]> jfr.im git - irc/rqf/shadowircd.git/blob - libratbox/src/crypt.c
projects / irc / rqf / shadowircd.git / blob
? search:


58e054ba9485decd66ef9821bf31dba3a500170d
[irc/rqf/shadowircd.git] / libratbox / src / crypt.c
1 /*
2 * crypt.c: Implements unix style crypt() for platforms that don't have it
3 * This version has both an md5 and des crypt.
4 * This was pretty much catted together from uclibc.
5 */
6
7 /*
8 * crypt() for uClibc
9 *
10 * Copyright (C) 2000 by Lineo, inc. and Erik Andersen
11 * Copyright (C) 2000,2001 by Erik Andersen <andersen@uclibc.org>
12 * Written by Erik Andersen <andersen@uclibc.org>
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU Library General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version.
18 *
19 * This program is distributed in the hope that it will be useful, but WITHOUT
20 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
21 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License
22 * for more details.
23 *
24 * You should have received a copy of the GNU Library General Public License
25 * along with this program; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 */
28
29 #include <libratbox_config.h>
30 #include <ratbox_lib.h>
31
32
33 #ifndef NEED_CRYPT
34 extern char *crypt(const char *key, const char *salt);
35
36 char *
37 rb_crypt(const char *key, const char *salt)
38 {
39 return(crypt(key, salt));
40 }
41 #else
42
43 static char * __md5_crypt( const char *pw, const char *salt);
44 static char * __des_crypt( const char *pw, const char *salt);
45
46 char *
47 rb_crypt(const char *key, const char *salt)
48 {
49 /* First, check if we are supposed to be using the MD5 replacement
50 * instead of DES... */
51 if (salt[0]=='$' && salt[1]=='1' && salt[2]=='$')
52 return __md5_crypt(key, salt);
53 else
54 return __des_crypt(key, salt);
55 }
56
57 /* Here is the des crypt() stuff */
58
59 /*
60 * FreeSec: libcrypt for NetBSD
61 *
62 * Copyright (c) 1994 David Burren
63 * All rights reserved.
64 *
65 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
66 * this file should now *only* export crypt(), in order to make
67 * binaries of libcrypt exportable from the USA
68 *
69 * Adapted for FreeBSD-4.0 by Mark R V Murray
70 * this file should now *only* export crypt_des(), in order to make
71 * a module that can be optionally included in libcrypt.
72 *
73 * Redistribution and use in source and binary forms, with or without
74 * modification, are permitted provided that the following conditions
75 * are met:
76 * 1. Redistributions of source code must retain the above copyright
77 * notice, this list of conditions and the following disclaimer.
78 * 2. Redistributions in binary form must reproduce the above copyright
79 * notice, this list of conditions and the following disclaimer in the
80 * documentation and/or other materials provided with the distribution.
81 * 3. Neither the name of the author nor the names of other contributors
82 * may be used to endorse or promote products derived from this software
83 * without specific prior written permission.
84 *
85 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
86 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
87 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
88 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
89 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
90 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
91 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
92 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
93 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
94 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
95 * SUCH DAMAGE.
96 *
97 * This is an original implementation of the DES and the crypt(3) interfaces
98 * by David Burren <davidb@werj.com.au>.
99 *
100 * An excellent reference on the underlying algorithm (and related
101 * algorithms) is:
102 *
103 * B. Schneier, Applied Cryptography: protocols, algorithms,
104 * and source code in C, John Wiley & Sons, 1994.
105 *
106 * Note that in that book's description of DES the lookups for the initial,
107 * pbox, and final permutations are inverted (this has been brought to the
108 * attention of the author). A list of errata for this book has been
109 * posted to the sci.crypt newsgroup by the author and is available for FTP.
110 *
111 * ARCHITECTURE ASSUMPTIONS:
112 * It is assumed that the 8-byte arrays passed by reference can be
113 * addressed as arrays of uint32_t's (ie. the CPU is not picky about
114 * alignment).
115 */
116
117
118 /* Re-entrantify me -- all this junk needs to be in
119 * struct crypt_data to make this really reentrant... */
120 static u_char inv_key_perm[64];
121 static u_char inv_comp_perm[56];
122 static u_char u_sbox[8][64];
123 static u_char un_pbox[32];
124 static uint32_t en_keysl[16], en_keysr[16];
125 static uint32_t de_keysl[16], de_keysr[16];
126 static uint32_t ip_maskl[8][256], ip_maskr[8][256];
127 static uint32_t fp_maskl[8][256], fp_maskr[8][256];
128 static uint32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
129 static uint32_t comp_maskl[8][128], comp_maskr[8][128];
130 static uint32_t saltbits;
131 static uint32_t old_salt;
132 static uint32_t old_rawkey0, old_rawkey1;
133
134
135 /* Static stuff that stays resident and doesn't change after
136 * being initialized, and therefore doesn't need to be made
137 * reentrant. */
138 static u_char init_perm[64], final_perm[64];
139 static u_char m_sbox[4][4096];
140 static uint32_t psbox[4][256];
141
142
143
144
145 /* A pile of data */
146 static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
147
148 static const u_char IP[64] = {
149 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
150 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
151 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
152 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
153 };
154
155 static const u_char key_perm[56] = {
156 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
157 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
158 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
159 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
160 };
161
162 static const u_char key_shifts[16] = {
163 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
164 };
165
166 static const u_char comp_perm[48] = {
167 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
168 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
169 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
170 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
171 };
172
173 /*
174 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
175 */
176
177 static const u_char sbox[8][64] = {
178 {
179 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
180 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
181 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
182 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
183 },
184 {
185 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
186 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
187 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
188 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
189 },
190 {
191 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
192 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
193 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
194 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
195 },
196 {
197 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
198 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
199 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
200 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
201 },
202 {
203 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
204 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
205 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
206 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
207 },
208 {
209 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
210 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
211 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
212 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
213 },
214 {
215 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
216 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
217 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
218 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
219 },
220 {
221 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
222 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
223 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
224 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
225 }
226 };
227
228 static const u_char pbox[32] = {
229 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
230 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
231 };
232
233 static const uint32_t bits32[32] =
234 {
235 0x80000000, 0x40000000, 0x20000000, 0x10000000,
236 0x08000000, 0x04000000, 0x02000000, 0x01000000,
237 0x00800000, 0x00400000, 0x00200000, 0x00100000,
238 0x00080000, 0x00040000, 0x00020000, 0x00010000,
239 0x00008000, 0x00004000, 0x00002000, 0x00001000,
240 0x00000800, 0x00000400, 0x00000200, 0x00000100,
241 0x00000080, 0x00000040, 0x00000020, 0x00000010,
242 0x00000008, 0x00000004, 0x00000002, 0x00000001
243 };
244
245 static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
246 static const uint32_t *bits28, *bits24;
247
248
249 static int
250 ascii_to_bin(char ch)
251 {
252 if (ch > 'z')
253 return(0);
254 if (ch >= 'a')
255 return(ch - 'a' + 38);
256 if (ch > 'Z')
257 return(0);
258 if (ch >= 'A')
259 return(ch - 'A' + 12);
260 if (ch > '9')
261 return(0);
262 if (ch >= '.')
