]>
Commit | Line | Data |
---|---|---|
db137867 AC |
1 | /* |
2 | * crypt.c: Implements unix style crypt() for platforms that don't have it | |
3 | * This version has both an md5 and des crypt. | |
4 | * This was pretty much catted together from uclibc. | |
5 | */ | |
6 | ||
7 | /* | |
8 | * crypt() for uClibc | |
9 | * | |
10 | * Copyright (C) 2000 by Lineo, inc. and Erik Andersen | |
11 | * Copyright (C) 2000,2001 by Erik Andersen <andersen@uclibc.org> | |
12 | * Written by Erik Andersen <andersen@uclibc.org> | |
13 | * | |
14 | * This program is free software; you can redistribute it and/or modify it | |
15 | * under the terms of the GNU Library General Public License as published by | |
16 | * the Free Software Foundation; either version 2 of the License, or (at your | |
17 | * option) any later version. | |
18 | * | |
19 | * This program is distributed in the hope that it will be useful, but WITHOUT | |
20 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | |
21 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License | |
22 | * for more details. | |
23 | * | |
24 | * You should have received a copy of the GNU Library General Public License | |
25 | * along with this program; if not, write to the Free Software Foundation, | |
26 | * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
27 | */ | |
28 | ||
29 | #include <libratbox_config.h> | |
30 | #include <ratbox_lib.h> | |
31 | ||
32 | ||
33 | #ifndef NEED_CRYPT | |
34 | extern char *crypt(const char *key, const char *salt); | |
35 | ||
36 | char * | |
37 | rb_crypt(const char *key, const char *salt) | |
38 | { | |
3202e249 | 39 | return (crypt(key, salt)); |
db137867 AC |
40 | } |
41 | #else | |
42 | ||
3202e249 VY |
43 | static char *__md5_crypt(const char *pw, const char *salt); |
44 | static char *__des_crypt(const char *pw, const char *salt); | |
db137867 | 45 | |
3202e249 | 46 | char * |
db137867 AC |
47 | rb_crypt(const char *key, const char *salt) |
48 | { | |
49 | /* First, check if we are supposed to be using the MD5 replacement | |
50 | * instead of DES... */ | |
3202e249 | 51 | if(salt[0] == '$' && salt[1] == '1' && salt[2] == '$') |
db137867 AC |
52 | return __md5_crypt(key, salt); |
53 | else | |
54 | return __des_crypt(key, salt); | |
55 | } | |
56 | ||
57 | /* Here is the des crypt() stuff */ | |
58 | ||
59 | /* | |
60 | * FreeSec: libcrypt for NetBSD | |
61 | * | |
62 | * Copyright (c) 1994 David Burren | |
63 | * All rights reserved. | |
64 | * | |
65 | * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet | |
66 | * this file should now *only* export crypt(), in order to make | |
67 | * binaries of libcrypt exportable from the USA | |
68 | * | |
69 | * Adapted for FreeBSD-4.0 by Mark R V Murray | |
70 | * this file should now *only* export crypt_des(), in order to make | |
71 | * a module that can be optionally included in libcrypt. | |
72 | * | |
73 | * Redistribution and use in source and binary forms, with or without | |
74 | * modification, are permitted provided that the following conditions | |
75 | * are met: | |
76 | * 1. Redistributions of source code must retain the above copyright | |
77 | * notice, this list of conditions and the following disclaimer. | |
78 | * 2. Redistributions in binary form must reproduce the above copyright | |
79 | * notice, this list of conditions and the following disclaimer in the | |
80 | * documentation and/or other materials provided with the distribution. | |
81 | * 3. Neither the name of the author nor the names of other contributors | |
82 | * may be used to endorse or promote products derived from this software | |
83 | * without specific prior written permission. | |
84 | * | |
85 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | |
86 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
87 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
88 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
89 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
90 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
91 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
92 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
93 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
94 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
95 | * SUCH DAMAGE. | |
96 | * | |
97 | * This is an original implementation of the DES and the crypt(3) interfaces | |
98 | * by David Burren <davidb@werj.com.au>. | |
99 | * | |
100 | * An excellent reference on the underlying algorithm (and related | |
101 | * algorithms) is: | |
102 | * | |
103 | * B. Schneier, Applied Cryptography: protocols, algorithms, | |
104 | * and source code in C, John Wiley & Sons, 1994. | |
105 | * | |
106 | * Note that in that book's description of DES the lookups for the initial, | |
107 | * pbox, and final permutations are inverted (this has been brought to the | |
108 | * attention of the author). A list of errata for this book has been | |
109 | * posted to the sci.crypt newsgroup by the author and is available for FTP. | |
110 | * | |
111 | * ARCHITECTURE ASSUMPTIONS: | |
112 | * It is assumed that the 8-byte arrays passed by reference can be | |
a9fb3ed0 | 113 | * addressed as arrays of uint32_t's (ie. the CPU is not picky about |
db137867 AC |
114 | * alignment). |
115 | */ | |
116 | ||
117 | ||
118 | /* Re-entrantify me -- all this junk needs to be in | |
119 | * struct crypt_data to make this really reentrant... */ | |
3202e249 VY |
120 | static uint8_t inv_key_perm[64]; |
121 | static uint8_t inv_comp_perm[56]; | |
122 | static uint8_t u_sbox[8][64]; | |
123 | static uint8_t un_pbox[32]; | |
a9fb3ed0 VY |
124 | static uint32_t en_keysl[16], en_keysr[16]; |
125 | static uint32_t de_keysl[16], de_keysr[16]; | |
126 | static uint32_t ip_maskl[8][256], ip_maskr[8][256]; | |
127 | static uint32_t fp_maskl[8][256], fp_maskr[8][256]; | |
128 | static uint32_t key_perm_maskl[8][128], key_perm_maskr[8][128]; | |
129 | static uint32_t comp_maskl[8][128], comp_maskr[8][128]; | |
130 | static uint32_t saltbits; | |
131 | static uint32_t old_salt; | |
132 | static uint32_t old_rawkey0, old_rawkey1; | |
db137867 AC |
133 | |
134 | ||
135 | /* Static stuff that stays resident and doesn't change after | |
136 | * being initialized, and therefore doesn't need to be made | |
137 | * reentrant. */ | |
3202e249 VY |
138 | static uint8_t init_perm[64], final_perm[64]; |
139 | static uint8_t m_sbox[4][4096]; | |
a9fb3ed0 | 140 | static uint32_t psbox[4][256]; |
db137867 AC |
141 | |
142 | ||
143 | ||
144 | ||
145 | /* A pile of data */ | |
3202e249 | 146 | static const uint8_t ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
db137867 | 147 | |
3202e249 VY |
148 | static const uint8_t IP[64] = { |
149 | 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, | |
150 | 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, | |
151 | 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, | |
152 | 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 | |
db137867 AC |
153 | }; |
154 | ||
3202e249 VY |
155 | static const uint8_t key_perm[56] = { |
156 | 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, | |
157 | 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, | |
