search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
X86: Don't assert on older Intel CPUs [BZ #20647]
[glibc.git] / crypt / crypt_util.c
blob1f42f59cb06f3ac9be7ffad6115a407b8dcf8ced
1 /*
2 * UFC-crypt: ultra fast crypt(3) implementation
3 *
4 * Copyright (C) 1991-2016 Free Software Foundation, Inc.
5 *
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
10 *
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
15 *
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; see the file COPYING.LIB. If not,
18 * see <http://www.gnu.org/licenses/>.
19 *
20 * @(#)crypt_util.c 2.56 12/20/96
21 *
22 * Support routines
23 *
24 */
25
26 #ifdef DEBUG
27 #include <stdio.h>
28 #endif
29 #include <atomic.h>
30 #include <string.h>
31
32 #ifndef STATIC
33 #define STATIC static
34 #endif
35
36 #include "crypt-private.h"
37
38 /* Prototypes for local functions. */
39 #ifndef __GNU_LIBRARY__
40 void _ufc_clearmem (char *start, int cnt);
41 void _ufc_copymem (char *from, char *to, int cnt);
42 #endif
43 #ifdef _UFC_32_
44 STATIC void shuffle_sb (long32 *k, ufc_long saltbits);
45 #else
46 STATIC void shuffle_sb (long64 *k, ufc_long saltbits);
47 #endif
48
49
50 /*
51 * Permutation done once on the 56 bit
52 * key derived from the original 8 byte ASCII key.
53 */
54 static const int pc1[56] = {
55 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
56 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
57 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
58 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
59 };
60
61 /*
62 * How much to rotate each 28 bit half of the pc1 permutated
63 * 56 bit key before using pc2 to give the i' key
64 */
65 static const int rots[16] = {
66 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
67 };
68
69 /*
70 * Permutation giving the key
71 * of the i' DES round
72 */
73 static const int pc2[48] = {
74 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
75 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
76 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
77 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
78 };
79
80 /*
81 * The E expansion table which selects
82 * bits from the 32 bit intermediate result.
83 */
84 static const int esel[48] = {
85 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
86 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
87 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
88 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
89 };
90
91 /*
92 * Permutation done on the
93 * result of sbox lookups
94 */
95 static const int perm32[32] = {
96 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
97 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
98 };
99
100 /*
101 * The sboxes
102 */
103 static const int sbox[8][4][16]= {
104 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
105 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
106 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
107 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }
108 },
109
110 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
111 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
112 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
113 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }
114 },
115
116 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
117 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
118 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
119 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }
120 },
121
122 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
123 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
124 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
125 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }
126 },
127
128 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
129 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
130 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
131 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }
132 },
133
134 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
135 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
136 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
137 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }
138 },
139
140 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
141 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
142 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
143 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }
144 },
145
146 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
147 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
148 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
149 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 }
150 }
151 };
152
153 /*
154 * This is the initial
155 * permutation matrix
156 */
157 static const int initial_perm[64] = {
158 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
159 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
160 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
161 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
162 };
163
164 /*
165 * This is the final
166 * permutation matrix
167 */
168 static const int final_perm[64] = {
169 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
170 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
171 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
172 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
173 };
174
175 #define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
176 #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
177
178 static const ufc_long BITMASK[24] = {
179 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000,
180 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000,
181 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200,
182 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008
183 };
184
185 static const unsigned char bytemask[8] = {
186 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
187 };
188
189 static const ufc_long longmask[32] = {
190 0x80000000, 0x40000000, 0x20000000, 0x10000000,
191 0x08000000, 0x04000000, 0x02000000, 0x01000000,
192 0x00800000, 0x00400000, 0x00200000, 0x00100000,
193 0x00080000, 0x00040000, 0x00020000, 0x00010000,
194 0x00008000, 0x00004000, 0x00002000, 0x00001000,
195 0x00000800, 0x00000400, 0x00000200, 0x00000100,
196 0x00000080, 0x00000040, 0x00000020, 0x00000010,
197 0x00000008, 0x00000004, 0x00000002, 0x00000001
198 };
199
200 /*
201 * do_pc1: permform pc1 permutation in the key schedule generation.
