Back to index

glibc  2.9
crypt_util.c
Go to the documentation of this file.
00001 /*
00002  * UFC-crypt: ultra fast crypt(3) implementation
00003  *
00004  * Copyright (C) 1991, 92, 93, 96, 97, 98, 2000 Free Software Foundation, Inc.
00005  *
00006  * This library is free software; you can redistribute it and/or
00007  * modify it under the terms of the GNU Lesser General Public
00008  * License as published by the Free Software Foundation; either
00009  * version 2.1 of the License, or (at your option) any later version.
00010  *
00011  * This library is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00014  * Lesser General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU Lesser General Public
00017  * License along with this library; see the file COPYING.LIB.  If not,
00018  * write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
00019  * Boston, MA 02111-1307, USA.
00020  *
00021  * @(#)crypt_util.c  2.56 12/20/96
00022  *
00023  * Support routines
00024  *
00025  */
00026 
00027 #ifdef DEBUG
00028 #include <stdio.h>
00029 #endif
00030 #include <string.h>
00031 
00032 #ifndef STATIC
00033 #define STATIC static
00034 #endif
00035 
00036 #ifndef DOS
00037 #include "ufc-crypt.h"
00038 #else
00039 /*
00040  * Thanks to greg%wind@plains.NoDak.edu (Greg W. Wettstein)
00041  * for DOS patches
00042  */
00043 #include "pl.h"
00044 #include "ufc.h"
00045 #endif
00046 #include "crypt.h"
00047 #include "crypt-private.h"
00048 
00049 /* Prototypes for local functions.  */
00050 #if __STDC__ - 0
00051 #ifndef __GNU_LIBRARY__
00052 void _ufc_clearmem (char *start, int cnt);
00053 void _ufc_copymem (char *from, char *to, int cnt);
00054 #endif
00055 #ifdef _UFC_32_
00056 STATIC void shuffle_sb (long32 *k, ufc_long saltbits);
00057 #else
00058 STATIC void shuffle_sb (long64 *k, ufc_long saltbits);
00059 #endif
00060 #endif
00061 
00062 
00063 /*
00064  * Permutation done once on the 56 bit
00065  *  key derived from the original 8 byte ASCII key.
00066  */
00067 static const int pc1[56] = {
00068   57, 49, 41, 33, 25, 17,  9,  1, 58, 50, 42, 34, 26, 18,
00069   10,  2, 59, 51, 43, 35, 27, 19, 11,  3, 60, 52, 44, 36,
00070   63, 55, 47, 39, 31, 23, 15,  7, 62, 54, 46, 38, 30, 22,
00071   14,  6, 61, 53, 45, 37, 29, 21, 13,  5, 28, 20, 12,  4
00072 };
00073 
00074 /*
00075  * How much to rotate each 28 bit half of the pc1 permutated
00076  *  56 bit key before using pc2 to give the i' key
00077  */
00078 static const int rots[16] = {
00079   1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
00080 };
00081 
00082 /*
00083  * Permutation giving the key
00084  * of the i' DES round
00085  */
00086 static const int pc2[48] = {
00087   14, 17, 11, 24,  1,  5,  3, 28, 15,  6, 21, 10,
00088   23, 19, 12,  4, 26,  8, 16,  7, 27, 20, 13,  2,
00089   41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
00090   44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
00091 };
00092 
00093 /*
00094  * The E expansion table which selects
00095  * bits from the 32 bit intermediate result.
