Cream of the Crop 20

home *** CD-ROM | disk | FTP | other *** search

/ Cream of the Crop 20 / Cream of the Crop 20 (Terry Blount) (1996).iso / os2 / radius_2.zip / CRYPT.C < prev next >

Wrap

C/C++ Source or Header | 1996-05-16 | 31KB | 977 lines

/* * Copyright (c) 1989 The Regents of the University of California. * All rights reserved. * * This code is derived from software contributed to Berkeley by * Tom Truscott. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)crypt.c 5.11 (Berkeley) 6/25/91"; #endif /* LIBC_SCCS and not lint */ #define _PASSWORD_EFMT1 '_' /* extended encryption format */ #include <unistd.h> #include <limits.h> #include <pwd.h> /* * UNIX password, and DES, encryption. * By Tom Truscott, trt@rti.rti.org, * from algorithms by Robert W. Baldwin and James Gillogly. * * References: * "Mathematical Cryptology for Computer Scientists and Mathematicians," * by Wayne Patterson, 1987, ISBN 0-8476-7438-X. * * "Password Security: A Case History," R. Morris and Ken Thompson, * Communications of the ACM, vol. 22, pp. 594-597, Nov. 1979. * * "DES will be Totally Insecure within Ten Years," M.E. Hellman, * IEEE Spectrum, vol. 16, pp. 32-39, July 1979. */ /* ===== Configuration ==================== */ /* * define "MUST_ALIGN" if your compiler cannot load/store * long integers at arbitrary (e.g. odd) memory locations. * (Either that or never pass unaligned addresses to des_cipher!) */ #if !defined(vax) #define MUST_ALIGN #endif #ifdef CHAR_BITS #if CHAR_BITS != 8 #error C_block structure assumes 8 bit characters #endif #endif /* * define "LONG_IS_32_BITS" only if sizeof(long)==4. * This avoids use of bit fields (your compiler may be sloppy with them). */ #if !defined(cray) #define LONG_IS_32_BITS #endif /* * define "B64" to be the declaration for a 64 bit integer. * XXX this feature is currently unused, see "endian" comment below. */ #if defined(cray) #define B64 long #endif #if defined(convex) #define B64 long long #endif /* * define "LARGEDATA" to get faster permutations, by using about 72 kilobytes * of lookup tables. This speeds up des_setkey() and des_cipher(), but has * little effect on crypt(). */ #if defined(notdef) #define LARGEDATA #endif /* compile with "-DSTATIC=int" when profiling */ #ifndef STATIC #define STATIC static #endif STATIC void init_des(); STATIC void init_perm(); STATIC void permute(); int des_setkey(register const char *key); int des_cipher(const char *in, char *out, long salt, int num_iter); #ifdef DEBUG STATIC prtab(); #endif /* ==================================== */ /* * Cipher-block representation (Bob Baldwin): * * DES operates on groups of 64 bits, numbered 1..64 (sigh). One * representation is to store one bit per byte in an array of bytes. Bit N of * the NBS spec is stored as the LSB of the Nth byte (index N-1) in the array. * Another representation stores the 64 bits in 8 bytes, with bits 1..8 in the * first byte, 9..16 in the second, and so on. The DES spec apparently has * bit 1 in the MSB of the first byte, but that is particularly noxious so we * bit-reverse each byte so that bit 1 is the LSB of the first byte, bit 8 is * the MSB of the first byte. Specifically, the 64-bit input data and key are * converted to LSB format, and the output 64-bit block is converted back into * MSB format. * * DES operates internally on groups of 32 bits which are expanded to 48 bits * by permutation E and shrunk back to 32 bits by the S boxes. To speed up * the computation, the expansion is applied only once, the expanded * representation is maintained during the encryption, and a compression * permutation is applied only at the end. To speed up the S-box lookups, * the 48 bits are maintained as eight 6 bit groups, one per byte, which * directly feed the eight S-boxes. Within each byte, the 6 bits are the * most significant ones. The low two bits of each byte are zero. (Thus, * bit 1 of the 48 bit E expansion is stored as the "4"-valued bit of the * first byte in the eight byte representation, bit 2 of the 48 bit value is * the "8"-valued bit, and so on.) In fact, a combined "SPE"-box lookup is * used, in which the output is the 64 bit result of an S-box lookup which * has been permuted by P and expanded by E, and is ready for use in the next * iteration. Two 32-bit wide tables, SPE[0] and SPE[1], are used for this * lookup. Since each byte in the 48 bit path is a multiple of four, indexed * lookup of SPE[0] and SPE[1] is simple and fast. The key schedule and * "salt" are also converted to this 8*(6+2) format. The SPE table size is * 8*64*8 = 4K bytes. * * To speed up bit-parallel operations (such as XOR), the 8 byte * representation is "union"ed with 32 bit values "i0" and "i1", and, on * machines which support it, a 64 bit value "b64". This data structure, * "C_block", has two problems. First, alignment restrictions must be * honored. Second, the byte-order (e.g. little-endian or big-endian) of * the architecture becomes visible. * * The byte-order problem is unfortunate, since on the one hand it is good * to have a machine-independent C_block representation (bits 1..8 in the * first byte, etc.), and on the other hand it is good for the LSB of the * first byte to be the LSB of i0. We cannot have both these things, so we * currently use the "little-endian" representation and avoid any multi-byte * operations that depend on byte order. This largely precludes use of the * 64-bit datatype since the relative order of i0 and i1 are unknown. It * also inhibits grouping the SPE table to look up 12 bits at a time. (The * 12 bits can be stored in a 16-bit field with 3 low-order zeroes and 1 * high-order zero, providing fast indexing into a 64-bit wide SPE.) On the * other hand, 64-bit datatypes are currently rare, and a 12-bit SPE lookup * requires a 128 kilobyte table, so perhaps this is not a big loss. * * Permutation representation (Jim Gillogly): * * A transformation is defined by its effect on each of the 8 bytes of the * 64-bit input. For each byte we give a 64-bit output that has the bits in * the input distributed appropriately. The transformation is then the OR * of the 8 sets of 64-bits. This uses 8*256*8 = 16K bytes of storage for * each transformation. Unless LARGEDATA is defined, however, a more compact * table is used which looks up 16 4-bit "chunks" rather than 8 8-bit chunks. * The smaller table uses 16*16*8 = 2K by