]> jfr.im git - irc/rqf/shadowircd.git/blob - libratbox/src/crypt.c
projects / irc / rqf / shadowircd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Copied libratbox and related stuff from shadowircd upstream.
[irc/rqf/shadowircd.git] / libratbox / src / crypt.c
1 /*
2 * crypt.c: Implements unix style crypt() for platforms that don't have it
3 * This version has both an md5 and des crypt.
4 * This was pretty much catted together from uclibc.
5 */
6
7 /*
8 * crypt() for uClibc
9 *
10 * Copyright (C) 2000 by Lineo, inc. and Erik Andersen
11 * Copyright (C) 2000,2001 by Erik Andersen <andersen@uclibc.org>
12 * Written by Erik Andersen <andersen@uclibc.org>
13 *
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU Library General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version.
18 *
19 * This program is distributed in the hope that it will be useful, but WITHOUT
20 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
21 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License
22 * for more details.
23 *
24 * You should have received a copy of the GNU Library General Public License
25 * along with this program; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27 */
28
29 #include <libratbox_config.h>
30 #include <ratbox_lib.h>
31
32
33 #ifndef NEED_CRYPT
34 extern char *crypt(const char *key, const char *salt);
35
36 char *
37 rb_crypt(const char *key, const char *salt)
38 {
39 return (crypt(key, salt));
40 }
41 #else
42
43 static char *__md5_crypt(const char *pw, const char *salt);
44 static char *__des_crypt(const char *pw, const char *salt);
45
46 char *
47 rb_crypt(const char *key, const char *salt)
48 {
49 /* First, check if we are supposed to be using the MD5 replacement
50 * instead of DES... */
51 if(salt[0] == '$' && salt[1] == '1' && salt[2] == '$')
52 return __md5_crypt(key, salt);
53 else
54 return __des_crypt(key, salt);
55 }
56
57 /* Here is the des crypt() stuff */
58
59 /*
60 * FreeSec: libcrypt for NetBSD
61 *
62 * Copyright (c) 1994 David Burren
63 * All rights reserved.
64 *
65 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
66 * this file should now *only* export crypt(), in order to make
67 * binaries of libcrypt exportable from the USA
68 *
69 * Adapted for FreeBSD-4.0 by Mark R V Murray
70 * this file should now *only* export crypt_des(), in order to make
71 * a module that can be optionally included in libcrypt.
72 *
73 * Redistribution and use in source and binary forms, with or without
74 * modification, are permitted provided that the following conditions
75 * are met:
76 * 1. Redistributions of source code must retain the above copyright
77 * notice, this list of conditions and the following disclaimer.
78 * 2. Redistributions in binary form must reproduce the above copyright
79 * notice, this list of conditions and the following disclaimer in the
80 * documentation and/or other materials provided with the distribution.
81 * 3. Neither the name of the author nor the names of other contributors
82 * may be used to endorse or promote products derived from this software
83 * without specific prior written permission.
84 *
85 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
86 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
87 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
88 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
89 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
90 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
91 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
92 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
93 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
94 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
95 * SUCH DAMAGE.
96 *
97 * This is an original implementation of the DES and the crypt(3) interfaces
98 * by David Burren <davidb@werj.com.au>.
99 *
100 * An excellent reference on the underlying algorithm (and related
101 * algorithms) is:
102 *
103 * B. Schneier, Applied Cryptography: protocols, algorithms,
104 * and source code in C, John Wiley & Sons, 1994.
105 *
106 * Note that in that book's description of DES the lookups for the initial,
107 * pbox, and final permutations are inverted (this has been brought to the
108 * attention of the author). A list of errata for this book has been
109 * posted to the sci.crypt newsgroup by the author and is available for FTP.
110 *
111 * ARCHITECTURE ASSUMPTIONS:
112 * It is assumed that the 8-byte arrays passed by reference can be
113 * addressed as arrays of uint32_t's (ie. the CPU is not picky about
114 * alignment).
115 */
116
117
118 /* Re-entrantify me -- all this junk needs to be in
119 * struct crypt_data to make this really reentrant... */
120 static uint8_t inv_key_perm[64];
121 static uint8_t inv_comp_perm[56];
122 static uint8_t u_sbox[8][64];
123 static uint8_t un_pbox[32];
124 static uint32_t en_keysl[16], en_keysr[16];
125 static uint32_t de_keysl[16], de_keysr[16];
126 static uint32_t ip_maskl[8][256], ip_maskr[8][256];
127 static uint32_t fp_maskl[8][256], fp_maskr[8][256];
128 static uint32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
129 static uint32_t comp_maskl[8][128], comp_maskr[8][128];
130 static uint32_t saltbits;
131 static uint32_t old_salt;
132 static uint32_t old_rawkey0, old_rawkey1;
133
134
135 /* Static stuff that stays resident and doesn't change after
136 * being initialized, and therefore doesn't need to be made
137 * reentrant. */
138 static uint8_t init_perm[64], final_perm[64];
139 static uint8_t m_sbox[4][4096];
140 static uint32_t psbox[4][256];
141
142
143
144
145 /* A pile of data */
146 static const uint8_t ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
147
148 static const uint8_t IP[64] = {
149 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
150 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
151 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
152 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
153 };
154
155 static const uint8_t key_perm[56] = {
156 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
157 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
158 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
159 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
160 };
161
162 static const uint8_t key_shifts[16] = {
163 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
164 };
165
166 static const uint8_t comp_perm[48] = {
167 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
168 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
169 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
170 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
171 };
172
173 /*
174 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
175 */
176
177 static const uint8_t sbox[8][64] = {
178 {
179 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
180 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
181 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
182 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13},
183 {
184 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
185 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
186 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
187 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9},
188 {
189 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
190 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
191 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
192 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12},
193 {
194 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
195 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
196 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
197 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14},
198 {
199 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
200 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
201 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
202 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3},
203 {
204 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
205 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
206 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
207 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13},
208 {
209 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
210 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
211 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
212 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12},
213 {
214 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
215 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
216 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
217 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}
218 };
219
220 static const uint8_t pbox[32] = {
221 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
222 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
223 };
224
225 static const uint32_t bits32[32] = {
226 0x80000000, 0x40000000, 0x20000000, 0x10000000,
227 0x08000000, 0x04000000, 0x02000000, 0x01000000,
228 0x00800000, 0x00400000, 0x00200000, 0x00100000,
229 0x00080000, 0x00040000, 0x00020000, 0x00010000,
230 0x00008000, 0x00004000, 0x00002000, 0x00001000,
231 0x00000800, 0x00000400, 0x00000200, 0x00000100,
232 0x00000080, 0x00000040, 0x00000020, 0x00000010,
233 0x00000008, 0x00000004, 0x00000002, 0x00000001
234 };
235
236 static const uint8_t bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
237
238 static const uint32_t *bits28, *bits24;
239
240
241 static int
242 ascii_to_bin(char ch)
243 {
244 if(ch > 'z')
245 return (0);
246 if(ch >= 'a')
247 return (ch - 'a' + 38);
248 if(ch > 'Z')
249 return (0);
250 if(ch >= 'A')
251 return (ch - 'A' + 12);
252 if(ch > '9')
253 return (0);
254 if(ch >= '.')