263 return(ch - '.');
264 return(0);
265 }
266
267 static void
268 des_init(void)
269 {
270 int i, j, b, k, inbit, obit;
271 uint32_t *p, *il, *ir, *fl, *fr;
272 static int des_initialised = 0;
273
274 if (des_initialised==1)
275 return;
276
277 old_rawkey0 = old_rawkey1 = 0L;
278 saltbits = 0L;
279 old_salt = 0L;
280 bits24 = (bits28 = bits32 + 4) + 4;
281
282 /*
283 * Invert the S-boxes, reordering the input bits.
284 */
285 for (i = 0; i < 8; i++)
286 for (j = 0; j < 64; j++) {
287 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
288 u_sbox[i][j] = sbox[i][b];
289 }
290
291 /*
292 * Convert the inverted S-boxes into 4 arrays of 8 bits.
293 * Each will handle 12 bits of the S-box input.
294 */
295 for (b = 0; b < 4; b++)
296 for (i = 0; i < 64; i++)
297 for (j = 0; j < 64; j++)
298 m_sbox[b][(i << 6) | j] =
299 (u_char)((u_sbox[(b << 1)][i] << 4) |
300 u_sbox[(b << 1) + 1][j]);
301
302 /*
303 * Set up the initial & final permutations into a useful form, and
304 * initialise the inverted key permutation.
305 */
306 for (i = 0; i < 64; i++) {
307 init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
308 inv_key_perm[i] = 255;
309 }
310
311 /*
312 * Invert the key permutation and initialise the inverted key
313 * compression permutation.
314 */
315 for (i = 0; i < 56; i++) {
316 inv_key_perm[key_perm[i] - 1] = (u_char)i;
317 inv_comp_perm[i] = 255;
318 }
319
320 /*
321 * Invert the key compression permutation.
322 */
323 for (i = 0; i < 48; i++) {
324 inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
325 }
326
327 /*
328 * Set up the OR-mask arrays for the initial and final permutations,
329 * and for the key initial and compression permutations.
330 */
331 for (k = 0; k < 8; k++) {
332 for (i = 0; i < 256; i++) {
333 *(il = &ip_maskl[k][i]) = 0L;
334 *(ir = &ip_maskr[k][i]) = 0L;
335 *(fl = &fp_maskl[k][i]) = 0L;
336 *(fr = &fp_maskr[k][i]) = 0L;
337 for (j = 0; j < 8; j++) {
338 inbit = 8 * k + j;
339 if (i & bits8[j]) {
340 if ((obit = init_perm[inbit]) < 32)
341 *il |= bits32[obit];
342 else
343 *ir |= bits32[obit-32];
344 if ((obit = final_perm[inbit]) < 32)
345 *fl |= bits32[obit];
346 else
347 *fr |= bits32[obit - 32];
348 }
349 }
350 }
351 for (i = 0; i < 128; i++) {
352 *(il = &key_perm_maskl[k][i]) = 0L;
353 *(ir = &key_perm_maskr[k][i]) = 0L;
354 for (j = 0; j < 7; j++) {
355 inbit = 8 * k + j;
356 if (i & bits8[j + 1]) {
357 if ((obit = inv_key_perm[inbit]) == 255)
358 continue;
359 if (obit < 28)
360 *il |= bits28[obit];
361 else
362 *ir |= bits28[obit - 28];
363 }
364 }
365 *(il = &comp_maskl[k][i]) = 0L;
366 *(ir = &comp_maskr[k][i]) = 0L;
367 for (j = 0; j < 7; j++) {
368 inbit = 7 * k + j;
369 if (i & bits8[j + 1]) {
370 if ((obit=inv_comp_perm[inbit]) == 255)
371 continue;
372 if (obit < 24)
373 *il |= bits24[obit];
374 else
375 *ir |= bits24[obit - 24];
376 }
377 }
378 }
379 }
380
381 /*
382 * Invert the P-box permutation, and convert into OR-masks for
383 * handling the output of the S-box arrays setup above.
