2 * crypt.c: Implements unix style crypt() for platforms that don't have it
3 * This version has both an md5 and des crypt.
4 * This was pretty much catted together from uclibc.
10 * Copyright (C) 2000 by Lineo, inc. and Erik Andersen
11 * Copyright (C) 2000,2001 by Erik Andersen <andersen@uclibc.org>
12 * Written by Erik Andersen <andersen@uclibc.org>
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU Library General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version.
19 * This program is distributed in the hope that it will be useful, but WITHOUT
20 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
21 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License
24 * You should have received a copy of the GNU Library General Public License
25 * along with this program; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 #include <libratbox_config.h>
30 #include <ratbox_lib.h>
34 extern char *crypt(const char *key
, const char *salt
);
37 rb_crypt(const char *key
, const char *salt
)
39 return(crypt(key
, salt
));
43 static char * __md5_crypt( const char *pw
, const char *salt
);
44 static char * __des_crypt( const char *pw
, const char *salt
);
47 rb_crypt(const char *key
, const char *salt
)
49 /* First, check if we are supposed to be using the MD5 replacement
50 * instead of DES... */
51 if (salt
[0]=='$' && salt
[1]=='1' && salt
[2]=='$')
52 return __md5_crypt(key
, salt
);
54 return __des_crypt(key
, salt
);
57 /* Here is the des crypt() stuff */
60 * FreeSec: libcrypt for NetBSD
62 * Copyright (c) 1994 David Burren
63 * All rights reserved.
65 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
66 * this file should now *only* export crypt(), in order to make
67 * binaries of libcrypt exportable from the USA
69 * Adapted for FreeBSD-4.0 by Mark R V Murray
70 * this file should now *only* export crypt_des(), in order to make
71 * a module that can be optionally included in libcrypt.
73 * Redistribution and use in source and binary forms, with or without
74 * modification, are permitted provided that the following conditions
76 * 1. Redistributions of source code must retain the above copyright
77 * notice, this list of conditions and the following disclaimer.
78 * 2. Redistributions in binary form must reproduce the above copyright
79 * notice, this list of conditions and the following disclaimer in the
80 * documentation and/or other materials provided with the distribution.
81 * 3. Neither the name of the author nor the names of other contributors
82 * may be used to endorse or promote products derived from this software
83 * without specific prior written permission.
85 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
86 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
87 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
88 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
89 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
90 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
91 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
92 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
93 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
94 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
97 * This is an original implementation of the DES and the crypt(3) interfaces
98 * by David Burren <davidb@werj.com.au>.
100 * An excellent reference on the underlying algorithm (and related
103 * B. Schneier, Applied Cryptography: protocols, algorithms,
104 * and source code in C, John Wiley & Sons, 1994.
106 * Note that in that book's description of DES the lookups for the initial,
107 * pbox, and final permutations are inverted (this has been brought to the
108 * attention of the author). A list of errata for this book has been
109 * posted to the sci.crypt newsgroup by the author and is available for FTP.
111 * ARCHITECTURE ASSUMPTIONS:
112 * It is assumed that the 8-byte arrays passed by reference can be
113 * addressed as arrays of rb_uint32_t's (ie. the CPU is not picky about
118 /* Re-entrantify me -- all this junk needs to be in
119 * struct crypt_data to make this really reentrant... */
120 static u_char inv_key_perm
[64];
121 static u_char inv_comp_perm
[56];
122 static u_char u_sbox
[8][64];
123 static u_char un_pbox
[32];
124 static rb_uint32_t en_keysl
[16], en_keysr
[16];
125 static rb_uint32_t de_keysl
[16], de_keysr
[16];
126 static rb_uint32_t ip_maskl
[8][256], ip_maskr
[8][256];
127 static rb_uint32_t fp_maskl
[8][256], fp_maskr
[8][256];
128 static rb_uint32_t key_perm_maskl
[8][128], key_perm_maskr
[8][128];
129 static rb_uint32_t comp_maskl
[8][128], comp_maskr
[8][128];
130 static rb_uint32_t saltbits
;
131 static rb_uint32_t old_salt
;
132 static rb_uint32_t old_rawkey0
, old_rawkey1
;
135 /* Static stuff that stays resident and doesn't change after
136 * being initialized, and therefore doesn't need to be made
138 static u_char init_perm
[64], final_perm
[64];
139 static u_char m_sbox
[4][4096];
140 static rb_uint32_t psbox
[4][256];
146 static const u_char ascii64
[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
148 static const u_char IP
[64] = {
149 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
150 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
151 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
152 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
155 static const u_char key_perm
[56] = {
156 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
157 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
158 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
159 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
162 static const u_char key_shifts
[16] = {
163 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
166 static const u_char comp_perm
[48] = {
167 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
168 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
169 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
170 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
174 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
177 static const u_char sbox
[8][64] = {
179 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
180 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
181 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
182 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
185 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
186 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
187 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
188 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
191 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
192 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
193 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
194 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
197 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
198 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
199 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
200 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
203 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
204 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
205 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
206 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
209 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
210 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
211 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
212 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
215 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
216 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
217 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
218 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
221 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
222 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
223 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
224 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
228 static const u_char pbox
[32] = {
229 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
230 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
233 static const rb_uint32_t bits32
[32] =
235 0x80000000, 0x40000000, 0x20000000, 0x10000000,
236 0x08000000, 0x04000000, 0x02000000, 0x01000000,
237 0x00800000, 0x00400000, 0x00200000, 0x00100000,
238 0x00080000, 0x00040000, 0x00020000, 0x00010000,
239 0x00008000, 0x00004000, 0x00002000, 0x00001000,
240 0x00000800, 0x00000400, 0x00000200, 0x00000100,
241 0x00000080, 0x00000040, 0x00000020, 0x00000010,
242 0x00000008, 0x00000004, 0x00000002, 0x00000001
245 static const u_char bits8
[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
246 static const rb_uint32_t
*bits28
, *bits24
;
250 ascii_to_bin(char ch
)
255 return(ch
- 'a' + 38);
259 return(ch
- 'A' + 12);
270 int i
, j
, b
, k
, inbit
, obit
;
271 rb_uint32_t
*p
, *il
, *ir
, *fl
, *fr
;
272 static int des_initialised
= 0;
274 if (des_initialised
==1)
277 old_rawkey0
= old_rawkey1
= 0L;
280 bits24
= (bits28
= bits32
+ 4) + 4;
283 * Invert the S-boxes, reordering the input bits.
