]>
jfr.im git - irc/rqf/shadowircd.git/blob - libratbox/src/crypt.c
2 * crypt.c: Implements unix style crypt() for platforms that don't have it
3 * This version has both an md5 and des crypt.
4 * This was pretty much catted together from uclibc.
10 * Copyright (C) 2000 by Lineo, inc. and Erik Andersen
11 * Copyright (C) 2000,2001 by Erik Andersen <andersen@uclibc.org>
12 * Written by Erik Andersen <andersen@uclibc.org>
14 * This program is free software; you can redistribute it and/or modify it
15 * under the terms of the GNU Library General Public License as published by
16 * the Free Software Foundation; either version 2 of the License, or (at your
17 * option) any later version.
19 * This program is distributed in the hope that it will be useful, but WITHOUT
20 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
21 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License
24 * You should have received a copy of the GNU Library General Public License
25 * along with this program; if not, write to the Free Software Foundation,
26 * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
29 #include <libratbox_config.h>
30 #include <ratbox_lib.h>
34 extern char *crypt(const char *key
, const char *salt
);
37 rb_crypt(const char *key
, const char *salt
)
39 return (crypt(key
, salt
));
43 static char *__md5_crypt(const char *pw
, const char *salt
);
44 static char *__des_crypt(const char *pw
, const char *salt
);
47 rb_crypt(const char *key
, const char *salt
)
49 /* First, check if we are supposed to be using the MD5 replacement
50 * instead of DES... */
51 if(salt
[0] == '$' && salt
[1] == '1' && salt
[2] == '$')
52 return __md5_crypt(key
, salt
);
54 return __des_crypt(key
, salt
);
57 /* Here is the des crypt() stuff */
60 * FreeSec: libcrypt for NetBSD
62 * Copyright (c) 1994 David Burren
63 * All rights reserved.
65 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
66 * this file should now *only* export crypt(), in order to make
67 * binaries of libcrypt exportable from the USA
69 * Adapted for FreeBSD-4.0 by Mark R V Murray
70 * this file should now *only* export crypt_des(), in order to make
71 * a module that can be optionally included in libcrypt.
73 * Redistribution and use in source and binary forms, with or without
74 * modification, are permitted provided that the following conditions
76 * 1. Redistributions of source code must retain the above copyright
77 * notice, this list of conditions and the following disclaimer.
78 * 2. Redistributions in binary form must reproduce the above copyright
79 * notice, this list of conditions and the following disclaimer in the
80 * documentation and/or other materials provided with the distribution.
81 * 3. Neither the name of the author nor the names of other contributors
82 * may be used to endorse or promote products derived from this software
83 * without specific prior written permission.
85 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
86 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
87 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
88 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
89 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
90 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
91 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
92 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
93 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
94 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
97 * This is an original implementation of the DES and the crypt(3) interfaces
98 * by David Burren <davidb@werj.com.au>.
100 * An excellent reference on the underlying algorithm (and related
103 * B. Schneier, Applied Cryptography: protocols, algorithms,
104 * and source code in C, John Wiley & Sons, 1994.
106 * Note that in that book's description of DES the lookups for the initial,
107 * pbox, and final permutations are inverted (this has been brought to the
108 * attention of the author). A list of errata for this book has been
109 * posted to the sci.crypt newsgroup by the author and is available for FTP.
111 * ARCHITECTURE ASSUMPTIONS:
112 * It is assumed that the 8-byte arrays passed by reference can be
113 * addressed as arrays of uint32_t's (ie. the CPU is not picky about
118 /* Re-entrantify me -- all this junk needs to be in
119 * struct crypt_data to make this really reentrant... */
120 static uint8_t inv_key_perm
[64];
121 static uint8_t inv_comp_perm
[56];
122 static uint8_t u_sbox
[8][64];
123 static uint8_t un_pbox
[32];
124 static uint32_t en_keysl
[16], en_keysr
[16];
125 static uint32_t de_keysl
[16], de_keysr
[16];
126 static uint32_t ip_maskl
[8][256], ip_maskr
[8][256];
127 static uint32_t fp_maskl
[8][256], fp_maskr
[8][256];
128 static uint32_t key_perm_maskl
[8][128], key_perm_maskr
[8][128];
129 static uint32_t comp_maskl
[8][128], comp_maskr
[8][128];
130 static uint32_t saltbits
;
131 static uint32_t old_salt
;
132 static uint32_t old_rawkey0
, old_rawkey1
;
135 /* Static stuff that stays resident and doesn't change after
136 * being initialized, and therefore doesn't need to be made
138 static uint8_t init_perm
[64], final_perm
[64];
139 static uint8_t m_sbox
[4][4096];
140 static uint32_t psbox
[4][256];
146 static const uint8_t ascii64
[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
148 static const uint8_t IP
[64] = {
149 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
150 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
151 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
152 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
155 static const uint8_t key_perm
[56] = {
156 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
157 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
158 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
159 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
162 static const uint8_t key_shifts
[16] = {
163 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
166 static const uint8_t comp_perm
[48] = {
167 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
168 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
169 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
170 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
174 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
177 static const uint8_t sbox
[8][64] = {
179 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
180 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
181 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
182 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13},
184 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
185 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
186 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
187 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9},
189 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
190 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
191 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
192 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12},
194 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
195 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
196 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
197 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14},
199 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
200 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
201 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
202 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3},
204 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
205 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
206 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
207 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13},
209 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
210 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
211 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
212 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12},
214 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
215 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
216 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
217 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11}
220 static const uint8_t pbox
[32] = {
221 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
222 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
225 static const uint32_t bits32
[32] = {
226 0x80000000, 0x40000000, 0x20000000, 0x10000000,
227 0x08000000, 0x04000000, 0x02000000, 0x01000000,
228 0x00800000, 0x00400000, 0x00200000, 0x00100000,
229 0x00080000, 0x00040000, 0x00020000, 0x00010000,
230 0x00008000, 0x00004000, 0x00002000, 0x00001000,
231 0x00000800, 0x00000400, 0x00000200, 0x00000100,
232 0x00000080, 0x00000040, 0x00000020, 0x00000010,
233 0x00000008, 0x00000004, 0x00000002, 0x00000001
236 static const uint8_t bits8
[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
238 static const uint32_t *bits28
, *bits24
;
242 ascii_to_bin(char ch
)
247 return (ch
- 'a' + 38);
251 return (ch
- 'A' + 12);
262 int i
, j
, b
, k
, inbit
, obit
;
263 uint32_t *p
, *il
, *ir
, *fl
, *fr
;
264 static int des_initialised
= 0;
266 if(des_initialised
== 1)
269 old_rawkey0
= old_rawkey1
= 0L;
272 bits24
= (bits28
= bits32
+ 4) + 4;
275 * Invert the S-boxes, reordering the input bits.