00096  */
00097 static const int esel[48] = {
00098   32,  1,  2,  3,  4,  5,  4,  5,  6,  7,  8,  9,
00099    8,  9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
00100   16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
00101   24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32,  1
00102 };
00103 
00104 /*
00105  * Permutation done on the
00106  * result of sbox lookups
00107  */
00108 static const int perm32[32] = {
00109   16,  7, 20, 21, 29, 12, 28, 17,  1, 15, 23, 26,  5, 18, 31, 10,
00110   2,   8, 24, 14, 32, 27,  3,  9, 19, 13, 30,  6, 22, 11,  4, 25
00111 };
00112 
00113 /*
00114  * The sboxes
00115  */
00116 static const int sbox[8][4][16]= {
00117         { { 14,  4, 13,  1,  2, 15, 11,  8,  3, 10,  6, 12,  5,  9,  0,  7 },
00118           {  0, 15,  7,  4, 14,  2, 13,  1, 10,  6, 12, 11,  9,  5,  3,  8 },
00119           {  4,  1, 14,  8, 13,  6,  2, 11, 15, 12,  9,  7,  3, 10,  5,  0 },
00120           { 15, 12,  8,  2,  4,  9,  1,  7,  5, 11,  3, 14, 10,  0,  6, 13 }
00121         },
00122 
00123         { { 15,  1,  8, 14,  6, 11,  3,  4,  9,  7,  2, 13, 12,  0,  5, 10 },
00124           {  3, 13,  4,  7, 15,  2,  8, 14, 12,  0,  1, 10,  6,  9, 11,  5 },
00125           {  0, 14,  7, 11, 10,  4, 13,  1,  5,  8, 12,  6,  9,  3,  2, 15 },
00126           { 13,  8, 10,  1,  3, 15,  4,  2, 11,  6,  7, 12,  0,  5, 14,  9 }
00127         },
00128 
00129         { { 10,  0,  9, 14,  6,  3, 15,  5,  1, 13, 12,  7, 11,  4,  2,  8 },
00130           { 13,  7,  0,  9,  3,  4,  6, 10,  2,  8,  5, 14, 12, 11, 15,  1 },
00131           { 13,  6,  4,  9,  8, 15,  3,  0, 11,  1,  2, 12,  5, 10, 14,  7 },
00132           {  1, 10, 13,  0,  6,  9,  8,  7,  4, 15, 14,  3, 11,  5,  2, 12 }
00133         },
00134 
00135         { {  7, 13, 14,  3,  0,  6,  9, 10,  1,  2,  8,  5, 11, 12,  4, 15 },
00136           { 13,  8, 11,  5,  6, 15,  0,  3,  4,  7,  2, 12,  1, 10, 14,  9 },
00137           { 10,  6,  9,  0, 12, 11,  7, 13, 15,  1,  3, 14,  5,  2,  8,  4 },
00138           {  3, 15,  0,  6, 10,  1, 13,  8,  9,  4,  5, 11, 12,  7,  2, 14 }
00139         },
00140 
00141         { {  2, 12,  4,  1,  7, 10, 11,  6,  8,  5,  3, 15, 13,  0, 14,  9 },
00142           { 14, 11,  2, 12,  4,  7, 13,  1,  5,  0, 15, 10,  3,  9,  8,  6 },
00143           {  4,  2,  1, 11, 10, 13,  7,  8, 15,  9, 12,  5,  6,  3,  0, 14 },
00144           { 11,  8, 12,  7,  1, 14,  2, 13,  6, 15,  0,  9, 10,  4,  5,  3 }
00145         },
00146 
00147         { { 12,  1, 10, 15,  9,  2,  6,  8,  0, 13,  3,  4, 14,  7,  5, 11 },
00148           { 10, 15,  4,  2,  7, 12,  9,  5,  6,  1, 13, 14,  0, 11,  3,  8 },
00149           {  9, 14, 15,  5,  2,  8, 12,  3,  7,  0,  4, 10,  1, 13, 11,  6 },
00150           {  4,  3,  2, 12,  9,  5, 15, 10, 11, 14,  1,  7,  6,  0,  8, 13 }
00151         },
00152 
00153         { {  4, 11,  2, 14, 15,  0,  8, 13,  3, 12,  9,  7,  5, 10,  6,  1 },
00154           { 13,  0, 11,  7,  4,  9,  1, 10, 14,  3,  5, 12,  2, 15,  8,  6 },
00155           {  1,  4, 11, 13, 12,  3,  7, 14, 10, 15,  6,  8,  0,  5,  9,  2 },
00156           {  6, 11, 13,  8,  1,  4, 10,  7,  9,  5,  0, 15, 14,  2,  3, 12 }
00157         },
00158 
00159         { { 13,  2,  8,  4,  6, 15, 11,  1, 10,  9,  3, 14,  5,  0, 12,  7 },
00160           {  1, 15, 13,  8, 10,  3,  7,  4, 12,  5,  6, 11,  0, 14,  9,  2 },
00161           {  7, 11,  4,  1,  9, 12, 14,  2,  0,  6, 10, 13, 15,  3,  5,  8 },
00162           {  2,  1, 14,  7,  4, 10,  8, 13, 15, 12,  9,  0,  3,  5,  6, 11 }
00163         }
00164 };
00165 
00166 /*
00167  * This is the initial
00168  * permutation matrix
00169  */
00170 static const int initial_perm[64] = {
00171   58, 50, 42, 34, 26, 18, 10,  2, 60, 52, 44, 36, 28, 20, 12, 4,
00172   62, 54, 46, 38, 30, 22, 14,  6, 64, 56, 48, 40, 32, 24, 16, 8,
00173   57, 49, 41, 33, 25, 17,  9,  1, 59, 51, 43, 35, 27, 19, 11, 3,
00174   61, 53, 45, 37, 29, 21, 13,  5, 63, 55, 47, 39, 31, 23, 15, 7
00175 };
00176 
00177 /*
00178  * This is the final
00179  * permutation matrix
00180  */
00181 static const int final_perm[64] = {
00182   40,  8, 48, 16, 56, 24, 64, 32, 39,  7, 47, 15, 55, 23, 63, 31,
