]>
Commit | Line | Data |
---|---|---|
63f791d3 GK |
1 | /* |
2 | * UFC-crypt: ultra fast crypt(3) implementation | |
3 | * | |
b168057a | 4 | * Copyright (C) 1991-2015 Free Software Foundation, Inc. |
63f791d3 GK |
5 | * |
6 | * This library is free software; you can redistribute it and/or | |
cc7375ce | 7 | * modify it under the terms of the GNU Lesser General Public |
63f791d3 | 8 | * License as published by the Free Software Foundation; either |
cc7375ce | 9 | * version 2.1 of the License, or (at your option) any later version. |
63f791d3 GK |
10 | * |
11 | * This library is distributed in the hope that it will be useful, | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
cc7375ce | 14 | * Lesser General Public License for more details. |
63f791d3 | 15 | * |
cc7375ce | 16 | * You should have received a copy of the GNU Lesser General Public |
63f791d3 | 17 | * License along with this library; see the file COPYING.LIB. If not, |
59ba27a6 | 18 | * see <http://www.gnu.org/licenses/>. |
63f791d3 GK |
19 | * |
20 | * @(#)crypt_util.c 2.56 12/20/96 | |
21 | * | |
22 | * Support routines | |
23 | * | |
24 | */ | |
25 | ||
26 | #ifdef DEBUG | |
27 | #include <stdio.h> | |
28 | #endif | |
3fedf0fe | 29 | #include <atomic.h> |
63f791d3 GK |
30 | #include <string.h> |
31 | ||
32 | #ifndef STATIC | |
33 | #define STATIC static | |
34 | #endif | |
35 | ||
63f791d3 GK |
36 | #include "crypt-private.h" |
37 | ||
38 | /* Prototypes for local functions. */ | |
63f791d3 GK |
39 | #ifndef __GNU_LIBRARY__ |
40 | void _ufc_clearmem (char *start, int cnt); | |
41 | void _ufc_copymem (char *from, char *to, int cnt); | |
42 | #endif | |
43 | #ifdef _UFC_32_ | |
44 | STATIC void shuffle_sb (long32 *k, ufc_long saltbits); | |
45 | #else | |
46 | STATIC void shuffle_sb (long64 *k, ufc_long saltbits); | |
47 | #endif | |
63f791d3 GK |
48 | |
49 | ||
63f791d3 GK |
50 | /* |
51 | * Permutation done once on the 56 bit | |
52 | * key derived from the original 8 byte ASCII key. | |
53 | */ | |
54 | static const int pc1[56] = { | |
55 | 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18, | |
56 | 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36, | |
57 | 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22, | |
58 | 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4 | |
59 | }; | |
60 | ||
61 | /* | |
62 | * How much to rotate each 28 bit half of the pc1 permutated | |
63 | * 56 bit key before using pc2 to give the i' key | |
64 | */ | |
65 | static const int rots[16] = { | |
66 | 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1 | |
67 | }; | |
68 | ||
69 | /* | |
70 | * Permutation giving the key | |
71 | * of the i' DES round | |
72 | */ | |
73 | static const int pc2[48] = { | |
74 | 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10, | |
75 | 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2, | |
76 | 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48, | |
77 | 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32 | |
78 | }; | |
79 | ||
80 | /* | |
81 | * The E expansion table which selects | |
82 | * bits from the 32 bit intermediate result. | |
83 | */ | |
84 | static const int esel[48] = { | |
85 | 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9, | |
86 | 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17, | |
87 | 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25, | |
88 | 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1 | |
89 | }; | |
90 | ||
91 | /* | |
92 | * Permutation done on the | |
93 | * result of sbox lookups | |
94 | */ | |
95 | static const int perm32[32] = { | |
96 | 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10, | |
97 | 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25 | |
98 | }; | |
99 | ||
100 | /* | |
101 | * The sboxes | |
102 | */ | |
103 | static const int sbox[8][4][16]= { | |
647450cf UD |
104 | { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 }, |
105 | { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 }, | |
106 | { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 }, | |