277 for(i
= 0; i
< 8; i
++)
278 for(j
= 0; j
< 64; j
++)
280 b
= (j
& 0x20) | ((j
& 1) << 4) | ((j
>> 1) & 0xf);
281 u_sbox
[i
][j
] = sbox
[i
][b
];
285 * Convert the inverted S-boxes into 4 arrays of 8 bits.
286 * Each will handle 12 bits of the S-box input.
288 for(b
= 0; b
< 4; b
++)
289 for(i
= 0; i
< 64; i
++)
290 for(j
= 0; j
< 64; j
++)
291 m_sbox
[b
][(i
<< 6) | j
] =
292 (uint8_t)((u_sbox
[(b
<< 1)][i
] << 4) |
293 u_sbox
[(b
<< 1) + 1][j
]);
296 * Set up the initial & final permutations into a useful form, and
297 * initialise the inverted key permutation.
299 for(i
= 0; i
< 64; i
++)
301 init_perm
[final_perm
[i
] = IP
[i
] - 1] = (uint8_t)i
;
302 inv_key_perm
[i
] = 255;
306 * Invert the key permutation and initialise the inverted key
307 * compression permutation.
309 for(i
= 0; i
< 56; i
++)
311 inv_key_perm
[key_perm
[i
] - 1] = (uint8_t)i
;
312 inv_comp_perm
[i
] = 255;
316 * Invert the key compression permutation.
318 for(i
= 0; i
< 48; i
++)
320 inv_comp_perm
[comp_perm
[i
] - 1] = (uint8_t)i
;
324 * Set up the OR-mask arrays for the initial and final permutations,
325 * and for the key initial and compression permutations.
327 for(k
= 0; k
< 8; k
++)
329 for(i
= 0; i
< 256; i
++)
331 *(il
= &ip_maskl
[k
][i
]) = 0L;
332 *(ir
= &ip_maskr
[k
][i
]) = 0L;
333 *(fl
= &fp_maskl
[k
][i
]) = 0L;
334 *(fr
= &fp_maskr
[k
][i
]) = 0L;
335 for(j
= 0; j
< 8; j
++)
340 if((obit
= init_perm
[inbit
]) < 32)
343 *ir
|= bits32
[obit
- 32];
344 if((obit
= final_perm
[inbit
]) < 32)
347 *fr
|= bits32
[obit
- 32];
351 for(i
= 0; i
< 128; i
++)
353 *(il
= &key_perm_maskl
[k
][i
]) = 0L;
354 *(ir
= &key_perm_maskr
[k
][i
]) = 0L;
355 for(j
= 0; j
< 7; j
++)
360 if((obit
= inv_key_perm
[inbit
]) == 255)
365 *ir
|= bits28
[obit
- 28];
368 *(il
= &comp_maskl
[k
][i
]) = 0L;
369 *(ir
= &comp_maskr
[k
][i
]) = 0L;
370 for(j
= 0; j
< 7; j
++)
375 if((obit
= inv_comp_perm
[inbit
]) == 255)
380 *ir
|= bits24
[obit
- 24];
387 * Invert the P-box permutation, and convert into OR-masks for
388 * handling the output of the S-box arrays setup above.
390 for(i
= 0; i
< 32; i
++)
391 un_pbox
[pbox
[i
] - 1] = (uint8_t)i
;
393 for(b
= 0; b
< 4; b
++)
394 for(i
= 0; i
< 256; i
++)
396 *(p
= &psbox
[b
][i
]) = 0L;
397 for(j
= 0; j
< 8; j
++)
400 *p
|= bits32
[un_pbox
[8 * b
+ j
]];
409 setup_salt(long salt
)
411 uint32_t obit
, saltbit
;
414 if(salt
== (long)old_salt
)
421 for(i
= 0; i
< 24; i
++)
432 des_setkey(const char *key
)
434 uint32_t k0
, k1
, rawkey0
, rawkey1
;
439 rawkey0
= ntohl(*(const uint32_t *)key
);
440 rawkey1
= ntohl(*(const uint32_t *)(key
+ 4));
442 if((rawkey0
| rawkey1
) && rawkey0
== old_rawkey0
&& rawkey1
== old_rawkey1
)
445 * Already setup for this key.
446 * This optimisation fails on a zero key (which is weak and
447 * has bad parity anyway) in order to simplify the starting
452 old_rawkey0
= rawkey0
;
453 old_rawkey1
= rawkey1
;
456 * Do key permutation and split into two 28-bit subkeys.
