]> git.ipfire.org Git - thirdparty/glibc.git/blame - crypt/crypt_util.c
projects / thirdparty / glibc.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Update copyright dates with scripts/update-copyrights.
[thirdparty/glibc.git] / crypt / crypt_util.c
CommitLineData
63f791d3
GK		 1/*
2 * UFC-crypt: ultra fast crypt(3) implementation
3 *
b168057a 4 * Copyright (C) 1991-2015 Free Software Foundation, Inc.
63f791d3
GK		 5 *
6 * This library is free software; you can redistribute it and/or
cc7375ce 7 * modify it under the terms of the GNU Lesser General Public
63f791d3 8 * License as published by the Free Software Foundation; either
cc7375ce 9 * version 2.1 of the License, or (at your option) any later version.
63f791d3
GK		 10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
cc7375ce 14 * Lesser General Public License for more details.
63f791d3 15 *
cc7375ce 16 * You should have received a copy of the GNU Lesser General Public
63f791d3 17 * License along with this library; see the file COPYING.LIB. If not,
59ba27a6 18 * see <http://www.gnu.org/licenses/>.
63f791d3
GK		 19 *
20 * @(#)crypt_util.c 2.56 12/20/96
21 *
22 * Support routines
23 *
24 */
25
26#ifdef DEBUG
27#include <stdio.h>
28#endif
3fedf0fe 29#include <atomic.h>
63f791d3
GK		 30#include <string.h>
31
32#ifndef STATIC
33#define STATIC static
34#endif
35
63f791d3
GK		 36#include "crypt-private.h"
37
38/* Prototypes for local functions. */
63f791d3
GK		 39#ifndef __GNU_LIBRARY__
40void _ufc_clearmem (char *start, int cnt);
41void _ufc_copymem (char *from, char *to, int cnt);
42#endif
43#ifdef _UFC_32_
44STATIC void shuffle_sb (long32 *k, ufc_long saltbits);
45#else
46STATIC void shuffle_sb (long64 *k, ufc_long saltbits);
47#endif
63f791d3
GK		 48
49
63f791d3
GK		 50/*
51 * Permutation done once on the 56 bit
52 * key derived from the original 8 byte ASCII key.
53 */
54static const int pc1[56] = {
55 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
56 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
57 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
58 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
59};
60
61/*
62 * How much to rotate each 28 bit half of the pc1 permutated
63 * 56 bit key before using pc2 to give the i' key
64 */
65static const int rots[16] = {
66 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
67};
68
69/*
70 * Permutation giving the key
71 * of the i' DES round
72 */
73static const int pc2[48] = {
74 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
75 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
76 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
77 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
78};
79
80/*
81 * The E expansion table which selects
82 * bits from the 32 bit intermediate result.
83 */
84static const int esel[48] = {
85 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
86 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
87 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
88 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
89};
90
91/*
92 * Permutation done on the
93 * result of sbox lookups
94 */
95static const int perm32[32] = {
96 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
97 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
98};
99
100/*
101 * The sboxes
102 */
103static const int sbox[8][4][16]= {
647450cf
UD		 104 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
105 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
106 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
107 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }
108 },
109
110 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
111 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
112 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
113 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }
114 },
115
116 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
117 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
118 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
119 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }
120 },
121
122 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
123 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
124 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
125 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }
126 },
127
128 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
129 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
130 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
131 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }
132 },
133
134 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
135 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
136 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
137 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }
138 },
139
140 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
141 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
142 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
143 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }
144 },
145
146 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
147 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
148 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
149 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 }
150 }
63f791d3
GK		 151};
152
153/*
154 * This is the initial
155 * permutation matrix
156 */
157static const int initial_perm[64] = {
158 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
159 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
160 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
161 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
162};
163
164/*
165 * This is the final
166 * permutation matrix
167 */
168static const int final_perm[64] = {
169 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
170 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
171 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
172 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
173};
174
175#define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
176#define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
177
178static const ufc_long BITMASK[24] = {
179 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000,
180 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000,
181 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200,
182 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008
183};
184
185static const unsigned char bytemask[8] = {
186 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
187};
188
189static const ufc_long longmask[32] = {
190 0x80000000, 0x40000000, 0x20000000, 0x10000000,
191 0x08000000, 0x04000000, 0x02000000, 0x01000000,
192 0x00800000, 0x00400000, 0x00200000, 0x00100000,
193 0x00080000, 0x00040000, 0x00020000, 0x00010000,
194 0x00008000, 0x00004000, 0x00002000, 0x00001000,
195 0x00000800, 0x00000400, 0x00000200, 0x00000100,
196 0x00000080, 0x00000040, 0x00000020, 0x00000010,
197 0x00000008, 0x00000004, 0x00000002, 0x00000001
198};
199
200/*
201 * do_pc1: permform pc1 permutation in the key schedule generation.