107 | { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 } | |
108 | }, | |
109 | ||
110 | { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 }, | |
111 | { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 }, | |
112 | { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 }, | |
113 | { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 } | |
114 | }, | |
115 | ||
116 | { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 }, | |
117 | { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 }, | |
118 | { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 }, | |
119 | { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 } | |
120 | }, | |
121 | ||
122 | { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 }, | |
123 | { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 }, | |
124 | { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 }, | |
125 | { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 } | |
126 | }, | |
127 | ||
128 | { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 }, | |
129 | { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 }, | |
130 | { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 }, | |
131 | { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 } | |
132 | }, | |
133 | ||
134 | { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 }, | |
135 | { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 }, | |
136 | { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 }, | |
137 | { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 } | |
138 | }, | |
139 | ||
140 | { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 }, | |
141 | { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 }, | |
142 | { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 }, | |
143 | { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 } | |
144 | }, | |
145 | ||
146 | { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 }, | |
147 | { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 }, | |
148 | { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 }, | |
149 | { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 } | |
150 | } | |
63f791d3 GK |
151 | }; |
152 | ||
153 | /* | |
154 | * This is the initial | |
155 | * permutation matrix | |
156 | */ | |
157 | static const int initial_perm[64] = { | |
158 | 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4, | |
159 | 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8, | |
160 | 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3, | |
161 | 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7 | |
162 | }; | |
163 | ||
164 | /* | |
165 | * This is the final | |
166 | * permutation matrix | |
167 | */ | |
168 | static const int final_perm[64] = { | |
169 | 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31, | |
170 | 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29, | |
171 | 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27, | |
172 | 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25 | |
173 | }; | |
174 | ||
175 | #define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.') | |
176 | #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.') | |
177 | ||
178 | static const ufc_long BITMASK[24] = { | |
179 | 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000, | |
180 | 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000, | |
181 | 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200, | |
182 | 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008 | |
183 | }; | |
184 | ||
185 | static const unsigned char bytemask[8] = { | |
186 | 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 | |
187 | }; | |
188 | ||
189 | static const ufc_long longmask[32] = { | |
190 | 0x80000000, 0x40000000, 0x20000000, 0x10000000, | |
191 | 0x08000000, 0x04000000, 0x02000000, 0x01000000, | |
192 | 0x00800000, 0x00400000, 0x00200000, 0x00100000, | |
193 | 0x00080000, 0x00040000, 0x00020000, 0x00010000, | |
194 | 0x00008000, 0x00004000, 0x00002000, 0x00001000, | |
195 | 0x00000800, 0x00000400, 0x00000200, 0x00000100, | |
196 | 0x00000080, 0x00000040, 0x00000020, 0x00000010, | |
