Commit | Line | Data |
---|---|---|
2ce81398 | 1 | #if defined(LIBC_SCCS) && !defined(lint) |
c0e388d6 | 2 | static char sccsid[] = "@(#)crypt.c 5.2.1.1 (Berkeley) %G%"; |
2ce81398 | 3 | #endif LIBC_SCCS and not lint |
b8f253e8 | 4 | |
98bd1891 BJ |
5 | /* |
6 | * This program implements the | |
7 | * Proposed Federal Information Processing | |
8 | * Data Encryption Standard. | |
9 | * See Federal Register, March 17, 1975 (40FR12134) | |
10 | */ | |
11 | ||
12 | /* | |
13 | * Initial permutation, | |
14 | */ | |
15 | static char IP[] = { | |
16 | 58,50,42,34,26,18,10, 2, | |
17 | 60,52,44,36,28,20,12, 4, | |
18 | 62,54,46,38,30,22,14, 6, | |
19 | 64,56,48,40,32,24,16, 8, | |
20 | 57,49,41,33,25,17, 9, 1, | |
21 | 59,51,43,35,27,19,11, 3, | |
22 | 61,53,45,37,29,21,13, 5, | |
23 | 63,55,47,39,31,23,15, 7, | |
24 | }; | |
25 | ||
26 | /* | |
27 | * Final permutation, FP = IP^(-1) | |
28 | */ | |
29 | static char FP[] = { | |
30 | 40, 8,48,16,56,24,64,32, | |
31 | 39, 7,47,15,55,23,63,31, | |
32 | 38, 6,46,14,54,22,62,30, | |
33 | 37, 5,45,13,53,21,61,29, | |
34 | 36, 4,44,12,52,20,60,28, | |
35 | 35, 3,43,11,51,19,59,27, | |
36 | 34, 2,42,10,50,18,58,26, | |
37 | 33, 1,41, 9,49,17,57,25, | |
38 | }; | |
39 | ||
40 | /* | |
41 | * Permuted-choice 1 from the key bits | |
42 | * to yield C and D. | |
43 | * Note that bits 8,16... are left out: | |
44 | * They are intended for a parity check. | |
45 | */ | |
46 | static char PC1_C[] = { | |
47 | 57,49,41,33,25,17, 9, | |
48 | 1,58,50,42,34,26,18, | |
49 | 10, 2,59,51,43,35,27, | |
50 | 19,11, 3,60,52,44,36, | |
51 | }; | |
52 | ||
53 | static char PC1_D[] = { | |
54 | 63,55,47,39,31,23,15, | |
55 | 7,62,54,46,38,30,22, | |
56 | 14, 6,61,53,45,37,29, | |
57 | 21,13, 5,28,20,12, 4, | |
58 | }; | |
59 | ||
60 | /* | |
61 | * Sequence of shifts used for the key schedule. | |
62 | */ | |
63 | static char shifts[] = { | |
64 | 1,1,2,2,2,2,2,2,1,2,2,2,2,2,2,1, | |
65 | }; | |
66 | ||
67 | /* | |
68 | * Permuted-choice 2, to pick out the bits from | |
69 | * the CD array that generate the key schedule. | |
70 | */ | |
71 | static char PC2_C[] = { | |
72 | 14,17,11,24, 1, 5, | |
73 | 3,28,15, 6,21,10, | |
74 | 23,19,12, 4,26, 8, | |
75 | 16, 7,27,20,13, 2, | |
76 | }; | |
77 | ||
78 | static char PC2_D[] = { | |
79 | 41,52,31,37,47,55, | |
80 | 30,40,51,45,33,48, | |
81 | 44,49,39,56,34,53, | |
82 | 46,42,50,36,29,32, | |
83 | }; | |
84 | ||
85 | /* | |
86 | * The C and D arrays used to calculate the key schedule. | |
87 | */ | |
88 | ||
89 | static char C[28]; | |
90 | static char D[28]; | |
91 | /* | |
92 | * The key schedule. | |
93 | * Generated from the key. | |
94 | */ | |
95 | static char KS[16][48]; | |
96 | ||
99401500 RC |
97 | /* |
98 | * The E bit-selection table. | |
