2 * UFC-crypt: ultra fast crypt(3) implementation
4 * Copyright (C) 1991-1993,1996-1998,2000,2010,2011
5 * Free Software Foundation, Inc.
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; see the file COPYING.LIB. If not,
19 * write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
20 * Boston, MA 02111-1307, USA.
22 * @(#)crypt_util.c 2.56 12/20/96
39 #include "ufc-crypt.h"
42 * Thanks to greg%wind@plains.NoDak.edu (Greg W. Wettstein)
49 #include "crypt-private.h"
51 /* Prototypes for local functions. */
53 #ifndef __GNU_LIBRARY__
54 void _ufc_clearmem (char *start
, int cnt
);
55 void _ufc_copymem (char *from
, char *to
, int cnt
);
58 STATIC
void shuffle_sb (long32
*k
, ufc_long saltbits
);
60 STATIC
void shuffle_sb (long64
*k
, ufc_long saltbits
);
66 * Permutation done once on the 56 bit
67 * key derived from the original 8 byte ASCII key.
69 static const int pc1
[56] = {
70 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
71 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
72 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
73 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
77 * How much to rotate each 28 bit half of the pc1 permutated
78 * 56 bit key before using pc2 to give the i' key
80 static const int rots
[16] = {
81 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
85 * Permutation giving the key
88 static const int pc2
[48] = {
89 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
90 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
91 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
92 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
96 * The E expansion table which selects
97 * bits from the 32 bit intermediate result.
99 static const int esel
[48] = {
100 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
101 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
102 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
103 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
107 * Permutation done on the
108 * result of sbox lookups
110 static const int perm32
[32] = {
111 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
112 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
118 static const int sbox
[8][4][16]= {
119 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
120 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
121 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
122 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }
125 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
126 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
127 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
128 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }
131 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
132 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
133 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
134 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }
137 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
138 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
139 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
140 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }
143 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
144 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
145 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
146 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }
149 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
150 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
151 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
152 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }
155 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
156 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
157 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
158 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }
161 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
162 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
163 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
164 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 }
169 * This is the initial
172 static const int initial_perm
[64] = {
173 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
174 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
175 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
176 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
183 static const int final_perm
[64] = {
184 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
185 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
186 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
187 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
190 #define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
191 #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
193 static const ufc_long BITMASK
[24] = {
194 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000,
195 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000,
196 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200,
197 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008
200 static const unsigned char bytemask
[8] = {
201 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
204 static const ufc_long longmask
[32] = {
205 0x80000000, 0x40000000, 0x20000000, 0x10000000,
206 0x08000000, 0x04000000, 0x02000000, 0x01000000,
207 0x00800000, 0x00400000, 0x00200000, 0x00100000,
208 0x00080000, 0x00040000, 0x00020000, 0x00010000,
209 0x00008000, 0x00004000, 0x00002000, 0x00001000,
210 0x00000800, 0x00000400, 0x00000200, 0x00000100,
211 0x00000080, 0x00000040, 0x00000020, 0x00000010,
212 0x00000008, 0x00000004, 0x00000002, 0x00000001
216 * do_pc1: permform pc1 permutation in the key schedule generation.
218 * The first index is the byte number in the 8 byte ASCII key
219 * - second - - the two 28 bits halfs of the result
220 * - third - selects the 7 bits actually used of each byte
222 * The result is kept with 28 bit per 32 bit with the 4 most significant
225 static ufc_long do_pc1
[8][2][128];
228 * do_pc2: permform pc2 permutation in the key schedule generation.
230 * The first index is the septet number in the two 28 bit intermediate values
231 * - second - - - septet values
233 * Knowledge of the structure of the pc2 permutation is used.
235 * The result is kept with 28 bit per 32 bit with the 4 most significant
238 static ufc_long do_pc2
[8][128];
241 * eperm32tab: do 32 bit permutation and E selection
243 * The first index is the byte number in the 32 bit value to be permuted
244 * - second - is the value of this byte
245 * - third - selects the two 32 bit values
247 * The table is used and generated internally in init_des to speed it up
249 static ufc_long eperm32tab
[4][256][2];
252 * efp: undo an extra e selection and do final
253 * permutation giving the DES result.
