Rogue 3.6 reconstruction from http://rogue.rogueforge.net/rogue36/.
[rogue-pphs.git] / xcrypt.c
1 /*
2 * FreeSec: libcrypt
3 *
4 * Copyright (C) 1994 David Burren
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * 3. Neither the name(s) of the author(s) nor the names of other contributors
16 * may be used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTORS BE LIABLE
23 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGE.
30 *
31 *
32 * This is an original implementation of the DES and the crypt(3) interfaces
33 * by David Burren <davidb@werj.com.au>.
34 *
35 * An excellent reference on the underlying algorithm (and related
36 * algorithms) is:
37 *
38 * B. Schneier, Applied Cryptography: protocols, algorithms,
39 * and source code in C, John Wiley & Sons, 1994.
40 *
41 * Note that in that book's description of DES the lookups for the initial,
42 * pbox, and final permutations are inverted (this has been brought to the
43 * attention of the author). A list of errata for this book has been
44 * posted to the sci.crypt newsgroup by the author and is available for FTP.
45 *
46 * NOTE:
47 * This file has a static version of des_setkey() so that crypt.o exports
48 * only the crypt() interface. This is required to make binaries linked
49 * against crypt.o exportable or re-exportable from the USA.
50 */
51
52 #include <sys/types.h>
53 #include <string.h>
54
55 extern unsigned long int md_ntohl(unsigned long int x);
56 extern unsigned long int md_htonl(unsigned long int x);
57
58 #define _PASSWORD_EFMT1 '_'
59
60 static unsigned char IP[64] = {
61 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
62 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
63 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
64 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
65 };
66
67 static unsigned char inv_key_perm[64];
68 static unsigned char key_perm[56] = {
69 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
70 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
71 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
72 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
73 };
74
75 static unsigned char key_shifts[16] = {
76 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
77 };
78
79 static unsigned char inv_comp_perm[56];
80 static unsigned char comp_perm[48] = {
81 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
82 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
83 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
84 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
85 };
86
87 /*
88 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
89 */
90
91 static unsigned char u_sbox[8][64];
92 static unsigned char sbox[8][64] = {
93 {
94 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
95 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
96 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
97 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
98 },
99 {
100 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
101 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
102 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
103 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
104 },
105 {
106 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
107 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
108 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
109 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
110 },
111 {
112 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
113 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
114 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
115 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
116 },
117 {
118 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
119 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
120 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
121 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
122 },
123 {
124 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
125 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
126 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
127 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
128 },
129 {
130 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
131 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
132 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
133 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
134 },
135 {
136 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
137 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
138 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
139 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
140 }
141 };
142
143 static unsigned char un_pbox[32];
144 static unsigned char pbox[32] = {
145 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
146 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
147 };
148
149 static unsigned int bits32[32] =
150 {
151 0x80000000, 0x40000000, 0x20000000, 0x10000000,
152 0x08000000, 0x04000000, 0x02000000, 0x01000000,
153 0x00800000, 0x00400000, 0x00200000, 0x00100000,
154 0x00080000, 0x00040000, 0x00020000, 0x00010000,
155 0x00008000, 0x00004000, 0x00002000, 0x00001000,
156 0x00000800, 0x00000400, 0x00000200, 0x00000100,
157 0x00000080, 0x00000040, 0x00000020, 0x00000010,
158 0x00000008, 0x00000004, 0x00000002, 0x00000001
159 };
160
161 static unsigned char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
162
163 static unsigned int saltbits;
164 static int old_salt;
165 static unsigned int *bits28, *bits24;
166 static unsigned char init_perm[64], final_perm[64];
167 static unsigned int en_keysl[16], en_keysr[16];
168 static unsigned int de_keysl[16], de_keysr[16];
169 static int des_initialised = 0;
170 static unsigned char m_sbox[4][4096];
171 static unsigned int psbox[4][256];
172 static unsigned int ip_maskl[8][256], ip_maskr[8][256];
173 static unsigned int fp_maskl[8][256], fp_maskr[8][256];
174 static unsigned int key_perm_maskl[8][128], key_perm_maskr[8][128];
175 static unsigned int comp_maskl[8][128], comp_maskr[8][128];
176 static unsigned int old_rawkey0, old_rawkey1;
177
178 static unsigned char ascii64[] =
179 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
180 /* 0000000000111111111122222222223333333333444444444455555555556666 */
181 /* 0123456789012345678901234567890123456789012345678901234567890123 */
182
183 static __inline int
184 ascii_to_bin(char ch)
185 {
186 if (ch > 'z')
187 return(0);
188 if (ch >= 'a')
189 return(ch - 'a' + 38);
190 if (ch > 'Z')
191 return(0);
192 if (ch >= 'A')
193 return(ch - 'A' + 12);
194 if (ch > '9')
195 return(0);
196 if (ch >= '.')
