2 * UFC-crypt: ultra fast crypt(3) implementation
4 * Copyright (C) 1991-2013 Free Software Foundation, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; see the file COPYING.LIB. If not,
18 * see <http://www.gnu.org/licenses/>.
20 * @(#)crypt_util.c 2.56 12/20/96
37 #include "ufc-crypt.h"
40 * Thanks to greg%wind@plains.NoDak.edu (Greg W. Wettstein)
47 #include "crypt-private.h"
49 /* Prototypes for local functions. */
50 #ifndef __GNU_LIBRARY__
51 void _ufc_clearmem (char *start, int cnt);
52 void _ufc_copymem (char *from, char *to, int cnt);
55 STATIC void shuffle_sb (long32 *k, ufc_long saltbits);
57 STATIC void shuffle_sb (long64 *k, ufc_long saltbits);
62 * Permutation done once on the 56 bit
63 * key derived from the original 8 byte ASCII key.
65 static const int pc1[56] = {
66 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
67 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
68 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
69 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
73 * How much to rotate each 28 bit half of the pc1 permutated
74 * 56 bit key before using pc2 to give the i' key
76 static const int rots[16] = {
77 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
81 * Permutation giving the key
84 static const int pc2[48] = {
85 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
86 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
87 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
88 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
92 * The E expansion table which selects
93 * bits from the 32 bit intermediate result.
95 static const int esel[48] = {
96 32, 1, 2, 3, 4, 5, 4, 5, 6, 7, 8, 9,
97 8, 9, 10, 11, 12, 13, 12, 13, 14, 15, 16, 17,
98 16, 17, 18, 19, 20, 21, 20, 21, 22, 23, 24, 25,
99 24, 25, 26, 27, 28, 29, 28, 29, 30, 31, 32, 1
103 * Permutation done on the
104 * result of sbox lookups
106 static const int perm32[32] = {
107 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
108 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
114 static const int sbox[8][4][16]= {
115 { { 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7 },
116 { 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8 },
117 { 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0 },
118 { 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13 }
121 { { 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10 },
122 { 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5 },
123 { 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15 },
124 { 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9 }
127 { { 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8 },
128 { 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1 },
129 { 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7 },
130 { 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12 }
133 { { 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15 },
134 { 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9 },
135 { 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4 },
136 { 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14 }
139 { { 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9 },
140 { 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6 },
141 { 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14 },
142 { 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3 }
145 { { 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11 },
146 { 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8 },
147 { 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6 },
148 { 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13 }
151 { { 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1 },
152 { 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6 },
153 { 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2 },
154 { 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12 }
157 { { 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7 },
158 { 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2 },
159 { 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8 },
160 { 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11 }
165 * This is the initial
168 static const int initial_perm[64] = {
169 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
170 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
171 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
172 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
179 static const int final_perm[64] = {
180 40, 8, 48, 16, 56, 24, 64, 32, 39, 7, 47, 15, 55, 23, 63, 31,
181 38, 6, 46, 14, 54, 22, 62, 30, 37, 5, 45, 13, 53, 21, 61, 29,
182 36, 4, 44, 12, 52, 20, 60, 28, 35, 3, 43, 11, 51, 19, 59, 27,
183 34, 2, 42, 10, 50, 18, 58, 26, 33, 1, 41, 9, 49, 17, 57, 25
186 #define ascii_to_bin(c) ((c)>='a'?(c-59):(c)>='A'?((c)-53):(c)-'.')
187 #define bin_to_ascii(c) ((c)>=38?((c)-38+'a'):(c)>=12?((c)-12+'A'):(c)+'.')