202 *
203 * The first index is the byte number in the 8 byte ASCII key
204 * - second - - the two 28 bits halfs of the result
205 * - third - selects the 7 bits actually used of each byte
206 *
207 * The result is kept with 28 bit per 32 bit with the 4 most significant
208 * bits zero.
209 */
210static ufc_long do_pc1[8][2][128];
211
212/*
213 * do_pc2: permform pc2 permutation in the key schedule generation.
214 *
215 * The first index is the septet number in the two 28 bit intermediate values
216 * - second - - - septet values
217 *
218 * Knowledge of the structure of the pc2 permutation is used.
219 *
220 * The result is kept with 28 bit per 32 bit with the 4 most significant
221 * bits zero.
222 */
223static ufc_long do_pc2[8][128];
224
225/*
226 * eperm32tab: do 32 bit permutation and E selection
227 *
228 * The first index is the byte number in the 32 bit value to be permuted
229 * - second - is the value of this byte
230 * - third - selects the two 32 bit values
231 *
232 * The table is used and generated internally in init_des to speed it up
233 */
234static ufc_long eperm32tab[4][256][2];
235
236/*
237 * efp: undo an extra e selection and do final
238 * permutation giving the DES result.
239 *
240 * Invoked 6 bit a time on two 48 bit values
241 * giving two 32 bit longs.
242 */
243static ufc_long efp[16][64][2];
244
8747cd03
KS		 245/* Table with characters for base64 transformation. */
246static const char b64t[64] =
247"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
248
63f791d3
GK		 249/*
250 * For use by the old, non-reentrant routines
251 * (crypt/encrypt/setkey)
252 */
253struct crypt_data _ufc_foobar;
254
255#ifdef __GNU_LIBRARY__
256#include <bits/libc-lock.h>
257
258__libc_lock_define_initialized (static, _ufc_tables_lock)
259#endif
260
261#ifdef DEBUG
262
263void
264_ufc_prbits(a, n)
265 ufc_long *a;
266 int n;
267{
268 ufc_long i, j, t, tmp;
269 n /= 8;
270 for(i = 0; i < n; i++) {
271 tmp=0;
272 for(j = 0; j < 8; j++) {
273 t=8*i+j;
274 tmp|=(a[t/24] & BITMASK[t % 24])?bytemask[j]:0;
275 }
276 (void)printf("%02x ",tmp);
277 }
278 printf(" ");
279}
280
281static void
282_ufc_set_bits(v, b)
283 ufc_long v;
284 ufc_long *b;
285{
286 ufc_long i;
287 *b = 0;
288 for(i = 0; i < 24; i++) {
289 if(v & longmask[8 + i])
290 *b |= BITMASK[i];
291 }
292}
293
294#endif
295
296#ifndef __GNU_LIBRARY__
297/*
298 * Silly rewrites of 'bzero'/'memset'. I do so
299 * because some machines don't have
300 * bzero and some don't have memset.
301 */
302
303void
304_ufc_clearmem(start, cnt)
305 char *start;
306 int cnt;
307{
308 while(cnt--)
309 *start++ = '\0';
310}
311
312void
313_ufc_copymem(from, to, cnt)
314 char *from, *to;
315 int cnt;
316{
317 while(cnt--)
318 *to++ = *from++;
319}
320#else
321#define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
322#define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt)
323#endif
324
325/* lookup a 6 bit value in sbox */
326
327#define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
328
329/*
330 * Initialize unit - may be invoked directly
331 * by fcrypt users.