202 *
203 * The first index is the byte number in the 8 byte ASCII key
204 * - second - - the two 28 bits halfs of the result
205 * - third - selects the 7 bits actually used of each byte
206 *
207 * The result is kept with 28 bit per 32 bit with the 4 most significant
208 * bits zero.
209 */
210 static ufc_long do_pc1[8][2][128];
211
212 /*
213 * do_pc2: permform pc2 permutation in the key schedule generation.
214 *
215 * The first index is the septet number in the two 28 bit intermediate values
216 * - second - - - septet values
217 *
218 * Knowledge of the structure of the pc2 permutation is used.
219 *
220 * The result is kept with 28 bit per 32 bit with the 4 most significant
221 * bits zero.
222 */
223 static ufc_long do_pc2[8][128];
224
225 /*
226 * eperm32tab: do 32 bit permutation and E selection
227 *
228 * The first index is the byte number in the 32 bit value to be permuted
229 * - second - is the value of this byte
230 * - third - selects the two 32 bit values
231 *
232 * The table is used and generated internally in init_des to speed it up
233 */
234 static ufc_long eperm32tab[4][256][2];
235
236 /*
237 * efp: undo an extra e selection and do final
238 * permutation giving the DES result.
239 *
240 * Invoked 6 bit a time on two 48 bit values
241 * giving two 32 bit longs.
242 */
243 static ufc_long efp[16][64][2];
244
245 /* Table with characters for base64 transformation. */
246 static const char b64t[64] =
247 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
248
249 /*
250 * For use by the old, non-reentrant routines
251 * (crypt/encrypt/setkey)
252 */
253 struct crypt_data _ufc_foobar;
254
255 #ifdef __GNU_LIBRARY__
256 #include <libc-lock.h>
257
258 __libc_lock_define_initialized (static, _ufc_tables_lock)
259 #endif
260
261 #ifdef DEBUG
262
263 void
264 _ufc_prbits (ufc_long *a, int n)
265 {
266 ufc_long i, j, t, tmp;
267 n /= 8;
268 for(i = 0; i < n; i++) {
269 tmp=0;
270 for(j = 0; j < 8; j++) {
271 t=8*i+j;
272 tmp|=(a[t/24] & BITMASK[t % 24])?bytemask[j]:0;
273 }
274 (void)printf("%02lx ", tmp);
275 }
276 printf(" ");
277 }
278
279 static void __attribute__ ((unused))
280 _ufc_set_bits (ufc_long v, ufc_long *b)
281 {
282 ufc_long i;
283 *b = 0;
284 for(i = 0; i < 24; i++) {
285 if(v & longmask[8 + i])
286 *b |= BITMASK[i];
287 }
288 }
289
290 #endif
291
292 #ifndef __GNU_LIBRARY__
293 /*
294 * Silly rewrites of 'bzero'/'memset'. I do so
295 * because some machines don't have
296 * bzero and some don't have memset.
297 */
298
299 void
300 _ufc_clearmem (char *start, int cnt)
301 {
302 while(cnt--)
303 *start++ = '\0';
304 }
305
306 void
307 _ufc_copymem (char *from, char *to, int cnt)
308 {
309 while(cnt--)
310 *to++ = *from++;
311 }
312 #else
313 #define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
314 #define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt)
315 #endif
316
317 /* lookup a 6 bit value in sbox */
318
319 #define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
320
321 /*
322 * Initialize unit - may be invoked directly
323 * by fcrypt users.