384 */
385 for (i = 0; i < 32; i++)
386 un_pbox[pbox[i] - 1] = (u_char)i;
387
388 for (b = 0; b < 4; b++)
389 for (i = 0; i < 256; i++) {
390 *(p = &psbox[b][i]) = 0L;
391 for (j = 0; j < 8; j++) {
392 if (i & bits8[j])
393 *p |= bits32[un_pbox[8 * b + j]];
394 }
395 }
396
397 des_initialised = 1;
398 }
399
400
401 static void
402 setup_salt(long salt)
403 {
404 uint32_t obit, saltbit;
405 int i;
406
407 if (salt == (long)old_salt)
408 return;
409 old_salt = salt;
410
411 saltbits = 0L;
412 saltbit = 1;
413 obit = 0x800000;
414 for (i = 0; i < 24; i++) {
415 if (salt & saltbit)
416 saltbits |= obit;
417 saltbit <<= 1;
418 obit >>= 1;
419 }
420 }
421
422
423 static int
424 des_setkey(const char *key)
425 {
426 uint32_t k0, k1, rawkey0, rawkey1;
427 int shifts, round;
428
429 des_init();
430
431 rawkey0 = ntohl(*(const uint32_t *) key);
432 rawkey1 = ntohl(*(const uint32_t *) (key + 4));
433
434 if ((rawkey0 | rawkey1)
435 && rawkey0 == old_rawkey0
436 && rawkey1 == old_rawkey1) {
437 /*
438 * Already setup for this key.
439 * This optimisation fails on a zero key (which is weak and
440 * has bad parity anyway) in order to simplify the starting
441 * conditions.
442 */
443 return(0);
444 }
445 old_rawkey0 = rawkey0;
446 old_rawkey1 = rawkey1;
447
448 /*
449 * Do key permutation and split into two 28-bit subkeys.
450 */
451 k0 = key_perm_maskl[0][rawkey0 >> 25]
452 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
453 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
454 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
455 | key_perm_maskl[4][rawkey1 >> 25]
456 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
457 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
458 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
459 k1 = key_perm_maskr[0][rawkey0 >> 25]
460 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
461 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
462 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
463 | key_perm_maskr[4][rawkey1 >> 25]
464 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
465 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
466 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
467 /*
468 * Rotate subkeys and do compression permutation.
469 */
470 shifts = 0;
471 for (round = 0; round < 16; round++) {
472 uint32_t t0, t1;
473
474 shifts += key_shifts[round];
475
476 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
477 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
478
479 de_keysl[15 - round] =
480 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
481 | comp_maskl[1][(t0 >> 14) & 0x7f]
482 | comp_maskl[2][(t0 >> 7) & 0x7f]
483 | comp_maskl[3][t0 & 0x7f]
484 | comp_maskl[4][(t1 >> 21) & 0x7f]
485 | comp_maskl[5][(t1 >> 14) & 0x7f]
486 | comp_maskl[6][(t1 >> 7) & 0x7f]
487 | comp_maskl[7][t1 & 0x7f];
488
489 de_keysr[15 - round] =
490 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
491 | comp_maskr[1][(t0 >> 14) & 0x7f]
492 | comp_maskr[2][(t0 >> 7) & 0x7f]
493 | comp_maskr[3][t0 & 0x7f]
494 | comp_maskr[4][(t1 >> 21) & 0x7f]
495 | comp_maskr[5][(t1 >> 14) & 0x7f]
496 | comp_maskr[6][(t1 >> 7) & 0x7f]
497 | comp_maskr[7][t1 & 0x7f];
498 }
499 return(0);
500 }
501
502
503 static int
504 do_des( uint32_t l_in, uint32_t r_in, uint32_t *l_out, uint32_t *r_out, int count)
505 {
506 /*
507 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
508 */
509 uint32_t l, r, *kl, *kr, *kl1, *kr1;
510 uint32_t f, r48l, r48r;
511 int round;
512
513 if (count == 0) {
514 return(1);
515 } else if (count > 0) {
516 /*
517 * Encrypting
518 */
519 kl1 = en_keysl;
520 kr1 = en_keysr;
521 } else {
522 /*
523 * Decrypting
524 */
525 count = -count;
526 kl1 = de_keysl;
527 kr1 = de_keysr;
528 }
529
530 /*
531 * Do initial permutation (IP).
532 */
533 l = ip_maskl[0][l_in >> 24]
534 | ip_maskl[1][(l_in >> 16) & 0xff]
535 | ip_maskl[2][(l_in >> 8) & 0xff]
536 | ip_maskl[3][l_in & 0xff]
537 | ip_maskl[4][r_in >> 24]
538 | ip_maskl[5][(r_in >> 16) & 0xff]
539 | ip_maskl[6][(r_in >> 8) & 0xff]
540 | ip_maskl[7][r_in & 0xff];
541 r = ip_maskr[0][l_in >> 24]
542 | ip_maskr[1][(l_in >> 16) & 0xff]
543 | ip_maskr[2][(l_in >> 8) & 0xff]
544 | ip_maskr[3][l_in & 0xff]
545 | ip_maskr[4][r_in >> 24]
546 | ip_maskr[5][(r_in >> 16) & 0xff]
547 | ip_maskr[6][(r_in >> 8) & 0xff]
548 | ip_maskr[7][r_in & 0xff];
549
550 while (count--) {
551 /*
552 * Do each round.
553 */
554 kl = kl1;
555 kr = kr1;
556 round = 16;
557 while (round--) {
558 /*
559 * Expand R to 48 bits (simulate the E-box).
560 */
561 r48l = ((r & 0x00000001) << 23)
562 | ((r & 0xf8000000) >> 9)
563 | ((r & 0x1f800000) >> 11)
564 | ((r & 0x01f80000) >> 13)
565 | ((r & 0x001f8000) >> 15);
566
567 r48r = ((r & 0x0001f800) << 7)
568 | ((r & 0x00001f80) << 5)
569 | ((r & 0x000001f8) << 3)
570 | ((r & 0x0000001f) << 1)
571 | ((r & 0x80000000) >> 31);
572 /*
573 * Do salting for crypt() and friends, and
574 * XOR with the permuted key.