158 | 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, | |
159 | 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 | |
db137867 AC |
160 | }; |
161 | ||
3202e249 | 162 | static const uint8_t key_shifts[16] = { |
db137867 AC |
163 | 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 |
164 | }; | |
165 | ||
3202e249 VY |
166 | static const uint8_t comp_perm[48] = { |
167 | 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, | |
168 | 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, | |
db137867 AC |
169 | 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, |
170 | 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 | |
171 | }; | |
172 | ||
173 | /* | |
174 | * No E box is used, as it's replaced by some ANDs, shifts, and ORs. | |
175 | */ | |
176 | ||
3202e249 | 177 | static const uint8_t sbox[8][64] = { |
db137867 | 178 | { |
3202e249 VY |
179 | 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7, |
180 | 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8, | |
181 | 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0, | |
182 | 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13}, | |
db137867 | 183 | { |
3202e249 VY |
184 | 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10, |
185 | 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5, | |
186 | 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15, | |
187 | 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9}, | |
db137867 | 188 | { |
3202e249 VY |
189 | 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8, |
190 | 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1, | |
191 | 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7, | |
192 | 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12}, | |
db137867 | 193 | { |
3202e249 VY |
194 | 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15, |
195 | 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9, | |
196 | 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4, | |
197 | 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14}, | |
db137867 | 198 | { |
3202e249 VY |
199 | 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9, |
200 | 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6, | |
201 | 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14, | |
202 | 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3}, | |
db137867 | 203 | { |
3202e249 VY |
204 | 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11, |
205 | 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8, | |
206 | 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6, | |
207 | 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13}, | |
db137867 | 208 | { |
3202e249 VY |
209 | 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1, |
210 | 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6, | |
211 | 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2, | |
212 | 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12}, | |
db137867 | 213 | { |
3202e249 VY |
214 | 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7, |
215 | 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2, | |
216 | 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8, | |
217 | 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11} | |
db137867 AC |
218 | }; |
219 | ||
3202e249 VY |
220 | static const uint8_t pbox[32] = { |
221 | 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, | |
222 | 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 | |
db137867 AC |
223 | }; |
224 | ||
3202e249 | 225 | static const uint32_t bits32[32] = { |
db137867 AC |
226 | 0x80000000, 0x40000000, 0x20000000, 0x10000000, |
227 | 0x08000000, 0x04000000, 0x02000000, 0x01000000, | |
228 | 0x00800000, 0x00400000, 0x00200000, 0x00100000, | |
229 | 0x00080000, 0x00040000, 0x00020000, 0x00010000, | |
230 | 0x00008000, 0x00004000, 0x00002000, 0x00001000, | |
231 | 0x00000800, 0x00000400, 0x00000200, 0x00000100, | |
232 | 0x00000080, 0x00000040, 0x00000020, 0x00000010, | |
233 | 0x00000008, 0x00000004, 0x00000002, 0x00000001 | |
234 | }; | |
235 | ||
3202e249 VY |
236 | static const uint8_t bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 }; |
237 | ||
a9fb3ed0 | 238 | static const uint32_t *bits28, *bits24; |
db137867 AC |
239 | |
240 | ||
3202e249 | 241 | static int |
db137867 AC |
242 | ascii_to_bin(char ch) |
243 | { | |
3202e249 VY |
244 | if(ch > 'z') |
245 | return (0); | |
246 | if(ch >= 'a') | |
247 | return (ch - 'a' + 38); | |
248 | if(ch > 'Z') | |
249 | return (0); | |
250 | if(ch >= 'A') | |
251 | return (ch - 'A' + 12); | |
252 | if(ch > '9') | |
253 | return (0); | |
254 | if(ch >= '.') | |
255 | return (ch - '.'); | |
256 | return (0); | |
db137867 AC |
257 | } |
258 | ||
259 | static void | |
260 | des_init(void) | |
261 | { | |
3202e249 VY |
262 | int i, j, b, k, inbit, obit; |
263 | uint32_t *p, *il, *ir, *fl, *fr; | |
db137867 AC |
264 | static int des_initialised = 0; |
265 | ||
3202e249 VY |
266 | if(des_initialised == 1) |
267 | return; | |
db137867 AC |
268 | |
269 | old_rawkey0 = old_rawkey1 = 0L; | |
270 | saltbits = 0L; | |
271 | old_salt = 0L; | |
272 | bits24 = (bits28 = bits32 + 4) + 4; | |
273 | ||
274 | /* | |
275 | * Invert the S-boxes, reordering the input bits. | |
276 | */ | |
3202e249 VY |
277 | for(i = 0; i < 8; i++) |
278 | for(j = 0; j < 64; j++) | |
279 | { | |
db137867 AC |
280 | b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf); |
281 | u_sbox[i][j] = sbox[i][b]; | |
282 | } | |
283 | ||
284 | /* | |
285 | * Convert the inverted S-boxes into 4 arrays of 8 bits. | |
286 | * Each will handle 12 bits of the S-box input. | |
287 | */ | |
3202e249 VY |
288 | for(b = 0; b < 4; b++) |
289 | for(i = 0; i < 64; i++) | |
290 | for(j = 0; j < 64; j++) | |
db137867 | 291 | m_sbox[b][(i << 6) | j] = |
3202e249 VY |
292 | (uint8_t)((u_sbox[(b << 1)][i] << 4) | |
293 | u_sbox[(b << 1) + 1][j]); | |
db137867 AC |
294 | |
295 | /* | |
296 | * Set up the initial & final permutations into a useful form, and | |
297 | * initialise the inverted key permutation. | |
298 | */ | |
3202e249 VY |
299 | for(i = 0; i < 64; i++) |
300 | { | |
301 | init_perm[final_perm[i] = IP[i] - 1] = (uint8_t)i; | |
db137867 AC |
302 | inv_key_perm[i] = 255; |
303 | } | |
304 | ||
305 | /* | |
306 | * Invert the key permutation and initialise the inverted key | |
307 | * compression permutation. | |
308 | */ | |
3202e249 VY |
309 | for(i = 0; i < 56; i++) |
310 | { | |
311 | inv_key_perm[key_perm[i] - 1] = (uint8_t)i; | |
db137867 AC |
312 | inv_comp_perm[i] = 255; |
313 | } | |
314 | ||
315 | /* | |
316 | * Invert the key compression permutation. | |
317 | */ | |
3202e249 VY |
318 | for(i = 0; i < 48; i++) |
319 | { | |
320 | inv_comp_perm[comp_perm[i] - 1] = (uint8_t)i; | |
db137867 AC |
321 | } |
322 | ||
323 | /* | |
324 | * Set up the OR-mask arrays for the initial and final permutations, | |
325 | * and for the key initial and compression permutations. | |
326 | */ | |
3202e249 VY |
327 | for(k = 0; k < 8; k++) |
328 | { | |
329 | for(i = 0; i < 256; i++) | |
330 | { | |
db137867 AC |
331 | *(il = &ip_maskl[k][i]) = 0L; |
332 | *(ir = &ip_maskr[k][i]) = 0L; | |
