]>
Commit | Line | Data |
---|---|---|
63f791d3 GK |
1 | /* |
2 | * UFC-crypt: ultra fast crypt(3) implementation | |
3 | * | |
bfff8b1b | 4 | * Copyright (C) 1991-2017 Free Software Foundation, Inc. |
63f791d3 GK |
5 | * |
6 | * This library is free software; you can redistribute it and/or | |
cc7375ce | 7 | * modify it under the terms of the GNU Lesser General Public |
63f791d3 | 8 | * License as published by the Free Software Foundation; either |
cc7375ce | 9 | * version 2.1 of the License, or (at your option) any later version. |
63f791d3 GK |
10 | * |
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
cc7375ce | 14 | * Lesser General Public License for more details. |
63f791d3 | 15 | * |
cc7375ce | 16 | * You should have received a copy of the GNU Lesser General Public |
63f791d3 | 17 | * License along with this library; see the file COPYING.LIB. If not, |
59ba27a6 | 18 | * see <http://www.gnu.org/licenses/>. |
63f791d3 GK |
19 | * |
20 | * @(#)crypt_util.c 2.56 12/20/96 | |
21 | * | |
22 | * Support routines | |
23 | * | |
24 | */ | |
25 | ||
26 | #ifdef DEBUG | |
27 | #include <stdio.h> | |
28 | #endif | |
3fedf0fe | 29 | #include <atomic.h> |
63f791d3 GK |
30 | #include <string.h> |
31 | ||
32 | #ifndef STATIC | |
33 | #define STATIC static | |
34 | #endif | |
35 | ||
63f791d3 GK |
36 | #include "crypt-private.h" |
37 | ||
38 | /* Prototypes for local functions. */ | |
63f791d3 GK |
39 | #ifndef __GNU_LIBRARY__ |
40 | void _ufc_clearmem (char *start, int cnt); | |
41 | void _ufc_copymem (char *from, char *to, int cnt); | |
42 | #endif | |
43 | #ifdef _UFC_32_ | |
44 | STATIC void shuffle_sb (long32 *k, ufc_long saltbits); | |
45 | #else | |
46 | STATIC void shuffle_sb (long64 *k, ufc_long saltbits); | |
47 | #endif | |
63f791d3 GK |
48 | |
49 | ||
63f791d3 GK |
50 | /* |
51 | * Permutation done once on the 56 bit | |
52 | * key derived from the original 8 byte ASCII key. | |
53 | */ | |
54 | static const int pc1[56] = { | |
55 | 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, | |
56 | 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, | |
57 | 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, | |
58 | 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 | |
59 | }; | |
60 | ||
61 | /* | |
62 | * How much to rotate each 28 bit half of the pc1 permutated | |
63 | * 56 bit key before using pc2 to give the i' key | |
64 | */ | |
65 | static const int rots[16] = { | |
66 | 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 | |
67 | }; | |
68 | ||
69 | /* | |
70 | * Permutation giving the key | |
71 | * of the i' DES round | |
72 | */ | |
73 | static const int pc2[48] = { | |
74 | 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, | |
75 | 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, | |
76 | 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, | |
77 | 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 | |
78 | }; | |
79 | ||
80 | /* | |
81 | * The E expansion table which selects | |
82 | * bits from the 32 bit intermediate result. | |
83 | */ | |
84 | static const int esel[48] = { | |
85 | 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, | |
86 | 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, | |
87 | 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, | |
88 | 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 | |
89 | }; | |
90 | ||
91 | /* | |
92 | * Permutation done on the | |
93 | * result of sbox lookups | |
94 | */ | |
95 | static const int perm32[32] = { | |
96 | 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, | |
97 | 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 | |
98 | }; | |
99 | ||
100 | /* | |
101 | * The sboxes | |
102 | */ | |
103 | static const int sbox[8][4][16]= { | |
647450cf UD |
104 | { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 }, |
105 | { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 }, | |
106 | { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 }, | |
107 | { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 } | |