285 for (i
= 0; i
< 8; i
++)
286 for (j
= 0; j
< 64; j
++) {
287 b
= (j
& 0x20) | ((j
& 1) << 4) | ((j
>> 1) & 0xf);
288 u_sbox
[i
][j
] = sbox
[i
][b
];
292 * Convert the inverted S-boxes into 4 arrays of 8 bits.
293 * Each will handle 12 bits of the S-box input.
295 for (b
= 0; b
< 4; b
++)
296 for (i
= 0; i
< 64; i
++)
297 for (j
= 0; j
< 64; j
++)
298 m_sbox
[b
][(i
<< 6) | j
] =
299 (u_char
)((u_sbox
[(b
<< 1)][i
] << 4) |
300 u_sbox
[(b
<< 1) + 1][j
]);
303 * Set up the initial & final permutations into a useful form, and
304 * initialise the inverted key permutation.
306 for (i
= 0; i
< 64; i
++) {
307 init_perm
[final_perm
[i
] = IP
[i
] - 1] = (u_char
)i
;
308 inv_key_perm
[i
] = 255;
312 * Invert the key permutation and initialise the inverted key
313 * compression permutation.
315 for (i
= 0; i
< 56; i
++) {
316 inv_key_perm
[key_perm
[i
] - 1] = (u_char
)i
;
317 inv_comp_perm
[i
] = 255;
321 * Invert the key compression permutation.
323 for (i
= 0; i
< 48; i
++) {
324 inv_comp_perm
[comp_perm
[i
] - 1] = (u_char
)i
;
328 * Set up the OR-mask arrays for the initial and final permutations,
329 * and for the key initial and compression permutations.
331 for (k
= 0; k
< 8; k
++) {
332 for (i
= 0; i
< 256; i
++) {
333 *(il
= &ip_maskl
[k
][i
]) = 0L;
334 *(ir
= &ip_maskr
[k
][i
]) = 0L;
335 *(fl
= &fp_maskl
[k
][i
]) = 0L;
336 *(fr
= &fp_maskr
[k
][i
]) = 0L;
337 for (j
= 0; j
< 8; j
++) {
340 if ((obit
= init_perm
[inbit
]) < 32)
343 *ir
|= bits32
[obit
-32];
344 if ((obit
= final_perm
[inbit
]) < 32)
347 *fr
|= bits32
[obit
- 32];
351 for (i
= 0; i
< 128; i
++) {
352 *(il
= &key_perm_maskl
[k
][i
]) = 0L;
353 *(ir
= &key_perm_maskr
[k
][i
]) = 0L;
354 for (j
= 0; j
< 7; j
++) {
356 if (i
& bits8
[j
+ 1]) {
357 if ((obit
= inv_key_perm
[inbit
]) == 255)
362 *ir
|= bits28
[obit
- 28];
365 *(il
= &comp_maskl
[k
][i
]) = 0L;
366 *(ir
= &comp_maskr
[k
][i
]) = 0L;
367 for (j
= 0; j
< 7; j
++) {
369 if (i
& bits8
[j
+ 1]) {
370 if ((obit
=inv_comp_perm
[inbit
]) == 255)
375 *ir
|= bits24
[obit
- 24];
382 * Invert the P-box permutation, and convert into OR-masks for
383 * handling the output of the S-box arrays setup above.
385 for (i
= 0; i
< 32; i
++)
386 un_pbox
[pbox
[i
] - 1] = (u_char
)i
;
388 for (b
= 0; b
< 4; b
++)
389 for (i
= 0; i
< 256; i
++) {
390 *(p
= &psbox
[b
][i
]) = 0L;
391 for (j
= 0; j
< 8; j
++) {
393 *p
|= bits32
[un_pbox
[8 * b
+ j
]];
402 setup_salt(long salt
)
404 rb_uint32_t obit
, saltbit
;
407 if (salt
== (long)old_salt
)
414 for (i
= 0; i
< 24; i
++) {
424 des_setkey(const char *key
)
426 rb_uint32_t k0
, k1
, rawkey0
, rawkey1
;
431 rawkey0
= ntohl(*(const rb_uint32_t
*) key
);
432 rawkey1
= ntohl(*(const rb_uint32_t
*) (key
+ 4));
434 if ((rawkey0
| rawkey1
)
435 && rawkey0
== old_rawkey0
436 && rawkey1
== old_rawkey1
) {
438 * Already setup for this key.
439 * This optimisation fails on a zero key (which is weak and
440 * has bad parity anyway) in order to simplify the starting
445 old_rawkey0
= rawkey0
;
446 old_rawkey1
= rawkey1
;
449 * Do key permutation and split into two 28-bit subkeys.