458 k0
= key_perm_maskl
[0][rawkey0
>> 25]
459 | key_perm_maskl
[1][(rawkey0
>> 17) & 0x7f]
460 | key_perm_maskl
[2][(rawkey0
>> 9) & 0x7f]
461 | key_perm_maskl
[3][(rawkey0
>> 1) & 0x7f]
462 | key_perm_maskl
[4][rawkey1
>> 25]
463 | key_perm_maskl
[5][(rawkey1
>> 17) & 0x7f]
464 | key_perm_maskl
[6][(rawkey1
>> 9) & 0x7f]
465 | key_perm_maskl
[7][(rawkey1
>> 1) & 0x7f];
466 k1
= key_perm_maskr
[0][rawkey0
>> 25]
467 | key_perm_maskr
[1][(rawkey0
>> 17) & 0x7f]
468 | key_perm_maskr
[2][(rawkey0
>> 9) & 0x7f]
469 | key_perm_maskr
[3][(rawkey0
>> 1) & 0x7f]
470 | key_perm_maskr
[4][rawkey1
>> 25]
471 | key_perm_maskr
[5][(rawkey1
>> 17) & 0x7f]
472 | key_perm_maskr
[6][(rawkey1
>> 9) & 0x7f]
473 | key_perm_maskr
[7][(rawkey1
>> 1) & 0x7f];
475 * Rotate subkeys and do compression permutation.
478 for(round
= 0; round
< 16; round
++)
482 shifts
+= key_shifts
[round
];
484 t0
= (k0
<< shifts
) | (k0
>> (28 - shifts
));
485 t1
= (k1
<< shifts
) | (k1
>> (28 - shifts
));
487 de_keysl
[15 - round
] =
488 en_keysl
[round
] = comp_maskl
[0][(t0
>> 21) & 0x7f]
489 | comp_maskl
[1][(t0
>> 14) & 0x7f]
490 | comp_maskl
[2][(t0
>> 7) & 0x7f]
491 | comp_maskl
[3][t0
& 0x7f]
492 | comp_maskl
[4][(t1
>> 21) & 0x7f]
493 | comp_maskl
[5][(t1
>> 14) & 0x7f]
494 | comp_maskl
[6][(t1
>> 7) & 0x7f] | comp_maskl
[7][t1
& 0x7f];
496 de_keysr
[15 - round
] =
497 en_keysr
[round
] = comp_maskr
[0][(t0
>> 21) & 0x7f]
498 | comp_maskr
[1][(t0
>> 14) & 0x7f]
499 | comp_maskr
[2][(t0
>> 7) & 0x7f]
500 | comp_maskr
[3][t0
& 0x7f]
501 | comp_maskr
[4][(t1
>> 21) & 0x7f]
502 | comp_maskr
[5][(t1
>> 14) & 0x7f]
503 | comp_maskr
[6][(t1
>> 7) & 0x7f] | comp_maskr
[7][t1
& 0x7f];
510 do_des(uint32_t l_in
, uint32_t r_in
, uint32_t *l_out
, uint32_t *r_out
, int count
)
513 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
515 uint32_t l
, r
, *kl
, *kr
, *kl1
, *kr1
;
516 uint32_t f
, r48l
, r48r
;
542 * Do initial permutation (IP).
544 l
= ip_maskl
[0][l_in
>> 24]
545 | ip_maskl
[1][(l_in
>> 16) & 0xff]
546 | ip_maskl
[2][(l_in
>> 8) & 0xff]
547 | ip_maskl
[3][l_in
& 0xff]
548 | ip_maskl
[4][r_in
>> 24]
549 | ip_maskl
[5][(r_in
>> 16) & 0xff]
550 | ip_maskl
[6][(r_in
>> 8) & 0xff] | ip_maskl
[7][r_in
& 0xff];
551 r
= ip_maskr
[0][l_in
>> 24]
552 | ip_maskr
[1][(l_in
>> 16) & 0xff]
553 | ip_maskr
[2][(l_in
>> 8) & 0xff]
554 | ip_maskr
[3][l_in
& 0xff]
555 | ip_maskr
[4][r_in
>> 24]
556 | ip_maskr
[5][(r_in
>> 16) & 0xff]
557 | ip_maskr
[6][(r_in
>> 8) & 0xff] | ip_maskr
[7][r_in
& 0xff];
570 * Expand R to 48 bits (simulate the E-box).
572 r48l
= ((r
& 0x00000001) << 23)
573 | ((r
& 0xf8000000) >> 9)
574 | ((r
& 0x1f800000) >> 11)
575 | ((r
& 0x01f80000) >> 13) | ((r
& 0x001f8000) >> 15);
577 r48r
= ((r
& 0x0001f800) << 7)
578 | ((r
& 0x00001f80) << 5)
579 | ((r
& 0x000001f8) << 3)
580 | ((r
& 0x0000001f) << 1) | ((r
& 0x80000000) >> 31);
582 * Do salting for crypt() and friends, and
583 * XOR with the permuted key.
585 f
= (r48l
^ r48r
) & saltbits
;
589 * Do sbox lookups (which shrink it back to 32 bits)
590 * and do the pbox permutation at the same time.
592 f
= psbox
[0][m_sbox
[0][r48l
>> 12]]
593 | psbox
[1][m_sbox
[1][r48l
& 0xfff]]
594 | psbox
[2][m_sbox
[2][r48r
>> 12]]
595 | psbox
[3][m_sbox
[3][r48r
& 0xfff]];
597 * Now that we've permuted things, complete f().
607 * Do final permutation (inverse of IP).
