2 * UFC-crypt: ultra fast crypt(3) implementation
4 * Copyright (C) 1991-2015 Free Software Foundation, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; see the file COPYING.LIB. If not,
18 * see <http://www.gnu.org/licenses/>.
20 * @(#)crypt_util.c 2.56 12/20/96
36 #include "crypt-private.h"
38 /* Prototypes for local functions. */
39 #ifndef __GNU_LIBRARY__
40 void _ufc_clearmem (char *start
, int cnt
);
41 void _ufc_copymem (char *from
, char *to
, int cnt
);
44 STATIC
void shuffle_sb (long32
*k
, ufc_long saltbits
);
46 STATIC
void shuffle_sb (long64
*k
, ufc_long saltbits
);
51 * Permutation done once on the 56 bit
52 * key derived from the original 8 byte ASCII key.
54 static const int pc1
[56] = {
55 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
56 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
57 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
58 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
62 * How much to rotate each 28 bit half of the pc1 permutated
63 * 56 bit key before using pc2 to give the i' key
65 static const int rots
[16] = {
66 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
70 * Permutation giving the key
73 static const int pc2
[48] = {
74 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
75 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
76 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
77 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
81 * The E expansion table which selects
82 * bits from the 32 bit intermediate result.
84 static const int esel
[48] = {
85 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
86 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
87 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
88 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
92 * Permutation done on the
93 * result of sbox lookups
95 static const int perm32
[32] = {
96 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
97 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
103 static const int sbox
[8][4][16]= {
104 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
105 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
106 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
107 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }
110 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
111 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
112 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
113 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }
116 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
117 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
118 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
119 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }
122 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
123 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
124 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
125 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }
128 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
129 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
130 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
131 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }
134 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
135 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
136 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
137 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }
140 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
141 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
142 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
143 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }
146 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
147 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
148 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
149 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 }
154 * This is the initial
157 static const int initial_perm
[64] = {
158 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
159 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
160 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
161 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
168 static const int final_perm
[64] = {
169 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
170 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
171 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
172 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
175 #define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
176 #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
178 static const ufc_long BITMASK
[24] = {
179 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000,
180 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000,
181 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200,
182 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008
185 static const unsigned char bytemask
[8] = {
186 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
189 static const ufc_long longmask
[32] = {
190 0x80000000, 0x40000000, 0x20000000, 0x10000000,
191 0x08000000, 0x04000000, 0x02000000, 0x01000000,
192 0x00800000, 0x00400000, 0x00200000, 0x00100000,
193 0x00080000, 0x00040000, 0x00020000, 0x00010000,
194 0x00008000, 0x00004000, 0x00002000, 0x00001000,
195 0x00000800, 0x00000400, 0x00000200, 0x00000100,
196 0x00000080, 0x00000040, 0x00000020, 0x00000010,
197 0x00000008, 0x00000004, 0x00000002, 0x00000001
201 * do_pc1: permform pc1 permutation in the key schedule generation.
203 * The first index is the byte number in the 8 byte ASCII key
204 * - second - - the two 28 bits halfs of the result
205 * - third - selects the 7 bits actually used of each byte
207 * The result is kept with 28 bit per 32 bit with the 4 most significant
210 static ufc_long do_pc1
[8][2][128];
213 * do_pc2: permform pc2 permutation in the key schedule generation.
215 * The first index is the septet number in the two 28 bit intermediate values
216 * - second - - - septet values
218 * Knowledge of the structure of the pc2 permutation is used.
220 * The result is kept with 28 bit per 32 bit with the 4 most significant
223 static ufc_long do_pc2
[8][128];
226 * eperm32tab: do 32 bit permutation and E selection
228 * The first index is the byte number in the 32 bit value to be permuted
229 * - second - is the value of this byte
230 * - third - selects the two 32 bit values
232 * The table is used and generated internally in init_des to speed it up
234 static ufc_long eperm32tab
[4][256][2];
237 * efp: undo an extra e selection and do final
238 * permutation giving the DES result.
240 * Invoked 6 bit a time on two 48 bit values
241 * giving two 32 bit longs.
