2 * UFC-crypt: ultra fast crypt(3) implementation
4 * Copyright (C) 1991-1993,1996-1998,2000,2010,2011,2012
5 * Free Software Foundation, Inc.
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; see the file COPYING.LIB. If not,
19 * write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
20 * Boston, MA 02111-1307, USA.
22 * @(#)crypt_util.c 2.56 12/20/96
39 #include "ufc-crypt.h"
42 * Thanks to greg%wind@plains.NoDak.edu (Greg W. Wettstein)
49 #include "crypt-private.h"
51 /* Prototypes for local functions. */
52 #ifndef __GNU_LIBRARY__
53 void _ufc_clearmem (char *start
, int cnt
);
54 void _ufc_copymem (char *from
, char *to
, int cnt
);
57 STATIC
void shuffle_sb (long32
*k
, ufc_long saltbits
);
59 STATIC
void shuffle_sb (long64
*k
, ufc_long saltbits
);
64 * Permutation done once on the 56 bit
65 * key derived from the original 8 byte ASCII key.
67 static const int pc1
[56] = {
68 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
69 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
70 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
71 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
75 * How much to rotate each 28 bit half of the pc1 permutated
76 * 56 bit key before using pc2 to give the i' key
78 static const int rots
[16] = {
79 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
83 * Permutation giving the key
86 static const int pc2
[48] = {
87 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
88 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
89 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
90 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
94 * The E expansion table which selects
95 * bits from the 32 bit intermediate result.
97 static const int esel
[48] = {
98 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
99 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
100 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
101 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
105 * Permutation done on the
106 * result of sbox lookups
108 static const int perm32
[32] = {
109 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
110 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
116 static const int sbox
[8][4][16]= {
117 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
118 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
119 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
120 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }
123 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
124 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
125 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
126 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }
129 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
130 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
131 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
132 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }
135 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
136 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
137 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
138 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }
141 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
142 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
143 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
144 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }
147 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
148 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
149 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
150 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }
153 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
154 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
155 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
156 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }
159 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
160 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
161 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
162 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 }
167 * This is the initial
170 static const int initial_perm
[64] = {
171 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
172 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
173 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
174 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
181 static const int final_perm
[64] = {
182 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
183 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
184 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
185 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
188 #define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
189 #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
191 static const ufc_long BITMASK
[24] = {
192 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000,
193 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000,
194 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200,
195 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008
198 static const unsigned char bytemask
[8] = {
199 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
202 static const ufc_long longmask
[32] = {
203 0x80000000, 0x40000000, 0x20000000, 0x10000000,
204 0x08000000, 0x04000000, 0x02000000, 0x01000000,
205 0x00800000, 0x00400000, 0x00200000, 0x00100000,
206 0x00080000, 0x00040000, 0x00020000, 0x00010000,
207 0x00008000, 0x00004000, 0x00002000, 0x00001000,
208 0x00000800, 0x00000400, 0x00000200, 0x00000100,
209 0x00000080, 0x00000040, 0x00000020, 0x00000010,
210 0x00000008, 0x00000004, 0x00000002, 0x00000001
214 * do_pc1: permform pc1 permutation in the key schedule generation.
216 * The first index is the byte number in the 8 byte ASCII key
217 * - second - - the two 28 bits halfs of the result
218 * - third - selects the 7 bits actually used of each byte
220 * The result is kept with 28 bit per 32 bit with the 4 most significant
223 static ufc_long do_pc1
[8][2][128];
226 * do_pc2: permform pc2 permutation in the key schedule generation.
228 * The first index is the septet number in the two 28 bit intermediate values
229 * - second - - - septet values
231 * Knowledge of the structure of the pc2 permutation is used.
233 * The result is kept with 28 bit per 32 bit with the 4 most significant
236 static ufc_long do_pc2
[8][128];
239 * eperm32tab: do 32 bit permutation and E selection
241 * The first index is the byte number in the 32 bit value to be permuted
242 * - second - is the value of this byte
243 * - third - selects the two 32 bit values
245 * The table is used and generated internally in init_des to speed it up
247 static ufc_long eperm32tab
[4][256][2];
250 * efp: undo an extra e selection and do final
251 * permutation giving the DES result.