197 | 0x00000008, 0x00000004, 0x00000002, 0x00000001 | |
198 | }; | |
199 | ||
200 | /* | |
201 | * do_pc1: permform pc1 permutation in the key schedule generation. | |
202 | * | |
203 | * The first index is the byte number in the 8 byte ASCII key | |
204 | * - second - - the two 28 bits halfs of the result | |
205 | * - third - selects the 7 bits actually used of each byte | |
206 | * | |
207 | * The result is kept with 28 bit per 32 bit with the 4 most significant | |
208 | * bits zero. | |
209 | */ | |
210 | static ufc_long do_pc1[8][2][128]; | |
211 | ||
212 | /* | |
213 | * do_pc2: permform pc2 permutation in the key schedule generation. | |
214 | * | |
215 | * The first index is the septet number in the two 28 bit intermediate values | |
216 | * - second - - - septet values | |
217 | * | |
218 | * Knowledge of the structure of the pc2 permutation is used. | |
219 | * | |
220 | * The result is kept with 28 bit per 32 bit with the 4 most significant | |
221 | * bits zero. | |
222 | */ | |
223 | static ufc_long do_pc2[8][128]; | |
224 | ||
225 | /* | |
226 | * eperm32tab: do 32 bit permutation and E selection | |
227 | * | |
228 | * The first index is the byte number in the 32 bit value to be permuted | |
229 | * - second - is the value of this byte | |
230 | * - third - selects the two 32 bit values | |
231 | * | |
232 | * The table is used and generated internally in init_des to speed it up | |
233 | */ | |
234 | static ufc_long eperm32tab[4][256][2]; | |
235 | ||
236 | /* | |
237 | * efp: undo an extra e selection and do final | |
238 | * permutation giving the DES result. | |
239 | * | |
240 | * Invoked 6 bit a time on two 48 bit values | |
241 | * giving two 32 bit longs. | |
242 | */ | |
243 | static ufc_long efp[16][64][2]; | |
244 | ||
8747cd03 KS |
245 | /* Table with characters for base64 transformation. */ |
246 | static const char b64t[64] = | |
247 | "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; | |
248 | ||
63f791d3 GK |
249 | /* |
250 | * For use by the old, non-reentrant routines | |
251 | * (crypt/encrypt/setkey) | |
252 | */ | |
253 | struct crypt_data _ufc_foobar; | |
254 | ||
255 | #ifdef __GNU_LIBRARY__ | |
256 | #include <bits/libc-lock.h> | |
257 | ||
258 | __libc_lock_define_initialized (static, _ufc_tables_lock) | |
259 | #endif | |
260 | ||
261 | #ifdef DEBUG | |
262 | ||
263 | void | |
264 | _ufc_prbits(a, n) | |
265 | ufc_long *a; | |
266 | int n; | |
267 | { | |
268 | ufc_long i, j, t, tmp; | |
269 | n /= 8; | |
270 | for(i = 0; i < n; i++) { | |
271 | tmp=0; | |
272 | for(j = 0; j < 8; j++) { | |
273 | t=8*i+j; | |
274 | tmp|=(a[t/24] & BITMASK[t % 24])?bytemask[j]:0; | |
275 | } | |
276 | (void)printf("%02x ",tmp); | |
277 | } | |
278 | printf(" "); | |
279 | } | |
280 | ||
281 | static void | |
282 | _ufc_set_bits(v, b) | |
283 | ufc_long v; | |
284 | ufc_long *b; | |
285 | { | |
286 | ufc_long i; | |
287 | *b = 0; | |
288 | for(i = 0; i < 24; i++) { | |
289 | if(v & longmask[8 + i]) | |
290 | *b |= BITMASK[i]; | |
291 | } | |
292 | } | |
293 | ||
294 | #endif | |
295 | ||
296 | #ifndef __GNU_LIBRARY__ | |
297 | /* | |
298 | * Silly rewrites of 'bzero'/'memset'. I do so | |
299 | * because some machines don't have | |
300 | * bzero and some don't have memset. | |
301 | */ | |
302 | ||
303 | void | |
304 | _ufc_clearmem(start, cnt) | |
305 | char *start; | |
306 | int cnt; | |
307 | { | |
308 | while(cnt--) | |
309 | *start++ = '\0'; | |
310 | } | |
311 | ||
312 | void | |
313 | _ufc_copymem(from, to, cnt) | |
314 | char *from, *to; | |
315 | int cnt; | |
316 | { | |
317 | while(cnt--) | |
318 | *to++ = *from++; | |
319 | } | |
320 | #else | |
321 | #define _ufc_clearmem(start, cnt) memset(start, 0, cnt) | |
322 | #define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt) | |
323 | #endif | |
324 | ||
325 | /* lookup a 6 bit value in sbox */ | |
326 | ||
327 | #define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf]; | |
328 | ||
329 | /* | |
330 | * Initialize unit - may be invoked directly | |