609 *l_out
= fp_maskl
[0][l
>> 24]
610 | fp_maskl
[1][(l
>> 16) & 0xff]
611 | fp_maskl
[2][(l
>> 8) & 0xff]
612 | fp_maskl
[3][l
& 0xff]
613 | fp_maskl
[4][r
>> 24]
614 | fp_maskl
[5][(r
>> 16) & 0xff]
615 | fp_maskl
[6][(r
>> 8) & 0xff] | fp_maskl
[7][r
& 0xff];
616 *r_out
= fp_maskr
[0][l
>> 24]
617 | fp_maskr
[1][(l
>> 16) & 0xff]
618 | fp_maskr
[2][(l
>> 8) & 0xff]
619 | fp_maskr
[3][l
& 0xff]
620 | fp_maskr
[4][r
>> 24]
621 | fp_maskr
[5][(r
>> 16) & 0xff]
622 | fp_maskr
[6][(r
>> 8) & 0xff] | fp_maskr
[7][r
& 0xff];
629 des_cipher(const char *in
, char *out
, uint32_t salt
, int count
)
631 uint32_t l_out
, r_out
, rawl
, rawr
;
644 rawl
= ntohl(*trans
.ui32
++);
645 rawr
= ntohl(*trans
.ui32
);
647 retval
= do_des(rawl
, rawr
, &l_out
, &r_out
, count
);
650 *trans
.ui32
++ = htonl(l_out
);
651 *trans
.ui32
= htonl(r_out
);
658 setkey(const char *key
)
661 uint32_t packed_keys
[2];
664 p
= (uint8_t *)packed_keys
;
666 for(i
= 0; i
< 8; i
++)
669 for(j
= 0; j
< 8; j
++)
673 des_setkey((char *)p
);
678 encrypt(char *block
, int flag
)
687 p
= (uint8_t *)block
;
688 for(i
= 0; i
< 2; i
++)
691 for(j
= 0; j
< 32; j
++)
695 do_des(io
[0], io
[1], io
, io
+ 1, flag
? -1 : 1);
696 for(i
= 0; i
< 2; i
++)
697 for(j
= 0; j
< 32; j
++)
698 block
[(i
<< 5) | j
] = (io
[i
] & bits32
[j
]) ? 1 : 0;
703 __des_crypt(const char *key
, const char *setting
)
705 uint32_t count
, salt
, l
, r0
, r1
, keybuf
[2];
707 static char output
[21];
712 * Copy the key, shifting each character up by one bit
713 * and padding with zeros.
715 q
= (uint8_t *)keybuf
;
716 while(q
- (uint8_t *)keybuf
- 8)
722 if(des_setkey((char *)keybuf
))
726 if(*setting
== _PASSWORD_EFMT1
)
731 * setting - underscore, 4 bytes of count, 4 bytes of salt
732 * key - unlimited characters
734 for(i
= 1, count
= 0L; i
< 5; i
++)
735 count
|= ascii_to_bin(setting
[i
]) << ((i
- 1) * 6);
737 for(i
= 5, salt
= 0L; i
< 9; i
++)
738 salt
|= ascii_to_bin(setting
[i
]) << ((i
- 5) * 6);
743 * Encrypt the key with itself.
745 if(des_cipher((char *)keybuf
, (char *)keybuf
, 0L, 1))
748 * And XOR with the next 8 characters of the key.
750 q
= (uint8_t *)keybuf
;
751 while(q
- (uint8_t *)keybuf
- 8 && *key
)
754 if(des_setkey((char *)keybuf
))
757 strncpy(output
, setting
, 9);
760 * Double check that we weren't given a short setting.
761 * If we were, the above code will probably have created
762 * wierd values for count and salt, but we don't really care.
763 * Just make sure the output string doesn't have an extra
767 p
= (uint8_t *)output
+ strlen(output
);
774 * setting - 2 bytes of salt
775 * key - up to 8 characters
779 salt
= (ascii_to_bin(setting
[1]) << 6) | ascii_to_bin(setting
[0]);
781 output
[0] = setting
[0];
783 * If the encrypted password that the salt was extracted from
784 * is only 1 character long, the salt will be corrupted. We
785 * need to ensure that the output string doesn't have an extra
788 output
[1] = setting
[1] ? setting
[1] : output
[0];
790 p
= (uint8_t *)output
+ 2;
796 if(do_des(0L, 0L, &r0
, &r1
, (int)count
))
799 * Now encode the result...
802 *p
++ = ascii64
[(l
>> 18) & 0x3f];
803 *p
++ = ascii64
[(l
>> 12) & 0x3f];
804 *p
++ = ascii64
[(l
>> 6) & 0x3f];
805 *p
++ = ascii64
[l
& 0x3f];
807 l
= (r0
<< 16) | ((r1
>> 16) & 0xffff);
808 *p
++ = ascii64
[(l
>> 18) & 0x3f];
809 *p
++ = ascii64
[(l
>> 12) & 0x3f];
810 *p
++ = ascii64
[(l
>> 6) & 0x3f];
811 *p
++ = ascii64
[l
& 0x3f];
814 *p
++ = ascii64
[(l
>> 12) & 0x3f];
815 *p
++ = ascii64
[(l
>> 6) & 0x3f];
816 *p
++ = ascii64
[l
& 0x3f];
825 * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
827 * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
830 * License to copy and use this software is granted provided that it
831 * is identified as the "RSA Data Security, Inc. MD5 Message-Digest
832 * Algorithm" in all material mentioning or referencing this software
835 * License is also granted to make and use derivative works provided
836 * that such works are identified as "derived from the RSA Data
837 * Security, Inc. MD5 Message-Digest Algorithm" in all material
838 * mentioning or referencing the derived work.