333 | *(fl = &fp_maskl[k][i]) = 0L; | |
334 | *(fr = &fp_maskr[k][i]) = 0L; | |
3202e249 VY |
335 | for(j = 0; j < 8; j++) |
336 | { | |
db137867 | 337 | inbit = 8 * k + j; |
3202e249 VY |
338 | if(i & bits8[j]) |
339 | { | |
340 | if((obit = init_perm[inbit]) < 32) | |
db137867 AC |
341 | *il |= bits32[obit]; |
342 | else | |
3202e249 VY |
343 | *ir |= bits32[obit - 32]; |
344 | if((obit = final_perm[inbit]) < 32) | |
db137867 AC |
345 | *fl |= bits32[obit]; |
346 | else | |
347 | *fr |= bits32[obit - 32]; | |
348 | } | |
349 | } | |
350 | } | |
3202e249 VY |
351 | for(i = 0; i < 128; i++) |
352 | { | |
db137867 AC |
353 | *(il = &key_perm_maskl[k][i]) = 0L; |
354 | *(ir = &key_perm_maskr[k][i]) = 0L; | |
3202e249 VY |
355 | for(j = 0; j < 7; j++) |
356 | { | |
db137867 | 357 | inbit = 8 * k + j; |
3202e249 VY |
358 | if(i & bits8[j + 1]) |
359 | { | |
360 | if((obit = inv_key_perm[inbit]) == 255) | |
db137867 | 361 | continue; |
3202e249 | 362 | if(obit < 28) |
db137867 AC |
363 | *il |= bits28[obit]; |
364 | else | |
365 | *ir |= bits28[obit - 28]; | |
366 | } | |
367 | } | |
368 | *(il = &comp_maskl[k][i]) = 0L; | |
369 | *(ir = &comp_maskr[k][i]) = 0L; | |
3202e249 VY |
370 | for(j = 0; j < 7; j++) |
371 | { | |
db137867 | 372 | inbit = 7 * k + j; |
3202e249 VY |
373 | if(i & bits8[j + 1]) |
374 | { | |
375 | if((obit = inv_comp_perm[inbit]) == 255) | |
db137867 | 376 | continue; |
3202e249 | 377 | if(obit < 24) |
db137867 AC |
378 | *il |= bits24[obit]; |
379 | else | |
380 | *ir |= bits24[obit - 24]; | |
381 | } | |
382 | } | |
383 | } | |
384 | } | |
385 | ||
386 | /* | |
387 | * Invert the P-box permutation, and convert into OR-masks for | |
388 | * handling the output of the S-box arrays setup above. | |
389 | */ | |
3202e249 VY |
390 | for(i = 0; i < 32; i++) |
391 | un_pbox[pbox[i] - 1] = (uint8_t)i; | |
db137867 | 392 | |
3202e249 VY |
393 | for(b = 0; b < 4; b++) |
394 | for(i = 0; i < 256; i++) | |
395 | { | |
db137867 | 396 | *(p = &psbox[b][i]) = 0L; |
3202e249 VY |
397 | for(j = 0; j < 8; j++) |
398 | { | |
399 | if(i & bits8[j]) | |
db137867 AC |
400 | *p |= bits32[un_pbox[8 * b + j]]; |
401 | } | |
402 | } | |
403 | ||
404 | des_initialised = 1; | |
405 | } | |
406 | ||
407 | ||
408 | static void | |
409 | setup_salt(long salt) | |
410 | { | |
3202e249 VY |
411 | uint32_t obit, saltbit; |
412 | int i; | |
db137867 | 413 | |
3202e249 | 414 | if(salt == (long)old_salt) |
db137867 AC |
415 | return; |
416 | old_salt = salt; | |
417 | ||
418 | saltbits = 0L; | |
419 | saltbit = 1; | |
420 | obit = 0x800000; | |
3202e249 VY |
421 | for(i = 0; i < 24; i++) |
422 | { | |
423 | if(salt & saltbit) | |
db137867 AC |
424 | saltbits |= obit; |
425 | saltbit <<= 1; | |
426 | obit >>= 1; | |
427 | } | |
428 | } | |
429 | ||
430 | ||
431 | static int | |
432 | des_setkey(const char *key) | |
433 | { | |
3202e249 VY |
434 | uint32_t k0, k1, rawkey0, rawkey1; |
435 | int shifts, round; | |
db137867 AC |
436 | |
437 | des_init(); | |
438 | ||
3202e249 VY |
439 | rawkey0 = ntohl(*(const uint32_t *)key); |
440 | rawkey1 = ntohl(*(const uint32_t *)(key + 4)); | |
db137867 | 441 | |
3202e249 VY |
442 | if((rawkey0 | rawkey1) && rawkey0 == old_rawkey0 && rawkey1 == old_rawkey1) |
443 | { | |
db137867 AC |
444 | /* |
445 | * Already setup for this key. | |
446 | * This optimisation fails on a zero key (which is weak and | |
447 | * has bad parity anyway) in order to simplify the starting | |
448 | * conditions. | |
449 | */ | |
3202e249 | 450 | return (0); |
db137867 AC |
451 | } |
452 | old_rawkey0 = rawkey0; | |
453 | old_rawkey1 = rawkey1; | |
454 | ||
455 | /* | |
3202e249 | 456 | * Do key permutation and split into two 28-bit subkeys. |
db137867 AC |
457 | */ |
458 | k0 = key_perm_maskl[0][rawkey0 >> 25] | |
3202e249 VY |
459 | | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f] |
460 | | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f] | |
461 | | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f] | |
462 | | key_perm_maskl[4][rawkey1 >> 25] | |
463 | | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f] | |
464 | | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f] | |
465 | | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f]; | |
db137867 | 466 | k1 = key_perm_maskr[0][rawkey0 >> 25] |
3202e249 VY |
467 | | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f] |
468 | | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f] | |
469 | | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f] | |
470 | | key_perm_maskr[4][rawkey1 >> 25] | |
471 | | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f] | |
472 | | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f] | |
473 | | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f]; | |
db137867 | 474 | /* |
3202e249 | 475 | * Rotate subkeys and do compression permutation. |
db137867 AC |
476 | */ |
477 | shifts = 0; | |
3202e249 VY |
478 | for(round = 0; round < 16; round++) |
479 | { | |
480 | uint32_t t0, t1; | |
db137867 AC |
481 | |
482 | shifts += key_shifts[round]; | |
483 | ||
484 | t0 = (k0 << shifts) | (k0 >> (28 - shifts)); | |
485 | t1 = (k1 << shifts) | (k1 >> (28 - shifts)); | |
486 | ||
487 | de_keysl[15 - round] = | |
3202e249 VY |
488 | en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f] |
489 | | comp_maskl[1][(t0 >> 14) & 0x7f] | |
490 | | comp_maskl[2][(t0 >> 7) & 0x7f] | |
491 | | comp_maskl[3][t0 & 0x7f] | |
492 | | comp_maskl[4][(t1 >> 21) & 0x7f] | |
493 | | comp_maskl[5][(t1 >> 14) & 0x7f] | |
494 | | comp_maskl[6][(t1 >> 7) & 0x7f] | comp_maskl[7][t1 & 0x7f]; | |
db137867 AC |
495 | |
496 | de_keysr[15 - round] = | |
3202e249 VY |
497 | en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f] |
498 | | comp_maskr[1][(t0 >> 14) & 0x7f] | |
499 | | comp_maskr[2][(t0 >> 7) & 0x7f] | |
500 | | comp_maskr[3][t0 & 0x7f] | |
501 | | comp_maskr[4][(t1 >> 21) & 0x7f] | |
502 | | comp_maskr[5][(t1 >> 14) & 0x7f] | |
503 | | comp_maskr[6][(t1 >> 7) & 0x7f] | comp_maskr[7][t1 & 0x7f]; | |
db137867 | 504 | } |
3202e249 | 505 | return (0); |
db137867 AC |
506 | } |
507 | ||
508 | ||
509 | static int | |
3202e249 | 510 | do_des(uint32_t l_in, uint32_t r_in, uint32_t *l_out, uint32_t *r_out, int count) |
db137867 AC |
511 | { |
512 | /* | |
3202e249 | 513 | * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. |
db137867 | 514 | */ |
3202e249 VY |
515 | uint32_t l, r, *kl, *kr, *kl1, *kr1; |
516 | uint32_t f, r48l, r48r; | |
517 | int round; | |
db137867 | 518 | |
3202e249 VY |
519 | if(count == 0) |
520 | { | |
521 | return (1); | |
522 | } | |
523 | else if(count > 0) | |
524 | { | |
db137867 AC |
525 | /* |
526 | * Encrypting | |
527 | */ | |
528 | kl1 = en_keysl; | |
529 | kr1 = en_keysr; | |
3202e249 VY |
530 | } |
531 | else | |
532 | { | |
db137867 AC |
533 | /* |
534 | * Decrypting | |
535 | */ | |
536 | count = -count; | |
537 | kl1 = de_keysl; | |
538 | kr1 = de_keysr; | |
539 | } | |
540 | ||
541 | /* | |
3202e249 | 542 | * Do initial permutation (IP). |
db137867 AC |
543 | */ |
544 | l = ip_maskl[0][l_in >> 24] | |
3202e249 VY |
545 | | ip_maskl[1][(l_in >> 16) & 0xff] |
546 | | ip_maskl[2][(l_in >> 8) & 0xff] | |