331 | * by fcrypt users. | |
332 | */ | |
333 | ||
334 | void | |
335 | __init_des_r(__data) | |
336 | struct crypt_data * __restrict __data; | |
337 | { | |
338 | int comes_from_bit; | |
339 | int bit, sg; | |
340 | ufc_long j; | |
341 | ufc_long mask1, mask2; | |
342 | int e_inverse[64]; | |
343 | static volatile int small_tables_initialized = 0; | |
344 | ||
345 | #ifdef _UFC_32_ | |
346 | long32 *sb[4]; | |
347 | sb[0] = (long32*)__data->sb0; sb[1] = (long32*)__data->sb1; | |
348 | sb[2] = (long32*)__data->sb2; sb[3] = (long32*)__data->sb3; | |
349 | #endif | |
350 | #ifdef _UFC_64_ | |
351 | long64 *sb[4]; | |
352 | sb[0] = (long64*)__data->sb0; sb[1] = (long64*)__data->sb1; | |
353 | sb[2] = (long64*)__data->sb2; sb[3] = (long64*)__data->sb3; | |
354 | #endif | |
355 | ||
356 | if(small_tables_initialized == 0) { | |
357 | #ifdef __GNU_LIBRARY__ | |
358 | __libc_lock_lock (_ufc_tables_lock); | |
359 | if(small_tables_initialized) | |
360 | goto small_tables_done; | |
361 | #endif | |
362 | ||
363 | /* | |
364 | * Create the do_pc1 table used | |
365 | * to affect pc1 permutation | |
366 | * when generating keys | |
367 | */ | |
368 | _ufc_clearmem((char*)do_pc1, (int)sizeof(do_pc1)); | |
369 | for(bit = 0; bit < 56; bit++) { | |
370 | comes_from_bit = pc1[bit] - 1; | |
371 | mask1 = bytemask[comes_from_bit % 8 + 1]; | |
372 | mask2 = longmask[bit % 28 + 4]; | |
373 | for(j = 0; j < 128; j++) { | |
374 | if(j & mask1) | |
375 | do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2; | |
376 | } | |
377 | } | |
378 | ||
379 | /* | |
380 | * Create the do_pc2 table used | |
381 | * to affect pc2 permutation when | |
382 | * generating keys | |
383 | */ | |
384 | _ufc_clearmem((char*)do_pc2, (int)sizeof(do_pc2)); | |
385 | for(bit = 0; bit < 48; bit++) { | |
386 | comes_from_bit = pc2[bit] - 1; | |
387 | mask1 = bytemask[comes_from_bit % 7 + 1]; | |
388 | mask2 = BITMASK[bit % 24]; | |
389 | for(j = 0; j < 128; j++) { | |
390 | if(j & mask1) | |
391 | do_pc2[comes_from_bit / 7][j] |= mask2; | |
392 | } | |
393 | } | |
394 | ||
395 | /* | |
396 | * Now generate the table used to do combined | |
397 | * 32 bit permutation and e expansion | |
398 | * | |
399 | * We use it because we have to permute 16384 32 bit | |
400 | * longs into 48 bit in order to initialize sb. | |
401 | * | |
402 | * Looping 48 rounds per permutation becomes | |
403 | * just too slow... | |
404 | * | |
405 | */ | |
406 | ||
407 | _ufc_clearmem((char*)eperm32tab, (int)sizeof(eperm32tab)); | |
408 | for(bit = 0; bit < 48; bit++) { | |
409 | ufc_long mask1,comes_from; | |
410 | comes_from = perm32[esel[bit]-1]-1; | |
411 | mask1 = bytemask[comes_from % 8]; | |
412 | for(j = 256; j--;) { | |
413 | if(j & mask1) | |
414 | eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK[bit % 24]; | |
415 | } | |
416 | } | |
417 | ||
418 | /* | |
419 | * Create an inverse matrix for esel telling | |
420 | * where to plug out bits if undoing it | |
421 | */ | |
422 | for(bit=48; bit--;) { | |
423 | e_inverse[esel[bit] - 1 ] = bit; | |
424 | e_inverse[esel[bit] - 1 + 32] = bit + 48; | |
425 | } | |
426 | ||
427 | /* | |
428 | * create efp: the matrix used to | |
429 | * undo the E expansion and effect final permutation | |
430 | */ | |
431 | _ufc_clearmem((char*)efp, (int)sizeof efp); | |
432 | for(bit = 0; bit < 64; bit++) { | |
433 | int o_bit, o_long; | |
434 | ufc_long word_value, mask1, mask2; | |
435 | int comes_from_f_bit, comes_from_e_bit; | |
436 | int comes_from_word, bit_within_word; | |
437 | ||
438 | /* See where bit i belongs in the two 32 bit long's */ | |
439 | o_long = bit / 32; /* 0..1 */ | |
440 | o_bit = bit % 32; /* 0..31 */ | |
441 | ||
442 | /* | |
443 | * And find a bit in the e permutated value setting this bit. | |
444 | * | |
445 | * Note: the e selection may have selected the same bit several | |
446 | * times. By the initialization of e_inverse, we only look | |
447 | * for one specific instance. | |
448 | */ | |
449 | comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */ | |
450 | comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */ | |
451 | comes_from_word = comes_from_e_bit / 6; /* 0..15 */ | |
452 | bit_within_word = comes_from_e_bit % 6; /* 0..5 */ | |
453 | ||
454 | mask1 = longmask[bit_within_word + 26]; | |
455 | mask2 = longmask[o_bit]; | |
456 | ||
457 | for(word_value = 64; word_value--;) { | |
458 | if(word_value & mask1) | |
459 | efp[comes_from_word][word_value][o_long] |= mask2; | |
460 | } | |
461 | } | |
647450cf | 462 | atomic_write_barrier (); |
63f791d3 GK |
463 | small_tables_initialized = 1; |
464 | #ifdef __GNU_LIBRARY__ | |
465 | small_tables_done: | |
466 | __libc_lock_unlock(_ufc_tables_lock); | |
467 | #endif | |
90f139dd UD |
468 | } else |
469 | atomic_read_barrier (); | |
63f791d3 GK |
470 | |
471 | /* | |
472 | * Create the sb tables: | |
473 | * | |
474 | * For each 12 bit segment of an 48 bit intermediate | |
475 | * result, the sb table precomputes the two 4 bit | |
476 | * values of the sbox lookups done with the two 6 | |
477 | * bit halves, shifts them to their proper place, | |
478 | * sends them through perm32 and finally E expands | |
479 | * them so that they are ready for the next | |
480 | * DES round. | |
481 | * | |
482 | */ | |
483 | ||
8e2045f5 UD |
484 | if (__data->sb0 + sizeof (__data->sb0) == __data->sb1 |
485 | && __data->sb1 + sizeof (__data->sb1) == __data->sb2 | |
486 | && __data->sb2 + sizeof (__data->sb2) == __data->sb3) | |
487 | _ufc_clearmem(__data->sb0, | |
488 | (int)sizeof(__data->sb0) | |
489 | + (int)sizeof(__data->sb1) | |
490 | + (int)sizeof(__data->sb2) | |
491 | + (int)sizeof(__data->sb3)); | |
492 | else { | |
493 | _ufc_clearmem(__data->sb0, (int)sizeof(__data->sb0)); | |
494 | _ufc_clearmem(__data->sb1, (int)sizeof(__data->sb1)); | |
495 | _ufc_clearmem(__data->sb2, (int)sizeof(__data->sb2)); | |
496 | _ufc_clearmem(__data->sb3, (int)sizeof(__data->sb3)); | |
497 | } | |
63f791d3 GK |
498 | |
499 | for(sg = 0; sg < 4; sg++) { | |
500 | int j1, j2; | |
501 | int s1, s2; | |
502 | ||
503 | for(j1 = 0; j1 < 64; j1++) { | |
504 | s1 = s_lookup(2 * sg, j1); | |
505 | for(j2 = 0; j2 < 64; j2++) { | |
506 | ufc_long to_permute, inx; | |
507 | ||
508 | s2 = s_lookup(2 * sg + 1, j2); | |
509 | to_permute = (((ufc_long)s1 << 4) | | |
510 | (ufc_long)s2) << (24 - 8 * (ufc_long)sg); | |
511 | ||
512 | #ifdef _UFC_32_ | |
513 | inx = ((j1 << 6) | j2) << 1; | |
514 | sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0]; | |
515 | sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1]; | |
516 | sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0]; | |
517 | sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1]; | |
518 | sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0]; | |
519 | sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1]; | |
520 | sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0]; | |
521 | sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1]; | |
522 | #endif | |
523 | #ifdef _UFC_64_ | |
524 | inx = ((j1 << 6) | j2); | |
525 | sb[sg][inx] = | |
526 | ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) | | |
527 | (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1]; | |
528 | sb[sg][inx] |= | |
529 | ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) | | |
530 | (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1]; | |
531 | sb[sg][inx] |= | |
532 | ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) | | |
533 | (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1]; | |
534 | sb[sg][inx] |= | |
535 | ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) | | |
536 | (long64)eperm32tab[3][(to_permute) & 0xff][1]; | |
537 | #endif | |
538 | } | |
539 | } | |
540 | } | |
541 | ||
05dab910 RM |
542 | __data->current_saltbits = 0; |
543 | __data->current_salt[0] = 0; | |
544 | __data->current_salt[1] = 0; | |
63f791d3 GK |
545 | __data->initialized++; |
546 | } | |
547 | ||
548 | void | |
60d2f8f3 | 549 | __init_des (void) |
63f791d3 GK |
550 | { |
551 | __init_des_r(&_ufc_foobar); | |
552 | } | |
553 | ||
554 | /* | |
