LCOV - code coverage report
Current view: top level - contrib/pgcrypto - crypt-des.c (source / functions) Hit Total Coverage
Test: PostgreSQL 17devel Lines: 272 285 95.4 %
Date: 2024-03-28 16:11:17 Functions: 7 7 100.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*
       2             :  * FreeSec: libcrypt for NetBSD
       3             :  *
       4             :  * contrib/pgcrypto/crypt-des.c
       5             :  *
       6             :  * Copyright (c) 1994 David Burren
       7             :  * All rights reserved.
       8             :  *
       9             :  * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
      10             :  *  this file should now *only* export crypt(), in order to make
      11             :  *  binaries of libcrypt exportable from the USA
      12             :  *
      13             :  * Adapted for FreeBSD-4.0 by Mark R V Murray
      14             :  *  this file should now *only* export px_crypt_des(), in order to make
      15             :  *  a module that can be optionally included in libcrypt.
      16             :  *
      17             :  * Redistribution and use in source and binary forms, with or without
      18             :  * modification, are permitted provided that the following conditions
      19             :  * are met:
      20             :  * 1. Redistributions of source code must retain the above copyright
      21             :  *    notice, this list of conditions and the following disclaimer.
      22             :  * 2. Redistributions in binary form must reproduce the above copyright
      23             :  *    notice, this list of conditions and the following disclaimer in the
      24             :  *    documentation and/or other materials provided with the distribution.
      25             :  * 3. Neither the name of the author nor the names of other contributors
      26             :  *    may be used to endorse or promote products derived from this software
      27             :  *    without specific prior written permission.
      28             :  *
      29             :  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
      30             :  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
      31             :  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
      32             :  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
      33             :  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
      34             :  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
      35             :  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
      36             :  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
      37             :  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
      38             :  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
      39             :  * SUCH DAMAGE.
      40             :  *
      41             :  * $FreeBSD: src/secure/lib/libcrypt/crypt-des.c,v 1.12 1999/09/20 12:39:20 markm Exp $
      42             :  *
      43             :  * This is an original implementation of the DES and the crypt(3) interfaces
      44             :  * by David Burren <davidb@werj.com.au>.
      45             :  *
      46             :  * An excellent reference on the underlying algorithm (and related
      47             :  * algorithms) is:
      48             :  *
      49             :  *  B. Schneier, Applied Cryptography: protocols, algorithms,
      50             :  *  and source code in C, John Wiley & Sons, 1994.
      51             :  *
      52             :  * Note that in that book's description of DES the lookups for the initial,
      53             :  * pbox, and final permutations are inverted (this has been brought to the
      54             :  * attention of the author).  A list of errata for this book has been
      55             :  * posted to the sci.crypt newsgroup by the author and is available for FTP.
      56             :  *
      57             :  * ARCHITECTURE ASSUMPTIONS:
      58             :  *  It is assumed that the 8-byte arrays passed by reference can be
      59             :  *  addressed as arrays of uint32's (ie. the CPU is not picky about
      60             :  *  alignment).
      61             :  */
      62             : 
      63             : #include "postgres.h"
      64             : #include "miscadmin.h"
      65             : #include "port/pg_bswap.h"
      66             : 
      67             : #include "px-crypt.h"
      68             : 
      69             : #define _PASSWORD_EFMT1 '_'
      70             : 
      71             : static const char _crypt_a64[] =
      72             : "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
      73             : 
      74             : static uint8 IP[64] = {
      75             :     58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
      76             :     62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
      77             :     57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
      78             :     61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
      79             : };
      80             : 
      81             : static uint8 inv_key_perm[64];
      82             : static uint8 u_key_perm[56];
      83             : static uint8 key_perm[56] = {
      84             :     57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
      85             :     10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
      86             :     63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
      87             :     14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
      88             : };
      89             : 
      90             : static uint8 key_shifts[16] = {
      91             :     1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
      92             : };
      93             : 
      94             : static uint8 inv_comp_perm[56];
      95             : static uint8 comp_perm[48] = {
      96             :     14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
      97             :     23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
      98             :     41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
      99             :     44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
     100             : };
     101             : 
     102             : /*
     103             :  *  No E box is used, as it's replaced by some ANDs, shifts, and ORs.
