search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Only skip pages marked as clean in the visibility map, if the last 32
[PostgreSQL.git] / contrib / pgcrypto / crypt-des.c
blob80f32c21d416cd8334df1e7c9d6be84b100e1478
1 /*
2 * FreeSec: libcrypt for NetBSD
3 *
4 * $PostgreSQL$
5 *
6 * Copyright (c) 1994 David Burren
7 * All rights reserved.
8 *
9 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
10 * this file should now *only* export crypt(), in order to make
11 * binaries of libcrypt exportable from the USA
12 *
13 * Adapted for FreeBSD-4.0 by Mark R V Murray
14 * this file should now *only* export crypt_des(), in order to make
15 * a module that can be optionally included in libcrypt.
16 *
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
19 * are met:
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
25 * 3. Neither the name of the author nor the names of other contributors
26 * may be used to endorse or promote products derived from this software
27 * without specific prior written permission.
28 *
29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * SUCH DAMAGE.
40 *
41 * $FreeBSD$
42 *
43 * This is an original implementation of the DES and the crypt(3) interfaces
44 * by David Burren <davidb@werj.com.au>.
45 *
46 * An excellent reference on the underlying algorithm (and related
47 * algorithms) is:
48 *
49 * B. Schneier, Applied Cryptography: protocols, algorithms,
50 * and source code in C, John Wiley & Sons, 1994.
51 *
52 * Note that in that book's description of DES the lookups for the initial,
53 * pbox, and final permutations are inverted (this has been brought to the
54 * attention of the author). A list of errata for this book has been
55 * posted to the sci.crypt newsgroup by the author and is available for FTP.
56 *
57 * ARCHITECTURE ASSUMPTIONS:
58 * It is assumed that the 8-byte arrays passed by reference can be
59 * addressed as arrays of uint32's (ie. the CPU is not picky about
60 * alignment).
61 */
62
63 #include "postgres.h"
64
65 #include "px.h"
66 #include "px-crypt.h"
67
68 /* for ntohl/htonl */
69 #include <netinet/in.h>
70 #include <arpa/inet.h>
71
72 #define _PASSWORD_EFMT1 '_'
73
74 static const char _crypt_a64[] =
75 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
76
77 static uint8 IP[64] = {
78 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
79 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
80 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
81 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
82 };
83
84 static uint8 inv_key_perm[64];
85 static uint8 u_key_perm[56];
86 static uint8 key_perm[56] = {
87 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
88 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
89 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
90 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
91 };
92
93 static uint8 key_shifts[16] = {
94 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
95 };
96
97 static uint8 inv_comp_perm[56];
98 static uint8 comp_perm[48] = {
99 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
100 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
101 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
102 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
103 };
104
105 /*
106 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
107 */
108
109 static uint8 u_sbox[8][64];
110 static uint8 sbox[8][64] = {
111 {
112 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
113 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
114 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
115 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
116 },
117 {
118 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
119 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
120 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
121 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
122 },
123 {
124 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
125 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
126 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
127 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
128 },
129 {
130 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
131 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
132 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
133 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
134 },
135 {
136 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
137 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
138 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
139 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
140 },
141 {
142 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
143 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
144 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
145 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
146 },
147 {
148 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
149 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
150 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
151 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
152 },
153 {
154 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
155 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
156 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
157 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
158 }
159 };
160
161 static uint8 un_pbox[32];
162 static uint8 pbox[32] = {
163 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
164 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
165 };
166
167 static uint32 _crypt_bits32[32] =
168 {
169 0x80000000, 0x40000000, 0x20000000, 0x10000000,
170 0x08000000, 0x04000000, 0x02000000, 0x01000000,
171 0x00800000, 0x00400000, 0x00200000, 0x00100000,
172 0x00080000, 0x00040000, 0x00020000, 0x00010000,
173 0x00008000, 0x00004000, 0x00002000, 0x00001000,
174 0x00000800, 0x00000400, 0x00000200, 0x00000100,
175 0x00000080, 0x00000040, 0x00000020, 0x00000010,
176 0x00000008, 0x00000004, 0x00000002, 0x00000001
177 };
178
179 static uint8 _crypt_bits8[8] = {0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01};
180
181 static uint32 saltbits;
182 static long old_salt;
183 static uint32 *bits28,
184 *bits24;
185 static uint8 init_perm[64],
186 final_perm[64];
187 static uint32 en_keysl[16],
188 en_keysr[16];
189 static uint32 de_keysl[16],
190 de_keysr[16];
191 static int des_initialised = 0;
192 static uint8 m_sbox[4][4096];
193 static uint32 psbox[4][256];
194 static uint32 ip_maskl[8][256],
195 ip_maskr[8][256];
196 static uint32 fp_maskl[8][256],
197 fp_maskr[8][256];
198 static uint32 key_perm_maskl[8][128],
199 key_perm_maskr[8][128];
200 static uint32 comp_maskl[8][128],
201 comp_maskr[8][128];
202 static uint32 old_rawkey0,
203 old_rawkey1;
204
205 static inline int
206 ascii_to_bin(char ch)
207 {
208 if (ch > 'z')
209 return (0);
210 if (ch >= 'a')
211 return (ch - 'a' + 38);
212 if (ch > 'Z')
213 return (0);
214 if (ch >= 'A')
215 return (ch - 'A' + 12);
216 if (ch > '9')
217 return (0);
218 if (ch >= '.')
