PostgreSQL Source Code  git master
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros
crypt-des.c
Go to the documentation of this file.
1 /*
2  * FreeSec: libcrypt for NetBSD
3  *
4  * contrib/pgcrypto/crypt-des.c
5  *
6  * Copyright (c) 1994 David Burren
7  * All rights reserved.
8  *
9  * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
10  * this file should now *only* export crypt(), in order to make
11  * binaries of libcrypt exportable from the USA
12  *
13  * Adapted for FreeBSD-4.0 by Mark R V Murray
14  * this file should now *only* export crypt_des(), in order to make
15  * a module that can be optionally included in libcrypt.
16  *
17  * Redistribution and use in source and binary forms, with or without
18  * modification, are permitted provided that the following conditions
19  * are met:
20  * 1. Redistributions of source code must retain the above copyright
21  * notice, this list of conditions and the following disclaimer.
22  * 2. Redistributions in binary form must reproduce the above copyright
23  * notice, this list of conditions and the following disclaimer in the
24  * documentation and/or other materials provided with the distribution.
25  * 3. Neither the name of the author nor the names of other contributors
26  * may be used to endorse or promote products derived from this software
27  * without specific prior written permission.
28  *
29  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
30  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
33  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39  * SUCH DAMAGE.
40  *
41  * $FreeBSD: src/secure/lib/libcrypt/crypt-des.c,v 1.12 1999/09/20 12:39:20 markm Exp $
42  *
43  * This is an original implementation of the DES and the crypt(3) interfaces
44  * by David Burren <davidb@werj.com.au>.
45  *
46  * An excellent reference on the underlying algorithm (and related
47  * algorithms) is:
48  *
49  * B. Schneier, Applied Cryptography: protocols, algorithms,
50  * and source code in C, John Wiley & Sons, 1994.
51  *
52  * Note that in that book's description of DES the lookups for the initial,
53  * pbox, and final permutations are inverted (this has been brought to the
54  * attention of the author). A list of errata for this book has been
55  * posted to the sci.crypt newsgroup by the author and is available for FTP.
56  *
57  * ARCHITECTURE ASSUMPTIONS:
58  * It is assumed that the 8-byte arrays passed by reference can be
59  * addressed as arrays of uint32's (ie. the CPU is not picky about
60  * alignment).
61  */
62 
63 #include "postgres.h"
64 #include "miscadmin.h"
65 
66 #include "px-crypt.h"
67 
68 /* for ntohl/htonl */
69 #include <netinet/in.h>
70 #include <arpa/inet.h>
71 
72 #define _PASSWORD_EFMT1 '_'
73 
74 static const char _crypt_a64[] =
75 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
76 
77 static uint8 IP[64] = {
78  58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
79  62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
80  57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
81  61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
82 };
83 
84 static uint8 inv_key_perm[64];
85 static uint8 u_key_perm[56];
86 static uint8 key_perm[56] = {
87  57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
88  10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
89  63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
90  14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
91 };
92 
93 static uint8 key_shifts[16] = {
94  1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
95 };
96 
97 static uint8 inv_comp_perm[56];
98 static uint8 comp_perm[48] = {
99  14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
100  23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
101  41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
102  44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
103 };
104 
105 /*
106  * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
107  */
108 
109 static uint8 u_sbox[8][64];
110 static uint8 sbox[8][64] = {
111  {
112  14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
113  0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
114  4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
115  15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
116  },
117  {
118  15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
119  3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
120  0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
121  13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
122  },
123  {
124  10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