00183   38,  6, 46, 14, 54, 22, 62, 30, 37,  5, 45, 13, 53, 21, 61, 29,
00184   36,  4, 44, 12, 52, 20, 60, 28, 35,  3, 43, 11, 51, 19, 59, 27,
00185   34,  2, 42, 10, 50, 18, 58, 26, 33,  1, 41,  9, 49, 17, 57, 25
00186 };
00187 
00188 #define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
00189 #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
00190 
00191 static const ufc_long BITMASK[24] = {
00192   0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000,
00193   0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000,
00194   0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200,
00195   0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008
00196 };
00197 
00198 static const unsigned char bytemask[8]  = {
00199   0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
00200 };
00201 
00202 static const ufc_long longmask[32] = {
00203   0x80000000, 0x40000000, 0x20000000, 0x10000000,
00204   0x08000000, 0x04000000, 0x02000000, 0x01000000,
00205   0x00800000, 0x00400000, 0x00200000, 0x00100000,
00206   0x00080000, 0x00040000, 0x00020000, 0x00010000,
00207   0x00008000, 0x00004000, 0x00002000, 0x00001000,
00208   0x00000800, 0x00000400, 0x00000200, 0x00000100,
00209   0x00000080, 0x00000040, 0x00000020, 0x00000010,
00210   0x00000008, 0x00000004, 0x00000002, 0x00000001
00211 };
00212 
00213 /*
00214  * do_pc1: permform pc1 permutation in the key schedule generation.
00215  *
00216  * The first   index is the byte number in the 8 byte ASCII key
00217  *  -  second    -      -    the two 28 bits halfs of the result
00218  *  -  third     -   selects the 7 bits actually used of each byte
00219  *
00220  * The result is kept with 28 bit per 32 bit with the 4 most significant
00221  * bits zero.
00222  */
00223 static ufc_long do_pc1[8][2][128];
00224 
00225 /*
00226  * do_pc2: permform pc2 permutation in the key schedule generation.
00227  *
00228  * The first   index is the septet number in the two 28 bit intermediate values
00229  *  -  second    -    -  -  septet values
00230  *
00231  * Knowledge of the structure of the pc2 permutation is used.
00232  *
00233  * The result is kept with 28 bit per 32 bit with the 4 most significant
00234  * bits zero.
00235  */
00236 static ufc_long do_pc2[8][128];
00237 
00238 /*
00239  * eperm32tab: do 32 bit permutation and E selection
00240  *
00241  * The first index is the byte number in the 32 bit value to be permuted
00242  *  -  second  -   is the value of this byte
00243  *  -  third   -   selects the two 32 bit values
00244  *
00245  * The table is used and generated internally in init_des to speed it up
00246  */
00247 static ufc_long eperm32tab[4][256][2];
00248 
00249 /*
00250  * efp: undo an extra e selection and do final
00251  *      permutation giving the DES result.
00252  *
00253  *      Invoked 6 bit a time on two 48 bit values
00254  *      giving two 32 bit longs.
00255  */
00256 static ufc_long efp[16][64][2];
00257 
00258 /*
00259  * For use by the old, non-reentrant routines
00260  * (crypt/encrypt/setkey)
00261  */
00262 struct crypt_data _ufc_foobar;
00263 
00264 #ifdef __GNU_LIBRARY__
00265 #include <bits/libc-lock.h>
00266 
00267 __libc_lock_define_initialized (static, _ufc_tables_lock)
00268 #endif
00269 
00270 #ifdef DEBUG
00271 
00272 void
00273 _ufc_prbits(a, n)
00274      ufc_long *a;
00275      int n;
00276 {
00277   ufc_long i, j, t, tmp;
00278   n /= 8;
00279   for(i = 0; i < n; i++) {
00280     tmp=0;
00281     for(j = 0; j < 8; j++) {
00282       t=8*i+j;
00283       tmp|=(a[t/24] & BITMASK[t % 24])?bytemask[j]:0;
00284     }
00285     (void)printf("%02x ",tmp);
00286   }
00287   printf(" ");
00288 }
00289 
00290 static void
00291 _ufc_set_bits(v, b)
00292      ufc_long v;
00293      ufc_long *b;
00294 {
00295   ufc_long i;
00296   *b = 0;
00297   for(i = 0; i < 24; i++) {
00298     if(v & longmask[8 + i])
00299       *b |= BITMASK[i];
00300   }
00301 }
00302 
00303 #endif
00304 
00305 #ifndef __GNU_LIBRARY__
00306 /*
00307  * Silly rewrites of 'bzero'/'memset'. I do so
00308  * because some machines don't have
00309  * bzero and some don't have memset.
