]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * crypt.c: Implements unix style crypt() for platforms that don't have it | |
3 | * This version has both an md5 and des crypt. | |
4 | * This was pretty much catted together from uclibc. | |
5 | */ | |
6 | ||
7 | /* | |
8 | * crypt() for uClibc | |
9 | * | |
10 | * Copyright (C) 2000 by Lineo, inc. and Erik Andersen | |
11 | * Copyright (C) 2000,2001 by Erik Andersen <andersen@uclibc.org> | |
12 | * Written by Erik Andersen <andersen@uclibc.org> | |
13 | * | |
14 | * This program is free software; you can redistribute it and/or modify it | |
15 | * under the terms of the GNU Library General Public License as published by | |
16 | * the Free Software Foundation; either version 2 of the License, or (at your | |
17 | * option) any later version. | |
18 | * | |
19 | * This program is distributed in the hope that it will be useful, but WITHOUT | |
20 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
21 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License | |
22 | * for more details. | |
23 | * | |
24 | * You should have received a copy of the GNU Library General Public License | |
25 | * along with this program; if not, write to the Free Software Foundation, | |
26 | * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
27 | */ | |
28 | ||
29 | #include <libratbox_config.h> | |
30 | #include <ratbox_lib.h> | |
31 | ||
32 | ||
33 | #ifndef NEED_CRYPT | |
34 | extern char *crypt(const char *key, const char *salt); | |
35 | ||
36 | char * | |
37 | rb_crypt(const char *key, const char *salt) | |
38 | { | |
39 | return(crypt(key, salt)); | |
40 | } | |
41 | #else | |
42 | ||
43 | static char * __md5_crypt( const char *pw, const char *salt); | |
44 | static char * __des_crypt( const char *pw, const char *salt); | |
45 | ||
46 | char * | |
47 | rb_crypt(const char *key, const char *salt) | |
48 | { | |
49 | /* First, check if we are supposed to be using the MD5 replacement | |
50 | * instead of DES... */ | |
51 | if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$') | |
52 | return __md5_crypt(key, salt); | |
53 | else | |
54 | return __des_crypt(key, salt); | |
55 | } | |
56 | ||
57 | /* Here is the des crypt() stuff */ | |
58 | ||
59 | /* | |
60 | * FreeSec: libcrypt for NetBSD | |
61 | * | |
62 | * Copyright (c) 1994 David Burren | |
63 | * All rights reserved. | |
64 | * | |
65 | * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet | |
66 | * this file should now *only* export crypt(), in order to make | |
67 | * binaries of libcrypt exportable from the USA | |
68 | * | |
69 | * Adapted for FreeBSD-4.0 by Mark R V Murray | |
70 | * this file should now *only* export crypt_des(), in order to make | |
71 | * a module that can be optionally included in libcrypt. | |
72 | * | |
73 | * Redistribution and use in source and binary forms, with or without | |
74 | * modification, are permitted provided that the following conditions | |
75 | * are met: | |
76 | * 1. Redistributions of source code must retain the above copyright | |
77 | * notice, this list of conditions and the following disclaimer. | |
78 | * 2. Redistributions in binary form must reproduce the above copyright | |
79 | * notice, this list of conditions and the following disclaimer in the | |
80 | * documentation and/or other materials provided with the distribution. | |
81 | * 3. Neither the name of the author nor the names of other contributors | |
82 | * may be used to endorse or promote products derived from this software | |
83 | * without specific prior written permission. | |
84 | * | |
85 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |
86 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
87 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
88 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
89 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
90 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
91 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
92 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
93 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
94 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
95 | * SUCH DAMAGE. | |
96 | * | |
97 | * This is an original implementation of the DES and the crypt(3) interfaces | |
98 | * by David Burren <davidb@werj.com.au>. | |
99 | * | |
100 | * An excellent reference on the underlying algorithm (and related | |
101 | * algorithms) is: | |
102 | * | |
103 | * B. Schneier, Applied Cryptography: protocols, algorithms, | |
104 | * and source code in C, John Wiley & Sons, 1994. | |
105 | * | |
106 | * Note that in that book's description of DES the lookups for the initial, | |
107 | * pbox, and final permutations are inverted (this has been brought to the | |
108 | * attention of the author). A list of errata for this book has been | |
109 | * posted to the sci.crypt newsgroup by the author and is available for FTP. | |
110 | * | |
111 | * ARCHITECTURE ASSUMPTIONS: | |
112 | * It is assumed that the 8-byte arrays passed by reference can be | |
113 | * addressed as arrays of rb_uint32_t's (ie. the CPU is not picky about | |
114 | * alignment). | |
115 | */ | |
116 | ||
117 | ||
118 | /* Re-entrantify me -- all this junk needs to be in | |
119 | * struct crypt_data to make this really reentrant... */ | |
120 | static u_char inv_key_perm[64]; | |
121 | static u_char inv_comp_perm[56]; | |
122 | static u_char u_sbox[8][64]; | |
123 | static u_char un_pbox[32]; | |
124 | static rb_uint32_t en_keysl[16], en_keysr[16]; | |
125 | static rb_uint32_t de_keysl[16], de_keysr[16]; | |
126 | static rb_uint32_t ip_maskl[8][256], ip_maskr[8][256]; | |
127 | static rb_uint32_t fp_maskl[8][256], fp_maskr[8][256]; | |
128 | static rb_uint32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; | |
129 | static rb_uint32_t comp_maskl[8][128], comp_maskr[8][128]; | |
130 | static rb_uint32_t saltbits; | |
131 | static rb_uint32_t old_salt; | |
132 | static rb_uint32_t old_rawkey0, old_rawkey1; | |
133 | ||
134 | ||
135 | /* Static stuff that stays resident and doesn't change after | |
136 | * being initialized, and therefore doesn't need to be made | |
137 | * reentrant. */ | |
138 | static u_char init_perm[64], final_perm[64]; | |
139 | static u_char m_sbox[4][4096]; | |
140 | static rb_uint32_t psbox[4][256]; | |
141 | ||
142 | ||
143 | ||
144 | ||
145 | /* A pile of data */ | |
146 | static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | |
147 | ||
148 | static const u_char IP[64] = { | |
149 | 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, | |