451 k0
= key_perm_maskl
[0][rawkey0
>> 25]
452 | key_perm_maskl
[1][(rawkey0
>> 17) & 0x7f]
453 | key_perm_maskl
[2][(rawkey0
>> 9) & 0x7f]
454 | key_perm_maskl
[3][(rawkey0
>> 1) & 0x7f]
455 | key_perm_maskl
[4][rawkey1
>> 25]
456 | key_perm_maskl
[5][(rawkey1
>> 17) & 0x7f]
457 | key_perm_maskl
[6][(rawkey1
>> 9) & 0x7f]
458 | key_perm_maskl
[7][(rawkey1
>> 1) & 0x7f];
459 k1
= key_perm_maskr
[0][rawkey0
>> 25]
460 | key_perm_maskr
[1][(rawkey0
>> 17) & 0x7f]
461 | key_perm_maskr
[2][(rawkey0
>> 9) & 0x7f]
462 | key_perm_maskr
[3][(rawkey0
>> 1) & 0x7f]
463 | key_perm_maskr
[4][rawkey1
>> 25]
464 | key_perm_maskr
[5][(rawkey1
>> 17) & 0x7f]
465 | key_perm_maskr
[6][(rawkey1
>> 9) & 0x7f]
466 | key_perm_maskr
[7][(rawkey1
>> 1) & 0x7f];
468 * Rotate subkeys and do compression permutation.
471 for (round
= 0; round
< 16; round
++) {
474 shifts
+= key_shifts
[round
];
476 t0
= (k0
<< shifts
) | (k0
>> (28 - shifts
));
477 t1
= (k1
<< shifts
) | (k1
>> (28 - shifts
));
479 de_keysl
[15 - round
] =
480 en_keysl
[round
] = comp_maskl
[0][(t0
>> 21) & 0x7f]
481 | comp_maskl
[1][(t0
>> 14) & 0x7f]
482 | comp_maskl
[2][(t0
>> 7) & 0x7f]
483 | comp_maskl
[3][t0
& 0x7f]
484 | comp_maskl
[4][(t1
>> 21) & 0x7f]
485 | comp_maskl
[5][(t1
>> 14) & 0x7f]
486 | comp_maskl
[6][(t1
>> 7) & 0x7f]
487 | comp_maskl
[7][t1
& 0x7f];
489 de_keysr
[15 - round
] =
490 en_keysr
[round
] = comp_maskr
[0][(t0
>> 21) & 0x7f]
491 | comp_maskr
[1][(t0
>> 14) & 0x7f]
492 | comp_maskr
[2][(t0
>> 7) & 0x7f]
493 | comp_maskr
[3][t0
& 0x7f]
494 | comp_maskr
[4][(t1
>> 21) & 0x7f]
495 | comp_maskr
[5][(t1
>> 14) & 0x7f]
496 | comp_maskr
[6][(t1
>> 7) & 0x7f]
497 | comp_maskr
[7][t1
& 0x7f];
504 do_des( rb_uint32_t l_in
, rb_uint32_t r_in
, rb_uint32_t
*l_out
, rb_uint32_t
*r_out
, int count
)
507 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
509 rb_uint32_t l
, r
, *kl
, *kr
, *kl1
, *kr1
;
510 rb_uint32_t f
, r48l
, r48r
;
515 } else if (count
> 0) {
531 * Do initial permutation (IP).
533 l
= ip_maskl
[0][l_in
>> 24]
534 | ip_maskl
[1][(l_in
>> 16) & 0xff]
535 | ip_maskl
[2][(l_in
>> 8) & 0xff]
536 | ip_maskl
[3][l_in
& 0xff]
537 | ip_maskl
[4][r_in
>> 24]
538 | ip_maskl
[5][(r_in
>> 16) & 0xff]
539 | ip_maskl
[6][(r_in
>> 8) & 0xff]
540 | ip_maskl
[7][r_in
& 0xff];
541 r
= ip_maskr
[0][l_in
>> 24]
542 | ip_maskr
[1][(l_in
>> 16) & 0xff]
543 | ip_maskr
[2][(l_in
>> 8) & 0xff]
544 | ip_maskr
[3][l_in
& 0xff]
545 | ip_maskr
[4][r_in
>> 24]
546 | ip_maskr
[5][(r_in
>> 16) & 0xff]
547 | ip_maskr
[6][(r_in
>> 8) & 0xff]
548 | ip_maskr
[7][r_in
& 0xff];
559 * Expand R to 48 bits (simulate the E-box).
561 r48l
= ((r
& 0x00000001) << 23)
562 | ((r
& 0xf8000000) >> 9)
563 | ((r
& 0x1f800000) >> 11)
564 | ((r
& 0x01f80000) >> 13)
565 | ((r
& 0x001f8000) >> 15);
567 r48r
= ((r
& 0x0001f800) << 7)
568 | ((r
& 0x00001f80) << 5)
569 | ((r
& 0x000001f8) << 3)
570 | ((r
& 0x0000001f) << 1)
571 | ((r
& 0x80000000) >> 31);
573 * Do salting for crypt() and friends, and
574 * XOR with the permuted key.
576 f
= (r48l
^ r48r
) & saltbits
;
580 * Do sbox lookups (which shrink it back to 32 bits)
581 * and do the pbox permutation at the same time.
583 f
= psbox
[0][m_sbox
[0][r48l
>> 12]]
584 | psbox
[1][m_sbox
[1][r48l
& 0xfff]]
585 | psbox
[2][m_sbox
[2][r48r
>> 12]]
586 | psbox
[3][m_sbox
[3][r48r
& 0xfff]];
588 * Now that we've permuted things, complete f().
598 * Do final permutation (inverse of IP).
