search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update copyright notices with scripts/update-copyrights
[glibc.git] / crypt / crypt_util.c
blob287593142b4ebc17e3cd46f0251cd29da99cd47f
1 /*
2 * UFC-crypt: ultra fast crypt(3) implementation
3 *
4 * Copyright (C) 1991-2014 Free Software Foundation, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; see the file COPYING.LIB. If not,
18 * see <http://www.gnu.org/licenses/>.
19 *
20 * @(#)crypt_util.c 2.56 12/20/96
21 *
22 * Support routines
23 *
24 */
25
26 #ifdef DEBUG
27 #include <stdio.h>
28 #endif
29 #include <atomic.h>
30 #include <string.h>
31
32 #ifndef STATIC
33 #define STATIC static
34 #endif
35
36 #ifndef DOS
37 #include "ufc-crypt.h"
38 #else
39 /*
40 * Thanks to greg%wind@plains.NoDak.edu (Greg W. Wettstein)
41 * for DOS patches
42 */
43 #include "pl.h"
44 #include "ufc.h"
45 #endif
46 #include "crypt.h"
47 #include "crypt-private.h"
48
49 /* Prototypes for local functions. */
50 #ifndef __GNU_LIBRARY__
51 void _ufc_clearmem (char *start, int cnt);
52 void _ufc_copymem (char *from, char *to, int cnt);
53 #endif
54 #ifdef _UFC_32_
55 STATIC void shuffle_sb (long32 *k, ufc_long saltbits);
56 #else
57 STATIC void shuffle_sb (long64 *k, ufc_long saltbits);
58 #endif
59
60
61 /*
62 * Permutation done once on the 56 bit
63 * key derived from the original 8 byte ASCII key.
64 */
65 static const int pc1[56] = {
66 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
67 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
68 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
69 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
70 };
71
72 /*
73 * How much to rotate each 28 bit half of the pc1 permutated
74 * 56 bit key before using pc2 to give the i' key
75 */
76 static const int rots[16] = {
77 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
78 };
79
80 /*
81 * Permutation giving the key
82 * of the i' DES round
83 */
84 static const int pc2[48] = {
85 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
86 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
87 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
88 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
89 };
90
91 /*
92 * The E expansion table which selects
93 * bits from the 32 bit intermediate result.
94 */
95 static const int esel[48] = {
96 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
97 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
98 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
99 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
100 };
101
102 /*
103 * Permutation done on the
104 * result of sbox lookups
105 */
106 static const int perm32[32] = {
107 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
108 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
109 };
110
111 /*
112 * The sboxes
113 */
114 static const int sbox[8][4][16]= {
115 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
116 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
117 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
118 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }
119 },
120
121 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
122 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
123 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
124 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }
125 },
126
127 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
128 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
129 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
130 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }
131 },
132
133 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
134 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
135 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
136 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }
137 },
138
139 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
140 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
141 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
142 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }
143 },
144
145 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
146 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
147 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
148 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }
149 },
150
151 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
152 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
153 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
154 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }
155 },
156
157 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
158 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
159 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
160 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 }
161 }
162 };
163
164 /*
165 * This is the initial
166 * permutation matrix
167 */
168 static const int initial_perm[64] = {
169 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
170 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
171 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
172 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
173 };
174
175 /*
176 * This is the final
177 * permutation matrix
178 */
179 static const int final_perm[64] = {
180 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
181 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
182 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
183 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
184 };
185
186 #define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
187 #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
188
189 static const ufc_long BITMASK[24] = {
190 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000,
191 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000,
192 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200,
193 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008
194 };
195
196 static const unsigned char bytemask[8] = {
197 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
198 };
199
200 static const ufc_long longmask[32] = {
201 0x80000000, 0x40000000, 0x20000000, 0x10000000,
202 0x08000000, 0x04000000, 0x02000000, 0x01000000,
203 0x00800000, 0x00400000, 0x00200000, 0x00100000,
204 0x00080000, 0x00040000, 0x00020000, 0x00010000,
205 0x00008000, 0x00004000, 0x00002000, 0x00001000,
206 0x00000800, 0x00000400, 0x00000200, 0x00000100,
207 0x00000080, 0x00000040, 0x00000020, 0x00000010,
208 0x00000008, 0x00000004, 0x00000002, 0x00000001
209 };
210
211 /*
212 * do_pc1: permform pc1 permutation in the key schedule generation.