108 | }, | |
109 | ||
110 | { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 }, | |
111 | { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 }, | |
112 | { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 }, | |
113 | { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 } | |
114 | }, | |
115 | ||
116 | { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 }, | |
117 | { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 }, | |
118 | { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 }, | |
119 | { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 } | |
120 | }, | |
121 | ||
122 | { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 }, | |
123 | { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 }, | |
124 | { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 }, | |
125 | { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 } | |
126 | }, | |
127 | ||
128 | { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 }, | |
129 | { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 }, | |
130 | { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 }, | |
131 | { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 } | |
132 | }, | |
133 | ||
134 | { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 }, | |
135 | { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 }, | |
136 | { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 }, | |
137 | { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 } | |
138 | }, | |
139 | ||
140 | { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 }, | |
141 | { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 }, | |
142 | { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 }, | |
143 | { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 } | |
144 | }, | |
145 | ||
146 | { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 }, | |
147 | { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 }, | |
148 | { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 }, | |
149 | { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 } | |
150 | } | |
63f791d3 GK |
151 | }; |
152 | ||
153 | /* | |
154 | * This is the initial | |
155 | * permutation matrix | |
156 | */ | |
157 | static const int initial_perm[64] = { | |
158 | 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, | |
159 | 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, | |
160 | 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, | |
161 | 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 | |
162 | }; | |
163 | ||
164 | /* | |
165 | * This is the final | |
166 | * permutation matrix | |
167 | */ | |
168 | static const int final_perm[64] = { | |
169 | 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, | |
170 | 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, | |
171 | 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, | |
172 | 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25 | |
173 | }; | |
174 | ||
175 | #define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.') | |
176 | #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') | |
177 | ||
178 | static const ufc_long BITMASK[24] = { | |
179 | 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000, | |
180 | 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000, | |
181 | 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200, | |
182 | 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008 | |
183 | }; | |
184 | ||
185 | static const unsigned char bytemask[8] = { | |
186 | 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 | |
187 | }; | |
188 | ||
189 | static const ufc_long longmask[32] = { | |
190 | 0x80000000, 0x40000000, 0x20000000, 0x10000000, | |
191 | 0x08000000, 0x04000000, 0x02000000, 0x01000000, | |
192 | 0x00800000, 0x00400000, 0x00200000, 0x00100000, | |
193 | 0x00080000, 0x00040000, 0x00020000, 0x00010000, | |
194 | 0x00008000, 0x00004000, 0x00002000, 0x00001000, | |
195 | 0x00000800, 0x00000400, 0x00000200, 0x00000100, | |
196 | 0x00000080, 0x00000040, 0x00000020, 0x00000010, | |