255 return (ch - '.');
256 return (0);
257 }
258
259 static void
260 des_init(void)
261 {
262 int i, j, b, k, inbit, obit;
263 uint32_t *p, *il, *ir, *fl, *fr;
264 static int des_initialised = 0;
265
266 if(des_initialised == 1)
267 return;
268
269 old_rawkey0 = old_rawkey1 = 0L;
270 saltbits = 0L;
271 old_salt = 0L;
272 bits24 = (bits28 = bits32 + 4) + 4;
273
274 /*
275 * Invert the S-boxes, reordering the input bits.
276 */
277 for(i = 0; i < 8; i++)
278 for(j = 0; j < 64; j++)
279 {
280 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
281 u_sbox[i][j] = sbox[i][b];
282 }
283
284 /*
285 * Convert the inverted S-boxes into 4 arrays of 8 bits.
286 * Each will handle 12 bits of the S-box input.
287 */
288 for(b = 0; b < 4; b++)
289 for(i = 0; i < 64; i++)
290 for(j = 0; j < 64; j++)
291 m_sbox[b][(i << 6) | j] =
292 (uint8_t)((u_sbox[(b << 1)][i] << 4) |
293 u_sbox[(b << 1) + 1][j]);
294
295 /*
296 * Set up the initial & final permutations into a useful form, and
297 * initialise the inverted key permutation.
298 */
299 for(i = 0; i < 64; i++)
300 {
301 init_perm[final_perm[i] = IP[i] - 1] = (uint8_t)i;
302 inv_key_perm[i] = 255;
303 }
304
305 /*
306 * Invert the key permutation and initialise the inverted key
307 * compression permutation.
308 */
309 for(i = 0; i < 56; i++)
310 {
311 inv_key_perm[key_perm[i] - 1] = (uint8_t)i;
312 inv_comp_perm[i] = 255;
313 }
314
315 /*
316 * Invert the key compression permutation.
317 */
318 for(i = 0; i < 48; i++)
319 {
320 inv_comp_perm[comp_perm[i] - 1] = (uint8_t)i;
321 }
322
323 /*
324 * Set up the OR-mask arrays for the initial and final permutations,
325 * and for the key initial and compression permutations.
326 */
327 for(k = 0; k < 8; k++)
328 {
329 for(i = 0; i < 256; i++)
330 {
331 *(il = &ip_maskl[k][i]) = 0L;
332 *(ir = &ip_maskr[k][i]) = 0L;
333 *(fl = &fp_maskl[k][i]) = 0L;
334 *(fr = &fp_maskr[k][i]) = 0L;
335 for(j = 0; j < 8; j++)
336 {
337 inbit = 8 * k + j;
338 if(i & bits8[j])
339 {
340 if((obit = init_perm[inbit]) < 32)
341 *il |= bits32[obit];
342 else
343 *ir |= bits32[obit - 32];
344 if((obit = final_perm[inbit]) < 32)
345 *fl |= bits32[obit];
346 else
347 *fr |= bits32[obit - 32];
348 }
349 }
350 }
351 for(i = 0; i < 128; i++)
352 {
353 *(il = &key_perm_maskl[k][i]) = 0L;
354 *(ir = &key_perm_maskr[k][i]) = 0L;
355 for(j = 0; j < 7; j++)
356 {
357 inbit = 8 * k + j;
358 if(i & bits8[j + 1])
359 {
360 if((obit = inv_key_perm[inbit]) == 255)
361 continue;
362 if(obit < 28)
363 *il |= bits28[obit];
364 else
365 *ir |= bits28[obit - 28];
366 }
367 }
368 *(il = &comp_maskl[k][i]) = 0L;
369 *(ir = &comp_maskr[k][i]) = 0L;
370 for(j = 0; j < 7; j++)
371 {
372 inbit = 7 * k + j;
373 if(i & bits8[j + 1])
374 {
375 if((obit = inv_comp_perm[inbit]) == 255)
376 continue;
377 if(obit < 24)
378 *il |= bits24[obit];
379 else
380 *ir |= bits24[obit - 24];
381 }
382 }
383 }
384 }
385
386 /*
387 * Invert the P-box permutation, and convert into OR-masks for
388 * handling the output of the S-box arrays setup above.