99 | */ | |
100 | static char E[48]; | |
101 | static char e[] = { | |
102 | 32, 1, 2, 3, 4, 5, | |
103 | 4, 5, 6, 7, 8, 9, | |
104 | 8, 9,10,11,12,13, | |
105 | 12,13,14,15,16,17, | |
106 | 16,17,18,19,20,21, | |
107 | 20,21,22,23,24,25, | |
108 | 24,25,26,27,28,29, | |
109 | 28,29,30,31,32, 1, | |
110 | }; | |
111 | ||
98bd1891 BJ |
112 | /* |
113 | * Set up the key schedule from the key. | |
114 | */ | |
115 | ||
116 | setkey(key) | |
117 | char *key; | |
118 | { | |
119 | register i, j, k; | |
120 | int t; | |
121 | ||
122 | /* | |
123 | * First, generate C and D by permuting | |
124 | * the key. The low order bit of each | |
125 | * 8-bit char is not used, so C and D are only 28 | |
126 | * bits apiece. | |
127 | */ | |
128 | for (i=0; i<28; i++) { | |
129 | C[i] = key[PC1_C[i]-1]; | |
130 | D[i] = key[PC1_D[i]-1]; | |
131 | } | |
132 | /* | |
133 | * To generate Ki, rotate C and D according | |
134 | * to schedule and pick up a permutation | |
135 | * using PC2. | |
136 | */ | |
137 | for (i=0; i<16; i++) { | |
138 | /* | |
139 | * rotate. | |
140 | */ | |
141 | for (k=0; k<shifts[i]; k++) { | |
142 | t = C[0]; | |
143 | for (j=0; j<28-1; j++) | |
144 | C[j] = C[j+1]; | |
145 | C[27] = t; | |
146 | t = D[0]; | |
147 | for (j=0; j<28-1; j++) | |
148 | D[j] = D[j+1]; | |
149 | D[27] = t; | |
150 | } | |
151 | /* | |
152 | * get Ki. Note C and D are concatenated. | |
153 | */ | |
154 | for (j=0; j<24; j++) { | |
155 | KS[i][j] = C[PC2_C[j]-1]; | |
156 | KS[i][j+24] = D[PC2_D[j]-28-1]; | |
157 | } | |
158 | } | |
98bd1891 | 159 | |
99401500 RC |
160 | for(i=0;i<48;i++) |
161 | E[i] = e[i]; | |
162 | } | |
98bd1891 BJ |
163 | |
164 | /* | |
165 | * The 8 selection functions. | |
166 | * For some reason, they give a 0-origin | |
167 | * index, unlike everything else. | |
168 | */ | |
169 | static char S[8][64] = { | |
170 | 14, 4,13, 1, 2,15,11, 8, 3,10, 6,12, 5, 9, 0, 7, | |
171 | 0,15, 7, 4,14, 2,13, 1,10, 6,12,11, 9, 5, 3, 8, | |
172 | 4, 1,14, 8,13, 6, 2,11,15,12, 9, 7, 3,10, 5, 0, | |
173 | 15,12, 8, 2, 4, 9, 1, 7, 5,11, 3,14,10, 0, 6,13, | |
174 | ||
175 | 15, 1, 8,14, 6,11, 3, 4, 9, 7, 2,13,12, 0, 5,10, | |
176 | 3,13, 4, 7,15, 2, 8,14,12, 0, 1,10, 6, 9,11, 5, | |
177 | 0,14, 7,11,10, 4,13, 1, 5, 8,12, 6, 9, 3, 2,15, | |
178 | 13, 8,10, 1, 3,15, 4, 2,11, 6, 7,12, 0, 5,14, 9, | |
179 | ||
180 | 10, 0, 9,14, 6, 3,15, 5, 1,13,12, 7,11, 4, 2, 8, | |
181 | 13, 7, 0, 9, 3, 4, 6,10, 2, 8, 5,14,12,11,15, 1, | |
182 | 13, 6, 4, 9, 8,15, 3, 0,11, 1, 2,12, 5,10,14, 7, | |
183 | 1,10,13, 0, 6, 9, 8, 7, 4,15,14, 3,11, 5, 2,12, | |
184 | ||
185 | 7,13,14, 3, 0, 6, 9,10, 1, 2, 8, 5,11,12, 4,15, | |
186 | 13, 8,11, 5, 6,15, 0, 3, 4, 7, 2,12, 1,10,14, 9, | |
187 | 10, 6, 9, 0,12,11, 7,13,15, 1, 3,14, 5, 2, 8, 4, | |
