bf_std.c

UNIX、linux密码的破密程序源代码实现

			0x85cbfe4e, 0x8ae88dd8, 0x7aaaf9b0, 0x4cf9aa7e,
			0x1948c25c, 0x02fb8a8c, 0x01c36ae4, 0xd6ebe1f9,
			0x90d4f869, 0xa65cdea0, 0x3f09252d, 0xc208e69f,
			0xb74e6132, 0xce77e25b, 0x578fdfe3, 0x3ac372e6
		}
	}, {
		0x243f6a88, 0x85a308d3, 0x13198a2e, 0x03707344,
		0xa4093822, 0x299f31d0, 0x082efa98, 0xec4e6c89,
		0x452821e6, 0x38d01377, 0xbe5466cf, 0x34e90c6c,
		0xc0ac29b7, 0xc97c50dd, 0x3f84d5b5, 0xb5470917,
		0x9216d5d9, 0x8979fb1b
	}
};

/*
 * Same charset, different order -- can't use the common.c table here.
 */
unsigned char BF_atoi64[0x80] = {
	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64,
	64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 0, 1,
	54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 64, 64, 64, 64, 64,
	64, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
	17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 64, 64, 64, 64, 64,
	64, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42,
	43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 64, 64, 64, 64, 64
};

#if ARCH_LITTLE_ENDIAN

static void BF_swap(BF_word *x, int count)
{
	BF_word tmp;

	do {
		tmp = *x;
		tmp = (tmp << 16) | (tmp >> 16);
		*x++ = ((tmp & 0x00FF00FF) << 8) | ((tmp >> 8) & 0x00FF00FF);
	} while (--count);
}

#else

#define BF_swap(x, count)

#endif

#if BF_SCALE
/* Architectures which can shift addresses left by 2 bits with no extra cost */
#define BF_ROUND(L, R, N) \
	tmp1 = L & 0xFF; \
	tmp2 = L >> 8; \
	tmp2 &= 0xFF; \
	tmp3 = L >> 16; \
	tmp3 &= 0xFF; \
	tmp4 = L >> 24; \
	tmp1 = BF_current.S[3][tmp1]; \
	tmp2 = BF_current.S[2][tmp2]; \
	tmp3 = BF_current.S[1][tmp3]; \
	tmp3 += BF_current.S[0][tmp4]; \
	tmp3 ^= tmp2; \
	R ^= BF_current.P[N + 1]; \
	tmp3 += tmp1; \
	R ^= tmp3;
#else
/* Architectures with no complicated addressing modes supported */
#define BF_INDEX(S, i) \
	(*((BF_word *)(((unsigned char *)S) + (i))))
#define BF_ROUND(L, R, N) \
	tmp1 = L & 0xFF; \
	tmp1 <<= 2; \
	tmp2 = L >> 6; \
	tmp2 &= 0x3FC; \
	tmp3 = L >> 14; \
	tmp3 &= 0x3FC; \
	tmp4 = L >> 22; \
	tmp4 &= 0x3FC; \
	tmp1 = BF_INDEX(BF_current.S[3], tmp1); \
	tmp2 = BF_INDEX(BF_current.S[2], tmp2); \
	tmp3 = BF_INDEX(BF_current.S[1], tmp3); \
	tmp3 += BF_INDEX(BF_current.S[0], tmp4); \
	tmp3 ^= tmp2; \
	R ^= BF_current.P[N + 1]; \
	tmp3 += tmp1; \
	R ^= tmp3;
#endif

/*
 * Encrypt one block, BF_N is hardcoded here.
 */
#define BF_ENCRYPT \
	L ^= BF_current.P[0]; \
	BF_ROUND(L, R, 0); \
	BF_ROUND(R, L, 1); \
	BF_ROUND(L, R, 2); \
	BF_ROUND(R, L, 3); \
	BF_ROUND(L, R, 4); \
	BF_ROUND(R, L, 5); \
	BF_ROUND(L, R, 6); \
	BF_ROUND(R, L, 7); \
	BF_ROUND(L, R, 8); \
	BF_ROUND(R, L, 9); \
	BF_ROUND(L, R, 10); \
	BF_ROUND(R, L, 11); \
	BF_ROUND(L, R, 12); \
	BF_ROUND(R, L, 13); \
	BF_ROUND(L, R, 14); \
	BF_ROUND(R, L, 15); \
	tmp4 = R; \
	R = L; \
	L = tmp4 ^ BF_current.P[BF_N + 1];

#if BF_ASM

extern void (*BF_body)(void);

#else

#define BF_body() \
	L = R = 0; \
	ptr = BF_current.P; \
	do { \
		ptr += 2; \
		BF_ENCRYPT; \
		*(ptr - 2) = L; \
		*(ptr - 1) = R; \
	} while (ptr < &BF_current.P[BF_N + 2]); \
\
	ptr = BF_current.S[0]; \
	do { \
		ptr += 2; \
		BF_ENCRYPT; \
		*(ptr - 2) = L; \
		*(ptr - 1) = R; \
	} while (ptr < &BF_current.S[3][0xFF]);

#endif

void BF_std_set_key(char *key)
{
	char *ptr = key;
	int i, j;
	BF_word tmp;

	for (i = 0; i < BF_N + 2; i++) {
		tmp = 0;
		for (j = 0; j < 4; j++) {
			tmp <<= 8;
			tmp |= *ptr;

			if (!*ptr) ptr = key; else ptr++;
		}

		BF_exp_key[i] = tmp;
		BF_init_key[i] = BF_init_state.P[i] ^ tmp;
	}
}

void BF_std_crypt(BF_salt salt)
{
	BF_word L, R;
	BF_word tmp1, tmp2, tmp3, tmp4;
	BF_word *ptr;
	BF_word count;
	int i;

	memcpy(BF_current.S, BF_init_state.S, sizeof(BF_current.S));
	memcpy(BF_current.P, BF_init_key, sizeof(BF_current.P));