243 static ufc_long efp
[16][64][2];
245 /* Table with characters for base64 transformation. */
246 static const char b64t
[64] =
247 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
250 * For use by the old, non-reentrant routines
251 * (crypt/encrypt/setkey)
253 struct crypt_data _ufc_foobar
;
255 #ifdef __GNU_LIBRARY__
256 #include <bits/libc-lock.h>
258 __libc_lock_define_initialized (static, _ufc_tables_lock
)
268 ufc_long i
, j
, t
, tmp
;
270 for(i
= 0; i
< n
; i
++) {
272 for(j
= 0; j
< 8; j
++) {
274 tmp
|=(a
[t
/24] & BITMASK
[t
% 24])?bytemask
[j
]:0;
276 (void)printf("%02x ",tmp
);
288 for(i
= 0; i
< 24; i
++) {
289 if(v
& longmask
[8 + i
])
296 #ifndef __GNU_LIBRARY__
298 * Silly rewrites of 'bzero'/'memset'. I do so
299 * because some machines don't have
300 * bzero and some don't have memset.
304 _ufc_clearmem(start
, cnt
)
313 _ufc_copymem(from
, to
, cnt
)
321 #define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
322 #define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt)
325 /* lookup a 6 bit value in sbox */
327 #define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
330 * Initialize unit - may be invoked directly
336 struct crypt_data
* __restrict __data
;
341 ufc_long mask1
, mask2
;
343 static volatile int small_tables_initialized
= 0;
347 sb
[0] = (long32
*)__data
->sb0
; sb
[1] = (long32
*)__data
->sb1
;
348 sb
[2] = (long32
*)__data
->sb2
; sb
[3] = (long32
*)__data
->sb3
;
352 sb
[0] = (long64
*)__data
->sb0
; sb
[1] = (long64
*)__data
->sb1
;
353 sb
[2] = (long64
*)__data
->sb2
; sb
[3] = (long64
*)__data
->sb3
;
356 if(small_tables_initialized
== 0) {
357 #ifdef __GNU_LIBRARY__
358 __libc_lock_lock (_ufc_tables_lock
);
359 if(small_tables_initialized
)
360 goto small_tables_done
;
364 * Create the do_pc1 table used
365 * to affect pc1 permutation
366 * when generating keys
368 _ufc_clearmem((char*)do_pc1
, (int)sizeof(do_pc1
));
369 for(bit
= 0; bit
< 56; bit
++) {
370 comes_from_bit
= pc1
[bit
] - 1;
371 mask1
= bytemask
[comes_from_bit
% 8 + 1];
372 mask2
= longmask
[bit
% 28 + 4];
373 for(j
= 0; j
< 128; j
++) {
375 do_pc1
[comes_from_bit
/ 8][bit
/ 28][j
] |= mask2
;
380 * Create the do_pc2 table used
381 * to affect pc2 permutation when
384 _ufc_clearmem((char*)do_pc2
, (int)sizeof(do_pc2
));
385 for(bit
= 0; bit
< 48; bit
++) {
386 comes_from_bit
= pc2
[bit
] - 1;
387 mask1
= bytemask
[comes_from_bit
% 7 + 1];
388 mask2
= BITMASK
[bit
% 24];
389 for(j
= 0; j
< 128; j
++) {
391 do_pc2
[comes_from_bit
/ 7][j
] |= mask2
;
396 * Now generate the table used to do combined
397 * 32 bit permutation and e expansion
399 * We use it because we have to permute 16384 32 bit
400 * longs into 48 bit in order to initialize sb.
402 * Looping 48 rounds per permutation becomes
407 _ufc_clearmem((char*)eperm32tab
, (int)sizeof(eperm32tab
));
408 for(bit
= 0; bit
< 48; bit
++) {
409 ufc_long mask1
,comes_from
;
410 comes_from
= perm32
[esel
[bit
]-1]-1;
411 mask1
= bytemask
[comes_from
% 8];
414 eperm32tab
[comes_from
/ 8][j
][bit
/ 24] |= BITMASK
[bit
% 24];
419 * Create an inverse matrix for esel telling
420 * where to plug out bits if undoing it
422 for(bit
=48; bit
--;) {
423 e_inverse
[esel
[bit
] - 1 ] = bit
;
424 e_inverse
[esel
[bit
] - 1 + 32] = bit
+ 48;
428 * create efp: the matrix used to
429 * undo the E expansion and effect final permutation
431 _ufc_clearmem((char*)efp
, (int)sizeof efp
);
432 for(bit
= 0; bit
< 64; bit
++) {
434 ufc_long word_value
, mask1
, mask2
;
435 int comes_from_f_bit
, comes_from_e_bit
;
436 int comes_from_word
, bit_within_word
;
438 /* See where bit i belongs in the two 32 bit long's */
439 o_long
= bit
/ 32; /* 0..1 */
440 o_bit
= bit
% 32; /* 0..31 */
443 * And find a bit in the e permutated value setting this bit.