555 | * Process the elements of the sb table permuting the | |
556 | * bits swapped in the expansion by the current salt. | |
557 | */ | |
558 | ||
559 | #ifdef _UFC_32_ | |
560 | STATIC void | |
561 | shuffle_sb(k, saltbits) | |
562 | long32 *k; | |
563 | ufc_long saltbits; | |
564 | { | |
565 | ufc_long j; | |
566 | long32 x; | |
567 | for(j=4096; j--;) { | |
568 | x = (k[0] ^ k[1]) & (long32)saltbits; | |
569 | *k++ ^= x; | |
570 | *k++ ^= x; | |
571 | } | |
572 | } | |
573 | #endif | |
574 | ||
575 | #ifdef _UFC_64_ | |
576 | STATIC void | |
577 | shuffle_sb(k, saltbits) | |
578 | long64 *k; | |
579 | ufc_long saltbits; | |
580 | { | |
581 | ufc_long j; | |
582 | long64 x; | |
583 | for(j=4096; j--;) { | |
584 | x = ((*k >> 32) ^ *k) & (long64)saltbits; | |
585 | *k++ ^= (x << 32) | x; | |
586 | } | |
587 | } | |
588 | #endif | |
589 | ||
4ba74a35 AO |
590 | /* |
591 | * Return false iff C is in the specified alphabet for crypt salt. | |
592 | */ | |
593 | ||
594 | static bool | |
595 | bad_for_salt (char c) | |
596 | { | |
597 | switch (c) | |
598 | { | |
599 | case '0' ... '9': | |
600 | case 'A' ... 'Z': | |
601 | case 'a' ... 'z': | |
602 | case '.': case '/': | |
603 | return false; | |
604 | ||
605 | default: | |
606 | return true; | |
607 | } | |
608 | } | |
609 | ||
63f791d3 GK |
610 | /* |
611 | * Setup the unit for a new salt | |
612 | * Hopefully we'll not see a new salt in each crypt call. | |
4ba74a35 | 613 | * Return false if an unexpected character was found in s[0] or s[1]. |
63f791d3 GK |
614 | */ |
615 | ||
4ba74a35 | 616 | bool |
63f791d3 | 617 | _ufc_setup_salt_r(s, __data) |
a784e502 | 618 | const char *s; |
63f791d3 GK |
619 | struct crypt_data * __restrict __data; |
620 | { | |
621 | ufc_long i, j, saltbits; | |
4ba74a35 | 622 | char s0, s1; |
63f791d3 GK |
623 | |
624 | if(__data->initialized == 0) | |
625 | __init_des_r(__data); | |
626 | ||
4ba74a35 AO |
627 | s0 = s[0]; |
628 | if(bad_for_salt (s0)) | |
629 | return false; | |
630 | ||
631 | s1 = s[1]; | |
632 | if(bad_for_salt (s1)) | |
633 | return false; | |
634 | ||
635 | if(s0 == __data->current_salt[0] && s1 == __data->current_salt[1]) | |
636 | return true; | |
637 | ||
638 | __data->current_salt[0] = s0; | |
639 | __data->current_salt[1] = s1; | |
63f791d3 GK |
640 | |
641 | /* | |
642 | * This is the only crypt change to DES: | |
643 | * entries are swapped in the expansion table | |
644 | * according to the bits set in the salt. | |
645 | */ | |
646 | saltbits = 0; | |
647 | for(i = 0; i < 2; i++) { | |
648 | long c=ascii_to_bin(s[i]); | |
649 | for(j = 0; j < 6; j++) { | |
650 | if((c >> j) & 0x1) | |
651 | saltbits |= BITMASK[6 * i + j]; | |
652 | } | |
653 | } | |
654 | ||
655 | /* | |
656 | * Permute the sb table values | |
657 | * to reflect the changed e | |
658 | * selection table | |
659 | */ | |
660 | #ifdef _UFC_32_ | |
661 | #define LONGG long32* | |
662 | #endif | |
663 | #ifdef _UFC_64_ | |
664 | #define LONGG long64* | |
665 | #endif | |
666 | ||
667 | shuffle_sb((LONGG)__data->sb0, __data->current_saltbits ^ saltbits); | |
668 | shuffle_sb((LONGG)__data->sb1, __data->current_saltbits ^ saltbits); | |
669 | shuffle_sb((LONGG)__data->sb2, __data->current_saltbits ^ saltbits); | |
670 | shuffle_sb((LONGG)__data->sb3, __data->current_saltbits ^ saltbits); | |
671 | ||
672 | __data->current_saltbits = saltbits; | |
4ba74a35 AO |
673 | |
674 | return true; | |
63f791d3 GK |
675 | } |
676 | ||
677 | void | |
678 | _ufc_mk_keytab_r(key, __data) | |
679 | const char *key; | |
680 | struct crypt_data * __restrict __data; | |
681 | { | |
682 | ufc_long v1, v2, *k1; | |
683 | int i; | |
684 | #ifdef _UFC_32_ | |
685 | long32 v, *k2; | |
686 | k2 = (long32*)__data->keysched; | |
687 | #endif | |
688 | #ifdef _UFC_64_ | |
689 | long64 v, *k2; | |
690 | k2 = (long64*)__data->keysched; | |
691 | #endif | |
692 | ||
693 | v1 = v2 = 0; k1 = &do_pc1[0][0][0]; | |
694 | for(i = 8; i--;) { | |
695 | v1 |= k1[*key & 0x7f]; k1 += 128; | |
696 | v2 |= k1[*key++ & 0x7f]; k1 += 128; | |
697 | } | |
698 | ||
699 | for(i = 0; i < 16; i++) { | |