125  13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
126  13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
127  1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
128  },
129  {
130  7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
131  13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
132  10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
133  3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
134  },
135  {
136  2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
137  14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
138  4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
139  11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
140  },
141  {
142  12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
143  10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
144  9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
145  4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
146  },
147  {
148  4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
149  13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
150  1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
151  6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
152  },
153  {
154  13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
155  1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
156  7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
157  2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
158  }
159 };
160 
161 static uint8 un_pbox[32];
162 static uint8 pbox[32] = {
163  16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
164  2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
165 };
166 
167 static uint32 _crypt_bits32[32] =
168 {
169  0x80000000, 0x40000000, 0x20000000, 0x10000000,
170  0x08000000, 0x04000000, 0x02000000, 0x01000000,
171  0x00800000, 0x00400000, 0x00200000, 0x00100000,
172  0x00080000, 0x00040000, 0x00020000, 0x00010000,
173  0x00008000, 0x00004000, 0x00002000, 0x00001000,
174  0x00000800, 0x00000400, 0x00000200, 0x00000100,
175  0x00000080, 0x00000040, 0x00000020, 0x00000010,
176  0x00000008, 0x00000004, 0x00000002, 0x00000001
177 };
178 
179 static uint8 _crypt_bits8[8] = {0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01};
180 
182 static long old_salt;
183 static uint32 *bits28,
184  *bits24;
185 static uint8 init_perm[64],
186  final_perm[64];
187 static uint32 en_keysl[16],
188  en_keysr[16];
189 static uint32 de_keysl[16],
190  de_keysr[16];
191 static int des_initialised = 0;
192 static uint8 m_sbox[4][4096];
193 static uint32 psbox[4][256];
194 static uint32 ip_maskl[8][256],
195  ip_maskr[8][256];
196 static uint32 fp_maskl[8][256],
197  fp_maskr[8][256];
198 static uint32 key_perm_maskl[8][128],
199  key_perm_maskr[8][128];
200 static uint32 comp_maskl[8][128],
201  comp_maskr[8][128];
203  old_rawkey1;
204 
205 static inline int
206 ascii_to_bin(char ch)
207 {
208  if (ch > 'z')
209  return (0);
210  if (ch >= 'a')
211  return (ch - 'a' + 38);
212  if (ch > 'Z')
213  return (0);
214  if (ch >= 'A')
215  return (ch - 'A' + 12);
216  if (ch > '9')
217  return (0);
218  if (ch >= '.')
219  return (ch - '.');
220  return (0);
221 }
222 
223 static void
224 des_init(void)
225 {
226  int i,
227  j,
228  b,
229  k,
230  inbit,
231  obit;
232  uint32 *p,
233  *il,
234  *ir,
235  *fl,
236  *fr;
237 
238  old_rawkey0 = old_rawkey1 = 0L;
239  saltbits = 0L;
240  old_salt = 0L;
241  bits24 = (bits28 = _crypt_bits32 + 4) + 4;
242 
243  /*
244  * Invert the S-boxes, reordering the input bits.
245  */
246  for (i = 0; i < 8; i++)
247  for (j = 0; j < 64; j++)
248  {
249  b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
250  u_sbox[i][j] = sbox[i][b];
251  }
252 
253  /*
254  * Convert the inverted S-boxes into 4 arrays of 8 bits. Each will handle
255  * 12 bits of the S-box input.
256  */
257  for (b = 0; b < 4; b++)
258  for (i = 0; i < 64; i++)
259  for (j = 0; j < 64; j++)
260  m_sbox[b][(i << 6) | j] =
261  (u_sbox[(b << 1)][i] << 4) |
262  u_sbox[(b << 1) + 1][j];
263 
264  /*
265  * Set up the initial & final permutations into a useful form, and
266  * initialise the inverted key permutation.
267  */
268  for (i = 0; i < 64; i++)
269  {
270  init_perm[final_perm[i] = IP[i] - 1] = i;
271  inv_key_perm[i] = 255;
272  }
273 
274  /*
275  * Invert the key permutation and initialise the inverted key compression
276  * permutation.
277  */
278  for (i = 0; i < 56; i++)
279  {
280  u_key_perm[i] = key_perm[i] - 1;
281  inv_key_perm[key_perm[i] - 1] = i;
282  inv_comp_perm[i] = 255;
283  }
284 
285  /*
286  * Invert the key compression permutation.