     104             :  */
     105             : 
     106             : static uint8 u_sbox[8][64];
     107             : static uint8 sbox[8][64] = {
     108             :     {
     109             :         14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
     110             :         0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
     111             :         4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
     112             :         15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
     113             :     },
     114             :     {
     115             :         15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
     116             :         3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
     117             :         0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
     118             :         13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
     119             :     },
     120             :     {
     121             :         10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
     122             :         13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
     123             :         13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
     124             :         1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
     125             :     },
     126             :     {
     127             :         7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
     128             :         13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
     129             :         10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
     130             :         3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
     131             :     },
     132             :     {
     133             :         2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
     134             :         14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
     135             :         4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
     136             :         11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
     137             :     },
     138             :     {
     139             :         12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
     140             :         10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
     141             :         9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
     142             :         4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
     143             :     },
     144             :     {
     145             :         4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
     146             :         13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
     147             :         1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
     148             :         6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
     149             :     },
     150             :     {
     151             :         13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
     152             :         1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
     153             :         7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
     154             :         2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
     155             :     }
     156             : };
     157             : 
     158             : static uint8 un_pbox[32];
     159             : static uint8 pbox[32] = {
     160             :     16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
     161             :     2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
     162             : };
     163             : 
     164             : static uint32 _crypt_bits32[32] =
     165             : {
     166             :     0x80000000, 0x40000000, 0x20000000, 0x10000000,
     167             :     0x08000000, 0x04000000, 0x02000000, 0x01000000,
     168             :     0x00800000, 0x00400000, 0x00200000, 0x00100000,
     169             :     0x00080000, 0x00040000, 0x00020000, 0x00010000,
     170             :     0x00008000, 0x00004000, 0x00002000, 0x00001000,
     171             :     0x00000800, 0x00000400, 0x00000200, 0x00000100,
     172             :     0x00000080, 0x00000040, 0x00000020, 0x00000010,
     173             :     0x00000008, 0x00000004, 0x00000002, 0x00000001
     174             : };
     175             : 
     176             : static uint8 _crypt_bits8[8] = {0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01};
     177             : 
     178             : static uint32 saltbits;
     179             : static long old_salt;
     180             : static uint32 *bits28,
     181             :            *bits24;
     182             : static uint8 init_perm[64],
     183             :             final_perm[64];
     184             : static uint32 en_keysl[16],
     185             :             en_keysr[16];
     186             : static uint32 de_keysl[16],
     187             :             de_keysr[16];
     188             : static int  des_initialised = 0;
     189             : static uint8 m_sbox[4][4096];
     190             : static uint32 psbox[4][256];
     191             : static uint32 ip_maskl[8][256],
     192             :             ip_maskr[8][256];
     193             : static uint32 fp_maskl[8][256],
     194             :             fp_maskr[8][256];
     195             : static uint32 key_perm_maskl[8][128],
     196             :             key_perm_maskr[8][128];
     197             : static uint32 comp_maskl[8][128],
     198             :             comp_maskr[8][128];
     199             : static uint32 old_rawkey0,
     200             :             old_rawkey1;
     201             : 
     202             : static inline int
     203         144 : ascii_to_bin(char ch)
     204             : {
     205         144 :     if (ch > 'z')
     206           0 :         return 0;
     207         144 :     if (ch >= 'a')
     208          34 :         return (ch - 'a' + 38);
     209         110 :     if (ch > 'Z')
     210           0 :         return 0;
     211         110 :     if (ch >= 'A')
     212          30 :         return (ch - 'A' + 12);
     213          80 :     if (ch > '9')
     214           0 :         return 0;
     215          80 :     if (ch >= '.')