445 * Note: the e selection may have selected the same bit several
446 * times. By the initialization of e_inverse, we only look
447 * for one specific instance.
449 comes_from_f_bit
= final_perm
[bit
] - 1; /* 0..63 */
450 comes_from_e_bit
= e_inverse
[comes_from_f_bit
]; /* 0..95 */
451 comes_from_word
= comes_from_e_bit
/ 6; /* 0..15 */
452 bit_within_word
= comes_from_e_bit
% 6; /* 0..5 */
454 mask1
= longmask
[bit_within_word
+ 26];
455 mask2
= longmask
[o_bit
];
457 for(word_value
= 64; word_value
--;) {
458 if(word_value
& mask1
)
459 efp
[comes_from_word
][word_value
][o_long
] |= mask2
;
462 atomic_write_barrier ();
463 small_tables_initialized
= 1;
464 #ifdef __GNU_LIBRARY__
466 __libc_lock_unlock(_ufc_tables_lock
);
469 atomic_read_barrier ();
472 * Create the sb tables:
474 * For each 12 bit segment of an 48 bit intermediate
475 * result, the sb table precomputes the two 4 bit
476 * values of the sbox lookups done with the two 6
477 * bit halves, shifts them to their proper place,
478 * sends them through perm32 and finally E expands
479 * them so that they are ready for the next
484 if (__data
->sb0
+ sizeof (__data
->sb0
) == __data
->sb1
485 && __data
->sb1
+ sizeof (__data
->sb1
) == __data
->sb2
486 && __data
->sb2
+ sizeof (__data
->sb2
) == __data
->sb3
)
487 _ufc_clearmem(__data
->sb0
,
488 (int)sizeof(__data
->sb0
)
489 + (int)sizeof(__data
->sb1
)
490 + (int)sizeof(__data
->sb2
)
491 + (int)sizeof(__data
->sb3
));
493 _ufc_clearmem(__data
->sb0
, (int)sizeof(__data
->sb0
));
494 _ufc_clearmem(__data
->sb1
, (int)sizeof(__data
->sb1
));
495 _ufc_clearmem(__data
->sb2
, (int)sizeof(__data
->sb2
));
496 _ufc_clearmem(__data
->sb3
, (int)sizeof(__data
->sb3
));
499 for(sg
= 0; sg
< 4; sg
++) {
503 for(j1
= 0; j1
< 64; j1
++) {
504 s1
= s_lookup(2 * sg
, j1
);
505 for(j2
= 0; j2
< 64; j2
++) {
506 ufc_long to_permute
, inx
;
508 s2
= s_lookup(2 * sg
+ 1, j2
);
509 to_permute
= (((ufc_long
)s1
<< 4) |
510 (ufc_long
)s2
) << (24 - 8 * (ufc_long
)sg
);
513 inx
= ((j1
<< 6) | j2
) << 1;
514 sb
[sg
][inx
] = eperm32tab
[0][(to_permute
>> 24) & 0xff][0];
515 sb
[sg
][inx
+1] = eperm32tab
[0][(to_permute
>> 24) & 0xff][1];
516 sb
[sg
][inx
] |= eperm32tab
[1][(to_permute
>> 16) & 0xff][0];
517 sb
[sg
][inx
+1] |= eperm32tab
[1][(to_permute
>> 16) & 0xff][1];
518 sb
[sg
][inx
] |= eperm32tab
[2][(to_permute
>> 8) & 0xff][0];
519 sb
[sg
][inx
+1] |= eperm32tab
[2][(to_permute
>> 8) & 0xff][1];
520 sb
[sg
][inx
] |= eperm32tab
[3][(to_permute
) & 0xff][0];
521 sb
[sg
][inx
+1] |= eperm32tab
[3][(to_permute
) & 0xff][1];
524 inx
= ((j1
<< 6) | j2
);
526 ((long64
)eperm32tab