213 *
214 * The first index is the byte number in the 8 byte ASCII key
215 * - second - - the two 28 bits halfs of the result
216 * - third - selects the 7 bits actually used of each byte
217 *
218 * The result is kept with 28 bit per 32 bit with the 4 most significant
219 * bits zero.
220 */
221 static ufc_long do_pc1[8][2][128];
222
223 /*
224 * do_pc2: permform pc2 permutation in the key schedule generation.
225 *
226 * The first index is the septet number in the two 28 bit intermediate values
227 * - second - - - septet values
228 *
229 * Knowledge of the structure of the pc2 permutation is used.
230 *
231 * The result is kept with 28 bit per 32 bit with the 4 most significant
232 * bits zero.
233 */
234 static ufc_long do_pc2[8][128];
235
236 /*
237 * eperm32tab: do 32 bit permutation and E selection
238 *
239 * The first index is the byte number in the 32 bit value to be permuted
240 * - second - is the value of this byte
241 * - third - selects the two 32 bit values
242 *
243 * The table is used and generated internally in init_des to speed it up
244 */
245 static ufc_long eperm32tab[4][256][2];
246
247 /*
248 * efp: undo an extra e selection and do final
249 * permutation giving the DES result.
250 *
251 * Invoked 6 bit a time on two 48 bit values
252 * giving two 32 bit longs.
253 */
254 static ufc_long efp[16][64][2];
255
256 /*
257 * For use by the old, non-reentrant routines
258 * (crypt/encrypt/setkey)
259 */
260 struct crypt_data _ufc_foobar;
261
262 #ifdef __GNU_LIBRARY__
263 #include <bits/libc-lock.h>
264
265 __libc_lock_define_initialized (static, _ufc_tables_lock)
266 #endif
267
268 #ifdef DEBUG
269
270 void
271 _ufc_prbits(a, n)
272 ufc_long *a;
273 int n;
274 {
275 ufc_long i, j, t, tmp;
276 n /= 8;
277 for(i = 0; i < n; i++) {
278 tmp=0;
279 for(j = 0; j < 8; j++) {
280 t=8*i+j;
281 tmp|=(a[t/24] & BITMASK[t % 24])?bytemask[j]:0;
282 }
283 (void)printf("%02x ",tmp);
284 }
285 printf(" ");
286 }
287
288 static void
289 _ufc_set_bits(v, b)
290 ufc_long v;
291 ufc_long *b;
292 {
293 ufc_long i;
294 *b = 0;
295 for(i = 0; i < 24; i++) {
296 if(v & longmask[8 + i])
297 *b |= BITMASK[i];
298 }
299 }
300
301 #endif
302
303 #ifndef __GNU_LIBRARY__
304 /*
305 * Silly rewrites of 'bzero'/'memset'. I do so
306 * because some machines don't have
307 * bzero and some don't have memset.
308 */
309
310 void
311 _ufc_clearmem(start, cnt)
312 char *start;
313 int cnt;
314 {
315 while(cnt--)
316 *start++ = '\0';
317 }
318
319 void
320 _ufc_copymem(from, to, cnt)
321 char *from, *to;
322 int cnt;
323 {
324 while(cnt--)
325 *to++ = *from++;
326 }
327 #else
328 #define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
329 #define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt)
330 #endif
331
332 /* lookup a 6 bit value in sbox */
333
334 #define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
335
336 /*
337 * Initialize unit - may be invoked directly
338 * by fcrypt users.