324 */
325
326 void
327 __init_des_r (struct crypt_data * __restrict __data)
328 {
329 int comes_from_bit;
330 int bit, sg;
331 ufc_long j;
332 ufc_long mask1, mask2;
333 int e_inverse[64];
334 static volatile int small_tables_initialized = 0;
335
336 #ifdef _UFC_32_
337 long32 *sb[4];
338 sb[0] = (long32*)__data->sb0; sb[1] = (long32*)__data->sb1;
339 sb[2] = (long32*)__data->sb2; sb[3] = (long32*)__data->sb3;
340 #endif
341 #ifdef _UFC_64_
342 long64 *sb[4];
343 sb[0] = (long64*)__data->sb0; sb[1] = (long64*)__data->sb1;
344 sb[2] = (long64*)__data->sb2; sb[3] = (long64*)__data->sb3;
345 #endif
346
347 if(small_tables_initialized == 0) {
348 #ifdef __GNU_LIBRARY__
349 __libc_lock_lock (_ufc_tables_lock);
350 if(small_tables_initialized)
351 goto small_tables_done;
352 #endif
353
354 /*
355 * Create the do_pc1 table used
356 * to affect pc1 permutation
357 * when generating keys
358 */
359 _ufc_clearmem((char*)do_pc1, (int)sizeof(do_pc1));
360 for(bit = 0; bit < 56; bit++) {
361 comes_from_bit = pc1[bit] - 1;
362 mask1 = bytemask[comes_from_bit % 8 + 1];
363 mask2 = longmask[bit % 28 + 4];
364 for(j = 0; j < 128; j++) {
365 if(j & mask1)
366 do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2;
367 }
368 }
369
370 /*
371 * Create the do_pc2 table used
372 * to affect pc2 permutation when
373 * generating keys
374 */
375 _ufc_clearmem((char*)do_pc2, (int)sizeof(do_pc2));
376 for(bit = 0; bit < 48; bit++) {
377 comes_from_bit = pc2[bit] - 1;
378 mask1 = bytemask[comes_from_bit % 7 + 1];
379 mask2 = BITMASK[bit % 24];
380 for(j = 0; j < 128; j++) {
381 if(j & mask1)
382 do_pc2[comes_from_bit / 7][j] |= mask2;
383 }
384 }
385
386 /*
387 * Now generate the table used to do combined
388 * 32 bit permutation and e expansion
389 *
390 * We use it because we have to permute 16384 32 bit
391 * longs into 48 bit in order to initialize sb.
392 *
393 * Looping 48 rounds per permutation becomes
394 * just too slow...
395 *
396 */
397
398 _ufc_clearmem((char*)eperm32tab, (int)sizeof(eperm32tab));
399 for(bit = 0; bit < 48; bit++) {
400 ufc_long mask1,comes_from;
401 comes_from = perm32[esel[bit]-1]-1;
402 mask1 = bytemask[comes_from % 8];
403 for(j = 256; j--;) {
404 if(j & mask1)
405 eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK[bit % 24];
406 }
407 }
408
409 /*
410 * Create an inverse matrix for esel telling
411 * where to plug out bits if undoing it
412 */
413 for(bit=48; bit--;) {
414 e_inverse[esel[bit] - 1 ] = bit;
415 e_inverse[esel[bit] - 1 + 32] = bit + 48;
416 }
417
418 /*
419 * create efp: the matrix used to
420 * undo the E expansion and effect final permutation
421 */
422 _ufc_clearmem((char*)efp, (int)sizeof efp);
423 for(bit = 0; bit < 64; bit++) {
424 int o_bit, o_long;
425 ufc_long word_value, mask1, mask2;
426 int comes_from_f_bit, comes_from_e_bit;
427 int comes_from_word, bit_within_word;
428
429 /* See where bit i belongs in the two 32 bit long's */
430 o_long = bit / 32; /* 0..1 */
431 o_bit = bit % 32; /* 0..31 */
432
433 /*
434 * And find a bit in the e permutated value setting this bit.
435 *
436 * Note: the e selection may have selected the same bit several
437 * times. By the initialization of e_inverse, we only look
438 * for one specific instance.
