]> git.ipfire.org Git - thirdparty/glibc.git/blame - crypt/crypt_util.c
projects / thirdparty / glibc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
* elf/dl-tunables.c (tunable_set_val_if_valid_range): Split into ...
[thirdparty/glibc.git] / crypt / crypt_util.c
CommitLineData
63f791d3
GK		 1/*
2 * UFC-crypt: ultra fast crypt(3) implementation
3 *
bfff8b1b 4 * Copyright (C) 1991-2017 Free Software Foundation, Inc.
63f791d3
GK		 5 *
6 * This library is free software; you can redistribute it and/or
cc7375ce 7 * modify it under the terms of the GNU Lesser General Public
63f791d3 8 * License as published by the Free Software Foundation; either
cc7375ce 9 * version 2.1 of the License, or (at your option) any later version.
63f791d3
GK		 10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
cc7375ce 14 * Lesser General Public License for more details.
63f791d3 15 *
cc7375ce 16 * You should have received a copy of the GNU Lesser General Public
63f791d3 17 * License along with this library; see the file COPYING.LIB. If not,
59ba27a6 18 * see <http://www.gnu.org/licenses/>.
63f791d3
GK		 19 *
20 * @(#)crypt_util.c 2.56 12/20/96
21 *
22 * Support routines
23 *
24 */
25
26#ifdef DEBUG
27#include <stdio.h>
28#endif
3fedf0fe 29#include <atomic.h>
63f791d3
GK		 30#include <string.h>
31
32#ifndef STATIC
33#define STATIC static
34#endif
35
63f791d3
GK		 36#include "crypt-private.h"
37
38/* Prototypes for local functions. */
63f791d3
GK		 39#ifndef __GNU_LIBRARY__
40void _ufc_clearmem (char *start, int cnt);
41void _ufc_copymem (char *from, char *to, int cnt);
42#endif
43#ifdef _UFC_32_
44STATIC void shuffle_sb (long32 *k, ufc_long saltbits);
45#else
46STATIC void shuffle_sb (long64 *k, ufc_long saltbits);
47#endif
63f791d3
GK		 48
49
63f791d3
GK		 50/*
51 * Permutation done once on the 56 bit
52 * key derived from the original 8 byte ASCII key.
53 */
54static const int pc1[56] = {
55 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
56 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
57 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
58 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
59};
60
61/*
62 * How much to rotate each 28 bit half of the pc1 permutated
63 * 56 bit key before using pc2 to give the i' key
64 */
65static const int rots[16] = {
66 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
67};
68
69/*
70 * Permutation giving the key
71 * of the i' DES round
72 */
73static const int pc2[48] = {
74 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
75 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
76 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
77 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
78};
79
80/*
81 * The E expansion table which selects
82 * bits from the 32 bit intermediate result.
83 */
84static const int esel[48] = {
85 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
86 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
87 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
88 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
89};
90
91/*
92 * Permutation done on the
93 * result of sbox lookups
94 */
95static const int perm32[32] = {
96 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
97 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
98};
99
100/*
101 * The sboxes
102 */
103static const int sbox[8][4][16]= {
647450cf
UD		 104 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
105 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
106 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
107 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }
108 },
109
110 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
111 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
112 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
113 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }
114 },
115
116 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
117 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
118 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
119 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }
120 },
121
122 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
123 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
124 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
125 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }
126 },
127
128 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
129 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
130 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
131 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }
132 },
133
134 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
135 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
136 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
137 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }
138 },
139
140 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
141 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
142 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
143 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }
144 },
145
146 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
147 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
148 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
149 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 }
150 }
63f791d3
GK		 151};
152
153/*
154 * This is the initial
155 * permutation matrix
156 */
157static const int initial_perm[64] = {
158 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
159 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
160 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
161 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
162};
163
164/*
165 * This is the final
166 * permutation matrix
167 */
168static const int final_perm[64] = {
169 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
170 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
171 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
172 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
173};
174
175#define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
176#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
177
178static const ufc_long BITMASK[24] = {
179 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000,
180 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000,
181 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200,
182 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008
183};
184
185static const unsigned char bytemask[8] = {
186 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
187};
188
189static const ufc_long longmask[32] = {
190 0x80000000, 0x40000000, 0x20000000, 0x10000000,
191 0x08000000, 0x04000000, 0x02000000, 0x01000000,
192 0x00800000, 0x00400000, 0x00200000, 0x00100000,
193 0x00080000, 0x00040000, 0x00020000, 0x00010000,
194 0x00008000, 0x00004000, 0x00002000, 0x00001000,
195 0x00000800, 0x00000400, 0x00000200, 0x00000100,
196 0x00000080, 0x00000040, 0x00000020, 0x00000010,
197 0x00000008, 0x00000004, 0x00000002, 0x00000001
198};
199
200/*
201 * do_pc1: permform pc1 permutation in the key schedule generation.