287  */
288  for (i = 0; i < 48; i++)
289  inv_comp_perm[comp_perm[i] - 1] = i;
290 
291  /*
292  * Set up the OR-mask arrays for the initial and final permutations, and
293  * for the key initial and compression permutations.
294  */
295  for (k = 0; k < 8; k++)
296  {
297  for (i = 0; i < 256; i++)
298  {
299  *(il = &ip_maskl[k][i]) = 0L;
300  *(ir = &ip_maskr[k][i]) = 0L;
301  *(fl = &fp_maskl[k][i]) = 0L;
302  *(fr = &fp_maskr[k][i]) = 0L;
303  for (j = 0; j < 8; j++)
304  {
305  inbit = 8 * k + j;
306  if (i & _crypt_bits8[j])
307  {
308  if ((obit = init_perm[inbit]) < 32)
309  *il |= _crypt_bits32[obit];
310  else
311  *ir |= _crypt_bits32[obit - 32];
312  if ((obit = final_perm[inbit]) < 32)
313  *fl |= _crypt_bits32[obit];
314  else
315  *fr |= _crypt_bits32[obit - 32];
316  }
317  }
318  }
319  for (i = 0; i < 128; i++)
320  {
321  *(il = &key_perm_maskl[k][i]) = 0L;
322  *(ir = &key_perm_maskr[k][i]) = 0L;
323  for (j = 0; j < 7; j++)
324  {
325  inbit = 8 * k + j;
326  if (i & _crypt_bits8[j + 1])
327  {
328  if ((obit = inv_key_perm[inbit]) == 255)
329  continue;
330  if (obit < 28)
331  *il |= bits28[obit];
332  else
333  *ir |= bits28[obit - 28];
334  }
335  }
336  *(il = &comp_maskl[k][i]) = 0L;
337  *(ir = &comp_maskr[k][i]) = 0L;
338  for (j = 0; j < 7; j++)
339  {
340  inbit = 7 * k + j;
341  if (i & _crypt_bits8[j + 1])
342  {
343  if ((obit = inv_comp_perm[inbit]) == 255)
344  continue;
345  if (obit < 24)
346  *il |= bits24[obit];
347  else
348  *ir |= bits24[obit - 24];
349  }
350  }
351  }
352  }
353 
354  /*
355  * Invert the P-box permutation, and convert into OR-masks for handling
356  * the output of the S-box arrays setup above.
357  */
358  for (i = 0; i < 32; i++)
359  un_pbox[pbox[i] - 1] = i;
360 
361  for (b = 0; b < 4; b++)
362  for (i = 0; i < 256; i++)
363  {
364  *(p = &psbox[b][i]) = 0L;
365  for (j = 0; j < 8; j++)
366  {
367  if (i & _crypt_bits8[j])
368  *p |= _crypt_bits32[un_pbox[8 * b + j]];
369  }
370  }
371 
372  des_initialised = 1;
373 }
374 
375 static void
376 setup_salt(long salt)
377 {
378  uint32 obit,
379  saltbit;
380  int i;
381 
382  if (salt == old_salt)
383  return;
384  old_salt = salt;
385 
386  saltbits = 0L;
387  saltbit = 1;
388  obit = 0x800000;
389  for (i = 0; i < 24; i++)
390  {
391  if (salt & saltbit)
392  saltbits |= obit;
393  saltbit <<= 1;
394  obit >>= 1;
395  }
396 }
397 
398 static int
399 des_setkey(const char *key)
400 {
401  uint32 k0,
402  k1,
403  rawkey0,
404  rawkey1;
405  int shifts,
406  round;
407 
408  if (!des_initialised)
409  des_init();
410 
411  rawkey0 = ntohl(*(const uint32 *) key);
412  rawkey1 = ntohl(*(const uint32 *) (key + 4));
413 
414  if ((rawkey0 | rawkey1)
415  && rawkey0 == old_rawkey0
416  && rawkey1 == old_rawkey1)
417  {
418  /*
419  * Already setup for this key. This optimisation fails on a zero key
420  * (which is weak and has bad parity anyway) in order to simplify the
421  * starting conditions.