150 | 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, | |
151 | 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, | |
152 | 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 | |
153 | }; | |
154 | ||
155 | static const u_char key_perm[56] = { | |
156 | 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, | |
157 | 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, | |
158 | 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, | |
159 | 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 | |
160 | }; | |
161 | ||
162 | static const u_char key_shifts[16] = { | |
163 | 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 | |
164 | }; | |
165 | ||
166 | static const u_char comp_perm[48] = { | |
167 | 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, | |
168 | 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, | |
169 | 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, | |
170 | 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 | |
171 | }; | |
172 | ||
173 | /* | |
174 | * No E box is used, as it's replaced by some ANDs, shifts, and ORs. | |
175 | */ | |
176 | ||
177 | static const u_char sbox[8][64] = { | |
178 | { | |
179 | 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, | |
180 | 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, | |
181 | 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, | |
182 | 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 | |
183 | }, | |
184 | { | |
185 | 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, | |
186 | 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, | |
187 | 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, | |
188 | 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 | |
189 | }, | |
190 | { | |
191 | 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, | |
192 | 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, | |
193 | 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, | |
194 | 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 | |
195 | }, | |
196 | { | |
197 | 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, | |
198 | 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, | |
199 | 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, | |
200 | 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 | |
201 | }, | |
202 | { | |
203 | 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, | |
204 | 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, | |
205 | 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, | |
206 | 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 | |
207 | }, | |
208 | { | |
209 | 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, | |
210 | 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, | |
211 | 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, | |
212 | 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 | |
213 | }, | |
214 | { | |
215 | 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, | |
216 | 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, | |
217 | 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, | |
218 | 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 | |
219 | }, | |
220 | { | |
221 | 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, | |
222 | 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, | |
223 | 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, | |
224 | 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 | |
225 | } | |
226 | }; | |
227 | ||
228 | static const u_char pbox[32] = { | |
229 | 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, | |
230 | 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 | |
231 | }; | |
232 | ||
233 | static const rb_uint32_t bits32[32] = | |
234 | { | |
235 | 0x80000000, 0x40000000, 0x20000000, 0x10000000, | |
236 | 0x08000000, 0x04000000, 0x02000000, 0x01000000, | |
237 | 0x00800000, 0x00400000, 0x00200000, 0x00100000, | |
238 | 0x00080000, 0x00040000, 0x00020000, 0x00010000, | |
239 | 0x00008000, 0x00004000, 0x00002000, 0x00001000, | |
240 | 0x00000800, 0x00000400, 0x00000200, 0x00000100, | |
241 | 0x00000080, 0x00000040, 0x00000020, 0x00000010, | |
242 | 0x00000008, 0x00000004, 0x00000002, 0x00000001 | |
243 | }; | |
244 | ||
245 | static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; | |
246 | static const rb_uint32_t *bits28, *bits24; | |
247 | ||
248 | ||
249 | static int | |
250 | ascii_to_bin(char ch) | |
251 | { | |
252 | if (ch > 'z') | |
253 | return(0); | |
254 | if (ch >= 'a') | |
255 | return(ch - 'a' + 38); | |
256 | if (ch > 'Z') | |
257 | return(0); | |
258 | if (ch >= 'A') | |
259 | return(ch - 'A' + 12); | |
260 | if (ch > '9') | |
261 | return(0); | |
262 | if (ch >= '.') | |
263 | return(ch - '.'); | |
264 | return(0); | |
265 | } | |
266 | ||
267 | static void | |
268 | des_init(void) | |
269 | { | |
270 | int i, j, b, k, inbit, obit; | |
271 | rb_uint32_t *p, *il, *ir, *fl, *fr; | |
272 | static int des_initialised = 0; | |
273 | ||
274 | if (des_initialised==1) | |
275 | return; | |
276 | ||
277 | old_rawkey0 = old_rawkey1 = 0L; | |
278 | saltbits = 0L; | |
279 | old_salt = 0L; | |
280 | bits24 = (bits28 = bits32 + 4) + 4; | |
281 | ||
282 | /* | |
283 | * Invert the S-boxes, reordering the input bits. | |
284 | */ | |
285 | for (i = 0; i < 8; i++) | |
286 | for (j = 0; j < 64; j++) { | |
287 | b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); | |
288 | u_sbox[i][j] = sbox[i][b]; | |
289 | } | |
290 | ||
291 | /* | |
292 | * Convert the inverted S-boxes into 4 arrays of 8 bits. | |
293 | * Each will handle 12 bits of the S-box input. | |
294 | */ | |
295 | for (b = 0; b < 4; b++) | |
296 | for (i = 0; i < 64; i++) | |
297 | for (j = 0; j < 64; j++) | |
298 | m_sbox[b][(i << 6) | j] = | |
299 | (u_char)((u_sbox[(b << 1)][i] << 4) | | |
300 | u_sbox[(b << 1) + 1][j]); | |
301 | ||
302 | /* | |
303 | * Set up the initial & final permutations into a useful form, and | |
304 | * initialise the inverted key permutation. | |
305 | */ | |
306 | for (i = 0; i < 64; i++) { | |
307 | init_perm[final_perm[i] = IP[i] - 1] = (u_char)i; | |
308 | inv_key_perm[i] = 255; | |
309 | } | |
310 | ||
311 | /* | |
312 | * Invert the key permutation and initialise the inverted key | |
313 | * compression permutation. | |
314 | */ | |
315 | for (i = 0; i < 56; i++) { | |
316 | inv_key_perm[key_perm[i] - 1] = (u_char)i; | |
317 | inv_comp_perm[i] = 255; | |
318 | } | |
319 | ||
320 | /* | |
321 | * Invert the key compression permutation. | |
322 | */ | |
323 | for (i = 0; i < 48; i++) { | |
324 | inv_comp_perm[comp_perm[i] - 1] = (u_char)i; | |
325 | } | |