700 | k1 = &do_pc2[0][0]; | |
701 | ||
702 | v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i])); | |
703 | v = k1[(v1 >> 21) & 0x7f]; k1 += 128; | |
704 | v |= k1[(v1 >> 14) & 0x7f]; k1 += 128; | |
705 | v |= k1[(v1 >> 7) & 0x7f]; k1 += 128; | |
706 | v |= k1[(v1 ) & 0x7f]; k1 += 128; | |
707 | ||
708 | #ifdef _UFC_32_ | |
709 | *k2++ = (v | 0x00008000); | |
710 | v = 0; | |
711 | #endif | |
712 | #ifdef _UFC_64_ | |
713 | v = (v << 32); | |
714 | #endif | |
715 | ||
716 | v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i])); | |
717 | v |= k1[(v2 >> 21) & 0x7f]; k1 += 128; | |
718 | v |= k1[(v2 >> 14) & 0x7f]; k1 += 128; | |
719 | v |= k1[(v2 >> 7) & 0x7f]; k1 += 128; | |
720 | v |= k1[(v2 ) & 0x7f]; | |
721 | ||
722 | #ifdef _UFC_32_ | |
723 | *k2++ = (v | 0x00008000); | |
724 | #endif | |
725 | #ifdef _UFC_64_ | |
726 | *k2++ = v | 0x0000800000008000l; | |
727 | #endif | |
728 | } | |
729 | ||
730 | __data->direction = 0; | |
731 | } | |
732 | ||
733 | /* | |
734 | * Undo an extra E selection and do final permutations | |
735 | */ | |
736 | ||
737 | void | |
738 | _ufc_dofinalperm_r(res, __data) | |
739 | ufc_long *res; | |
740 | struct crypt_data * __restrict __data; | |
741 | { | |
742 | ufc_long v1, v2, x; | |
743 | ufc_long l1,l2,r1,r2; | |
744 | ||
745 | l1 = res[0]; l2 = res[1]; | |
746 | r1 = res[2]; r2 = res[3]; | |
747 | ||
748 | x = (l1 ^ l2) & __data->current_saltbits; l1 ^= x; l2 ^= x; | |
749 | x = (r1 ^ r2) & __data->current_saltbits; r1 ^= x; r2 ^= x; | |
750 | ||
751 | v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3; | |
752 | ||
753 | v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1]; | |
754 | v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1]; | |
755 | v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1]; | |
756 | v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1]; | |
757 | ||
758 | v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1]; | |
759 | v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1]; | |
760 | v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1]; | |
761 | v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1]; | |
762 | ||
763 | v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1]; | |
764 | v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1]; | |
765 | v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1]; | |
766 | v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1]; | |
767 | ||
768 | v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1]; | |
769 | v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1]; | |
770 | v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1]; | |
771 | v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1]; | |
772 | ||
773 | res[0] = v1; res[1] = v2; | |
774 | } | |
775 | ||
776 | /* | |
777 | * crypt only: convert from 64 bit to 11 bit ASCII | |
778 | * prefixing with the salt | |
779 | */ | |
780 | ||
781 | void | |
782 | _ufc_output_conversion_r(v1, v2, salt, __data) | |
783 | ufc_long v1, v2; | |
a784e502 | 784 | const char *salt; |
63f791d3 GK |
785 | struct crypt_data * __restrict __data; |
786 | { | |
787 | int i, s, shf; | |
788 | ||
789 | __data->crypt_3_buf[0] = salt[0]; | |
790 | __data->crypt_3_buf[1] = salt[1] ? salt[1] : salt[0]; | |
791 | ||
792 | for(i = 0; i < 5; i++) { | |
793 | shf = (26 - 6 * i); /* to cope with MSC compiler bug */ | |
794 | __data->crypt_3_buf[i + 2] = bin_to_ascii((v1 >> shf) & 0x3f); | |
795 | } | |
796 | ||
797 | s = (v2 & 0xf) << 2; | |
798 | v2 = (v2 >> 2) | ((v1 & 0x3) << 30); | |
799 | ||
800 | for(i = 5; i < 10; i++) { | |
801 | shf = (56 - 6 * i); | |
802 | __data->crypt_3_buf[i + 2] = bin_to_ascii((v2 >> shf) & 0x3f); | |
803 | } | |
804 | ||
805 | __data->crypt_3_buf[12] = bin_to_ascii(s); | |
806 | __data->crypt_3_buf[13] = 0; | |
807 | } | |
808 | ||
809 | ||
810 | /* | |
811 | * UNIX encrypt function. Takes a bitvector | |
812 | * represented by one byte per bit and | |
813 | * encrypt/decrypt according to edflag | |
814 | */ | |
815 | ||
816 | void | |