219 return (ch - '.');
220 return (0);
221 }
222
223 static void
224 des_init(void)
225 {
226 int i,
227 j,
228 b,
229 k,
230 inbit,
231 obit;
232 uint32 *p,
233 *il,
234 *ir,
235 *fl,
236 *fr;
237
238 old_rawkey0 = old_rawkey1 = 0L;
239 saltbits = 0L;
240 old_salt = 0L;
241 bits24 = (bits28 = _crypt_bits32 + 4) + 4;
242
243 /*
244 * Invert the S-boxes, reordering the input bits.
245 */
246 for (i = 0; i < 8; i++)
247 for (j = 0; j < 64; j++)
248 {
249 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
250 u_sbox[i][j] = sbox[i][b];
251 }
252
253 /*
254 * Convert the inverted S-boxes into 4 arrays of 8 bits. Each will handle
255 * 12 bits of the S-box input.
256 */
257 for (b = 0; b < 4; b++)
258 for (i = 0; i < 64; i++)
259 for (j = 0; j < 64; j++)
260 m_sbox[b][(i << 6) | j] =
261 (u_sbox[(b << 1)][i] << 4) |
262 u_sbox[(b << 1) + 1][j];
263
264 /*
265 * Set up the initial & final permutations into a useful form, and
266 * initialise the inverted key permutation.
267 */
268 for (i = 0; i < 64; i++)
269 {
270 init_perm[final_perm[i] = IP[i] - 1] = i;
271 inv_key_perm[i] = 255;
272 }
273
274 /*
275 * Invert the key permutation and initialise the inverted key compression
276 * permutation.
277 */
278 for (i = 0; i < 56; i++)
279 {
280 u_key_perm[i] = key_perm[i] - 1;
281 inv_key_perm[key_perm[i] - 1] = i;
282 inv_comp_perm[i] = 255;
283 }
284
285 /*
286 * Invert the key compression permutation.
287 */
288 for (i = 0; i < 48; i++)
289 inv_comp_perm[comp_perm[i] - 1] = i;
290
291 /*
292 * Set up the OR-mask arrays for the initial and final permutations, and
293 * for the key initial and compression permutations.
294 */
295 for (k = 0; k < 8; k++)
296 {
297 for (i = 0; i < 256; i++)
298 {
299 *(il = &ip_maskl[k][i]) = 0L;
300 *(ir = &ip_maskr[k][i]) = 0L;
301 *(fl = &fp_maskl[k][i]) = 0L;
302 *(fr = &fp_maskr[k][i]) = 0L;
303 for (j = 0; j < 8; j++)
304 {
305 inbit = 8 * k + j;
306 if (i & _crypt_bits8[j])
307 {
308 if ((obit = init_perm[inbit]) < 32)
309 *il |= _crypt_bits32[obit];
310 else
311 *ir |= _crypt_bits32[obit - 32];
312 if ((obit = final_perm[inbit]) < 32)
313 *fl |= _crypt_bits32[obit];
314 else
315 *fr |= _crypt_bits32[obit - 32];
316 }
317 }
318 }
319 for (i = 0; i < 128; i++)
320 {
321 *(il = &key_perm_maskl[k][i]) = 0L;
322 *(ir = &key_perm_maskr[k][i]) = 0L;
323 for (j = 0; j < 7; j++)
324 {
325 inbit = 8 * k + j;
326 if (i & _crypt_bits8[j + 1])
327 {
328 if ((obit = inv_key_perm[inbit]) == 255)
329 continue;
330 if (obit < 28)
331 *il |= bits28[obit];
332 else
333 *ir |= bits28[obit - 28];
334 }
335 }
336 *(il = &comp_maskl[k][i]) = 0L;
337 *(ir = &comp_maskr[k][i]) = 0L;
338 for (j = 0; j < 7; j++)
339 {
340 inbit = 7 * k + j;
341 if (i & _crypt_bits8[j + 1])
342 {
343 if ((obit = inv_comp_perm[inbit]) == 255)
344 continue;
345 if (obit < 24)
346 *il |= bits24[obit];
347 else
348 *ir |= bits24[obit - 24];
349 }
350 }
351 }
352 }
353
354 /*
355 * Invert the P-box permutation, and convert into OR-masks for handling
356 * the output of the S-box arrays setup above.