[0][(to_permute
>> 24) & 0xff][0] << 32) |
527 (long64
)eperm32tab
[0][(to_permute
>> 24) & 0xff][1];
529 ((long64
)eperm32tab
[1][(to_permute
>> 16) & 0xff][0] << 32) |
530 (long64
)eperm32tab
[1][(to_permute
>> 16) & 0xff][1];
532 ((long64
)eperm32tab
[2][(to_permute
>> 8) & 0xff][0] << 32) |
533 (long64
)eperm32tab
[2][(to_permute
>> 8) & 0xff][1];
535 ((long64
)eperm32tab
[3][(to_permute
) & 0xff][0] << 32) |
536 (long64
)eperm32tab
[3][(to_permute
) & 0xff][1];
542 __data
->current_saltbits
= 0;
543 __data
->current_salt
[0] = 0;
544 __data
->current_salt
[1] = 0;
545 __data
->initialized
++;
551 __init_des_r(&_ufc_foobar
);
555 * Process the elements of the sb table permuting the
556 * bits swapped in the expansion by the current salt.
561 shuffle_sb(k
, saltbits
)
568 x
= (k
[0] ^ k
[1]) & (long32
)saltbits
;
577 shuffle_sb(k
, saltbits
)
584 x
= ((*k
>> 32) ^ *k
) & (long64
)saltbits
;
585 *k
++ ^= (x
<< 32) | x
;
591 * Return false iff C is in the specified alphabet for crypt salt.
595 bad_for_salt (char c
)
611 * Setup the unit for a new salt
612 * Hopefully we'll not see a new salt in each crypt call.
613 * Return false if an unexpected character was found in s[0] or s[1].
617 _ufc_setup_salt_r(s
, __data
)
619 struct crypt_data
* __restrict __data
;
621 ufc_long i
, j
, saltbits
;
624 if(__data
->initialized
== 0)
625 __init_des_r(__data
);
628 if(bad_for_salt (s0
))
632 if(bad_for_salt (s1
))
635 if(s0
== __data
->current_salt
[0] && s1
== __data
->current_salt
[1])
638 __data
->current_salt
[0] = s0
;
639 __data
->current_salt
[1] = s1
;
642 * This is the only crypt change to DES:
643 * entries are swapped in the expansion table
644 * according to the bits set in the salt.
647 for(i
= 0; i
< 2; i
++) {
648 long c
=ascii_to_bin(s
[i
]);
649 for(j
= 0; j
< 6; j
++) {
651 saltbits
|= BITMASK
[6 * i
+ j
];
656 * Permute the sb table values
657 * to reflect the changed e
661 #define LONGG long32*
664 #define LONGG long64*
667 shuffle_sb((LONGG
)__data
->sb0
, __data
->current_saltbits
^ saltbits
);
668 shuffle_sb((LONGG
)__data
->sb1
, __data
->current_saltbits
^ saltbits
);
669 shuffle_sb((LONGG
)__data
->sb2
, __data
->current_saltbits
^ saltbits
);
670 shuffle_sb((LONGG
)__data
->sb3
, __data
->current_saltbits
^ saltbits
);
672 __data
->current_saltbits
= saltbits
;
678 _ufc_mk_keytab_r(key
, __data
)
680 struct crypt_data
* __restrict __data
;
682 ufc_long v1
, v2
, *k1
;
686 k2
= (long32
*)__data
->keysched
;
690 k2
= (long64
*)__data
->keysched
;
693 v1
= v2
= 0; k1
= &do_pc1
[0][0][0];
695 v1
|= k1
[*key
& 0x7f]; k1
+= 128;
696 v2
|= k1
[*key
++ & 0x7f]; k1