189 static const ufc_long BITMASK[24] = {
190 0x40000000, 0x20000000, 0x10000000, 0x08000000, 0x04000000, 0x02000000,
191 0x01000000, 0x00800000, 0x00400000, 0x00200000, 0x00100000, 0x00080000,
192 0x00004000, 0x00002000, 0x00001000, 0x00000800, 0x00000400, 0x00000200,
193 0x00000100, 0x00000080, 0x00000040, 0x00000020, 0x00000010, 0x00000008
196 static const unsigned char bytemask[8] = {
197 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01
200 static const ufc_long longmask[32] = {
201 0x80000000, 0x40000000, 0x20000000, 0x10000000,
202 0x08000000, 0x04000000, 0x02000000, 0x01000000,
203 0x00800000, 0x00400000, 0x00200000, 0x00100000,
204 0x00080000, 0x00040000, 0x00020000, 0x00010000,
205 0x00008000, 0x00004000, 0x00002000, 0x00001000,
206 0x00000800, 0x00000400, 0x00000200, 0x00000100,
207 0x00000080, 0x00000040, 0x00000020, 0x00000010,
208 0x00000008, 0x00000004, 0x00000002, 0x00000001
212 * do_pc1: permform pc1 permutation in the key schedule generation.
214 * The first index is the byte number in the 8 byte ASCII key
215 * - second - - the two 28 bits halfs of the result
216 * - third - selects the 7 bits actually used of each byte
218 * The result is kept with 28 bit per 32 bit with the 4 most significant
221 static ufc_long do_pc1[8][2][128];
224 * do_pc2: permform pc2 permutation in the key schedule generation.
226 * The first index is the septet number in the two 28 bit intermediate values
227 * - second - - - septet values
229 * Knowledge of the structure of the pc2 permutation is used.
231 * The result is kept with 28 bit per 32 bit with the 4 most significant
234 static ufc_long do_pc2[8][128];
237 * eperm32tab: do 32 bit permutation and E selection
239 * The first index is the byte number in the 32 bit value to be permuted
240 * - second - is the value of this byte
241 * - third - selects the two 32 bit values
243 * The table is used and generated internally in init_des to speed it up
245 static ufc_long eperm32tab[4][256][2];
248 * efp: undo an extra e selection and do final
249 * permutation giving the DES result.
251 * Invoked 6 bit a time on two 48 bit values
252 * giving two 32 bit longs.
254 static ufc_long efp[16][64][2];
257 * For use by the old, non-reentrant routines
258 * (crypt/encrypt/setkey)
260 struct crypt_data _ufc_foobar;
262 #ifdef __GNU_LIBRARY__
263 #include <bits/libc-lock.h>
265 __libc_lock_define_initialized (static, _ufc_tables_lock)
275 ufc_long i, j, t, tmp;
277 for(i = 0; i < n; i++) {
279 for(j = 0; j < 8; j++) {
281 tmp|=(a[t/24] & BITMASK[t % 24])?bytemask[j]:0;
283 (void)printf("%02x ",tmp);
295 for(i = 0; i < 24; i++) {
296 if(v & longmask[8 + i])
303 #ifndef __GNU_LIBRARY__
305 * Silly rewrites of 'bzero'/'memset'. I do so
306 * because some machines don't have
307 * bzero and some don't have memset.
311 _ufc_clearmem(start, cnt)
320 _ufc_copymem(from, to, cnt)
328 #define _ufc_clearmem(start, cnt) memset(start, 0, cnt)
329 #define _ufc_copymem(from, to, cnt) memcpy(to, from, cnt)
332 /* lookup a 6 bit value in sbox */
334 #define s_lookup(i,s) sbox[(i)][(((s)>>4) & 0x2)|((s) & 0x1)][((s)>>1) & 0xf];
337 * Initialize unit - may be invoked directly
343 struct crypt_data * __restrict __data;
348 ufc_long mask1, mask2;
350 static volatile int small_tables_initialized = 0;
354 sb[0] = (long32*)__data->sb0; sb[1] = (long32*)__data->sb1;
355 sb[2] = (long32*)__data->sb2; sb[3] = (long32*)__data->sb3;
359 sb[0] = (long64*)__data->sb0; sb[1] = (long64*)__data->sb1;
360 sb[2] = (long64*)__data->sb2; sb[3] = (long64*)__data->sb3;
363 if(small_tables_initialized == 0) {
364 #ifdef __GNU_LIBRARY__
365 __libc_lock_lock (_ufc_tables_lock);
366 if(small_tables_initialized)
367 goto small_tables_done;
371 * Create the do_pc1 table used
372 * to affect pc1 permutation
373 * when generating keys
375 _ufc_clearmem((char*)do_pc1, (int)sizeof(do_pc1));
376 for(bit = 0; bit < 56; bit++) {
377 comes_from_bit = pc1[bit] - 1;
378 mask1 = bytemask[comes_from_bit % 8 + 1];
379 mask2 = longmask[bit % 28 + 4];
380 for(j = 0; j < 128; j++) {
382 do_pc1[comes_from_bit / 8][bit / 28][j] |= mask2;
387 * Create the do_pc2 table used
388 * to affect pc2 permutation when
391 _ufc_clearmem((char*)do_pc2, (int)sizeof(do_pc2));
392 for(bit = 0; bit < 48; bit++) {
393 comes_from_bit = pc2[bit] - 1;
394 mask1 = bytemask[comes_from_bit % 7 + 1];
395 mask2 = BITMASK[bit % 24];
396 for(j = 0; j < 128; j++) {
398 do_pc2[comes_from_bit / 7][j] |= mask2;
403 * Now generate the table used to do combined
404 * 32 bit permutation and e expansion
406 * We use it because we have to permute 16384 32 bit
407 * longs into 48 bit in order to initialize sb.