     216          54 :         return (ch - '.');
     217          26 :     return 0;
     218             : }
     219             : 
     220             : static void
     221           4 : des_init(void)
     222             : {
     223             :     int         i,
     224             :                 j,
     225             :                 b,
     226             :                 k,
     227             :                 inbit,
     228             :                 obit;
     229             :     uint32     *p,
     230             :                *il,
     231             :                *ir,
     232             :                *fl,
     233             :                *fr;
     234             : 
     235           4 :     old_rawkey0 = old_rawkey1 = 0L;
     236           4 :     saltbits = 0L;
     237           4 :     old_salt = 0L;
     238           4 :     bits24 = (bits28 = _crypt_bits32 + 4) + 4;
     239             : 
     240             :     /*
     241             :      * Invert the S-boxes, reordering the input bits.
     242             :      */
     243          36 :     for (i = 0; i < 8; i++)
     244        2080 :         for (j = 0; j < 64; j++)
     245             :         {
     246        2048 :             b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
     247        2048 :             u_sbox[i][j] = sbox[i][b];
     248             :         }
     249             : 
     250             :     /*
     251             :      * Convert the inverted S-boxes into 4 arrays of 8 bits. Each will handle
     252             :      * 12 bits of the S-box input.
     253             :      */
     254          20 :     for (b = 0; b < 4; b++)
     255        1040 :         for (i = 0; i < 64; i++)
     256       66560 :             for (j = 0; j < 64; j++)
     257       65536 :                 m_sbox[b][(i << 6) | j] =
     258       65536 :                     (u_sbox[(b << 1)][i] << 4) |
     259       65536 :                     u_sbox[(b << 1) + 1][j];
     260             : 
     261             :     /*
     262             :      * Set up the initial & final permutations into a useful form, and
     263             :      * initialise the inverted key permutation.
     264             :      */
     265         260 :     for (i = 0; i < 64; i++)
     266             :     {
     267         256 :         init_perm[final_perm[i] = IP[i] - 1] = i;
     268         256 :         inv_key_perm[i] = 255;
     269             :     }
     270             : 
     271             :     /*
     272             :      * Invert the key permutation and initialise the inverted key compression
     273             :      * permutation.
     274             :      */
     275         228 :     for (i = 0; i < 56; i++)
     276             :     {
     277         224 :         u_key_perm[i] = key_perm[i] - 1;
     278         224 :         inv_key_perm[key_perm[i] - 1] = i;
     279         224 :         inv_comp_perm[i] = 255;
     280             :     }
     281             : 
     282             :     /*
     283             :      * Invert the key compression permutation.
     284             :      */
     285         196 :     for (i = 0; i < 48; i++)
     286         192 :         inv_comp_perm[comp_perm[i] - 1] = i;
     287             : 
     288             :     /*
     289             :      * Set up the OR-mask arrays for the initial and final permutations, and
     290             :      * for the key initial and compression permutations.
     291             :      */
     292          36 :     for (k = 0; k < 8; k++)
     293             :     {
     294        8224 :         for (i = 0; i < 256; i++)
     295             :         {
     296        8192 :             *(il = &ip_maskl[k][i]) = 0L;
     297        8192 :             *(ir = &ip_maskr[k][i]) = 0L;
     298        8192 :             *(fl = &fp_maskl[k][i]) = 0L;
     299        8192 :             *(fr = &fp_maskr[k][i]) = 0L;
     300       73728 :             for (j = 0; j < 8; j++)
     301             :             {
     302       65536 :                 inbit = 8 * k + j;
     303       65536 :                 if (i & _crypt_bits8[j])
     304             :                 {
     305       32768 :                     if ((obit = init_perm[inbit]) < 32)
     306       16384 :                         *il |= _crypt_bits32[obit];
     307             :                     else
     308       16384 :                         *ir |= _crypt_bits32[obit - 32];
     309       32768 :                     if ((obit = final_perm[inbit]) < 32)
     310       16384 :                         *fl |= _crypt_bits32[obit];
     311             :                     else
     312       16384 :                         *fr |= _crypt_bits32[obit - 32];
     313             :                 }
     314             :             }
     315             :         }