357 */
358 for (i = 0; i < 32; i++)
359 un_pbox[pbox[i] - 1] = i;
360
361 for (b = 0; b < 4; b++)
362 for (i = 0; i < 256; i++)
363 {
364 *(p = &psbox[b][i]) = 0L;
365 for (j = 0; j < 8; j++)
366 {
367 if (i & _crypt_bits8[j])
368 *p |= _crypt_bits32[un_pbox[8 * b + j]];
369 }
370 }
371
372 des_initialised = 1;
373 }
374
375 static void
376 setup_salt(long salt)
377 {
378 uint32 obit,
379 saltbit;
380 int i;
381
382 if (salt == old_salt)
383 return;
384 old_salt = salt;
385
386 saltbits = 0L;
387 saltbit = 1;
388 obit = 0x800000;
389 for (i = 0; i < 24; i++)
390 {
391 if (salt & saltbit)
392 saltbits |= obit;
393 saltbit <<= 1;
394 obit >>= 1;
395 }
396 }
397
398 static int
399 des_setkey(const char *key)
400 {
401 uint32 k0,
402 k1,
403 rawkey0,
404 rawkey1;
405 int shifts,
406 round;
407
408 if (!des_initialised)
409 des_init();
410
411 rawkey0 = ntohl(*(uint32 *) key);
412 rawkey1 = ntohl(*(uint32 *) (key + 4));
413
414 if ((rawkey0 | rawkey1)
415 && rawkey0 == old_rawkey0
416 && rawkey1 == old_rawkey1)
417 {
418 /*
419 * Already setup for this key. This optimisation fails on a zero key
420 * (which is weak and has bad parity anyway) in order to simplify the
421 * starting conditions.
422 */
423 return (0);
424 }
425 old_rawkey0 = rawkey0;
426 old_rawkey1 = rawkey1;
427
428 /*
429 * Do key permutation and split into two 28-bit subkeys.
430 */
431 k0 = key_perm_maskl[0][rawkey0 >> 25]
432 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
433 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
434 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
435 | key_perm_maskl[4][rawkey1 >> 25]
436 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
437 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
438 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
439 k1 = key_perm_maskr[0][rawkey0 >> 25]
440 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
441 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
442 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
443 | key_perm_maskr[4][rawkey1 >> 25]
444 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
445 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
446 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
447
448 /*
449 * Rotate subkeys and do compression permutation.
450 */
451 shifts = 0;
452 for (round = 0; round < 16; round++)
453 {
454 uint32 t0,
455 t1;
456
457 shifts += key_shifts[round];
458
459 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
460 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
461
462 de_keysl[15 - round] =
463 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
464 | comp_maskl[1][(t0 >> 14) & 0x7f]
465 | comp_maskl[2][(t0 >> 7) & 0x7f]
466 | comp_maskl[3][t0 & 0x7f]
467 | comp_maskl[4][(t1 >> 21) & 0x7f]
468 | comp_maskl[5][(t1 >> 14) & 0x7f]
469 | comp_maskl[6][(t1 >> 7) & 0x7f]
470 | comp_maskl[7][t1 & 0x7f];
471
472 de_keysr[15 - round] =
473 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
474 | comp_maskr[1][(t0 >> 14) & 0x7f]
475 | comp_maskr[2][(t0 >> 7) & 0x7f]
476 | comp_maskr[3][t0 & 0x7f]
477 | comp_maskr[4][(t1 >> 21) & 0x7f]
478 | comp_maskr[5][(t1 >> 14) & 0x7f]
479 | comp_maskr[6][(t1 >> 7) & 0x7f]
480 | comp_maskr[7][t1 & 0x7f];
481 }
482 return (0);
483 }
484
485 static int
486 do_des(uint32 l_in, uint32 r_in, uint32 *l_out, uint32 *r_out, int count)
487 {
488 /*
489 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
490 */
491 uint32 l,
492 r,
493 *kl,
494 *kr,
495 *kl1,
496 *kr1;
497 uint32 f,
498 r48l,
499 r48r;
500 int round;
501
502 if (count == 0)
503 return (1);
504 else if (count > 0)
505 {
506 /*
507 * Encrypting
508 */
509 kl1 = en_keysl;
510 kr1 = en_keysr;
511 }
512 else
513 {
514 /*
515 * Decrypting
516 */
517 count = -count;
518 kl1 = de_keysl;
519 kr1 = de_keysr;
520 }
521
522 /*
523 * Do initial permutation (IP).