202 *
203 * The first index is the byte number in the 8 byte ASCII key
204 * - second - - the two 28 bits halfs of the result
205 * - third - selects the 7 bits actually used of each byte
206 *
207 * The result is kept with 28 bit per 32 bit with the 4 most significant
208 * bits zero.
209 */
210static ufc_long do_pc1[8][2][128];
211
212/*
213 * do_pc2: permform pc2 permutation in the key schedule generation.
214 *
215 * The first index is the septet number in the two 28 bit intermediate values
216 * - second - - - septet values
217 *
218 * Knowledge of the structure of the pc2 permutation is used.
219 *
220 * The result is kept with 28 bit per 32 bit with the 4 most significant
221 * bits zero.
222 */
223static ufc_long do_pc2[8][128];
224
225/*
226 * eperm32tab: do 32 bit permutation and E selection
227 *
228 * The first index is the byte number in the 32 bit value to be permuted
229 * - second - is the value of this byte
230 * - third - selects the two 32 bit values
231 *
232 * The table is used and generated internally in init_des to speed it up
233 */
234static ufc_long eperm32tab[4][256][2];
235
236/*
237 * efp: undo an extra e selection and do final
238 * permutation giving the DES result.
239 *
240 * Invoked 6 bit a time on two 48 bit values
241 * giving two 32 bit longs.
242 */
243static ufc_long efp[16][64][2];
244
8747cd03
KS		 245/* Table with characters for base64 transformation. */
246static const char b64t[64] =
247"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
248
63f791d3
GK		 249/*
250 * For use by the old, non-reentrant routines
251 * (crypt/encrypt/setkey)
252 */
253struct crypt_data _ufc_foobar;
254
255#ifdef __GNU_LIBRARY__
ec999b8e 256#include <libc-lock.h>
63f791d3
GK		 257
258__libc_lock_define_initialized (static, _ufc_tables_lock)
259#endif
260
261#ifdef DEBUG
262
263void
9d46370c 264_ufc_prbits (ufc_long *a, int n)
63f791d3
GK		 265{
266 ufc_long i, j, t, tmp;
267 n /= 8;
268 for(i = 0; i < n; i++) {
269 tmp=0;
270 for(j = 0; j < 8; j++) {
271 t=8*i+j;
272 tmp|=(a[t/24] & BITMASK[t % 24])?bytemask[j]:0;
273 }
f2b3078e 274 (void)printf("%02lx ", tmp);
63f791d3
GK		 275 }
276 printf(" ");
277}
278
f2b3078e 279static void __attribute__ ((unused))
9d46370c 280_ufc_set_bits (ufc_long v, ufc_long *b)
63f791d3
GK		 281{
282 ufc_long i;
283 *b = 0;
284 for(i = 0; i < 24; i++) {
285 if(v & longmask[8 + i])
286 *b |= BITMASK[i];
287 }
288}
289
290#endif
291
292#ifndef __GNU_LIBRARY__
293/*
294 * Silly rewrites of 'bzero'/'memset'. I do so
295 * because some machines don't have
296 * bzero and some don't have memset.
297 */
298
299void
9d46370c 300_ufc_clearmem (char *start, int cnt)
63f791d3
GK		 301{
302 while(cnt--)
303 *start++ = '\0';
304}
305
306void
41075ae3 307_ufc_copymem (char *from, char *to, int cnt)
63f791d3
GK		 308{
309 while(cnt--)
310 *to++ = *from++;
311}
312#else
313#define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
314#define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt)
315#endif
316
317/* lookup a 6 bit value in sbox */
318
319#define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
320
321/*
322 * Initialize unit - may be invoked directly
323 * by fcrypt users.