326 | ||
327 | /* | |
328 | * Set up the OR-mask arrays for the initial and final permutations, | |
329 | * and for the key initial and compression permutations. | |
330 | */ | |
331 | for (k = 0; k < 8; k++) { | |
332 | for (i = 0; i < 256; i++) { | |
333 | *(il = &ip_maskl[k][i]) = 0L; | |
334 | *(ir = &ip_maskr[k][i]) = 0L; | |
335 | *(fl = &fp_maskl[k][i]) = 0L; | |
336 | *(fr = &fp_maskr[k][i]) = 0L; | |
337 | for (j = 0; j < 8; j++) { | |
338 | inbit = 8 * k + j; | |
339 | if (i & bits8[j]) { | |
340 | if ((obit = init_perm[inbit]) < 32) | |
341 | *il |= bits32[obit]; | |
342 | else | |
343 | *ir |= bits32[obit-32]; | |
344 | if ((obit = final_perm[inbit]) < 32) | |
345 | *fl |= bits32[obit]; | |
346 | else | |
347 | *fr |= bits32[obit - 32]; | |
348 | } | |
349 | } | |
350 | } | |
351 | for (i = 0; i < 128; i++) { | |
352 | *(il = &key_perm_maskl[k][i]) = 0L; | |
353 | *(ir = &key_perm_maskr[k][i]) = 0L; | |
354 | for (j = 0; j < 7; j++) { | |
355 | inbit = 8 * k + j; | |
356 | if (i & bits8[j + 1]) { | |
357 | if ((obit = inv_key_perm[inbit]) == 255) | |
358 | continue; | |
359 | if (obit < 28) | |
360 | *il |= bits28[obit]; | |
361 | else | |
362 | *ir |= bits28[obit - 28]; | |
363 | } | |
364 | } | |
365 | *(il = &comp_maskl[k][i]) = 0L; | |
366 | *(ir = &comp_maskr[k][i]) = 0L; | |
367 | for (j = 0; j < 7; j++) { | |
368 | inbit = 7 * k + j; | |
369 | if (i & bits8[j + 1]) { | |
370 | if ((obit=inv_comp_perm[inbit]) == 255) | |
371 | continue; | |
372 | if (obit < 24) | |
373 | *il |= bits24[obit]; | |
374 | else | |
375 | *ir |= bits24[obit - 24]; | |
376 | } | |
377 | } | |
378 | } | |
379 | } | |
380 | ||
381 | /* | |
382 | * Invert the P-box permutation, and convert into OR-masks for | |
383 | * handling the output of the S-box arrays setup above. | |
384 | */ | |
385 | for (i = 0; i < 32; i++) | |
386 | un_pbox[pbox[i] - 1] = (u_char)i; | |
387 | ||
388 | for (b = 0; b < 4; b++) | |
389 | for (i = 0; i < 256; i++) { | |
390 | *(p = &psbox[b][i]) = 0L; | |
391 | for (j = 0; j < 8; j++) { | |
392 | if (i & bits8[j]) | |
393 | *p |= bits32[un_pbox[8 * b + j]]; | |
394 | } | |
395 | } | |
396 | ||
397 | des_initialised = 1; | |
398 | } | |
399 | ||
400 | ||
401 | static void | |
402 | setup_salt(long salt) | |
403 | { | |
404 | rb_uint32_t obit, saltbit; | |
405 | int i; | |
406 | ||
407 | if (salt == (long)old_salt) | |
408 | return; | |
409 | old_salt = salt; | |
410 | ||
411 | saltbits = 0L; | |
412 | saltbit = 1; | |
413 | obit = 0x800000; | |
414 | for (i = 0; i < 24; i++) { | |
415 | if (salt & saltbit) | |
416 | saltbits |= obit; | |
417 | saltbit <<= 1; | |
418 | obit >>= 1; | |
419 | } | |
420 | } | |
421 | ||
422 | ||
423 | static int | |
424 | des_setkey(const char *key) | |
425 | { | |
426 | rb_uint32_t k0, k1, rawkey0, rawkey1; | |
427 | int shifts, round; | |
428 | ||
429 | des_init(); | |
430 | ||
431 | rawkey0 = ntohl(*(const rb_uint32_t *) key); | |
432 | rawkey1 = ntohl(*(const rb_uint32_t *) (key + 4)); | |
433 | ||
434 | if ((rawkey0 | rawkey1) | |
435 | && rawkey0 == old_rawkey0 | |
436 | && rawkey1 == old_rawkey1) { | |
437 | /* | |
438 | * Already setup for this key. | |
439 | * This optimisation fails on a zero key (which is weak and | |
440 | * has bad parity anyway) in order to simplify the starting | |
441 | * conditions. | |
442 | */ | |
443 | return(0); | |
444 | } | |
445 | old_rawkey0 = rawkey0; | |
446 | old_rawkey1 = rawkey1; | |
447 | ||
448 | /* | |
449 | * Do key permutation and split into two 28-bit subkeys. | |
450 | */ | |
451 | k0 = key_perm_maskl[0][rawkey0 >> 25] | |
452 | | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] | |
453 | | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] | |
454 | | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] | |
455 | | key_perm_maskl[4][rawkey1 >> 25] | |
456 | | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] | |
457 | | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] | |
458 | | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; | |
459 | k1 = key_perm_maskr[0][rawkey0 >> 25] | |
460 | | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] | |
461 | | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] | |
462 | | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] | |
463 | | key_perm_maskr[4][rawkey1 >> 25] | |
464 | | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] | |
465 | | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] | |
466 | | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; | |
467 | /* | |
468 | * Rotate subkeys and do compression permutation. | |
469 | */ | |
470 | shifts = 0; | |
471 | for (round = 0; round < 16; round++) { | |
472 | rb_uint32_t t0, t1; | |
473 | ||
474 | shifts += key_shifts[round]; | |
475 | ||
476 | t0 = (k0 << shifts) | (k0 >> (28 - shifts)); | |
477 | t1 = (k1 << shifts) | (k1 >> (28 - shifts)); | |
478 | ||
479 | de_keysl[15 - round] = | |
480 | en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] | |
481 | | comp_maskl[1][(t0 >> 14) & 0x7f] | |
482 | | comp_maskl[2][(t0 >> 7) & 0x7f] | |
483 | | comp_maskl[3][t0 & 0x7f] | |
484 | | comp_maskl[4][(t1 >> 21) & 0x7f] | |
485 | | comp_maskl[5][(t1 >> 14) & 0x7f] | |
486 | | comp_maskl[6][(t1 >> 7) & 0x7f] | |
487 | | comp_maskl[7][t1 & 0x7f]; | |
488 | ||
489 | de_keysr[15 - round] = | |
490 | en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] | |
491 | | comp_maskr[1][(t0 >> 14) & 0x7f] | |
492 | | comp_maskr[2][(t0 >> 7) & 0x7f] | |
493 | | comp_maskr[3][t0 & 0x7f] | |
494 | | comp_maskr[4][(t1 >> 21) & 0x7f] | |
495 | | comp_maskr[5][(t1 >> 14) & 0x7f] | |
496 | | comp_maskr[6][(t1 >> 7) & 0x7f] | |
497 | | comp_maskr[7][t1 & 0x7f]; | |
498 | } | |
499 | return(0); | |
500 | } | |
501 | ||
502 | ||
503 | static int | |
504 | do_des( rb_uint32_t l_in, rb_uint32_t r_in, rb_uint32_t *l_out, rb_uint32_t *r_out, int count) | |
505 | { | |
506 | /* | |
507 | * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. | |
508 | */ | |
509 | rb_uint32_t l, r, *kl, *kr, *kl1, *kr1; | |
510 | rb_uint32_t f, r48l, r48r; | |
511 | int round; | |
512 | ||
513 | if (count == 0) { | |
514 | return(1); | |
515 | } else if (count > 0) { | |
516 | /* | |
517 | * Encrypting | |
518 | */ | |
519 | kl1 = en_keysl; | |
520 | kr1 = en_keysr; | |
521 | } else { | |
522 | /* | |
523 | * Decrypting | |
524 | */ | |
525 | count = -count; | |
526 | kl1 = de_keysl; | |
527 | kr1 = de_keysr; | |
528 | } | |
529 | ||
530 | /* | |
531 | * Do initial permutation (IP). | |
532 | */ | |
533 | l = ip_maskl[0][l_in >> 24] | |
534 | | ip_maskl[1][(l_in >> 16) & 0xff] | |
