Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
* Makeconfig (all-subdirs): Add 'crypt' subdirectory. * sysdeps/unix/…
…sysv/linux/configure.in (inhibit_glue): Don't complain if there is no crypt add-on. * crypt/configure: Removed.

* crypt/crypt.texi: Update documentation of US export restrictions
to match the 14 Jan 2000 regulations.
2000-02-28  Geoff Keating  <geoffk@cygnus.com>

	* Makeconfig (all-subdirs): Add 'crypt' subdirectory.
	* sysdeps/unix/sysv/linux/configure.in (inhibit_glue): Don't
	complain if there is no crypt add-on.
	* crypt/configure: Removed.
	
	* crypt/crypt.texi: Update documentation of US export restrictions
	to match the 14 Jan 2000 regulations.

2000-02-28  Geoff Keating  <geoffk@cygnus.com>

	* crypt: New subdirectory, merged in from the crypt add-on.
  • Loading branch information
Geoff Keating committed Feb 29, 2000
1 parent 178f833 commit 63f791d
Show file tree
Hide file tree
Showing 31 changed files with 3,815 additions and 36 deletions.
14 changes: 14 additions & 0 deletions ChangeLog
@@ -1,3 +1,17 @@
2000-02-28 Geoff Keating <geoffk@cygnus.com>

* Makeconfig (all-subdirs): Add 'crypt' subdirectory.
* sysdeps/unix/sysv/linux/configure.in (inhibit_glue): Don't
complain if there is no crypt add-on.
* crypt/configure: Removed.

* crypt/crypt.texi: Update documentation of US export restrictions
to match the 14 Jan 2000 regulations.

2000-02-28 Geoff Keating <geoffk@cygnus.com>

* crypt: New subdirectory, merged in from the crypt add-on.

2000-02-28 Ulrich Drepper <drepper@redhat.com>

* include/unistd.h: Add __rmdir and __mkdir prototypes.
Expand Down
4 changes: 2 additions & 2 deletions Makeconfig
Expand Up @@ -782,8 +782,8 @@ all-subdirs = csu assert ctype locale intl catgets math setjmp signal \
stdlib stdio-common $(stdio) malloc string wcsmbs time dirent \
grp pwd posix io termios resource misc socket sysvipc gmon \
gnulib iconv iconvdata wctype manual shadow md5-crypt po argp \
$(add-ons) nss localedata timezone rt debug $(sysdep-subdirs) \
$(dlfcn) $(binfmt-subdir)
crypt $(add-ons) nss localedata timezone rt debug \
$(sysdep-subdirs) $(dlfcn) $(binfmt-subdir)
all-subdirs := $(filter-out $(sysdep-inhibit-subdirs),$(all-subdirs))

# The mach and hurd subdirectories have many generated header files which
Expand Down
1 change: 1 addition & 0 deletions crypt/Banner
@@ -0,0 +1 @@
crypt add-on version 2.1 by Michael Glad and others
482 changes: 482 additions & 0 deletions crypt/COPYING.LIB

Large diffs are not rendered by default.

24 changes: 24 additions & 0 deletions crypt/ChangeLog.old
@@ -0,0 +1,24 @@
1998-12-25 Geoff Keating <geoffk@ozemail.com.au>

* sysdeps/unix/ufc-crypt.h: Use <stdint.h>.

* configure: Delete the code dealing with building the add-on
outside glibc, as this doesn't work.

1998-12-10 Geoff Keating <geoffk@ozemail.com.au>

* sysdeps/unix/crypt-entry.c: Don't include "patchlevel.h".

* sysdeps/unix/crypt.h: Move __crypt_r, __setkey_r, __encrypt_r to...
* sysdeps/unix/crypt-private.h: ...here.

* sysdeps/unix/crypt.h: Add __restrict to the structure parameters.
* sysdeps/unix/crypt-private.h: Likewise. Also add const to
first parameter of _ufc_mk_keytab_r.
* sysdeps/unix/crypt.c: Update prototypes.
* sysdeps/unix/crypt-entry.c: Likewise.
* sysdeps/unix/crypt_util.c: Likewise.

* sysdeps/unix/crypt-entry.c (crypt): Use __crypt_r not crypt_r.

ChangeLog starts here, with version 2.0.96.
36 changes: 36 additions & 0 deletions crypt/Makefile
@@ -0,0 +1,36 @@
# Copyright (C) 1996 Free Software Foundation, Inc.
# This file is part of the GNU C Library.

# The GNU C Library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Library General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.

# The GNU C Library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Library General Public License for more details.

# You should have received a copy of the GNU Library General Public
# License along with the GNU C Library; see the file COPYING.LIB. If not,
# write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
# Boston, MA 02111-1307, USA.

#
# Sub-makefile for DES crypt portion of the library.
#
subdir := crypt

tests = cert

include ../Makeconfig

rpath-dirs += md5-crypt

include ../Rules

ifeq ($(build-shared),yes)
$(objpfx)cert: $(common-objpfx)md5-crypt/libcrypt.so$(libcrypt.so-version)
else
$(objpfx)cert: $(common-objpfx)md5-crypt/libcrypt.a
endif
49 changes: 49 additions & 0 deletions crypt/README
@@ -0,0 +1,49 @@
This is the distribution tar file for the cryptography add-on to the
GNU C library. For the version number, see the file "Banner".