197 | 0x00000008, 0x00000004, 0x00000002, 0x00000001 | |
198 | }; | |
199 | ||
200 | /* | |
201 | * do_pc1: permform pc1 permutation in the key schedule generation. | |
202 | * | |
203 | * The first index is the byte number in the 8 byte ASCII key | |
204 | * - second - - the two 28 bits halfs of the result | |
205 | * - third - selects the 7 bits actually used of each byte | |
206 | * | |
207 | * The result is kept with 28 bit per 32 bit with the 4 most significant | |
208 | * bits zero. | |
209 | */ | |
210 | static ufc_long do_pc1[8][2][128]; | |
211 | ||
212 | /* | |
213 | * do_pc2: permform pc2 permutation in the key schedule generation. | |
214 | * | |
215 | * The first index is the septet number in the two 28 bit intermediate values | |
216 | * - second - - - septet values | |
217 | * | |
218 | * Knowledge of the structure of the pc2 permutation is used. | |
219 | * | |
220 | * The result is kept with 28 bit per 32 bit with the 4 most significant | |
221 | * bits zero. | |
222 | */ | |
223 | static ufc_long do_pc2[8][128]; | |
224 | ||
225 | /* | |
226 | * eperm32tab: do 32 bit permutation and E selection | |
227 | * | |
228 | * The first index is the byte number in the 32 bit value to be permuted | |
229 | * - second - is the value of this byte | |
230 | * - third - selects the two 32 bit values | |
231 | * | |
232 | * The table is used and generated internally in init_des to speed it up | |
233 | */ | |
234 | static ufc_long eperm32tab[4][256][2]; | |
235 | ||
236 | /* | |
237 | * efp: undo an extra e selection and do final | |
238 | * permutation giving the DES result. | |
239 | * | |
240 | * Invoked 6 bit a time on two 48 bit values | |
241 | * giving two 32 bit longs. | |
242 | */ | |
243 | static ufc_long efp[16][64][2]; | |
244 | ||
8747cd03 KS |
245 | /* Table with characters for base64 transformation. */ |
246 | static const char b64t[64] = | |
247 | "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | |
248 | ||
63f791d3 GK |
249 | /* |
250 | * For use by the old, non-reentrant routines | |
251 | * (crypt/encrypt/setkey) | |
252 | */ | |
253 | struct crypt_data _ufc_foobar; | |
254 | ||
255 | #ifdef __GNU_LIBRARY__ | |
ec999b8e | 256 | #include <libc-lock.h> |
63f791d3 GK |
257 | |
258 | __libc_lock_define_initialized (static, _ufc_tables_lock) | |
259 | #endif | |
260 | ||
261 | #ifdef DEBUG | |
262 | ||
263 | void | |
9d46370c | 264 | _ufc_prbits (ufc_long *a, int n) |
63f791d3 GK |
265 | { |
266 | ufc_long i, j, t, tmp; | |
267 | n /= 8; | |
268 | for(i = 0; i < n; i++) { | |
269 | tmp=0; | |
270 | for(j = 0; j < 8; j++) { | |
271 | t=8*i+j; | |
272 | tmp|=(a[t/24] & BITMASK[t % 24])?bytemask[j]:0; | |
273 | } | |
f2b3078e | 274 | (void)printf("%02lx ", tmp); |
63f791d3 GK |
275 | } |
276 | printf(" "); | |
277 | } | |
278 | ||
f2b3078e | 279 | static void __attribute__ ((unused)) |
9d46370c | 280 | _ufc_set_bits (ufc_long v, ufc_long *b) |
63f791d3 GK |
281 | { |
282 | ufc_long i; | |
283 | *b = 0; | |
284 | for(i = 0; i < 24; i++) { | |
285 | if(v & longmask[8 + i]) | |
286 | *b |= BITMASK[i]; | |
287 | } | |
288 | } | |
289 | ||
290 | #endif | |
291 | ||
292 | #ifndef __GNU_LIBRARY__ | |
293 | /* | |
294 | * Silly rewrites of 'bzero'/'memset'. I do so | |
295 | * because some machines don't have | |
296 | * bzero and some don't have memset. | |
297 | */ | |
298 | ||
299 | void | |
9d46370c | 300 | _ufc_clearmem (char *start, int cnt) |
63f791d3 GK |
301 | { |
302 | while(cnt--) | |
303 | *start++ = '\0'; | |
304 | } | |
305 | ||
306 | void | |
41075ae3 | 307 | _ufc_copymem (char *from, char *to, int cnt) |
63f791d3 GK |
308 | { |
309 | while(cnt--) | |
310 | *to++ = *from++; | |
311 | } | |
312 | #else | |
313 | #define _ufc_clearmem(start, cnt) memset(start, 0, cnt) | |
314 | #define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt) | |
315 | #endif | |
316 | ||
317 | /* lookup a 6 bit value in sbox */ | |
318 | ||
319 | #define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf]; | |
320 | ||
321 | /* | |