253 * Invoked 6 bit a time on two 48 bit values
254 * giving two 32 bit longs.
256 static ufc_long efp
[16][64][2];
259 * For use by the old, non-reentrant routines
260 * (crypt/encrypt/setkey)
262 struct crypt_data _ufc_foobar
;
264 #ifdef __GNU_LIBRARY__
265 #include <bits/libc-lock.h>
267 __libc_lock_define_initialized (static, _ufc_tables_lock
)
277 ufc_long i
, j
, t
, tmp
;
279 for(i
= 0; i
< n
; i
++) {
281 for(j
= 0; j
< 8; j
++) {
283 tmp
|=(a
[t
/24] & BITMASK
[t
% 24])?bytemask
[j
]:0;
285 (void)printf("%02x ",tmp
);
297 for(i
= 0; i
< 24; i
++) {
298 if(v
& longmask
[8 + i
])
305 #ifndef __GNU_LIBRARY__
307 * Silly rewrites of 'bzero'/'memset'. I do so
308 * because some machines don't have
309 * bzero and some don't have memset.
313 _ufc_clearmem(start
, cnt
)
322 _ufc_copymem(from
, to
, cnt
)
330 #define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
331 #define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt)
334 /* lookup a 6 bit value in sbox */
336 #define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
339 * Initialize unit - may be invoked directly
345 struct crypt_data
* __restrict __data
;
350 ufc_long mask1
, mask2
;
352 static volatile int small_tables_initialized
= 0;
356 sb
[0] = (long32
*)__data
->sb0
; sb
[1] = (long32
*)__data
->sb1
;
357 sb
[2] = (long32
*)__data
->sb2
; sb
[3] = (long32
*)__data
->sb3
;
361 sb
[0] = (long64
*)__data
->sb0
; sb
[1] = (long64
*)__data
->sb1
;
362 sb
[2] = (long64
*)__data
->sb2
; sb
[3] = (long64
*)__data
->sb3
;
365 if(small_tables_initialized
== 0) {
366 #ifdef __GNU_LIBRARY__
367 __libc_lock_lock (_ufc_tables_lock
);
368 if(small_tables_initialized
)
369 goto small_tables_done
;
373 * Create the do_pc1 table used
374 * to affect pc1 permutation
375 * when generating keys
377 _ufc_clearmem((char*)do_pc1
, (int)sizeof(do_pc1
));
378 for(bit
= 0; bit
< 56; bit
++) {
379 comes_from_bit
= pc1
[bit
] - 1;
380 mask1
= bytemask
[comes_from_bit
% 8 + 1];
381 mask2
= longmask
[bit
% 28 + 4];
382 for(j
= 0; j
< 128; j
++) {
384 do_pc1
[comes_from_bit
/ 8][bit
/ 28][j
] |= mask2
;
389 * Create the do_pc2 table used
390 * to affect pc2 permutation when
393 _ufc_clearmem((char*)do_pc2
, (int)sizeof(do_pc2
));
394 for(bit
= 0; bit
< 48; bit
++) {
395 comes_from_bit
= pc2
[bit
] - 1;
396 mask1
= bytemask
[comes_from_bit
% 7 + 1];
397 mask2
= BITMASK
[bit
% 24];
398 for(j
= 0; j
< 128; j
++) {
400 do_pc2
[comes_from_bit
/ 7][j
] |= mask2
;
405 * Now generate the table used to do combined
406 * 32 bit permutation and e expansion
408 * We use it because we have to permute 16384 32 bit
409 * longs into 48 bit in order to initialize sb.