255 * Invoked 6 bit a time on two 48 bit values
256 * giving two 32 bit longs.
258 static ufc_long efp
[16][64][2];
261 * For use by the old, non-reentrant routines
262 * (crypt/encrypt/setkey)
264 struct crypt_data _ufc_foobar
;
266 #ifdef __GNU_LIBRARY__
267 #include <bits/libc-lock.h>
269 __libc_lock_define_initialized (static, _ufc_tables_lock
)
279 ufc_long i
, j
, t
, tmp
;
281 for(i
= 0; i
< n
; i
++) {
283 for(j
= 0; j
< 8; j
++) {
285 tmp
|=(a
[t
/24] & BITMASK
[t
% 24])?bytemask
[j
]:0;
287 (void)printf("%02x ",tmp
);
299 for(i
= 0; i
< 24; i
++) {
300 if(v
& longmask
[8 + i
])
307 #ifndef __GNU_LIBRARY__
309 * Silly rewrites of 'bzero'/'memset'. I do so
310 * because some machines don't have
311 * bzero and some don't have memset.
315 _ufc_clearmem(start
, cnt
)
324 _ufc_copymem(from
, to
, cnt
)
332 #define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
333 #define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt)
336 /* lookup a 6 bit value in sbox */
338 #define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
341 * Initialize unit - may be invoked directly
347 struct crypt_data
* __restrict __data
;
352 ufc_long mask1
, mask2
;
354 static volatile int small_tables_initialized
= 0;
358 sb
[0] = (long32
*)__data
->sb0
; sb
[1] = (long32
*)__data
->sb1
;
359 sb
[2] = (long32
*)__data
->sb2
; sb
[3] = (long32
*)__data
->sb3
;
363 sb
[0] = (long64
*)__data
->sb0
; sb
[1] = (long64
*)__data
->sb1
;
364 sb
[2] = (long64
*)__data
->sb2
; sb
[3] = (long64
*)__data
->sb3
;
367 if(small_tables_initialized
== 0) {
368 #ifdef __GNU_LIBRARY__
369 __libc_lock_lock (_ufc_tables_lock
);
370 if(small_tables_initialized
)
371 goto small_tables_done
;
375 * Create the do_pc1 table used
376 * to affect pc1 permutation
377 * when generating keys
379 _ufc_clearmem((char*)do_pc1
, (int)sizeof(do_pc1
));
380 for(bit
= 0; bit
< 56; bit
++) {
381 comes_from_bit
= pc1
[bit
] - 1;
382 mask1
= bytemask
[comes_from_bit
% 8 + 1];
383 mask2
= longmask
[bit
% 28 + 4];
384 for(j
= 0; j
< 128; j
++) {
386 do_pc1
[comes_from_bit
/ 8][bit
/ 28][j
] |= mask2
;
391 * Create the do_pc2 table used
392 * to affect pc2 permutation when
395 _ufc_clearmem((char*)do_pc2
, (int)sizeof(do_pc2
));
396 for(bit
= 0; bit
< 48; bit
++) {
397 comes_from_bit
= pc2
[bit
] - 1;
398 mask1
= bytemask
[comes_from_bit
% 7 + 1];
399 mask2
= BITMASK
[bit
% 24];
400 for(j
= 0; j
< 128; j
++) {
402 do_pc2
[comes_from_bit
/ 7][j
] |= mask2
;
407 * Now generate the table used to do combined
408 * 32 bit permutation and e expansion
410 * We use it because we have to permute 16384 32 bit
411 * longs into 48 bit in order to initialize sb.