322 | * Initialize unit - may be invoked directly | |
323 | * by fcrypt users. | |
324 | */ | |
325 | ||
326 | void | |
9d46370c | 327 | __init_des_r (struct crypt_data * __restrict __data) |
63f791d3 GK |
328 | { |
329 | int comes_from_bit; | |
330 | int bit, sg; | |
331 | ufc_long j; | |
332 | ufc_long mask1, mask2; | |
333 | int e_inverse[64]; | |
334 | static volatile int small_tables_initialized = 0; | |
335 | ||
336 | #ifdef _UFC_32_ | |
337 | long32 *sb[4]; | |
338 | sb[0] = (long32*)__data->sb0; sb[1] = (long32*)__data->sb1; | |
339 | sb[2] = (long32*)__data->sb2; sb[3] = (long32*)__data->sb3; | |
340 | #endif | |
341 | #ifdef _UFC_64_ | |
342 | long64 *sb[4]; | |
343 | sb[0] = (long64*)__data->sb0; sb[1] = (long64*)__data->sb1; | |
344 | sb[2] = (long64*)__data->sb2; sb[3] = (long64*)__data->sb3; | |
345 | #endif | |
346 | ||
347 | if(small_tables_initialized == 0) { | |
348 | #ifdef __GNU_LIBRARY__ | |
349 | __libc_lock_lock (_ufc_tables_lock); | |
350 | if(small_tables_initialized) | |
351 | goto small_tables_done; | |
352 | #endif | |
353 | ||
354 | /* | |
355 | * Create the do_pc1 table used | |
356 | * to affect pc1 permutation | |
357 | * when generating keys | |
358 | */ | |
359 | _ufc_clearmem((char*)do_pc1, (int)sizeof(do_pc1)); | |
360 | for(bit = 0; bit < 56; bit++) { | |
361 | comes_from_bit = pc1[bit] - 1; | |
362 | mask1 = bytemask[comes_from_bit % 8 + 1]; | |
363 | mask2 = longmask[bit % 28 + 4]; | |
364 | for(j = 0; j < 128; j++) { | |
365 | if(j & mask1) | |
366 | do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2; | |
367 | } | |
368 | } | |
369 | ||
370 | /* | |
371 | * Create the do_pc2 table used | |
372 | * to affect pc2 permutation when | |
373 | * generating keys | |
374 | */ | |
375 | _ufc_clearmem((char*)do_pc2, (int)sizeof(do_pc2)); | |
376 | for(bit = 0; bit < 48; bit++) { | |
377 | comes_from_bit = pc2[bit] - 1; | |
378 | mask1 = bytemask[comes_from_bit % 7 + 1]; | |
379 | mask2 = BITMASK[bit % 24]; | |
380 | for(j = 0; j < 128; j++) { | |
381 | if(j & mask1) | |
382 | do_pc2[comes_from_bit / 7][j] |= mask2; | |
383 | } | |
384 | } | |
385 | ||
386 | /* | |
387 | * Now generate the table used to do combined | |
388 | * 32 bit permutation and e expansion | |
389 | * | |
390 | * We use it because we have to permute 16384 32 bit | |
391 | * longs into 48 bit in order to initialize sb. | |
392 | * | |
393 | * Looping 48 rounds per permutation becomes | |
394 | * just too slow... | |
395 | * | |
396 | */ | |
397 | ||
398 | _ufc_clearmem((char*)eperm32tab, (int)sizeof(eperm32tab)); | |
399 | for(bit = 0; bit < 48; bit++) { | |
400 | ufc_long mask1,comes_from; | |
401 | comes_from = perm32[esel[bit]-1]-1; | |
402 | mask1 = bytemask[comes_from % 8]; | |
403 | for(j = 256; j--;) { | |
404 | if(j & mask1) | |
405 | eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK[bit % 24]; | |
406 | } | |
407 | } | |
408 | ||
409 | /* | |
410 | * Create an inverse matrix for esel telling | |
411 | * where to plug out bits if undoing it | |
412 | */ | |
413 | for(bit=48; bit--;) { | |
414 | e_inverse[esel[bit] - 1 ] = bit; | |
415 | e_inverse[esel[bit] - 1 + 32] = bit + 48; | |
416 | } | |
417 | ||
418 | /* | |
419 | * create efp: the matrix used to | |
420 | * undo the E expansion and effect final permutation | |
421 | */ | |
422 | _ufc_clearmem((char*)efp, (int)sizeof efp); | |
423 | for(bit = 0; bit < 64; bit++) { | |
424 | int o_bit, o_long; | |
425 | ufc_long word_value, mask1, mask2; | |
426 | int comes_from_f_bit, comes_from_e_bit; | |
427 | int comes_from_word, bit_within_word; | |
428 | ||
429 | /* See where bit i belongs in the two 32 bit long's */ | |
430 | o_long = bit / 32; /* 0..1 */ | |
431 | o_bit = bit % 32; /* 0..31 */ | |
432 | ||
433 | /* | |
434 | * And find a bit in the e permutated value setting this bit. | |
435 | * | |
436 | * Note: the e selection may have selected the same bit several | |
437 | * times. By the initialization of e_inverse, we only look | |
438 | * for one specific instance. | |
439 | */ | |