339 */
340
341 void
342 __init_des_r(__data)
343 struct crypt_data * __restrict __data;
344 {
345 int comes_from_bit;
346 int bit, sg;
347 ufc_long j;
348 ufc_long mask1, mask2;
349 int e_inverse[64];
350 static volatile int small_tables_initialized = 0;
351
352 #ifdef _UFC_32_
353 long32 *sb[4];
354 sb[0] = (long32*)__data->sb0; sb[1] = (long32*)__data->sb1;
355 sb[2] = (long32*)__data->sb2; sb[3] = (long32*)__data->sb3;
356 #endif
357 #ifdef _UFC_64_
358 long64 *sb[4];
359 sb[0] = (long64*)__data->sb0; sb[1] = (long64*)__data->sb1;
360 sb[2] = (long64*)__data->sb2; sb[3] = (long64*)__data->sb3;
361 #endif
362
363 if(small_tables_initialized == 0) {
364 #ifdef __GNU_LIBRARY__
365 __libc_lock_lock (_ufc_tables_lock);
366 if(small_tables_initialized)
367 goto small_tables_done;
368 #endif
369
370 /*
371 * Create the do_pc1 table used
372 * to affect pc1 permutation
373 * when generating keys
374 */
375 _ufc_clearmem((char*)do_pc1, (int)sizeof(do_pc1));
376 for(bit = 0; bit < 56; bit++) {
377 comes_from_bit = pc1[bit] - 1;
378 mask1 = bytemask[comes_from_bit % 8 + 1];
379 mask2 = longmask[bit % 28 + 4];
380 for(j = 0; j < 128; j++) {
381 if(j & mask1)
382 do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2;
383 }
384 }
385
386 /*
387 * Create the do_pc2 table used
388 * to affect pc2 permutation when
389 * generating keys
390 */
391 _ufc_clearmem((char*)do_pc2, (int)sizeof(do_pc2));
392 for(bit = 0; bit < 48; bit++) {
393 comes_from_bit = pc2[bit] - 1;
394 mask1 = bytemask[comes_from_bit % 7 + 1];
395 mask2 = BITMASK[bit % 24];
396 for(j = 0; j < 128; j++) {
397 if(j & mask1)
398 do_pc2[comes_from_bit / 7][j] |= mask2;
399 }
400 }
401
402 /*
403 * Now generate the table used to do combined
404 * 32 bit permutation and e expansion
405 *
406 * We use it because we have to permute 16384 32 bit
407 * longs into 48 bit in order to initialize sb.
408 *
409 * Looping 48 rounds per permutation becomes
410 * just too slow...
411 *
412 */
413
414 _ufc_clearmem((char*)eperm32tab, (int)sizeof(eperm32tab));
415 for(bit = 0; bit < 48; bit++) {
416 ufc_long mask1,comes_from;
417 comes_from = perm32[esel[bit]-1]-1;
418 mask1 = bytemask[comes_from % 8];
419 for(j = 256; j--;) {
420 if(j & mask1)
421 eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK[bit % 24];
422 }
423 }
424
425 /*
426 * Create an inverse matrix for esel telling
427 * where to plug out bits if undoing it
428 */
429 for(bit=48; bit--;) {
430 e_inverse[esel[bit] - 1 ] = bit;
431 e_inverse[esel[bit] - 1 + 32] = bit + 48;
432 }
433
434 /*
435 * create efp: the matrix used to
436 * undo the E expansion and effect final permutation
437 */
438 _ufc_clearmem((char*)efp, (int)sizeof efp);
439 for(bit = 0; bit < 64; bit++) {
440 int o_bit, o_long;
441 ufc_long word_value, mask1, mask2;
442 int comes_from_f_bit, comes_from_e_bit;
443 int comes_from_word, bit_within_word;
444
445 /* See where bit i belongs in the two 32 bit long's */
446 o_long = bit / 32; /* 0..1 */
447 o_bit = bit % 32; /* 0..31 */
448
449 /*
450 * And find a bit in the e permutated value setting this bit.