575 */
576 f = (r48l ^ r48r) & saltbits;
577 r48l ^= f ^ *kl++;
578 r48r ^= f ^ *kr++;
579 /*
580 * Do sbox lookups (which shrink it back to 32 bits)
581 * and do the pbox permutation at the same time.
582 */
583 f = psbox[0][m_sbox[0][r48l >> 12]]
584 | psbox[1][m_sbox[1][r48l & 0xfff]]
585 | psbox[2][m_sbox[2][r48r >> 12]]
586 | psbox[3][m_sbox[3][r48r & 0xfff]];
587 /*
588 * Now that we've permuted things, complete f().
589 */
590 f ^= l;
591 l = r;
592 r = f;
593 }
594 r = l;
595 l = f;
596 }
597 /*
598 * Do final permutation (inverse of IP).
599 */
600 *l_out = fp_maskl[0][l >> 24]
601 | fp_maskl[1][(l >> 16) & 0xff]
602 | fp_maskl[2][(l >> 8) & 0xff]
603 | fp_maskl[3][l & 0xff]
604 | fp_maskl[4][r >> 24]
605 | fp_maskl[5][(r >> 16) & 0xff]
606 | fp_maskl[6][(r >> 8) & 0xff]
607 | fp_maskl[7][r & 0xff];
608 *r_out = fp_maskr[0][l >> 24]
609 | fp_maskr[1][(l >> 16) & 0xff]
610 | fp_maskr[2][(l >> 8) & 0xff]
611 | fp_maskr[3][l & 0xff]
612 | fp_maskr[4][r >> 24]
613 | fp_maskr[5][(r >> 16) & 0xff]
614 | fp_maskr[6][(r >> 8) & 0xff]
615 | fp_maskr[7][r & 0xff];
616 return(0);
617 }
618
619
620 #if 0
621 static int
622 des_cipher(const char *in, char *out, uint32_t salt, int count)
623 {
624 uint32_t l_out, r_out, rawl, rawr;
625 int retval;
626 union {
627 uint32_t *ui32;
628 const char *c;
629 } trans;
630
631 des_init();
632
633 setup_salt(salt);
634
635 trans.c = in;
636 rawl = ntohl(*trans.ui32++);
637 rawr = ntohl(*trans.ui32);
638
639 retval = do_des(rawl, rawr, &l_out, &r_out, count);
640
641 trans.c = out;
642 *trans.ui32++ = htonl(l_out);
643 *trans.ui32 = htonl(r_out);
644 return(retval);
645 }
646 #endif
647
648 #if 0
649 void
650 setkey(const char *key)
651 {
652 int i, j;
653 uint32_t packed_keys[2];
654 u_char *p;
655
656 p = (u_char *) packed_keys;
657
658 for (i = 0; i < 8; i++) {
659 p[i] = 0;
660 for (j = 0; j < 8; j++)
661 if (*key++ & 1)
662 p[i] |= bits8[j];
663 }
664 des_setkey((char *)p);
665 }
666
667
668 void
669 encrypt(char *block, int flag)
670 {
671 uint32_t io[2];
672 u_char *p;
673 int i, j;
674
675 des_init();
676
677 setup_salt(0L);
678 p = (u_char*)block;
679 for (i = 0; i < 2; i++) {
680 io[i] = 0L;
681 for (j = 0; j < 32; j++)
682 if (*p++ & 1)
683 io[i] |= bits32[j];
684 }
685 do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
686 for (i = 0; i < 2; i++)
687 for (j = 0; j < 32; j++)
688 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
689 }
690 #endif
691
692 static char *
693 __des_crypt(const char *key, const char *setting)
694 {
695 uint32_t count, salt, l, r0, r1, keybuf[2];
696 u_char *p, *q;
697 static char output[21];
698
699 des_init();
700
701 /*
702 * Copy the key, shifting each character up by one bit
703 * and padding with zeros.
704 */
705 q = (u_char *)keybuf;
706 while (q - (u_char *)keybuf - 8) {
707 *q++ = *key << 1;
708 if (*(q - 1))
709 key++;
710 }
711 if (des_setkey((char *)keybuf))
712 return(NULL);
713
714 #if 0
715 if (*setting == _PASSWORD_EFMT1) {
716 int i;
717 /*
718 * "new"-style:
719 * setting - underscore, 4 bytes of count, 4 bytes of salt
720 * key - unlimited characters
721 */
722 for (i = 1, count = 0L; i < 5; i++)
723 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
724
725 for (i = 5, salt = 0L; i < 9; i++)
726 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
727
728 while (*key) {
729 /*
730 * Encrypt the key with itself.
731 */
732 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
733 return(NULL);
734 /*
735 * And XOR with the next 8 characters of the key.
736 */
737 q = (u_char *)keybuf;
738 while (q - (u_char *)keybuf - 8 && *key)
739 *q++ ^= *key++ << 1;
740
741 if (des_setkey((char *)keybuf))
742 return(NULL);
743 }
744 strncpy(output, setting, 9);
745
746 /*
747 * Double check that we weren't given a short setting.
748 * If we were, the above code will probably have created
749 * wierd values for count and salt, but we don't really care.
750 * Just make sure the output string doesn't have an extra
751 * NUL in it.
752 */
753 output[9] = '\0';
754 p = (u_char *)output + strlen(output);
755 } else
756 #endif
757 {
758 /*
759 * "old"-style:
760 * setting - 2 bytes of salt
761 * key - up to 8 characters
762 */
763 count = 25;
764
765 salt = (ascii_to_bin(setting[1]) << 6)
766 | ascii_to_bin(setting[0]);
767
768 output[0] = setting[0];
769 /*
770 * If the encrypted password that the salt was extracted from
771 * is only 1 character long, the salt will be corrupted. We
772 * need to ensure that the output string doesn't have an extra
773 * NUL in it!