00310  */
00311 
00312 void
00313 _ufc_clearmem(start, cnt)
00314      char *start;
00315      int cnt;
00316 {
00317   while(cnt--)
00318     *start++ = '\0';
00319 }
00320 
00321 void
00322 _ufc_copymem(from, to, cnt)
00323      char *from, *to;
00324      int cnt;
00325 {
00326   while(cnt--)
00327     *to++ = *from++;
00328 }
00329 #else
00330 #define _ufc_clearmem(start, cnt)   memset(start, 0, cnt)
00331 #define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt)
00332 #endif
00333 
00334 /* lookup a 6 bit value in sbox */
00335 
00336 #define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
00337 
00338 /*
00339  * Initialize unit - may be invoked directly
00340  * by fcrypt users.
00341  */
00342 
00343 void
00344 __init_des_r(__data)
00345      struct crypt_data * __restrict __data;
00346 {
00347   int comes_from_bit;
00348   int bit, sg;
00349   ufc_long j;
00350   ufc_long mask1, mask2;
00351   int e_inverse[64];
00352   static volatile int small_tables_initialized = 0;
00353 
00354 #ifdef _UFC_32_
00355   long32 *sb[4];
00356   sb[0] = (long32*)__data->sb0; sb[1] = (long32*)__data->sb1;
00357   sb[2] = (long32*)__data->sb2; sb[3] = (long32*)__data->sb3;
00358 #endif
00359 #ifdef _UFC_64_
00360   long64 *sb[4];
00361   sb[0] = (long64*)__data->sb0; sb[1] = (long64*)__data->sb1;
00362   sb[2] = (long64*)__data->sb2; sb[3] = (long64*)__data->sb3;
00363 #endif
00364 
00365   if(small_tables_initialized == 0) {
00366 #ifdef __GNU_LIBRARY__
00367     __libc_lock_lock (_ufc_tables_lock);
00368     if(small_tables_initialized)
00369       goto small_tables_done;
00370 #endif
00371 
00372     /*
00373      * Create the do_pc1 table used
00374      * to affect pc1 permutation
00375      * when generating keys
00376      */
00377     _ufc_clearmem((char*)do_pc1, (int)sizeof(do_pc1));
00378     for(bit = 0; bit < 56; bit++) {
00379       comes_from_bit  = pc1[bit] - 1;
00380       mask1 = bytemask[comes_from_bit % 8 + 1];
00381       mask2 = longmask[bit % 28 + 4];
00382       for(j = 0; j < 128; j++) {
00383        if(j & mask1)
00384          do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2;
00385       }
00386     }
00387 
00388     /*
00389      * Create the do_pc2 table used
00390      * to affect pc2 permutation when
00391      * generating keys
00392      */
00393     _ufc_clearmem((char*)do_pc2, (int)sizeof(do_pc2));
00394     for(bit = 0; bit < 48; bit++) {
00395       comes_from_bit  = pc2[bit] - 1;
00396       mask1 = bytemask[comes_from_bit % 7 + 1];
00397       mask2 = BITMASK[bit % 24];
00398       for(j = 0; j < 128; j++) {
00399        if(j & mask1)
00400          do_pc2[comes_from_bit / 7][j] |= mask2;
00401       }
00402     }
00403 
00404     /*
00405      * Now generate the table used to do combined
00406      * 32 bit permutation and e expansion
00407      *
00408      * We use it because we have to permute 16384 32 bit
00409      * longs into 48 bit in order to initialize sb.
00410      *
00411      * Looping 48 rounds per permutation becomes
00412      * just too slow...