440 | comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */ | |
441 | comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */ | |
442 | comes_from_word = comes_from_e_bit / 6; /* 0..15 */ | |
443 | bit_within_word = comes_from_e_bit % 6; /* 0..5 */ | |
444 | ||
445 | mask1 = longmask[bit_within_word + 26]; | |
446 | mask2 = longmask[o_bit]; | |
447 | ||
448 | for(word_value = 64; word_value--;) { | |
449 | if(word_value & mask1) | |
450 | efp[comes_from_word][word_value][o_long] |= mask2; | |
451 | } | |
452 | } | |
647450cf | 453 | atomic_write_barrier (); |
63f791d3 GK |
454 | small_tables_initialized = 1; |
455 | #ifdef __GNU_LIBRARY__ | |
456 | small_tables_done: | |
457 | __libc_lock_unlock(_ufc_tables_lock); | |
458 | #endif | |
90f139dd UD |
459 | } else |
460 | atomic_read_barrier (); | |
63f791d3 GK |
461 | |
462 | /* | |
463 | * Create the sb tables: | |
464 | * | |
465 | * For each 12 bit segment of an 48 bit intermediate | |
466 | * result, the sb table precomputes the two 4 bit | |
467 | * values of the sbox lookups done with the two 6 | |
468 | * bit halves, shifts them to their proper place, | |
469 | * sends them through perm32 and finally E expands | |
470 | * them so that they are ready for the next | |
471 | * DES round. | |
472 | * | |
473 | */ | |
474 | ||
8e2045f5 UD |
475 | if (__data->sb0 + sizeof (__data->sb0) == __data->sb1 |
476 | && __data->sb1 + sizeof (__data->sb1) == __data->sb2 | |
477 | && __data->sb2 + sizeof (__data->sb2) == __data->sb3) | |
478 | _ufc_clearmem(__data->sb0, | |
479 | (int)sizeof(__data->sb0) | |
480 | + (int)sizeof(__data->sb1) | |
481 | + (int)sizeof(__data->sb2) | |
482 | + (int)sizeof(__data->sb3)); | |
483 | else { | |
484 | _ufc_clearmem(__data->sb0, (int)sizeof(__data->sb0)); | |
485 | _ufc_clearmem(__data->sb1, (int)sizeof(__data->sb1)); | |
486 | _ufc_clearmem(__data->sb2, (int)sizeof(__data->sb2)); | |
487 | _ufc_clearmem(__data->sb3, (int)sizeof(__data->sb3)); | |
488 | } | |
63f791d3 GK |
489 | |
490 | for(sg = 0; sg < 4; sg++) { | |
491 | int j1, j2; | |
492 | int s1, s2; | |
493 | ||
494 | for(j1 = 0; j1 < 64; j1++) { | |
495 | s1 = s_lookup(2 * sg, j1); | |
496 | for(j2 = 0; j2 < 64; j2++) { | |
497 | ufc_long to_permute, inx; | |
498 | ||
499 | s2 = s_lookup(2 * sg + 1, j2); | |
500 | to_permute = (((ufc_long)s1 << 4) | | |
501 | (ufc_long)s2) << (24 - 8 * (ufc_long)sg); | |
502 | ||
503 | #ifdef _UFC_32_ | |
504 | inx = ((j1 << 6) | j2) << 1; | |
505 | sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0]; | |
506 | sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1]; | |
507 | sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0]; | |
508 | sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1]; | |
509 | sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0]; | |
510 | sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1]; | |
511 | sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0]; | |
512 | sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1]; | |
513 | #endif | |
514 | #ifdef _UFC_64_ | |
515 | inx = ((j1 << 6) | j2); | |
516 | sb[sg][inx] = | |
517 | ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) | | |
518 | (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1]; | |
519 | sb[sg][inx] |= | |
520 | ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) | | |
521 | (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1]; | |
522 | sb[sg][inx] |= | |
523 | ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) | | |
524 | (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1]; | |
525 | sb[sg][inx] |= | |
526 | ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) | | |
527 | (long64)eperm32tab[3][(to_permute) & 0xff][1]; | |
528 | #endif | |
529 | } | |
530 | } | |
531 | } | |
532 | ||
05dab910 RM |
533 | __data->current_saltbits = 0; |
534 | __data->current_salt[0] = 0; | |
535 | __data->current_salt[1] = 0; | |
63f791d3 GK |
536 | __data->initialized++; |
537 | } | |
538 | ||
539 | void | |
60d2f8f3 | 540 | __init_des (void) |
63f791d3 GK |
541 | { |