600 *l_out
= fp_maskl
[0][l
>> 24]
601 | fp_maskl
[1][(l
>> 16) & 0xff]
602 | fp_maskl
[2][(l
>> 8) & 0xff]
603 | fp_maskl
[3][l
& 0xff]
604 | fp_maskl
[4][r
>> 24]
605 | fp_maskl
[5][(r
>> 16) & 0xff]
606 | fp_maskl
[6][(r
>> 8) & 0xff]
607 | fp_maskl
[7][r
& 0xff];
608 *r_out
= fp_maskr
[0][l
>> 24]
609 | fp_maskr
[1][(l
>> 16) & 0xff]
610 | fp_maskr
[2][(l
>> 8) & 0xff]
611 | fp_maskr
[3][l
& 0xff]
612 | fp_maskr
[4][r
>> 24]
613 | fp_maskr
[5][(r
>> 16) & 0xff]
614 | fp_maskr
[6][(r
>> 8) & 0xff]
615 | fp_maskr
[7][r
& 0xff];
622 des_cipher(const char *in
, char *out
, rb_uint32_t salt
, int count
)
624 rb_uint32_t l_out
, r_out
, rawl
, rawr
;
636 rawl
= ntohl(*trans
.ui32
++);
637 rawr
= ntohl(*trans
.ui32
);
639 retval
= do_des(rawl
, rawr
, &l_out
, &r_out
, count
);
642 *trans
.ui32
++ = htonl(l_out
);
643 *trans
.ui32
= htonl(r_out
);
650 setkey(const char *key
)
653 rb_uint32_t packed_keys
[2];
656 p
= (u_char
*) packed_keys
;
658 for (i
= 0; i
< 8; i
++) {
660 for (j
= 0; j
< 8; j
++)
664 des_setkey((char *)p
);
669 encrypt(char *block
, int flag
)
679 for (i
= 0; i
< 2; i
++) {
681 for (j
= 0; j
< 32; j
++)
685 do_des(io
[0], io
[1], io
, io
+ 1, flag
? -1 : 1);
686 for (i
= 0; i
< 2; i
++)
687 for (j
= 0; j
< 32; j
++)
688 block
[(i
<< 5) | j
] = (io
[i
] & bits32
[j
]) ? 1 : 0;
693 __des_crypt(const char *key
, const char *setting
)
695 rb_uint32_t count
, salt
, l
, r0
, r1
, keybuf
[2];
697 static char output
[21];
702 * Copy the key, shifting each character up by one bit
703 * and padding with zeros.
705 q
= (u_char
*)keybuf
;
706 while (q
- (u_char
*)keybuf
- 8) {
711 if (des_setkey((char *)keybuf
))
715 if (*setting
== _PASSWORD_EFMT1
) {
719 * setting - underscore, 4 bytes of count, 4 bytes of salt
720 * key - unlimited characters
722 for (i
= 1, count
= 0L; i
< 5; i
++)
723 count
|= ascii_to_bin(setting
[i
]) << ((i
- 1) * 6);
725 for (i
= 5, salt
= 0L; i
< 9; i
++)
726 salt
|= ascii_to_bin(setting
[i
]) << ((i
- 5) * 6);
730 * Encrypt the key with itself.
732 if (des_cipher((char *)keybuf
, (char *)keybuf
, 0L, 1))
735 * And XOR with the next 8 characters of the key.
737 q
= (u_char
*)keybuf
;
738 while (q
- (u_char
*)keybuf
- 8 && *key
)
741 if (des_setkey((char *)keybuf
))
744 strncpy(output
, setting
, 9);
747 * Double check that we weren't given a short setting.
748 * If we were, the above code will probably have created
749 * wierd values for count and salt, but we don't really care.
750 * Just make sure the output string doesn't have an extra
754 p
= (u_char
*)output
+ strlen(output
);
760 * setting - 2 bytes of salt
761 * key - up to 8 characters
765 salt
= (ascii_to_bin(setting
[1]) << 6)
766 | ascii_to_bin(setting
[0]);
768 output
[0] = setting
[0];
770 * If the encrypted password that the salt was extracted from
771 * is only 1 character long, the salt will be corrupted. We
772 * need to ensure that the output string doesn't have an extra
775 output
[1] = setting
[1] ? setting
[1] : output
[0];
777 p
= (u_char
*)output
+ 2;
783 if (do_des(0L, 0L, &r0
, &r1
, (int)count
))
786 * Now encode the result...
789 *p
++ = ascii64
[(l
>> 18) & 0x3f];
790 *p
++ = ascii64
[(l
>> 12) & 0x3f];
791 *p
++ = ascii64
[(l
>> 6) & 0x3f];
792 *p
++ = ascii64
[l
& 0x3f];
794 l
= (r0
<< 16) | ((r1
>> 16) & 0xffff);
795 *p
++ = ascii64
[(l
>> 18) & 0x3f];
796 *p
++ = ascii64
[(l
>> 12) & 0x3f];
797 *p
++ = ascii64
[(l
>> 6) & 0x3f];
798 *p
++ = ascii64
[l
& 0x3f];
801 *p
++ = ascii64
[(l
>> 12) & 0x3f];
802 *p
++ = ascii64
[(l
>> 6) & 0x3f];
803 *p
++ = ascii64
[l
& 0x3f];
812 * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
814 * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
817 * License to copy and use this software is granted provided that it
818 * is identified as the "RSA Data Security, Inc. MD5 Message-Digest
819 * Algorithm" in all material mentioning or referencing this software
822 * License is also granted to make and use derivative works provided
823 * that such works are identified as "derived from the RSA Data
824 * Security, Inc. MD5 Message-Digest Algorithm" in all material
825 * mentioning or referencing the derived work.
827 * RSA Data Security, Inc. makes no representations concerning either
828 * the merchantability of this software or the suitability of this
829 * software for any particular purpose. It is provided "as is"
830 * without express or implied warranty of any kind.
832 * These notices must be retained in any copies of any part of this
833 * documentation and/or software.
835 * $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $
837 * This code is the same as the code published by RSA Inc. It has been
838 * edited for clarity and style only.
840 * ----------------------------------------------------------------------------
841 * The md5_crypt() function was taken from freeBSD's libcrypt and contains
843 * "THE BEER-WARE LICENSE" (Revision 42):
844 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
845 * can do whatever you want with this stuff. If we meet some day, and you think
846 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
848 * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $
850 * ----------------------------------------------------------------------------
851 * On April 19th, 2001 md5_crypt() was modified to make it reentrant
852 * by Erik Andersen <andersen@uclibc.org>
855 * June 28, 2001 Manuel Novoa III
857 * "Un-inlined" code using loops and static const tables in order to
858 * reduce generated code size (on i386 from approx 4k to approx 2.5k).