     316        4128 :         for (i = 0; i < 128; i++)
     317             :         {
     318        4096 :             *(il = &key_perm_maskl[k][i]) = 0L;
     319        4096 :             *(ir = &key_perm_maskr[k][i]) = 0L;
     320       32768 :             for (j = 0; j < 7; j++)
     321             :             {
     322       28672 :                 inbit = 8 * k + j;
     323       28672 :                 if (i & _crypt_bits8[j + 1])
     324             :                 {
     325       14336 :                     if ((obit = inv_key_perm[inbit]) == 255)
     326           0 :                         continue;
     327       14336 :                     if (obit < 28)
     328        7168 :                         *il |= bits28[obit];
     329             :                     else
     330        7168 :                         *ir |= bits28[obit - 28];
     331             :                 }
     332             :             }
     333        4096 :             *(il = &comp_maskl[k][i]) = 0L;
     334        4096 :             *(ir = &comp_maskr[k][i]) = 0L;
     335       32768 :             for (j = 0; j < 7; j++)
     336             :             {
     337       28672 :                 inbit = 7 * k + j;
     338       28672 :                 if (i & _crypt_bits8[j + 1])
     339             :                 {
     340       14336 :                     if ((obit = inv_comp_perm[inbit]) == 255)
     341        2048 :                         continue;
     342       12288 :                     if (obit < 24)
     343        6144 :                         *il |= bits24[obit];
     344             :                     else
     345        6144 :                         *ir |= bits24[obit - 24];
     346             :                 }
     347             :             }
     348             :         }
     349             :     }
     350             : 
     351             :     /*
     352             :      * Invert the P-box permutation, and convert into OR-masks for handling
     353             :      * the output of the S-box arrays setup above.
     354             :      */
     355         132 :     for (i = 0; i < 32; i++)
     356         128 :         un_pbox[pbox[i] - 1] = i;
     357             : 
     358          20 :     for (b = 0; b < 4; b++)
     359        4112 :         for (i = 0; i < 256; i++)
     360             :         {
     361        4096 :             *(p = &psbox[b][i]) = 0L;
     362       36864 :             for (j = 0; j < 8; j++)
     363             :             {
     364       32768 :                 if (i & _crypt_bits8[j])
     365       16384 :                     *p |= _crypt_bits32[un_pbox[8 * b + j]];
     366             :             }
     367             :         }
     368             : 
     369           4 :     des_initialised = 1;
     370           4 : }
     371             : 
     372             : static void
     373          26 : setup_salt(long salt)
     374             : {
     375             :     uint32      obit,
     376             :                 saltbit;
     377             :     int         i;
     378             : 
     379          26 :     if (salt == old_salt)
     380          12 :         return;
     381          14 :     old_salt = salt;
     382             : 
     383          14 :     saltbits = 0L;
     384          14 :     saltbit = 1;
     385          14 :     obit = 0x800000;
     386         350 :     for (i = 0; i < 24; i++)
     387             :     {
     388         336 :         if (salt & saltbit)
     389         122 :             saltbits |= obit;
     390         336 :         saltbit <<= 1;
     391         336 :         obit >>= 1;
     392             :     }
     393             : }
     394             : 
     395             : static int
     396          30 : des_setkey(const char *key)
     397             : {
     398             :     uint32      k0,
     399             :                 k1,
     400             :                 rawkey0,
     401             :                 rawkey1;
     402             :     int         shifts,
     403             :                 round;
     404             : 
     405          30 :     if (!des_initialised)
     406           0 :         des_init();
     407             : 
     408          30 :     rawkey0 = pg_ntoh32(*(const uint32 *) key);
     409          30 :     rawkey1 = pg_ntoh32(*(const uint32 *) (key + 4));
     410             : 
     411          30 :     if ((rawkey0 | rawkey1)
     412          26 :         && rawkey0 == old_rawkey0
     413          12 :         && rawkey1 == old_rawkey1)
     414             :     {
     415             :         /*
     416             :          * Already setup for this key. This optimization fails on a zero key
     417             :          * (which is weak and has bad parity anyway) in order to simplify the
     418             :          * starting conditions.