524 */
525 l = ip_maskl[0][l_in >> 24]
526 | ip_maskl[1][(l_in >> 16) & 0xff]
527 | ip_maskl[2][(l_in >> 8) & 0xff]
528 | ip_maskl[3][l_in & 0xff]
529 | ip_maskl[4][r_in >> 24]
530 | ip_maskl[5][(r_in >> 16) & 0xff]
531 | ip_maskl[6][(r_in >> 8) & 0xff]
532 | ip_maskl[7][r_in & 0xff];
533 r = ip_maskr[0][l_in >> 24]
534 | ip_maskr[1][(l_in >> 16) & 0xff]
535 | ip_maskr[2][(l_in >> 8) & 0xff]
536 | ip_maskr[3][l_in & 0xff]
537 | ip_maskr[4][r_in >> 24]
538 | ip_maskr[5][(r_in >> 16) & 0xff]
539 | ip_maskr[6][(r_in >> 8) & 0xff]
540 | ip_maskr[7][r_in & 0xff];
541
542 while (count--)
543 {
544 /*
545 * Do each round.
546 */
547 kl = kl1;
548 kr = kr1;
549 round = 16;
550 while (round--)
551 {
552 /*
553 * Expand R to 48 bits (simulate the E-box).
554 */
555 r48l = ((r & 0x00000001) << 23)
556 | ((r & 0xf8000000) >> 9)
557 | ((r & 0x1f800000) >> 11)
558 | ((r & 0x01f80000) >> 13)
559 | ((r & 0x001f8000) >> 15);
560
561 r48r = ((r & 0x0001f800) << 7)
562 | ((r & 0x00001f80) << 5)
563 | ((r & 0x000001f8) << 3)
564 | ((r & 0x0000001f) << 1)
565 | ((r & 0x80000000) >> 31);
566
567 /*
568 * Do salting for crypt() and friends, and XOR with the permuted
569 * key.
570 */
571 f = (r48l ^ r48r) & saltbits;
572 r48l ^= f ^ *kl++;
573 r48r ^= f ^ *kr++;
574
575 /*
576 * Do sbox lookups (which shrink it back to 32 bits) and do the
577 * pbox permutation at the same time.
578 */
579 f = psbox[0][m_sbox[0][r48l >> 12]]
580 | psbox[1][m_sbox[1][r48l & 0xfff]]
581 | psbox[2][m_sbox[2][r48r >> 12]]
582 | psbox[3][m_sbox[3][r48r & 0xfff]];
583
584 /*
585 * Now that we've permuted things, complete f().
586 */
587 f ^= l;
588 l = r;
589 r = f;
590 }
591 r = l;
592 l = f;
593 }
594
595 /*
596 * Do final permutation (inverse of IP).
