't have an extra
679 * NUL in it!
680 */
681 output[1] = setting[1] ? setting[1] : output[0];
682
683 p = output + 2;
684 }
685 _des_setup_salt(salt);
686
687 /*
688 * Do it.
689 */
690 if (_des_do_des(0, 0, &r0, &r1, count))
691 return(NULL);
692 /*
693 * Now encode the result...
694 */
695 l = (r0 >> 8);
696 *p++ = mbsd_digits_md5crypt[(l >> 18) & 0x3f];
697 *p++ = mbsd_digits_md5crypt[(l >> 12) & 0x3f];
698 *p++ = mbsd_digits_md5crypt[(l >> 6) & 0x3f];
699 *p++ = mbsd_digits_md5crypt[l & 0x3f];
700
701 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
702 *p++ = mbsd_digits_md5crypt[(l >> 18) & 0x3f];
703 *p++ = mbsd_digits_md5crypt[(l >> 12) & 0x3f];
704 *p++ = mbsd_digits_md5crypt[(l >> 6) & 0x3f];
705 *p++ = mbsd_digits_md5crypt[l & 0x3f];
706
707 l = r1 << 2;
708 *p++ = mbsd_digits_md5crypt[(l >> 12) & 0x3f];
709 *p++ = mbsd_digits_md5crypt[(l >> 6) & 0x3f];
710 *p++ = mbsd_digits_md5crypt[l & 0x3f];
711 *p = 0;
712
713 return((char *)output);
714 }
715