     419             :          */
     420          12 :         return 0;
     421             :     }
     422          18 :     old_rawkey0 = rawkey0;
     423          18 :     old_rawkey1 = rawkey1;
     424             : 
     425             :     /*
     426             :      * Do key permutation and split into two 28-bit subkeys.
     427             :      */
     428          18 :     k0 = key_perm_maskl[0][rawkey0 >> 25]
     429          18 :         | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
     430          18 :         | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
     431          18 :         | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
     432          18 :         | key_perm_maskl[4][rawkey1 >> 25]
     433          18 :         | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
     434          18 :         | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
     435          18 :         | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
     436          18 :     k1 = key_perm_maskr[0][rawkey0 >> 25]
     437          18 :         | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
     438          18 :         | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
     439          18 :         | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
     440          18 :         | key_perm_maskr[4][rawkey1 >> 25]
     441          18 :         | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
     442          18 :         | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
     443          18 :         | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
     444             : 
     445             :     /*
     446             :      * Rotate subkeys and do compression permutation.
     447             :      */
     448          18 :     shifts = 0;
     449         306 :     for (round = 0; round < 16; round++)
     450             :     {
     451             :         uint32      t0,
     452             :                     t1;
     453             : 
     454         288 :         shifts += key_shifts[round];
     455             : 
     456         288 :         t0 = (k0 << shifts) | (k0 >> (28 - shifts));
     457         288 :         t1 = (k1 << shifts) | (k1 >> (28 - shifts));
     458             : 
     459         288 :         de_keysl[15 - round] =
     460         288 :             en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
     461         288 :             | comp_maskl[1][(t0 >> 14) & 0x7f]
     462         288 :             | comp_maskl[2][(t0 >> 7) & 0x7f]
     463         288 :             | comp_maskl[3][t0 & 0x7f]
     464         288 :             | comp_maskl[4][(t1 >> 21) & 0x7f]
     465         288 :             | comp_maskl[5][(t1 >> 14) & 0x7f]
     466         288 :             | comp_maskl[6][(t1 >> 7) & 0x7f]
     467         288 :             | comp_maskl[7][t1 & 0x7f];
     468             : 
     469         288 :         de_keysr[15 - round] =
     470         288 :             en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
     471         288 :             | comp_maskr[1][(t0 >> 14) & 0x7f]
     472         288 :             | comp_maskr[2][(t0 >> 7) & 0x7f]
     473         288 :             | comp_maskr[3][t0 & 0x7f]
     474         288 :             | comp_maskr[4][(t1 >> 21) & 0x7f]
     475         288 :             | comp_maskr[5][(t1 >> 14) & 0x7f]
     476         288 :             | comp_maskr[6][(t1 >> 7) & 0x7f]
     477         288 :             | comp_maskr[7][t1 & 0x7f];
     478             :     }
     479          18 :     return 0;
     480             : }
     481             : 
     482             : static int
     483          26 : do_des(uint32 l_in, uint32 r_in, uint32 *l_out, uint32 *r_out, int count)
     484             : {
     485             :     /*
     486             :      * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
     487             :      */
     488             :     uint32      l,
     489             :                 r,
     490             :                *kl,
     491             :                *kr,
     492             :                *kl1,
     493             :                *kr1;
     494             :     uint32      f,
     495             :                 r48l,
     496             :                 r48r;
     497             :     int         round;
     498             : 
     499          26 :     if (count == 0)
     500           4 :         return 1;
     501          22 :     else if (count > 0)
     502             :     {
     503             :         /*
     504             :          * Encrypting
     505             :          */
     506          22 :         kl1 = en_keysl;
     507          22 :         kr1 = en_keysr;
     508             :     }
     509             :     else
     510             :     {
     511             :         /*
     512             :          * Decrypting
     513             :          */
     514           0 :         count = -count;
     515           0 :         kl1 = de_keysl;
     516           0 :         kr1 = de_keysr;
     517             :     }
     518             : 
     519             :     /*
     520             :      * Do initial permutation (IP).