188 | 3,15, 0, 6,10, 1,13, 8, 9, 4, 5,11,12, 7, 2,14, | |
189 | ||
190 | 2,12, 4, 1, 7,10,11, 6, 8, 5, 3,15,13, 0,14, 9, | |
191 | 14,11, 2,12, 4, 7,13, 1, 5, 0,15,10, 3, 9, 8, 6, | |
192 | 4, 2, 1,11,10,13, 7, 8,15, 9,12, 5, 6, 3, 0,14, | |
193 | 11, 8,12, 7, 1,14, 2,13, 6,15, 0, 9,10, 4, 5, 3, | |
194 | ||
195 | 12, 1,10,15, 9, 2, 6, 8, 0,13, 3, 4,14, 7, 5,11, | |
196 | 10,15, 4, 2, 7,12, 9, 5, 6, 1,13,14, 0,11, 3, 8, | |
197 | 9,14,15, 5, 2, 8,12, 3, 7, 0, 4,10, 1,13,11, 6, | |
198 | 4, 3, 2,12, 9, 5,15,10,11,14, 1, 7, 6, 0, 8,13, | |
199 | ||
200 | 4,11, 2,14,15, 0, 8,13, 3,12, 9, 7, 5,10, 6, 1, | |
201 | 13, 0,11, 7, 4, 9, 1,10,14, 3, 5,12, 2,15, 8, 6, | |
202 | 1, 4,11,13,12, 3, 7,14,10,15, 6, 8, 0, 5, 9, 2, | |
203 | 6,11,13, 8, 1, 4,10, 7, 9, 5, 0,15,14, 2, 3,12, | |
204 | ||
205 | 13, 2, 8, 4, 6,15,11, 1,10, 9, 3,14, 5, 0,12, 7, | |
206 | 1,15,13, 8,10, 3, 7, 4,12, 5, 6,11, 0,14, 9, 2, | |
207 | 7,11, 4, 1, 9,12,14, 2, 0, 6,10,13,15, 3, 5, 8, | |
208 | 2, 1,14, 7, 4,10, 8,13,15,12, 9, 0, 3, 5, 6,11, | |
209 | }; | |
210 | ||
211 | /* | |
212 | * P is a permutation on the selected combination | |
213 | * of the current L and key. | |
214 | */ | |
215 | static char P[] = { | |
216 | 16, 7,20,21, | |
217 | 29,12,28,17, | |
218 | 1,15,23,26, | |
219 | 5,18,31,10, | |
220 | 2, 8,24,14, | |
221 | 32,27, 3, 9, | |
222 | 19,13,30, 6, | |
223 | 22,11, 4,25, | |
224 | }; | |
225 | ||
226 | /* | |
227 | * The current block, divided into 2 halves. | |
228 | */ | |
229 | static char L[32], R[32]; | |
230 | static char tempL[32]; | |
231 | static char f[32]; | |
232 | ||
233 | /* | |
234 | * The combination of the key and the input, before selection. | |
235 | */ | |
236 | static char preS[48]; | |
237 | ||
238 | /* | |
239 | * The payoff: encrypt a block. | |
240 | */ | |
241 | ||
242 | encrypt(block, edflag) | |
243 | char *block; | |
244 | { | |
245 | int i, ii; | |
246 | register t, j, k; | |
247 | ||
248 | /* | |
249 | * First, permute the bits in the input | |
250 | */ | |
251 | for (j=0; j<64; j++) | |
252 | L[j] = block[IP[j]-1]; | |
253 | /* | |
254 | * Perform an encryption operation 16 times. | |
255 | */ | |
256 | for (ii=0; ii<16; ii++) { | |
257 | /* | |
c0e388d6 | 258 | * Only encrypt for now. |
98bd1891 | 259 | */ |
c0e388d6 | 260 | i = ii; |
98bd1891 BJ |
261 | /* |
262 | * Save the R array, | |
263 | * which will be the new L. | |
264 | */ | |
265 | for (j=0; j<32; j++) | |
266 | tempL[j] = R[j]; | |
267 | /* | |
268 | * Expand R to 48 bits using the E selector; | |
269 | * exclusive-or with the current key bits. | |
270 | */ | |
271 | for (j=0; j<48; j++) | |
272 | preS[j] = R[E[j]-1] ^ KS[i][j]; | |
273 | /* | |
274 | * The pre-select bits are now considered | |
275 | * in 8 groups of 6 bits each. | |