547 | | ip_maskl[3][l_in & 0xff] | |
548 | | ip_maskl[4][r_in >> 24] | |
549 | | ip_maskl[5][(r_in >> 16) & 0xff] | |
550 | | ip_maskl[6][(r_in >> 8) & 0xff] | ip_maskl[7][r_in & 0xff]; | |
db137867 | 551 | r = ip_maskr[0][l_in >> 24] |
3202e249 VY |
552 | | ip_maskr[1][(l_in >> 16) & 0xff] |
553 | | ip_maskr[2][(l_in >> 8) & 0xff] | |
554 | | ip_maskr[3][l_in & 0xff] | |
555 | | ip_maskr[4][r_in >> 24] | |
556 | | ip_maskr[5][(r_in >> 16) & 0xff] | |
557 | | ip_maskr[6][(r_in >> 8) & 0xff] | ip_maskr[7][r_in & 0xff]; | |
558 | ||
559 | while(count--) | |
560 | { | |
db137867 AC |
561 | /* |
562 | * Do each round. | |
563 | */ | |
564 | kl = kl1; | |
565 | kr = kr1; | |
566 | round = 16; | |
3202e249 VY |
567 | while(round--) |
568 | { | |
db137867 AC |
569 | /* |
570 | * Expand R to 48 bits (simulate the E-box). | |
571 | */ | |
3202e249 | 572 | r48l = ((r & 0x00000001) << 23) |
db137867 AC |
573 | | ((r & 0xf8000000) >> 9) |
574 | | ((r & 0x1f800000) >> 11) | |
3202e249 | 575 | | ((r & 0x01f80000) >> 13) | ((r & 0x001f8000) >> 15); |
db137867 | 576 | |
3202e249 | 577 | r48r = ((r & 0x0001f800) << 7) |
db137867 AC |
578 | | ((r & 0x00001f80) << 5) |
579 | | ((r & 0x000001f8) << 3) | |
3202e249 | 580 | | ((r & 0x0000001f) << 1) | ((r & 0x80000000) >> 31); |
db137867 AC |
581 | /* |
582 | * Do salting for crypt() and friends, and | |
583 | * XOR with the permuted key. | |
584 | */ | |
585 | f = (r48l ^ r48r) & saltbits; | |
586 | r48l ^= f ^ *kl++; | |
587 | r48r ^= f ^ *kr++; | |
588 | /* | |
589 | * Do sbox lookups (which shrink it back to 32 bits) | |
590 | * and do the pbox permutation at the same time. | |
591 | */ | |
592 | f = psbox[0][m_sbox[0][r48l >> 12]] | |
3202e249 VY |
593 | | psbox[1][m_sbox[1][r48l & 0xfff]] |
594 | | psbox[2][m_sbox[2][r48r >> 12]] | |
595 | | psbox[3][m_sbox[3][r48r & 0xfff]]; | |
db137867 AC |
596 | /* |
597 | * Now that we've permuted things, complete f(). | |
598 | */ | |
599 | f ^= l; | |
600 | l = r; | |
601 | r = f; | |
602 | } | |
603 | r = l; | |
604 | l = f; | |
605 | } | |
606 | /* | |
607 | * Do final permutation (inverse of IP). | |
608 | */ | |
3202e249 | 609 | *l_out = fp_maskl[0][l >> 24] |
db137867 AC |
610 | | fp_maskl[1][(l >> 16) & 0xff] |
611 | | fp_maskl[2][(l >> 8) & 0xff] | |
612 | | fp_maskl[3][l & 0xff] | |
613 | | fp_maskl[4][r >> 24] | |
614 | | fp_maskl[5][(r >> 16) & 0xff] | |
3202e249 VY |
615 | | fp_maskl[6][(r >> 8) & 0xff] | fp_maskl[7][r & 0xff]; |
616 | *r_out = fp_maskr[0][l >> 24] | |
db137867 AC |
617 | | fp_maskr[1][(l >> 16) & 0xff] |
618 | | fp_maskr[2][(l >> 8) & 0xff] | |
619 | | fp_maskr[3][l & 0xff] | |
620 | | fp_maskr[4][r >> 24] | |
621 | | fp_maskr[5][(r >> 16) & 0xff] | |
3202e249 VY |
622 | | fp_maskr[6][(r >> 8) & 0xff] | fp_maskr[7][r & 0xff]; |
623 | return (0); | |
db137867 AC |
624 | } |
625 | ||
626 | ||
627 | #if 0 | |
628 | static int | |
a9fb3ed0 | 629 | des_cipher(const char *in, char *out, uint32_t salt, int count) |
db137867 | 630 | { |
3202e249 VY |
631 | uint32_t l_out, r_out, rawl, rawr; |
632 | int retval; | |
633 | union | |
634 | { | |
635 | uint32_t *ui32; | |
636 | const char *c; | |
db137867 AC |
637 | } trans; |
638 | ||
639 | des_init(); | |
640 | ||
641 | setup_salt(salt); | |
642 | ||
643 | trans.c = in; | |
644 | rawl = ntohl(*trans.ui32++); | |
645 | rawr = ntohl(*trans.ui32); | |
646 | ||
647 | retval = do_des(rawl, rawr, &l_out, &r_out, count); | |
648 | ||
649 | trans.c = out; | |
650 | *trans.ui32++ = htonl(l_out); | |
651 | *trans.ui32 = htonl(r_out); | |
3202e249 | 652 | return (retval); |
db137867 AC |
653 | } |
654 | #endif | |
655 | ||
656 | #if 0 | |
657 | void | |
658 | setkey(const char *key) | |
659 | { | |
3202e249 VY |
660 | int i, j; |
661 | uint32_t packed_keys[2]; | |
662 | uint8_t *p; | |
db137867 | 663 | |
3202e249 | 664 | p = (uint8_t *)packed_keys; |
db137867 | 665 | |
3202e249 VY |
666 | for(i = 0; i < 8; i++) |
667 | { | |
db137867 | 668 | p[i] = 0; |
3202e249 VY |
669 | for(j = 0; j < 8; j++) |
670 | if(*key++ & 1) | |
db137867 AC |
671 | p[i] |= bits8[j]; |
672 | } | |
673 | des_setkey((char *)p); | |
674 | } | |
675 | ||
676 | ||
677 | void | |
678 | encrypt(char *block, int flag) | |
679 | { | |
3202e249 VY |
680 | uint32_t io[2]; |
681 | uint8_t *p; | |
682 | int i, j; | |
db137867 AC |
683 | |
684 | des_init(); | |
685 | ||
686 | setup_salt(0L); | |
3202e249 VY |
687 | p = (uint8_t *)block; |
688 | for(i = 0; i < 2; i++) | |
689 | { | |
db137867 | 690 | io[i] = 0L; |
3202e249 VY |
691 | for(j = 0; j < 32; j++) |
692 | if(*p++ & 1) | |
db137867 AC |
693 | io[i] |= bits32[j]; |
694 | } | |
695 | do_des(io[0], io[1], io, io + 1, flag ? -1 : 1); | |
3202e249 VY |
696 | for(i = 0; i < 2; i++) |
697 | for(j = 0; j < 32; j++) | |
db137867 AC |
698 | block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0; |
699 | } | |
700 | #endif | |
701 | ||
702 | static char * | |
703 | __des_crypt(const char *key, const char *setting) | |
704 | { | |
3202e249 VY |
705 | uint32_t count, salt, l, r0, r1, keybuf[2]; |
706 | uint8_t *p, *q; | |
707 | static char output[21]; | |
db137867 AC |
708 | |
709 | des_init(); | |
710 | ||
711 | /* | |
712 | * Copy the key, shifting each character up by one bit | |
713 | * and padding with zeros. | |
714 | */ | |
3202e249 VY |
715 | q = (uint8_t *)keybuf; |
716 | while(q - (uint8_t *)keybuf - 8) | |
717 | { | |
db137867 | 718 | *q++ = *key << 1; |
3202e249 | 719 | if(*(q - 1)) |
db137867 AC |
720 | key++; |
721 | } | |
3202e249 VY |
722 | if(des_setkey((char *)keybuf)) |
723 | return (NULL); | |
db137867 AC |
724 | |
725 | #if 0 | |
3202e249 VY |
726 | if(*setting == _PASSWORD_EFMT1) |
727 | { | |
728 | int i; | |
db137867 AC |
729 | /* |
730 | * "new"-style: | |
3202e249 VY |
731 | * setting - underscore, 4 bytes of count, 4 bytes of salt |
732 | * key - unlimited characters | |
db137867 | 733 | */ |
3202e249 | 734 | for(i = 1, count = 0L; i < 5; i++) |
db137867 AC |
735 | count |= ascii_to_bin(setting[i]) << ((i - 1) * 6); |
736 | ||
3202e249 | 737 | for(i = 5, salt = 0L; i < 9; i++) |
db137867 AC |
738 | salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6); |
739 | ||
3202e249 VY |
740 | while(*key) |
741 | { | |
db137867 AC |
742 | /* |
743 | * Encrypt the key with itself. | |
744 | */ | |
3202e249 VY |
745 | if(des_cipher((char *)keybuf, (char *)keybuf, 0L, 1)) |
746 | return (NULL); | |
db137867 AC |
747 | /* |
748 | * And XOR with the next 8 characters of the key. | |
749 | */ | |
3202e249 VY |
750 | q = (uint8_t *)keybuf; |
751 | while(q - (uint8_t *)keybuf - 8 && *key) | |
db137867 AC |
752 | *q++ ^= *key++ << 1; |
753 | ||
3202e249 VY |
754 | if(des_setkey((char *)keybuf)) |
755 | return (NULL); | |
db137867 AC |
756 | } |
757 | strncpy(output, setting, 9); | |
758 | ||
759 | /* | |
760 | * Double check that we weren't given a short setting. | |
761 | * If we were, the above code will probably have created | |
762 | * wierd values for count and salt, but we don't really care. | |
763 | * Just make sure the output string doesn't have an extra | |
764 | * NUL in it. | |
765 | */ | |
766 | output[9] = '\0'; | |
3202e249 VY |
767 | p = (uint8_t *)output + strlen(output); |