332 */
333
334void
335__init_des_r(__data)
336 struct crypt_data * __restrict __data;
337{
338 int comes_from_bit;
339 int bit, sg;
340 ufc_long j;
341 ufc_long mask1, mask2;
342 int e_inverse[64];
343 static volatile int small_tables_initialized = 0;
344
345#ifdef _UFC_32_
346 long32 *sb[4];
347 sb[0] = (long32*)__data->sb0; sb[1] = (long32*)__data->sb1;
348 sb[2] = (long32*)__data->sb2; sb[3] = (long32*)__data->sb3;
349#endif
350#ifdef _UFC_64_
351 long64 *sb[4];
352 sb[0] = (long64*)__data->sb0; sb[1] = (long64*)__data->sb1;
353 sb[2] = (long64*)__data->sb2; sb[3] = (long64*)__data->sb3;
354#endif
355
356 if(small_tables_initialized == 0) {
357#ifdef __GNU_LIBRARY__
358 __libc_lock_lock (_ufc_tables_lock);
359 if(small_tables_initialized)
360 goto small_tables_done;
361#endif
362
363 /*
364 * Create the do_pc1 table used
365 * to affect pc1 permutation
366 * when generating keys
367 */
368 _ufc_clearmem((char*)do_pc1, (int)sizeof(do_pc1));
369 for(bit = 0; bit < 56; bit++) {
370 comes_from_bit = pc1[bit] - 1;
371 mask1 = bytemask[comes_from_bit % 8 + 1];
372 mask2 = longmask[bit % 28 + 4];
373 for(j = 0; j < 128; j++) {
374 if(j & mask1)
375 do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2;
376 }
377 }
378
379 /*
380 * Create the do_pc2 table used
381 * to affect pc2 permutation when
382 * generating keys
383 */
384 _ufc_clearmem((char*)do_pc2, (int)sizeof(do_pc2));
385 for(bit = 0; bit < 48; bit++) {
386 comes_from_bit = pc2[bit] - 1;
387 mask1 = bytemask[comes_from_bit % 7 + 1];
388 mask2 = BITMASK[bit % 24];
389 for(j = 0; j < 128; j++) {
390 if(j & mask1)
391 do_pc2[comes_from_bit / 7][j] |= mask2;
392 }
393 }
394
395 /*
396 * Now generate the table used to do combined
397 * 32 bit permutation and e expansion
398 *
399 * We use it because we have to permute 16384 32 bit
400 * longs into 48 bit in order to initialize sb.
401 *
402 * Looping 48 rounds per permutation becomes
403 * just too slow...
404 *
405 */
406
407 _ufc_clearmem((char*)eperm32tab, (int)sizeof(eperm32tab));
408 for(bit = 0; bit < 48; bit++) {
409 ufc_long mask1,comes_from;
410 comes_from = perm32[esel[bit]-1]-1;
411 mask1 = bytemask[comes_from % 8];
412 for(j = 256; j--;) {
413 if(j & mask1)
414 eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK[bit % 24];
415 }
416 }
417
418 /*
419 * Create an inverse matrix for esel telling
420 * where to plug out bits if undoing it
421 */
422 for(bit=48; bit--;) {
423 e_inverse[esel[bit] - 1 ] = bit;
424 e_inverse[esel[bit] - 1 + 32] = bit + 48;
425 }
426
427 /*
428 * create efp: the matrix used to
429 * undo the E expansion and effect final permutation
430 */
431 _ufc_clearmem((char*)efp, (int)sizeof efp);
432 for(bit = 0; bit < 64; bit++) {
433 int o_bit, o_long;
434 ufc_long word_value, mask1, mask2;
435 int comes_from_f_bit, comes_from_e_bit;
436 int comes_from_word, bit_within_word;
437
438 /* See where bit i belongs in the two 32 bit long's */
439 o_long = bit / 32; /* 0..1 */
440 o_bit = bit % 32; /* 0..31 */
441
442 /*
443 * And find a bit in the e permutated value setting this bit.