     521             :      */
     522          22 :     l = ip_maskl[0][l_in >> 24]
     523          22 :         | ip_maskl[1][(l_in >> 16) & 0xff]
     524          22 :         | ip_maskl[2][(l_in >> 8) & 0xff]
     525          22 :         | ip_maskl[3][l_in & 0xff]
     526          22 :         | ip_maskl[4][r_in >> 24]
     527          22 :         | ip_maskl[5][(r_in >> 16) & 0xff]
     528          22 :         | ip_maskl[6][(r_in >> 8) & 0xff]
     529          22 :         | ip_maskl[7][r_in & 0xff];
     530          22 :     r = ip_maskr[0][l_in >> 24]
     531          22 :         | ip_maskr[1][(l_in >> 16) & 0xff]
     532          22 :         | ip_maskr[2][(l_in >> 8) & 0xff]
     533          22 :         | ip_maskr[3][l_in & 0xff]
     534          22 :         | ip_maskr[4][r_in >> 24]
     535          22 :         | ip_maskr[5][(r_in >> 16) & 0xff]
     536          22 :         | ip_maskr[6][(r_in >> 8) & 0xff]
     537          22 :         | ip_maskr[7][r_in & 0xff];
     538             : 
     539        8580 :     while (count--)
     540             :     {
     541        8558 :         CHECK_FOR_INTERRUPTS();
     542             : 
     543             :         /*
     544             :          * Do each round.
     545             :          */
     546        8558 :         kl = kl1;
     547        8558 :         kr = kr1;
     548        8558 :         round = 16;
     549      145486 :         while (round--)
     550             :         {
     551             :             /*
     552             :              * Expand R to 48 bits (simulate the E-box).
     553             :              */
     554      136928 :             r48l = ((r & 0x00000001) << 23)
     555      136928 :                 | ((r & 0xf8000000) >> 9)
     556      136928 :                 | ((r & 0x1f800000) >> 11)
     557      136928 :                 | ((r & 0x01f80000) >> 13)
     558      136928 :                 | ((r & 0x001f8000) >> 15);
     559             : 
     560      136928 :             r48r = ((r & 0x0001f800) << 7)
     561      136928 :                 | ((r & 0x00001f80) << 5)
     562      136928 :                 | ((r & 0x000001f8) << 3)
     563      136928 :                 | ((r & 0x0000001f) << 1)
     564      136928 :                 | ((r & 0x80000000) >> 31);
     565             : 
     566             :             /*
     567             :              * Do salting for crypt() and friends, and XOR with the permuted
     568             :              * key.
     569             :              */
     570      136928 :             f = (r48l ^ r48r) & saltbits;
     571      136928 :             r48l ^= f ^ *kl++;
     572      136928 :             r48r ^= f ^ *kr++;
     573             : 
     574             :             /*
     575             :              * Do sbox lookups (which shrink it back to 32 bits) and do the
     576             :              * pbox permutation at the same time.
     577             :              */
     578      136928 :             f = psbox[0][m_sbox[0][r48l >> 12]]
     579      136928 :                 | psbox[1][m_sbox[1][r48l & 0xfff]]
     580      136928 :                 | psbox[2][m_sbox[2][r48r >> 12]]
     581      136928 :                 | psbox[3][m_sbox[3][r48r & 0xfff]];
     582             : 
     583             :             /*
     584             :              * Now that we've permuted things, complete f().
     585             :              */
     586      136928 :             f ^= l;
     587      136928 :             l = r;
     588      136928 :             r = f;
     589             :         }
     590        8558 :         r = l;
     591        8558 :         l = f;
     592             :     }
     593             : 
     594             :     /*
     595             :      * Do final permutation (inverse of IP).