768 | } | |
769 | else | |
db137867 AC |
770 | #endif |
771 | { | |
772 | /* | |
773 | * "old"-style: | |
3202e249 VY |
774 | * setting - 2 bytes of salt |
775 | * key - up to 8 characters | |
db137867 AC |
776 | */ |
777 | count = 25; | |
778 | ||
3202e249 | 779 | salt = (ascii_to_bin(setting[1]) << 6) | ascii_to_bin(setting[0]); |
db137867 AC |
780 | |
781 | output[0] = setting[0]; | |
782 | /* | |
783 | * If the encrypted password that the salt was extracted from | |
784 | * is only 1 character long, the salt will be corrupted. We | |
785 | * need to ensure that the output string doesn't have an extra | |
786 | * NUL in it! | |
787 | */ | |
788 | output[1] = setting[1] ? setting[1] : output[0]; | |
789 | ||
3202e249 | 790 | p = (uint8_t *)output + 2; |
db137867 AC |
791 | } |
792 | setup_salt(salt); | |
793 | /* | |
794 | * Do it. | |
795 | */ | |
3202e249 VY |
796 | if(do_des(0L, 0L, &r0, &r1, (int)count)) |
797 | return (NULL); | |
db137867 AC |
798 | /* |
799 | * Now encode the result... | |
800 | */ | |
801 | l = (r0 >> 8); | |
802 | *p++ = ascii64[(l >> 18) & 0x3f]; | |
803 | *p++ = ascii64[(l >> 12) & 0x3f]; | |
804 | *p++ = ascii64[(l >> 6) & 0x3f]; | |
805 | *p++ = ascii64[l & 0x3f]; | |
806 | ||
807 | l = (r0 << 16) | ((r1 >> 16) & 0xffff); | |
808 | *p++ = ascii64[(l >> 18) & 0x3f]; | |
809 | *p++ = ascii64[(l >> 12) & 0x3f]; | |
810 | *p++ = ascii64[(l >> 6) & 0x3f]; | |
811 | *p++ = ascii64[l & 0x3f]; | |
812 | ||
813 | l = r1 << 2; | |
814 | *p++ = ascii64[(l >> 12) & 0x3f]; | |
815 | *p++ = ascii64[(l >> 6) & 0x3f]; | |
816 | *p++ = ascii64[l & 0x3f]; | |
817 | *p = 0; | |
818 | ||
3202e249 | 819 | return (output); |
db137867 AC |
820 | } |
821 | ||
822 | /* Now md5 crypt */ | |
823 | ||
824 | /* | |
825 | * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm | |
826 | * | |
827 | * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All | |
828 | * rights reserved. | |
829 | * | |
830 | * License to copy and use this software is granted provided that it | |
831 | * is identified as the "RSA Data Security, Inc. MD5 Message-Digest | |
832 | * Algorithm" in all material mentioning or referencing this software | |
833 | * or this function. | |
834 | * | |
835 | * License is also granted to make and use derivative works provided | |
836 | * that such works are identified as "derived from the RSA Data | |
837 | * Security, Inc. MD5 Message-Digest Algorithm" in all material | |
838 | * mentioning or referencing the derived work. | |
839 | * | |
840 | * RSA Data Security, Inc. makes no representations concerning either | |
841 | * the merchantability of this software or the suitability of this | |
842 | * software for any particular purpose. It is provided "as is" | |
843 | * without express or implied warranty of any kind. | |
844 | * | |
845 | * These notices must be retained in any copies of any part of this | |
846 | * documentation and/or software. | |
847 | * | |
848 | * $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $ | |
849 | * | |
850 | * This code is the same as the code published by RSA Inc. It has been | |
851 | * edited for clarity and style only. | |
852 | * | |
853 | * ---------------------------------------------------------------------------- | |
854 | * The md5_crypt() function was taken from freeBSD's libcrypt and contains | |
855 | * this license: | |
856 | * "THE BEER-WARE LICENSE" (Revision 42): | |
857 | * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you | |
858 | * can do whatever you want with this stuff. If we meet some day, and you think | |
859 | * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp | |
860 | * | |
861 | * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $ | |
862 | * | |
863 | * ---------------------------------------------------------------------------- | |
864 | * On April 19th, 2001 md5_crypt() was modified to make it reentrant | |
865 | * by Erik Andersen <andersen@uclibc.org> | |
866 | * | |
867 | * | |
868 | * June 28, 2001 Manuel Novoa III | |
869 | * | |
870 | * "Un-inlined" code using loops and static const tables in order to | |
871 | * reduce generated code size (on i386 from approx 4k to approx 2.5k). | |
872 | * | |
873 | * June 29, 2001 Manuel Novoa III | |
874 | * | |
875 | * Completely removed static PADDING array. | |
876 | * | |
877 | * Reintroduced the loop unrolling in MD5_Transform and added the | |
878 | * MD5_SIZE_OVER_SPEED option for configurability. Define below as: | |
879 | * 0 fully unrolled loops | |
880 | * 1 partially unrolled (4 ops per loop) | |
881 | * 2 no unrolling -- introduces the need to swap 4 variables (slow) | |
882 | * 3 no unrolling and all 4 loops merged into one with switch | |
883 | * in each loop (glacial) | |
884 | * On i386, sizes are roughly (-Os -fno-builtin): | |
885 | * 0: 3k 1: 2.5k 2: 2.2k 3: 2k | |
886 | * | |
887 | * | |
888 | * Since SuSv3 does not require crypt_r, modified again August 7, 2002 | |
889 | * by Erik Andersen to remove reentrance stuff... | |
890 | */ | |
891 | ||
892 | /* | |
893 | * Valid values are 1 (fastest/largest) to 3 (smallest/slowest). | |
894 | */ | |
895 | #define MD5_SIZE_OVER_SPEED 1 | |
896 | ||
897 | /**********************************************************************/ | |
898 | ||
899 | /* MD5 context. */ | |
3202e249 VY |
900 | struct MD5Context |
901 | { | |
902 | uint32_t state[4]; /* state (ABCD) */ | |
903 | uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */ | |
904 | unsigned char buffer[64]; /* input buffer */ | |
db137867 AC |
905 | }; |
906 | ||
3202e249 VY |
907 | static void __md5_Init(struct MD5Context *); |
908 | static void __md5_Update(struct MD5Context *, const char *, unsigned int); | |
909 | static void __md5_Pad(struct MD5Context *); | |
910 | static void __md5_Final(char[16], struct MD5Context *); | |
911 | static void __md5_Transform(uint32_t[4], const unsigned char[64]); | |
db137867 AC |
912 | |
913 | ||
914 | static const char __md5__magic[] = "$1$"; /* This string is magic for this algorithm. Having | |
915 | it this way, we can get better later on */ | |
3202e249 | 916 | static const unsigned char __md5_itoa64[] = /* 0 ... 63 => ascii - 64 */ |
db137867 AC |
917 | "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; |
918 | ||
919 | ||
920 | ||
921 | #ifdef i386 | |
922 | #define __md5_Encode memcpy | |
923 | #define __md5_Decode memcpy | |
924 | #else /* i386 */ | |
925 | ||
926 | /* | |
a9fb3ed0 | 927 | * __md5_Encodes input (uint32_t) into output (unsigned char). Assumes len is |
db137867 AC |
928 | * a multiple of 4. |
929 | */ | |
930 | ||
931 | static void | |
3202e249 | 932 | __md5_Encode(unsigned char *output, uint32_t *input, unsigned int len) |
db137867 AC |
933 | { |
934 | unsigned int i, j; | |
935 | ||
3202e249 VY |
936 | for(i = 0, j = 0; j < len; i++, j += 4) |
937 | { | |
db137867 | 938 | output[j] = (unsigned char)(input[i] & 0xff); |
3202e249 VY |
939 | output[j + 1] = (unsigned char)((input[i] >> 8) & 0xff); |
940 | output[j + 2] = (unsigned char)((input[i] >> 16) & 0xff); | |
941 | output[j + 3] = (unsigned char)((input[i] >> 24) & 0xff); | |
db137867 AC |
942 | } |
943 | } | |
944 | ||
945 | /* | |