422  */
423  return (0);
424  }
425  old_rawkey0 = rawkey0;
426  old_rawkey1 = rawkey1;
427 
428  /*
429  * Do key permutation and split into two 28-bit subkeys.
430  */
431  k0 = key_perm_maskl[0][rawkey0 >> 25]
432  | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
433  | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
434  | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
435  | key_perm_maskl[4][rawkey1 >> 25]
436  | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
437  | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
438  | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
439  k1 = key_perm_maskr[0][rawkey0 >> 25]
440  | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
441  | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
442  | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
443  | key_perm_maskr[4][rawkey1 >> 25]
444  | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
445  | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
446  | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
447 
448  /*
449  * Rotate subkeys and do compression permutation.
450  */
451  shifts = 0;
452  for (round = 0; round < 16; round++)
453  {
454  uint32 t0,
455  t1;
456 
457  shifts += key_shifts[round];
458 
459  t0 = (k0 << shifts) | (k0 >> (28 - shifts));
460  t1 = (k1 << shifts) | (k1 >> (28 - shifts));
461 
462  de_keysl[15 - round] =
463  en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
464  | comp_maskl[1][(t0 >> 14) & 0x7f]
465  | comp_maskl[2][(t0 >> 7) & 0x7f]
466  | comp_maskl[3][t0 & 0x7f]
467  | comp_maskl[4][(t1 >> 21) & 0x7f]
468  | comp_maskl[5][(t1 >> 14) & 0x7f]
469  | comp_maskl[6][(t1 >> 7) & 0x7f]
470  | comp_maskl[7][t1 & 0x7f];
471 
472  de_keysr[15 - round] =
473  en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
474  | comp_maskr[1][(t0 >> 14) & 0x7f]
475  | comp_maskr[2][(t0 >> 7) & 0x7f]
476  | comp_maskr[3][t0 & 0x7f]
477  | comp_maskr[4][(t1 >> 21) & 0x7f]
478  | comp_maskr[5][(t1 >> 14) & 0x7f]
479  | comp_maskr[6][(t1 >> 7) & 0x7f]
480  | comp_maskr[7][t1 & 0x7f];
481  }
482  return (0);
483 }
484 
485 static int
486 do_des(uint32 l_in, uint32 r_in, uint32 *l_out, uint32 *r_out, int count)
487 {
488  /*
489  * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
490  */
491  uint32 l,
492  r,
493  *kl,
494  *kr,
495  *kl1,
496  *kr1;
497  uint32 f,
498  r48l,
499  r48r;
500  int round;
501 
502  if (count == 0)
503  return (1);
504  else if (count > 0)
505  {
506  /*
507  * Encrypting
508  */
509  kl1 = en_keysl;
510  kr1 = en_keysr;
511  }
512  else
513  {
514  /*
515  * Decrypting
516  */
517  count = -count;
518  kl1 = de_keysl;
519  kr1 = de_keysr;
520  }
521 
522  /*
523  * Do initial permutation (IP).
524  */
525  l = ip_maskl[0][l_in >> 24]
526  | ip_maskl[1][(l_in >> 16) & 0xff]
527  | ip_maskl[2][(l_in >> 8) & 0xff]
528  | ip_maskl[3][l_in & 0xff]
529  | ip_maskl[4][r_in >> 24]
530  | ip_maskl[5][(r_in >> 16) & 0xff]
531  | ip_maskl[6][(r_in >> 8) & 0xff]
532  | ip_maskl[7][r_in & 0xff];
533  r = ip_maskr[0][l_in >> 24]
534  | ip_maskr[1][(l_in >> 16) & 0xff]
535  | ip_maskr[2][(l_in >> 8) & 0xff]
536  | ip_maskr[3][l_in & 0xff]
537  | ip_maskr[4][r_in >> 24]
538  | ip_maskr[5][(r_in >> 16) & 0xff]
539  | ip_maskr[6][(r_in >> 8) & 0xff]
540  | ip_maskr[7][r_in & 0xff];
541 
542  while (count--)
543  {
545 
546  /*
547  * Do each round.