197 return(ch - '.');
198 return(0);
199 }
200
201 static void
202 des_init()
203 {
204 int i, j, b, k, inbit, obit;
205 unsigned int *p, *il, *ir, *fl, *fr;
206
207 old_rawkey0 = old_rawkey1 = 0;
208 saltbits = 0;
209 old_salt = 0;
210 bits24 = (bits28 = bits32 + 4) + 4;
211
212 /*
213 * Invert the S-boxes, reordering the input bits.
214 */
215 for (i = 0; i < 8; i++)
216 for (j = 0; j < 64; j++) {
217 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
218 u_sbox[i][j] = sbox[i][b];
219 }
220
221 /*
222 * Convert the inverted S-boxes into 4 arrays of 8 bits.
223 * Each will handle 12 bits of the S-box input.
224 */
225 for (b = 0; b < 4; b++)
226 for (i = 0; i < 64; i++)
227 for (j = 0; j < 64; j++)
228 m_sbox[b][(i << 6) | j] =
229 (u_sbox[(b << 1)][i] << 4) |
230 u_sbox[(b << 1) + 1][j];
231
232 /*
233 * Set up the initial & final permutations into a useful form, and
234 * initialise the inverted key permutation.
235 */
236 for (i = 0; i < 64; i++) {
237 init_perm[final_perm[i] = IP[i] - 1] = i;
238 inv_key_perm[i] = 255;
239 }
240
241 /*
242 * Invert the key permutation and initialise the inverted key
243 * compression permutation.
244 */
245 for (i = 0; i < 56; i++) {
246 inv_key_perm[key_perm[i] - 1] = i;
247 inv_comp_perm[i] = 255;
248 }
249
250 /*
251 * Invert the key compression permutation.
252 */
253 for (i = 0; i < 48; i++) {
254 inv_comp_perm[comp_perm[i] - 1] = i;
255 }
256
257 /*
258 * Set up the OR-mask arrays for the initial and final permutations,
259 * and for the key initial and compression permutations.
260 */
261 for (k = 0; k < 8; k++) {
262 for (i = 0; i < 256; i++) {
263 *(il = &ip_maskl[k][i]) = 0;
264 *(ir = &ip_maskr[k][i]) = 0;
265 *(fl = &fp_maskl[k][i]) = 0;
266 *(fr = &fp_maskr[k][i]) = 0;
267 for (j = 0; j < 8; j++) {
268 inbit = 8 * k + j;
269 if (i & bits8[j]) {
270 if ((obit = init_perm[inbit]) < 32)
271 *il |= bits32[obit];
272 else
273 *ir |= bits32[obit-32];
274 if ((obit = final_perm[inbit]) < 32)
275 *fl |= bits32[obit];
276 else
277 *fr |= bits32[obit - 32];
278 }
279 }
280 }
281 for (i = 0; i < 128; i++) {
282 *(il = &key_perm_maskl[k][i]) = 0;
283 *(ir = &key_perm_maskr[k][i]) = 0;
284 for (j = 0; j < 7; j++) {
285 inbit = 8 * k + j;
286 if (i & bits8[j + 1]) {
287 if ((obit = inv_key_perm[inbit]) == 255)
288 continue;
289 if (obit < 28)
290 *il |= bits28[obit];
291 else
292 *ir |= bits28[obit - 28];
293 }
294 }
295 *(il = &comp_maskl[k][i]) = 0;
296 *(ir = &comp_maskr[k][i]) = 0;
297 for (j = 0; j < 7; j++) {
298 inbit = 7 * k + j;
299 if (i & bits8[j + 1]) {
300 if ((obit=inv_comp_perm[inbit]) == 255)
301 continue;
302 if (obit < 24)
303 *il |= bits24[obit];
304 else
305 *ir |= bits24[obit - 24];
306 }
307 }
308 }
309 }
310
311 /*
312 * Invert the P-box permutation, and convert into OR-masks for
313 * handling the output of the S-box arrays setup above.