840 * RSA Data Security, Inc. makes no representations concerning either
841 * the merchantability of this software or the suitability of this
842 * software for any particular purpose. It is provided "as is"
843 * without express or implied warranty of any kind.
845 * These notices must be retained in any copies of any part of this
846 * documentation and/or software.
848 * $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $
850 * This code is the same as the code published by RSA Inc. It has been
851 * edited for clarity and style only.
853 * ----------------------------------------------------------------------------
854 * The md5_crypt() function was taken from freeBSD's libcrypt and contains
856 * "THE BEER-WARE LICENSE" (Revision 42):
857 * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you
858 * can do whatever you want with this stuff. If we meet some day, and you think
859 * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp
861 * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $
863 * ----------------------------------------------------------------------------
864 * On April 19th, 2001 md5_crypt() was modified to make it reentrant
865 * by Erik Andersen <andersen@uclibc.org>
868 * June 28, 2001 Manuel Novoa III
870 * "Un-inlined" code using loops and static const tables in order to
871 * reduce generated code size (on i386 from approx 4k to approx 2.5k).
873 * June 29, 2001 Manuel Novoa III
875 * Completely removed static PADDING array.
877 * Reintroduced the loop unrolling in MD5_Transform and added the
878 * MD5_SIZE_OVER_SPEED option for configurability. Define below as:
879 * 0 fully unrolled loops
880 * 1 partially unrolled (4 ops per loop)
881 * 2 no unrolling -- introduces the need to swap 4 variables (slow)
882 * 3 no unrolling and all 4 loops merged into one with switch
883 * in each loop (glacial)
884 * On i386, sizes are roughly (-Os -fno-builtin):
885 * 0: 3k 1: 2.5k 2: 2.2k 3: 2k
888 * Since SuSv3 does not require crypt_r, modified again August 7, 2002
889 * by Erik Andersen to remove reentrance stuff...
893 * Valid values are 1 (fastest/largest) to 3 (smallest/slowest).
895 #define MD5_SIZE_OVER_SPEED 1
897 /**********************************************************************/
902 uint32_t state
[4]; /* state (ABCD) */
903 uint32_t count
[2]; /* number of bits, modulo 2^64 (lsb first) */
904 unsigned char buffer
[64]; /* input buffer */
907 static void __md5_Init(struct MD5Context
*);
908 static void __md5_Update(struct MD5Context
*, const char *, unsigned int);
909 static void __md5_Pad(struct MD5Context
*);
910 static void __md5_Final(char[16], struct MD5Context
*);
911 static void __md5_Transform(uint32_t[4], const unsigned char[64]);
914 static const char __md5__magic
[] = "$1$"; /* This string is magic for this algorithm. Having
915 it this way, we can get better later on */
916 static const unsigned char __md5_itoa64
[] = /* 0 ... 63 => ascii - 64 */
917 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
922 #define __md5_Encode memcpy
923 #define __md5_Decode memcpy
927 * __md5_Encodes input (uint32_t) into output (unsigned char). Assumes len is
932 __md5_Encode(unsigned char *output
, uint32_t *input
, unsigned int len
)
936 for(i
= 0, j
= 0; j
< len
; i
++, j
+= 4)
938 output
[j
] = (unsigned char)(input
[i
] & 0xff);
939 output
[j
+ 1] = (unsigned char)((input
[i
] >> 8) & 0xff);
940 output
[j
+ 2] = (unsigned char)((input
[i
] >> 16) & 0xff);
941 output
[j
+ 3] = (unsigned char)((input
[i
] >> 24) & 0xff);
946 * __md5_Decodes input (unsigned char) into output (uint32_t). Assumes len is
951 __md5_Decode(uint32_t *output
, const unsigned char *input
, unsigned int len
)
955 for(i
= 0, j
= 0; j
< len
; i
++, j
+= 4)
956 output
[i
] = ((uint32_t)input
[j
]) | (((uint32_t)input
[j
+ 1]) << 8) |
957 (((uint32_t)input
[j
+ 2]) << 16) | (((uint32_t)input
[j
+ 3]) << 24);
961 /* F, G, H and I are basic MD5 functions. */
962 #define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
963 #define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
964 #define H(x, y, z) ((x) ^ (y) ^ (z))
965 #define I(x, y, z) ((y) ^ ((x) | (~z)))
967 /* ROTATE_LEFT rotates x left n bits. */
968 #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
971 * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
972 * Rotation is separate from addition to prevent recomputation.