324 */
325
326void
9d46370c 327__init_des_r (struct crypt_data * __restrict __data)
63f791d3
GK		 328{
329 int comes_from_bit;
330 int bit, sg;
331 ufc_long j;
332 ufc_long mask1, mask2;
333 int e_inverse[64];
334 static volatile int small_tables_initialized = 0;
335
336#ifdef _UFC_32_
337 long32 *sb[4];
338 sb[0] = (long32*)__data->sb0; sb[1] = (long32*)__data->sb1;
339 sb[2] = (long32*)__data->sb2; sb[3] = (long32*)__data->sb3;
340#endif
341#ifdef _UFC_64_
342 long64 *sb[4];
343 sb[0] = (long64*)__data->sb0; sb[1] = (long64*)__data->sb1;
344 sb[2] = (long64*)__data->sb2; sb[3] = (long64*)__data->sb3;
345#endif
346
347 if(small_tables_initialized == 0) {
348#ifdef __GNU_LIBRARY__
349 __libc_lock_lock (_ufc_tables_lock);
350 if(small_tables_initialized)
351 goto small_tables_done;
352#endif
353
354 /*
355 * Create the do_pc1 table used
356 * to affect pc1 permutation
357 * when generating keys
358 */
359 _ufc_clearmem((char*)do_pc1, (int)sizeof(do_pc1));
360 for(bit = 0; bit < 56; bit++) {
361 comes_from_bit = pc1[bit] - 1;
362 mask1 = bytemask[comes_from_bit % 8 + 1];
363 mask2 = longmask[bit % 28 + 4];
364 for(j = 0; j < 128; j++) {
365 if(j & mask1)
366 do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2;
367 }
368 }
369
370 /*
371 * Create the do_pc2 table used
372 * to affect pc2 permutation when
373 * generating keys
374 */
375 _ufc_clearmem((char*)do_pc2, (int)sizeof(do_pc2));
376 for(bit = 0; bit < 48; bit++) {
377 comes_from_bit = pc2[bit] - 1;
378 mask1 = bytemask[comes_from_bit % 7 + 1];
379 mask2 = BITMASK[bit % 24];
380 for(j = 0; j < 128; j++) {
381 if(j & mask1)
382 do_pc2[comes_from_bit / 7][j] |= mask2;
383 }
384 }
385
386 /*
387 * Now generate the table used to do combined
388 * 32 bit permutation and e expansion
389 *
390 * We use it because we have to permute 16384 32 bit
391 * longs into 48 bit in order to initialize sb.
392 *
393 * Looping 48 rounds per permutation becomes
394 * just too slow...
395 *
396 */
397
398 _ufc_clearmem((char*)eperm32tab, (int)sizeof(eperm32tab));
399 for(bit = 0; bit < 48; bit++) {
400 ufc_long mask1,comes_from;
401 comes_from = perm32[esel[bit]-1]-1;
402 mask1 = bytemask[comes_from % 8];
403 for(j = 256; j--;) {
404 if(j & mask1)
405 eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK[bit % 24];
406 }
407 }
408
409 /*
410 * Create an inverse matrix for esel telling
411 * where to plug out bits if undoing it
412 */
413 for(bit=48; bit--;) {
414 e_inverse[esel[bit] - 1 ] = bit;
415 e_inverse[esel[bit] - 1 + 32] = bit + 48;
416 }
417
418 /*
419 * create efp: the matrix used to
420 * undo the E expansion and effect final permutation
421 */
422 _ufc_clearmem((char*)efp, (int)sizeof efp);
423 for(bit = 0; bit < 64; bit++) {
424 int o_bit, o_long;
425 ufc_long word_value, mask1, mask2;
426 int comes_from_f_bit, comes_from_e_bit;
427 int comes_from_word, bit_within_word;
428
429 /* See where bit i belongs in the two 32 bit long's */
430 o_long = bit / 32; /* 0..1 */
431 o_bit = bit % 32; /* 0..31 */
432
433 /*
434 * And find a bit in the e permutated value setting this bit.