413 * Looping 48 rounds per permutation becomes
418 _ufc_clearmem((char*)eperm32tab
, (int)sizeof(eperm32tab
));
419 for(bit
= 0; bit
< 48; bit
++) {
420 ufc_long mask1
,comes_from
;
421 comes_from
= perm32
[esel
[bit
]-1]-1;
422 mask1
= bytemask
[comes_from
% 8];
425 eperm32tab
[comes_from
/ 8][j
][bit
/ 24] |= BITMASK
[bit
% 24];
430 * Create an inverse matrix for esel telling
431 * where to plug out bits if undoing it
433 for(bit
=48; bit
--;) {
434 e_inverse
[esel
[bit
] - 1 ] = bit
;
435 e_inverse
[esel
[bit
] - 1 + 32] = bit
+ 48;
439 * create efp: the matrix used to
440 * undo the E expansion and effect final permutation
442 _ufc_clearmem((char*)efp
, (int)sizeof efp
);
443 for(bit
= 0; bit
< 64; bit
++) {
445 ufc_long word_value
, mask1
, mask2
;
446 int comes_from_f_bit
, comes_from_e_bit
;
447 int comes_from_word
, bit_within_word
;
449 /* See where bit i belongs in the two 32 bit long's */
450 o_long
= bit
/ 32; /* 0..1 */
451 o_bit
= bit
% 32; /* 0..31 */
454 * And find a bit in the e permutated value setting this bit.
456 * Note: the e selection may have selected the same bit several
457 * times. By the initialization of e_inverse, we only look
458 * for one specific instance.
460 comes_from_f_bit
= final_perm
[bit
] - 1; /* 0..63 */
461 comes_from_e_bit
= e_inverse
[comes_from_f_bit
]; /* 0..95 */
462 comes_from_word
= comes_from_e_bit
/ 6; /* 0..15 */
463 bit_within_word
= comes_from_e_bit
% 6; /* 0..5 */
465 mask1
= longmask
[bit_within_word
+ 26];
466 mask2
= longmask
[o_bit
];
468 for(word_value
= 64; word_value
--;) {
469 if(word_value
& mask1
)
470 efp
[comes_from_word
][word_value
][o_long
] |= mask2
;
473 atomic_write_barrier ();
474 small_tables_initialized
= 1;
475 #ifdef __GNU_LIBRARY__
477 __libc_lock_unlock(_ufc_tables_lock
);
480 atomic_read_barrier ();
483 * Create the sb tables:
485 * For each 12 bit segment of an 48 bit intermediate
486 * result, the sb table precomputes the two 4 bit
487 * values of the sbox lookups done with the two 6
488 * bit halves, shifts them to their proper place,
489 * sends them through perm32 and finally E expands
490 * them so that they are ready for the next
495 if (__data
->sb0
+ sizeof (__data
->sb0
) == __data
->sb1
496 && __data
->sb1
+ sizeof (__data
->sb1
) == __data
->sb2
497 && __data
->sb2
+ sizeof (__data
->sb2
) == __data
->sb3
)
498 _ufc_clearmem(__data
->sb0
,
499 (int)sizeof(__data
->sb0
)
500 + (int)sizeof(__data
->sb1
)
501 + (int)sizeof(__data
->sb2
)
502 + (int)sizeof(__data
->sb3
));
504 _ufc_clearmem(__data
->sb0
, (int)sizeof(__data
->sb0
));
505 _ufc_clearmem(__data
->sb1
, (int)sizeof(__data
->sb1
));
506 _ufc_clearmem(__data
->sb2
, (int)sizeof(__data
->sb2
));
507 _ufc_clearmem(__data
->sb3
, (int)sizeof(__data
->sb3
));
510 for(sg
= 0; sg