00413      *
00414      */
00415 
00416     _ufc_clearmem((char*)eperm32tab, (int)sizeof(eperm32tab));
00417     for(bit = 0; bit < 48; bit++) {
00418       ufc_long mask1,comes_from;
00419       comes_from = perm32[esel[bit]-1]-1;
00420       mask1      = bytemask[comes_from % 8];
00421       for(j = 256; j--;) {
00422        if(j & mask1)
00423          eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK[bit % 24];
00424       }
00425     }
00426 
00427     /*
00428      * Create an inverse matrix for esel telling
00429      * where to plug out bits if undoing it
00430      */
00431     for(bit=48; bit--;) {
00432       e_inverse[esel[bit] - 1     ] = bit;
00433       e_inverse[esel[bit] - 1 + 32] = bit + 48;
00434     }
00435 
00436     /*
00437      * create efp: the matrix used to
00438      * undo the E expansion and effect final permutation
00439      */
00440     _ufc_clearmem((char*)efp, (int)sizeof efp);
00441     for(bit = 0; bit < 64; bit++) {
00442       int o_bit, o_long;
00443       ufc_long word_value, mask1, mask2;
00444       int comes_from_f_bit, comes_from_e_bit;
00445       int comes_from_word, bit_within_word;
00446 
00447       /* See where bit i belongs in the two 32 bit long's */
00448       o_long = bit / 32; /* 0..1  */
00449       o_bit  = bit % 32; /* 0..31 */
00450 
00451       /*
00452        * And find a bit in the e permutated value setting this bit.
00453        *
00454        * Note: the e selection may have selected the same bit several
00455        * times. By the initialization of e_inverse, we only look
00456        * for one specific instance.
00457        */
00458       comes_from_f_bit = final_perm[bit] - 1;         /* 0..63 */
00459       comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */
00460       comes_from_word  = comes_from_e_bit / 6;        /* 0..15 */
00461       bit_within_word  = comes_from_e_bit % 6;        /* 0..5  */
00462 
00463       mask1 = longmask[bit_within_word + 26];
00464       mask2 = longmask[o_bit];
00465 
00466       for(word_value = 64; word_value--;) {
00467        if(word_value & mask1)
00468          efp[comes_from_word][word_value][o_long] |= mask2;
00469       }
00470     }
00471     small_tables_initialized = 1;
00472 #ifdef __GNU_LIBRARY__
00473 small_tables_done:
00474     __libc_lock_unlock(_ufc_tables_lock);
00475 #endif
00476   }
00477 
00478   /*
00479    * Create the sb tables:
00480    *
00481    * For each 12 bit segment of an 48 bit intermediate
00482    * result, the sb table precomputes the two 4 bit
00483    * values of the sbox lookups done with the two 6
00484    * bit halves, shifts them to their proper place,
00485    * sends them through perm32 and finally E expands
00486    * them so that they are ready for the next
00487    * DES round.
00488    *
00489    */
00490 
00491   _ufc_clearmem((char*)__data->sb0, (int)sizeof(__data->sb0));
00492   _ufc_clearmem((char*)__data->sb1, (int)sizeof(__data->sb1));
00493   _ufc_clearmem((char*)__data->sb2, (int)sizeof(__data->sb2));
00494   _ufc_clearmem((char*)__data->sb3, (int)sizeof(__data->sb3));
00495 
00496   for(sg = 0; sg < 4; sg++) {
00497     int j1, j2;
00498     int s1, s2;
00499 
00500     for(j1 = 0; j1 < 64; j1++) {
00501       s1 = s_lookup(2 * sg, j1);
00502       for(j2 = 0; j2 < 64; j2++) {
00503        ufc_long to_permute, inx;
00504 
00505        s2         = s_lookup(2 * sg + 1, j2);
00506        to_permute = (((ufc_long)s1 << 4)  |
00507                     (ufc_long)s2) << (24 - 8 * (ufc_long)sg);
00508 
00509 #ifdef _UFC_32_
00510        inx = ((j1 << 6)  | j2) << 1;
00511        sb[sg][inx  ]  = eperm32tab[0][(to_permute >> 24) & 0xff][0];
00512        sb[sg][inx+1]  = eperm32tab[0][(to_permute >> 24) & 0xff][1];
00513        sb[sg][inx  ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0];
00514        sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1];
00515        sb[sg][inx  ] |= eperm32tab[2][(to_permute >>  8) & 0xff][0];
00516        sb[sg][inx+1] |= eperm32tab[2][(to_permute >>  8) & 0xff][1];
00517        sb[sg][inx  ] |= eperm32tab[3][(to_permute)       & 0xff][0];
00518        sb[sg][inx+1] |= eperm32tab[3][(to_permute)       & 0xff][1];
00519 #endif
00520 #ifdef _UFC_64_
00521        inx = ((j1 << 6)  | j2);
00522        sb[sg][inx]  =
00523          ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) |
00524           (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1];
00525        sb[sg][inx] |=
00526          ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) |
00527           (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1];
00528        sb[sg][inx] |=
00529          ((long64)eperm32tab[2][(to_permute >>  8) & 0xff][0] << 32) |
00530           (long64)eperm32tab[2][(to_permute >>  8) & 0xff][1];
00531        sb[sg][inx] |=
00532          ((long64)eperm32tab[3][(to_permute)       & 0xff][0] << 32) |
00533           (long64)eperm32tab[3][(to_permute)       & 0xff][1];
00534 #endif
00535       }
00536     }
00537   }
00538 
00539   __data->current_saltbits = 0;
00540   __data->current_salt[0] = 0;
00541   __data->current_salt[1] = 0;
00542   __data->initialized++;
00543 }
00544 
00545 void
00546 __init_des()
00547 {
00548   __init_des_r(&_ufc_foobar);
00549 }
00550 
00551 /*
00552  * Process the elements of the sb table permuting the
00553  * bits swapped in the expansion by the current salt.