542 | __init_des_r(&_ufc_foobar); | |
543 | } | |
544 | ||
545 | /* | |
546 | * Process the elements of the sb table permuting the | |
547 | * bits swapped in the expansion by the current salt. | |
548 | */ | |
549 | ||
550 | #ifdef _UFC_32_ | |
551 | STATIC void | |
9d46370c | 552 | shuffle_sb (long32 *k, ufc_long saltbits) |
63f791d3 GK |
553 | { |
554 | ufc_long j; | |
555 | long32 x; | |
556 | for(j=4096; j--;) { | |
557 | x = (k[0] ^ k[1]) & (long32)saltbits; | |
558 | *k++ ^= x; | |
559 | *k++ ^= x; | |
560 | } | |
561 | } | |
562 | #endif | |
563 | ||
564 | #ifdef _UFC_64_ | |
565 | STATIC void | |
9d46370c | 566 | shuffle_sb (long64 *k, ufc_long saltbits) |
63f791d3 GK |
567 | { |
568 | ufc_long j; | |
569 | long64 x; | |
570 | for(j=4096; j--;) { | |
571 | x = ((*k >> 32) ^ *k) & (long64)saltbits; | |
572 | *k++ ^= (x << 32) | x; | |
573 | } | |
574 | } | |
575 | #endif | |
576 | ||
4ba74a35 AO |
577 | /* |
578 | * Return false iff C is in the specified alphabet for crypt salt. | |
579 | */ | |
580 | ||
581 | static bool | |
582 | bad_for_salt (char c) | |
583 | { | |
584 | switch (c) | |
585 | { | |
586 | case '0' ... '9': | |
587 | case 'A' ... 'Z': | |
588 | case 'a' ... 'z': | |
589 | case '.': case '/': | |
590 | return false; | |
591 | ||
592 | default: | |
593 | return true; | |
594 | } | |
595 | } | |
596 | ||
63f791d3 GK |
597 | /* |
598 | * Setup the unit for a new salt | |
599 | * Hopefully we'll not see a new salt in each crypt call. | |
4ba74a35 | 600 | * Return false if an unexpected character was found in s[0] or s[1]. |
63f791d3 GK |
601 | */ |
602 | ||
4ba74a35 | 603 | bool |
9d46370c | 604 | _ufc_setup_salt_r (const char *s, struct crypt_data * __restrict __data) |
63f791d3 GK |
605 | { |
606 | ufc_long i, j, saltbits; | |
4ba74a35 | 607 | char s0, s1; |
63f791d3 GK |
608 | |
609 | if(__data->initialized == 0) | |
610 | __init_des_r(__data); | |
611 | ||
4ba74a35 AO |
612 | s0 = s[0]; |
613 | if(bad_for_salt (s0)) | |
614 | return false; | |
615 | ||
616 | s1 = s[1]; | |
617 | if(bad_for_salt (s1)) | |
618 | return false; | |
619 | ||
620 | if(s0 == __data->current_salt[0] && s1 == __data->current_salt[1]) | |
621 | return true; | |
622 | ||
623 | __data->current_salt[0] = s0; | |
624 | __data->current_salt[1] = s1; | |
63f791d3 GK |
625 | |
626 | /* | |
627 | * This is the only crypt change to DES: | |
628 | * entries are swapped in the expansion table | |
629 | * according to the bits set in the salt. | |
630 | */ | |
631 | saltbits = 0; | |
632 | for(i = 0; i < 2; i++) { | |
633 | long c=ascii_to_bin(s[i]); | |
634 | for(j = 0; j < 6; j++) { | |
635 | if((c >> j) & 0x1) | |
636 | saltbits |= BITMASK[6 * i + j]; | |
637 | } | |
638 | } | |
639 | ||
640 | /* | |
641 | * Permute the sb table values | |
642 | * to reflect the changed e | |
643 | * selection table | |
644 | */ | |
645 | #ifdef _UFC_32_ | |
646 | #define LONGG long32* | |
647 | #endif | |
648 | #ifdef _UFC_64_ | |
649 | #define LONGG long64* | |
650 | #endif | |
651 | ||
652 | shuffle_sb((LONGG)__data->sb0, __data->current_saltbits ^ saltbits); | |
653 | shuffle_sb((LONGG)__data->sb1, __data->current_saltbits ^ saltbits); | |
654 | shuffle_sb((LONGG)__data->sb2, __data->current_saltbits ^ saltbits); | |
655 | shuffle_sb((LONGG)__data->sb3, __data->current_saltbits ^ saltbits); | |
656 | ||
657 | __data->current_saltbits = saltbits; | |
4ba74a35 AO |
658 | |
659 | return true; | |
63f791d3 GK |
660 | } |
661 | ||
662 | void | |
9d46370c | 663 | _ufc_mk_keytab_r (const char *key, struct crypt_data * __restrict __data) |
63f791d3 GK |
664 | { |
665 | ufc_long v1, v2, *k1; | |
666 | int i; | |
667 | #ifdef _UFC_32_ | |
668 | long32 v, *k2; | |
669 | k2 = (long32*)__data->keysched; | |
670 | #endif | |
671 | #ifdef _UFC_64_ | |
672 | long64 v, *k2; | |
673 | k2 = (long64*)__data->keysched; | |
674 | #endif | |
675 | ||
676 | v1 = v2 = 0; k1 = &do_pc1[0][0][0]; | |
677 | for(i = 8; i--;) { | |
678 | v1 |= k1[*key & 0x7f]; k1 += 128; | |
679 | v2 |= k1[*key++ & 0x7f]; k1 += 128; | |