	L = R = 0;
	for (i = 0; i < BF_N + 2; i += 2) {
		L ^= salt[i & 2];
		R ^= salt[(i & 2) + 1];
		BF_ENCRYPT;
		BF_current.P[i] = L;
		BF_current.P[i + 1] = R;
	}

	ptr = BF_current.S[0];
	do {
		ptr += 4;
		L ^= salt[(BF_N + 2) & 3];
		R ^= salt[(BF_N + 3) & 3];
		BF_ENCRYPT;
		*(ptr - 4) = L;
		*(ptr - 3) = R;

		L ^= salt[(BF_N + 4) & 3];
		R ^= salt[(BF_N + 5) & 3];
		BF_ENCRYPT;
		*(ptr - 2) = L;
		*(ptr - 1) = R;
	} while (ptr < &BF_current.S[3][0xFF]);

	count = salt[4];
	do {
		BF_current.P[0] ^= BF_exp_key[0];
		BF_current.P[1] ^= BF_exp_key[1];
		BF_current.P[2] ^= BF_exp_key[2];
		BF_current.P[3] ^= BF_exp_key[3];
		BF_current.P[4] ^= BF_exp_key[4];
		BF_current.P[5] ^= BF_exp_key[5];
		BF_current.P[6] ^= BF_exp_key[6];
		BF_current.P[7] ^= BF_exp_key[7];
		BF_current.P[8] ^= BF_exp_key[8];
		BF_current.P[9] ^= BF_exp_key[9];
		BF_current.P[10] ^= BF_exp_key[10];
		BF_current.P[11] ^= BF_exp_key[11];
		BF_current.P[12] ^= BF_exp_key[12];
		BF_current.P[13] ^= BF_exp_key[13];
		BF_current.P[14] ^= BF_exp_key[14];
		BF_current.P[15] ^= BF_exp_key[15];
		BF_current.P[16] ^= BF_exp_key[16];
		BF_current.P[17] ^= BF_exp_key[17];

		BF_body();

		tmp1 = salt[0];
		tmp2 = salt[1];
		tmp3 = salt[2];
		tmp4 = salt[3];
		BF_current.P[0] ^= tmp1;
		BF_current.P[1] ^= tmp2;
		BF_current.P[2] ^= tmp3;
		BF_current.P[3] ^= tmp4;
		BF_current.P[4] ^= tmp1;
		BF_current.P[5] ^= tmp2;
		BF_current.P[6] ^= tmp3;
		BF_current.P[7] ^= tmp4;
		BF_current.P[8] ^= tmp1;
		BF_current.P[9] ^= tmp2;
		BF_current.P[10] ^= tmp3;
		BF_current.P[11] ^= tmp4;
		BF_current.P[12] ^= tmp1;
		BF_current.P[13] ^= tmp2;
		BF_current.P[14] ^= tmp3;
		BF_current.P[15] ^= tmp4;
		BF_current.P[16] ^= tmp1;
		BF_current.P[17] ^= tmp2;

		BF_body();
	} while (--count);

	L = BF_magic_w[0];
	R = BF_magic_w[1];

	count = 64;
	do {
		BF_ENCRYPT;
	} while (--count);

	BF_out[0] = L;
	BF_out[1] = R;
}

void BF_std_crypt_exact(void)
{
	BF_word L, R;
	BF_word tmp1, tmp2, tmp3, tmp4;
	BF_word count;
	int i;

	memcpy(&BF_out[2], &BF_magic_w[2], sizeof(BF_word) * 4);

	count = 64;
	do
	for (i = 2; i < 6; i += 2) {
		L = BF_out[i];
		R = BF_out[i + 1];
		BF_ENCRYPT;
		BF_out[i] = L;
		BF_out[i + 1] = R;
	} while (--count);

/* This has to be bug-compatible with the original implementation :-) */
	BF_out[5] &= ~(BF_word)0xFF;
}

/*
 * I'm not doing any error checking in the routines below since the
 * ciphertext should have already been checked to be fmt_BF.valid().
 */

static void BF_decode(BF_word *dst, char *src, int size)
{
	unsigned char *dptr = (unsigned char *)dst;
	unsigned char *end = dptr + size;
	unsigned char *sptr = (unsigned char *)src;
	unsigned int c1, c2, c3, c4;

	do {
		c1 = BF_atoi64[ARCH_INDEX(*sptr++)];
		c2 = BF_atoi64[ARCH_INDEX(*sptr++)];
		*dptr++ = (c1 << 2) | ((c2 & 0x30) >> 4);
		if (dptr >= end) break;

		c3 = BF_atoi64[ARCH_INDEX(*sptr++)];
		*dptr++ = ((c2 & 0x0F) << 4) | ((c3 & 0x3C) >> 2);
		if (dptr >= end) break;

		c4 = BF_atoi64[ARCH_INDEX(*sptr++)];
		*dptr++ = ((c3 & 0x03) << 6) | c4;
	} while (dptr < end);
}

BF_word *BF_std_get_salt(char *ciphertext)
{
	static BF_salt salt;

	BF_decode(salt, &ciphertext[7], 16);
	BF_swap(salt, 4);

	salt[4] = (BF_word)1 << atoi(&ciphertext[4]);

	return salt;
}

BF_word *BF_std_get_binary(char *ciphertext)
{
	static BF_binary binary;

	binary[5] = 0;
	BF_decode(binary, &ciphertext[29], 23);
	BF_swap(binary, 6);
	binary[5] &= ~(BF_word)0xFF;

	return binary;
}