a9fb3ed0 | 946 | * __md5_Decodes input (unsigned char) into output (uint32_t). Assumes len is |
db137867 AC |
947 | * a multiple of 4. |
948 | */ | |
949 | ||
950 | static void | |
3202e249 | 951 | __md5_Decode(uint32_t *output, const unsigned char *input, unsigned int len) |
db137867 AC |
952 | { |
953 | unsigned int i, j; | |
954 | ||
3202e249 VY |
955 | for(i = 0, j = 0; j < len; i++, j += 4) |
956 | output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j + 1]) << 8) | | |
957 | (((uint32_t)input[j + 2]) << 16) | (((uint32_t)input[j + 3]) << 24); | |
db137867 AC |
958 | } |
959 | #endif /* i386 */ | |
960 | ||
961 | /* F, G, H and I are basic MD5 functions. */ | |
962 | #define F(x, y, z) (((x) & (y)) | ((~x) & (z))) | |
963 | #define G(x, y, z) (((x) & (z)) | ((y) & (~z))) | |
964 | #define H(x, y, z) ((x) ^ (y) ^ (z)) | |
965 | #define I(x, y, z) ((y) ^ ((x) | (~z))) | |
966 | ||
967 | /* ROTATE_LEFT rotates x left n bits. */ | |
968 | #define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) | |
969 | ||
970 | /* | |
971 | * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. | |
972 | * Rotation is separate from addition to prevent recomputation. | |
973 | */ | |
974 | #define FF(a, b, c, d, x, s, ac) { \ | |
a9fb3ed0 | 975 | (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \ |
db137867 AC |
976 | (a) = ROTATE_LEFT ((a), (s)); \ |
977 | (a) += (b); \ | |
978 | } | |
979 | #define GG(a, b, c, d, x, s, ac) { \ | |
a9fb3ed0 | 980 | (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \ |
db137867 AC |
981 | (a) = ROTATE_LEFT ((a), (s)); \ |
982 | (a) += (b); \ | |
983 | } | |
984 | #define HH(a, b, c, d, x, s, ac) { \ | |
a9fb3ed0 | 985 | (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \ |
db137867 AC |
986 | (a) = ROTATE_LEFT ((a), (s)); \ |
987 | (a) += (b); \ | |
988 | } | |
989 | #define II(a, b, c, d, x, s, ac) { \ | |
a9fb3ed0 | 990 | (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \ |
db137867 AC |
991 | (a) = ROTATE_LEFT ((a), (s)); \ |
992 | (a) += (b); \ | |
993 | } | |
994 | ||
995 | /* MD5 initialization. Begins an MD5 operation, writing a new context. */ | |
996 | ||
3202e249 VY |
997 | static void |
998 | __md5_Init(struct MD5Context *context) | |
db137867 AC |
999 | { |
1000 | context->count[0] = context->count[1] = 0; | |
1001 | ||
1002 | /* Load magic initialization constants. */ | |
1003 | context->state[0] = 0x67452301; | |
1004 | context->state[1] = 0xefcdab89; | |
1005 | context->state[2] = 0x98badcfe; | |
1006 | context->state[3] = 0x10325476; | |
1007 | } | |
1008 | ||
1009 | /* | |
1010 | * MD5 block update operation. Continues an MD5 message-digest | |
1011 | * operation, processing another message block, and updating the | |
1012 | * context. | |
1013 | */ | |
1014 | ||
3202e249 VY |
1015 | static void |
1016 | __md5_Update(struct MD5Context *context, const char *xinput, unsigned int inputLen) | |
db137867 AC |
1017 | { |
1018 | unsigned int i, lindex, partLen; | |
3202e249 | 1019 | const unsigned char *input = (const unsigned char *)xinput; /* i hate gcc */ |
db137867 AC |
1020 | /* Compute number of bytes mod 64 */ |
1021 | lindex = (unsigned int)((context->count[0] >> 3) & 0x3F); | |
1022 | ||
1023 | /* Update number of bits */ | |
3202e249 | 1024 | if((context->count[0] += ((uint32_t)inputLen << 3)) < ((uint32_t)inputLen << 3)) |
db137867 | 1025 | context->count[1]++; |
a9fb3ed0 | 1026 | context->count[1] += ((uint32_t)inputLen >> 29); |
db137867 AC |
1027 | |
1028 | partLen = 64 - lindex; | |
1029 | ||
1030 | /* Transform as many times as possible. */ | |
3202e249 VY |
1031 | if(inputLen >= partLen) |
1032 | { | |
1033 | memcpy(&context->buffer[lindex], input, partLen); | |
1034 | __md5_Transform(context->state, context->buffer); | |
db137867 | 1035 | |
3202e249 VY |
1036 | for(i = partLen; i + 63 < inputLen; i += 64) |
1037 | __md5_Transform(context->state, &input[i]); | |
db137867 AC |
1038 | |
1039 | lindex = 0; | |
1040 | } | |
1041 | else | |
1042 | i = 0; | |
1043 | ||
1044 | /* Buffer remaining input */ | |
3202e249 | 1045 | memcpy(&context->buffer[lindex], &input[i], inputLen - i); |
db137867 AC |
1046 | } |
1047 | ||
1048 | /* | |
1049 | * MD5 padding. Adds padding followed by original length. | |
1050 | */ | |
1051 | ||
3202e249 VY |
1052 | static void |
1053 | __md5_Pad(struct MD5Context *context) | |
db137867 AC |
1054 | { |
1055 | char bits[8]; | |
1056 | unsigned int lindex, padLen; | |
1057 | char PADDING[64]; | |
1058 | ||
1059 | memset(PADDING, 0, sizeof(PADDING)); | |
1060 | PADDING[0] = 0x80; | |
1061 | ||
1062 | /* Save number of bits */ | |
3202e249 | 1063 | __md5_Encode(bits, context->count, 8); |
db137867 AC |
1064 | |
1065 | /* Pad out to 56 mod 64. */ | |
1066 | lindex = (unsigned int)((context->count[0] >> 3) & 0x3f); | |
1067 | padLen = (lindex < 56) ? (56 - lindex) : (120 - lindex); | |
3202e249 | 1068 | __md5_Update(context, PADDING, padLen); |
db137867 AC |
1069 | |
1070 | /* Append length (before padding) */ | |
3202e249 | 1071 | __md5_Update(context, bits, 8); |
db137867 AC |
1072 | } |
1073 | ||
1074 | /* | |
1075 | * MD5 finalization. Ends an MD5 message-digest operation, writing the | |
1076 | * the message digest and zeroizing the context. | |
1077 | */ | |
1078 | ||
3202e249 VY |
1079 | static void |
1080 | __md5_Final(char xdigest[16], struct MD5Context *context) | |
db137867 AC |
1081 | { |
1082 | unsigned char *digest = (unsigned char *)xdigest; | |
1083 | /* Do padding. */ | |
3202e249 | 1084 | __md5_Pad(context); |
db137867 AC |
1085 | |
1086 | /* Store state in digest */ | |
3202e249 | 1087 | __md5_Encode(digest, context->state, 16); |
db137867 AC |
1088 | |
1089 | /* Zeroize sensitive information. */ | |
3202e249 | 1090 | memset(context, 0, sizeof(*context)); |
db137867 AC |
1091 | } |
1092 | ||
1093 | /* MD5 basic transformation. Transforms state based on block. */ | |
1094 | ||
1095 | static void | |
3202e249 VY |
1096 | __md5_Transform(state, block) |
1097 | uint32_t state[4]; | |
1098 | const unsigned char block[64]; | |
db137867 | 1099 | { |
a9fb3ed0 | 1100 | uint32_t a, b, c, d, x[16]; |
db137867 AC |
1101 | |
1102 | #if MD5_SIZE_OVER_SPEED > 1 | |
a9fb3ed0 | 1103 | uint32_t temp; |
db137867 AC |
1104 | const char *ps; |
1105 | ||
1106 | static const char S[] = { | |
1107 | 7, 12, 17, 22, | |
1108 | 5, 9, 14, 20, | |
1109 | 4, 11, 16, 23, | |
1110 | 6, 10, 15, 21 | |
1111 | }; | |
1112 | #endif /* MD5_SIZE_OVER_SPEED > 1 */ | |
1113 | ||
1114 | #if MD5_SIZE_OVER_SPEED > 0 | |
a9fb3ed0 | 1115 | const uint32_t *pc; |
db137867 AC |
1116 | const char *pp; |
1117 | int i; | |
1118 | ||
a9fb3ed0 | 1119 | static const uint32_t C[] = { |
3202e249 | 1120 | /* round 1 */ |
db137867 AC |
1121 | 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, |
1122 | 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, | |
1123 | 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, | |
1124 | 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, | |
3202e249 | 1125 | /* round 2 */ |
db137867 | 1126 | 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, |
3202e249 | 1127 | 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8, |
db137867 AC |