00554  */
00555 
00556 #ifdef _UFC_32_
00557 STATIC void
00558 shuffle_sb(k, saltbits)
00559      long32 *k;
00560      ufc_long saltbits;
00561 {
00562   ufc_long j;
00563   long32 x;
00564   for(j=4096; j--;) {
00565     x = (k[0] ^ k[1]) & (long32)saltbits;
00566     *k++ ^= x;
00567     *k++ ^= x;
00568   }
00569 }
00570 #endif
00571 
00572 #ifdef _UFC_64_
00573 STATIC void
00574 shuffle_sb(k, saltbits)
00575      long64 *k;
00576      ufc_long saltbits;
00577 {
00578   ufc_long j;
00579   long64 x;
00580   for(j=4096; j--;) {
00581     x = ((*k >> 32) ^ *k) & (long64)saltbits;
00582     *k++ ^= (x << 32) | x;
00583   }
00584 }
00585 #endif
00586 
00587 /*
00588  * Setup the unit for a new salt
00589  * Hopefully we'll not see a new salt in each crypt call.
00590  */
00591 
00592 void
00593 _ufc_setup_salt_r(s, __data)
00594      __const char *s;
00595      struct crypt_data * __restrict __data;
00596 {
00597   ufc_long i, j, saltbits;
00598 
00599   if(__data->initialized == 0)
00600     __init_des_r(__data);
00601 
00602   if(s[0] == __data->current_salt[0] && s[1] == __data->current_salt[1])
00603     return;
00604   __data->current_salt[0] = s[0]; __data->current_salt[1] = s[1];
00605 
00606   /*
00607    * This is the only crypt change to DES:
00608    * entries are swapped in the expansion table
00609    * according to the bits set in the salt.
00610    */
00611   saltbits = 0;
00612   for(i = 0; i < 2; i++) {
00613     long c=ascii_to_bin(s[i]);
00614     for(j = 0; j < 6; j++) {
00615       if((c >> j) & 0x1)
00616        saltbits |= BITMASK[6 * i + j];
00617     }
00618   }
00619 
00620   /*
00621    * Permute the sb table values
00622    * to reflect the changed e
00623    * selection table
00624    */
00625 #ifdef _UFC_32_
00626 #define LONGG long32*
00627 #endif
00628 #ifdef _UFC_64_
00629 #define LONGG long64*
00630 #endif
00631 
00632   shuffle_sb((LONGG)__data->sb0, __data->current_saltbits ^ saltbits);
00633   shuffle_sb((LONGG)__data->sb1, __data->current_saltbits ^ saltbits);
00634   shuffle_sb((LONGG)__data->sb2, __data->current_saltbits ^ saltbits);
00635   shuffle_sb((LONGG)__data->sb3, __data->current_saltbits ^ saltbits);
00636 
00637   __data->current_saltbits = saltbits;
00638 }
00639 
00640 void
00641 _ufc_mk_keytab_r(key, __data)
00642      const char *key;
00643      struct crypt_data * __restrict __data;
00644 {
00645   ufc_long v1, v2, *k1;
00646   int i;
00647 #ifdef _UFC_32_
00648   long32 v, *k2;
00649   k2 = (long32*)__data->keysched;
00650 #endif
00651 #ifdef _UFC_64_
00652   long64 v, *k2;
00653   k2 = (long64*)__data->keysched;
00654 #endif
00655 
00656   v1 = v2 = 0; k1 = &do_pc1[0][0][0];
00657   for(i = 8; i--;) {
00658     v1 |= k1[*key   & 0x7f]; k1 += 128;
00659     v2 |= k1[*key++ & 0x7f]; k1 += 128;
00660   }
00661 
00662   for(i = 0; i < 16; i++) {
00663     k1 = &do_pc2[0][0];
00664 
00665     v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i]));
00666     v  = k1[(v1 >> 21) & 0x7f]; k1 += 128;
00667     v |= k1[(v1 >> 14) & 0x7f]; k1 += 128;
00668     v |= k1[(v1 >>  7) & 0x7f]; k1 += 128;
00669     v |= k1[(v1      ) & 0x7f]; k1 += 128;
00670 
00671 #ifdef _UFC_32_
00672     *k2++ = (v | 0x00008000);
00673     v = 0;
00674 #endif
00675 #ifdef _UFC_64_
00676     v = (v << 32);
00677 #endif
00678 
00679     v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i]));
00680     v |= k1[(v2 >> 21) & 0x7f]; k1 += 128;
00681     v |= k1[(v2 >> 14) & 0x7f]; k1 += 128;