774 */
775 output[1] = setting[1] ? setting[1] : output[0];
776
777 p = (u_char *)output + 2;
778 }
779 setup_salt(salt);
780 /*
781 * Do it.
782 */
783 if (do_des(0L, 0L, &r0, &r1, (int)count))
784 return(NULL);
785 /*
786 * Now encode the result...
787 */
788 l = (r0 >> 8);
789 *p++ = ascii64[(l >> 18) & 0x3f];
790 *p++ = ascii64[(l >> 12) & 0x3f];
791 *p++ = ascii64[(l >> 6) & 0x3f];
792 *p++ = ascii64[l & 0x3f];
793
794 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
795 *p++ = ascii64[(l >> 18) & 0x3f];
796 *p++ = ascii64[(l >> 12) & 0x3f];
797 *p++ = ascii64[(l >> 6) & 0x3f];
798 *p++ = ascii64[l & 0x3f];
799
800 l = r1 << 2;
801 *p++ = ascii64[(l >> 12) & 0x3f];
802 *p++ = ascii64[(l >> 6) & 0x3f];
803 *p++ = ascii64[l & 0x3f];
804 *p = 0;
805
806 return(output);
807 }
808
809 /* Now md5 crypt */
810
811 /*
812 * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
813 *
814 * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
815 * rights reserved.
816 *
817 * License to copy and use this software is granted provided that it
818 * is identified as the "RSA Data Security, Inc. MD5 Message-Digest
819 * Algorithm" in all material mentioning or referencing this software
820 * or this function.
821 *
822 * License is also granted to make and use derivative works provided
823 * that such works are identified as "derived from the RSA Data
824 * Security, Inc. MD5 Message-Digest Algorithm" in all material
825 * mentioning or referencing the derived work.
826 *
827 * RSA Data Security, Inc. makes no representations concerning either
828 * the merchantability of this software or the suitability of this
829 * software for any particular purpose. It is provided "as is"
830 * without express or implied warranty of any kind.
831 *
832 * These notices must be retained in any copies of any part of this
833 * documentation and/or software.
834 *
835 * $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $
836 *
837 * This code is the same as the code published by RSA Inc. It has been
838 * edited for clarity and style only.
839 *
840 * ----------------------------------------------------------------------------
841 * The md5_crypt() function was taken from freeBSD's libcrypt and contains
842 * this license:
843 * "THE BEER-WARE LICENSE" (Revision 42):
844 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
845 * can do whatever you want with this stuff. If we meet some day, and you think
846 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
847 *
848 * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $
849 *
850 * ----------------------------------------------------------------------------
851 * On April 19th, 2001 md5_crypt() was modified to make it reentrant
852 * by Erik Andersen <andersen@uclibc.org>
853 *
854 *
855 * June 28, 2001 Manuel Novoa III
856 *
857 * "Un-inlined" code using loops and static const tables in order to
858 * reduce generated code size (on i386 from approx 4k to approx 2.5k).
859 *
860 * June 29, 2001 Manuel Novoa III
861 *
862 * Completely removed static PADDING array.
863 *
864 * Reintroduced the loop unrolling in MD5_Transform and added the
865 * MD5_SIZE_OVER_SPEED option for configurability. Define below as:
866 * 0 fully unrolled loops
867 * 1 partially unrolled (4 ops per loop)
868 * 2 no unrolling -- introduces the need to swap 4 variables (slow)
869 * 3 no unrolling and all 4 loops merged into one with switch
870 * in each loop (glacial)
871 * On i386, sizes are roughly (-Os -fno-builtin):
872 * 0: 3k 1: 2.5k 2: 2.2k 3: 2k
873 *
874 *
875 * Since SuSv3 does not require crypt_r, modified again August 7, 2002
876 * by Erik Andersen to remove reentrance stuff...
877 */
878
879 /*
880 * Valid values are 1 (fastest/largest) to 3 (smallest/slowest).
881 */
882 #define MD5_SIZE_OVER_SPEED 1
883
884 /**********************************************************************/
885
886 /* MD5 context. */
887 struct MD5Context {
888 uint32_t state[4]; /* state (ABCD) */
889 uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
890 unsigned char buffer[64]; /* input buffer */
891 };
892
893 static void __md5_Init (struct MD5Context *);
894 static void __md5_Update (struct MD5Context *, const char *, unsigned int);
895 static void __md5_Pad (struct MD5Context *);
896 static void __md5_Final (char [16], struct MD5Context *);
897 static void __md5_Transform (uint32_t [4], const unsigned char [64]);
898
899
900 static const char __md5__magic[] = "$1$"; /* This string is magic for this algorithm. Having
901 it this way, we can get better later on */
902 static const unsigned char __md5_itoa64[] = /* 0 ... 63 => ascii - 64 */
903 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
904
905
906
907 #ifdef i386
908 #define __md5_Encode memcpy
909 #define __md5_Decode memcpy
910 #else /* i386 */
911
912 /*
913 * __md5_Encodes input (uint32_t) into output (unsigned char). Assumes len is
914 * a multiple of 4.
915 */
916
917 static void
918 __md5_Encode (unsigned char *output, uint32_t *input, unsigned int len)
919 {
920 unsigned int i, j;
921
922 for (i = 0, j = 0; j < len; i++, j += 4) {
923 output[j] = (unsigned char)(input[i] & 0xff);
924 output[j+1] = (unsigned char)((input[i] >> 8) & 0xff);
925 output[j+2] = (unsigned char)((input[i] >> 16) & 0xff);
926 output[j+3] = (unsigned char)((input[i] >> 24) & 0xff);
927 }
928 }
929
930 /*
931 * __md5_Decodes input (unsigned char) into output (uint32_t). Assumes len is
932 * a multiple of 4.