444 *
445 * Note: the e selection may have selected the same bit several
446 * times. By the initialization of e_inverse, we only look
447 * for one specific instance.
448 */
449 comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */
450 comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */
451 comes_from_word = comes_from_e_bit / 6; /* 0..15 */
452 bit_within_word = comes_from_e_bit % 6; /* 0..5 */
453
454 mask1 = longmask[bit_within_word + 26];
455 mask2 = longmask[o_bit];
456
457 for(word_value = 64; word_value--;) {
458 if(word_value & mask1)
459 efp[comes_from_word][word_value][o_long] |= mask2;
460 }
461 }
647450cf 462 atomic_write_barrier ();
63f791d3
GK		 463 small_tables_initialized = 1;
464#ifdef __GNU_LIBRARY__
465small_tables_done:
466 __libc_lock_unlock(_ufc_tables_lock);
467#endif
90f139dd
UD		 468 } else
469 atomic_read_barrier ();
63f791d3
GK		 470
471 /*
472 * Create the sb tables:
473 *
474 * For each 12 bit segment of an 48 bit intermediate
475 * result, the sb table precomputes the two 4 bit
476 * values of the sbox lookups done with the two 6
477 * bit halves, shifts them to their proper place,
478 * sends them through perm32 and finally E expands
479 * them so that they are ready for the next
480 * DES round.
481 *
482 */
483
8e2045f5
UD		 484 if (__data->sb0 + sizeof (__data->sb0) == __data->sb1
485 && __data->sb1 + sizeof (__data->sb1) == __data->sb2
486 && __data->sb2 + sizeof (__data->sb2) == __data->sb3)
487 _ufc_clearmem(__data->sb0,
488 (int)sizeof(__data->sb0)
489 + (int)sizeof(__data->sb1)
490 + (int)sizeof(__data->sb2)
491 + (int)sizeof(__data->sb3));
492 else {
493 _ufc_clearmem(__data->sb0, (int)sizeof(__data->sb0));
494 _ufc_clearmem(__data->sb1, (int)sizeof(__data->sb1));
495 _ufc_clearmem(__data->sb2, (int)sizeof(__data->sb2));
496 _ufc_clearmem(__data->sb3, (int)sizeof(__data->sb3));
497 }
63f791d3
GK		 498
499 for(sg = 0; sg < 4; sg++) {
500 int j1, j2;
501 int s1, s2;
502
503 for(j1 = 0; j1 < 64; j1++) {
504 s1 = s_lookup(2 * sg, j1);
505 for(j2 = 0; j2 < 64; j2++) {
506 ufc_long to_permute, inx;
507
508 s2 = s_lookup(2 * sg + 1, j2);
509 to_permute = (((ufc_long)s1 << 4) |
510 (ufc_long)s2) << (24 - 8 * (ufc_long)sg);
511
512#ifdef _UFC_32_
513 inx = ((j1 << 6) | j2) << 1;
514 sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0];
515 sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1];
516 sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0];
517 sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1];
518 sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0];
519 sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1];
520 sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0];
521 sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1];
522#endif
523#ifdef _UFC_64_
524 inx = ((j1 << 6) | j2);
525 sb[sg][inx] =
526 ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) |
527 (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1];
528 sb[sg][inx] |=
529 ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) |
530 (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1];
531 sb[sg][inx] |=
532 ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) |
533 (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1];
534 sb[sg][inx] |=
535 ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) |
536 (long64)eperm32tab[3][(to_permute) & 0xff][1];
537#endif
538 }
539 }
540 }
541
05dab910
RM		 542 __data->current_saltbits = 0;
543 __data->current_salt[0] = 0;
544 __data->current_salt[1] = 0;
63f791d3
GK		 545 __data->initialized++;
546}
547
548void
60d2f8f3 549__init_des (void)
63f791d3
GK		 550{
551 __init_des_r(&_ufc_foobar);
552}
553
554/*
555 * Process the elements of the sb table permuting the
556 * bits swapped in the expansion by the current salt.