314 */
315 for (i = 0; i < 32; i++)
316 un_pbox[pbox[i] - 1] = i;
317
318 for (b = 0; b < 4; b++)
319 for (i = 0; i < 256; i++) {
320 *(p = &psbox[b][i]) = 0;
321 for (j = 0; j < 8; j++) {
322 if (i & bits8[j])
323 *p |= bits32[un_pbox[8 * b + j]];
324 }
325 }
326
327 des_initialised = 1;
328 }
329
330 static void
331 setup_salt(int salt)
332 {
333 unsigned int obit, saltbit;
334 int i;
335
336 if (salt == old_salt)
337 return;
338 old_salt = salt;
339
340 saltbits = 0;
341 saltbit = 1;
342 obit = 0x800000;
343 for (i = 0; i < 24; i++) {
344 if (salt & saltbit)
345 saltbits |= obit;
346 saltbit <<= 1;
347 obit >>= 1;
348 }
349 }
350
351 static int
352 des_setkey(const unsigned char *key)
353 {
354 unsigned int k0, k1, rawkey0, rawkey1;
355 int shifts, round;
356
357 if (!des_initialised)
358 des_init();
359
360 rawkey0 = md_ntohl(*(unsigned int *) key);
361 rawkey1 = md_ntohl(*(unsigned int *) (key + 4));
362
363 if ((rawkey0 | rawkey1)
364 && rawkey0 == old_rawkey0
365 && rawkey1 == old_rawkey1) {
366 /*
367 * Already setup for this key.
368 * This optimisation fails on a zero key (which is weak and
369 * has bad parity anyway) in order to simplify the starting
370 * conditions.
371 */
372 return(0);
373 }
374 old_rawkey0 = rawkey0;
375 old_rawkey1 = rawkey1;
376
377 /*
378 * Do key permutation and split into two 28-bit subkeys.
379 */
380 k0 = key_perm_maskl[0][rawkey0 >> 25]
381 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
382 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
383 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
384 | key_perm_maskl[4][rawkey1 >> 25]
385 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
386 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
387 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
388 k1 = key_perm_maskr[0][rawkey0 >> 25]
389 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
390 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
391 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
392 | key_perm_maskr[4][rawkey1 >> 25]
393 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
394 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
395 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
396 /*
397 * Rotate subkeys and do compression permutation.
398 */
399 shifts = 0;
400 for (round = 0; round < 16; round++) {
401 unsigned int t0, t1;
402
403 shifts += key_shifts[round];
404
405 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
406 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
407
408 de_keysl[15 - round] =
409 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
410 | comp_maskl[1][(t0 >> 14) & 0x7f]
411 | comp_maskl[2][(t0 >> 7) & 0x7f]
412 | comp_maskl[3][t0 & 0x7f]
413 | comp_maskl[4][(t1 >> 21) & 0x7f]
414 | comp_maskl[5][(t1 >> 14) & 0x7f]
415 | comp_maskl[6][(t1 >> 7) & 0x7f]
416 | comp_maskl[7][t1 & 0x7f];
417
418 de_keysr[15 - round] =
419 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
420 | comp_maskr[1][(t0 >> 14) & 0x7f]
421 | comp_maskr[2][(t0 >> 7) & 0x7f]
422 | comp_maskr[3][t0 & 0x7f]
423 | comp_maskr[4][(t1 >> 21) & 0x7f]
424 | comp_maskr[5][(t1 >> 14) & 0x7f]
425 | comp_maskr[6][(t1 >> 7) & 0x7f]
426 | comp_maskr[7][t1 & 0x7f];
427 }
428 return(0);
429 }
430
431 static int
432 do_des(unsigned int l_in, unsigned int r_in, unsigned int *l_out,
433 unsigned int *r_out, int count)
434 {
435 /*
436 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
437 */
438 unsigned int l, r, *kl, *kr, *kl1, *kr1;
439 unsigned int f = 0, r48l, r48r;
440 int round;
441
442 if (count == 0) {
443 return(1);
444 } else if (count > 0) {
445 /*
446 * Encrypting
447 */
448 kl1 = en_keysl;
449 kr1 = en_keysr;
450 } else {
451 /*
452 * Decrypting
453 */
454 count = -count;
455 kl1 = de_keysl;
456 kr1 = de_keysr;
457 }
458
459 /*
460 * Do initial permutation (IP).