     596             :      */
     597          22 :     *l_out = fp_maskl[0][l >> 24]
     598          22 :         | fp_maskl[1][(l >> 16) & 0xff]
     599          22 :         | fp_maskl[2][(l >> 8) & 0xff]
     600          22 :         | fp_maskl[3][l & 0xff]
     601          22 :         | fp_maskl[4][r >> 24]
     602          22 :         | fp_maskl[5][(r >> 16) & 0xff]
     603          22 :         | fp_maskl[6][(r >> 8) & 0xff]
     604          22 :         | fp_maskl[7][r & 0xff];
     605          22 :     *r_out = fp_maskr[0][l >> 24]
     606          22 :         | fp_maskr[1][(l >> 16) & 0xff]
     607          22 :         | fp_maskr[2][(l >> 8) & 0xff]
     608          22 :         | fp_maskr[3][l & 0xff]
     609          22 :         | fp_maskr[4][r >> 24]
     610          22 :         | fp_maskr[5][(r >> 16) & 0xff]
     611          22 :         | fp_maskr[6][(r >> 8) & 0xff]
     612          22 :         | fp_maskr[7][r & 0xff];
     613          22 :     return 0;
     614             : }
     615             : 
     616             : static int
     617           2 : des_cipher(const char *in, char *out, long salt, int count)
     618             : {
     619             :     uint32      buffer[2];
     620             :     uint32      l_out,
     621             :                 r_out,
     622             :                 rawl,
     623             :                 rawr;
     624             :     int         retval;
     625             : 
     626           2 :     if (!des_initialised)
     627           0 :         des_init();
     628             : 
     629           2 :     setup_salt(salt);
     630             : 
     631             :     /* copy data to avoid assuming input is word-aligned */
     632           2 :     memcpy(buffer, in, sizeof(buffer));
     633             : 
     634           2 :     rawl = pg_ntoh32(buffer[0]);
     635           2 :     rawr = pg_ntoh32(buffer[1]);
     636             : 
     637           2 :     retval = do_des(rawl, rawr, &l_out, &r_out, count);
     638           2 :     if (retval)
     639           0 :         return retval;
     640             : 
     641           2 :     buffer[0] = pg_hton32(l_out);
     642           2 :     buffer[1] = pg_hton32(r_out);
     643             : 
     644             :     /* copy data to avoid assuming output is word-aligned */
     645           2 :     memcpy(out, buffer, sizeof(buffer));
     646             : 
     647           2 :     return retval;
     648             : }
     649             : 
     650             : char *
     651          28 : px_crypt_des(const char *key, const char *setting)
     652             : {
     653             :     int         i;
     654             :     uint32      count,
     655             :                 salt,
     656             :                 l,
     657             :                 r0,
     658             :                 r1,
     659             :                 keybuf[2];
     660             :     char       *p;
     661             :     uint8      *q;
     662             :     static char output[21];
     663             : 
     664          28 :     if (!des_initialised)
     665           4 :         des_init();
     666             : 
     667             : 
     668             :     /*
     669             :      * Copy the key, shifting each character up by one bit and padding with
     670             :      * zeros.
     671             :      */
     672          28 :     q = (uint8 *) keybuf;
     673         252 :     while (q - (uint8 *) keybuf - 8)
     674             :     {
     675         224 :         *q++ = *key << 1;
     676         224 :         if (*key != '\0')
     677         168 :             key++;
     678             :     }
     679          28 :     if (des_setkey((char *) keybuf))
     680           0 :         return NULL;
     681             : 
     682             : #ifndef DISABLE_XDES
     683          28 :     if (*setting == _PASSWORD_EFMT1)
     684             :     {
     685             :         /*
     686             :          * "new"-style: setting must be a 9-character (underscore, then 4
     687             :          * bytes of count, then 4 bytes of salt) string. See CRYPT(3) under
     688             :          * the "Extended crypt" heading for further details.
     689             :          *
     690             :          * Unlimited characters of the input key are used. This is known as
     691             :          * the "Extended crypt" DES method.