451 *
452 * Note: the e selection may have selected the same bit several
453 * times. By the initialization of e_inverse, we only look
454 * for one specific instance.
455 */
456 comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */
457 comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */
458 comes_from_word = comes_from_e_bit / 6; /* 0..15 */
459 bit_within_word = comes_from_e_bit % 6; /* 0..5 */
460
461 mask1 = longmask[bit_within_word + 26];
462 mask2 = longmask[o_bit];
463
464 for(word_value = 64; word_value--;) {
465 if(word_value & mask1)
466 efp[comes_from_word][word_value][o_long] |= mask2;
467 }
468 }
469 atomic_write_barrier ();
470 small_tables_initialized = 1;
471 #ifdef __GNU_LIBRARY__
472 small_tables_done:
473 __libc_lock_unlock(_ufc_tables_lock);
474 #endif
475 } else
476 atomic_read_barrier ();
477
478 /*
479 * Create the sb tables:
480 *
481 * For each 12 bit segment of an 48 bit intermediate
482 * result, the sb table precomputes the two 4 bit
483 * values of the sbox lookups done with the two 6
484 * bit halves, shifts them to their proper place,
485 * sends them through perm32 and finally E expands
486 * them so that they are ready for the next
487 * DES round.
488 *
489 */
490
491 if (__data->sb0 + sizeof (__data->sb0) == __data->sb1
492 && __data->sb1 + sizeof (__data->sb1) == __data->sb2
493 && __data->sb2 + sizeof (__data->sb2) == __data->sb3)
494 _ufc_clearmem(__data->sb0,
495 (int)sizeof(__data->sb0)
496 + (int)sizeof(__data->sb1)
497 + (int)sizeof(__data->sb2)
498 + (int)sizeof(__data->sb3));
499 else {
500 _ufc_clearmem(__data->sb0, (int)sizeof(__data->sb0));
501 _ufc_clearmem(__data->sb1, (int)sizeof(__data->sb1));
502 _ufc_clearmem(__data->sb2, (int)sizeof(__data->sb2));
503 _ufc_clearmem(__data->sb3, (int)sizeof(__data->sb3));
504 }
505
506 for(sg = 0; sg < 4; sg++) {
507 int j1, j2;
508 int s1, s2;
509
510 for(j1 = 0; j1 < 64; j1++) {
511 s1 = s_lookup(2 * sg, j1);
512 for(j2 = 0; j2 < 64; j2++) {
513 ufc_long to_permute, inx;
514
515 s2 = s_lookup(2 * sg + 1, j2);
516 to_permute = (((ufc_long)s1 << 4) |
517 (ufc_long)s2) << (24 - 8 * (ufc_long)sg);
518
519 #ifdef _UFC_32_
520 inx = ((j1 << 6) | j2) << 1;
521 sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0];
522 sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1];
523 sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0];
524 sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1];
525 sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0];
526 sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1];
527 sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0];
528 sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1];
529 #endif
530 #ifdef _UFC_64_
531 inx = ((j1 << 6) | j2);
532 sb[sg][inx] =
533 ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) |
534 (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1];
535 sb[sg][inx] |=
536 ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) |
537 (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1];
538 sb[sg][inx] |=
539 ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) |
540 (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1];
541 sb[sg][inx] |=
542 ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) |
543 (long64)eperm32tab[3][(to_permute) & 0xff][1];
544 #endif
545 }
546 }
547 }
548
549 __data->current_saltbits = 0;
550 __data->current_salt[0] = 0;
551 __data->current_salt[1] = 0;
552 __data->initialized++;
553 }
554
555 void
556 __init_des (void)
557 {
558 __init_des_r(&_ufc_foobar);
559 }
560
561 /*
562 * Process the elements of the sb table permuting the
563 * bits swapped in the expansion by the current salt.