409 * Looping 48 rounds per permutation becomes
414 _ufc_clearmem((char*)eperm32tab, (int)sizeof(eperm32tab));
415 for(bit = 0; bit < 48; bit++) {
416 ufc_long mask1,comes_from;
417 comes_from = perm32[esel[bit]-1]-1;
418 mask1 = bytemask[comes_from % 8];
421 eperm32tab[comes_from / 8][j][bit / 24] |= BITMASK[bit % 24];
426 * Create an inverse matrix for esel telling
427 * where to plug out bits if undoing it
429 for(bit=48; bit--;) {
430 e_inverse[esel[bit] - 1 ] = bit;
431 e_inverse[esel[bit] - 1 + 32] = bit + 48;
435 * create efp: the matrix used to
436 * undo the E expansion and effect final permutation
438 _ufc_clearmem((char*)efp, (int)sizeof efp);
439 for(bit = 0; bit < 64; bit++) {
441 ufc_long word_value, mask1, mask2;
442 int comes_from_f_bit, comes_from_e_bit;
443 int comes_from_word, bit_within_word;
445 /* See where bit i belongs in the two 32 bit long's */
446 o_long = bit / 32; /* 0..1 */
447 o_bit = bit % 32; /* 0..31 */
450 * And find a bit in the e permutated value setting this bit.
452 * Note: the e selection may have selected the same bit several
453 * times. By the initialization of e_inverse, we only look
454 * for one specific instance.
456 comes_from_f_bit = final_perm[bit] - 1; /* 0..63 */
457 comes_from_e_bit = e_inverse[comes_from_f_bit]; /* 0..95 */
458 comes_from_word = comes_from_e_bit / 6; /* 0..15 */
459 bit_within_word = comes_from_e_bit % 6; /* 0..5 */
461 mask1 = longmask[bit_within_word + 26];
462 mask2 = longmask[o_bit];
464 for(word_value = 64; word_value--;) {
465 if(word_value & mask1)
466 efp[comes_from_word][word_value][o_long] |= mask2;
469 atomic_write_barrier ();
470 small_tables_initialized = 1;
471 #ifdef __GNU_LIBRARY__
473 __libc_lock_unlock(_ufc_tables_lock);
476 atomic_read_barrier ();
479 * Create the sb tables:
481 * For each 12 bit segment of an 48 bit intermediate
482 * result, the sb table precomputes the two 4 bit
483 * values of the sbox lookups done with the two 6
484 * bit halves, shifts them to their proper place,
485 * sends them through perm32 and finally E expands
486 * them so that they are ready for the next
491 if (__data->sb0 + sizeof (__data->sb0) == __data->sb1
492 && __data->sb1 + sizeof (__data->sb1) == __data->sb2
493 && __data->sb2 + sizeof (__data->sb2) == __data->sb3)
494 _ufc_clearmem(__data->sb0,
495 (int)sizeof(__data->sb0)
496 + (int)sizeof(__data->sb1)
497 + (int)sizeof(__data->sb2)
498 + (int)sizeof(__data->sb3));
500 _ufc_clearmem(__data->sb0, (int)sizeof(__data->sb0));
501 _ufc_clearmem(__data->sb1, (int)sizeof(__data->sb1));
502 _ufc_clearmem(__data->sb2, (int)sizeof(__data->sb2));