933 */
934
935 static void
936 __md5_Decode (uint32_t *output, const unsigned char *input, unsigned int len)
937 {
938 unsigned int i, j;
939
940 for (i = 0, j = 0; j < len; i++, j += 4)
941 output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) |
942 (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24);
943 }
944 #endif /* i386 */
945
946 /* F, G, H and I are basic MD5 functions. */
947 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
948 #define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
949 #define H(x, y, z) ((x) ^ (y) ^ (z))
950 #define I(x, y, z) ((y) ^ ((x) | (~z)))
951
952 /* ROTATE_LEFT rotates x left n bits. */
953 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
954
955 /*
956 * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
957 * Rotation is separate from addition to prevent recomputation.
958 */
959 #define FF(a, b, c, d, x, s, ac) { \
960 (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
961 (a) = ROTATE_LEFT ((a), (s)); \
962 (a) += (b); \
963 }
964 #define GG(a, b, c, d, x, s, ac) { \
965 (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
966 (a) = ROTATE_LEFT ((a), (s)); \
967 (a) += (b); \
968 }
969 #define HH(a, b, c, d, x, s, ac) { \
970 (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
971 (a) = ROTATE_LEFT ((a), (s)); \
972 (a) += (b); \
973 }
974 #define II(a, b, c, d, x, s, ac) { \
975 (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
976 (a) = ROTATE_LEFT ((a), (s)); \
977 (a) += (b); \
978 }
979
980 /* MD5 initialization. Begins an MD5 operation, writing a new context. */
981
982 static void __md5_Init (struct MD5Context *context)
983 {
984 context->count[0] = context->count[1] = 0;
985
986 /* Load magic initialization constants. */
987 context->state[0] = 0x67452301;
988 context->state[1] = 0xefcdab89;
989 context->state[2] = 0x98badcfe;
990 context->state[3] = 0x10325476;
991 }
992
993 /*
994 * MD5 block update operation. Continues an MD5 message-digest
995 * operation, processing another message block, and updating the
996 * context.
997 */
998
999 static void __md5_Update ( struct MD5Context *context, const char *xinput, unsigned int inputLen)
1000 {
1001 unsigned int i, lindex, partLen;
1002 const unsigned char *input = (const unsigned char *)xinput; /* i hate gcc */
1003 /* Compute number of bytes mod 64 */
1004 lindex = (unsigned int)((context->count[0] >> 3) & 0x3F);
1005
1006 /* Update number of bits */
1007 if ((context->count[0] += ((uint32_t)inputLen << 3))
1008 < ((uint32_t)inputLen << 3))
1009 context->count[1]++;
1010 context->count[1] += ((uint32_t)inputLen >> 29);
1011
1012 partLen = 64 - lindex;
1013
1014 /* Transform as many times as possible. */
1015 if (inputLen >= partLen) {
1016 memcpy(&context->buffer[lindex], input,
1017 partLen);
1018 __md5_Transform (context->state, context->buffer);
1019
1020 for (i = partLen; i + 63 < inputLen; i += 64)
1021 __md5_Transform (context->state, &input[i]);
1022
1023 lindex = 0;
1024 }
1025 else
1026 i = 0;
1027
1028 /* Buffer remaining input */
1029 memcpy (&context->buffer[lindex], &input[i],
1030 inputLen-i);
1031 }
1032
1033 /*
1034 * MD5 padding. Adds padding followed by original length.
1035 */
1036
1037 static void __md5_Pad ( struct MD5Context *context)
1038 {
1039 char bits[8];
1040 unsigned int lindex, padLen;
1041 char PADDING[64];
1042
1043 memset(PADDING, 0, sizeof(PADDING));
1044 PADDING[0] = 0x80;
1045
1046 /* Save number of bits */
1047 __md5_Encode (bits, context->count, 8);
1048
1049 /* Pad out to 56 mod 64. */
1050 lindex = (unsigned int)((context->count[0] >> 3) & 0x3f);
1051 padLen = (lindex < 56) ? (56 - lindex) : (120 - lindex);
1052 __md5_Update (context, PADDING, padLen);
1053
1054 /* Append length (before padding) */
1055 __md5_Update (context, bits, 8);
1056 }
1057
1058 /*
1059 * MD5 finalization. Ends an MD5 message-digest operation, writing the
1060 * the message digest and zeroizing the context.