276 | * The 8 selection functions map these | |
277 | * 6-bit quantities into 4-bit quantities | |
278 | * and the results permuted | |
279 | * to make an f(R, K). | |
280 | * The indexing into the selection functions | |
281 | * is peculiar; it could be simplified by | |
282 | * rewriting the tables. | |
283 | */ | |
284 | for (j=0; j<8; j++) { | |
285 | t = 6*j; | |
286 | k = S[j][(preS[t+0]<<5)+ | |
287 | (preS[t+1]<<3)+ | |
288 | (preS[t+2]<<2)+ | |
289 | (preS[t+3]<<1)+ | |
290 | (preS[t+4]<<0)+ | |
291 | (preS[t+5]<<4)]; | |
292 | t = 4*j; | |
293 | f[t+0] = (k>>3)&01; | |
294 | f[t+1] = (k>>2)&01; | |
295 | f[t+2] = (k>>1)&01; | |
296 | f[t+3] = (k>>0)&01; | |
297 | } | |
298 | /* | |
299 | * The new R is L ^ f(R, K). | |
300 | * The f here has to be permuted first, though. | |
301 | */ | |
302 | for (j=0; j<32; j++) | |
303 | R[j] = L[j] ^ f[P[j]-1]; | |
304 | /* | |
305 | * Finally, the new L (the original R) | |
306 | * is copied back. | |
307 | */ | |
308 | for (j=0; j<32; j++) | |
309 | L[j] = tempL[j]; | |
310 | } | |
311 | /* | |
312 | * The output L and R are reversed. | |
313 | */ | |
314 | for (j=0; j<32; j++) { | |
315 | t = L[j]; | |
316 | L[j] = R[j]; | |
317 | R[j] = t; | |
318 | } | |
319 | /* | |
320 | * The final output | |
321 | * gets the inverse permutation of the very original. | |
322 | */ | |
323 | for (j=0; j<64; j++) | |
324 | block[j] = L[FP[j]-1]; | |
325 | } | |
326 | ||
327 | char * | |
328 | crypt(pw,salt) | |
329 | char *pw; | |
330 | char *salt; | |
331 | { | |
332 | register i, j, c; | |
333 | int temp; | |
334 | static char block[66], iobuf[16]; | |
99401500 | 335 | |
98bd1891 BJ |
336 | for(i=0; i<66; i++) |
337 | block[i] = 0; | |
338 | for(i=0; (c= *pw) && i<64; pw++){ | |
339 | for(j=0; j<7; j++, i++) | |
340 | block[i] = (c>>(6-j)) & 01; | |
341 | i++; | |
342 | } | |
343 | ||
344 | setkey(block); | |
345 | ||
346 | for(i=0; i<66; i++) | |
347 | block[i] = 0; | |
348 | ||
98bd1891 BJ |
349 | for(i=0;i<2;i++){ |
350 | c = *salt++; | |
351 | iobuf[i] = c; | |
352 | if(c>'Z') c -= 6; | |
353 | if(c>'9') c -= 7; | |
354 | c -= '.'; | |
355 | for(j=0;j<6;j++){ | |
356 | if((c>>j) & 01){ | |
357 | temp = E[6*i+j]; | |
358 | E[6*i+j] = E[6*i+j+24]; | |
359 | E[6*i+j+24] = temp; | |
360 | } | |
361 | } | |
362 | } | |
363 | ||
364 | for(i=0; i<25; i++) | |
365 | encrypt(block,0); | |
366 | ||
367 | for(i=0; i<11; i++){ | |
368 | c = 0; | |
369 | for(j=0; j<6; j++){ | |
370 | c <<= 1; | |
371 | c |= block[6*i+j]; | |
372 | } | |
373 | c += '.'; | |
374 | if(c>'9') c += 7; | |
375 | if(c>'Z') c += 6; | |
376 | iobuf[i+2] = c; | |
377 | } | |
378 | iobuf[i+2] = 0; | |
379 | if(iobuf[1]==0) | |
380 | iobuf[1] = iobuf[0]; | |
381 | return(iobuf); | |
382 | } |