974 #define FF(a, b, c, d, x, s, ac) { \
975 (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \
976 (a) = ROTATE_LEFT ((a), (s)); \
979 #define GG(a, b, c, d, x, s, ac) { \
980 (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \
981 (a) = ROTATE_LEFT ((a), (s)); \
984 #define HH(a, b, c, d, x, s, ac) { \
985 (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \
986 (a) = ROTATE_LEFT ((a), (s)); \
989 #define II(a, b, c, d, x, s, ac) { \
990 (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \
991 (a) = ROTATE_LEFT ((a), (s)); \
995 /* MD5 initialization. Begins an MD5 operation, writing a new context. */
998 __md5_Init(struct MD5Context
*context
)
1000 context
->count
[0] = context
->count
[1] = 0;
1002 /* Load magic initialization constants. */
1003 context
->state
[0] = 0x67452301;
1004 context
->state
[1] = 0xefcdab89;
1005 context
->state
[2] = 0x98badcfe;
1006 context
->state
[3] = 0x10325476;
1010 * MD5 block update operation. Continues an MD5 message-digest
1011 * operation, processing another message block, and updating the
1016 __md5_Update(struct MD5Context
*context
, const char *xinput
, unsigned int inputLen
)
1018 unsigned int i
, lindex
, partLen
;
1019 const unsigned char *input
= (const unsigned char *)xinput
; /* i hate gcc */
1020 /* Compute number of bytes mod 64 */
1021 lindex
= (unsigned int)((context
->count
[0] >> 3) & 0x3F);
1023 /* Update number of bits */
1024 if((context
->count
[0] += ((uint32_t)inputLen
<< 3)) < ((uint32_t)inputLen
<< 3))
1025 context
->count
[1]++;
1026 context
->count
[1] += ((uint32_t)inputLen
>> 29);
1028 partLen
= 64 - lindex
;
1030 /* Transform as many times as possible. */
1031 if(inputLen
>= partLen
)
1033 memcpy(&context
->buffer
[lindex
], input
, partLen
);
1034 __md5_Transform(context
->state
, context
->buffer
);
1036 for(i
= partLen
; i
+ 63 < inputLen
; i
+= 64)
1037 __md5_Transform(context
->state
, &input
[i
]);
1044 /* Buffer remaining input */
1045 memcpy(&context
->buffer
[lindex
], &input
[i
], inputLen
- i
);
1049 * MD5 padding. Adds padding followed by original length.
1053 __md5_Pad(struct MD5Context
*context
)
1056 unsigned int lindex
, padLen
;
1059 memset(PADDING
, 0, sizeof(PADDING
));
1062 /* Save number of bits */
1063 __md5_Encode(bits
, context
->count
, 8);
1065 /* Pad out to 56 mod 64. */
1066 lindex
= (unsigned int)((context
->count
[0] >> 3) & 0x3f);
1067 padLen
= (lindex
< 56) ? (56 - lindex
) : (120 - lindex
);
1068 __md5_Update(context
, PADDING
, padLen
);
1070 /* Append length (before padding) */
1071 __md5_Update(context
, bits
, 8);
1075 * MD5 finalization. Ends an MD5 message-digest operation, writing the
1076 * the message digest and zeroizing the context.
1080 __md5_Final(char xdigest
[16], struct MD5Context
*context
)
1082 unsigned char *digest
= (unsigned char *)xdigest
;
1086 /* Store state in digest */
1087 __md5_Encode(digest
, context
->state
, 16);
1089 /* Zeroize sensitive information. */
1090 memset(context
, 0, sizeof(*context
));
1093 /* MD5 basic transformation. Transforms state based on block. */
1096 __md5_Transform(state
, block
)
1098 const unsigned char block
[64];
1100 uint32_t a
, b
, c
, d
, x
[16];
1102 #if MD5_SIZE_OVER_SPEED > 1
1106 static const char S
[] = {
1112 #endif /* MD5_SIZE_OVER_SPEED > 1 */
1114 #if MD5_SIZE_OVER_SPEED > 0
1119 static const uint32_t C
[] = {
1121 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee,
1122 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501,
1123 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be,
1124 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821,
1126 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa,
1127 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8,
1128 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed,
1129 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a,
1131 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c,
1132 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70,
1133 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05,
1134 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665,
1136 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039,
1137 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1,