435 *
436 * Note: the e selection may have selected the same bit several
437 * times. By the initialization of e_inverse, we only look
438 * for one specific instance.
439 */
440 comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */
441 comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */
442 comes_from_word = comes_from_e_bit / 6; /* 0..15 */
443 bit_within_word = comes_from_e_bit % 6; /* 0..5 */
444
445 mask1 = longmask[bit_within_word + 26];
446 mask2 = longmask[o_bit];
447
448 for(word_value = 64; word_value--;) {
449 if(word_value & mask1)
450 efp[comes_from_word][word_value][o_long] |= mask2;
451 }
452 }
647450cf 453 atomic_write_barrier ();
63f791d3
GK		 454 small_tables_initialized = 1;
455#ifdef __GNU_LIBRARY__
456small_tables_done:
457 __libc_lock_unlock(_ufc_tables_lock);
458#endif
90f139dd
UD		 459 } else
460 atomic_read_barrier ();
63f791d3
GK		 461
462 /*
463 * Create the sb tables:
464 *
465 * For each 12 bit segment of an 48 bit intermediate
466 * result, the sb table precomputes the two 4 bit
467 * values of the sbox lookups done with the two 6
468 * bit halves, shifts them to their proper place,
469 * sends them through perm32 and finally E expands
470 * them so that they are ready for the next
471 * DES round.
472 *
473 */
474
8e2045f5
UD		 475 if (__data->sb0 + sizeof (__data->sb0) == __data->sb1
476 && __data->sb1 + sizeof (__data->sb1) == __data->sb2
477 && __data->sb2 + sizeof (__data->sb2) == __data->sb3)
478 _ufc_clearmem(__data->sb0,
479 (int)sizeof(__data->sb0)
480 + (int)sizeof(__data->sb1)
481 + (int)sizeof(__data->sb2)
482 + (int)sizeof(__data->sb3));
483 else {
484 _ufc_clearmem(__data->sb0, (int)sizeof(__data->sb0));
485 _ufc_clearmem(__data->sb1, (int)sizeof(__data->sb1));
486 _ufc_clearmem(__data->sb2, (int)sizeof(__data->sb2));
487 _ufc_clearmem(__data->sb3, (int)sizeof(__data->sb3));
488 }
63f791d3
GK		 489
490 for(sg = 0; sg < 4; sg++) {
491 int j1, j2;
492 int s1, s2;
493
494 for(j1 = 0; j1 < 64; j1++) {
495 s1 = s_lookup(2 * sg, j1);
496 for(j2 = 0; j2 < 64; j2++) {
497 ufc_long to_permute, inx;
498
499 s2 = s_lookup(2 * sg + 1, j2);
500 to_permute = (((ufc_long)s1 << 4) |
501 (ufc_long)s2) << (24 - 8 * (ufc_long)sg);
502
503#ifdef _UFC_32_
504 inx = ((j1 << 6) | j2) << 1;
505 sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0];
506 sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1];
507 sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0];
508 sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1];
509 sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0];
510 sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1];
511 sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0];
512 sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1];
513#endif
514#ifdef _UFC_64_
515 inx = ((j1 << 6) | j2);
516 sb[sg][inx] =
517 ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) |
518 (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1];
519 sb[sg][inx] |=
520 ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) |
521 (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1];
522 sb[sg][inx] |=
523 ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) |
524 (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1];
525 sb[sg][inx] |=
526 ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) |
527 (long64)eperm32tab[3][(to_permute) & 0xff][1];
528#endif
529 }
530 }
531 }
532
05dab910
RM		 533 __data->current_saltbits = 0;
534 __data->current_salt[0] = 0;
535 __data->current_salt[1] = 0;
63f791d3
GK		 536 __data->initialized++;
537}
538
539void
60d2f8f3 540__init_des (void)
63f791d3
GK		 541{
542 __init_des_r(&_ufc_foobar);
543}
544
545/*
546 * Process the elements of the sb table permuting the
547 * bits swapped in the expansion by the current salt.