00682     v |= k1[(v2 >>  7) & 0x7f]; k1 += 128;
00683     v |= k1[(v2      ) & 0x7f];
00684 
00685 #ifdef _UFC_32_
00686     *k2++ = (v | 0x00008000);
00687 #endif
00688 #ifdef _UFC_64_
00689     *k2++ = v | 0x0000800000008000l;
00690 #endif
00691   }
00692 
00693   __data->direction = 0;
00694 }
00695 
00696 /*
00697  * Undo an extra E selection and do final permutations
00698  */
00699 
00700 void
00701 _ufc_dofinalperm_r(res, __data)
00702      ufc_long *res;
00703      struct crypt_data * __restrict __data;
00704 {
00705   ufc_long v1, v2, x;
00706   ufc_long l1,l2,r1,r2;
00707 
00708   l1 = res[0]; l2 = res[1];
00709   r1 = res[2]; r2 = res[3];
00710 
00711   x = (l1 ^ l2) & __data->current_saltbits; l1 ^= x; l2 ^= x;
00712   x = (r1 ^ r2) & __data->current_saltbits; r1 ^= x; r2 ^= x;
00713 
00714   v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3;
00715 
00716   v1 |= efp[15][ r2         & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1];
00717   v1 |= efp[14][(r2 >>= 6)  & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1];
00718   v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1];
00719   v1 |= efp[12][(r2 >>= 6)  & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1];
00720 
00721   v1 |= efp[11][ r1         & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1];
00722   v1 |= efp[10][(r1 >>= 6)  & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1];
00723   v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1];
00724   v1 |= efp[ 8][(r1 >>= 6)  & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1];
00725 
00726   v1 |= efp[ 7][ l2         & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1];
00727   v1 |= efp[ 6][(l2 >>= 6)  & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1];
00728   v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1];
00729   v1 |= efp[ 4][(l2 >>= 6)  & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1];
00730 
00731   v1 |= efp[ 3][ l1         & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1];
00732   v1 |= efp[ 2][(l1 >>= 6)  & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1];
00733   v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1];
00734   v1 |= efp[ 0][(l1 >>= 6)  & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1];
00735 
00736   res[0] = v1; res[1] = v2;
00737 }
00738 
00739 /*
00740  * crypt only: convert from 64 bit to 11 bit ASCII
00741  * prefixing with the salt
00742  */
00743 
00744 void
00745 _ufc_output_conversion_r(v1, v2, salt, __data)
00746      ufc_long v1, v2;
00747      __const char *salt;
00748      struct crypt_data * __restrict __data;
00749 {
00750   int i, s, shf;
00751 
00752   __data->crypt_3_buf[0] = salt[0];
00753   __data->crypt_3_buf[1] = salt[1] ? salt[1] : salt[0];
00754 
00755   for(i = 0; i < 5; i++) {
00756     shf = (26 - 6 * i); /* to cope with MSC compiler bug */
00757     __data->crypt_3_buf[i + 2] = bin_to_ascii((v1 >> shf) & 0x3f);
00758   }
00759 
00760   s  = (v2 & 0xf) << 2;
00761   v2 = (v2 >> 2) | ((v1 & 0x3) << 30);
00762 
00763   for(i = 5; i < 10; i++) {
00764     shf = (56 - 6 * i);
00765     __data->crypt_3_buf[i + 2] = bin_to_ascii((v2 >> shf) & 0x3f);
00766   }
00767 
00768   __data->crypt_3_buf[12] = bin_to_ascii(s);
00769   __data->crypt_3_buf[13] = 0;
00770 }
00771 
00772 
00773 /*
00774  * UNIX encrypt function. Takes a bitvector
00775  * represented by one byte per bit and
00776  * encrypt/decrypt according to edflag