535 | | ip_maskl[2][(l_in >> 8) & 0xff] | |
536 | | ip_maskl[3][l_in & 0xff] | |
537 | | ip_maskl[4][r_in >> 24] | |
538 | | ip_maskl[5][(r_in >> 16) & 0xff] | |
539 | | ip_maskl[6][(r_in >> 8) & 0xff] | |
540 | | ip_maskl[7][r_in & 0xff]; | |
541 | r = ip_maskr[0][l_in >> 24] | |
542 | | ip_maskr[1][(l_in >> 16) & 0xff] | |
543 | | ip_maskr[2][(l_in >> 8) & 0xff] | |
544 | | ip_maskr[3][l_in & 0xff] | |
545 | | ip_maskr[4][r_in >> 24] | |
546 | | ip_maskr[5][(r_in >> 16) & 0xff] | |
547 | | ip_maskr[6][(r_in >> 8) & 0xff] | |
548 | | ip_maskr[7][r_in & 0xff]; | |
549 | ||
550 | while (count--) { | |
551 | /* | |
552 | * Do each round. | |
553 | */ | |
554 | kl = kl1; | |
555 | kr = kr1; | |
556 | round = 16; | |
557 | while (round--) { | |
558 | /* | |
559 | * Expand R to 48 bits (simulate the E-box). | |
560 | */ | |
561 | r48l = ((r & 0x00000001) << 23) | |
562 | | ((r & 0xf8000000) >> 9) | |
563 | | ((r & 0x1f800000) >> 11) | |
564 | | ((r & 0x01f80000) >> 13) | |
565 | | ((r & 0x001f8000) >> 15); | |
566 | ||
567 | r48r = ((r & 0x0001f800) << 7) | |
568 | | ((r & 0x00001f80) << 5) | |
569 | | ((r & 0x000001f8) << 3) | |
570 | | ((r & 0x0000001f) << 1) | |
571 | | ((r & 0x80000000) >> 31); | |
572 | /* | |
573 | * Do salting for crypt() and friends, and | |
574 | * XOR with the permuted key. | |
575 | */ | |
576 | f = (r48l ^ r48r) & saltbits; | |
577 | r48l ^= f ^ *kl++; | |
578 | r48r ^= f ^ *kr++; | |
579 | /* | |
580 | * Do sbox lookups (which shrink it back to 32 bits) | |
581 | * and do the pbox permutation at the same time. | |
582 | */ | |
583 | f = psbox[0][m_sbox[0][r48l >> 12]] | |
584 | | psbox[1][m_sbox[1][r48l & 0xfff]] | |
585 | | psbox[2][m_sbox[2][r48r >> 12]] | |
586 | | psbox[3][m_sbox[3][r48r & 0xfff]]; | |
587 | /* | |
588 | * Now that we've permuted things, complete f(). | |
589 | */ | |
590 | f ^= l; | |
591 | l = r; | |
592 | r = f; | |
593 | } | |
594 | r = l; | |
595 | l = f; | |
596 | } | |
597 | /* | |
598 | * Do final permutation (inverse of IP). | |
599 | */ | |
600 | *l_out = fp_maskl[0][l >> 24] | |
601 | | fp_maskl[1][(l >> 16) & 0xff] | |
602 | | fp_maskl[2][(l >> 8) & 0xff] | |
603 | | fp_maskl[3][l & 0xff] | |
604 | | fp_maskl[4][r >> 24] | |
605 | | fp_maskl[5][(r >> 16) & 0xff] | |
606 | | fp_maskl[6][(r >> 8) & 0xff] | |
607 | | fp_maskl[7][r & 0xff]; | |
608 | *r_out = fp_maskr[0][l >> 24] | |
609 | | fp_maskr[1][(l >> 16) & 0xff] | |
610 | | fp_maskr[2][(l >> 8) & 0xff] | |
611 | | fp_maskr[3][l & 0xff] | |
612 | | fp_maskr[4][r >> 24] | |
613 | | fp_maskr[5][(r >> 16) & 0xff] | |
614 | | fp_maskr[6][(r >> 8) & 0xff] | |
615 | | fp_maskr[7][r & 0xff]; | |
616 | return(0); | |
617 | } | |
618 | ||
619 | ||
620 | #if 0 | |
621 | static int | |
622 | des_cipher(const char *in, char *out, rb_uint32_t salt, int count) | |
623 | { | |
624 | rb_uint32_t l_out, r_out, rawl, rawr; | |
625 | int retval; | |
626 | union { | |
627 | rb_uint32_t *ui32; | |
628 | const char *c; | |
629 | } trans; | |
630 | ||
631 | des_init(); | |
632 | ||
633 | setup_salt(salt); | |
634 | ||
635 | trans.c = in; | |
636 | rawl = ntohl(*trans.ui32++); | |
637 | rawr = ntohl(*trans.ui32); | |
638 | ||
639 | retval = do_des(rawl, rawr, &l_out, &r_out, count); | |
640 | ||
641 | trans.c = out; | |
642 | *trans.ui32++ = htonl(l_out); | |
643 | *trans.ui32 = htonl(r_out); | |
644 | return(retval); | |
645 | } | |
646 | #endif | |
647 | ||
648 | #if 0 | |
649 | void | |
650 | setkey(const char *key) | |
651 | { | |
652 | int i, j; | |
653 | rb_uint32_t packed_keys[2]; | |
654 | u_char *p; | |
655 | ||
656 | p = (u_char *) packed_keys; | |
657 | ||
658 | for (i = 0; i < 8; i++) { | |
659 | p[i] = 0; | |
660 | for (j = 0; j < 8; j++) | |
661 | if (*key++ & 1) | |
662 | p[i] |= bits8[j]; | |
663 | } | |
664 | des_setkey((char *)p); | |
665 | } | |
666 | ||
667 | ||
668 | void | |
669 | encrypt(char *block, int flag) | |
670 | { | |
671 | rb_uint32_t io[2]; | |
672 | u_char *p; | |
673 | int i, j; | |
674 | ||
675 | des_init(); | |
676 | ||
677 | setup_salt(0L); | |
678 | p = (u_char*)block; | |
679 | for (i = 0; i < 2; i++) { | |
680 | io[i] = 0L; | |
681 | for (j = 0; j < 32; j++) | |
682 | if (*p++ & 1) | |
683 | io[i] |= bits32[j]; | |
684 | } | |
685 | do_des(io[0], io[1], io, io + 1, flag ? -1 : 1); | |
686 | for (i = 0; i < 2; i++) | |
687 | for (j = 0; j < 32; j++) | |
688 | block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0; | |
689 | } | |
690 | #endif | |
691 | ||
692 | static char * | |
693 | __des_crypt(const char *key, const char *setting) | |
694 | { | |
695 | rb_uint32_t count, salt, l, r0, r1, keybuf[2]; | |
696 | u_char *p, *q; | |
697 | static char output[21]; | |
698 | ||
699 | des_init(); | |
700 | ||
701 | /* | |
702 | * Copy the key, shifting each character up by one bit | |
703 | * and padding with zeros. | |
704 | */ | |
705 | q = (u_char *)keybuf; | |
706 | while (q - (u_char *)keybuf - 8) { | |
707 | *q++ = *key << 1; | |
708 | if (*(q - 1)) | |
709 | key++; | |
710 | } | |
711 | if (des_setkey((char *)keybuf)) | |
712 | return(NULL); | |
713 | ||
714 | #if 0 | |
715 | if (*setting == _PASSWORD_EFMT1) { | |
716 | int i; | |
717 | /* | |
718 | * "new"-style: | |
719 | * setting - underscore, 4 bytes of count, 4 bytes of salt | |
720 | * key - unlimited characters | |
721 | */ | |
722 | for (i = 1, count = 0L; i < 5; i++) | |
723 | count |= ascii_to_bin(setting[i]) << ((i - 1) * 6); | |
724 | ||
725 | for (i = 5, salt = 0L; i < 9; i++) | |
726 | salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6); | |
727 | ||
728 | while (*key) { | |
729 | /* | |
730 | * Encrypt the key with itself. | |
731 | */ | |
732 | if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1)) | |
733 | return(NULL); | |
734 | /* | |
735 | * And XOR with the next 8 characters of the key. | |
736 | */ | |
737 | q = (u_char *)keybuf; | |
738 | while (q - (u_char *)keybuf - 8 && *key) | |
739 | *q++ ^= *key++ << 1; | |
740 | ||
741 | if (des_setkey((char *)keybuf)) | |
742 | return(NULL); | |
743 | } | |
744 | strncpy(output, setting, 9); | |
745 | ||
746 | /* | |
747 | * Double check that we weren't given a short setting. | |
748 | * If we were, the above code will probably have created | |
749 | * wierd values for count and salt, but we don't really care. | |
750 | * Just make sure the output string doesn't have an extra | |
751 | * NUL in it. | |
752 | */ | |
753 | output[9] = '\0'; | |
754 | p = (u_char *)output + strlen(output); | |
755 | } else | |
756 | #endif | |
757 | { | |
758 | /* | |
759 | * "old"-style: | |