557 */
558
559#ifdef _UFC_32_
560STATIC void
561shuffle_sb(k, saltbits)
562 long32 *k;
563 ufc_long saltbits;
564{
565 ufc_long j;
566 long32 x;
567 for(j=4096; j--;) {
568 x = (k[0] ^ k[1]) & (long32)saltbits;
569 *k++ ^= x;
570 *k++ ^= x;
571 }
572}
573#endif
574
575#ifdef _UFC_64_
576STATIC void
577shuffle_sb(k, saltbits)
578 long64 *k;
579 ufc_long saltbits;
580{
581 ufc_long j;
582 long64 x;
583 for(j=4096; j--;) {
584 x = ((*k >> 32) ^ *k) & (long64)saltbits;
585 *k++ ^= (x << 32) | x;
586 }
587}
588#endif
589
4ba74a35
AO		 590/*
591 * Return false iff C is in the specified alphabet for crypt salt.
592 */
593
594static bool
595bad_for_salt (char c)
596{
597 switch (c)
598 {
599 case '0' ... '9':
600 case 'A' ... 'Z':
601 case 'a' ... 'z':
602 case '.': case '/':
603 return false;
604
605 default:
606 return true;
607 }
608}
609
63f791d3
GK		 610/*
611 * Setup the unit for a new salt
612 * Hopefully we'll not see a new salt in each crypt call.
4ba74a35 613 * Return false if an unexpected character was found in s[0] or s[1].
63f791d3
GK		 614 */
615
4ba74a35 616bool
63f791d3 617_ufc_setup_salt_r(s, __data)
a784e502 618 const char *s;
63f791d3
GK		 619 struct crypt_data * __restrict __data;
620{
621 ufc_long i, j, saltbits;
4ba74a35 622 char s0, s1;
63f791d3
GK		 623
624 if(__data->initialized == 0)
625 __init_des_r(__data);
626
4ba74a35
AO		 627 s0 = s[0];
628 if(bad_for_salt (s0))
629 return false;
630
631 s1 = s[1];
632 if(bad_for_salt (s1))
633 return false;
634
635 if(s0 == __data->current_salt[0] && s1 == __data->current_salt[1])
636 return true;
637
638 __data->current_salt[0] = s0;
639 __data->current_salt[1] = s1;
63f791d3
GK		 640
641 /*
642 * This is the only crypt change to DES:
643 * entries are swapped in the expansion table
644 * according to the bits set in the salt.
645 */
646 saltbits = 0;
647 for(i = 0; i < 2; i++) {
648 long c=ascii_to_bin(s[i]);
649 for(j = 0; j < 6; j++) {
650 if((c >> j) & 0x1)
651 saltbits |= BITMASK[6 * i + j];
652 }
653 }
654
655 /*
656 * Permute the sb table values
657 * to reflect the changed e
658 * selection table
659 */
660#ifdef _UFC_32_
661#define LONGG long32*
662#endif
663#ifdef _UFC_64_
664#define LONGG long64*
665#endif
666
667 shuffle_sb((LONGG)__data->sb0, __data->current_saltbits ^ saltbits);
668 shuffle_sb((LONGG)__data->sb1, __data->current_saltbits ^ saltbits);
669 shuffle_sb((LONGG)__data->sb2, __data->current_saltbits ^ saltbits);
670 shuffle_sb((LONGG)__data->sb3, __data->current_saltbits ^ saltbits);
671
672 __data->current_saltbits = saltbits;
4ba74a35
AO		 673
674 return true;
63f791d3
GK		 675}
676
677void
678_ufc_mk_keytab_r(key, __data)
679 const char *key;
680 struct crypt_data * __restrict __data;
681{
682 ufc_long v1, v2, *k1;
683 int i;
684#ifdef _UFC_32_
685 long32 v, *k2;
686 k2 = (long32*)__data->keysched;
687#endif
688#ifdef _UFC_64_
689 long64 v, *k2;
690 k2 = (long64*)__data->keysched;
691#endif
692
693 v1 = v2 = 0; k1 = &do_pc1[0][0][0];
694 for(i = 8; i--;) {
695 v1 |= k1[*key & 0x7f]; k1 += 128;
696 v2 |= k1[*key++ & 0x7f]; k1 += 128;
697 }
698
699 for(i = 0; i < 16; i++) {
700 k1 = &do_pc2[0][0];
701
702 v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i]));