564 */
565
566 #ifdef _UFC_32_
567 STATIC void
568 shuffle_sb(k, saltbits)
569 long32 *k;
570 ufc_long saltbits;
571 {
572 ufc_long j;
573 long32 x;
574 for(j=4096; j--;) {
575 x = (k[0] ^ k[1]) & (long32)saltbits;
576 *k++ ^= x;
577 *k++ ^= x;
578 }
579 }
580 #endif
581
582 #ifdef _UFC_64_
583 STATIC void
584 shuffle_sb(k, saltbits)
585 long64 *k;
586 ufc_long saltbits;
587 {
588 ufc_long j;
589 long64 x;
590 for(j=4096; j--;) {
591 x = ((*k >> 32) ^ *k) & (long64)saltbits;
592 *k++ ^= (x << 32) | x;
593 }
594 }
595 #endif
596
597 /*
598 * Return false iff C is in the specified alphabet for crypt salt.
599 */
600
601 static bool
602 bad_for_salt (char c)
603 {
604 switch (c)
605 {
606 case '0' ... '9':
607 case 'A' ... 'Z':
608 case 'a' ... 'z':
609 case '.': case '/':
610 return false;
611
612 default:
613 return true;
614 }
615 }
616
617 /*
618 * Setup the unit for a new salt
619 * Hopefully we'll not see a new salt in each crypt call.
620 * Return false if an unexpected character was found in s[0] or s[1].
621 */
622
623 bool
624 _ufc_setup_salt_r(s, __data)
625 const char *s;
626 struct crypt_data * __restrict __data;
627 {
628 ufc_long i, j, saltbits;
629 char s0, s1;
630
631 if(__data->initialized == 0)
632 __init_des_r(__data);
633
634 s0 = s[0];
635 if(bad_for_salt (s0))
636 return false;
637
638 s1 = s[1];
639 if(bad_for_salt (s1))
640 return false;
641
642 if(s0 == __data->current_salt[0] && s1 == __data->current_salt[1])
643 return true;
644
645 __data->current_salt[0] = s0;
646 __data->current_salt[1] = s1;
647
648 /*
649 * This is the only crypt change to DES:
650 * entries are swapped in the expansion table
651 * according to the bits set in the salt.
652 */
653 saltbits = 0;
654 for(i = 0; i < 2; i++) {
655 long c=ascii_to_bin(s[i]);
656 for(j = 0; j < 6; j++) {
657 if((c >> j) & 0x1)
658 saltbits |= BITMASK[6 * i + j];
659 }
660 }
661
662 /*
663 * Permute the sb table values
664 * to reflect the changed e
665 * selection table
666 */
667 #ifdef _UFC_32_
668 #define LONGG long32*
669 #endif
670 #ifdef _UFC_64_
671 #define LONGG long64*
672 #endif
673
674 shuffle_sb((LONGG)__data->sb0, __data->current_saltbits ^ saltbits);
675 shuffle_sb((LONGG)__data->sb1, __data->current_saltbits ^ saltbits);
676 shuffle_sb((LONGG)__data->sb2, __data->current_saltbits ^ saltbits);
677 shuffle_sb((LONGG)__data->sb3, __data->current_saltbits ^ saltbits);
678
679 __data->current_saltbits = saltbits;
680
681 return true;
682 }
683
684 void
685 _ufc_mk_keytab_r(key, __data)
686 const char *key;
687 struct crypt_data * __restrict __data;
688 {
689 ufc_long v1, v2, *k1;
690 int i;
691 #ifdef _UFC_32_
692 long32 v, *k2;
693 k2 = (long32*)__data->keysched;
694 #endif
695 #ifdef _UFC_64_
696 long64 v, *k2;
697 k2 = (long64*)__data->keysched;
698 #endif
699
700 v1 = v2 = 0; k1 = &do_pc1[0][0][0];
701 for(i = 8; i--;) {
702 v1 |= k1[*key & 0x7f]; k1 += 128;
703 v2 |= k1[*key++ & 0x7f]; k1 += 128;
704 }
705
706 for(i = 0; i < 16; i++) {
707 k1 = &do_pc2[0][0];
708
709 v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i]));