548 */
549
550#ifdef _UFC_32_
551STATIC void
9d46370c 552shuffle_sb (long32 *k, ufc_long saltbits)
63f791d3
GK		 553{
554 ufc_long j;
555 long32 x;
556 for(j=4096; j--;) {
557 x = (k[0] ^ k[1]) & (long32)saltbits;
558 *k++ ^= x;
559 *k++ ^= x;
560 }
561}
562#endif
563
564#ifdef _UFC_64_
565STATIC void
9d46370c 566shuffle_sb (long64 *k, ufc_long saltbits)
63f791d3
GK		 567{
568 ufc_long j;
569 long64 x;
570 for(j=4096; j--;) {
571 x = ((*k >> 32) ^ *k) & (long64)saltbits;
572 *k++ ^= (x << 32) | x;
573 }
574}
575#endif
576
4ba74a35
AO		 577/*
578 * Return false iff C is in the specified alphabet for crypt salt.
579 */
580
581static bool
582bad_for_salt (char c)
583{
584 switch (c)
585 {
586 case '0' ... '9':
587 case 'A' ... 'Z':
588 case 'a' ... 'z':
589 case '.': case '/':
590 return false;
591
592 default:
593 return true;
594 }
595}
596
63f791d3
GK		 597/*
598 * Setup the unit for a new salt
599 * Hopefully we'll not see a new salt in each crypt call.
4ba74a35 600 * Return false if an unexpected character was found in s[0] or s[1].
63f791d3
GK		 601 */
602
4ba74a35 603bool
9d46370c 604_ufc_setup_salt_r (const char *s, struct crypt_data * __restrict __data)
63f791d3
GK		 605{
606 ufc_long i, j, saltbits;
4ba74a35 607 char s0, s1;
63f791d3
GK		 608
609 if(__data->initialized == 0)
610 __init_des_r(__data);
611
4ba74a35
AO		 612 s0 = s[0];
613 if(bad_for_salt (s0))
614 return false;
615
616 s1 = s[1];
617 if(bad_for_salt (s1))
618 return false;
619
620 if(s0 == __data->current_salt[0] && s1 == __data->current_salt[1])
621 return true;
622
623 __data->current_salt[0] = s0;
624 __data->current_salt[1] = s1;
63f791d3
GK		 625
626 /*
627 * This is the only crypt change to DES:
628 * entries are swapped in the expansion table
629 * according to the bits set in the salt.
630 */
631 saltbits = 0;
632 for(i = 0; i < 2; i++) {
633 long c=ascii_to_bin(s[i]);
634 for(j = 0; j < 6; j++) {
635 if((c >> j) & 0x1)
636 saltbits |= BITMASK[6 * i + j];
637 }
638 }
639
640 /*
641 * Permute the sb table values
642 * to reflect the changed e
643 * selection table
644 */
645#ifdef _UFC_32_
646#define LONGG long32*
647#endif
648#ifdef _UFC_64_
649#define LONGG long64*
650#endif
651
652 shuffle_sb((LONGG)__data->sb0, __data->current_saltbits ^ saltbits);
653 shuffle_sb((LONGG)__data->sb1, __data->current_saltbits ^ saltbits);
654 shuffle_sb((LONGG)__data->sb2, __data->current_saltbits ^ saltbits);
655 shuffle_sb((LONGG)__data->sb3, __data->current_saltbits ^ saltbits);
656
657 __data->current_saltbits = saltbits;
4ba74a35
AO		 658
659 return true;
63f791d3
GK		 660}
661
662void
9d46370c 663_ufc_mk_keytab_r (const char *key, struct crypt_data * __restrict __data)
63f791d3
GK		 664{
665 ufc_long v1, v2, *k1;
666 int i;
667#ifdef _UFC_32_
668 long32 v, *k2;
669 k2 = (long32*)__data->keysched;
670#endif
671#ifdef _UFC_64_
672 long64 v, *k2;
673 k2 = (long64*)__data->keysched;
674#endif
675
676 v1 = v2 = 0; k1 = &do_pc1[0][0][0];
677 for(i = 8; i--;) {
678 v1 |= k1[*key & 0x7f]; k1 += 128;
679 v2 |= k1[*key++ & 0x7f]; k1 += 128;
680 }
681
682 for(i = 0; i < 16; i++) {
683 k1 = &do_pc2[0][0];
684
685 v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i]));