411 * Looping 48 rounds per permutation becomes
416 _ufc_clearmem((char*)eperm32tab
, (int)sizeof(eperm32tab
));
417 for(bit
= 0; bit
< 48; bit
++) {
418 ufc_long mask1
,comes_from
;
419 comes_from
= perm32
[esel
[bit
]-1]-1;
420 mask1
= bytemask
[comes_from
% 8];
423 eperm32tab
[comes_from
/ 8][j
][bit
/ 24] |= BITMASK
[bit
% 24];
428 * Create an inverse matrix for esel telling
429 * where to plug out bits if undoing it
431 for(bit
=48; bit
--;) {
432 e_inverse
[esel
[bit
] - 1 ] = bit
;
433 e_inverse
[esel
[bit
] - 1 + 32] = bit
+ 48;
437 * create efp: the matrix used to
438 * undo the E expansion and effect final permutation
440 _ufc_clearmem((char*)efp
, (int)sizeof efp
);
441 for(bit
= 0; bit
< 64; bit
++) {
443 ufc_long word_value
, mask1
, mask2
;
444 int comes_from_f_bit
, comes_from_e_bit
;
445 int comes_from_word
, bit_within_word
;
447 /* See where bit i belongs in the two 32 bit long's */
448 o_long
= bit
/ 32; /* 0..1 */
449 o_bit
= bit
% 32; /* 0..31 */
452 * And find a bit in the e permutated value setting this bit.
454 * Note: the e selection may have selected the same bit several
455 * times. By the initialization of e_inverse, we only look
456 * for one specific instance.
458 comes_from_f_bit
= final_perm
[bit
] - 1; /* 0..63 */
459 comes_from_e_bit
= e_inverse
[comes_from_f_bit
]; /* 0..95 */
460 comes_from_word
= comes_from_e_bit
/ 6; /* 0..15 */
461 bit_within_word
= comes_from_e_bit
% 6; /* 0..5 */
463 mask1
= longmask
[bit_within_word
+ 26];
464 mask2
= longmask
[o_bit
];
466 for(word_value
= 64; word_value
--;) {
467 if(word_value
& mask1
)
468 efp
[comes_from_word
][word_value
][o_long
] |= mask2
;
471 atomic_write_barrier ();
472 small_tables_initialized
= 1;
473 #ifdef __GNU_LIBRARY__
475 __libc_lock_unlock(_ufc_tables_lock
);
478 atomic_read_barrier ();
481 * Create the sb tables:
483 * For each 12 bit segment of an 48 bit intermediate
484 * result, the sb table precomputes the two 4 bit
485 * values of the sbox lookups done with the two 6
486 * bit halves, shifts them to their proper place,
487 * sends them through perm32 and finally E expands
488 * them so that they are ready for the next
493 if (__data
->sb0
+ sizeof (__data
->sb0
) == __data
->sb1
494 && __data
->sb1
+ sizeof (__data
->sb1
) == __data
->sb2
495 && __data
->sb2
+ sizeof (__data
->sb2
) == __data
->sb3
)
496 _ufc_clearmem(__data
->sb0
,
497 (int)sizeof(__data
->sb0
)
498 + (int)sizeof(__data
->sb1
)
499 + (int)sizeof(__data
->sb2
)
500 + (int)sizeof(__data
->sb3
));
502 _ufc_clearmem(__data
->sb0
, (int)sizeof(__data
->sb0
));
503 _ufc_clearmem(__data
->sb1
, (int)sizeof(__data
->sb1
));
504 _ufc_clearmem(__data
->sb2
, (int)sizeof(__data
->sb2
));
505 _ufc_clearmem(__data
->sb3
, (int)sizeof(__data
->sb3
));
508 for(sg
= 0; sg