710 v = k1[(v1 >> 21) & 0x7f]; k1 += 128;
711 v |= k1[(v1 >> 14) & 0x7f]; k1 += 128;
712 v |= k1[(v1 >> 7) & 0x7f]; k1 += 128;
713 v |= k1[(v1 ) & 0x7f]; k1 += 128;
714
715 #ifdef _UFC_32_
716 *k2++ = (v | 0x00008000);
717 v = 0;
718 #endif
719 #ifdef _UFC_64_
720 v = (v << 32);
721 #endif
722
723 v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i]));
724 v |= k1[(v2 >> 21) & 0x7f]; k1 += 128;
725 v |= k1[(v2 >> 14) & 0x7f]; k1 += 128;
726 v |= k1[(v2 >> 7) & 0x7f]; k1 += 128;
727 v |= k1[(v2 ) & 0x7f];
728
729 #ifdef _UFC_32_
730 *k2++ = (v | 0x00008000);
731 #endif
732 #ifdef _UFC_64_
733 *k2++ = v | 0x0000800000008000l;
734 #endif
735 }
736
737 __data->direction = 0;
738 }
739
740 /*
741 * Undo an extra E selection and do final permutations
742 */
743
744 void
745 _ufc_dofinalperm_r(res, __data)
746 ufc_long *res;
747 struct crypt_data * __restrict __data;
748 {
749 ufc_long v1, v2, x;
750 ufc_long l1,l2,r1,r2;
751
752 l1 = res[0]; l2 = res[1];
753 r1 = res[2]; r2 = res[3];
754
755 x = (l1 ^ l2) & __data->current_saltbits; l1 ^= x; l2 ^= x;
756 x = (r1 ^ r2) & __data->current_saltbits; r1 ^= x; r2 ^= x;
757
758 v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3;
759
760 v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1];
761 v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1];
762 v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1];
763 v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1];
764
765 v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1];
766 v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1];
767 v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1];
768 v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1];
769
770 v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1];
771 v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1];
772 v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1];
773 v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1];
774
775 v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1];
776 v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1];
777 v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1];
778 v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1];
779
780 res[0] = v1; res[1] = v2;
781 }
782
783 /*
784 * crypt only: convert from 64 bit to 11 bit ASCII
785 * prefixing with the salt
786 */
787
788 void
789 _ufc_output_conversion_r(v1, v2, salt, __data)
790 ufc_long v1, v2;
791 const char *salt;
792 struct crypt_data * __restrict __data;
793 {
794 int i, s, shf;
795
796 __data->crypt_3_buf[0] = salt[0];
797 __data->crypt_3_buf[1] = salt[1] ? salt[1] : salt[0];
798
799 for(i = 0; i < 5; i++) {
800 shf = (26 - 6 * i); /* to cope with MSC compiler bug */
801 __data->crypt_3_buf[i + 2] = bin_to_ascii((v1 >> shf) & 0x3f);
802 }
803
804 s = (v2 & 0xf) << 2;
805 v2 = (v2 >> 2) | ((v1 & 0x3) << 30);
806
807 for(i = 5; i < 10; i++) {
808 shf = (56 - 6 * i);
809 __data->crypt_3_buf[i + 2] = bin_to_ascii((v2 >> shf) & 0x3f);
810 }
811
812 __data->crypt_3_buf[12] = bin_to_ascii(s);