503 _ufc_clearmem(__data->sb3, (int)sizeof(__data->sb3));
506 for(sg = 0; sg < 4; sg++) {
510 for(j1 = 0; j1 < 64; j1++) {
511 s1 = s_lookup(2 * sg, j1);
512 for(j2 = 0; j2 < 64; j2++) {
513 ufc_long to_permute, inx;
515 s2 = s_lookup(2 * sg + 1, j2);
516 to_permute = (((ufc_long)s1 << 4) |
517 (ufc_long)s2) << (24 - 8 * (ufc_long)sg);
520 inx = ((j1 << 6) | j2) << 1;
521 sb[sg][inx ] = eperm32tab[0][(to_permute >> 24) & 0xff][0];
522 sb[sg][inx+1] = eperm32tab[0][(to_permute >> 24) & 0xff][1];
523 sb[sg][inx ] |= eperm32tab[1][(to_permute >> 16) & 0xff][0];
524 sb[sg][inx+1] |= eperm32tab[1][(to_permute >> 16) & 0xff][1];
525 sb[sg][inx ] |= eperm32tab[2][(to_permute >> 8) & 0xff][0];
526 sb[sg][inx+1] |= eperm32tab[2][(to_permute >> 8) & 0xff][1];
527 sb[sg][inx ] |= eperm32tab[3][(to_permute) & 0xff][0];
528 sb[sg][inx+1] |= eperm32tab[3][(to_permute) & 0xff][1];
531 inx = ((j1 << 6) | j2);
533 ((long64)eperm32tab[0][(to_permute >> 24) & 0xff][0] << 32) |
534 (long64)eperm32tab[0][(to_permute >> 24) & 0xff][1];
536 ((long64)eperm32tab[1][(to_permute >> 16) & 0xff][0] << 32) |
537 (long64)eperm32tab[1][(to_permute >> 16) & 0xff][1];
539 ((long64)eperm32tab[2][(to_permute >> 8) & 0xff][0] << 32) |
540 (long64)eperm32tab[2][(to_permute >> 8) & 0xff][1];
542 ((long64)eperm32tab[3][(to_permute) & 0xff][0] << 32) |
543 (long64)eperm32tab[3][(to_permute) & 0xff][1];
549 __data->current_saltbits = 0;
550 __data->current_salt[0] = 0;
551 __data->current_salt[1] = 0;
552 __data->initialized++;
558 __init_des_r(&_ufc_foobar);
562 * Process the elements of the sb table permuting the
563 * bits swapped in the expansion by the current salt.
568 shuffle_sb(k, saltbits)
575 x = (k[0] ^ k[1]) & (long32)saltbits;
584 shuffle_sb(k, saltbits)
591 x = ((*k >> 32) ^ *k) & (long64)saltbits;
592 *k++ ^= (x << 32) | x;
598 * Return false iff C is in the specified alphabet for crypt salt.
602 bad_for_salt (char c)
618 * Setup the unit for a new salt
619 * Hopefully we'll not see a new salt in each crypt call.
620 * Return false if an unexpected character was found in s[0] or s[1].
624 _ufc_setup_salt_r(s, __data)
626 struct crypt_data * __restrict __data;
628 ufc_long i, j, saltbits;
631 if(__data->initialized == 0)
632 __init_des_r(__data);
635 if(bad_for_salt (s0))
639 if(bad_for_salt (s1))
642 if(s0 == __data->current_salt[0] && s1 == __data->current_salt[1])
645 __data->current_salt[0] = s0;
646 __data->current_salt[1] = s1;
649 * This is the only crypt change to DES:
650 * entries are swapped in the expansion table
651 * according to the bits set in the salt.