< 4; sg
++) {
514 for(j1
= 0; j1
< 64; j1
++) {
515 s1
= s_lookup(2 * sg
, j1
);
516 for(j2
= 0; j2
< 64; j2
++) {
517 ufc_long to_permute
, inx
;
519 s2
= s_lookup(2 * sg
+ 1, j2
);
520 to_permute
= (((ufc_long
)s1
<< 4) |
521 (ufc_long
)s2
) << (24 - 8 * (ufc_long
)sg
);
524 inx
= ((j1
<< 6) | j2
) << 1;
525 sb
[sg
][inx
] = eperm32tab
[0][(to_permute
>> 24) & 0xff][0];
526 sb
[sg
][inx
+1] = eperm32tab
[0][(to_permute
>> 24) & 0xff][1];
527 sb
[sg
][inx
] |= eperm32tab
[1][(to_permute
>> 16) & 0xff][0];
528 sb
[sg
][inx
+1] |= eperm32tab
[1][(to_permute
>> 16) & 0xff][1];
529 sb
[sg
][inx
] |= eperm32tab
[2][(to_permute
>> 8) & 0xff][0];
530 sb
[sg
][inx
+1] |= eperm32tab
[2][(to_permute
>> 8) & 0xff][1];
531 sb
[sg
][inx
] |= eperm32tab
[3][(to_permute
) & 0xff][0];
532 sb
[sg
][inx
+1] |= eperm32tab
[3][(to_permute
) & 0xff][1];
535 inx
= ((j1
<< 6) | j2
);
537 ((long64
)eperm32tab
[0][(to_permute
>> 24) & 0xff][0] << 32) |
538 (long64
)eperm32tab
[0][(to_permute
>> 24) & 0xff][1];
540 ((long64
)eperm32tab
[1][(to_permute
>> 16) & 0xff][0] << 32) |
541 (long64
)eperm32tab
[1][(to_permute
>> 16) & 0xff][1];
543 ((long64
)eperm32tab
[2][(to_permute
>> 8) & 0xff][0] << 32) |
544 (long64
)eperm32tab
[2][(to_permute
>> 8) & 0xff][1];
546 ((long64
)eperm32tab
[3][(to_permute
) & 0xff][0] << 32) |
547 (long64
)eperm32tab
[3][(to_permute
) & 0xff][1];
553 __data
->current_saltbits
= 0;
554 __data
->current_salt
[0] = 0;
555 __data
->current_salt
[1] = 0;
556 __data
->initialized
++;
562 __init_des_r(&_ufc_foobar
);
566 * Process the elements of the sb table permuting the
567 * bits swapped in the expansion by the current salt.
572 shuffle_sb(k
, saltbits
)
579 x
= (k
[0] ^ k
[1]) & (long32
)saltbits
;
588 shuffle_sb(k
, saltbits
)
595 x
= ((*k
>> 32) ^ *k
) & (long64
)saltbits
;
596 *k
++ ^= (x
<< 32) | x
;
602 * Setup the unit for a new salt
603 * Hopefully we'll not see a new salt in each crypt call.
607 _ufc_setup_salt_r(s
, __data
)
609 struct crypt_data
* __restrict __data
;
611 ufc_long i
, j
, saltbits
;
613 if(__data
->initialized
== 0)
614 __init_des_r(__data
);
616 if(s
[0] == __data
->current_salt
[0] && s
[1] == __data
->current_salt
[1])
618 __data
->current_salt
[0] = s
[0]; __data
->current_salt
[1] = s
[1];
621 * This is the only crypt change to DES:
622 * entries are swapped in the expansion table
623 * according to the bits set in the salt.
626 for(i
= 0; i
< 2; i
++) {
627 long c
=ascii_to_bin(s
[i
]);
628 for(j
= 0; j
< 6; j
++) {
630 saltbits
|= BITMASK
[6 * i
+ j
];
635 * Permute the sb table values
636 * to reflect the changed e
640 #define LONGG long32*
643 #define LONGG long64*
646 shuffle_sb((LONGG
)__data
->sb0
, __data
->current_saltbits
^ saltbits
);
647 shuffle_sb((LONGG
)__data
->sb1
, __data