< 4; sg
++) {
512 for(j1
= 0; j1
< 64; j1
++) {
513 s1
= s_lookup(2 * sg
, j1
);
514 for(j2
= 0; j2
< 64; j2
++) {
515 ufc_long to_permute
, inx
;
517 s2
= s_lookup(2 * sg
+ 1, j2
);
518 to_permute
= (((ufc_long
)s1
<< 4) |
519 (ufc_long
)s2
) << (24 - 8 * (ufc_long
)sg
);
522 inx
= ((j1
<< 6) | j2
) << 1;
523 sb
[sg
][inx
] = eperm32tab
[0][(to_permute
>> 24) & 0xff][0];
524 sb
[sg
][inx
+1] = eperm32tab
[0][(to_permute
>> 24) & 0xff][1];
525 sb
[sg
][inx
] |= eperm32tab
[1][(to_permute
>> 16) & 0xff][0];
526 sb
[sg
][inx
+1] |= eperm32tab
[1][(to_permute
>> 16) & 0xff][1];
527 sb
[sg
][inx
] |= eperm32tab
[2][(to_permute
>> 8) & 0xff][0];
528 sb
[sg
][inx
+1] |= eperm32tab
[2][(to_permute
>> 8) & 0xff][1];
529 sb
[sg
][inx
] |= eperm32tab
[3][(to_permute
) & 0xff][0];
530 sb
[sg
][inx
+1] |= eperm32tab
[3][(to_permute
) & 0xff][1];
533 inx
= ((j1
<< 6) | j2
);
535 ((long64
)eperm32tab
[0][(to_permute
>> 24) & 0xff][0] << 32) |
536 (long64
)eperm32tab
[0][(to_permute
>> 24) & 0xff][1];
538 ((long64
)eperm32tab
[1][(to_permute
>> 16) & 0xff][0] << 32) |
539 (long64
)eperm32tab
[1][(to_permute
>> 16) & 0xff][1];
541 ((long64
)eperm32tab
[2][(to_permute
>> 8) & 0xff][0] << 32) |
542 (long64
)eperm32tab
[2][(to_permute
>> 8) & 0xff][1];
544 ((long64
)eperm32tab
[3][(to_permute
) & 0xff][0] << 32) |
545 (long64
)eperm32tab
[3][(to_permute
) & 0xff][1];
551 __data
->current_saltbits
= 0;
552 __data
->current_salt
[0] = 0;
553 __data
->current_salt
[1] = 0;
554 __data
->initialized
++;
560 __init_des_r(&_ufc_foobar
);
564 * Process the elements of the sb table permuting the
565 * bits swapped in the expansion by the current salt.
570 shuffle_sb(k
, saltbits
)
577 x
= (k
[0] ^ k
[1]) & (long32
)saltbits
;
586 shuffle_sb(k
, saltbits
)
593 x
= ((*k
>> 32) ^ *k
) & (long64
)saltbits
;
594 *k
++ ^= (x
<< 32) | x
;
600 * Setup the unit for a new salt
601 * Hopefully we'll not see a new salt in each crypt call.
605 _ufc_setup_salt_r(s
, __data
)
607 struct crypt_data
* __restrict __data
;
609 ufc_long i
, j
, saltbits
;
611 if(__data
->initialized
== 0)
612 __init_des_r(__data
);
614 if(s
[0] == __data
->current_salt
[0] && s
[1] == __data
->current_salt
[1])
616 __data
->current_salt
[0] = s
[0]; __data
->current_salt
[1] = s
[1];
619 * This is the only crypt change to DES:
620 * entries are swapped in the expansion table
621 * according to the bits set in the salt.
624 for(i
= 0; i
< 2; i
++) {
625 long c
=ascii_to_bin(s
[i
]);
626 for(j
= 0; j
< 6; j
++) {
628 saltbits
|= BITMASK
[6 * i
+ j
];
633 * Permute the sb table values
634 * to reflect the changed e
638 #define LONGG long32*
641 #define LONGG long64*
644 shuffle_sb((LONGG
)__data
->sb0
, __data
->current_saltbits
^ saltbits
);
645 shuffle_sb((LONGG
)__data
->sb1
, __data