686 v = k1[(v1 >> 21) & 0x7f]; k1 += 128;
687 v |= k1[(v1 >> 14) & 0x7f]; k1 += 128;
688 v |= k1[(v1 >> 7) & 0x7f]; k1 += 128;
689 v |= k1[(v1 ) & 0x7f]; k1 += 128;
690
691#ifdef _UFC_32_
692 *k2++ = (v | 0x00008000);
693 v = 0;
694#endif
695#ifdef _UFC_64_
696 v = (v << 32);
697#endif
698
699 v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i]));
700 v |= k1[(v2 >> 21) & 0x7f]; k1 += 128;
701 v |= k1[(v2 >> 14) & 0x7f]; k1 += 128;
702 v |= k1[(v2 >> 7) & 0x7f]; k1 += 128;
703 v |= k1[(v2 ) & 0x7f];
704
705#ifdef _UFC_32_
706 *k2++ = (v | 0x00008000);
707#endif
708#ifdef _UFC_64_
709 *k2++ = v | 0x0000800000008000l;
710#endif
711 }
712
713 __data->direction = 0;
714}
715
716/*
717 * Undo an extra E selection and do final permutations
718 */
719
720void
9d46370c 721_ufc_dofinalperm_r (ufc_long *res, struct crypt_data * __restrict __data)
63f791d3
GK		 722{
723 ufc_long v1, v2, x;
724 ufc_long l1,l2,r1,r2;
725
726 l1 = res[0]; l2 = res[1];
727 r1 = res[2]; r2 = res[3];
728
729 x = (l1 ^ l2) & __data->current_saltbits; l1 ^= x; l2 ^= x;
730 x = (r1 ^ r2) & __data->current_saltbits; r1 ^= x; r2 ^= x;
731
732 v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3;
733
734 v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1];
735 v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1];
736 v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1];
737 v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1];
738
739 v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1];
740 v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1];
741 v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1];
742 v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1];
743
744 v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1];
745 v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1];
746 v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1];
747 v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1];
748
749 v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1];
750 v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1];
751 v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1];
752 v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1];
753
754 res[0] = v1; res[1] = v2;
755}
756
757/*
758 * crypt only: convert from 64 bit to 11 bit ASCII
759 * prefixing with the salt
760 */
761
762void
41075ae3
JM		 763_ufc_output_conversion_r (ufc_long v1, ufc_long v2, const char *salt,
764 struct crypt_data * __restrict __data)
63f791d3
GK		 765{
766 int i, s, shf;
767
768 __data->crypt_3_buf[0] = salt[0];
769 __data->crypt_3_buf[1] = salt[1] ? salt[1] : salt[0];
770
771 for(i = 0; i < 5; i++) {
772 shf = (26 - 6 * i); /* to cope with MSC compiler bug */
773 __data->crypt_3_buf[i + 2] = bin_to_ascii((v1 >> shf) & 0x3f);
774 }
775
776 s = (v2 & 0xf) << 2;
777 v2 = (v2 >> 2) | ((v1 & 0x3) << 30);
778
779 for(i = 5; i < 10; i++) {
780 shf = (56 - 6 * i);
781 __data->crypt_3_buf[i + 2] = bin_to_ascii((v2 >> shf) & 0x3f);
782 }
783
784 __data->crypt_3_buf[12] = bin_to_ascii(s);
785 __data->crypt_3_buf[13] = 0;
786}
787
788
789/*
790 * UNIX encrypt function. Takes a bitvector
791 * represented by one byte per bit and
792 * encrypt/decrypt according to edflag