548  */
549  kl = kl1;
550  kr = kr1;
551  round = 16;
552  while (round--)
553  {
554  /*
555  * Expand R to 48 bits (simulate the E-box).
556  */
557  r48l = ((r & 0x00000001) << 23)
558  | ((r & 0xf8000000) >> 9)
559  | ((r & 0x1f800000) >> 11)
560  | ((r & 0x01f80000) >> 13)
561  | ((r & 0x001f8000) >> 15);
562 
563  r48r = ((r & 0x0001f800) << 7)
564  | ((r & 0x00001f80) << 5)
565  | ((r & 0x000001f8) << 3)
566  | ((r & 0x0000001f) << 1)
567  | ((r & 0x80000000) >> 31);
568 
569  /*
570  * Do salting for crypt() and friends, and XOR with the permuted
571  * key.
572  */
573  f = (r48l ^ r48r) & saltbits;
574  r48l ^= f ^ *kl++;
575  r48r ^= f ^ *kr++;
576 
577  /*
578  * Do sbox lookups (which shrink it back to 32 bits) and do the
579  * pbox permutation at the same time.
580  */
581  f = psbox[0][m_sbox[0][r48l >> 12]]
582  | psbox[1][m_sbox[1][r48l & 0xfff]]
583  | psbox[2][m_sbox[2][r48r >> 12]]
584  | psbox[3][m_sbox[3][r48r & 0xfff]];
585 
586  /*
587  * Now that we've permuted things, complete f().
588  */
589  f ^= l;
590  l = r;
591  r = f;
592  }
593  r = l;
594  l = f;
595  }
596 
597  /*
598  * Do final permutation (inverse of IP).
599  */
600  *l_out = fp_maskl[0][l >> 24]
601  | fp_maskl[1][(l >> 16) & 0xff]
602  | fp_maskl[2][(l >> 8) & 0xff]
603  | fp_maskl[3][l & 0xff]
604  | fp_maskl[4][r >> 24]
605  | fp_maskl[5][(r >> 16) & 0xff]
606  | fp_maskl[6][(r >> 8) & 0xff]
607  | fp_maskl[7][r & 0xff];
608  *r_out = fp_maskr[0][l >> 24]
609  | fp_maskr[1][(l >> 16) & 0xff]
610  | fp_maskr[2][(l >> 8) & 0xff]
611  | fp_maskr[3][l & 0xff]
612  | fp_maskr[4][r >> 24]
613  | fp_maskr[5][(r >> 16) & 0xff]
614  | fp_maskr[6][(r >> 8) & 0xff]
615  | fp_maskr[7][r & 0xff];
616  return (0);
617 }
618 
619 static int
620 des_cipher(const char *in, char *out, long salt, int count)
621 {
622  uint32 buffer[2];
623  uint32 l_out,
624  r_out,
625  rawl,
626  rawr;
627  int retval;
628 
629  if (!des_initialised)
630  des_init();
631 
632  setup_salt(salt);
633 
634  /* copy data to avoid assuming input is word-aligned */
635  memcpy(buffer, in, sizeof(buffer));
636 
637  rawl = ntohl(buffer[0]);
638  rawr = ntohl(buffer[1]);
639 
640  retval = do_des(rawl, rawr, &l_out, &r_out, count);
641  if (retval)
642  return (retval);
643 
644  buffer[0] = htonl(l_out);
645  buffer[1] = htonl(r_out);
646 
647  /* copy data to avoid assuming output is word-aligned */
648  memcpy(out, buffer, sizeof(buffer));
649 
650  return (retval);
651 }
652 
653 char *
654 px_crypt_des(const char *key, const char *setting)
655 {
656  int i;
657  uint32 count,
658  salt,
659  l,
660  r0,
661  r1,
662  keybuf[2];
663  char *p;
664  uint8 *q;
665  static char output[21];
666 
667  if (!des_initialised)
668  des_init();
669 
670 
671  /*
672  * Copy the key, shifting each character up by one bit and padding with
673  * zeros.