389 */
390 for(i = 0; i < 32; i++)
391 un_pbox[pbox[i] - 1] = (uint8_t)i;
392
393 for(b = 0; b < 4; b++)
394 for(i = 0; i < 256; i++)
395 {
396 *(p = &psbox[b][i]) = 0L;
397 for(j = 0; j < 8; j++)
398 {
399 if(i & bits8[j])
400 *p |= bits32[un_pbox[8 * b + j]];
401 }
402 }
403
404 des_initialised = 1;
405 }
406
407
408 static void
409 setup_salt(long salt)
410 {
411 uint32_t obit, saltbit;
412 int i;
413
414 if(salt == (long)old_salt)
415 return;
416 old_salt = salt;
417
418 saltbits = 0L;
419 saltbit = 1;
420 obit = 0x800000;
421 for(i = 0; i < 24; i++)
422 {
423 if(salt & saltbit)
424 saltbits |= obit;
425 saltbit <<= 1;
426 obit >>= 1;
427 }
428 }
429
430
431 static int
432 des_setkey(const char *key)
433 {
434 uint32_t k0, k1, rawkey0, rawkey1;
435 int shifts, round;
436
437 des_init();
438
439 rawkey0 = ntohl(*(const uint32_t *)key);
440 rawkey1 = ntohl(*(const uint32_t *)(key + 4));
441
442 if((rawkey0 | rawkey1) && rawkey0 == old_rawkey0 && rawkey1 == old_rawkey1)
443 {
444 /*
445 * Already setup for this key.
446 * This optimisation fails on a zero key (which is weak and
447 * has bad parity anyway) in order to simplify the starting
448 * conditions.
449 */
450 return (0);
451 }
452 old_rawkey0 = rawkey0;
453 old_rawkey1 = rawkey1;
454
455 /*
456 * Do key permutation and split into two 28-bit subkeys.
457 */
458 k0 = key_perm_maskl[0][rawkey0 >> 25]
459 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
460 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
461 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
462 | key_perm_maskl[4][rawkey1 >> 25]
463 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
464 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
465 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
466 k1 = key_perm_maskr[0][rawkey0 >> 25]
467 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
468 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
469 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
470 | key_perm_maskr[4][rawkey1 >> 25]
471 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
472 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
473 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
474 /*
475 * Rotate subkeys and do compression permutation.
476 */
477 shifts = 0;
478 for(round = 0; round < 16; round++)
479 {
480 uint32_t t0, t1;
481
482 shifts += key_shifts[round];
483
484 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
485 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
486
487 de_keysl[15 - round] =
488 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
489 | comp_maskl[1][(t0 >> 14) & 0x7f]
490 | comp_maskl[2][(t0 >> 7) & 0x7f]
491 | comp_maskl[3][t0 & 0x7f]
492 | comp_maskl[4][(t1 >> 21) & 0x7f]
493 | comp_maskl[5][(t1 >> 14) & 0x7f]
494 | comp_maskl[6][(t1 >> 7) & 0x7f] | comp_maskl[7][t1 & 0x7f];
495
496 de_keysr[15 - round] =
497 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
498 | comp_maskr[1][(t0 >> 14) & 0x7f]
499 | comp_maskr[2][(t0 >> 7) & 0x7f]
500 | comp_maskr[3][t0 & 0x7f]
501 | comp_maskr[4][(t1 >> 21) & 0x7f]
502 | comp_maskr[5][(t1 >> 14) & 0x7f]
503 | comp_maskr[6][(t1 >> 7) & 0x7f] | comp_maskr[7][t1 & 0x7f];
504 }
505 return (0);
506 }
507
508
509 static int
510 do_des(uint32_t l_in, uint32_t r_in, uint32_t *l_out, uint32_t *r_out, int count)
511 {
512 /*
513 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
514 */
515 uint32_t l, r, *kl, *kr, *kl1, *kr1;
516 uint32_t f, r48l, r48r;
517 int round;
518
519 if(count == 0)
520 {
521 return (1);
522 }
523 else if(count > 0)
524 {
525 /*
526 * Encrypting
527 */
528 kl1 = en_keysl;
529 kr1 = en_keysr;
530 }
531 else
532 {
533 /*
534 * Decrypting
535 */
536 count = -count;
537 kl1 = de_keysl;
538 kr1 = de_keysr;
539 }
540
541 /*
542 * Do initial permutation (IP).
543 */
544 l = ip_maskl[0][l_in >> 24]
545 | ip_maskl[1][(l_in >> 16) & 0xff]
546 | ip_maskl[2][(l_in >> 8) & 0xff]
547 | ip_maskl[3][l_in & 0xff]
548 | ip_maskl[4][r_in >> 24]
549 | ip_maskl[5][(r_in >> 16) & 0xff]
550 | ip_maskl[6][(r_in >> 8) & 0xff] | ip_maskl[7][r_in & 0xff];
551 r = ip_maskr[0][l_in >> 24]
552 | ip_maskr[1][(l_in >> 16) & 0xff]
553 | ip_maskr[2][(l_in >> 8) & 0xff]
554 | ip_maskr[3][l_in & 0xff]
555 | ip_maskr[4][r_in >> 24]
556 | ip_maskr[5][(r_in >> 16) & 0xff]
557 | ip_maskr[6][(r_in >> 8) & 0xff] | ip_maskr[7][r_in & 0xff];
558
559 while(count--)
560 {
561 /*
562 * Do each round.
563 */
564 kl = kl1;
565 kr = kr1;
566 round = 16;
567 while(round--)
568 {
569 /*
570 * Expand R to 48 bits (simulate the E-box).
571 */
572 r48l = ((r & 0x00000001) << 23)
573 | ((r & 0xf8000000) >> 9)
574 | ((r & 0x1f800000) >> 11)
575 | ((r & 0x01f80000) >> 13) | ((r & 0x001f8000) >> 15);
576
577 r48r = ((r & 0x0001f800) << 7)
578 | ((r & 0x00001f80) << 5)
579 | ((r & 0x000001f8) << 3)
580 | ((r & 0x0000001f) << 1) | ((r & 0x80000000) >> 31);
581 /*
582 * Do salting for crypt() and friends, and
583 * XOR with the permuted key.