680 | } | |
681 | ||
682 | for(i = 0; i < 16; i++) { | |
683 | k1 = &do_pc2[0][0]; | |
684 | ||
685 | v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i])); | |
686 | v = k1[(v1 >> 21) & 0x7f]; k1 += 128; | |
687 | v |= k1[(v1 >> 14) & 0x7f]; k1 += 128; | |
688 | v |= k1[(v1 >> 7) & 0x7f]; k1 += 128; | |
689 | v |= k1[(v1 ) & 0x7f]; k1 += 128; | |
690 | ||
691 | #ifdef _UFC_32_ | |
692 | *k2++ = (v | 0x00008000); | |
693 | v = 0; | |
694 | #endif | |
695 | #ifdef _UFC_64_ | |
696 | v = (v << 32); | |
697 | #endif | |
698 | ||
699 | v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i])); | |
700 | v |= k1[(v2 >> 21) & 0x7f]; k1 += 128; | |
701 | v |= k1[(v2 >> 14) & 0x7f]; k1 += 128; | |
702 | v |= k1[(v2 >> 7) & 0x7f]; k1 += 128; | |
703 | v |= k1[(v2 ) & 0x7f]; | |
704 | ||
705 | #ifdef _UFC_32_ | |
706 | *k2++ = (v | 0x00008000); | |
707 | #endif | |
708 | #ifdef _UFC_64_ | |
709 | *k2++ = v | 0x0000800000008000l; | |
710 | #endif | |
711 | } | |
712 | ||
713 | __data->direction = 0; | |
714 | } | |
715 | ||
716 | /* | |
717 | * Undo an extra E selection and do final permutations | |
718 | */ | |
719 | ||
720 | void | |
9d46370c | 721 | _ufc_dofinalperm_r (ufc_long *res, struct crypt_data * __restrict __data) |
63f791d3 GK |
722 | { |
723 | ufc_long v1, v2, x; | |
724 | ufc_long l1,l2,r1,r2; | |
725 | ||
726 | l1 = res[0]; l2 = res[1]; | |
727 | r1 = res[2]; r2 = res[3]; | |
728 | ||
729 | x = (l1 ^ l2) & __data->current_saltbits; l1 ^= x; l2 ^= x; | |
730 | x = (r1 ^ r2) & __data->current_saltbits; r1 ^= x; r2 ^= x; | |
731 | ||
732 | v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3; | |
733 | ||
734 | v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1]; | |
735 | v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1]; | |
736 | v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1]; | |
737 | v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1]; | |
738 | ||
739 | v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1]; | |
740 | v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1]; | |
741 | v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1]; | |
742 | v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1]; | |
743 | ||
744 | v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1]; | |
745 | v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1]; | |
746 | v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1]; | |
747 | v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1]; | |
748 | ||
749 | v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1]; | |
750 | v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1]; | |
751 | v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1]; | |
752 | v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1]; | |
753 | ||
754 | res[0] = v1; res[1] = v2; | |
755 | } | |
756 | ||
757 | /* | |
758 | * crypt only: convert from 64 bit to 11 bit ASCII | |
759 | * prefixing with the salt | |
760 | */ | |
761 | ||
762 | void | |
41075ae3 JM |
763 | _ufc_output_conversion_r (ufc_long v1, ufc_long v2, const char *salt, |
764 | struct crypt_data * __restrict __data) | |
63f791d3 GK |
765 | { |
766 | int i, s, shf; | |
767 | ||
768 | __data->crypt_3_buf[0] = salt[0]; | |
769 | __data->crypt_3_buf[1] = salt[1] ? salt[1] : salt[0]; | |
770 | ||
771 | for(i = 0; i < 5; i++) { | |
772 | shf = (26 - 6 * i); /* to cope with MSC compiler bug */ | |
773 | __data->crypt_3_buf[i + 2] = bin_to_ascii((v1 >> shf) & 0x3f); | |
774 | } | |
775 | ||
776 | s = (v2 & 0xf) << 2; | |
777 | v2 = (v2 >> 2) | ((v1 & 0x3) << 30); | |
778 | ||
779 | for(i = 5; i < 10; i++) { | |
780 | shf = (56 - 6 * i); | |
781 | __data->crypt_3_buf[i + 2] = bin_to_ascii((v2 >> shf) & 0x3f); | |
782 | } | |
783 | ||
784 | __data->crypt_3_buf[12] = bin_to_ascii(s); | |
785 | __data->crypt_3_buf[13] = 0; | |
786 | } | |
787 | ||
788 | ||
789 | /* | |
790 | * UNIX encrypt function. Takes a bitvector | |
791 | * represented by one byte per bit and | |
792 | * encrypt/decrypt according to edflag | |