674  */
675  q = (uint8 *) keybuf;
676  while (q - (uint8 *) keybuf - 8)
677  {
678  *q++ = *key << 1;
679  if (*key != '\0')
680  key++;
681  }
682  if (des_setkey((char *) keybuf))
683  return (NULL);
684 
685 #ifndef DISABLE_XDES
686  if (*setting == _PASSWORD_EFMT1)
687  {
688  /*
689  * "new"-style: setting must be a 9-character (underscore, then 4
690  * bytes of count, then 4 bytes of salt) string. See CRYPT(3) under
691  * the "Extended crypt" heading for further details.
692  *
693  * Unlimited characters of the input key are used. This is known as
694  * the "Extended crypt" DES method.
695  *
696  */
697  if (strlen(setting) < 9)
698  ereport(ERROR,
699  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
700  errmsg("invalid salt")));
701 
702  for (i = 1, count = 0L; i < 5; i++)
703  count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
704 
705  for (i = 5, salt = 0L; i < 9; i++)
706  salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
707 
708  while (*key)
709  {
710  /*
711  * Encrypt the key with itself.
712  */
713  if (des_cipher((char *) keybuf, (char *) keybuf, 0L, 1))
714  return (NULL);
715 
716  /*
717  * And XOR with the next 8 characters of the key.
718  */
719  q = (uint8 *) keybuf;
720  while (q - (uint8 *) keybuf - 8 && *key)
721  *q++ ^= *key++ << 1;
722 
723  if (des_setkey((char *) keybuf))
724  return (NULL);
725  }
726  StrNCpy(output, setting, 10);
727 
728  /*
729  * Double check that we weren't given a short setting. If we were, the
730  * above code will probably have created weird values for count and
731  * salt, but we don't really care. Just make sure the output string
732  * doesn't have an extra NUL in it.
733  */
734  p = output + strlen(output);
735  }
736  else
737 #endif /* !DISABLE_XDES */
738  {
739  /*
740  * "old"-style: setting - 2 bytes of salt key - only up to the first 8
741  * characters of the input key are used.
742  */
743  count = 25;
744 
745  if (strlen(setting) < 2)
746  ereport(ERROR,
747  (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
748  errmsg("invalid salt")));
749 
750  salt = (ascii_to_bin(setting[1]) << 6)
751  | ascii_to_bin(setting[0]);
752 
753  output[0] = setting[0];
754 
755  /*
756  * If the encrypted password that the salt was extracted from is only
757  * 1 character long, the salt will be corrupted. We need to ensure
758  * that the output string doesn't have an extra NUL in it!
759  */
760  output[1] = setting[1] ? setting[1] : output[0];
761 
762  p = output + 2;
763  }
764  setup_salt(salt);
765 
766  /*
767  * Do it.
768  */
769  if (do_des(0L, 0L, &r0, &r1, count))
770  return (NULL);
771 
772  /*
773  * Now encode the result...