->current_saltbits
^ saltbits
);
646 shuffle_sb((LONGG
)__data
->sb2
, __data
->current_saltbits
^ saltbits
);
647 shuffle_sb((LONGG
)__data
->sb3
, __data
->current_saltbits
^ saltbits
);
649 __data
->current_saltbits
= saltbits
;
653 _ufc_mk_keytab_r(key
, __data
)
655 struct crypt_data
* __restrict __data
;
657 ufc_long v1
, v2
, *k1
;
661 k2
= (long32
*)__data
->keysched
;
665 k2
= (long64
*)__data
->keysched
;
668 v1
= v2
= 0; k1
= &do_pc1
[0][0][0];
670 v1
|= k1
[*key
& 0x7f]; k1
+= 128;
671 v2
|= k1
[*key
++ & 0x7f]; k1
+= 128;
674 for(i
= 0; i
< 16; i
++) {
677 v1
= (v1
<< rots
[i
]) | (v1
>> (28 - rots
[i
]));
678 v
= k1
[(v1
>> 21) & 0x7f]; k1
+= 128;
679 v
|= k1
[(v1
>> 14) & 0x7f]; k1
+= 128;
680 v
|= k1
[(v1
>> 7) & 0x7f]; k1
+= 128;
681 v
|= k1
[(v1
) & 0x7f]; k1
+= 128;
684 *k2
++ = (v
| 0x00008000);
691 v2
= (v2
<< rots
[i
]) | (v2
>> (28 - rots
[i
]));
692 v
|= k1
[(v2
>> 21) & 0x7f]; k1
+= 128;
693 v
|= k1
[(v2
>> 14) & 0x7f]; k1
+= 128;
694 v
|= k1
[(v2
>> 7) & 0x7f]; k1
+= 128;
695 v
|= k1
[(v2
) & 0x7f];
698 *k2
++ = (v
| 0x00008000);
701 *k2
++ = v
| 0x0000800000008000l
;
705 __data
->direction
= 0;
709 * Undo an extra E selection and do final permutations
713 _ufc_dofinalperm_r(res
, __data
)
715 struct crypt_data
* __restrict __data
;
718 ufc_long l1
,l2
,r1
,r2
;
720 l1
= res
[0]; l2
= res
[1];
721 r1
= res
[2]; r2
= res
[3];
723 x
= (l1
^ l2
) & __data
->current_saltbits
; l1
^= x
; l2
^= x
;
724 x
= (r1
^ r2
) & __data
->current_saltbits
; r1
^= x
; r2
^= x
;
726 v1
=v2
=0; l1
>>= 3; l2
>>= 3; r1
>>= 3; r2
>>= 3;
728 v1
|= efp
[15][ r2
& 0x3f][0]; v2
|= efp
[15][ r2
& 0x3f][1];
729 v1
|= efp
[14][(r2
>>= 6) & 0x3f][0]; v2
|= efp
[14][ r2
& 0x3f][1];
730 v1
|= efp
[13][(r2
>>= 10) & 0x3f][0]; v2
|= efp
[13][ r2
& 0x3f][1];
731 v1
|= efp
[12][(r2
>>= 6) & 0x3f][0]; v2
|= efp
[12][ r2
& 0x3f][1];
733 v1
|= efp
[11][ r1
& 0x3f][0]; v2
|= efp
[11][ r1
& 0x3f][1];
734 v1
|= efp
[10][(r1
>>= 6) & 0x3f][0]; v2
|= efp
[10][ r1
& 0x3f][1];
735 v1
|= efp
[ 9][(r1
>>= 10) & 0x3f][0]; v2
|= efp
[ 9][ r1
& 0x3f][1];
736 v1
|= efp
[ 8][(r1
>>= 6) & 0x3f][0]; v2
|= efp
[ 8][ r1
& 0x3f][1];
738 v1
|= efp
[ 7][ l2
& 0x3f][0]; v2
|= efp
[ 7][ l2
& 0x3f][1];
739 v1
|= efp
[ 6][(l2
>>= 6) & 0x3f][0]; v2
|= efp
[ 6][ l2
& 0x3f][1];
740 v1
|= efp
[ 5][(l2
>>= 10) & 0x3f][0]; v2
|= efp
[ 5][ l2
& 0x3f][1];
741 v1
|= efp
[ 4][(l2
>>= 6) & 0x3f][0]; v2
|= efp
[ 4][ l2
& 0x3f][1];
743 v1
|= efp
[ 3][ l1
& 0x3f][0]; v2
|= efp
[ 3][ l1
& 0x3f][1];
744 v1
|= efp
[ 2][(l1
>>= 6) & 0x3f][0]; v2
|= efp
[ 2][ l1
& 0x3f][1];
745 v1
|= efp
[ 1][(l1
>>= 10) & 0x3f][0]; v2
|= efp
[ 1][ l1
& 0x3f][1];
746 v1
|= efp
[ 0][(l1
>>= 6) & 0x3f][0]; v2
|= efp
[ 0][ l1
& 0x3f][1];
748 res
[0] = v1
; res
[1] = v2
;
752 * crypt only: convert from 64 bit to 11 bit ASCII