1128 | 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, |
1129 | 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, | |
3202e249 | 1130 | /* round 3 */ |
db137867 AC |
1131 | 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, |
1132 | 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, | |
1133 | 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, | |
1134 | 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, | |
3202e249 | 1135 | /* round 4 */ |
db137867 AC |
1136 | 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, |
1137 | 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, | |
1138 | 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, | |
1139 | 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 | |
1140 | }; | |
1141 | ||
1142 | static const char P[] = { | |
3202e249 VY |
1143 | 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */ |
1144 | 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */ | |
1145 | 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */ | |
1146 | 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */ | |
db137867 AC |
1147 | }; |
1148 | ||
1149 | #endif /* MD5_SIZE_OVER_SPEED > 0 */ | |
1150 | ||
3202e249 | 1151 | __md5_Decode(x, block, 64); |
db137867 | 1152 | |
3202e249 VY |
1153 | a = state[0]; |
1154 | b = state[1]; | |
1155 | c = state[2]; | |
1156 | d = state[3]; | |
db137867 AC |
1157 | |
1158 | #if MD5_SIZE_OVER_SPEED > 2 | |
3202e249 VY |
1159 | pc = C; |
1160 | pp = P; | |
1161 | ps = S - 4; | |
db137867 | 1162 | |
3202e249 VY |
1163 | for(i = 0; i < 64; i++) |
1164 | { | |
1165 | if((i & 0x0f) == 0) | |
1166 | ps += 4; | |
db137867 | 1167 | temp = a; |
3202e249 VY |
1168 | switch (i >> 4) |
1169 | { | |
1170 | case 0: | |
1171 | temp += F(b, c, d); | |
1172 | break; | |
1173 | case 1: | |
1174 | temp += G(b, c, d); | |
1175 | break; | |
1176 | case 2: | |
1177 | temp += H(b, c, d); | |
1178 | break; | |
1179 | case 3: | |
1180 | temp += I(b, c, d); | |
1181 | break; | |
db137867 AC |
1182 | } |
1183 | temp += x[(int)(*pp++)] + *pc++; | |
3202e249 | 1184 | temp = ROTATE_LEFT(temp, ps[i & 3]); |
db137867 | 1185 | temp += b; |
3202e249 VY |
1186 | a = d; |
1187 | d = c; | |
1188 | c = b; | |
1189 | b = temp; | |
db137867 AC |
1190 | } |
1191 | #elif MD5_SIZE_OVER_SPEED > 1 | |
3202e249 VY |
1192 | pc = C; |
1193 | pp = P; | |
1194 | ps = S; | |
db137867 AC |
1195 | |
1196 | /* Round 1 */ | |
3202e249 VY |
1197 | for(i = 0; i < 16; i++) |
1198 | { | |
1199 | FF(a, b, c, d, x[(int)(*pp++)], ps[i & 0x3], *pc++); | |
1200 | temp = d; | |
1201 | d = c; | |
1202 | c = b; | |
1203 | b = a; | |
1204 | a = temp; | |
db137867 AC |
1205 | } |
1206 | ||
1207 | /* Round 2 */ | |
1208 | ps += 4; | |
3202e249 VY |
1209 | for(; i < 32; i++) |
1210 | { | |
1211 | GG(a, b, c, d, x[(int)(*pp++)], ps[i & 0x3], *pc++); | |
1212 | temp = d; | |
1213 | d = c; | |
1214 | c = b; | |
1215 | b = a; | |
1216 | a = temp; | |
db137867 AC |
1217 | } |
1218 | /* Round 3 */ | |
1219 | ps += 4; | |
3202e249 VY |
1220 | for(; i < 48; i++) |
1221 | { | |
1222 | HH(a, b, c, d, x[(int)(*pp++)], ps[i & 0x3], *pc++); | |
1223 | temp = d; | |
1224 | d = c; | |
1225 | c = b; | |
1226 | b = a; | |
1227 | a = temp; | |
db137867 AC |
1228 | } |
1229 | ||
1230 | /* Round 4 */ | |
1231 | ps += 4; | |
3202e249 VY |
1232 | for(; i < 64; i++) |
1233 | { | |
1234 | II(a, b, c, d, x[(int)(*pp++)], ps[i & 0x3], *pc++); | |
1235 | temp = d; | |
1236 | d = c; | |
1237 | c = b; | |
1238 | b = a; | |
1239 | a = temp; | |
db137867 AC |
1240 | } |
1241 | #elif MD5_SIZE_OVER_SPEED > 0 | |
3202e249 VY |
1242 | pc = C; |
1243 | pp = P; | |
db137867 AC |
1244 | |
1245 | /* Round 1 */ | |
3202e249 VY |
1246 | for(i = 0; i < 4; i++) |
1247 | { | |
1248 | FF(a, b, c, d, x[(int)(*pp++)], 7, *pc++); | |
1249 | FF(d, a, b, c, x[(int)(*pp++)], 12, *pc++); | |
1250 | FF(c, d, a, b, x[(int)(*pp++)], 17, *pc++); | |
1251 | FF(b, c, d, a, x[(int)(*pp++)], 22, *pc++); | |
db137867 AC |
1252 | } |
1253 | ||
1254 | /* Round 2 */ | |
3202e249 VY |
1255 | for(i = 0; i < 4; i++) |
1256 | { | |
1257 | GG(a, b, c, d, x[(int)(*pp++)], 5, *pc++); | |
1258 | GG(d, a, b, c, x[(int)(*pp++)], 9, *pc++); | |
1259 | GG(c, d, a, b, x[(int)(*pp++)], 14, *pc++); | |
1260 | GG(b, c, d, a, x[(int)(*pp++)], 20, *pc++); | |
db137867 AC |
1261 | } |
1262 | /* Round 3 */ | |
3202e249 VY |
1263 | for(i = 0; i < 4; i++) |
1264 | { | |
1265 | HH(a, b, c, d, x[(int)(*pp++)], 4, *pc++); | |
1266 | HH(d, a, b, c, x[(int)(*pp++)], 11, *pc++); | |
1267 | HH(c, d, a, b, x[(int)(*pp++)], 16, *pc++); | |
1268 | HH(b, c, d, a, x[(int)(*pp++)], 23, *pc++); | |
db137867 AC |
1269 | } |
1270 | ||
1271 | /* Round 4 */ | |
3202e249 VY |
1272 | for(i = 0; i < 4; i++) |
1273 | { | |
1274 | II(a, b, c, d, x[(int)(*pp++)], 6, *pc++); | |
1275 | II(d, a, b, c, x[(int)(*pp++)], 10, *pc++); | |
1276 | II(c, d, a, b, x[(int)(*pp++)], 15, *pc++); | |
1277 | II(b, c, d, a, x[(int)(*pp++)], 21, *pc++); | |
db137867 AC |
1278 | } |
1279 | #else | |
1280 | /* Round 1 */ | |
1281 | #define S11 7 | |
1282 | #define S12 12 | |
1283 | #define S13 17 | |
1284 | #define S14 22 | |
3202e249 VY |
1285 | FF(a, b, c, d, x[0], S11, 0xd76aa478); /* 1 */ |
1286 | FF(d, a, b, c, x[1], S12, 0xe8c7b756); /* 2 */ | |
1287 | FF(c, d, a, b, x[2], S13, 0x242070db); /* 3 */ | |
1288 | FF(b, c, d, a, x[3], S14, 0xc1bdceee); /* 4 */ | |
1289 | FF(a, b, c, d, x[4], S11, 0xf57c0faf); /* 5 */ | |
1290 | FF(d, a, b, c, x[5], S12, 0x4787c62a); /* 6 */ | |
1291 | FF(c, d, a, b, x[6], S13, 0xa8304613); /* 7 */ | |
1292 | FF(b, c, d, a, x[7], S14, 0xfd469501); /* 8 */ | |
1293 | FF(a, b, c, d, x[8], S11, 0x698098d8); /* 9 */ | |
1294 | FF(d, a, b, c, x[9], S12, 0x8b44f7af); /* 10 */ | |
1295 | FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ | |
1296 | FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ | |
1297 | FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ | |
1298 | FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ | |
1299 | FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ | |
1300 | FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ | |
db137867 AC |
1301 | |
1302 | /* Round 2 */ | |
1303 | #define S21 5 | |
1304 | #define S22 9 | |
1305 | #define S23 14 | |
1306 | #define S24 20 | |
3202e249 VY |
1307 | GG(a, b, c, d, x[1], S21, 0xf61e2562); /* 17 */ |
1308 | GG(d, a, b, c, x[6], S22, 0xc040b340); /* 18 */ | |
1309 | GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ | |
1310 | GG(b, c, d, a, x[0], S24, 0xe9b6c7aa); /* 20 */ | |
1311 | GG(a, b, c, d, x[5], S21, 0xd62f105d); /* 21 */ | |
1312 | GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ | |
1313 | GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ | |
1314 | GG(b, c, d, a, x[4], S24, 0xe7d3fbc8); /* 24 */ | |
1315 | GG(a, b, c, d, x[9], S21, 0x21e1cde6); /* 25 */ | |
1316 | GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ | |
1317 | GG(c, d, a, b, x[3], S23, 0xf4d50d87); /* 27 */ | |
1318 | GG(b, c, d, a, x[8], S24, 0x455a14ed); /* 28 */ | |
1319 | GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ | |
1320 | GG(d, a, b, c, x[2], S22, 0xfcefa3f8); /* 30 */ | |
1321 | GG(c, d, a, b, x[7], S23, 0x676f02d9); /* 31 */ | |