760 | * setting - 2 bytes of salt | |
761 | * key - up to 8 characters | |
762 | */ | |
763 | count = 25; | |
764 | ||
765 | salt = (ascii_to_bin(setting[1]) << 6) | |
766 | | ascii_to_bin(setting[0]); | |
767 | ||
768 | output[0] = setting[0]; | |
769 | /* | |
770 | * If the encrypted password that the salt was extracted from | |
771 | * is only 1 character long, the salt will be corrupted. We | |
772 | * need to ensure that the output string doesn't have an extra | |
773 | * NUL in it! | |
774 | */ | |
775 | output[1] = setting[1] ? setting[1] : output[0]; | |
776 | ||
777 | p = (u_char *)output + 2; | |
778 | } | |
779 | setup_salt(salt); | |
780 | /* | |
781 | * Do it. | |
782 | */ | |
783 | if (do_des(0L, 0L, &r0, &r1, (int)count)) | |
784 | return(NULL); | |
785 | /* | |
786 | * Now encode the result... | |
787 | */ | |
788 | l = (r0 >> 8); | |
789 | *p++ = ascii64[(l >> 18) & 0x3f]; | |
790 | *p++ = ascii64[(l >> 12) & 0x3f]; | |
791 | *p++ = ascii64[(l >> 6) & 0x3f]; | |
792 | *p++ = ascii64[l & 0x3f]; | |
793 | ||
794 | l = (r0 << 16) | ((r1 >> 16) & 0xffff); | |
795 | *p++ = ascii64[(l >> 18) & 0x3f]; | |
796 | *p++ = ascii64[(l >> 12) & 0x3f]; | |
797 | *p++ = ascii64[(l >> 6) & 0x3f]; | |
798 | *p++ = ascii64[l & 0x3f]; | |
799 | ||
800 | l = r1 << 2; | |
801 | *p++ = ascii64[(l >> 12) & 0x3f]; | |
802 | *p++ = ascii64[(l >> 6) & 0x3f]; | |
803 | *p++ = ascii64[l & 0x3f]; | |
804 | *p = 0; | |
805 | ||
806 | return(output); | |
807 | } | |
808 | ||
809 | /* Now md5 crypt */ | |
810 | ||
811 | /* | |
812 | * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm | |
813 | * | |
814 | * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All | |
815 | * rights reserved. | |
816 | * | |
817 | * License to copy and use this software is granted provided that it | |
818 | * is identified as the "RSA Data Security, Inc. MD5 Message-Digest | |
819 | * Algorithm" in all material mentioning or referencing this software | |
820 | * or this function. | |
821 | * | |
822 | * License is also granted to make and use derivative works provided | |
823 | * that such works are identified as "derived from the RSA Data | |
824 | * Security, Inc. MD5 Message-Digest Algorithm" in all material | |
825 | * mentioning or referencing the derived work. | |
826 | * | |
827 | * RSA Data Security, Inc. makes no representations concerning either | |
828 | * the merchantability of this software or the suitability of this | |
829 | * software for any particular purpose. It is provided "as is" | |
830 | * without express or implied warranty of any kind. | |
831 | * | |
832 | * These notices must be retained in any copies of any part of this | |
833 | * documentation and/or software. | |
834 | * | |
835 | * $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $ | |
836 | * | |
837 | * This code is the same as the code published by RSA Inc. It has been | |
838 | * edited for clarity and style only. | |
839 | * | |
840 | * ---------------------------------------------------------------------------- | |
841 | * The md5_crypt() function was taken from freeBSD's libcrypt and contains | |
842 | * this license: | |
843 | * "THE BEER-WARE LICENSE" (Revision 42): | |
844 | * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you | |
845 | * can do whatever you want with this stuff. If we meet some day, and you think | |
846 | * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp | |
847 | * | |
848 | * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $ | |
849 | * | |
850 | * ---------------------------------------------------------------------------- | |
851 | * On April 19th, 2001 md5_crypt() was modified to make it reentrant | |
852 | * by Erik Andersen <andersen@uclibc.org> | |
853 | * | |
854 | * | |
855 | * June 28, 2001 Manuel Novoa III | |
856 | * | |
857 | * "Un-inlined" code using loops and static const tables in order to | |
858 | * reduce generated code size (on i386 from approx 4k to approx 2.5k). | |
859 | * | |
860 | * June 29, 2001 Manuel Novoa III | |
861 | * | |
862 | * Completely removed static PADDING array. | |
863 | * | |
864 | * Reintroduced the loop unrolling in MD5_Transform and added the | |
865 | * MD5_SIZE_OVER_SPEED option for configurability. Define below as: | |
866 | * 0 fully unrolled loops | |
867 | * 1 partially unrolled (4 ops per loop) | |
868 | * 2 no unrolling -- introduces the need to swap 4 variables (slow) | |
869 | * 3 no unrolling and all 4 loops merged into one with switch | |
870 | * in each loop (glacial) | |
871 | * On i386, sizes are roughly (-Os -fno-builtin): | |
872 | * 0: 3k 1: 2.5k 2: 2.2k 3: 2k | |
873 | * | |
874 | * | |
875 | * Since SuSv3 does not require crypt_r, modified again August 7, 2002 | |
876 | * by Erik Andersen to remove reentrance stuff... | |
877 | */ | |
878 | ||
879 | /* | |
880 | * Valid values are 1 (fastest/largest) to 3 (smallest/slowest). | |
881 | */ | |
882 | #define MD5_SIZE_OVER_SPEED 1 | |
883 | ||
884 | /**********************************************************************/ | |
885 | ||
886 | /* MD5 context. */ | |
887 | struct MD5Context { | |
888 | rb_uint32_t state[4]; /* state (ABCD) */ | |
889 | rb_uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */ | |
890 | unsigned char buffer[64]; /* input buffer */ | |
891 | }; | |
892 | ||
893 | static void __md5_Init (struct MD5Context *); | |
894 | static void __md5_Update (struct MD5Context *, const char *, unsigned int); | |
895 | static void __md5_Pad (struct MD5Context *); | |
896 | static void __md5_Final (char [16], struct MD5Context *); | |
897 | static void __md5_Transform (rb_uint32_t [4], const unsigned char [64]); | |
898 | ||
899 | ||
900 | static const char __md5__magic[] = "$1$"; /* This string is magic for this algorithm. Having | |
901 | it this way, we can get better later on */ | |
902 | static const unsigned char __md5_itoa64[] = /* 0 ... 63 => ascii - 64 */ | |
903 | "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | |
904 | ||
905 | ||
906 | ||
907 | #ifdef i386 | |
908 | #define __md5_Encode memcpy | |
909 | #define __md5_Decode memcpy | |
910 | #else /* i386 */ | |
911 | ||
912 | /* | |
913 | * __md5_Encodes input (rb_uint32_t) into output (unsigned char). Assumes len is | |
914 | * a multiple of 4. | |
915 | */ | |
916 | ||
917 | static void | |
918 | __md5_Encode (unsigned char *output, rb_uint32_t *input, unsigned int len) | |
919 | { | |
920 | unsigned int i, j; | |
921 | ||
922 | for (i = 0, j = 0; j < len; i++, j += 4) { | |
923 | output[j] = (unsigned char)(input[i] & 0xff); | |
924 | output[j+1] = (unsigned char)((input[i] >> 8) & 0xff); | |