584 */
585 f = (r48l ^ r48r) & saltbits;
586 r48l ^= f ^ *kl++;
587 r48r ^= f ^ *kr++;
588 /*
589 * Do sbox lookups (which shrink it back to 32 bits)
590 * and do the pbox permutation at the same time.
591 */
592 f = psbox[0][m_sbox[0][r48l >> 12]]
593 | psbox[1][m_sbox[1][r48l & 0xfff]]
594 | psbox[2][m_sbox[2][r48r >> 12]]
595 | psbox[3][m_sbox[3][r48r & 0xfff]];
596 /*
597 * Now that we've permuted things, complete f().
598 */
599 f ^= l;
600 l = r;
601 r = f;
602 }
603 r = l;
604 l = f;
605 }
606 /*
607 * Do final permutation (inverse of IP).
608 */
609 *l_out = fp_maskl[0][l >> 24]
610 | fp_maskl[1][(l >> 16) & 0xff]
611 | fp_maskl[2][(l >> 8) & 0xff]
612 | fp_maskl[3][l & 0xff]
613 | fp_maskl[4][r >> 24]
614 | fp_maskl[5][(r >> 16) & 0xff]
615 | fp_maskl[6][(r >> 8) & 0xff] | fp_maskl[7][r & 0xff];
616 *r_out = fp_maskr[0][l >> 24]
617 | fp_maskr[1][(l >> 16) & 0xff]
618 | fp_maskr[2][(l >> 8) & 0xff]
619 | fp_maskr[3][l & 0xff]
620 | fp_maskr[4][r >> 24]
621 | fp_maskr[5][(r >> 16) & 0xff]
622 | fp_maskr[6][(r >> 8) & 0xff] | fp_maskr[7][r & 0xff];
623 return (0);
624 }
625
626
627 #if 0
628 static int
629 des_cipher(const char *in, char *out, uint32_t salt, int count)
630 {
631 uint32_t l_out, r_out, rawl, rawr;
632 int retval;
633 union
634 {
635 uint32_t *ui32;
636 const char *c;
637 } trans;
638
639 des_init();
640
641 setup_salt(salt);
642
643 trans.c = in;
644 rawl = ntohl(*trans.ui32++);
645 rawr = ntohl(*trans.ui32);
646
647 retval = do_des(rawl, rawr, &l_out, &r_out, count);
648
649 trans.c = out;
650 *trans.ui32++ = htonl(l_out);
651 *trans.ui32 = htonl(r_out);
652 return (retval);
653 }
654 #endif
655
656 #if 0
657 void
658 setkey(const char *key)
659 {
660 int i, j;
661 uint32_t packed_keys[2];
662 uint8_t *p;
663
664 p = (uint8_t *)packed_keys;
665
666 for(i = 0; i < 8; i++)
667 {
668 p[i] = 0;
669 for(j = 0; j < 8; j++)
670 if(*key++ & 1)
671 p[i] |= bits8[j];
672 }
673 des_setkey((char *)p);
674 }
675
676
677 void
678 encrypt(char *block, int flag)
679 {
680 uint32_t io[2];
681 uint8_t *p;
682 int i, j;
683
684 des_init();
685
686 setup_salt(0L);
687 p = (uint8_t *)block;
688 for(i = 0; i < 2; i++)
689 {
690 io[i] = 0L;
691 for(j = 0; j < 32; j++)
692 if(*p++ & 1)
693 io[i] |= bits32[j];
694 }
695 do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
696 for(i = 0; i < 2; i++)
697 for(j = 0; j < 32; j++)
698 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
699 }
700 #endif
701
702 static char *
703 __des_crypt(const char *key, const char *setting)
704 {
705 uint32_t count, salt, l, r0, r1, keybuf[2];
706 uint8_t *p, *q;
707 static char output[21];
708
709 des_init();
710
711 /*
712 * Copy the key, shifting each character up by one bit
713 * and padding with zeros.
714 */
715 q = (uint8_t *)keybuf;
716 while(q - (uint8_t *)keybuf - 8)
717 {
718 *q++ = *key << 1;
719 if(*(q - 1))
720 key++;
721 }
722 if(des_setkey((char *)keybuf))
723 return (NULL);
724
725 #if 0
726 if(*setting == _PASSWORD_EFMT1)
727 {
728 int i;
729 /*
730 * "new"-style:
731 * setting - underscore, 4 bytes of count, 4 bytes of salt
732 * key - unlimited characters
733 */
734 for(i = 1, count = 0L; i < 5; i++)
735 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
736
737 for(i = 5, salt = 0L; i < 9; i++)
738 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
739
740 while(*key)
741 {
742 /*
743 * Encrypt the key with itself.
744 */
745 if(des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
746 return (NULL);
747 /*
748 * And XOR with the next 8 characters of the key.
749 */
750 q = (uint8_t *)keybuf;
751 while(q - (uint8_t *)keybuf - 8 && *key)
752 *q++ ^= *key++ << 1;
753
754 if(des_setkey((char *)keybuf))
755 return (NULL);
756 }
757 strncpy(output, setting, 9);
758
759 /*
760 * Double check that we weren't given a short setting.
761 * If we were, the above code will probably have created
762 * wierd values for count and salt, but we don't really care.
763 * Just make sure the output string doesn't have an extra
764 * NUL in it.
765 */
766 output[9] = '\0';
767 p = (uint8_t *)output + strlen(output);
768 }
769 else
770 #endif
771 {
772 /*
773 * "old"-style:
774 * setting - 2 bytes of salt
775 * key - up to 8 characters
776 */
777 count = 25;
778
779 salt = (ascii_to_bin(setting[1]) << 6) | ascii_to_bin(setting[0]);
780
781 output[0] = setting[0];
782 /*
783 * If the encrypted password that the salt was extracted from
784 * is only 1 character long, the salt will be corrupted. We
785 * need to ensure that the output string doesn't have an extra
786 * NUL in it!