->current_saltbits
^ saltbits
);
648 shuffle_sb((LONGG
)__data
->sb2
, __data
->current_saltbits
^ saltbits
);
649 shuffle_sb((LONGG
)__data
->sb3
, __data
->current_saltbits
^ saltbits
);
651 __data
->current_saltbits
= saltbits
;
655 _ufc_mk_keytab_r(key
, __data
)
657 struct crypt_data
* __restrict __data
;
659 ufc_long v1
, v2
, *k1
;
663 k2
= (long32
*)__data
->keysched
;
667 k2
= (long64
*)__data
->keysched
;
670 v1
= v2
= 0; k1
= &do_pc1
[0][0][0];
672 v1
|= k1
[*key
& 0x7f]; k1
+= 128;
673 v2
|= k1
[*key
++ & 0x7f]; k1
+= 128;
676 for(i
= 0; i
< 16; i
++) {
679 v1
= (v1
<< rots
[i
]) | (v1
>> (28 - rots
[i
]));
680 v
= k1
[(v1
>> 21) & 0x7f]; k1
+= 128;
681 v
|= k1
[(v1
>> 14) & 0x7f]; k1
+= 128;
682 v
|= k1
[(v1
>> 7) & 0x7f]; k1
+= 128;
683 v
|= k1
[(v1
) & 0x7f]; k1
+= 128;
686 *k2
++ = (v
| 0x00008000);
693 v2
= (v2
<< rots
[i
]) | (v2
>> (28 - rots
[i
]));
694 v
|= k1
[(v2
>> 21) & 0x7f]; k1
+= 128;
695 v
|= k1
[(v2
>> 14) & 0x7f]; k1
+= 128;
696 v
|= k1
[(v2
>> 7) & 0x7f]; k1
+= 128;
697 v
|= k1
[(v2
) & 0x7f];
700 *k2
++ = (v
| 0x00008000);
703 *k2
++ = v
| 0x0000800000008000l
;
707 __data
->direction
= 0;
711 * Undo an extra E selection and do final permutations
715 _ufc_dofinalperm_r(res
, __data
)
717 struct crypt_data
* __restrict __data
;
720 ufc_long l1
,l2
,r1
,r2
;
722 l1
= res
[0]; l2
= res
[1];
723 r1
= res
[2]; r2
= res
[3];
725 x
= (l1
^ l2
) & __data
->current_saltbits
; l1
^= x
; l2
^= x
;
726 x
= (r1
^ r2
) & __data
->current_saltbits
; r1
^= x
; r2
^= x
;
728 v1
=v2
=0; l1
>>= 3; l2
>>= 3; r1
>>= 3; r2
>>= 3;
730 v1
|= efp
[15][ r2
& 0x3f][0]; v2
|= efp
[15][ r2
& 0x3f][1];
731 v1
|= efp
[14][(r2
>>= 6) & 0x3f][0]; v2
|= efp
[14][ r2
& 0x3f][1];
732 v1
|= efp
[13][(r2
>>= 10) & 0x3f][0]; v2
|= efp
[13][ r2
& 0x3f][1];
733 v1
|= efp
[12][(r2
>>= 6) & 0x3f][0]; v2
|= efp
[12][ r2
& 0x3f][1];
735 v1
|= efp
[11][ r1
& 0x3f][0]; v2
|= efp
[11][ r1
& 0x3f][1];
736 v1
|= efp
[10][(r1
>>= 6) & 0x3f][0]; v2
|= efp
[10][ r1
& 0x3f][1];
737 v1
|= efp
[ 9][(r1
>>= 10) & 0x3f][0]; v2
|= efp
[ 9][ r1
& 0x3f][1];
738 v1
|= efp
[ 8][(r1
>>= 6) & 0x3f][0]; v2
|= efp
[ 8][ r1
& 0x3f][1];
740 v1
|= efp
[ 7][ l2
& 0x3f][0]; v2
|= efp
[ 7][ l2
& 0x3f][1];
741 v1
|= efp
[ 6][(l2
>>= 6) & 0x3f][0]; v2
|= efp
[ 6][ l2
& 0x3f][1];
742 v1
|= efp
[ 5][(l2
>>= 10) & 0x3f][0]; v2
|= efp
[ 5][ l2
& 0x3f][1];
743 v1
|= efp
[ 4][(l2
>>= 6) & 0x3f][0]; v2
|= efp
[ 4][ l2
& 0x3f][1];
745 v1
|= efp
[ 3][ l1
& 0x3f][0]; v2
|= efp
[ 3][ l1
& 0x3f][1];
746 v1
|= efp
[ 2][(l1
>>= 6) & 0x3f][0]; v2
|= efp
[ 2][ l1
& 0x3f][1];
747 v1
|= efp
[ 1][(l1
>>= 10) & 0x3f][0]; v2
|= efp
[ 1][ l1
& 0x3f][1];
748 v1
|= efp
[ 0][(l1
>>= 6) & 0x3f][0]; v2
|= efp
[ 0][ l1
& 0x3f][1];
750 res
[0] = v1
; res
[1] = v2
;
754 * crypt only: convert from 64 bit to 11 bit ASCII