+= 128;
699 for(i
= 0; i
< 16; i
++) {
702 v1
= (v1
<< rots
[i
]) | (v1
>> (28 - rots
[i
]));
703 v
= k1
[(v1
>> 21) & 0x7f]; k1
+= 128;
704 v
|= k1
[(v1
>> 14) & 0x7f]; k1
+= 128;
705 v
|= k1
[(v1
>> 7) & 0x7f]; k1
+= 128;
706 v
|= k1
[(v1
) & 0x7f]; k1
+= 128;
709 *k2
++ = (v
| 0x00008000);
716 v2
= (v2
<< rots
[i
]) | (v2
>> (28 - rots
[i
]));
717 v
|= k1
[(v2
>> 21) & 0x7f]; k1
+= 128;
718 v
|= k1
[(v2
>> 14) & 0x7f]; k1
+= 128;
719 v
|= k1
[(v2
>> 7) & 0x7f]; k1
+= 128;
720 v
|= k1
[(v2
) & 0x7f];
723 *k2
++ = (v
| 0x00008000);
726 *k2
++ = v
| 0x0000800000008000l
;
730 __data
->direction
= 0;
734 * Undo an extra E selection and do final permutations
738 _ufc_dofinalperm_r(res
, __data
)
740 struct crypt_data
* __restrict __data
;
743 ufc_long l1
,l2
,r1
,r2
;
745 l1
= res
[0]; l2
= res
[1];
746 r1
= res
[2]; r2
= res
[3];
748 x
= (l1
^ l2
) & __data
->current_saltbits
; l1
^= x
; l2
^= x
;
749 x
= (r1
^ r2
) & __data
->current_saltbits
; r1
^= x
; r2
^= x
;
751 v1
=v2
=0; l1
>>= 3; l2
>>= 3; r1
>>= 3; r2
>>= 3;
753 v1
|= efp
[15][ r2
& 0x3f][0]; v2
|= efp
[15][ r2
& 0x3f][1];
754 v1
|= efp
[14][(r2
>>= 6) & 0x3f][0]; v2
|= efp
[14][ r2
& 0x3f][1];
755 v1
|= efp
[13][(r2
>>= 10) & 0x3f][0]; v2
|= efp
[13][ r2
& 0x3f][1];
756 v1
|= efp
[12][(r2
>>= 6) & 0x3f][0]; v2
|= efp
[12][ r2
& 0x3f][1];
758 v1
|= efp
[11][ r1
& 0x3f][0]; v2
|= efp
[11][ r1
& 0x3f][1];
759 v1
|= efp
[10][(r1
>>= 6) & 0x3f][0]; v2
|= efp
[10][ r1
& 0x3f][1];
760 v1
|= efp
[ 9][(r1
>>= 10) & 0x3f][0]; v2
|= efp
[ 9][ r1
& 0x3f][1];
761 v1
|= efp
[ 8][(r1
>>= 6) & 0x3f][0]; v2
|= efp
[ 8][ r1
& 0x3f][1];
763 v1
|= efp
[ 7][ l2
& 0x3f][0]; v2
|= efp
[ 7][ l2
& 0x3f][1];
764 v1
|= efp
[ 6][(l2
>>= 6) & 0x3f][0]; v2
|= efp
[ 6][ l2
& 0x3f][1];
765 v1
|= efp
[ 5][(l2
>>= 10) & 0x3f][0]; v2
|= efp
[ 5][ l2
& 0x3f][1];
766 v1
|= efp
[ 4][(l2
>>= 6) & 0x3f][0]; v2
|= efp
[ 4][ l2
& 0x3f][1];
768 v1
|= efp
[ 3][ l1
& 0x3f][0]; v2
|= efp
[ 3][ l1
& 0x3f][1];
769 v1
|= efp
[ 2][(l1
>>= 6) & 0x3f][0]; v2
|= efp
[ 2][ l1
& 0x3f][1];
770 v1
|= efp
[ 1][(l1
>>= 10) & 0x3f][0]; v2
|= efp
[ 1][ l1
& 0x3f][1];
771 v1
|= efp
[ 0][(l1
>>= 6) & 0x3f][0]; v2
|= efp
[ 0][ l1
& 0x3f][1];
773 res
[0] = v1
; res
[1] = v2
;
777 * crypt only: convert from 64 bit to 11 bit ASCII
778 * prefixing with the salt
782 _ufc_output_conversion_r(v1
, v2
, salt
, __data
)
785 struct crypt_data
* __restrict __data
;
789 __data
->crypt_3_buf
[0] = salt
[0];
790 __data
->crypt_3_buf
[1] = salt
[1] ? salt
[1] : salt
[0];
792 for(i
= 0; i
< 5; i
++) {
793 shf
= (26 - 6 * i
); /* to cope with MSC compiler bug */
794 __data
->crypt_3_buf
[i