793 */
794
795void
f63f2bfd
JM		 796__encrypt_r (char *__block, int __edflag,
797 struct crypt_data * __restrict __data)
63f791d3
GK		 798{
799 ufc_long l1, l2, r1, r2, res[4];
800 int i;
801#ifdef _UFC_32_
802 long32 *kt;
803 kt = (long32*)__data->keysched;
804#endif
805#ifdef _UFC_64_
806 long64 *kt;
807 kt = (long64*)__data->keysched;
808#endif
809
810 /*
811 * Undo any salt changes to E expansion
812 */
813 _ufc_setup_salt_r("..", __data);
814
815 /*
816 * Reverse key table if
817 * changing operation (encrypt/decrypt)
818 */
819 if((__edflag == 0) != (__data->direction == 0)) {
820 for(i = 0; i < 8; i++) {
821#ifdef _UFC_32_
822 long32 x;
823 x = kt[2 * (15-i)];
824 kt[2 * (15-i)] = kt[2 * i];
825 kt[2 * i] = x;
826
827 x = kt[2 * (15-i) + 1];
828 kt[2 * (15-i) + 1] = kt[2 * i + 1];
829 kt[2 * i + 1] = x;
830#endif
831#ifdef _UFC_64_
832 long64 x;
833 x = kt[15-i];
834 kt[15-i] = kt[i];
835 kt[i] = x;
836#endif
837 }
838 __data->direction = __edflag;
839 }
840
841 /*
842 * Do initial permutation + E expansion
843 */
844 i = 0;
845 for(l1 = 0; i < 24; i++) {
846 if(__block[initial_perm[esel[i]-1]-1])
847 l1 |= BITMASK[i];
848 }
849 for(l2 = 0; i < 48; i++) {
850 if(__block[initial_perm[esel[i]-1]-1])
851 l2 |= BITMASK[i-24];
852 }
853
854 i = 0;
855 for(r1 = 0; i < 24; i++) {
856 if(__block[initial_perm[esel[i]-1+32]-1])
857 r1 |= BITMASK[i];
858 }
859 for(r2 = 0; i < 48; i++) {
860 if(__block[initial_perm[esel[i]-1+32]-1])
861 r2 |= BITMASK[i-24];
862 }
863
864 /*
865 * Do DES inner loops + final conversion
866 */
867 res[0] = l1; res[1] = l2;
868 res[2] = r1; res[3] = r2;
869 _ufc_doit_r((ufc_long)1, __data, &res[0]);
870
871 /*
872 * Do final permutations
873 */
874 _ufc_dofinalperm_r(res, __data);
875
876 /*
877 * And convert to bit array
878 */
879 l1 = res[0]; r1 = res[1];
880 for(i = 0; i < 32; i++) {
881 *__block++ = (l1 & longmask[i]) != 0;
882 }
883 for(i = 0; i < 32; i++) {
884 *__block++ = (r1 & longmask[i]) != 0;
885 }
886}
887weak_alias (__encrypt_r, encrypt_r)
888
889void
9d46370c 890encrypt (char *__block, int __edflag)
63f791d3
GK		 891{
892 __encrypt_r(__block, __edflag, &_ufc_foobar);
893}
894
895
896/*
897 * UNIX setkey function. Take a 64 bit DES
898 * key and setup the machinery.
899 */
900
901void
9d46370c 902__setkey_r (const char *__key, struct crypt_data * __restrict __data)
63f791d3
GK		 903{
904 int i,j;
905 unsigned char c;
906 unsigned char ktab[8];
907
908 _ufc_setup_salt_r("..", __data); /* be sure we're initialized */
909
910 for(i = 0; i < 8; i++) {
911 for(j = 0, c = 0; j < 8; j++)
912 c = c << 1 | *__key++;
913 ktab[i] = c >> 1;
914 }
9cfe5381 915 _ufc_mk_keytab_r((char *) ktab, __data);
63f791d3
GK		 916}
917weak_alias (__setkey_r, setkey_r)
918
919void
9d46370c 920setkey (const char *__key)
63f791d3
GK		 921{
922 __setkey_r(__key, &_ufc_foobar);
923}
8747cd03
KS		 924
925void
926__b64_from_24bit (char **cp, int *buflen,
927 unsigned int b2, unsigned int b1, unsigned int b0,
928 int n)
929{
930 unsigned int w = (b2 << 16) | (b1 << 8) | b0;
931 while (n-- > 0 && (*buflen) > 0)
932 {
933 *(*cp)++ = b64t[w & 0x3f];
934 --(*buflen);
935 w >>= 6;
936 }
937}
A mirror of the official glibc repository