00777  */
00778 
00779 void
00780 __encrypt_r(__block, __edflag, __data)
00781      char *__block;
00782      int __edflag;
00783      struct crypt_data * __restrict __data;
00784 {
00785   ufc_long l1, l2, r1, r2, res[4];
00786   int i;
00787 #ifdef _UFC_32_
00788   long32 *kt;
00789   kt = (long32*)__data->keysched;
00790 #endif
00791 #ifdef _UFC_64_
00792   long64 *kt;
00793   kt = (long64*)__data->keysched;
00794 #endif
00795 
00796   /*
00797    * Undo any salt changes to E expansion
00798    */
00799   _ufc_setup_salt_r("..", __data);
00800 
00801   /*
00802    * Reverse key table if
00803    * changing operation (encrypt/decrypt)
00804    */
00805   if((__edflag == 0) != (__data->direction == 0)) {
00806     for(i = 0; i < 8; i++) {
00807 #ifdef _UFC_32_
00808       long32 x;
00809       x = kt[2 * (15-i)];
00810       kt[2 * (15-i)] = kt[2 * i];
00811       kt[2 * i] = x;
00812 
00813       x = kt[2 * (15-i) + 1];
00814       kt[2 * (15-i) + 1] = kt[2 * i + 1];
00815       kt[2 * i + 1] = x;
00816 #endif
00817 #ifdef _UFC_64_
00818       long64 x;
00819       x = kt[15-i];
00820       kt[15-i] = kt[i];
00821       kt[i] = x;
00822 #endif
00823       }
00824     __data->direction = __edflag;
00825   }
00826 
00827   /*
00828    * Do initial permutation + E expansion
00829    */
00830   i = 0;
00831   for(l1 = 0; i < 24; i++) {
00832     if(__block[initial_perm[esel[i]-1]-1])
00833       l1 |= BITMASK[i];
00834   }
00835   for(l2 = 0; i < 48; i++) {
00836     if(__block[initial_perm[esel[i]-1]-1])
00837       l2 |= BITMASK[i-24];
00838   }
00839 
00840   i = 0;
00841   for(r1 = 0; i < 24; i++) {
00842     if(__block[initial_perm[esel[i]-1+32]-1])
00843       r1 |= BITMASK[i];
00844   }
00845   for(r2 = 0; i < 48; i++) {
00846     if(__block[initial_perm[esel[i]-1+32]-1])
00847       r2 |= BITMASK[i-24];
00848   }
00849 
00850   /*
00851    * Do DES inner loops + final conversion
00852    */
00853   res[0] = l1; res[1] = l2;
00854   res[2] = r1; res[3] = r2;
00855   _ufc_doit_r((ufc_long)1, __data, &res[0]);
00856 
00857   /*
00858    * Do final permutations
00859    */
00860   _ufc_dofinalperm_r(res, __data);
00861 
00862   /*
00863    * And convert to bit array
00864    */
00865   l1 = res[0]; r1 = res[1];
00866   for(i = 0; i < 32; i++) {
00867     *__block++ = (l1 & longmask[i]) != 0;
00868   }
00869   for(i = 0; i < 32; i++) {
00870     *__block++ = (r1 & longmask[i]) != 0;
00871   }
00872 }
00873 weak_alias (__encrypt_r, encrypt_r)
00874 
00875 void
00876 encrypt(__block, __edflag)
00877      char *__block;
00878      int __edflag;
00879 {
00880   __encrypt_r(__block, __edflag, &_ufc_foobar);
00881 }
00882 
00883 
00884 /*
00885  * UNIX setkey function. Take a 64 bit DES
00886  * key and setup the machinery.
00887  */
00888 
00889 void
00890 __setkey_r(__key, __data)
00891      __const char *__key;
00892      struct crypt_data * __restrict __data;
00893 {
00894   int i,j;
00895   unsigned char c;
00896   unsigned char ktab[8];
00897 
00898   _ufc_setup_salt_r("..", __data); /* be sure we're initialized */
00899 
00900   for(i = 0; i < 8; i++) {
00901     for(j = 0, c = 0; j < 8; j++)
00902       c = c << 1 | *__key++;
00903     ktab[i] = c >> 1;
00904   }
00905   _ufc_mk_keytab_r((char *) ktab, __data);
00906 }
00907 weak_alias (__setkey_r, setkey_r)
00908 
00909 void
00910 setkey(__key)
00911      __const char *__key;
00912 {
00913   __setkey_r(__key, &_ufc_foobar);
00914 }