860 * June 29, 2001 Manuel Novoa III
862 * Completely removed static PADDING array.
864 * Reintroduced the loop unrolling in MD5_Transform and added the
865 * MD5_SIZE_OVER_SPEED option for configurability. Define below as:
866 * 0 fully unrolled loops
867 * 1 partially unrolled (4 ops per loop)
868 * 2 no unrolling -- introduces the need to swap 4 variables (slow)
869 * 3 no unrolling and all 4 loops merged into one with switch
870 * in each loop (glacial)
871 * On i386, sizes are roughly (-Os -fno-builtin):
872 * 0: 3k 1: 2.5k 2: 2.2k 3: 2k
875 * Since SuSv3 does not require crypt_r, modified again August 7, 2002
876 * by Erik Andersen to remove reentrance stuff...
880 * Valid values are 1 (fastest/largest) to 3 (smallest/slowest).
882 #define MD5_SIZE_OVER_SPEED 1
884 /**********************************************************************/
888 rb_uint32_t state
[4]; /* state (ABCD) */
889 rb_uint32_t count
[2]; /* number of bits, modulo 2^64 (lsb first) */
890 unsigned char buffer
[64]; /* input buffer */
893 static void __md5_Init (struct MD5Context
*);
894 static void __md5_Update (struct MD5Context
*, const char *, unsigned int);
895 static void __md5_Pad (struct MD5Context
*);
896 static void __md5_Final (char [16], struct MD5Context
*);
897 static void __md5_Transform (rb_uint32_t
[4], const unsigned char [64]);
900 static const char __md5__magic
[] = "$1$"; /* This string is magic for this algorithm. Having
901 it this way, we can get better later on */
902 static const unsigned char __md5_itoa64
[] = /* 0 ... 63 => ascii - 64 */
903 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
908 #define __md5_Encode memcpy
909 #define __md5_Decode memcpy
913 * __md5_Encodes input (rb_uint32_t) into output (unsigned char). Assumes len is
918 __md5_Encode (unsigned char *output
, rb_uint32_t
*input
, unsigned int len
)
922 for (i
= 0, j
= 0; j
< len
; i
++, j
+= 4) {
923 output
[j
] = (unsigned char)(input
[i
] & 0xff);
924 output
[j
+1] = (unsigned char)((input
[i
] >> 8) & 0xff);
925 output
[j
+2] = (unsigned char)((input
[i
] >> 16) & 0xff);
926 output
[j
+3] = (unsigned char)((input
[i
] >> 24) & 0xff);
931 * __md5_Decodes input (unsigned char) into output (rb_uint32_t). Assumes len is
936 __md5_Decode (rb_uint32_t
*output
, const unsigned char *input
, unsigned int len
)
940 for (i
= 0, j
= 0; j
< len
; i
++, j
+= 4)
941 output
[i
] = ((rb_uint32_t
)input
[j
]) | (((rb_uint32_t
)input
[j
+1]) << 8) |
942 (((rb_uint32_t
)input
[j
+2]) << 16) | (((rb_uint32_t
)input
[j
+3]) << 24);
946 /* F, G, H and I are basic MD5 functions. */
947 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
948 #define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
949 #define H(x, y, z) ((x) ^ (y) ^ (z))
950 #define I(x, y, z) ((y) ^ ((x) | (~z)))
952 /* ROTATE_LEFT rotates x left n bits. */
953 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
956 * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
957 * Rotation is separate from addition to prevent recomputation.
959 #define FF(a, b, c, d, x, s, ac) { \
960 (a) += F ((b), (c), (d)) + (x) + (rb_uint32_t)(ac); \
961 (a) = ROTATE_LEFT ((a), (s)); \
964 #define GG(a, b, c, d, x, s, ac) { \
965 (a) += G ((b), (c), (d)) + (x) + (rb_uint32_t)(ac); \
966 (a) = ROTATE_LEFT ((a), (s)); \
969 #define HH(a, b, c, d, x, s, ac) { \
970 (a) += H ((b), (c), (d)) + (x) + (rb_uint32_t)(ac); \
971 (a) = ROTATE_LEFT ((a), (s)); \
974 #define II(a, b, c, d, x, s, ac) { \
975 (a) += I ((b), (c), (d)) + (x) + (rb_uint32_t)(ac); \
976 (a) = ROTATE_LEFT ((a), (s)); \
980 /* MD5 initialization. Begins an MD5 operation, writing a new context. */
982 static void __md5_Init (struct MD5Context
*context
)
984 context
->count
[0] = context
->count
[1] = 0;
986 /* Load magic initialization constants. */
987 context
->state
[0] = 0x67452301;
988 context
->state
[1] = 0xefcdab89;
989 context
->state
[2] = 0x98badcfe;
990 context
->state
[3] = 0x10325476;
994 * MD5 block update operation. Continues an MD5 message-digest
995 * operation, processing another message block, and updating the
999 static void __md5_Update ( struct MD5Context
*context
, const char *xinput
, unsigned int inputLen
)
1001 unsigned int i
, lindex
, partLen
;
1002 const unsigned char *input
= (const unsigned char *)xinput
; /* i hate gcc */
1003 /* Compute number of bytes mod 64 */
1004 lindex
= (unsigned int)((context
->count
[0] >> 3) & 0x3F);
1006 /* Update number of bits */
1007 if ((context
->count
[0] += ((rb_uint32_t
)inputLen
<< 3))
1008 < ((rb_uint32_t
)inputLen
<< 3))
1009 context
->count
[1]++;
1010 context
->count
[1] += ((rb_uint32_t
)inputLen
>> 29);
1012 partLen
= 64 - lindex
;
1014 /* Transform as many times as possible. */
1015 if (inputLen
>= partLen
) {
1016 memcpy(&context
->buffer
[lindex
], input
,
1018 __md5_Transform (context
->state
, context
->buffer
);
1020 for (i
= partLen
; i
+ 63 < inputLen
; i
+= 64)
1021 __md5_Transform (context
->state
, &input
[i
]);
1028 /* Buffer remaining input */
1029 memcpy (&context
->buffer
[lindex
], &input
[i
],
1034 * MD5 padding. Adds padding followed by original length.