793 | */ | |
794 | ||
795 | void | |
f63f2bfd JM |
796 | __encrypt_r (char *__block, int __edflag, |
797 | struct crypt_data * __restrict __data) | |
63f791d3 GK |
798 | { |
799 | ufc_long l1, l2, r1, r2, res[4]; | |
800 | int i; | |
801 | #ifdef _UFC_32_ | |
802 | long32 *kt; | |
803 | kt = (long32*)__data->keysched; | |
804 | #endif | |
805 | #ifdef _UFC_64_ | |
806 | long64 *kt; | |
807 | kt = (long64*)__data->keysched; | |
808 | #endif | |
809 | ||
810 | /* | |
811 | * Undo any salt changes to E expansion | |
812 | */ | |
813 | _ufc_setup_salt_r("..", __data); | |
814 | ||
815 | /* | |
816 | * Reverse key table if | |
817 | * changing operation (encrypt/decrypt) | |
818 | */ | |
819 | if((__edflag == 0) != (__data->direction == 0)) { | |
820 | for(i = 0; i < 8; i++) { | |
821 | #ifdef _UFC_32_ | |
822 | long32 x; | |
823 | x = kt[2 * (15-i)]; | |
824 | kt[2 * (15-i)] = kt[2 * i]; | |
825 | kt[2 * i] = x; | |
826 | ||
827 | x = kt[2 * (15-i) + 1]; | |
828 | kt[2 * (15-i) + 1] = kt[2 * i + 1]; | |
829 | kt[2 * i + 1] = x; | |
830 | #endif | |
831 | #ifdef _UFC_64_ | |
832 | long64 x; | |
833 | x = kt[15-i]; | |
834 | kt[15-i] = kt[i]; | |
835 | kt[i] = x; | |
836 | #endif | |
837 | } | |
838 | __data->direction = __edflag; | |
839 | } | |
840 | ||
841 | /* | |
842 | * Do initial permutation + E expansion | |
843 | */ | |
844 | i = 0; | |
845 | for(l1 = 0; i < 24; i++) { | |
846 | if(__block[initial_perm[esel[i]-1]-1]) | |
847 | l1 |= BITMASK[i]; | |
848 | } | |
849 | for(l2 = 0; i < 48; i++) { | |
850 | if(__block[initial_perm[esel[i]-1]-1]) | |
851 | l2 |= BITMASK[i-24]; | |
852 | } | |
853 | ||
854 | i = 0; | |
855 | for(r1 = 0; i < 24; i++) { | |
856 | if(__block[initial_perm[esel[i]-1+32]-1]) | |
857 | r1 |= BITMASK[i]; | |
858 | } | |
859 | for(r2 = 0; i < 48; i++) { | |
860 | if(__block[initial_perm[esel[i]-1+32]-1]) | |
861 | r2 |= BITMASK[i-24]; | |
862 | } | |
863 | ||
864 | /* | |
865 | * Do DES inner loops + final conversion | |
866 | */ | |
867 | res[0] = l1; res[1] = l2; | |
868 | res[2] = r1; res[3] = r2; | |
869 | _ufc_doit_r((ufc_long)1, __data, &res[0]); | |
870 | ||
871 | /* | |
872 | * Do final permutations | |
873 | */ | |
874 | _ufc_dofinalperm_r(res, __data); | |
875 | ||
876 | /* | |
877 | * And convert to bit array | |
878 | */ | |
879 | l1 = res[0]; r1 = res[1]; | |
880 | for(i = 0; i < 32; i++) { | |
881 | *__block++ = (l1 & longmask[i]) != 0; | |
882 | } | |
883 | for(i = 0; i < 32; i++) { | |
884 | *__block++ = (r1 & longmask[i]) != 0; | |
885 | } | |
886 | } | |
887 | weak_alias (__encrypt_r, encrypt_r) | |
888 | ||
889 | void | |
9d46370c | 890 | encrypt (char *__block, int __edflag) |
63f791d3 GK |
891 | { |
892 | __encrypt_r(__block, __edflag, &_ufc_foobar); | |
893 | } | |
894 | ||
895 | ||
896 | /* | |
897 | * UNIX setkey function. Take a 64 bit DES | |
898 | * key and setup the machinery. | |
899 | */ | |
900 | ||
901 | void | |
9d46370c | 902 | __setkey_r (const char *__key, struct crypt_data * __restrict __data) |
63f791d3 GK |
903 | { |
904 | int i,j; | |
905 | unsigned char c; | |
906 | unsigned char ktab[8]; | |
907 | ||
908 | _ufc_setup_salt_r("..", __data); /* be sure we're initialized */ | |
909 | ||
910 | for(i = 0; i < 8; i++) { | |
911 | for(j = 0, c = 0; j < 8; j++) | |
912 | c = c << 1 | *__key++; | |
913 | ktab[i] = c >> 1; | |
914 | } | |
9cfe5381 | 915 | _ufc_mk_keytab_r((char *) ktab, __data); |
63f791d3 GK |
916 | } |
917 | weak_alias (__setkey_r, setkey_r) | |
918 | ||
919 | void | |
9d46370c | 920 | setkey (const char *__key) |
63f791d3 GK |
921 | { |
922 | __setkey_r(__key, &_ufc_foobar); | |
923 | } | |
8747cd03 KS |
924 | |
925 | void | |
926 | __b64_from_24bit (char **cp, int *buflen, | |
927 | unsigned int b2, unsigned int b1, unsigned int b0, | |
928 | int n) | |
929 | { | |
930 | unsigned int w = (b2 << 16) | (b1 << 8) | b0; | |
931 | while (n-- > 0 && (*buflen) > 0) | |
932 | { | |
933 | *(*cp)++ = b64t[w & 0x3f]; | |
934 | --(*buflen); | |
935 | w >>= 6; | |
936 | } | |
937 | } |