925 | output[j+2] = (unsigned char)((input[i] >> 16) & 0xff); | |
926 | output[j+3] = (unsigned char)((input[i] >> 24) & 0xff); | |
927 | } | |
928 | } | |
929 | ||
930 | /* | |
931 | * __md5_Decodes input (unsigned char) into output (rb_uint32_t). Assumes len is | |
932 | * a multiple of 4. | |
933 | */ | |
934 | ||
935 | static void | |
936 | __md5_Decode (rb_uint32_t *output, const unsigned char *input, unsigned int len) | |
937 | { | |
938 | unsigned int i, j; | |
939 | ||
940 | for (i = 0, j = 0; j < len; i++, j += 4) | |
941 | output[i] = ((rb_uint32_t)input[j]) | (((rb_uint32_t)input[j+1]) << 8) | | |
942 | (((rb_uint32_t)input[j+2]) << 16) | (((rb_uint32_t)input[j+3]) << 24); | |
943 | } | |
944 | #endif /* i386 */ | |
945 | ||
946 | /* F, G, H and I are basic MD5 functions. */ | |
947 | #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) | |
948 | #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) | |
949 | #define H(x, y, z) ((x) ^ (y) ^ (z)) | |
950 | #define I(x, y, z) ((y) ^ ((x) | (~z))) | |
951 | ||
952 | /* ROTATE_LEFT rotates x left n bits. */ | |
953 | #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) | |
954 | ||
955 | /* | |
956 | * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. | |
957 | * Rotation is separate from addition to prevent recomputation. | |
958 | */ | |
959 | #define FF(a, b, c, d, x, s, ac) { \ | |
960 | (a) += F ((b), (c), (d)) + (x) + (rb_uint32_t)(ac); \ | |
961 | (a) = ROTATE_LEFT ((a), (s)); \ | |
962 | (a) += (b); \ | |
963 | } | |
964 | #define GG(a, b, c, d, x, s, ac) { \ | |
965 | (a) += G ((b), (c), (d)) + (x) + (rb_uint32_t)(ac); \ | |
966 | (a) = ROTATE_LEFT ((a), (s)); \ | |
967 | (a) += (b); \ | |
968 | } | |
969 | #define HH(a, b, c, d, x, s, ac) { \ | |
970 | (a) += H ((b), (c), (d)) + (x) + (rb_uint32_t)(ac); \ | |
971 | (a) = ROTATE_LEFT ((a), (s)); \ | |
972 | (a) += (b); \ | |
973 | } | |
974 | #define II(a, b, c, d, x, s, ac) { \ | |
975 | (a) += I ((b), (c), (d)) + (x) + (rb_uint32_t)(ac); \ | |
976 | (a) = ROTATE_LEFT ((a), (s)); \ | |
977 | (a) += (b); \ | |
978 | } | |
979 | ||
980 | /* MD5 initialization. Begins an MD5 operation, writing a new context. */ | |
981 | ||
982 | static void __md5_Init (struct MD5Context *context) | |
983 | { | |
984 | context->count[0] = context->count[1] = 0; | |
985 | ||
986 | /* Load magic initialization constants. */ | |
987 | context->state[0] = 0x67452301; | |
988 | context->state[1] = 0xefcdab89; | |
989 | context->state[2] = 0x98badcfe; | |
990 | context->state[3] = 0x10325476; | |
991 | } | |
992 | ||
993 | /* | |
994 | * MD5 block update operation. Continues an MD5 message-digest | |
995 | * operation, processing another message block, and updating the | |
996 | * context. | |
997 | */ | |
998 | ||
999 | static void __md5_Update ( struct MD5Context *context, const char *xinput, unsigned int inputLen) | |
1000 | { | |
1001 | unsigned int i, lindex, partLen; | |
1002 | const unsigned char *input = (const unsigned char *)xinput; /* i hate gcc */ | |
1003 | /* Compute number of bytes mod 64 */ | |
1004 | lindex = (unsigned int)((context->count[0] >> 3) & 0x3F); | |
1005 | ||
1006 | /* Update number of bits */ | |
1007 | if ((context->count[0] += ((rb_uint32_t)inputLen << 3)) | |
1008 | < ((rb_uint32_t)inputLen << 3)) | |
1009 | context->count[1]++; | |
1010 | context->count[1] += ((rb_uint32_t)inputLen >> 29); | |
1011 | ||
1012 | partLen = 64 - lindex; | |
1013 | ||
1014 | /* Transform as many times as possible. */ | |
1015 | if (inputLen >= partLen) { | |
1016 | memcpy(&context->buffer[lindex], input, | |
1017 | partLen); | |
1018 | __md5_Transform (context->state, context->buffer); | |
1019 | ||
1020 | for (i = partLen; i + 63 < inputLen; i += 64) | |
1021 | __md5_Transform (context->state, &input[i]); | |
1022 | ||
1023 | lindex = 0; | |
1024 | } | |
1025 | else | |
1026 | i = 0; | |
1027 | ||
1028 | /* Buffer remaining input */ | |
1029 | memcpy (&context->buffer[lindex], &input[i], | |
1030 | inputLen-i); | |
1031 | } | |
1032 | ||
1033 | /* | |
1034 | * MD5 padding. Adds padding followed by original length. | |
1035 | */ | |
1036 | ||
1037 | static void __md5_Pad ( struct MD5Context *context) | |
1038 | { | |
1039 | char bits[8]; | |
1040 | unsigned int lindex, padLen; | |
1041 | char PADDING[64]; | |
1042 | ||
1043 | memset(PADDING, 0, sizeof(PADDING)); | |
1044 | PADDING[0] = 0x80; | |
1045 | ||
1046 | /* Save number of bits */ | |
1047 | __md5_Encode (bits, context->count, 8); | |
1048 | ||
1049 | /* Pad out to 56 mod 64. */ | |
1050 | lindex = (unsigned int)((context->count[0] >> 3) & 0x3f); | |
1051 | padLen = (lindex < 56) ? (56 - lindex) : (120 - lindex); | |
1052 | __md5_Update (context, PADDING, padLen); | |
1053 | ||
1054 | /* Append length (before padding) */ | |
1055 | __md5_Update (context, bits, 8); | |
1056 | } | |
1057 | ||
1058 | /* | |
1059 | * MD5 finalization. Ends an MD5 message-digest operation, writing the | |
1060 | * the message digest and zeroizing the context. | |
1061 | */ | |
1062 | ||
1063 | static void __md5_Final ( char xdigest[16], struct MD5Context *context) | |
1064 | { | |
1065 | unsigned char *digest = (unsigned char *)xdigest; | |
1066 | /* Do padding. */ | |
1067 | __md5_Pad (context); | |
1068 | ||
1069 | /* Store state in digest */ | |
1070 | __md5_Encode (digest, context->state, 16); | |
1071 | ||
1072 | /* Zeroize sensitive information. */ | |
1073 | memset (context, 0, sizeof (*context)); | |
1074 | } | |
1075 | ||
1076 | /* MD5 basic transformation. Transforms state based on block. */ | |
1077 | ||
1078 | static void | |
1079 | __md5_Transform (state, block) | |
1080 | rb_uint32_t state[4]; | |
1081 | const unsigned char block[64]; | |
1082 | { | |
1083 | rb_uint32_t a, b, c, d, x[16]; | |
1084 | ||
1085 | #if MD5_SIZE_OVER_SPEED > 1 | |
1086 | rb_uint32_t temp; | |
1087 | const char *ps; | |
1088 | ||
1089 | static const char S[] = { | |
1090 | 7, 12, 17, 22, | |
1091 | 5, 9, 14, 20, | |
1092 | 4, 11, 16, 23, | |
1093 | 6, 10, 15, 21 | |
1094 | }; | |
1095 | #endif /* MD5_SIZE_OVER_SPEED > 1 */ | |
1096 | ||
1097 | #if MD5_SIZE_OVER_SPEED > 0 | |
1098 | const rb_uint32_t *pc; | |
1099 | const char *pp; | |
1100 | int i; | |
1101 | ||
1102 | static const rb_uint32_t C[] = { | |
1103 | /* round 1 */ | |
1104 | 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, | |
1105 | 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, | |
1106 | 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, | |
1107 | 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, | |