597 */
598 *l_out = fp_maskl[0][l >> 24]
599 | fp_maskl[1][(l >> 16) & 0xff]
600 | fp_maskl[2][(l >> 8) & 0xff]
601 | fp_maskl[3][l & 0xff]
602 | fp_maskl[4][r >> 24]
603 | fp_maskl[5][(r >> 16) & 0xff]
604 | fp_maskl[6][(r >> 8) & 0xff]
605 | fp_maskl[7][r & 0xff];
606 *r_out = fp_maskr[0][l >> 24]
607 | fp_maskr[1][(l >> 16) & 0xff]
608 | fp_maskr[2][(l >> 8) & 0xff]
609 | fp_maskr[3][l & 0xff]
610 | fp_maskr[4][r >> 24]
611 | fp_maskr[5][(r >> 16) & 0xff]
612 | fp_maskr[6][(r >> 8) & 0xff]
613 | fp_maskr[7][r & 0xff];
614 return (0);
615 }
616
617 static int
618 des_cipher(const char *in, char *out, long salt, int count)
619 {
620 uint32 buffer[2];
621 uint32 l_out,
622 r_out,
623 rawl,
624 rawr;
625 int retval;
626
627 if (!des_initialised)
628 des_init();
629
630 setup_salt(salt);
631
632 /* copy data to avoid assuming input is word-aligned */
633 memcpy(buffer, in, sizeof(buffer));
634
635 rawl = ntohl(buffer[0]);
636 rawr = ntohl(buffer[1]);
637
638 retval = do_des(rawl, rawr, &l_out, &r_out, count);
639
640 buffer[0] = htonl(l_out);
641 buffer[1] = htonl(r_out);
642
643 /* copy data to avoid assuming output is word-aligned */
644 memcpy(out, buffer, sizeof(buffer));
645
646 return (retval);
647 }
648
649 char *
650 px_crypt_des(const char *key, const char *setting)
651 {
652 int i;
653 uint32 count,
654 salt,
655 l,
656 r0,
657 r1,
658 keybuf[2];
659 char *p;
660 uint8 *q;
661 static char output[21];
662
663 if (!des_initialised)
664 des_init();
665
666
667 /*
668 * Copy the key, shifting each character up by one bit and padding with
669 * zeros.
670 */
671 q = (uint8 *) keybuf;
672 while (q - (uint8 *) keybuf - 8)
673 {
674 if ((*q++ = *key << 1))
675 key++;
676 }
677 if (des_setkey((char *) keybuf))
678 return (NULL);
679
680 #ifndef DISABLE_XDES
681 if (*setting == _PASSWORD_EFMT1)
682 {
683 /*
684 * "new"-style: setting - underscore, 4 bytes of count, 4 bytes of
685 * salt key - unlimited characters
686 */
687 for (i = 1, count = 0L; i < 5; i++)
688 count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
689
690 for (i = 5, salt = 0L; i < 9; i++)
691 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
692
693 while (*key)
694 {
695 /*
696 * Encrypt the key with itself.
697 */
698 if (des_cipher((char *) keybuf, (char *) keybuf, 0L, 1))
699 return (NULL);
700
701 /*
702 * And XOR with the next 8 characters of the key.
703 */
704 q = (uint8 *) keybuf;
705 while (q - (uint8 *) keybuf - 8 && *key)
706 *q++ ^= *key++ << 1;
707
708 if (des_setkey((char *) keybuf))
709 return (NULL);
710 }
711 strncpy(output, setting, 9);
712
713 /*
714 * Double check that we weren't given a short setting. If we were, the
715 * above code will probably have created wierd values for count and
716 * salt, but we don't really care. Just make sure the output string
717 * doesn't have an extra NUL in it.
718 */
719 output[9] = '\0';
720 p = output + strlen(output);
721 }
722 else
723 #endif /* !DISABLE_XDES */
724 {
725 /*
726 * "old"-style: setting - 2 bytes of salt key - up to 8 characters
727 */
728 count = 25;
729
730 salt = (ascii_to_bin(setting[1]) << 6)
731 | ascii_to_bin(setting[0]);
732
733 output[0] = setting[0];
734
735 /*
736 * If the encrypted password that the salt was extracted from is only
737 * 1 character long, the salt will be corrupted. We need to ensure
738 * that the output string doesn't have an extra NUL in it!
739 */
740 output[1] = setting[1] ? setting[1] : output[0];
741
742 p = output + 2;
743 }
744 setup_salt(salt);
745
746 /*
747 * Do it.
748 */
749 if (do_des(0L, 0L, &r0, &r1, count))
750 return (NULL);
751
752 /*
753 * Now encode the result...
754 */
755 l = (r0 >> 8);
756 *p++ = _crypt_a64[(l >> 18) & 0x3f];
757 *p++ = _crypt_a64[(l >> 12) & 0x3f];
758 *p++ = _crypt_a64[(l >> 6) & 0x3f];
759 *p++ = _crypt_a64[l & 0x3f];
760
761 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
762 *p++ = _crypt_a64[(l >> 18) & 0x3f];
763 *p++ = _crypt_a64[(l >> 12) & 0x3f];
764 *p++ = _crypt_a64[(l >> 6) & 0x3f];
765 *p++ = _crypt_a64[l & 0x3f];
766
767 l = r1 << 2;
768 *p++ = _crypt_a64[(l >> 12) & 0x3f];
769 *p++ = _crypt_a64[(l >> 6) & 0x3f];
770 *p++ = _crypt_a64[l & 0x3f];
771 *p = 0;
772
773 return (output);
774 }
PostgreSQL from CVS