654 for(i = 0; i < 2; i++) {
655 long c=ascii_to_bin(s[i]);
656 for(j = 0; j < 6; j++) {
658 saltbits |= BITMASK[6 * i + j];
663 * Permute the sb table values
664 * to reflect the changed e
668 #define LONGG long32*
671 #define LONGG long64*
674 shuffle_sb((LONGG)__data->sb0, __data->current_saltbits ^ saltbits);
675 shuffle_sb((LONGG)__data->sb1, __data->current_saltbits ^ saltbits);
676 shuffle_sb((LONGG)__data->sb2, __data->current_saltbits ^ saltbits);
677 shuffle_sb((LONGG)__data->sb3, __data->current_saltbits ^ saltbits);
679 __data->current_saltbits = saltbits;
685 _ufc_mk_keytab_r(key, __data)
687 struct crypt_data * __restrict __data;
689 ufc_long v1, v2, *k1;
693 k2 = (long32*)__data->keysched;
697 k2 = (long64*)__data->keysched;
700 v1 = v2 = 0; k1 = &do_pc1[0][0][0];
702 v1 |= k1[*key & 0x7f]; k1 += 128;
703 v2 |= k1[*key++ & 0x7f]; k1 += 128;
706 for(i = 0; i < 16; i++) {
709 v1 = (v1 << rots[i]) | (v1 >> (28 - rots[i]));
710 v = k1[(v1 >> 21) & 0x7f]; k1 += 128;
711 v |= k1[(v1 >> 14) & 0x7f]; k1 += 128;
712 v |= k1[(v1 >> 7) & 0x7f]; k1 += 128;
713 v |= k1[(v1 ) & 0x7f]; k1 += 128;
716 *k2++ = (v | 0x00008000);
723 v2 = (v2 << rots[i]) | (v2 >> (28 - rots[i]));
724 v |= k1[(v2 >> 21) & 0x7f]; k1 += 128;
725 v |= k1[(v2 >> 14) & 0x7f]; k1 += 128;
726 v |= k1[(v2 >> 7) & 0x7f]; k1 += 128;
727 v |= k1[(v2 ) & 0x7f];
730 *k2++ = (v | 0x00008000);
733 *k2++ = v | 0x0000800000008000l;
737 __data->direction = 0;
741 * Undo an extra E selection and do final permutations
745 _ufc_dofinalperm_r(res, __data)
747 struct crypt_data * __restrict __data;
750 ufc_long l1,l2,r1,r2;
752 l1 = res[0]; l2 = res[1];
753 r1 = res[2]; r2 = res[3];
755 x = (l1 ^ l2) & __data->current_saltbits; l1 ^= x; l2 ^= x;
756 x = (r1 ^ r2) & __data->current_saltbits; r1 ^= x; r2 ^= x;
758 v1=v2=0; l1 >>= 3; l2 >>= 3; r1 >>= 3; r2 >>= 3;
760 v1 |= efp[15][ r2 & 0x3f][0]; v2 |= efp[15][ r2 & 0x3f][1];
761 v1 |= efp[14][(r2 >>= 6) & 0x3f][0]; v2 |= efp[14][ r2 & 0x3f][1];
762 v1 |= efp[13][(r2 >>= 10) & 0x3f][0]; v2 |= efp[13][ r2 & 0x3f][1];
763 v1 |= efp[12][(r2 >>= 6) & 0x3f][0]; v2 |= efp[12][ r2 & 0x3f][1];
765 v1 |= efp[11][ r1 & 0x3f][0]; v2 |= efp[11][ r1 & 0x3f][1];
766 v1 |= efp[10][(r1 >>= 6) & 0x3f][0]; v2 |= efp[10][ r1 & 0x3f][1];
767 v1 |= efp[ 9][(r1 >>= 10) & 0x3f][0]; v2 |= efp[ 9][ r1 & 0x3f][1];
768 v1 |= efp[ 8][(r1 >>= 6) & 0x3f][0]; v2 |= efp[ 8][ r1 & 0x3f][1];
770 v1 |= efp[ 7][ l2 & 0x3f][0]; v2 |= efp[ 7][ l2 & 0x3f][1];
771 v1 |= efp[ 6][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 6][ l2 & 0x3f][1];
772 v1 |= efp[ 5][(l2 >>= 10) & 0x3f][0]; v2 |= efp[ 5][ l2 & 0x3f][1];
773 v1 |= efp[ 4][(l2 >>= 6) & 0x3f][0]; v2 |= efp[ 4][ l2 & 0x3f][1];
775 v1 |= efp[ 3][ l1 & 0x3f][0]; v2 |= efp[ 3][ l1 & 0x3f][1];
776 v1 |= efp[ 2][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 2][ l1 & 0x3f][1];