1322 | GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ | |
db137867 AC |
1323 | |
1324 | /* Round 3 */ | |
1325 | #define S31 4 | |
1326 | #define S32 11 | |
1327 | #define S33 16 | |
1328 | #define S34 23 | |
3202e249 VY |
1329 | HH(a, b, c, d, x[5], S31, 0xfffa3942); /* 33 */ |
1330 | HH(d, a, b, c, x[8], S32, 0x8771f681); /* 34 */ | |
1331 | HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ | |
1332 | HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ | |
1333 | HH(a, b, c, d, x[1], S31, 0xa4beea44); /* 37 */ | |
1334 | HH(d, a, b, c, x[4], S32, 0x4bdecfa9); /* 38 */ | |
1335 | HH(c, d, a, b, x[7], S33, 0xf6bb4b60); /* 39 */ | |
1336 | HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ | |
1337 | HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ | |
1338 | HH(d, a, b, c, x[0], S32, 0xeaa127fa); /* 42 */ | |
1339 | HH(c, d, a, b, x[3], S33, 0xd4ef3085); /* 43 */ | |
1340 | HH(b, c, d, a, x[6], S34, 0x4881d05); /* 44 */ | |
1341 | HH(a, b, c, d, x[9], S31, 0xd9d4d039); /* 45 */ | |
1342 | HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ | |
1343 | HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ | |
1344 | HH(b, c, d, a, x[2], S34, 0xc4ac5665); /* 48 */ | |
db137867 AC |
1345 | |
1346 | /* Round 4 */ | |
1347 | #define S41 6 | |
1348 | #define S42 10 | |
1349 | #define S43 15 | |
1350 | #define S44 21 | |
3202e249 VY |
1351 | II(a, b, c, d, x[0], S41, 0xf4292244); /* 49 */ |
1352 | II(d, a, b, c, x[7], S42, 0x432aff97); /* 50 */ | |
1353 | II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ | |
1354 | II(b, c, d, a, x[5], S44, 0xfc93a039); /* 52 */ | |
1355 | II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ | |
1356 | II(d, a, b, c, x[3], S42, 0x8f0ccc92); /* 54 */ | |
1357 | II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ | |
1358 | II(b, c, d, a, x[1], S44, 0x85845dd1); /* 56 */ | |
1359 | II(a, b, c, d, x[8], S41, 0x6fa87e4f); /* 57 */ | |
1360 | II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ | |
1361 | II(c, d, a, b, x[6], S43, 0xa3014314); /* 59 */ | |
1362 | II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ | |
1363 | II(a, b, c, d, x[4], S41, 0xf7537e82); /* 61 */ | |
1364 | II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ | |
1365 | II(c, d, a, b, x[2], S43, 0x2ad7d2bb); /* 63 */ | |
1366 | II(b, c, d, a, x[9], S44, 0xeb86d391); /* 64 */ | |
db137867 AC |
1367 | #endif |
1368 | ||
1369 | state[0] += a; | |
1370 | state[1] += b; | |
1371 | state[2] += c; | |
1372 | state[3] += d; | |
1373 | ||
1374 | /* Zeroize sensitive information. */ | |
3202e249 | 1375 | memset(x, 0, sizeof(x)); |
db137867 AC |
1376 | } |
1377 | ||
1378 | ||
3202e249 VY |
1379 | static void |
1380 | __md5_to64(char *s, unsigned long v, int n) | |
db137867 | 1381 | { |
3202e249 VY |
1382 | while(--n >= 0) |
1383 | { | |
1384 | *s++ = __md5_itoa64[v & 0x3f]; | |
db137867 AC |
1385 | v >>= 6; |
1386 | } | |
1387 | } | |
1388 | ||
1389 | /* | |
1390 | * UNIX password | |
1391 | * | |
1392 | * Use MD5 for what it is best at... | |
1393 | */ | |
1394 | ||
3202e249 VY |
1395 | static char * |
1396 | __md5_crypt(const char *pw, const char *salt) | |
db137867 AC |
1397 | { |
1398 | /* Static stuff */ | |
1399 | static const char *sp, *ep; | |
1400 | static char passwd[120], *p; | |
1401 | ||
3202e249 VY |
1402 | char final[17]; /* final[16] exists only to aid in looping */ |
1403 | int sl, pl, i, __md5__magic_len, pw_len; | |
1404 | struct MD5Context ctx, ctx1; | |
db137867 AC |
1405 | unsigned long l; |
1406 | ||
1407 | /* Refine the Salt first */ | |
1408 | sp = salt; | |
1409 | ||
1410 | /* If it starts with the magic string, then skip that */ | |
1411 | __md5__magic_len = strlen(__md5__magic); | |
3202e249 | 1412 | if(!strncmp(sp, __md5__magic, __md5__magic_len)) |
db137867 AC |
1413 | sp += __md5__magic_len; |
1414 | ||
1415 | /* It stops at the first '$', max 8 chars */ | |
3202e249 | 1416 | for(ep = sp; *ep && *ep != '$' && ep < (sp + 8); ep++) |
db137867 AC |
1417 | continue; |
1418 | ||
1419 | /* get the length of the true salt */ | |
1420 | sl = ep - sp; | |
1421 | ||
1422 | __md5_Init(&ctx); | |
1423 | ||
1424 | /* The password first, since that is what is most unknown */ | |
1425 | pw_len = strlen(pw); | |
3202e249 | 1426 | __md5_Update(&ctx, pw, pw_len); |
db137867 AC |
1427 | |
1428 | /* Then our magic string */ | |
3202e249 | 1429 | __md5_Update(&ctx, __md5__magic, __md5__magic_len); |
db137867 AC |
1430 | |
1431 | /* Then the raw salt */ | |
3202e249 | 1432 | __md5_Update(&ctx, sp, sl); |
db137867 AC |
1433 | |
1434 | /* Then just as many characters of the MD5(pw,salt,pw) */ | |
1435 | __md5_Init(&ctx1); | |
3202e249 VY |
1436 | __md5_Update(&ctx1, pw, pw_len); |
1437 | __md5_Update(&ctx1, sp, sl); | |
1438 | __md5_Update(&ctx1, pw, pw_len); | |
1439 | __md5_Final(final, &ctx1); | |
db137867 | 1440 | for(pl = pw_len; pl > 0; pl -= 16) |
3202e249 | 1441 | __md5_Update(&ctx, final, pl > 16 ? 16 : pl); |
db137867 AC |
1442 | |
1443 | /* Don't leave anything around in vm they could use. */ | |
3202e249 | 1444 | memset(final, 0, sizeof final); |
db137867 AC |
1445 | |
1446 | /* Then something really weird... */ | |
3202e249 VY |
1447 | for(i = pw_len; i; i >>= 1) |
1448 | { | |
1449 | __md5_Update(&ctx, ((i & 1) ? final : pw), 1); | |
db137867 AC |
1450 | } |
1451 | ||
1452 | /* Now make the output string */ | |
3202e249 VY |
1453 | strcpy(passwd, __md5__magic); |
1454 | strncat(passwd, sp, sl); | |
1455 | strcat(passwd, "$"); | |
db137867 | 1456 | |
3202e249 | 1457 | __md5_Final(final, &ctx); |
db137867 AC |
1458 | |
1459 | /* | |
1460 | * and now, just to make sure things don't run too fast | |
1461 | * On a 60 Mhz Pentium this takes 34 msec, so you would | |
1462 | * need 30 seconds to build a 1000 entry dictionary... | |
1463 | */ | |
3202e249 VY |
1464 | for(i = 0; i < 1000; i++) |
1465 | { | |
db137867 AC |
1466 | __md5_Init(&ctx1); |
1467 | if(i & 1) | |
3202e249 | 1468 | __md5_Update(&ctx1, pw, pw_len); |
db137867 | 1469 | else |
3202e249 | 1470 | __md5_Update(&ctx1, final, 16); |
db137867 AC |
1471 | |
1472 | if(i % 3) | |
3202e249 | 1473 | __md5_Update(&ctx1, sp, sl); |
db137867 AC |
1474 | |
1475 | if(i % 7) | |
3202e249 | 1476 | __md5_Update(&ctx1, pw, pw_len); |
db137867 AC |
1477 | |
1478 | if(i & 1) | |
3202e249 | 1479 | __md5_Update(&ctx1, final, 16); |
db137867 | 1480 | else |
3202e249 VY |
1481 | __md5_Update(&ctx1, pw, pw_len); |
1482 | __md5_Final(final, &ctx1); | |
db137867 AC |
1483 | } |
1484 | ||
1485 | p = passwd + strlen(passwd); | |
1486 | ||
1487 | final[16] = final[5]; | |
3202e249 VY |
1488 | for(i = 0; i < 5; i++) |
1489 | { | |
1490 | l = (final[i] << 16) | (final[i + 6] << 8) | final[i + 12]; | |
1491 | __md5_to64(p, l, 4); | |
1492 | p += 4; | |
db137867 AC |
1493 | } |
1494 | l = final[11]; | |
3202e249 VY |
1495 | __md5_to64(p, l, 2); |
1496 | p += 2; | |
db137867 AC |
1497 | *p = '\0'; |
1498 | ||
1499 | /* Don't leave anything around in vm they could use. */ | |
3202e249 | 1500 | memset(final, 0, sizeof final); |
db137867 AC |
1501 | |
1502 | return passwd; | |
1503 | } | |
1504 | ||
1505 | #endif /* NEED_CRYPT */ |