     692             :          *
     693             :          */
     694          18 :         if (strlen(setting) < 9)
     695           2 :             ereport(ERROR,
     696             :                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
     697             :                      errmsg("invalid salt")));
     698             : 
     699          80 :         for (i = 1, count = 0L; i < 5; i++)
     700          64 :             count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
     701             : 
     702          80 :         for (i = 5, salt = 0L; i < 9; i++)
     703          64 :             salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
     704             : 
     705          18 :         while (*key)
     706             :         {
     707             :             /*
     708             :              * Encrypt the key with itself.
     709             :              */
     710           2 :             if (des_cipher((char *) keybuf, (char *) keybuf, 0L, 1))
     711           0 :                 return NULL;
     712             : 
     713             :             /*
     714             :              * And XOR with the next 8 characters of the key.
     715             :              */
     716           2 :             q = (uint8 *) keybuf;
     717          18 :             while (q - (uint8 *) keybuf - 8 && *key)
     718          16 :                 *q++ ^= *key++ << 1;
     719             : 
     720           2 :             if (des_setkey((char *) keybuf))
     721           0 :                 return NULL;
     722             :         }
     723          16 :         strlcpy(output, setting, 10);
     724             : 
     725             :         /*
     726             :          * Double check that we weren't given a short setting. If we were, the
     727             :          * above code will probably have created weird values for count and
     728             :          * salt, but we don't really care. Just make sure the output string
     729             :          * doesn't have an extra NUL in it.
     730             :          */
     731          16 :         p = output + strlen(output);
     732             :     }
     733             :     else
     734             : #endif                          /* !DISABLE_XDES */
     735             :     {
     736             :         /*
     737             :          * "old"-style: setting - 2 bytes of salt key - only up to the first 8
     738             :          * characters of the input key are used.
     739             :          */
     740          10 :         count = 25;
     741             : 
     742          10 :         if (strlen(setting) < 2)
     743           2 :             ereport(ERROR,
     744             :                     (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
     745             :                      errmsg("invalid salt")));
     746             : 
     747           8 :         salt = (ascii_to_bin(setting[1]) << 6)
     748           8 :             | ascii_to_bin(setting[0]);
     749             : 
     750           8 :         output[0] = setting[0];
     751             : 
     752             :         /*
     753             :          * If the encrypted password that the salt was extracted from is only
     754             :          * 1 character long, the salt will be corrupted.  We need to ensure
     755             :          * that the output string doesn't have an extra NUL in it!
     756             :          */
     757           8 :         output[1] = setting[1] ? setting[1] : output[0];
     758             : 
     759           8 :         p = output + 2;
     760             :     }
     761          24 :     setup_salt(salt);
     762             : 
     763             :     /*
     764             :      * Do it.
     765             :      */
     766          24 :     if (do_des(0L, 0L, &r0, &r1, count))
     767           4 :         return NULL;
     768             : 
     769             :     /*
     770             :      * Now encode the result...
     771             :      */
     772          20 :     l = (r0 >> 8);
     773          20 :     *p++ = _crypt_a64[(l >> 18) & 0x3f];
     774          20 :     *p++ = _crypt_a64[(l >> 12) & 0x3f];
     775          20 :     *p++ = _crypt_a64[(l >> 6) & 0x3f];
     776          20 :     *p++ = _crypt_a64[l & 0x3f];
     777             : 
     778          20 :     l = (r0 << 16) | ((r1 >> 16) & 0xffff);
     779          20 :     *p++ = _crypt_a64[(l >> 18) & 0x3f];
     780          20 :     *p++ = _crypt_a64[(l >> 12) & 0x3f];
     781          20 :     *p++ = _crypt_a64[(l >> 6) & 0x3f];
     782          20 :     *p++ = _crypt_a64[l & 0x3f];
     783             : 
     784          20 :     l = r1 << 2;
     785          20 :     *p++ = _crypt_a64[(l >> 12) & 0x3f];
     786          20 :     *p++ = _crypt_a64[(l >> 6) & 0x3f];
     787          20 :     *p++ = _crypt_a64[l & 0x3f];
     788          20 :     *p = 0;
     789             : 
     790          20 :     return output;
     791             : }

Generated by: LCOV version 1.14