777 v1 |= efp[ 1][(l1 >>= 10) & 0x3f][0]; v2 |= efp[ 1][ l1 & 0x3f][1];
778 v1 |= efp[ 0][(l1 >>= 6) & 0x3f][0]; v2 |= efp[ 0][ l1 & 0x3f][1];
780 res[0] = v1; res[1] = v2;
784 * crypt only: convert from 64 bit to 11 bit ASCII
785 * prefixing with the salt
789 _ufc_output_conversion_r(v1, v2, salt, __data)
792 struct crypt_data * __restrict __data;
796 __data->crypt_3_buf[0] = salt[0];
797 __data->crypt_3_buf[1] = salt[1] ? salt[1] : salt[0];
799 for(i = 0; i < 5; i++) {
800 shf = (26 - 6 * i); /* to cope with MSC compiler bug */
801 __data->crypt_3_buf[i + 2] = bin_to_ascii((v1 >> shf) & 0x3f);
805 v2 = (v2 >> 2) | ((v1 & 0x3) << 30);
807 for(i = 5; i < 10; i++) {
809 __data->crypt_3_buf[i + 2] = bin_to_ascii((v2 >> shf) & 0x3f);
812 __data->crypt_3_buf[12] = bin_to_ascii(s);
813 __data->crypt_3_buf[13] = 0;
818 * UNIX encrypt function. Takes a bitvector
819 * represented by one byte per bit and
820 * encrypt/decrypt according to edflag
824 __encrypt_r(__block, __edflag, __data)
827 struct crypt_data * __restrict __data;
829 ufc_long l1, l2, r1, r2, res[4];
833 kt = (long32*)__data->keysched;
837 kt = (long64*)__data->keysched;
841 * Undo any salt changes to E expansion
843 _ufc_setup_salt_r("..", __data);
846 * Reverse key table if
847 * changing operation (encrypt/decrypt)
849 if((__edflag == 0) != (__data->direction == 0)) {
850 for(i = 0; i < 8; i++) {
854 kt[2 * (15-i)] = kt[2 * i];
857 x = kt[2 * (15-i) + 1];
858 kt[2 * (15-i) + 1] = kt[2 * i + 1];
868 __data->direction = __edflag;
872 * Do initial permutation + E expansion
875 for(l1 = 0; i < 24; i++) {
876 if(__block[initial_perm[esel[i]-1]-1])
879 for(l2 = 0; i < 48; i++) {
880 if(__block[initial_perm[esel[i]-1]-1])
885 for(r1 = 0; i < 24; i++) {
886 if(__block[initial_perm[esel[i]-1+32]-1])
889 for(r2 = 0; i < 48; i++) {
890 if(__block[initial_perm[esel[i]-1+32]-1])
895 * Do DES inner loops + final conversion
897 res[0] = l1; res[1] = l2;
898 res[2] = r1; res[3] = r2;
899 _ufc_doit_r((ufc_long)1, __data, &res[0]);
902 * Do final permutations
904 _ufc_dofinalperm_r(res, __data);
907 * And convert to bit array
909 l1 = res[0]; r1 = res[1];
910 for(i = 0; i < 32; i++) {
911 *__block++ = (l1 & longmask[i]) != 0;
913 for(i = 0; i < 32; i++) {
914 *__block++ = (r1 & longmask[i]) != 0;
917 weak_alias (__encrypt_r, encrypt_r)
920 encrypt(__block, __edflag)
924 __encrypt_r(__block, __edflag, &_ufc_foobar);
929 * UNIX setkey function. Take a 64 bit DES
930 * key and setup the machinery.
934 __setkey_r(__key, __data)
936 struct crypt_data * __restrict __data;
940 unsigned char ktab[8];
942 _ufc_setup_salt_r("..", __data); /* be sure we're initialized */
944 for(i = 0; i < 8; i++) {
945 for(j = 0, c = 0; j < 8; j++)
946 c = c << 1 | *__key++;
949 _ufc_mk_keytab_r((char *) ktab, __data);
951 weak_alias (__setkey_r, setkey_r)
957 __setkey_r(__key, &_ufc_foobar);
git.samba.org / jlayton / glibc.git / blob