787 */
788 output[1] = setting[1] ? setting[1] : output[0];
789
790 p = (uint8_t *)output + 2;
791 }
792 setup_salt(salt);
793 /*
794 * Do it.
795 */
796 if(do_des(0L, 0L, &r0, &r1, (int)count))
797 return (NULL);
798 /*
799 * Now encode the result...
800 */
801 l = (r0 >> 8);
802 *p++ = ascii64[(l >> 18) & 0x3f];
803 *p++ = ascii64[(l >> 12) & 0x3f];
804 *p++ = ascii64[(l >> 6) & 0x3f];
805 *p++ = ascii64[l & 0x3f];
806
807 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
808 *p++ = ascii64[(l >> 18) & 0x3f];
809 *p++ = ascii64[(l >> 12) & 0x3f];
810 *p++ = ascii64[(l >> 6) & 0x3f];
811 *p++ = ascii64[l & 0x3f];
812
813 l = r1 << 2;
814 *p++ = ascii64[(l >> 12) & 0x3f];
815 *p++ = ascii64[(l >> 6) & 0x3f];
816 *p++ = ascii64[l & 0x3f];
817 *p = 0;
818
819 return (output);
820 }
821
822 /* Now md5 crypt */
823
824 /*
825 * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
826 *
827 * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
828 * rights reserved.
829 *
830 * License to copy and use this software is granted provided that it
831 * is identified as the "RSA Data Security, Inc. MD5 Message-Digest
832 * Algorithm" in all material mentioning or referencing this software
833 * or this function.
834 *
835 * License is also granted to make and use derivative works provided
836 * that such works are identified as "derived from the RSA Data
837 * Security, Inc. MD5 Message-Digest Algorithm" in all material
838 * mentioning or referencing the derived work.
839 *
840 * RSA Data Security, Inc. makes no representations concerning either
841 * the merchantability of this software or the suitability of this
842 * software for any particular purpose. It is provided "as is"
843 * without express or implied warranty of any kind.
844 *
845 * These notices must be retained in any copies of any part of this
846 * documentation and/or software.
847 *
848 * $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $
849 *
850 * This code is the same as the code published by RSA Inc. It has been
851 * edited for clarity and style only.
852 *
853 * ----------------------------------------------------------------------------
854 * The md5_crypt() function was taken from freeBSD's libcrypt and contains
855 * this license:
856 * "THE BEER-WARE LICENSE" (Revision 42):
857 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
858 * can do whatever you want with this stuff. If we meet some day, and you think
859 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
860 *
861 * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $
862 *
863 * ----------------------------------------------------------------------------
864 * On April 19th, 2001 md5_crypt() was modified to make it reentrant
865 * by Erik Andersen <andersen@uclibc.org>
866 *
867 *
868 * June 28, 2001 Manuel Novoa III
869 *
870 * "Un-inlined" code using loops and static const tables in order to
871 * reduce generated code size (on i386 from approx 4k to approx 2.5k).
872 *
873 * June 29, 2001 Manuel Novoa III
874 *
875 * Completely removed static PADDING array.
876 *
877 * Reintroduced the loop unrolling in MD5_Transform and added the
878 * MD5_SIZE_OVER_SPEED option for configurability. Define below as:
879 * 0 fully unrolled loops
880 * 1 partially unrolled (4 ops per loop)
881 * 2 no unrolling -- introduces the need to swap 4 variables (slow)
882 * 3 no unrolling and all 4 loops merged into one with switch
883 * in each loop (glacial)
884 * On i386, sizes are roughly (-Os -fno-builtin):
885 * 0: 3k 1: 2.5k 2: 2.2k 3: 2k
886 *
887 *
888 * Since SuSv3 does not require crypt_r, modified again August 7, 2002
889 * by Erik Andersen to remove reentrance stuff...
890 */
891
892 /*
893 * Valid values are 1 (fastest/largest) to 3 (smallest/slowest).
894 */
895 #define MD5_SIZE_OVER_SPEED 1
896
897 /**********************************************************************/
898
899 /* MD5 context. */
900 struct MD5Context
901 {
902 uint32_t state[4]; /* state (ABCD) */
903 uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */
904 unsigned char buffer[64]; /* input buffer */
905 };
906
907 static void __md5_Init(struct MD5Context *);
908 static void __md5_Update(struct MD5Context *, const char *, unsigned int);
909 static void __md5_Pad(struct MD5Context *);
910 static void __md5_Final(char[16], struct MD5Context *);
911 static void __md5_Transform(uint32_t[4], const unsigned char[64]);
912
913
914 static const char __md5__magic[] = "$1$"; /* This string is magic for this algorithm. Having
915 it this way, we can get better later on */
916 static const unsigned char __md5_itoa64[] = /* 0 ... 63 => ascii - 64 */
917 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
918
919
920
921 #ifdef i386
922 #define __md5_Encode memcpy
923 #define __md5_Decode memcpy
924 #else /* i386 */
925
926 /*
927 * __md5_Encodes input (uint32_t) into output (unsigned char). Assumes len is
928 * a multiple of 4.
929 */
930
931 static void
932 __md5_Encode(unsigned char *output, uint32_t *input, unsigned int len)
933 {
934 unsigned int i, j;
935
936 for(i = 0, j = 0; j < len; i++, j += 4)
937 {
938 output[j] = (unsigned char)(input[i] & 0xff);
939 output[j + 1] = (unsigned char)((input[i] >> 8) & 0xff);
940 output[j + 2] = (unsigned char)((input[i] >> 16) & 0xff);
941 output[j + 3] = (unsigned char)((input[i] >> 24) & 0xff);
942 }
943 }
944
945 /*
946 * __md5_Decodes input (unsigned char) into output (uint32_t). Assumes len is
947 * a multiple of 4.