817 | __encrypt_r(__block, __edflag, __data) | |
818 | char *__block; | |
819 | int __edflag; | |
820 | struct crypt_data * __restrict __data; | |
821 | { | |
822 | ufc_long l1, l2, r1, r2, res[4]; | |
823 | int i; | |
824 | #ifdef _UFC_32_ | |
825 | long32 *kt; | |
826 | kt = (long32*)__data->keysched; | |
827 | #endif | |
828 | #ifdef _UFC_64_ | |
829 | long64 *kt; | |
830 | kt = (long64*)__data->keysched; | |
831 | #endif | |
832 | ||
833 | /* | |
834 | * Undo any salt changes to E expansion | |
835 | */ | |
836 | _ufc_setup_salt_r("..", __data); | |
837 | ||
838 | /* | |
839 | * Reverse key table if | |
840 | * changing operation (encrypt/decrypt) | |
841 | */ | |
842 | if((__edflag == 0) != (__data->direction == 0)) { | |
843 | for(i = 0; i < 8; i++) { | |
844 | #ifdef _UFC_32_ | |
845 | long32 x; | |
846 | x = kt[2 * (15-i)]; | |
847 | kt[2 * (15-i)] = kt[2 * i]; | |
848 | kt[2 * i] = x; | |
849 | ||
850 | x = kt[2 * (15-i) + 1]; | |
851 | kt[2 * (15-i) + 1] = kt[2 * i + 1]; | |
852 | kt[2 * i + 1] = x; | |
853 | #endif | |
854 | #ifdef _UFC_64_ | |
855 | long64 x; | |
856 | x = kt[15-i]; | |
857 | kt[15-i] = kt[i]; | |
858 | kt[i] = x; | |
859 | #endif | |
860 | } | |
861 | __data->direction = __edflag; | |
862 | } | |
863 | ||
864 | /* | |
865 | * Do initial permutation + E expansion | |
866 | */ | |
867 | i = 0; | |
868 | for(l1 = 0; i < 24; i++) { | |
869 | if(__block[initial_perm[esel[i]-1]-1]) | |
870 | l1 |= BITMASK[i]; | |
871 | } | |
872 | for(l2 = 0; i < 48; i++) { | |
873 | if(__block[initial_perm[esel[i]-1]-1]) | |
874 | l2 |= BITMASK[i-24]; | |
875 | } | |
876 | ||
877 | i = 0; | |
878 | for(r1 = 0; i < 24; i++) { | |
879 | if(__block[initial_perm[esel[i]-1+32]-1]) | |
880 | r1 |= BITMASK[i]; | |
881 | } | |
882 | for(r2 = 0; i < 48; i++) { | |
883 | if(__block[initial_perm[esel[i]-1+32]-1]) | |
884 | r2 |= BITMASK[i-24]; | |
885 | } | |
886 | ||
887 | /* | |
888 | * Do DES inner loops + final conversion | |
889 | */ | |
890 | res[0] = l1; res[1] = l2; | |
891 | res[2] = r1; res[3] = r2; | |
892 | _ufc_doit_r((ufc_long)1, __data, &res[0]); | |
893 | ||
894 | /* | |
895 | * Do final permutations | |
896 | */ | |
897 | _ufc_dofinalperm_r(res, __data); | |
898 | ||
899 | /* | |
900 | * And convert to bit array | |
901 | */ | |
902 | l1 = res[0]; r1 = res[1]; | |
903 | for(i = 0; i < 32; i++) { | |
904 | *__block++ = (l1 & longmask[i]) != 0; | |
905 | } | |
906 | for(i = 0; i < 32; i++) { | |
907 | *__block++ = (r1 & longmask[i]) != 0; | |
908 | } | |
909 | } | |
910 | weak_alias (__encrypt_r, encrypt_r) | |
911 | ||
912 | void | |
913 | encrypt(__block, __edflag) | |
914 | char *__block; | |
915 | int __edflag; | |
916 | { | |
917 | __encrypt_r(__block, __edflag, &_ufc_foobar); | |
918 | } | |
919 | ||
920 | ||
921 | /* | |
922 | * UNIX setkey function. Take a 64 bit DES | |
923 | * key and setup the machinery. | |
924 | */ | |
925 | ||
926 | void | |
927 | __setkey_r(__key, __data) | |
a784e502 | 928 | const char *__key; |
63f791d3 GK |
929 | struct crypt_data * __restrict __data; |
930 | { | |
931 | int i,j; | |
932 | unsigned char c; | |
933 | unsigned char ktab[8]; | |
934 | ||
935 | _ufc_setup_salt_r("..", __data); /* be sure we're initialized */ | |
936 | ||
937 | for(i = 0; i < 8; i++) { | |
938 | for(j = 0, c = 0; j < 8; j++) | |
939 | c = c << 1 | *__key++; | |
940 | ktab[i] = c >> 1; | |
941 | } | |
9cfe5381 | 942 | _ufc_mk_keytab_r((char *) ktab, __data); |
63f791d3 GK |
943 | } |
944 | weak_alias (__setkey_r, setkey_r) | |
945 | ||
946 | void | |
947 | setkey(__key) | |
a784e502 | 948 | const char *__key; |
63f791d3 GK |
949 | { |
950 | __setkey_r(__key, &_ufc_foobar); | |
951 | } | |
8747cd03 KS |
952 | |
953 | void | |
954 | __b64_from_24bit (char **cp, int *buflen, | |
955 | unsigned int b2, unsigned int b1, unsigned int b0, | |
956 | int n) | |
957 | { | |
958 | unsigned int w = (b2 << 16) | (b1 << 8) | b0; | |
959 | while (n-- > 0 && (*buflen) > 0) | |
960 | { | |
961 | *(*cp)++ = b64t[w & 0x3f]; | |
962 | --(*buflen); | |
963 | w >>= 6; | |
964 | } | |
965 | } |