439 */
440 comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */
441 comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */
442 comes_from_word = comes_from_e_bit / 6; /* 0..15 */
443 bit_within_word = comes_from_e_bit % 6; /* 0..5 */
444
445 mask1 = longmask[bit_within_word + 26];
446 mask2 = longmask[o_bit];
447
448 for(word_value = 64; word_value--;) {
449 if(word_value & mask1)
450 efp[comes_from_word][word_value][o_long] |= mask2;
451 }
452 }
453 atomic_write_barrier ();
454 small_tables_initialized = 1;
455 #ifdef __GNU_LIBRARY__
456 small_tables_done:
457 __libc_lock_unlock(_ufc_tables_lock);
458 #endif
459 } else
460 atomic_read_barrier ();
461
462 /*
463 * Create the sb tables:
464 *
465 * For each 12 bit segment of an 48 bit intermediate
466 * result, the sb table precomputes the two 4 bit
467 * values of the sbox lookups done with the two 6
468 * bit halves, shifts them to their proper place,
469 * sends them through perm32 and finally E expands
470 * them so that they are ready for the next
471 * DES round.
472 *
473 */
474
475 if (__data->sb0 + sizeof (__data->sb0) == __data->sb1
476 && __data->sb1 + sizeof (__data->sb1) == __data->sb2
477 && __data->sb2 + sizeof (__data->sb2) == __data->sb3)
478 _ufc_clearmem(__data->sb0,
479 (int)sizeof(__data->sb0)
480 + (int)sizeof(__data->sb1)
481 + (int)sizeof(__data->sb2)
482 + (int)sizeof(__data->sb3));
483 else {
484 _ufc_clearmem(__data->sb0, (int)sizeof(__data->sb0));
485 _ufc_clearmem(__data->sb1, (int)sizeof(__data->sb1));
486 _ufc_clearmem(__data->sb2, (int)sizeof(__data->sb2));
487 _ufc_clearmem(__data->sb3, (int)sizeof(__data->sb3));
488 }
489
490 for(sg = 0; sg < 4; sg++) {
491 int j1, j2;
492 int s1, s2;
493
494 for(j1 = 0; j1 < 64; j1++) {
495 s1 = s_lookup(2 * sg, j1);
496 for(j2 = 0; j2 < 64; j2++) {
497 ufc_long to_permute, inx;
498
499 s2 = s_lookup(2 * sg + 1, j2);
500 to_permute = (((ufc_long)s1 << 4) |
501 (ufc_long)s2) << (24 - 8 * (ufc_long)sg);
502
503 #ifdef _UFC_32_
504 inx = ((j1 << 6) | j2) << 1;
505 sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0];
506 sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1];
507 sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0];
508 sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1];
509 sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0];
510 sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1];
511 sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0];
512 sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1];
513 #endif
514 #ifdef _UFC_64_
515 inx = ((j1 << 6) | j2);
516 sb[sg][inx] =
517 ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) |
518 (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1];
519 sb[sg][inx] |=
520 ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) |
521 (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1];
522 sb[sg][inx] |=
523 ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) |
524 (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1];
525 sb[sg][inx] |=
526 ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) |
527 (long64)eperm32tab[3][(to_permute) & 0xff][1];
528 #endif
529 }
530 }
531 }
532
533 __data->current_saltbits = 0;
534 __data->current_salt[0] = 0;
535 __data->current_salt[1] = 0;
536 __data->initialized++;
537 }
538
539 void
540 __init_des (void)
541 {
542 __init_des_r(&_ufc_foobar);
543 }
544
545 /*
546 * Process the elements of the sb table permuting the
547 * bits swapped in the expansion by the current salt.