1037 static void __md5_Pad ( struct MD5Context
*context
)
1040 unsigned int lindex
, padLen
;
1043 memset(PADDING
, 0, sizeof(PADDING
));
1046 /* Save number of bits */
1047 __md5_Encode (bits
, context
->count
, 8);
1049 /* Pad out to 56 mod 64. */
1050 lindex
= (unsigned int)((context
->count
[0] >> 3) & 0x3f);
1051 padLen
= (lindex
< 56) ? (56 - lindex
) : (120 - lindex
);
1052 __md5_Update (context
, PADDING
, padLen
);
1054 /* Append length (before padding) */
1055 __md5_Update (context
, bits
, 8);
1059 * MD5 finalization. Ends an MD5 message-digest operation, writing the
1060 * the message digest and zeroizing the context.
1063 static void __md5_Final ( char xdigest
[16], struct MD5Context
*context
)
1065 unsigned char *digest
= (unsigned char *)xdigest
;
1067 __md5_Pad (context
);
1069 /* Store state in digest */
1070 __md5_Encode (digest
, context
->state
, 16);
1072 /* Zeroize sensitive information. */
1073 memset (context
, 0, sizeof (*context
));
1076 /* MD5 basic transformation. Transforms state based on block. */
1079 __md5_Transform (state
, block
)
1080 rb_uint32_t state
[4];
1081 const unsigned char block
[64];
1083 rb_uint32_t a
, b
, c
, d
, x
[16];
1085 #if MD5_SIZE_OVER_SPEED > 1
1089 static const char S
[] = {
1095 #endif /* MD5_SIZE_OVER_SPEED > 1 */
1097 #if MD5_SIZE_OVER_SPEED > 0
1098 const rb_uint32_t
*pc
;
1102 static const rb_uint32_t C
[] = {
1104 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
1105 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
1106 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
1107 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
1109 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
1110 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
1111 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
1112 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
1114 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
1115 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
1116 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
1117 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
1119 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
1120 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
1121 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
1122 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
1125 static const char P
[] = {
1126 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */
1127 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */
1128 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */
1129 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */
1132 #endif /* MD5_SIZE_OVER_SPEED > 0 */
1134 __md5_Decode (x
, block
, 64);
1136 a
= state
[0]; b
= state
[1]; c
= state
[2]; d
= state
[3];
1138 #if MD5_SIZE_OVER_SPEED > 2
1139 pc
= C
; pp
= P
; ps
= S
- 4;
1141 for ( i
= 0 ; i
< 64 ; i
++ ) {
1142 if ((i
&0x0f) == 0) ps
+= 4;
1158 temp
+= x
[(int)(*pp
++)] + *pc
++;
1159 temp
= ROTATE_LEFT(temp
, ps
[i
&3]);
1161 a
= d
; d
= c
; c
= b
; b
= temp
;
1163 #elif MD5_SIZE_OVER_SPEED > 1
1164 pc
= C
; pp
= P
; ps
= S
;
1167 for ( i
= 0 ; i
< 16 ; i
++ ) {
1168 FF (a
, b
, c
, d
, x
[(int)(*pp
++)], ps
[i
&0x3], *pc
++);
1169 temp
= d
; d
= c
; c
= b
; b
= a
; a
= temp
;
1174 for ( ; i
< 32 ; i
++ ) {
1175 GG (a
, b
, c
, d
, x
[(int)(*pp
++)], ps
[i
&0x3], *pc
++);
1176 temp
= d
; d
= c
; c
= b
; b
= a
; a
= temp
;
1180 for ( ; i
< 48 ; i
++ ) {
1181 HH (a
, b
, c
, d
, x
[(int)(*pp
++)], ps
[i
&0x3], *pc
++);
1182 temp
= d
; d
= c
; c
= b
; b
= a
; a
= temp
;
1187 for ( ; i
< 64 ; i
++ ) {
1188 II (a
, b
, c
, d
, x
[(int)(*pp
++)], ps
[i
&0x3], *pc
++);
1189 temp
= d
; d
= c
; c
= b
; b
= a
; a
= temp
;
1191 #elif MD5_SIZE_OVER_SPEED > 0
1195 for ( i
= 0 ; i
< 4 ; i
++ ) {
1196 FF (a
, b
, c