1138 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1,
1139 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391
1142 static const char P
[] = {
1143 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */
1144 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */
1145 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */
1146 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */
1149 #endif /* MD5_SIZE_OVER_SPEED > 0 */
1151 __md5_Decode(x
, block
, 64);
1158 #if MD5_SIZE_OVER_SPEED > 2
1163 for(i
= 0; i
< 64; i
++)
1183 temp
+= x
[(int)(*pp
++)] + *pc
++;
1184 temp
= ROTATE_LEFT(temp
, ps
[i
& 3]);
1191 #elif MD5_SIZE_OVER_SPEED > 1
1197 for(i
= 0; i
< 16; i
++)
1199 FF(a
, b
, c
, d
, x
[(int)(*pp
++)], ps
[i
& 0x3], *pc
++);
1211 GG(a
, b
, c
, d
, x
[(int)(*pp
++)], ps
[i
& 0x3], *pc
++);
1222 HH(a
, b
, c
, d
, x
[(int)(*pp
++)], ps
[i
& 0x3], *pc
++);
1234 II(a
, b
, c
, d
, x
[(int)(*pp
++)], ps
[i
& 0x3], *pc
++);
1241 #elif MD5_SIZE_OVER_SPEED > 0
1246 for(i
= 0; i
< 4; i
++)
1248 FF(a
, b
, c
, d
, x
[(int)(*pp
++)], 7, *pc
++);
1249 FF(d
, a
, b
, c
, x
[(int)(*pp
++)], 12, *pc
++);
1250 FF(c
, d
, a
, b
, x
[(int)(*pp
++)], 17, *pc
++);
1251 FF(b
, c
, d
, a
, x
[(int)(*pp
++)], 22, *pc
++);
1255 for(i
= 0; i
< 4; i
++)
1257 GG(a
, b
, c
, d
, x
[(int)(*pp
++)], 5, *pc
++);
1258 GG(d
, a
, b
, c
, x
[(int)(*pp
++)], 9, *pc
++);
1259 GG(c
, d
, a
, b
, x
[(int)(*pp
++)], 14, *pc
++);
1260 GG(b
, c
, d
, a
, x
[(int)(*pp
++)], 20, *pc
++);
1263 for(i
= 0; i
< 4; i
++)
1265 HH(a
, b
, c
, d
, x
[(int)(*pp
++)], 4, *pc
++);
1266 HH(d
, a
, b
, c
, x
[(int)(*pp
++)], 11, *pc
++);
1267 HH(c
, d
, a
, b
, x
[(int)(*pp
++)], 16, *pc
++);
1268 HH(b
, c
, d
, a
, x
[(int)(*pp
++)], 23, *pc
++);
1272 for(i
= 0; i
< 4; i
++)
1274 II(a
, b
, c
, d
, x
[(int)(*pp
++)], 6, *pc
++);
1275 II(d
, a
, b
, c
, x
[(int)(*pp
++)], 10, *pc
++);
1276 II(c
, d
, a
, b
, x
[(int)(*pp
++)], 15, *pc
++);
1277 II(b
, c
, d
, a
, x
[(int)(*pp
++)], 21, *pc
++);
1285 FF(a
, b
, c
, d
, x
[0], S11
, 0xd76aa478); /* 1 */
1286 FF(d
, a
, b
, c
, x
[1], S12
, 0xe8c7b756); /* 2 */
1287 FF(c
, d
, a
, b
, x
[2], S13
, 0x242070db); /* 3 */
1288 FF(b
, c
, d
, a
, x
[3], S14
, 0xc1bdceee); /* 4 */
1289 FF(a
, b
, c
, d
, x
[4], S11
, 0xf57c0faf); /* 5 */
1290 FF(d
, a
, b
, c
, x
[5], S12
, 0x4787c62a); /* 6 */
1291 FF(c
, d
, a
, b
, x
[6], S13
, 0xa8304613); /* 7 */
1292 FF(b
, c
, d
, a
, x
[7], S14
, 0xfd469501); /* 8 */
1293 FF(a
, b
, c
, d
, x
[8], S11
, 0x698098d8); /* 9 */
1294 FF(d
, a
, b
, c
, x
[9], S12
, 0x8b44f7af); /* 10 */
1295 FF(c
, d
, a
, b
, x
[10], S13
, 0xffff5bb1); /* 11 */
1296 FF(b
, c
, d
, a
, x
[11], S14
, 0x895cd7be); /* 12 */
1297 FF(a
, b
, c
, d
, x
[12], S11
, 0x6b901122); /* 13 */
1298 FF(d
, a
, b
, c
, x
[13], S12
, 0xfd987193); /* 14 */
1299 FF(c
, d
, a
, b
, x
[14], S13
, 0xa679438e); /* 15 */
1300 FF(b
, c
, d
, a
, x
[15], S14
, 0x49b40821); /* 16 */
1307 GG(a
, b
, c
, d
, x
[1], S21
, 0xf61e2562); /* 17 */
1308 GG(d
, a
, b
, c
, x
[6], S22
, 0xc040b340); /* 18 */
1309 GG(c
, d
, a
, b
, x
[11], S23
, 0x265e5a51); /* 19 */
1310 GG(b
, c
, d
, a
, x
[0], S24
, 0xe9b6c7aa); /* 20 */
1311 GG(a
, b
, c
, d
, x
[5], S21
, 0xd62f105d); /* 21 */
1312 GG(d
, a
, b
, c
, x
[10], S22
, 0x2441453); /* 22 */
1313 GG(c
, d
, a
, b
, x
[15], S23
, 0xd8a1e681); /* 23 */
1314 GG(b
, c
, d
, a
, x
[4], S24
, 0xe7d3fbc8); /* 24 */
1315 GG(a
, b
, c
, d
, x
[9], S21
, 0x21e1cde6); /* 25 */
1316 GG(d
, a
, b
, c
, x
[14], S22
, 0xc33707d6); /* 26 */
1317 GG(c
, d
, a
, b
, x
[3], S23
, 0xf4d50d87); /* 27 */
1318 GG(b
, c
, d
, a
, x
[8], S24
, 0x455a14ed); /* 28 */
1319 GG(a
, b
, c
, d
, x
[13], S21
, 0xa9e3e905); /* 29 */
1320 GG(d
, a
, b
, c
, x
[2], S22
, 0xfcefa3f8); /* 30 */
1321 GG(c
, d
, a
, b
, x
[7], S23
, 0x676f02d9); /* 31 */
1322 GG(b
, c
, d
, a
, x
[12], S24
, 0x8d2a4c8a); /* 32 */
1329 HH(a
, b
, c
, d
, x
[5], S31
, 0xfffa3942); /* 33 */
1330 HH(d
, a
, b
, c
, x
[8], S32
, 0x8771f681); /* 34 */
1331 HH(c
, d
, a
, b
, x
[11], S33
, 0x6d9d6122); /* 35 */
1332 HH(b
, c
, d
, a
, x
[14], S34
, 0xfde5380c); /* 36 */
1333 HH(a
, b
, c
, d
, x
[1], S31
, 0xa4beea44); /* 37 */
1334 HH(d
, a
, b
, c
, x
[4], S32
, 0x4bdecfa9); /* 38 */
1335 HH(c