548 */
549
550 #ifdef _UFC_32_
551 STATIC void
552 shuffle_sb (long32 *k, ufc_long saltbits)
553 {
554 ufc_long j;
555 long32 x;
556 for(j=4096; j--;) {
557 x = (k[0] ^ k[1]) & (long32)saltbits;
558 *k++ ^= x;
559 *k++ ^= x;
560 }
561 }
562 #endif
563
564 #ifdef _UFC_64_
565 STATIC void
566 shuffle_sb (long64 *k, ufc_long saltbits)
567 {
568 ufc_long j;
569 long64 x;
570 for(j=4096; j--;) {
571 x = ((*k >> 32) ^ *k) & (long64)saltbits;
572 *k++ ^= (x << 32) | x;
573 }
574 }
575 #endif
576
577 /*
578 * Return false iff C is in the specified alphabet for crypt salt.
579 */
580
581 static bool
582 bad_for_salt (char c)
583 {
584 switch (c)
585 {
586 case '0' ... '9':
587 case 'A' ... 'Z':
588 case 'a' ... 'z':
589 case '.': case '/':
590 return false;
591
592 default:
593 return true;
594 }
595 }
596
597 /*
598 * Setup the unit for a new salt
599 * Hopefully we'll not see a new salt in each crypt call.
600 * Return false if an unexpected character was found in s[0] or s[1].
601 */
602
603 bool
604 _ufc_setup_salt_r (const char *s, struct crypt_data * __restrict __data)
605 {
606 ufc_long i, j, saltbits;
607 char s0, s1;
608
609 if(__data->initialized == 0)
610 __init_des_r(__data);
611
612 s0 = s[0];
613 if(bad_for_salt (s0))
614 return false;
615
616 s1 = s[1];
617 if(bad_for_salt (s1))
618 return false;
619
620 if(s0 == __data->current_salt[0] && s1 == __data->current_salt[1])
621 return true;
622
623 __data->current_salt[0] = s0;
624 __data->current_salt[1] = s1;
625
626 /*
627 * This is the only crypt change to DES:
628 * entries are swapped in the expansion table
629 * according to the bits set in the salt.
630 */
631 saltbits = 0;
632 for(i = 0; i < 2; i++) {
633 long c=ascii_to_bin(s[i]);
634 for(j = 0; j < 6; j++) {
635 if((c >> j) & 0x1)
636 saltbits |= BITMASK[6 * i + j];
637 }
638 }
639
640 /*
641 * Permute the sb table values
642 * to reflect the changed e
643 * selection table
644 */
645 #ifdef _UFC_32_
646 #define LONGG long32*
647 #endif
648 #ifdef _UFC_64_
649 #define LONGG long64*
650 #endif
651
652 shuffle_sb((LONGG)__data->sb0, __data->current_saltbits ^ saltbits);
653 shuffle_sb((LONGG)__data->sb1, __data->current_saltbits ^ saltbits);
654 shuffle_sb((LONGG)__data->sb2, __data->current_saltbits ^ saltbits);
655 shuffle_sb((LONGG)__data->sb3, __data->current_saltbits ^ saltbits);
656
657 __data->current_saltbits = saltbits;
658
659 return true;
660 }
661
662 void
663 _ufc_mk_keytab_r (const char *key, struct crypt_data * __restrict __data)
664 {
665 ufc_long v1, v2, *k1;
666 int i;
667 #ifdef _UFC_32_
668 long32 v, *k2;
669 k2 = (long32*)__data->keysched;
670 #endif
671 #ifdef _UFC_64_
672 long64 v, *k2;
673 k2 = (long64*)__data->keysched;
674 #endif
675
676 v1 = v2 = 0; k1 = &do_pc1[0][0][0];
677 for(i = 8; i--;) {
678 v1 |= k1[*key & 0x7f]; k1 += 128;
679 v2 |= k1[*key++ & 0x7f]; k1 += 128;
680 }
681
682 for(i = 0; i < 16; i++) {
683 k1 = &do_pc2[0][0];
684
685 v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i]));
686 v = k1[(v1 >> 21) & 0x7f]; k1 += 128;
687 v |= k1[(v1 >> 14) & 0x7f]; k1 += 128;