461 */
462 l = ip_maskl[0][l_in >> 24]
463 | ip_maskl[1][(l_in >> 16) & 0xff]
464 | ip_maskl[2][(l_in >> 8) & 0xff]
465 | ip_maskl[3][l_in & 0xff]
466 | ip_maskl[4][r_in >> 24]
467 | ip_maskl[5][(r_in >> 16) & 0xff]
468 | ip_maskl[6][(r_in >> 8) & 0xff]
469 | ip_maskl[7][r_in & 0xff];
470 r = ip_maskr[0][l_in >> 24]
471 | ip_maskr[1][(l_in >> 16) & 0xff]
472 | ip_maskr[2][(l_in >> 8) & 0xff]
473 | ip_maskr[3][l_in & 0xff]
474 | ip_maskr[4][r_in >> 24]
475 | ip_maskr[5][(r_in >> 16) & 0xff]
476 | ip_maskr[6][(r_in >> 8) & 0xff]
477 | ip_maskr[7][r_in & 0xff];
478
479 while (count--) {
480 /*
481 * Do each round.
482 */
483 kl = kl1;
484 kr = kr1;
485 round = 16;
486 while (round--) {
487 /*
488 * Expand R to 48 bits (simulate the E-box).
489 */
490 r48l = ((r & 0x00000001) << 23)
491 | ((r & 0xf8000000) >> 9)
492 | ((r & 0x1f800000) >> 11)
493 | ((r & 0x01f80000) >> 13)
494 | ((r & 0x001f8000) >> 15);
495
496 r48r = ((r & 0x0001f800) << 7)
497 | ((r & 0x00001f80) << 5)
498 | ((r & 0x000001f8) << 3)
499 | ((r & 0x0000001f) << 1)
500 | ((r & 0x80000000) >> 31);
501 /*
502 * Do salting for crypt() and friends, and
503 * XOR with the permuted key.
504 */
505 f = (r48l ^ r48r) & saltbits;
506 r48l ^= f ^ *kl++;
507 r48r ^= f ^ *kr++;
508 /*
509 * Do sbox lookups (which shrink it back to 32 bits)
510 * and do the pbox permutation at the same time.
511 */
512 f = psbox[0][m_sbox[0][r48l >> 12]]
513 | psbox[1][m_sbox[1][r48l & 0xfff]]
514 | psbox[2][m_sbox[2][r48r >> 12]]
515 | psbox[3][m_sbox[3][r48r & 0xfff]];
516 /*
517 * Now that we've permuted things, complete f().
518 */
519 f ^= l;
520 l = r;
521 r = f;
522 }
523 r = l;
524 l = f;
525 }
526 /*
527 * Do final permutation (inverse of IP).
528 */
529 *l_out = fp_maskl[0][l >> 24]
530 | fp_maskl[1][(l >> 16) & 0xff]
531 | fp_maskl[2][(l >> 8) & 0xff]
532 | fp_maskl[3][l & 0xff]
533 | fp_maskl[4][r >> 24]
534 | fp_maskl[5][(r >> 16) & 0xff]
535 | fp_maskl[6][(r >> 8) & 0xff]
536 | fp_maskl[7][r & 0xff];
537 *r_out = fp_maskr[0][l >> 24]
538 | fp_maskr[1][(l >> 16) & 0xff]
539 | fp_maskr[2][(l >> 8) & 0xff]
540 | fp_maskr[3][l & 0xff]
541 | fp_maskr[4][r >> 24]
542 | fp_maskr[5][(r >> 16) & 0xff]
543 | fp_maskr[6][(r >> 8) & 0xff]
544 | fp_maskr[7][r & 0xff];
545 return(0);
546 }
547
548 static int
549 des_cipher(const unsigned char *in, unsigned char *out, int salt, int count)
550 {
551 unsigned int l_out, r_out, rawl, rawr;
552 unsigned int x[2];
553 int retval;
554
555 if (!des_initialised)
556 des_init();
557
558 setup_salt(salt);
559
560 memcpy(x, in, sizeof x);
561 rawl = md_ntohl(x[0]);
562 rawr = md_ntohl(x[1]);
563 retval = do_des(rawl, rawr, &l_out, &r_out, count);
564
565 x[0] = md_htonl(l_out);
566 x[1] = md_htonl(r_out);
567 memcpy(out, x, sizeof x);
568 return(retval);
569 }
570
571 char *
572 xcrypt(const char *key, const char *setting)
573 {
574 int i;
575 unsigned int count, salt, l, r0, r1, keybuf[2];
576 unsigned char *p, *q;
577 static unsigned char output[21];
578
579 if (!des_initialised)
580 des_init();
581
582 /*
583 * Copy the key, shifting each character up by one bit
584 * and padding with zeros.