774  */
775  l = (r0 >> 8);
776  *p++ = _crypt_a64[(l >> 18) & 0x3f];
777  *p++ = _crypt_a64[(l >> 12) & 0x3f];
778  *p++ = _crypt_a64[(l >> 6) & 0x3f];
779  *p++ = _crypt_a64[l & 0x3f];
780 
781  l = (r0 << 16) | ((r1 >> 16) & 0xffff);
782  *p++ = _crypt_a64[(l >> 18) & 0x3f];
783  *p++ = _crypt_a64[(l >> 12) & 0x3f];
784  *p++ = _crypt_a64[(l >> 6) & 0x3f];
785  *p++ = _crypt_a64[l & 0x3f];
786 
787  l = r1 << 2;
788  *p++ = _crypt_a64[(l >> 12) & 0x3f];
789  *p++ = _crypt_a64[(l >> 6) & 0x3f];
790  *p++ = _crypt_a64[l & 0x3f];
791  *p = 0;
792 
793  return (output);
794 }
static const char _crypt_a64[]
Definition: crypt-des.c:74
static uint8 IP[64]
Definition: crypt-des.c:77
static long old_salt
Definition: crypt-des.c:182
static uint32 comp_maskr[8][128]
Definition: crypt-des.c:200
static uint8 _crypt_bits8[8]
Definition: crypt-des.c:179
static uint8 u_sbox[8][64]
Definition: crypt-des.c:109
static uint32 en_keysl[16]
Definition: crypt-des.c:187
static void output(uint64 loop_count)
static uint32 en_keysr[16]
Definition: crypt-des.c:187
unsigned char uint8
Definition: c.h:263
static uint8 inv_comp_perm[56]
Definition: crypt-des.c:97
static int des_initialised
Definition: crypt-des.c:191
int errcode(int sqlerrcode)
Definition: elog.c:575
static int des_setkey(const char *key)
Definition: crypt-des.c:399
static uint32 comp_maskl[8][128]
Definition: crypt-des.c:200
static uint32 _crypt_bits32[32]
Definition: crypt-des.c:167
static void des_init(void)
Definition: crypt-des.c:224
static uint32 old_rawkey0
Definition: crypt-des.c:202
static uint8 key_perm[56]
Definition: crypt-des.c:86
static uint32 de_keysr[16]
Definition: crypt-des.c:189
static int do_des(uint32 l_in, uint32 r_in, uint32 *l_out, uint32 *r_out, int count)
Definition: crypt-des.c:486
static int des_cipher(const char *in, char *out, long salt, int count)
Definition: crypt-des.c:620
static uint8 inv_key_perm[64]
Definition: crypt-des.c:84
static uint8 un_pbox[32]
Definition: crypt-des.c:161
#define ERROR
Definition: elog.h:43
static uint8 comp_perm[48]
Definition: crypt-des.c:98
static int ascii_to_bin(char ch)
Definition: crypt-des.c:206
static uint8 final_perm[64]
Definition: crypt-des.c:185
static uint8 key_shifts[16]
Definition: crypt-des.c:93
static uint32 ip_maskr[8][256]
Definition: crypt-des.c:194
unsigned int uint32
Definition: c.h:265
static uint32 * bits28
Definition: crypt-des.c:183
static uint32 key_perm_maskr[8][128]
Definition: crypt-des.c:198
#define ereport(elevel, rest)
Definition: elog.h:122
static uint32 fp_maskl[8][256]
Definition: crypt-des.c:196
static uint32 ip_maskl[8][256]
Definition: crypt-des.c:194
static uint8 u_key_perm[56]
Definition: crypt-des.c:85
static uint8 m_sbox[4][4096]
Definition: crypt-des.c:192
static uint32 key_perm_maskl[8][128]
Definition: crypt-des.c:198
#define NULL
Definition: c.h:226
#define StrNCpy(dst, src, len)
Definition: c.h:825
static uint8 init_perm[64]
Definition: crypt-des.c:185
static uint32 fp_maskr[8][256]
Definition: crypt-des.c:196
static void setup_salt(long salt)
Definition: crypt-des.c:376
static uint32 de_keysl[16]
Definition: crypt-des.c:189
static uint8 pbox[32]
Definition: crypt-des.c:162
char * px_crypt_des(const char *key, const char *setting)
Definition: crypt-des.c:654
static uint32 old_rawkey1
Definition: crypt-des.c:202
static uint32 * bits24
Definition: crypt-des.c:183
static uint8 sbox[8][64]
Definition: crypt-des.c:110
int errmsg(const char *fmt,...)
Definition: elog.c:797
static uint32 saltbits
Definition: crypt-des.c:181
int i
#define CHECK_FOR_INTERRUPTS()
Definition: miscadmin.h:97
static uint32 psbox[4][256]
Definition: crypt-des.c:193
#define _PASSWORD_EFMT1
Definition: crypt-des.c:72