753 * prefixing with the salt
757 _ufc_output_conversion_r(v1
, v2
, salt
, __data
)
760 struct crypt_data
* __restrict __data
;
764 __data
->crypt_3_buf
[0] = salt
[0];
765 __data
->crypt_3_buf
[1] = salt
[1] ? salt
[1] : salt
[0];
767 for(i
= 0; i
< 5; i
++) {
768 shf
= (26 - 6 * i
); /* to cope with MSC compiler bug */
769 __data
->crypt_3_buf
[i
+ 2] = bin_to_ascii((v1
>> shf
) & 0x3f);
773 v2
= (v2
>> 2) | ((v1
& 0x3) << 30);
775 for(i
= 5; i
< 10; i
++) {
777 __data
->crypt_3_buf
[i
+ 2] = bin_to_ascii((v2
>> shf
) & 0x3f);
780 __data
->crypt_3_buf
[12] = bin_to_ascii(s
);
781 __data
->crypt_3_buf
[13] = 0;
786 * UNIX encrypt function. Takes a bitvector
787 * represented by one byte per bit and
788 * encrypt/decrypt according to edflag
792 __encrypt_r(__block
, __edflag
, __data
)
795 struct crypt_data
* __restrict __data
;
797 ufc_long l1
, l2
, r1
, r2
, res
[4];
801 kt
= (long32
*)__data
->keysched
;
805 kt
= (long64
*)__data
->keysched
;
809 * Undo any salt changes to E expansion
811 _ufc_setup_salt_r("..", __data
);
814 * Reverse key table if
815 * changing operation (encrypt/decrypt)
817 if((__edflag
== 0) != (__data
->direction
== 0)) {
818 for(i
= 0; i
< 8; i
++) {
822 kt
[2 * (15-i
)] = kt
[2 * i
];
825 x
= kt
[2 * (15-i
) + 1];
826 kt
[2 * (15-i
) + 1] = kt
[2 * i
+ 1];
836 __data
->direction
= __edflag
;
840 * Do initial permutation + E expansion
843 for(l1
= 0; i
< 24; i
++) {
844 if(__block
[initial_perm
[esel
[i
]-1]-1])
847 for(l2
= 0; i
< 48; i
++) {
848 if(__block
[initial_perm
[esel
[i
]-1]-1])
853 for(r1
= 0; i
< 24; i
++) {
854 if(__block
[initial_perm
[esel
[i
]-1+32]-1])
857 for(r2
= 0; i
< 48; i
++) {
858 if(__block
[initial_perm
[esel
[i
]-1+32]-1])
863 * Do DES inner loops + final conversion
865 res
[0] = l1
; res
[1] = l2
;
866 res
[2] = r1
; res
[3] = r2
;
867 _ufc_doit_r((ufc_long
)1, __data
, &res
[0]);
870 * Do final permutations
872 _ufc_dofinalperm_r(res
, __data
);
875 * And convert to bit array
877 l1
= res
[0]; r1
= res
[1];
878 for(i
= 0; i
< 32; i
++) {
879 *__block
++ = (l1
& longmask
[i
]) != 0;
881 for(i
= 0; i
< 32; i
++) {
882 *__block
++ = (r1
& longmask
[i
]) != 0;
885 weak_alias (__encrypt_r
, encrypt_r
)
888 encrypt(__block
, __edflag
)
892 __encrypt_r(__block
, __edflag
, &_ufc_foobar
);
897 * UNIX setkey function. Take a 64 bit DES
898 * key and setup the machinery.
902 __setkey_r(__key
, __data
)
904 struct crypt_data
* __restrict __data
;
908 unsigned char ktab
[8];
910 _ufc_setup_salt_r("..", __data
); /* be sure we're initialized */
912 for(i
= 0; i
< 8; i
++) {
913 for(j
= 0, c
= 0; j
< 8; j
++)
914 c
= c
<< 1 | *__key
++;
917 _ufc_mk_keytab_r((char *) ktab
, __data
);
919 weak_alias (__setkey_r
, setkey_r
)
925 __setkey_r(__key
, &_ufc_foobar
);