948 */
949
950 static void
951 __md5_Decode(uint32_t *output, const unsigned char *input, unsigned int len)
952 {
953 unsigned int i, j;
954
955 for(i = 0, j = 0; j < len; i++, j += 4)
956 output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j + 1]) << 8) |
957 (((uint32_t)input[j + 2]) << 16) | (((uint32_t)input[j + 3]) << 24);
958 }
959 #endif /* i386 */
960
961 /* F, G, H and I are basic MD5 functions. */
962 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
963 #define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
964 #define H(x, y, z) ((x) ^ (y) ^ (z))
965 #define I(x, y, z) ((y) ^ ((x) | (~z)))
966
967 /* ROTATE_LEFT rotates x left n bits. */
968 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
969
970 /*
971 * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
972 * Rotation is separate from addition to prevent recomputation.
973 */
974 #define FF(a, b, c, d, x, s, ac) { \
975 (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
976 (a) = ROTATE_LEFT ((a), (s)); \
977 (a) += (b); \
978 }
979 #define GG(a, b, c, d, x, s, ac) { \
980 (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
981 (a) = ROTATE_LEFT ((a), (s)); \
982 (a) += (b); \
983 }
984 #define HH(a, b, c, d, x, s, ac) { \
985 (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
986 (a) = ROTATE_LEFT ((a), (s)); \
987 (a) += (b); \
988 }
989 #define II(a, b, c, d, x, s, ac) { \
990 (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
991 (a) = ROTATE_LEFT ((a), (s)); \
992 (a) += (b); \
993 }
994
995 /* MD5 initialization. Begins an MD5 operation, writing a new context. */
996
997 static void
998 __md5_Init(struct MD5Context *context)
999 {
1000 context->count[0] = context->count[1] = 0;
1001
1002 /* Load magic initialization constants. */
1003 context->state[0] = 0x67452301;
1004 context->state[1] = 0xefcdab89;
1005 context->state[2] = 0x98badcfe;
1006 context->state[3] = 0x10325476;
1007 }
1008
1009 /*
1010 * MD5 block update operation. Continues an MD5 message-digest
1011 * operation, processing another message block, and updating the
1012 * context.
1013 */
1014
1015 static void
1016 __md5_Update(struct MD5Context *context, const char *xinput, unsigned int inputLen)
1017 {
1018 unsigned int i, lindex, partLen;
1019 const unsigned char *input = (const unsigned char *)xinput; /* i hate gcc */
1020 /* Compute number of bytes mod 64 */
1021 lindex = (unsigned int)((context->count[0] >> 3) & 0x3F);
1022
1023 /* Update number of bits */
1024 if((context->count[0] += ((uint32_t)inputLen << 3)) < ((uint32_t)inputLen << 3))
1025 context->count[1]++;
1026 context->count[1] += ((uint32_t)inputLen >> 29);
1027
1028 partLen = 64 - lindex;
1029
1030 /* Transform as many times as possible. */
1031 if(inputLen >= partLen)
1032 {
1033 memcpy(&context->buffer[lindex], input, partLen);
1034 __md5_Transform(context->state, context->buffer);
1035
1036 for(i = partLen; i + 63 < inputLen; i += 64)
1037 __md5_Transform(context->state, &input[i]);
1038
1039 lindex = 0;
1040 }
1041 else
1042 i = 0;
1043
1044 /* Buffer remaining input */
1045 memcpy(&context->buffer[lindex], &input[i], inputLen - i);
1046 }
1047
1048 /*
1049 * MD5 padding. Adds padding followed by original length.
1050 */
1051
1052 static void
1053 __md5_Pad(struct MD5Context *context)
1054 {
1055 char bits[8];
1056 unsigned int lindex, padLen;
1057 char PADDING[64];
1058
1059 memset(PADDING, 0, sizeof(PADDING));
1060 PADDING[0] = 0x80;
1061
1062 /* Save number of bits */
1063 __md5_Encode(bits, context->count, 8);
1064
1065 /* Pad out to 56 mod 64. */
1066 lindex = (unsigned int)((context->count[0] >> 3) & 0x3f);
1067 padLen = (lindex < 56) ? (56 - lindex) : (120 - lindex);
1068 __md5_Update(context, PADDING, padLen);
1069
1070 /* Append length (before padding) */
1071 __md5_Update(context, bits, 8);
1072 }
1073
1074 /*
1075 * MD5 finalization. Ends an MD5 message-digest operation, writing the
1076 * the message digest and zeroizing the context.