703 v = k1[(v1 >> 21) & 0x7f]; k1 += 128;
704 v |= k1[(v1 >> 14) & 0x7f]; k1 += 128;
705 v |= k1[(v1 >> 7) & 0x7f]; k1 += 128;
706 v |= k1[(v1 ) & 0x7f]; k1 += 128;
707
708#ifdef _UFC_32_
709 *k2++ = (v | 0x00008000);
710 v = 0;
711#endif
712#ifdef _UFC_64_
713 v = (v << 32);
714#endif
715
716 v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i]));
717 v |= k1[(v2 >> 21) & 0x7f]; k1 += 128;
718 v |= k1[(v2 >> 14) & 0x7f]; k1 += 128;
719 v |= k1[(v2 >> 7) & 0x7f]; k1 += 128;
720 v |= k1[(v2 ) & 0x7f];
721
722#ifdef _UFC_32_
723 *k2++ = (v | 0x00008000);
724#endif
725#ifdef _UFC_64_
726 *k2++ = v | 0x0000800000008000l;
727#endif
728 }
729
730 __data->direction = 0;
731}
732
733/*
734 * Undo an extra E selection and do final permutations
735 */
736
737void
738_ufc_dofinalperm_r(res, __data)
739 ufc_long *res;
740 struct crypt_data * __restrict __data;
741{
742 ufc_long v1, v2, x;
743 ufc_long l1,l2,r1,r2;
744
745 l1 = res[0]; l2 = res[1];
746 r1 = res[2]; r2 = res[3];
747
748 x = (l1 ^ l2) & __data->current_saltbits; l1 ^= x; l2 ^= x;
749 x = (r1 ^ r2) & __data->current_saltbits; r1 ^= x; r2 ^= x;
750
751 v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3;
752
753 v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1];
754 v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1];
755 v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1];
756 v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1];
757
758 v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1];
759 v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1];
760 v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1];
761 v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1];
762
763 v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1];
764 v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1];
765 v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1];
766 v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1];
767
768 v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1];
769 v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1];
770 v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1];
771 v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1];
772
773 res[0] = v1; res[1] = v2;
774}
775
776/*
777 * crypt only: convert from 64 bit to 11 bit ASCII
778 * prefixing with the salt
779 */
780
781void
782_ufc_output_conversion_r(v1, v2, salt, __data)
783 ufc_long v1, v2;
a784e502 784 const char *salt;
63f791d3
GK		 785 struct crypt_data * __restrict __data;
786{
787 int i, s, shf;
788
789 __data->crypt_3_buf[0] = salt[0];
790 __data->crypt_3_buf[1] = salt[1] ? salt[1] : salt[0];
791
792 for(i = 0; i < 5; i++) {
793 shf = (26 - 6 * i); /* to cope with MSC compiler bug */
794 __data->crypt_3_buf[i + 2] = bin_to_ascii((v1 >> shf) & 0x3f);
795 }
796
797 s = (v2 & 0xf) << 2;
798 v2 = (v2 >> 2) | ((v1 & 0x3) << 30);
799
800 for(i = 5; i < 10; i++) {
801 shf = (56 - 6 * i);
802 __data->crypt_3_buf[i + 2] = bin_to_ascii((v2 >> shf) & 0x3f);
803 }
804
805 __data->crypt_3_buf[12] = bin_to_ascii(s);
806 __data->crypt_3_buf[13] = 0;
807}
808
809
810/*
811 * UNIX encrypt function. Takes a bitvector
812 * represented by one byte per bit and
813 * encrypt/decrypt according to edflag
814 */
815