688 v |= k1[(v1 >> 7) & 0x7f]; k1 += 128;
689 v |= k1[(v1 ) & 0x7f]; k1 += 128;
690
691 #ifdef _UFC_32_
692 *k2++ = (v | 0x00008000);
693 v = 0;
694 #endif
695 #ifdef _UFC_64_
696 v = (v << 32);
697 #endif
698
699 v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i]));
700 v |= k1[(v2 >> 21) & 0x7f]; k1 += 128;
701 v |= k1[(v2 >> 14) & 0x7f]; k1 += 128;
702 v |= k1[(v2 >> 7) & 0x7f]; k1 += 128;
703 v |= k1[(v2 ) & 0x7f];
704
705 #ifdef _UFC_32_
706 *k2++ = (v | 0x00008000);
707 #endif
708 #ifdef _UFC_64_
709 *k2++ = v | 0x0000800000008000l;
710 #endif
711 }
712
713 __data->direction = 0;
714 }
715
716 /*
717 * Undo an extra E selection and do final permutations
718 */
719
720 void
721 _ufc_dofinalperm_r (ufc_long *res, struct crypt_data * __restrict __data)
722 {
723 ufc_long v1, v2, x;
724 ufc_long l1,l2,r1,r2;
725
726 l1 = res[0]; l2 = res[1];
727 r1 = res[2]; r2 = res[3];
728
729 x = (l1 ^ l2) & __data->current_saltbits; l1 ^= x; l2 ^= x;
730 x = (r1 ^ r2) & __data->current_saltbits; r1 ^= x; r2 ^= x;
731
732 v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3;
733
734 v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1];
735 v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1];
736 v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1];
737 v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1];
738
739 v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1];
740 v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1];
741 v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1];
742 v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1];
743
744 v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1];
745 v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1];
746 v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1];
747 v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1];
748
749 v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1];
750 v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1];
751 v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1];
752 v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1];
753
754 res[0] = v1; res[1] = v2;
755 }
756
757 /*
758 * crypt only: convert from 64 bit to 11 bit ASCII
759 * prefixing with the salt
760 */
761
762 void
763 _ufc_output_conversion_r (ufc_long v1, ufc_long v2, const char *salt,
764 struct crypt_data * __restrict __data)
765 {
766 int i, s, shf;
767
768 __data->crypt_3_buf[0] = salt[0];
769 __data->crypt_3_buf[1] = salt[1] ? salt[1] : salt[0];
770
771 for(i = 0; i < 5; i++) {
772 shf = (26 - 6 * i); /* to cope with MSC compiler bug */
773 __data->crypt_3_buf[i + 2] = bin_to_ascii((v1 >> shf) & 0x3f);
774 }
775
776 s = (v2 & 0xf) << 2;
777 v2 = (v2 >> 2) | ((v1 & 0x3) << 30);
778
779 for(i = 5; i < 10; i++) {
780 shf = (56 - 6 * i);
781 __data->crypt_3_buf[i + 2] = bin_to_ascii((v2 >> shf) & 0x3f);
782 }
783
784 __data->crypt_3_buf[12] = bin_to_ascii(s);
785 __data->crypt_3_buf[13] = 0;
786 }
787
788
789 /*
790 * UNIX encrypt function. Takes a bitvector
791 * represented by one byte per bit and
792 * encrypt/decrypt according to edflag