585 */
586 q = (unsigned char *) keybuf;
587 while ((q - (unsigned char *) keybuf) < sizeof(keybuf)) {
588 if ((*q++ = *key << 1))
589 key++;
590 }
591 if (des_setkey((unsigned char *) keybuf))
592 return(NULL);
593
594 if (*setting == _PASSWORD_EFMT1) {
595 /*
596 * "new"-style:
597 * setting - underscore, 4 bytes of count, 4 bytes of salt
598 * key - unlimited characters
599 */
600 for (i = 1, count = 0; i < 5; i++)
601 count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
602
603 for (i = 5, salt = 0; i < 9; i++)
604 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
605
606 while (*key) {
607 /*
608 * Encrypt the key with itself.
609 */
610 if (des_cipher((unsigned char*)keybuf, (unsigned char*)keybuf, 0, 1))
611 return(NULL);
612 /*
613 * And XOR with the next 8 characters of the key.
614 */
615 q = (unsigned char *) keybuf;
616 while (((q - (unsigned char *) keybuf) < sizeof(keybuf)) &&
617 *key)
618 *q++ ^= *key++ << 1;
619
620 if (des_setkey((unsigned char *) keybuf))
621 return(NULL);
622 }
623 strncpy((char *)output, setting, 9);
624
625 /*
626 * Double check that we weren't given a short setting.
627 * If we were, the above code will probably have created
628 * wierd values for count and salt, but we don't really care.
629 * Just make sure the output string doesn't have an extra
630 * NUL in it.
631 */
632 output[9] = '\0';
633 p = output + strlen((const char *)output);
634 } else {
635 /*
636 * "old"-style:
637 * setting - 2 bytes of salt
638 * key - up to 8 characters
639 */
640 count = 25;
641
642 salt = (ascii_to_bin(setting[1]) << 6)
643 | ascii_to_bin(setting[0]);
644
645 output[0] = setting[0];
646 /*
647 * If the encrypted password that the salt was extracted from
648 * is only 1 character long, the salt will be corrupted. We
649 * need to ensure that the output string doesn't have an extra
650 * NUL in it!
651 */
652 output[1] = setting[1] ? setting[1] : output[0];
653
654 p = output + 2;
655 }
656 setup_salt(salt);
657 /*
658 * Do it.
659 */
660 if (do_des(0, 0, &r0, &r1, count))
661 return(NULL);
662 /*
663 * Now encode the result...
664 */
665 l = (r0 >> 8);
666 *p++ = ascii64[(l >> 18) & 0x3f];
667 *p++ = ascii64[(l >> 12) & 0x3f];
668 *p++ = ascii64[(l >> 6) & 0x3f];
669 *p++ = ascii64[l & 0x3f];
670
671 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
672 *p++ = ascii64[(l >> 18) & 0x3f];
673 *p++ = ascii64[(l >> 12) & 0x3f];
674 *p++ = ascii64[(l >> 6) & 0x3f];
675 *p++ = ascii64[l & 0x3f];
676
677 l = r1 << 2;
678 *p++ = ascii64[(l >> 12) & 0x3f];
679 *p++ = ascii64[(l >> 6) & 0x3f];
680 *p++ = ascii64[l & 0x3f];
681 *p = 0;
682
683 return((char *)output);
684 }