, d
, x
[(int)(*pp
++)], 7, *pc
++);
1197 FF (d
, a
, b
, c
, x
[(int)(*pp
++)], 12, *pc
++);
1198 FF (c
, d
, a
, b
, x
[(int)(*pp
++)], 17, *pc
++);
1199 FF (b
, c
, d
, a
, x
[(int)(*pp
++)], 22, *pc
++);
1203 for ( i
= 0 ; i
< 4 ; i
++ ) {
1204 GG (a
, b
, c
, d
, x
[(int)(*pp
++)], 5, *pc
++);
1205 GG (d
, a
, b
, c
, x
[(int)(*pp
++)], 9, *pc
++);
1206 GG (c
, d
, a
, b
, x
[(int)(*pp
++)], 14, *pc
++);
1207 GG (b
, c
, d
, a
, x
[(int)(*pp
++)], 20, *pc
++);
1210 for ( i
= 0 ; i
< 4 ; i
++ ) {
1211 HH (a
, b
, c
, d
, x
[(int)(*pp
++)], 4, *pc
++);
1212 HH (d
, a
, b
, c
, x
[(int)(*pp
++)], 11, *pc
++);
1213 HH (c
, d
, a
, b
, x
[(int)(*pp
++)], 16, *pc
++);
1214 HH (b
, c
, d
, a
, x
[(int)(*pp
++)], 23, *pc
++);
1218 for ( i
= 0 ; i
< 4 ; i
++ ) {
1219 II (a
, b
, c
, d
, x
[(int)(*pp
++)], 6, *pc
++);
1220 II (d
, a
, b
, c
, x
[(int)(*pp
++)], 10, *pc
++);
1221 II (c
, d
, a
, b
, x
[(int)(*pp
++)], 15, *pc
++);
1222 II (b
, c
, d
, a
, x
[(int)(*pp
++)], 21, *pc
++);
1230 FF (a
, b
, c
, d
, x
[ 0], S11
, 0xd76aa478); /* 1 */
1231 FF (d
, a
, b
, c
, x
[ 1], S12
, 0xe8c7b756); /* 2 */
1232 FF (c
, d
, a
, b
, x
[ 2], S13
, 0x242070db); /* 3 */
1233 FF (b
, c
, d
, a
, x
[ 3], S14
, 0xc1bdceee); /* 4 */
1234 FF (a
, b
, c
, d
, x
[ 4], S11
, 0xf57c0faf); /* 5 */
1235 FF (d
, a
, b
, c
, x
[ 5], S12
, 0x4787c62a); /* 6 */
1236 FF (c
, d
, a
, b
, x
[ 6], S13
, 0xa8304613); /* 7 */
1237 FF (b
, c
, d
, a
, x
[ 7], S14
, 0xfd469501); /* 8 */
1238 FF (a
, b
, c
, d
, x
[ 8], S11
, 0x698098d8); /* 9 */
1239 FF (d
, a
, b
, c
, x
[ 9], S12
, 0x8b44f7af); /* 10 */
1240 FF (c
, d
, a
, b
, x
[10], S13
, 0xffff5bb1); /* 11 */
1241 FF (b
, c
, d
, a
, x
[11], S14
, 0x895cd7be); /* 12 */
1242 FF (a
, b
, c
, d
, x
[12], S11
, 0x6b901122); /* 13 */
1243 FF (d
, a
, b
, c
, x
[13], S12
, 0xfd987193); /* 14 */
1244 FF (c
, d
, a
, b
, x
[14], S13
, 0xa679438e); /* 15 */
1245 FF (b
, c
, d
, a
, x
[15], S14
, 0x49b40821); /* 16 */
1252 GG (a
, b
, c
, d
, x
[ 1], S21
, 0xf61e2562); /* 17 */
1253 GG (d
, a
, b
, c
, x
[ 6], S22
, 0xc040b340); /* 18 */
1254 GG (c
, d
, a
, b
, x
[11], S23
, 0x265e5a51); /* 19 */
1255 GG (b
, c
, d
, a
, x
[ 0], S24
, 0xe9b6c7aa); /* 20 */
1256 GG (a
, b
, c
, d
, x
[ 5], S21
, 0xd62f105d); /* 21 */
1257 GG (d
, a
, b
, c
, x
[10], S22
, 0x2441453); /* 22 */
1258 GG (c
, d
, a
, b
, x
[15], S23
, 0xd8a1e681); /* 23 */
1259 GG (b
, c
, d
, a
, x
[ 4], S24
, 0xe7d3fbc8); /* 24 */
1260 GG (a
, b
, c
, d
, x
[ 9], S21
, 0x21e1cde6); /* 25 */
1261 GG (d
, a
, b
, c
, x
[14], S22
, 0xc33707d6); /* 26 */
1262 GG (c
, d
, a
, b
, x
[ 3], S23
, 0xf4d50d87); /* 27 */
1263 GG (b
, c
, d
, a
, x
[ 8], S24
, 0x455a14ed); /* 28 */
1264 GG (a
, b
, c
, d
, x
[13], S21
, 0xa9e3e905); /* 29 */
1265 GG (d
, a
, b
, c
, x
[ 2], S22
, 0xfcefa3f8); /* 30 */
1266 GG (c
, d
, a
, b
, x
[ 7], S23
, 0x676f02d9); /* 31 */
1267 GG (b
, c
, d
, a
, x
[12], S24
, 0x8d2a4c8a); /* 32 */
1274 HH (a
, b
, c
, d
, x
[ 5], S31
, 0xfffa3942); /* 33 */
1275 HH (d
, a
, b
, c
, x
[ 8], S32
, 0x8771f681); /* 34 */
1276 HH (c
, d
, a
, b
, x
[11], S33
, 0x6d9d6122); /* 35 */
1277 HH (b
, c
, d
, a
, x
[14], S34
, 0xfde5380c); /* 36 */
1278 HH (a
, b
, c
, d
, x
[ 1], S31
, 0xa4beea44); /* 37 */
1279 HH (d
, a
, b
, c
, x
[ 4], S32
, 0x4bdecfa9); /* 38 */
1280 HH (c
, d
, a
, b
, x
[ 7], S33
, 0xf6bb4b60); /* 39 */
1281 HH (b
, c
, d
, a
, x
[10], S34
, 0xbebfbc70); /* 40 */
1282 HH (a
, b
, c
, d
, x
[13], S31
, 0x289b7ec6); /* 41 */
1283 HH (d
, a
, b
, c
, x
[ 0], S32
, 0xeaa127fa); /* 42 */
1284 HH (c
, d
, a
, b
, x
[ 3], S33
, 0xd4ef3085); /* 43 */
1285 HH (b
, c
, d
, a
, x
[ 6], S34
, 0x4881d05); /* 44 */
1286 HH (a
, b
, c
, d
, x
[ 9], S31
, 0xd9d4d039); /* 45 */
1287 HH (d
, a
, b
, c
, x
[12], S32