1061 */
1062
1063 static void __md5_Final ( char xdigest[16], struct MD5Context *context)
1064 {
1065 unsigned char *digest = (unsigned char *)xdigest;
1066 /* Do padding. */
1067 __md5_Pad (context);
1068
1069 /* Store state in digest */
1070 __md5_Encode (digest, context->state, 16);
1071
1072 /* Zeroize sensitive information. */
1073 memset (context, 0, sizeof (*context));
1074 }
1075
1076 /* MD5 basic transformation. Transforms state based on block. */
1077
1078 static void
1079 __md5_Transform (state, block)
1080 uint32_t state[4];
1081 const unsigned char block[64];
1082 {
1083 uint32_t a, b, c, d, x[16];
1084
1085 #if MD5_SIZE_OVER_SPEED > 1
1086 uint32_t temp;
1087 const char *ps;
1088
1089 static const char S[] = {
1090 7, 12, 17, 22,
1091 5, 9, 14, 20,
1092 4, 11, 16, 23,
1093 6, 10, 15, 21
1094 };
1095 #endif /* MD5_SIZE_OVER_SPEED > 1 */
1096
1097 #if MD5_SIZE_OVER_SPEED > 0
1098 const uint32_t *pc;
1099 const char *pp;
1100 int i;
1101
1102 static const uint32_t C[] = {
1103 /* round 1 */
1104 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
1105 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
1106 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
1107 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
1108 /* round 2 */
1109 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
1110 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
1111 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
1112 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
1113 /* round 3 */
1114 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
1115 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
1116 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
1117 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
1118 /* round 4 */
1119 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
1120 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
1121 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
1122 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
1123 };
1124
1125 static const char P[] = {
1126 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */
1127 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */
1128 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */
1129 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */
1130 };
1131
1132 #endif /* MD5_SIZE_OVER_SPEED > 0 */
1133
1134 __md5_Decode (x, block, 64);
1135
1136 a = state[0]; b = state[1]; c = state[2]; d = state[3];
1137
1138 #if MD5_SIZE_OVER_SPEED > 2
1139 pc = C; pp = P; ps = S - 4;
1140
1141 for ( i = 0 ; i < 64 ; i++ ) {
1142 if ((i&0x0f) == 0) ps += 4;
1143 temp = a;
1144 switch (i>>4) {
1145 case 0:
1146 temp += F(b,c,d);
1147 break;
1148 case 1:
1149 temp += G(b,c,d);
1150 break;
1151 case 2:
1152 temp += H(b,c,d);
1153 break;
1154 case 3:
1155 temp += I(b,c,d);
1156 break;
1157 }
1158 temp += x[(int)(*pp++)] + *pc++;
1159 temp = ROTATE_LEFT(temp, ps[i&3]);
1160 temp += b;
1161 a = d; d = c; c = b; b = temp;
1162 }
1163 #elif MD5_SIZE_OVER_SPEED > 1
1164 pc = C; pp = P; ps = S;
1165
1166 /* Round 1 */
1167 for ( i = 0 ; i < 16 ; i++ ) {
1168 FF (a, b, c, d, x[(int)(*pp++)], ps[i&0x3], *pc++);
1169 temp = d; d = c; c = b; b = a; a = temp;
1170 }
1171
1172 /* Round 2 */
1173 ps += 4;
1174 for ( ; i < 32 ; i++ ) {
1175 GG (a, b, c, d, x[(int)(*pp++)], ps[i&0x3], *pc++);
1176 temp = d; d = c; c = b; b = a; a = temp;
1177 }
1178 /* Round 3 */
1179 ps += 4;
1180 for ( ; i < 48 ; i++ ) {
1181 HH (a, b, c, d, x[(int)(*pp++)], ps[i&0x3], *pc++);
1182 temp = d; d = c; c = b; b = a; a = temp;
1183 }
1184
1185 /* Round 4 */
1186 ps += 4;
1187 for ( ; i < 64 ; i++ ) {
1188 II (a, b, c, d, x[(int)(*pp++)], ps[i&0x3], *pc++);
1189 temp = d; d = c; c = b; b = a; a = temp;
1190 }
1191 #elif MD5_SIZE_OVER_SPEED > 0
1192 pc = C; pp = P;
1193
1194 /* Round 1 */
1195 for ( i = 0 ; i < 4 ; i++ ) {
1196 FF (a, b, c, d, x[(int)(*pp++)], 7, *pc++);
1197 FF (d, a, b, c, x[(int)(*pp++)], 12, *pc++);
1198 FF (c, d, a, b, x[(int)(*pp++)], 17, *pc++);
1199 FF (b, c, d, a, x[(int)(*pp++)], 22, *pc++);
1200 }
1201
1202 /* Round 2 */
1203 for ( i = 0 ; i < 4 ; i++ ) {
1204 GG (a, b, c, d, x[(int)(*pp++)], 5, *pc++);
1205 GG (d, a, b, c, x[(int)(*pp++)], 9, *pc++);
1206 GG (c, d, a, b, x[(int)(*pp++)], 14, *pc++);
1207 GG (b, c, d, a, x[(int)(*pp++)], 20, *pc++);
1208 }
1209 /* Round 3 */
1210 for ( i = 0 ; i < 4 ; i++ ) {
1211 HH (a, b, c, d, x[(int)(*pp++)], 4, *pc++);
1212 HH (d, a, b, c, x[(int)(*pp++)], 11, *pc++);
1213 HH (c, d, a, b, x[(int)(*pp++)], 16, *pc++);
1214 HH (b, c, d, a, x[(int)(*pp++)], 23, *pc++);
1215 }
1216
1217 /* Round 4 */
1218 for ( i = 0 ; i < 4 ; i++ ) {
1219 II (a, b, c, d, x[(int)(*pp++)], 6, *pc++);
1220 II (d, a, b, c, x[(int)(*pp++)], 10, *pc++);
1221 II (c, d, a, b, x[(int)(*pp++)], 15, *pc++);
1222 II (b, c, d, a, x[(int)(*pp++)], 21, *pc++);
1223 }
1224 #else
1225 /* Round 1 */
1226 #define S11 7
1227 #define S12 12
1228 #define S13 17
1229 #define S14 22
1230 FF (a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */
1231 FF (d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */
1232 FF (c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */
1233 FF (b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */
1234 FF (a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */
1235 FF (d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */
1236 FF (c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */
1237 FF (b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */
1238 FF (a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */
1239 FF (d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */
1240 FF (c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
1241 FF (b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
1242 FF (a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
1243 FF (d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
1244 FF (c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
1245 FF (b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
1246
1247 /* Round 2 */
1248 #define S21 5
1249 #define S22 9
1250 #define S23 14
1251 #define S24 20
1252 GG (a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */
1253 GG (d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */
1254 GG (c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
1255 GG (b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */
1256 GG (a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */
1257 GG (d, a, b, c, x[10], S22, 0x2441453); /* 22 */
1258 GG (c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
1259 GG (b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */
1260 GG (a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */
1261 GG (d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
1262 GG (c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */
1263 GG (b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */
1264 GG (a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
1265 GG (d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */
1266 GG (c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */
1267 GG (b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
1268
1269 /* Round 3 */
1270 #define S31 4
1271 #define S32 11
1272 #define S33 16
1273 #define S34 23
1274 HH (a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */
1275 HH (d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */
1276 HH (c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
1277 HH (b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
1278 HH (a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */
1279 HH (d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */
1280 HH (c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */
1281 HH (b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
1282 HH (a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
1283 HH (d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */
1284 HH (c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */
1285 HH (b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */
1286 HH (a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */
1287 HH (d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
1288 HH (c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
1289 HH (b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */
1290
1291 /* Round 4 */
1292 #define S41 6
1293 #define S42 10
1294 #define S43 15
1295 #define S44 21
1296 II (a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */
1297 II (d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */
1298 II (c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
1299 II (b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */
1300 II (a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
1301 II (d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */
1302 II (c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
1303 II (b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */
1304 II (a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */
1305 II (d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
1306 II (c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */
1307 II (b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
1308 II (a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */
1309 II (d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
1310 II (c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */
1311 II (b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */
1312 #endif
1313
1314 state[0] += a;
1315 state[1] += b;
1316 state[2] += c;
1317 state[3] += d;
1318
1319 /* Zeroize sensitive information. */
1320 memset (x, 0, sizeof (x));
1321 }
1322
1323
1324 static void __md5_to64( char *s, unsigned long v, int n)
1325 {
1326 while (--n >= 0) {
1327 *s++ = __md5_itoa64[v&0x3f];
1328 v >>= 6;
1329 }
1330 }
1331
1332 /*
1333 * UNIX password
1334 *
1335 * Use MD5 for what it is best at...
1336 */
1337
1338 static char * __md5_crypt( const char *pw, const char *salt)
1339 {
1340 /* Static stuff */
1341 static const char *sp, *ep;
1342 static char passwd[120], *p;
1343
1344 char final[17]; /* final[16] exists only to aid in looping */
1345 int sl,pl,i,__md5__magic_len,pw_len;
1346 struct MD5Context ctx,ctx1;
1347 unsigned long l;
1348
1349 /* Refine the Salt first */
1350 sp = salt;
1351
1352 /* If it starts with the magic string, then skip that */
1353 __md5__magic_len = strlen(__md5__magic);
1354 if(!strncmp(sp,__md5__magic,__md5__magic_len))
1355 sp += __md5__magic_len;
1356
1357 /* It stops at the first '$', max 8 chars */
1358 for(ep=sp;*ep && *ep != '$' && ep < (sp+8);ep++)
1359 continue;
1360
1361 /* get the length of the true salt */
1362 sl = ep - sp;
1363
1364 __md5_Init(&ctx);
1365
1366 /* The password first, since that is what is most unknown */
1367 pw_len = strlen(pw);
1368 __md5_Update(&ctx,pw,pw_len);
1369
1370 /* Then our magic string */
1371 __md5_Update(&ctx,__md5__magic,__md5__magic_len);
1372
1373 /* Then the raw salt */
1374 __md5_Update(&ctx,sp,sl);
1375
1376 /* Then just as many characters of the MD5(pw,salt,pw) */
1377 __md5_Init(&ctx1);
1378 __md5_Update(&ctx1,pw,pw_len);
1379 __md5_Update(&ctx1,sp,sl);
1380 __md5_Update(&ctx1,pw,pw_len);
1381 __md5_Final(final,&ctx1);
1382 for(pl = pw_len; pl > 0; pl -= 16)
1383 __md5_Update(&ctx,final,pl>16 ? 16 : pl);
1384
1385 /* Don't leave anything around in vm they could use. */
1386 memset(final,0,sizeof final);
1387
1388 /* Then something really weird... */
1389 for (i = pw_len; i ; i >>= 1) {
1390 __md5_Update(&ctx, ((i&1) ? final : pw), 1);
1391 }
1392
1393 /* Now make the output string */
1394 strcpy(passwd,__md5__magic);
1395 strncat(passwd,sp,sl);
1396 strcat(passwd,"$");
1397
1398 __md5_Final(final,&ctx);
1399
1400 /*
1401 * and now, just to make sure things don't run too fast
1402 * On a 60 Mhz Pentium this takes 34 msec, so you would
1403 * need 30 seconds to build a 1000 entry dictionary...
1404 */
1405 for(i=0;i<1000;i++) {
1406 __md5_Init(&ctx1);
1407 if(i & 1)
1408 __md5_Update(&ctx1,pw,pw_len);
1409 else
1410 __md5_Update(&ctx1,final,16);
1411
1412 if(i % 3)
1413 __md5_Update(&ctx1,sp,sl);
1414
1415 if(i % 7)
1416 __md5_Update(&ctx1,pw,pw_len);
1417
1418 if(i & 1)
1419 __md5_Update(&ctx1,final,16);
1420 else
1421 __md5_Update(&ctx1,pw,pw_len);
1422 __md5_Final(final,&ctx1);
1423 }
1424
1425 p = passwd + strlen(passwd);
1426
1427 final[16] = final[5];
1428 for ( i=0 ; i < 5 ; i++ ) {
1429 l = (final[i]<<16) | (final[i+6]<<8) | final[i+12];
1430 __md5_to64(p,l,4); p += 4;
1431 }
1432 l = final[11];
1433 __md5_to64(p,l,2); p += 2;
1434 *p = '\0';
1435
1436 /* Don't leave anything around in vm they could use. */
1437 memset(final,0,sizeof final);
1438
1439 return passwd;
1440 }
1441
1442 #endif /* NEED_CRYPT */
1443
Unnamed repository; edit this file 'description' to name the repository.