+ 2] = bin_to_ascii((v1
>> shf
) & 0x3f);
798 v2
= (v2
>> 2) | ((v1
& 0x3) << 30);
800 for(i
= 5; i
< 10; i
++) {
802 __data
->crypt_3_buf
[i
+ 2] = bin_to_ascii((v2
>> shf
) & 0x3f);
805 __data
->crypt_3_buf
[12] = bin_to_ascii(s
);
806 __data
->crypt_3_buf
[13] = 0;
811 * UNIX encrypt function. Takes a bitvector
812 * represented by one byte per bit and
813 * encrypt/decrypt according to edflag
817 __encrypt_r(__block
, __edflag
, __data
)
820 struct crypt_data
* __restrict __data
;
822 ufc_long l1
, l2
, r1
, r2
, res
[4];
826 kt
= (long32
*)__data
->keysched
;
830 kt
= (long64
*)__data
->keysched
;
834 * Undo any salt changes to E expansion
836 _ufc_setup_salt_r("..", __data
);
839 * Reverse key table if
840 * changing operation (encrypt/decrypt)
842 if((__edflag
== 0) != (__data
->direction
== 0)) {
843 for(i
= 0; i
< 8; i
++) {
847 kt
[2 * (15-i
)] = kt
[2 * i
];
850 x
= kt
[2 * (15-i
) + 1];
851 kt
[2 * (15-i
) + 1] = kt
[2 * i
+ 1];
861 __data
->direction
= __edflag
;
865 * Do initial permutation + E expansion
868 for(l1
= 0; i
< 24; i
++) {
869 if(__block
[initial_perm
[esel
[i
]-1]-1])
872 for(l2
= 0; i
< 48; i
++) {
873 if(__block
[initial_perm
[esel
[i
]-1]-1])
878 for(r1
= 0; i
< 24; i
++) {
879 if(__block
[initial_perm
[esel
[i
]-1+32]-1])
882 for(r2
= 0; i
< 48; i
++) {
883 if(__block
[initial_perm
[esel
[i
]-1+32]-1])
888 * Do DES inner loops + final conversion
890 res
[0] = l1
; res
[1] = l2
;
891 res
[2] = r1
; res
[3] = r2
;
892 _ufc_doit_r((ufc_long
)1, __data
, &res
[0]);
895 * Do final permutations
897 _ufc_dofinalperm_r(res
, __data
);
900 * And convert to bit array
902 l1
= res
[0]; r1
= res
[1];
903 for(i
= 0; i
< 32; i
++) {
904 *__block
++ = (l1
& longmask
[i
]) != 0;
906 for(i
= 0; i
< 32; i
++) {
907 *__block
++ = (r1
& longmask
[i
]) != 0;
910 weak_alias (__encrypt_r
, encrypt_r
)
913 encrypt(__block
, __edflag
)
917 __encrypt_r(__block
, __edflag
, &_ufc_foobar
);
922 * UNIX setkey function. Take a 64 bit DES
923 * key and setup the machinery.
927 __setkey_r(__key
, __data
)
929 struct crypt_data
* __restrict __data
;
933 unsigned char ktab
[8];
935 _ufc_setup_salt_r("..", __data
); /* be sure we're initialized */
937 for(i
= 0; i
< 8; i
++) {
938 for(j
= 0, c
= 0; j
< 8; j
++)
939 c
= c
<< 1 | *__key
++;
942 _ufc_mk_keytab_r((char *) ktab
, __data
);
944 weak_alias (__setkey_r
, setkey_r
)
950 __setkey_r(__key
, &_ufc_foobar
);
954 __b64_from_24bit (char **cp
, int *buflen
,
955 unsigned int b2
, unsigned int b1
, unsigned int b0
,
958 unsigned int w
= (b2
<< 16) | (b1
<< 8) | b0
;
959 while (n
-- > 0 && (*buflen
) > 0)
961 *(*cp
)++ = b64t
[w
& 0x3f];