1077 */
1078
1079 static void
1080 __md5_Final(char xdigest[16], struct MD5Context *context)
1081 {
1082 unsigned char *digest = (unsigned char *)xdigest;
1083 /* Do padding. */
1084 __md5_Pad(context);
1085
1086 /* Store state in digest */
1087 __md5_Encode(digest, context->state, 16);
1088
1089 /* Zeroize sensitive information. */
1090 memset(context, 0, sizeof(*context));
1091 }
1092
1093 /* MD5 basic transformation. Transforms state based on block. */
1094
1095 static void
1096 __md5_Transform(state, block)
1097 uint32_t state[4];
1098 const unsigned char block[64];
1099 {
1100 uint32_t a, b, c, d, x[16];
1101
1102 #if MD5_SIZE_OVER_SPEED > 1
1103 uint32_t temp;
1104 const char *ps;
1105
1106 static const char S[] = {
1107 7, 12, 17, 22,
1108 5, 9, 14, 20,
1109 4, 11, 16, 23,
1110 6, 10, 15, 21
1111 };
1112 #endif /* MD5_SIZE_OVER_SPEED > 1 */
1113
1114 #if MD5_SIZE_OVER_SPEED > 0
1115 const uint32_t *pc;
1116 const char *pp;
1117 int i;
1118
1119 static const uint32_t C[] = {
1120 /* round 1 */
1121 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
1122 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
1123 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
1124 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
1125 /* round 2 */
1126 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
1127 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
1128 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
1129 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
1130 /* round 3 */
1131 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
1132 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
1133 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
1134 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
1135 /* round 4 */
1136 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
1137 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
1138 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
1139 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
1140 };
1141
1142 static const char P[] = {
1143 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */
1144 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */
1145 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */
1146 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */
1147 };
1148
1149 #endif /* MD5_SIZE_OVER_SPEED > 0 */
1150
1151 __md5_Decode(x, block, 64);
1152
1153 a = state[0];
1154 b = state[1];
1155 c = state[2];
1156 d = state[3];
1157
1158 #if MD5_SIZE_OVER_SPEED > 2
1159 pc = C;
1160 pp = P;
1161 ps = S - 4;
1162
1163 for(i = 0; i < 64; i++)
1164 {
1165 if((i & 0x0f) == 0)
1166 ps += 4;
1167 temp = a;
1168 switch (i >> 4)
1169 {
1170 case 0:
1171 temp += F(b, c, d);
1172 break;
1173 case 1:
1174 temp += G(b, c, d);
1175 break;
1176 case 2:
1177 temp += H(b, c, d);
1178 break;
1179 case 3:
1180 temp += I(b, c, d);
1181 break;
1182 }
1183 temp += x[(int)(*pp++)] + *pc++;
1184 temp = ROTATE_LEFT(temp, ps[i & 3]);
1185 temp += b;
1186 a = d;
1187 d = c;
1188 c = b;
1189 b = temp;
1190 }
1191 #elif MD5_SIZE_OVER_SPEED > 1
1192 pc = C;
1193 pp = P;
1194 ps = S;
1195
1196 /* Round 1 */
1197 for(i = 0; i < 16; i++)
1198 {
1199 FF(a, b, c, d, x[(int)(*pp++)], ps[i & 0x3], *pc++);
1200 temp = d;
1201 d = c;
1202 c = b;
1203 b = a;
1204 a = temp;
1205 }
1206
1207 /* Round 2 */
1208 ps += 4;
1209 for(; i < 32; i++)
1210 {
1211 GG(a, b, c, d, x[(int)(*pp++)], ps[i & 0x3], *pc++);
1212 temp = d;
1213 d = c;
1214 c = b;
1215 b = a;
1216 a = temp;
1217 }
1218 /* Round 3 */
1219 ps += 4;
1220 for(; i < 48; i++)
1221 {
1222 HH(a, b, c, d, x[(int)(*pp++)], ps[i & 0x3], *pc++);
1223 temp = d;
1224 d = c;
1225 c = b;
1226 b = a;
1227 a = temp;
1228 }
1229
1230 /* Round 4 */
1231 ps += 4;
1232 for(; i < 64; i++)
1233 {
1234 II(a, b, c, d, x[(int)(*pp++)], ps[i & 0x3], *pc++);
1235 temp = d;
1236 d = c;
1237 c = b;
1238 b = a;
1239 a = temp;
1240 }
1241 #elif MD5_SIZE_OVER_SPEED > 0
1242 pc = C;
1243 pp = P;
1244
1245 /* Round 1 */
1246 for(i = 0; i < 4; i++)
1247 {
1248 FF(a, b, c, d, x[(int)(*pp++)], 7, *pc++);
1249 FF(d, a, b, c, x[(int)(*pp++)], 12, *pc++);
1250 FF(c, d, a, b, x[(int)(*pp++)], 17, *pc++);
1251 FF(b, c, d, a, x[(int)(*pp++)], 22, *pc++);
1252 }
1253
1254 /* Round 2 */
1255 for(i = 0; i < 4; i++)
1256 {
1257 GG(a, b, c, d, x[(int)(*pp++)], 5, *pc++);
1258 GG(d, a, b, c, x[(int)(*pp++)], 9, *pc++);
1259 GG(c, d, a, b, x[(int)(*pp++)], 14, *pc++);
1260 GG(b, c, d, a, x[(int)(*pp++)], 20, *pc++);
1261 }
1262 /* Round 3 */
1263 for(i = 0; i < 4; i++)
1264 {
1265 HH(a, b, c, d, x[(int)(*pp++)], 4, *pc++);
1266 HH(d, a, b, c, x[(int)(*pp++)], 11, *pc++);
1267 HH(c, d, a, b, x[(int)(*pp++)], 16, *pc++);
1268 HH(b, c, d, a, x[(int)(*pp++)], 23, *pc++);
1269 }
1270
1271 /* Round 4 */
1272 for(i = 0; i < 4; i++)
1273 {
1274 II(a, b, c, d, x[(int)(*pp++)], 6, *pc++);
1275 II(d, a, b, c, x[(int)(*pp++)], 10, *pc++);
1276 II(c, d, a, b, x[(int)(*pp++)], 15, *pc++);
1277 II(b, c, d, a, x[(int)(*pp++)], 21, *pc++);
1278 }
1279 #else
1280 /* Round 1 */
1281 #define S11 7
1282 #define S12 12
1283 #define S13 17
1284 #define S14 22
1285 FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */
1286 FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */
1287 FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */
1288 FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */
1289 FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */
1290 FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */
1291 FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */
1292 FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */
1293 FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */
1294 FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */
1295 FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */
1296 FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */
1297 FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */
1298 FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */
1299 FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */
1300 FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */
1301
1302 /* Round 2 */
1303 #define S21 5
1304 #define S22 9
1305 #define S23 14
1306 #define S24 20
1307 GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */
1308 GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */
1309 GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */
1310 GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */
1311 GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */
1312 GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */
1313 GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */
1314 GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */
1315 GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */
1316 GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */
1317 GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */
1318 GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */
1319 GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */
1320 GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */
1321 GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */
1322 GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */
1323
1324 /* Round 3 */
1325 #define S31 4
1326 #define S32 11
1327 #define S33 16
1328 #define S34 23
1329 HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */
1330 HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */
1331 HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */
1332 HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */
1333 HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */
1334 HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */
1335 HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */
1336 HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */
1337 HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */
1338 HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */
1339 HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */
1340 HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */
1341 HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */
1342 HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */
1343 HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */
1344 HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */
1345
1346 /* Round 4 */
1347 #define S41 6
1348 #define S42 10
1349 #define S43 15
1350 #define S44 21
1351 II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */
1352 II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */
1353 II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */
1354 II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */
1355 II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */
1356 II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */
1357 II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */
1358 II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */
1359 II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */
1360 II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */
1361 II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */
1362 II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */
1363 II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */
1364 II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */
1365 II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */
1366 II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */
1367 #endif
1368
1369 state[0] += a;
1370 state[1] += b;
1371 state[2] += c;
1372 state[3] += d;
1373
1374 /* Zeroize sensitive information. */
1375 memset(x, 0, sizeof(x));
1376 }
1377
1378
1379 static void
1380 __md5_to64(char *s, unsigned long v, int n)
1381 {
1382 while(--n >= 0)
1383 {
1384 *s++ = __md5_itoa64[v & 0x3f];
1385 v >>= 6;
1386 }
1387 }
1388
1389 /*
1390 * UNIX password
1391 *
1392 * Use MD5 for what it is best at...
1393 */
1394
1395 static char *
1396 __md5_crypt(const char *pw, const char *salt)
1397 {
1398 /* Static stuff */
1399 static const char *sp, *ep;
1400 static char passwd[120], *p;
1401
1402 char final[17]; /* final[16] exists only to aid in looping */
1403 int sl, pl, i, __md5__magic_len, pw_len;
1404 struct MD5Context ctx, ctx1;
1405 unsigned long l;
1406
1407 /* Refine the Salt first */
1408 sp = salt;
1409
1410 /* If it starts with the magic string, then skip that */
1411 __md5__magic_len = strlen(__md5__magic);
1412 if(!strncmp(sp, __md5__magic, __md5__magic_len))
1413 sp += __md5__magic_len;
1414
1415 /* It stops at the first '$', max 8 chars */
1416 for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++)
1417 continue;
1418
1419 /* get the length of the true salt */
1420 sl = ep - sp;
1421
1422 __md5_Init(&ctx);
1423
1424 /* The password first, since that is what is most unknown */
1425 pw_len = strlen(pw);
1426 __md5_Update(&ctx, pw, pw_len);
1427
1428 /* Then our magic string */
1429 __md5_Update(&ctx, __md5__magic, __md5__magic_len);
1430
1431 /* Then the raw salt */
1432 __md5_Update(&ctx, sp, sl);
1433
1434 /* Then just as many characters of the MD5(pw,salt,pw) */
1435 __md5_Init(&ctx1);
1436 __md5_Update(&ctx1, pw, pw_len);
1437 __md5_Update(&ctx1, sp, sl);
1438 __md5_Update(&ctx1, pw, pw_len);
1439 __md5_Final(final, &ctx1);
1440 for(pl = pw_len; pl > 0; pl -= 16)
1441 __md5_Update(&ctx, final, pl > 16 ? 16 : pl);
1442
1443 /* Don't leave anything around in vm they could use. */
1444 memset(final, 0, sizeof final);
1445
1446 /* Then something really weird... */
1447 for(i = pw_len; i; i >>= 1)
1448 {
1449 __md5_Update(&ctx, ((i & 1) ? final : pw), 1);
1450 }
1451
1452 /* Now make the output string */
1453 strcpy(passwd, __md5__magic);
1454 strncat(passwd, sp, sl);
1455 strcat(passwd, "$");
1456
1457 __md5_Final(final, &ctx);
1458
1459 /*
1460 * and now, just to make sure things don't run too fast
1461 * On a 60 Mhz Pentium this takes 34 msec, so you would
1462 * need 30 seconds to build a 1000 entry dictionary...
1463 */
1464 for(i = 0; i < 1000; i++)
1465 {
1466 __md5_Init(&ctx1);
1467 if(i & 1)
1468 __md5_Update(&ctx1, pw, pw_len);
1469 else
1470 __md5_Update(&ctx1, final, 16);
1471
1472 if(i % 3)
1473 __md5_Update(&ctx1, sp, sl);
1474
1475 if(i % 7)
1476 __md5_Update(&ctx1, pw, pw_len);
1477
1478 if(i & 1)
1479 __md5_Update(&ctx1, final, 16);
1480 else
1481 __md5_Update(&ctx1, pw, pw_len);
1482 __md5_Final(final, &ctx1);
1483 }
1484
1485 p = passwd + strlen(passwd);
1486
1487 final[16] = final[5];
1488 for(i = 0; i < 5; i++)
1489 {
1490 l = (final[i] << 16) | (final[i + 6] << 8) | final[i + 12];
1491 __md5_to64(p, l, 4);
1492 p += 4;
1493 }
1494 l = final[11];
1495 __md5_to64(p, l, 2);
1496 p += 2;
1497 *p = '\0';
1498
1499 /* Don't leave anything around in vm they could use. */
1500 memset(final, 0, sizeof final);
1501
1502 return passwd;
1503 }
1504
1505 #endif /* NEED_CRYPT */
Unnamed repository; edit this file 'description' to name the repository.