1108 | /* round 2 */ | |
1109 | 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, | |
1110 | 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8, | |
1111 | 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, | |
1112 | 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, | |
1113 | /* round 3 */ | |
1114 | 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, | |
1115 | 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, | |
1116 | 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, | |
1117 | 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, | |
1118 | /* round 4 */ | |
1119 | 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, | |
1120 | 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, | |
1121 | 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, | |
1122 | 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 | |
1123 | }; | |
1124 | ||
1125 | static const char P[] = { | |
1126 | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */ | |
1127 | 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */ | |
1128 | 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */ | |
1129 | 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */ | |
1130 | }; | |
1131 | ||
1132 | #endif /* MD5_SIZE_OVER_SPEED > 0 */ | |
1133 | ||
1134 | __md5_Decode (x, block, 64); | |
1135 | ||
1136 | a = state[0]; b = state[1]; c = state[2]; d = state[3]; | |
1137 | ||
1138 | #if MD5_SIZE_OVER_SPEED > 2 | |
1139 | pc = C; pp = P; ps = S - 4; | |
1140 | ||
1141 | for ( i = 0 ; i < 64 ; i++ ) { | |
1142 | if ((i&0x0f) == 0) ps += 4; | |
1143 | temp = a; | |
1144 | switch (i>>4) { | |
1145 | case 0: | |
1146 | temp += F(b,c,d); | |
1147 | break; | |
1148 | case 1: | |
1149 | temp += G(b,c,d); | |
1150 | break; | |
1151 | case 2: | |
1152 | temp += H(b,c,d); | |
1153 | break; | |
1154 | case 3: | |
1155 | temp += I(b,c,d); | |
1156 | break; | |
1157 | } | |
1158 | temp += x[(int)(*pp++)] + *pc++; | |
1159 | temp = ROTATE_LEFT(temp, ps[i&3]); | |
1160 | temp += b; | |
1161 | a = d; d = c; c = b; b = temp; | |
1162 | } | |
1163 | #elif MD5_SIZE_OVER_SPEED > 1 | |
1164 | pc = C; pp = P; ps = S; | |
1165 | ||
1166 | /* Round 1 */ | |
1167 | for ( i = 0 ; i < 16 ; i++ ) { | |
1168 | FF (a, b, c, d, x[(int)(*pp++)], ps[i&0x3], *pc++); | |
1169 | temp = d; d = c; c = b; b = a; a = temp; | |
1170 | } | |
1171 | ||
1172 | /* Round 2 */ | |
1173 | ps += 4; | |
1174 | for ( ; i < 32 ; i++ ) { | |
1175 | GG (a, b, c, d, x[(int)(*pp++)], ps[i&0x3], *pc++); | |
1176 | temp = d; d = c; c = b; b = a; a = temp; | |
1177 | } | |
1178 | /* Round 3 */ | |
1179 | ps += 4; | |
1180 | for ( ; i < 48 ; i++ ) { | |
1181 | HH (a, b, c, d, x[(int)(*pp++)], ps[i&0x3], *pc++); | |
1182 | temp = d; d = c; c = b; b = a; a = temp; | |
1183 | } | |
1184 | ||
1185 | /* Round 4 */ | |
1186 | ps += 4; | |
1187 | for ( ; i < 64 ; i++ ) { | |
1188 | II (a, b, c, d, x[(int)(*pp++)], ps[i&0x3], *pc++); | |
1189 | temp = d; d = c; c = b; b = a; a = temp; | |
1190 | } | |
1191 | #elif MD5_SIZE_OVER_SPEED > 0 | |
1192 | pc = C; pp = P; | |
1193 | ||
1194 | /* Round 1 */ | |
1195 | for ( i = 0 ; i < 4 ; i++ ) { | |
1196 | FF (a, b, c, d, x[(int)(*pp++)], 7, *pc++); | |
1197 | FF (d, a, b, c, x[(int)(*pp++)], 12, *pc++); | |
1198 | FF (c, d, a, b, x[(int)(*pp++)], 17, *pc++); | |
1199 | FF (b, c, d, a, x[(int)(*pp++)], 22, *pc++); | |
1200 | } | |
1201 | ||
1202 | /* Round 2 */ | |
1203 | for ( i = 0 ; i < 4 ; i++ ) { | |
1204 | GG (a, b, c, d, x[(int)(*pp++)], 5, *pc++); | |
1205 | GG (d, a, b, c, x[(int)(*pp++)], 9, *pc++); | |
1206 | GG (c, d, a, b, x[(int)(*pp++)], 14, *pc++); | |
1207 | GG (b, c, d, a, x[(int)(*pp++)], 20, *pc++); | |
1208 | } | |
1209 | /* Round 3 */ | |
1210 | for ( i = 0 ; i < 4 ; i++ ) { | |
1211 | HH (a, b, c, d, x[(int)(*pp++)], 4, *pc++); | |
1212 | HH (d, a, b, c, x[(int)(*pp++)], 11, *pc++); | |
1213 | HH (c, d, a, b, x[(int)(*pp++)], 16, *pc++); | |
1214 | HH (b, c, d, a, x[(int)(*pp++)], 23, *pc++); | |
1215 | } | |
1216 | ||
1217 | /* Round 4 */ | |
1218 | for ( i = 0 ; i < 4 ; i++ ) { | |
1219 | II (a, b, c, d, x[(int)(*pp++)], 6, *pc++); | |
1220 | II (d, a, b, c, x[(int)(*pp++)], 10, *pc++); | |
1221 | II (c, d, a, b, x[(int)(*pp++)], 15, *pc++); | |
1222 | II (b, c, d, a, x[(int)(*pp++)], 21, *pc++); | |
1223 | } | |
1224 | #else | |
1225 | /* Round 1 */ | |
1226 | #define S11 7 | |
1227 | #define S12 12 | |
1228 | #define S13 17 | |
1229 | #define S14 22 | |
1230 | FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ | |
1231 | FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ | |
1232 | FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ | |
1233 | FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ | |
1234 | FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ | |
1235 | FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ | |
1236 | FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ | |
1237 | FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ | |
1238 | FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ | |
1239 | FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ | |
1240 | FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ | |
1241 | FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ | |
1242 | FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ | |
1243 | FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ | |
1244 | FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ | |
1245 | FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ | |
1246 | ||
1247 | /* Round 2 */ | |
1248 | #define S21 5 | |
1249 | #define S22 9 | |
1250 | #define S23 14 | |
1251 | #define S24 20 | |
1252 | GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ | |
1253 | GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ | |
1254 | GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ | |
1255 | GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ | |
1256 | GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ | |
1257 | GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */ | |
1258 | GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ | |
1259 | GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ | |
1260 | GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ | |
1261 | GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ | |
1262 | GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ | |
1263 | GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ | |
1264 | GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ | |
1265 | GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ | |
1266 | GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ | |
1267 | GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ | |
1268 | ||
1269 | /* Round 3 */ | |
1270 | #define S31 4 | |
1271 | #define S32 11 | |
1272 | #define S33 16 | |
1273 | #define S34 23 | |
1274 | HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ | |
1275 | HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ | |
1276 | HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ | |
1277 | HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ | |
1278 | HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ | |
1279 | HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ | |
1280 | HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ | |
1281 | HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ | |
1282 | HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ | |
1283 | HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ | |
1284 | HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ | |
1285 | HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ | |
1286 | HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ | |
1287 | HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ | |
1288 | HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ | |
1289 | HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ | |
1290 | ||
1291 | /* Round 4 */ | |
1292 | #define S41 6 | |
1293 | #define S42 10 | |
1294 | #define S43 15 | |
1295 | #define S44 21 | |
1296 | II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ | |
1297 | II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ | |
1298 | II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ | |
1299 | II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ | |
1300 | II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ | |
1301 | II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ | |
1302 | II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ | |
1303 | II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ | |
1304 | II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ | |
1305 | II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ | |
1306 | II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ | |
1307 | II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ | |
1308 | II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ | |
1309 | II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ | |
1310 | II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ | |
1311 | II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ | |
1312 | #endif | |
1313 | ||
1314 | state[0] += a; | |
1315 | state[1] += b; | |
1316 | state[2] += c; | |
1317 | state[3] += d; | |
1318 | ||
1319 | /* Zeroize sensitive information. */ | |
1320 | memset (x, 0, sizeof (x)); | |
1321 | } | |
1322 | ||
1323 | ||
1324 | static void __md5_to64( char *s, unsigned long v, int n) | |
1325 | { | |
1326 | while (--n >= 0) { | |
1327 | *s++ = __md5_itoa64[v&0x3f]; | |
1328 | v >>= 6; | |
1329 | } | |
1330 | } | |
1331 | ||
1332 | /* | |
1333 | * UNIX password | |
1334 | * | |
1335 | * Use MD5 for what it is best at... | |
1336 | */ | |
1337 | ||
1338 | static char * __md5_crypt( const char *pw, const char *salt) | |
1339 | { | |
1340 | /* Static stuff */ | |
1341 | static const char *sp, *ep; | |
1342 | static char passwd[120], *p; | |
1343 | ||
1344 | char final[17]; /* final[16] exists only to aid in looping */ | |
1345 | int sl,pl,i,__md5__magic_len,pw_len; | |
1346 | struct MD5Context ctx,ctx1; | |
1347 | unsigned long l; | |
1348 | ||
1349 | /* Refine the Salt first */ | |
1350 | sp = salt; | |
1351 | ||
1352 | /* If it starts with the magic string, then skip that */ | |
1353 | __md5__magic_len = strlen(__md5__magic); | |
1354 | if(!strncmp(sp,__md5__magic,__md5__magic_len)) | |
1355 | sp += __md5__magic_len; | |
1356 | ||
1357 | /* It stops at the first '$', max 8 chars */ | |
1358 | for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++) | |
1359 | continue; | |
1360 | ||
1361 | /* get the length of the true salt */ | |
1362 | sl = ep - sp; | |
1363 | ||
1364 | __md5_Init(&ctx); | |
1365 | ||
1366 | /* The password first, since that is what is most unknown */ | |
1367 | pw_len = strlen(pw); | |
1368 | __md5_Update(&ctx,pw,pw_len); | |
1369 | ||
1370 | /* Then our magic string */ | |
1371 | __md5_Update(&ctx,__md5__magic,__md5__magic_len); | |
1372 | ||
1373 | /* Then the raw salt */ | |
1374 | __md5_Update(&ctx,sp,sl); | |
1375 | ||
1376 | /* Then just as many characters of the MD5(pw,salt,pw) */ | |
1377 | __md5_Init(&ctx1); | |
1378 | __md5_Update(&ctx1,pw,pw_len); | |
1379 | __md5_Update(&ctx1,sp,sl); | |
1380 | __md5_Update(&ctx1,pw,pw_len); | |
1381 | __md5_Final(final,&ctx1); | |
1382 | for(pl = pw_len; pl > 0; pl -= 16) | |
1383 | __md5_Update(&ctx,final,pl>16 ? 16 : pl); | |
1384 | ||
1385 | /* Don't leave anything around in vm they could use. */ | |
1386 | memset(final,0,sizeof final); | |
1387 | ||
1388 | /* Then something really weird... */ | |
1389 | for (i = pw_len; i ; i >>= 1) { | |
1390 | __md5_Update(&ctx, ((i&1) ? final : pw), 1); | |
1391 | } | |
1392 | ||
1393 | /* Now make the output string */ | |
1394 | strcpy(passwd,__md5__magic); | |
1395 | strncat(passwd,sp,sl); | |
1396 | strcat(passwd,"$"); | |
1397 | ||
1398 | __md5_Final(final,&ctx); | |
1399 | ||
1400 | /* | |
1401 | * and now, just to make sure things don't run too fast | |
1402 | * On a 60 Mhz Pentium this takes 34 msec, so you would | |
1403 | * need 30 seconds to build a 1000 entry dictionary... | |
1404 | */ | |
1405 | for(i=0;i<1000;i++) { | |
1406 | __md5_Init(&ctx1); | |
1407 | if(i & 1) | |
1408 | __md5_Update(&ctx1,pw,pw_len); | |
1409 | else | |
1410 | __md5_Update(&ctx1,final,16); | |
1411 | ||
1412 | if(i % 3) | |
1413 | __md5_Update(&ctx1,sp,sl); | |
1414 | ||
1415 | if(i % 7) | |
1416 | __md5_Update(&ctx1,pw,pw_len); | |
1417 | ||
1418 | if(i & 1) | |
1419 | __md5_Update(&ctx1,final,16); | |
1420 | else | |
1421 | __md5_Update(&ctx1,pw,pw_len); | |
1422 | __md5_Final(final,&ctx1); | |
1423 | } | |
1424 | ||
1425 | p = passwd + strlen(passwd); | |
1426 | ||
1427 | final[16] = final[5]; | |
1428 | for ( i=0 ; i < 5 ; i++ ) { | |
1429 | l = (final[i]<<16) | (final[i+6]<<8) | final[i+12]; | |
1430 | __md5_to64(p,l,4); p += 4; | |
1431 | } | |
1432 | l = final[11]; | |
1433 | __md5_to64(p,l,2); p += 2; | |
1434 | *p = '\0'; | |
1435 | ||
1436 | /* Don't leave anything around in vm they could use. */ | |
1437 | memset(final,0,sizeof final); | |
1438 | ||
1439 | return passwd; | |
1440 | } | |
1441 | ||
1442 | #endif /* NEED_CRYPT */ | |
1443 |