813 __data->crypt_3_buf[13] = 0;
814 }
815
816
817 /*
818 * UNIX encrypt function. Takes a bitvector
819 * represented by one byte per bit and
820 * encrypt/decrypt according to edflag
821 */
822
823 void
824 __encrypt_r(__block, __edflag, __data)
825 char *__block;
826 int __edflag;
827 struct crypt_data * __restrict __data;
828 {
829 ufc_long l1, l2, r1, r2, res[4];
830 int i;
831 #ifdef _UFC_32_
832 long32 *kt;
833 kt = (long32*)__data->keysched;
834 #endif
835 #ifdef _UFC_64_
836 long64 *kt;
837 kt = (long64*)__data->keysched;
838 #endif
839
840 /*
841 * Undo any salt changes to E expansion
842 */
843 _ufc_setup_salt_r("..", __data);
844
845 /*
846 * Reverse key table if
847 * changing operation (encrypt/decrypt)
848 */
849 if((__edflag == 0) != (__data->direction == 0)) {
850 for(i = 0; i < 8; i++) {
851 #ifdef _UFC_32_
852 long32 x;
853 x = kt[2 * (15-i)];
854 kt[2 * (15-i)] = kt[2 * i];
855 kt[2 * i] = x;
856
857 x = kt[2 * (15-i) + 1];
858 kt[2 * (15-i) + 1] = kt[2 * i + 1];
859 kt[2 * i + 1] = x;
860 #endif
861 #ifdef _UFC_64_
862 long64 x;
863 x = kt[15-i];
864 kt[15-i] = kt[i];
865 kt[i] = x;
866 #endif
867 }
868 __data->direction = __edflag;
869 }
870
871 /*
872 * Do initial permutation + E expansion
873 */
874 i = 0;
875 for(l1 = 0; i < 24; i++) {
876 if(__block[initial_perm[esel[i]-1]-1])
877 l1 |= BITMASK[i];
878 }
879 for(l2 = 0; i < 48; i++) {
880 if(__block[initial_perm[esel[i]-1]-1])
881 l2 |= BITMASK[i-24];
882 }
883
884 i = 0;
885 for(r1 = 0; i < 24; i++) {
886 if(__block[initial_perm[esel[i]-1+32]-1])
887 r1 |= BITMASK[i];
888 }
889 for(r2 = 0; i < 48; i++) {
890 if(__block[initial_perm[esel[i]-1+32]-1])
891 r2 |= BITMASK[i-24];
892 }
893
894 /*
895 * Do DES inner loops + final conversion
896 */
897 res[0] = l1; res[1] = l2;
898 res[2] = r1; res[3] = r2;
899 _ufc_doit_r((ufc_long)1, __data, &res[0]);
900
901 /*
902 * Do final permutations
903 */
904 _ufc_dofinalperm_r(res, __data);
905
906 /*
907 * And convert to bit array
908 */
909 l1 = res[0]; r1 = res[1];
910 for(i = 0; i < 32; i++) {
911 *__block++ = (l1 & longmask[i]) != 0;
912 }
913 for(i = 0; i < 32; i++) {
914 *__block++ = (r1 & longmask[i]) != 0;
915 }
916 }
917 weak_alias (__encrypt_r, encrypt_r)
918
919 void
920 encrypt(__block, __edflag)
921 char *__block;
922 int __edflag;
923 {
924 __encrypt_r(__block, __edflag, &_ufc_foobar);
925 }
926
927
928 /*
929 * UNIX setkey function. Take a 64 bit DES
930 * key and setup the machinery.
931 */
932
933 void
934 __setkey_r(__key, __data)
935 const char *__key;
936 struct crypt_data * __restrict __data;
937 {
938 int i,j;
939 unsigned char c;
940 unsigned char ktab[8];
941
942 _ufc_setup_salt_r("..", __data); /* be sure we're initialized */
943
944 for(i = 0; i < 8; i++) {
945 for(j = 0, c = 0; j < 8; j++)
946 c = c << 1 | *__key++;
947 ktab[i] = c >> 1;
948 }
949 _ufc_mk_keytab_r((char *) ktab, __data);
950 }
951 weak_alias (__setkey_r, setkey_r)
952
953 void
954 setkey(__key)
955 const char *__key;
956 {
957 __setkey_r(__key, &_ufc_foobar);
958 }
sources.redhat.com git mirror of glibc CVS