755 * prefixing with the salt
759 _ufc_output_conversion_r(v1
, v2
, salt
, __data
)
762 struct crypt_data
* __restrict __data
;
766 __data
->crypt_3_buf
[0] = salt
[0];
767 __data
->crypt_3_buf
[1] = salt
[1] ? salt
[1] : salt
[0];
769 for(i
= 0; i
< 5; i
++) {
770 shf
= (26 - 6 * i
); /* to cope with MSC compiler bug */
771 __data
->crypt_3_buf
[i
+ 2] = bin_to_ascii((v1
>> shf
) & 0x3f);
775 v2
= (v2
>> 2) | ((v1
& 0x3) << 30);
777 for(i
= 5; i
< 10; i
++) {
779 __data
->crypt_3_buf
[i
+ 2] = bin_to_ascii((v2
>> shf
) & 0x3f);
782 __data
->crypt_3_buf
[12] = bin_to_ascii(s
);
783 __data
->crypt_3_buf
[13] = 0;
788 * UNIX encrypt function. Takes a bitvector
789 * represented by one byte per bit and
790 * encrypt/decrypt according to edflag
794 __encrypt_r(__block
, __edflag
, __data
)
797 struct crypt_data
* __restrict __data
;
799 ufc_long l1
, l2
, r1
, r2
, res
[4];
803 kt
= (long32
*)__data
->keysched
;
807 kt
= (long64
*)__data
->keysched
;
811 * Undo any salt changes to E expansion
813 _ufc_setup_salt_r("..", __data
);
816 * Reverse key table if
817 * changing operation (encrypt/decrypt)
819 if((__edflag
== 0) != (__data
->direction
== 0)) {
820 for(i
= 0; i
< 8; i
++) {
824 kt
[2 * (15-i
)] = kt
[2 * i
];
827 x
= kt
[2 * (15-i
) + 1];
828 kt
[2 * (15-i
) + 1] = kt
[2 * i
+ 1];
838 __data
->direction
= __edflag
;
842 * Do initial permutation + E expansion
845 for(l1
= 0; i
< 24; i
++) {
846 if(__block
[initial_perm
[esel
[i
]-1]-1])
849 for(l2
= 0; i
< 48; i
++) {
850 if(__block
[initial_perm
[esel
[i
]-1]-1])
855 for(r1
= 0; i
< 24; i
++) {
856 if(__block
[initial_perm
[esel
[i
]-1+32]-1])
859 for(r2
= 0; i
< 48; i
++) {
860 if(__block
[initial_perm
[esel
[i
]-1+32]-1])
865 * Do DES inner loops + final conversion
867 res
[0] = l1
; res
[1] = l2
;
868 res
[2] = r1
; res
[3] = r2
;
869 _ufc_doit_r((ufc_long
)1, __data
, &res
[0]);
872 * Do final permutations
874 _ufc_dofinalperm_r(res
, __data
);
877 * And convert to bit array
879 l1
= res
[0]; r1
= res
[1];
880 for(i
= 0; i
< 32; i
++) {
881 *__block
++ = (l1
& longmask
[i
]) != 0;
883 for(i
= 0; i
< 32; i
++) {
884 *__block
++ = (r1
& longmask
[i
]) != 0;
887 weak_alias (__encrypt_r
, encrypt_r
)
890 encrypt(__block
, __edflag
)
894 __encrypt_r(__block
, __edflag
, &_ufc_foobar
);
899 * UNIX setkey function. Take a 64 bit DES
900 * key and setup the machinery.
904 __setkey_r(__key
, __data
)
906 struct crypt_data
* __restrict __data
;
910 unsigned char ktab
[8];
912 _ufc_setup_salt_r("..", __data
); /* be sure we're initialized */
914 for(i
= 0; i
< 8; i
++) {
915 for(j
= 0, c
= 0; j
< 8; j
++)
916 c
= c
<< 1 | *__key
++;
919 _ufc_mk_keytab_r((char *) ktab
, __data
);
921 weak_alias (__setkey_r
, setkey_r
)
927 __setkey_r(__key
, &_ufc_foobar
);