816void
817__encrypt_r(__block, __edflag, __data)
818 char *__block;
819 int __edflag;
820 struct crypt_data * __restrict __data;
821{
822 ufc_long l1, l2, r1, r2, res[4];
823 int i;
824#ifdef _UFC_32_
825 long32 *kt;
826 kt = (long32*)__data->keysched;
827#endif
828#ifdef _UFC_64_
829 long64 *kt;
830 kt = (long64*)__data->keysched;
831#endif
832
833 /*
834 * Undo any salt changes to E expansion
835 */
836 _ufc_setup_salt_r("..", __data);
837
838 /*
839 * Reverse key table if
840 * changing operation (encrypt/decrypt)
841 */
842 if((__edflag == 0) != (__data->direction == 0)) {
843 for(i = 0; i < 8; i++) {
844#ifdef _UFC_32_
845 long32 x;
846 x = kt[2 * (15-i)];
847 kt[2 * (15-i)] = kt[2 * i];
848 kt[2 * i] = x;
849
850 x = kt[2 * (15-i) + 1];
851 kt[2 * (15-i) + 1] = kt[2 * i + 1];
852 kt[2 * i + 1] = x;
853#endif
854#ifdef _UFC_64_
855 long64 x;
856 x = kt[15-i];
857 kt[15-i] = kt[i];
858 kt[i] = x;
859#endif
860 }
861 __data->direction = __edflag;
862 }
863
864 /*
865 * Do initial permutation + E expansion
866 */
867 i = 0;
868 for(l1 = 0; i < 24; i++) {
869 if(__block[initial_perm[esel[i]-1]-1])
870 l1 |= BITMASK[i];
871 }
872 for(l2 = 0; i < 48; i++) {
873 if(__block[initial_perm[esel[i]-1]-1])
874 l2 |= BITMASK[i-24];
875 }
876
877 i = 0;
878 for(r1 = 0; i < 24; i++) {
879 if(__block[initial_perm[esel[i]-1+32]-1])
880 r1 |= BITMASK[i];
881 }
882 for(r2 = 0; i < 48; i++) {
883 if(__block[initial_perm[esel[i]-1+32]-1])
884 r2 |= BITMASK[i-24];
885 }
886
887 /*
888 * Do DES inner loops + final conversion
889 */
890 res[0] = l1; res[1] = l2;
891 res[2] = r1; res[3] = r2;
892 _ufc_doit_r((ufc_long)1, __data, &res[0]);
893
894 /*
895 * Do final permutations
896 */
897 _ufc_dofinalperm_r(res, __data);
898
899 /*
900 * And convert to bit array
901 */
902 l1 = res[0]; r1 = res[1];
903 for(i = 0; i < 32; i++) {
904 *__block++ = (l1 & longmask[i]) != 0;
905 }
906 for(i = 0; i < 32; i++) {
907 *__block++ = (r1 & longmask[i]) != 0;
908 }
909}
910weak_alias (__encrypt_r, encrypt_r)
911
912void
913encrypt(__block, __edflag)
914 char *__block;
915 int __edflag;
916{
917 __encrypt_r(__block, __edflag, &_ufc_foobar);
918}
919
920
921/*
922 * UNIX setkey function. Take a 64 bit DES
923 * key and setup the machinery.
924 */
925
926void
927__setkey_r(__key, __data)
a784e502 928 const char *__key;
63f791d3
GK		 929 struct crypt_data * __restrict __data;
930{
931 int i,j;
932 unsigned char c;
933 unsigned char ktab[8];
934
935 _ufc_setup_salt_r("..", __data); /* be sure we're initialized */
936
937 for(i = 0; i < 8; i++) {
938 for(j = 0, c = 0; j < 8; j++)
939 c = c << 1 | *__key++;
940 ktab[i] = c >> 1;
941 }
9cfe5381 942 _ufc_mk_keytab_r((char *) ktab, __data);
63f791d3
GK		 943}
944weak_alias (__setkey_r, setkey_r)
945
946void
947setkey(__key)
a784e502 948 const char *__key;
63f791d3
GK		 949{
950 __setkey_r(__key, &_ufc_foobar);
951}
8747cd03
KS		 952
953void
954__b64_from_24bit (char **cp, int *buflen,
955 unsigned int b2, unsigned int b1, unsigned int b0,
956 int n)
957{
958 unsigned int w = (b2 << 16) | (b1 << 8) | b0;
959 while (n-- > 0 && (*buflen) > 0)
960 {
961 *(*cp)++ = b64t[w & 0x3f];
962 --(*buflen);
963 w >>= 6;
964 }
965}
A mirror of the official glibc repository