793 */
794
795 void
796 __encrypt_r (char *__block, int __edflag,
797 struct crypt_data * __restrict __data)
798 {
799 ufc_long l1, l2, r1, r2, res[4];
800 int i;
801 #ifdef _UFC_32_
802 long32 *kt;
803 kt = (long32*)__data->keysched;
804 #endif
805 #ifdef _UFC_64_
806 long64 *kt;
807 kt = (long64*)__data->keysched;
808 #endif
809
810 /*
811 * Undo any salt changes to E expansion
812 */
813 _ufc_setup_salt_r("..", __data);
814
815 /*
816 * Reverse key table if
817 * changing operation (encrypt/decrypt)
818 */
819 if((__edflag == 0) != (__data->direction == 0)) {
820 for(i = 0; i < 8; i++) {
821 #ifdef _UFC_32_
822 long32 x;
823 x = kt[2 * (15-i)];
824 kt[2 * (15-i)] = kt[2 * i];
825 kt[2 * i] = x;
826
827 x = kt[2 * (15-i) + 1];
828 kt[2 * (15-i) + 1] = kt[2 * i + 1];
829 kt[2 * i + 1] = x;
830 #endif
831 #ifdef _UFC_64_
832 long64 x;
833 x = kt[15-i];
834 kt[15-i] = kt[i];
835 kt[i] = x;
836 #endif
837 }
838 __data->direction = __edflag;
839 }
840
841 /*
842 * Do initial permutation + E expansion
843 */
844 i = 0;
845 for(l1 = 0; i < 24; i++) {
846 if(__block[initial_perm[esel[i]-1]-1])
847 l1 |= BITMASK[i];
848 }
849 for(l2 = 0; i < 48; i++) {
850 if(__block[initial_perm[esel[i]-1]-1])
851 l2 |= BITMASK[i-24];
852 }
853
854 i = 0;
855 for(r1 = 0; i < 24; i++) {
856 if(__block[initial_perm[esel[i]-1+32]-1])
857 r1 |= BITMASK[i];
858 }
859 for(r2 = 0; i < 48; i++) {
860 if(__block[initial_perm[esel[i]-1+32]-1])
861 r2 |= BITMASK[i-24];
862 }
863
864 /*
865 * Do DES inner loops + final conversion
866 */
867 res[0] = l1; res[1] = l2;
868 res[2] = r1; res[3] = r2;
869 _ufc_doit_r((ufc_long)1, __data, &res[0]);
870
871 /*
872 * Do final permutations
873 */
874 _ufc_dofinalperm_r(res, __data);
875
876 /*
877 * And convert to bit array
878 */
879 l1 = res[0]; r1 = res[1];
880 for(i = 0; i < 32; i++) {
881 *__block++ = (l1 & longmask[i]) != 0;
882 }
883 for(i = 0; i < 32; i++) {
884 *__block++ = (r1 & longmask[i]) != 0;
885 }
886 }
887 weak_alias (__encrypt_r, encrypt_r)
888
889 void
890 encrypt (char *__block, int __edflag)
891 {
892 __encrypt_r(__block, __edflag, &_ufc_foobar);
893 }
894
895
896 /*
897 * UNIX setkey function. Take a 64 bit DES
898 * key and setup the machinery.
899 */
900
901 void
902 __setkey_r (const char *__key, struct crypt_data * __restrict __data)
903 {
904 int i,j;
905 unsigned char c;
906 unsigned char ktab[8];
907
908 _ufc_setup_salt_r("..", __data); /* be sure we're initialized */
909
910 for(i = 0; i < 8; i++) {
911 for(j = 0, c = 0; j < 8; j++)
912 c = c << 1 | *__key++;
913 ktab[i] = c >> 1;
914 }
915 _ufc_mk_keytab_r((char *) ktab, __data);
916 }
917 weak_alias (__setkey_r, setkey_r)
918
919 void
920 setkey (const char *__key)
921 {
922 __setkey_r(__key, &_ufc_foobar);
923 }
924
925 void
926 __b64_from_24bit (char **cp, int *buflen,
927 unsigned int b2, unsigned int b1, unsigned int b0,
928 int n)
929 {
930 unsigned int w = (b2 << 16) | (b1 << 8) | b0;
931 while (n-- > 0 && (*buflen) > 0)
932 {
933 *(*cp)++ = b64t[w & 0x3f];
934 --(*buflen);
935 w >>= 6;
936 }
937 }
sources.redhat.com git mirror of glibc CVS