, 0xe6db99e5); /* 46 */
1288 HH (c
, d
, a
, b
, x
[15], S33
, 0x1fa27cf8); /* 47 */
1289 HH (b
, c
, d
, a
, x
[ 2], S34
, 0xc4ac5665); /* 48 */
1296 II (a
, b
, c
, d
, x
[ 0], S41
, 0xf4292244); /* 49 */
1297 II (d
, a
, b
, c
, x
[ 7], S42
, 0x432aff97); /* 50 */
1298 II (c
, d
, a
, b
, x
[14], S43
, 0xab9423a7); /* 51 */
1299 II (b
, c
, d
, a
, x
[ 5], S44
, 0xfc93a039); /* 52 */
1300 II (a
, b
, c
, d
, x
[12], S41
, 0x655b59c3); /* 53 */
1301 II (d
, a
, b
, c
, x
[ 3], S42
, 0x8f0ccc92); /* 54 */
1302 II (c
, d
, a
, b
, x
[10], S43
, 0xffeff47d); /* 55 */
1303 II (b
, c
, d
, a
, x
[ 1], S44
, 0x85845dd1); /* 56 */
1304 II (a
, b
, c
, d
, x
[ 8], S41
, 0x6fa87e4f); /* 57 */
1305 II (d
, a
, b
, c
, x
[15], S42
, 0xfe2ce6e0); /* 58 */
1306 II (c
, d
, a
, b
, x
[ 6], S43
, 0xa3014314); /* 59 */
1307 II (b
, c
, d
, a
, x
[13], S44
, 0x4e0811a1); /* 60 */
1308 II (a
, b
, c
, d
, x
[ 4], S41
, 0xf7537e82); /* 61 */
1309 II (d
, a
, b
, c
, x
[11], S42
, 0xbd3af235); /* 62 */
1310 II (c
, d
, a
, b
, x
[ 2], S43
, 0x2ad7d2bb); /* 63 */
1311 II (b
, c
, d
, a
, x
[ 9], S44
, 0xeb86d391); /* 64 */
1319 /* Zeroize sensitive information. */
1320 memset (x
, 0, sizeof (x
));
1324 static void __md5_to64( char *s
, unsigned long v
, int n
)
1327 *s
++ = __md5_itoa64
[v
&0x3f];
1335 * Use MD5 for what it is best at...
1338 static char * __md5_crypt( const char *pw
, const char *salt
)
1341 static const char *sp
, *ep
;
1342 static char passwd
[120], *p
;
1344 char final
[17]; /* final[16] exists only to aid in looping */
1345 int sl
,pl
,i
,__md5__magic_len
,pw_len
;
1346 struct MD5Context ctx
,ctx1
;
1349 /* Refine the Salt first */
1352 /* If it starts with the magic string, then skip that */
1353 __md5__magic_len
= strlen(__md5__magic
);
1354 if(!strncmp(sp
,__md5__magic
,__md5__magic_len
))
1355 sp
+= __md5__magic_len
;
1357 /* It stops at the first '$', max 8 chars */
1358 for(ep
=sp
;*ep
&& *ep
!= '$' && ep
< (sp
+8);ep
++)
1361 /* get the length of the true salt */
1366 /* The password first, since that is what is most unknown */
1367 pw_len
= strlen(pw
);
1368 __md5_Update(&ctx
,pw
,pw_len
);
1370 /* Then our magic string */
1371 __md5_Update(&ctx
,__md5__magic
,__md5__magic_len
);
1373 /* Then the raw salt */
1374 __md5_Update(&ctx
,sp
,sl
);
1376 /* Then just as many characters of the MD5(pw,salt,pw) */
1378 __md5_Update(&ctx1
,pw
,pw_len
);
1379 __md5_Update(&ctx1
,sp
,sl
);
1380 __md5_Update(&ctx1
,pw
,pw_len
);
1381 __md5_Final(final
,&ctx1
);
1382 for(pl
= pw_len
; pl
> 0; pl
-= 16)
1383 __md5_Update(&ctx
,final
,pl
>16 ? 16 : pl
);
1385 /* Don't leave anything around in vm they could use. */
1386 memset(final
,0,sizeof final
);
1388 /* Then something really weird... */
1389 for (i
= pw_len
; i
; i
>>= 1) {
1390 __md5_Update(&ctx
, ((i
&1) ? final
: pw
), 1);
1393 /* Now make the output string */
1394 strcpy(passwd
,__md5__magic
);
1395 strncat(passwd
,sp
,sl
);
1398 __md5_Final(final
,&ctx
);
1401 * and now, just to make sure things don't run too fast
1402 * On a 60 Mhz Pentium this takes 34 msec, so you would
1403 * need 30 seconds to build a 1000 entry dictionary...
1405 for(i
=0;i
<1000;i
++) {
1408 __md5_Update(&ctx1
,pw
,pw_len
);
1410 __md5_Update(&ctx1
,final
,16);
1413 __md5_Update(&ctx1
,sp
,sl
);
1416 __md5_Update(&ctx1
,pw
,pw_len
);
1419 __md5_Update(&ctx1
,final
,16);
1421 __md5_Update(&ctx1
,pw
,pw_len
);
1422 __md5_Final(final
,&ctx1
);
1425 p
= passwd
+ strlen(passwd
);
1427 final
[16] = final
[5];
1428 for ( i
=0 ; i
< 5 ; i
++ ) {
1429 l
= (final
[i
]<<16) | (final
[i
+6]<<8) | final
[i
+12];
1430 __md5_to64(p
,l
,4); p
+= 4;
1433 __md5_to64(p
,l
,2); p
+= 2;
1436 /* Don't leave anything around in vm they could use. */
1437 memset(final
,0,sizeof final
);
1442 #endif /* NEED_CRYPT */