, d
, a
, b
, x
[7], S33
, 0xf6bb4b60); /* 39 */
1336 HH(b
, c
, d
, a
, x
[10], S34
, 0xbebfbc70); /* 40 */
1337 HH(a
, b
, c
, d
, x
[13], S31
, 0x289b7ec6); /* 41 */
1338 HH(d
, a
, b
, c
, x
[0], S32
, 0xeaa127fa); /* 42 */
1339 HH(c
, d
, a
, b
, x
[3], S33
, 0xd4ef3085); /* 43 */
1340 HH(b
, c
, d
, a
, x
[6], S34
, 0x4881d05); /* 44 */
1341 HH(a
, b
, c
, d
, x
[9], S31
, 0xd9d4d039); /* 45 */
1342 HH(d
, a
, b
, c
, x
[12], S32
, 0xe6db99e5); /* 46 */
1343 HH(c
, d
, a
, b
, x
[15], S33
, 0x1fa27cf8); /* 47 */
1344 HH(b
, c
, d
, a
, x
[2], S34
, 0xc4ac5665); /* 48 */
1351 II(a
, b
, c
, d
, x
[0], S41
, 0xf4292244); /* 49 */
1352 II(d
, a
, b
, c
, x
[7], S42
, 0x432aff97); /* 50 */
1353 II(c
, d
, a
, b
, x
[14], S43
, 0xab9423a7); /* 51 */
1354 II(b
, c
, d
, a
, x
[5], S44
, 0xfc93a039); /* 52 */
1355 II(a
, b
, c
, d
, x
[12], S41
, 0x655b59c3); /* 53 */
1356 II(d
, a
, b
, c
, x
[3], S42
, 0x8f0ccc92); /* 54 */
1357 II(c
, d
, a
, b
, x
[10], S43
, 0xffeff47d); /* 55 */
1358 II(b
, c
, d
, a
, x
[1], S44
, 0x85845dd1); /* 56 */
1359 II(a
, b
, c
, d
, x
[8], S41
, 0x6fa87e4f); /* 57 */
1360 II(d
, a
, b
, c
, x
[15], S42
, 0xfe2ce6e0); /* 58 */
1361 II(c
, d
, a
, b
, x
[6], S43
, 0xa3014314); /* 59 */
1362 II(b
, c
, d
, a
, x
[13], S44
, 0x4e0811a1); /* 60 */
1363 II(a
, b
, c
, d
, x
[4], S41
, 0xf7537e82); /* 61 */
1364 II(d
, a
, b
, c
, x
[11], S42
, 0xbd3af235); /* 62 */
1365 II(c
, d
, a
, b
, x
[2], S43
, 0x2ad7d2bb); /* 63 */
1366 II(b
, c
, d
, a
, x
[9], S44
, 0xeb86d391); /* 64 */
1374 /* Zeroize sensitive information. */
1375 memset(x
, 0, sizeof(x
));
1380 __md5_to64(char *s
, unsigned long v
, int n
)
1384 *s
++ = __md5_itoa64
[v
& 0x3f];
1392 * Use MD5 for what it is best at...
1396 __md5_crypt(const char *pw
, const char *salt
)
1399 static const char *sp
, *ep
;
1400 static char passwd
[120], *p
;
1402 char final
[17]; /* final[16] exists only to aid in looping */
1403 int sl
, pl
, i
, __md5__magic_len
, pw_len
;
1404 struct MD5Context ctx
, ctx1
;
1407 /* Refine the Salt first */
1410 /* If it starts with the magic string, then skip that */
1411 __md5__magic_len
= strlen(__md5__magic
);
1412 if(!strncmp(sp
, __md5__magic
, __md5__magic_len
))
1413 sp
+= __md5__magic_len
;
1415 /* It stops at the first '$', max 8 chars */
1416 for(ep
= sp
; *ep
&& *ep
!= '$' && ep
< (sp
+ 8); ep
++)
1419 /* get the length of the true salt */
1424 /* The password first, since that is what is most unknown */
1425 pw_len
= strlen(pw
);
1426 __md5_Update(&ctx
, pw
, pw_len
);
1428 /* Then our magic string */
1429 __md5_Update(&ctx
, __md5__magic
, __md5__magic_len
);
1431 /* Then the raw salt */
1432 __md5_Update(&ctx
, sp
, sl
);
1434 /* Then just as many characters of the MD5(pw,salt,pw) */
1436 __md5_Update(&ctx1
, pw
, pw_len
);
1437 __md5_Update(&ctx1
, sp
, sl
);
1438 __md5_Update(&ctx1
, pw
, pw_len
);
1439 __md5_Final(final
, &ctx1
);
1440 for(pl
= pw_len
; pl
> 0; pl
-= 16)
1441 __md5_Update(&ctx
, final
, pl
> 16 ? 16 : pl
);
1443 /* Don't leave anything around in vm they could use. */
1444 memset(final
, 0, sizeof final
);
1446 /* Then something really weird... */
1447 for(i
= pw_len
; i
; i
>>= 1)
1449 __md5_Update(&ctx
, ((i
& 1) ? final
: pw
), 1);
1452 /* Now make the output string */
1453 strcpy(passwd
, __md5__magic
);
1454 strncat(passwd
, sp
, sl
);
1455 strcat(passwd
, "$");
1457 __md5_Final(final
, &ctx
);
1460 * and now, just to make sure things don't run too fast
1461 * On a 60 Mhz Pentium this takes 34 msec, so you would
1462 * need 30 seconds to build a 1000 entry dictionary...
1464 for(i
= 0; i
< 1000; i
++)
1468 __md5_Update(&ctx1
, pw
, pw_len
);
1470 __md5_Update(&ctx1
, final
, 16);
1473 __md5_Update(&ctx1
, sp
, sl
);
1476 __md5_Update(&ctx1
, pw
, pw_len
);
1479 __md5_Update(&ctx1
, final
, 16);
1481 __md5_Update(&ctx1
, pw
, pw_len
);
1482 __md5_Final(final
, &ctx1
);
1485 p
= passwd
+ strlen(passwd
);
1487 final
[16] = final
[5];
1488 for(i
= 0; i
< 5; i
++)
1490 l
= (final
[i
] << 16) | (final
[i
+ 6] << 8) | final
[i
+ 12];
1491 __md5_to64(p
, l
, 4);
1495 __md5_to64(p
, l
, 2);
1499 /* Don't leave anything around in vm they could use. */
1500 memset(final
, 0, sizeof final
);
1505 #endif /* NEED_CRYPT */