The add-on is not included in the main distribution of the GNU C
library because some governments, most notably those of France,
Russia, and the US, have very restrictive rules governing the
distribution and use of encryption software. Please read the node
"Legal Problems" in the manual for more details.

In particular, the US does not allow export of this software without a
licence, including via the Internet. So please do not download it
from the main FSF FTP site at ftp.gnu.org if you are outside
the US. This software was completely developed outside the US.

To install the add-on, unpack the tar file in the top level of the GNU
C library distribution. Then build GNU C library like this:

configure --enable-add-ons
make
make install

It is not presently possible to add the add-on to the GNU C library
without recompiling the GNU C library.

The additional functionality provided by the add-on consists of:

* DES-based crypt(). This is only for backwards compatibility;
for new installations the MD5-based crypt(), provided with the main
GNU C library distribution, should be used instead.

* The AUTH_DES RPC authentication method. In a given situation, this
may be more or less secure than the AUTH_UNIX authentication method
which is provided with the main GNU C library distribution.

* User-visible DES encryption routines. Note that DES by itself is
not now considered a very secure encryption method.

The add-on also includes a manual, the file "crypt.texi". The manual
will be integrated with the GNU C library manual when the GNU C
library is installed.

Report bugs in this library (or its manual) in the same way as for the
GNU C library; that is, using the `glibcbug' shell script to send
e-mail to <bugs@gnu.org>. Simply run this shell script and fill in
the information. Nevertheless you can still send bug reports to
<bug-glibc@gnu.org> as normal electronic mails.

The add-on is free software. See the file COPYING.LIB for copying
conditions.
135 changes: 135 additions & 0 deletions crypt/README.ufc-crypt
@@ -0,0 +1,135 @@
The following is the README for UFC-crypt, with those portions deleted
that are known to be incorrect for the implementation used with the
GNU C library.


UFC-crypt: ultra fast 'crypt' implementation
============================================

@(#)README 2.27 11 Sep 1996

Design goals/non goals:
----------------------

- Crypt implementation plugin compatible with crypt(3)/fcrypt.

- High performance when used for password cracking.

- Portable to most 32/64 bit machines.

- Startup time/mixed salt performance not critical.

Features of the implementation:
------------------------------

- On most machines, UFC-crypt runs 30-60 times faster than crypt(3) when
invoked repeated times with the same salt and varying passwords.

- With mostly constant salts, performance is about two to three times
that of the default fcrypt implementation shipped with Alec
Muffets 'Crack' password cracker. For instructions on how to
plug UFC-crypt into 'Crack', see below.

- With alternating salts, performance is only about twice
that of crypt(3).

- Requires 165 kb for tables.

Author & licensing etc
----------------------

UFC-crypt is created by Michael Glad, email: glad@daimi.aau.dk, and has
been donated to the Free Software Foundation, Inc. It is covered by the
GNU library license version 2, see the file 'COPYING.LIB'.

NOTES FOR USERS OUTSIDE THE US:
------------------------------

The US government limits the export of DES based software/hardware.
This software is written in Aarhus, Denmark. It can therefore be retrieved
from ftp sites outside the US without breaking US law. Please do not
ftp it from american sites.

Benchmark table:
---------------

The table shows how many operations per second UFC-crypt can
do on various machines.

|--------------|-------------------------------------------|
|Machine | SUN* SUN* HP* DecStation HP |
| | 3/50 ELC 9000/425e 3100 9000/720 |
|--------------|-------------------------------------------|
| Crypt(3)/sec | 4.6 30 15 25 57 |
| Ufc/sec | 220 990 780 1015 3500 |
|--------------|-------------------------------------------|
| Speedup | 48 30 52 40 60 |
|--------------|-------------------------------------------|

*) Compiled using special assembly language support module.

It seems as if performance is limited by CPU bus and data cache capacity.
This also makes the benchmarks debatable compared to a real test with
UFC-crypt wired into Crack. However, the table gives an outline of
what can be expected.

Optimizations:
-------------

Here are the optimizations used relative to an ordinary implementation
such as the one said to be used in crypt(3).

Major optimizations
*******************

- Keep data packed as bits in integer variables -- allows for
fast permutations & parallel xor's in CPU hardware.

- Let adjacent final & initial permutations collapse.

- Keep working data in 'E expanded' format all the time.

- Implement DES 'f' function mostly by table lookup

- Calculate the above function on 12 bit basis rather than 6
as would be the most natural.

- Implement setup routines so that performance is limited by the DES
inner loops only.

- Instead of doing salting in the DES inner loops, modify the above tables
each time a new salt is seen. According to the BSD crypt code this is
ugly :-)

Minor (dirty) optimizations
***************************

- combine iterations of DES inner loop so that DES only loops
8 times. This saves a lot of variable swapping.

- Implement key access by a walking pointer rather than coding
as array indexing.

- As described, the table based f function uses a 3 dimensional array:

sb ['number of 12 bit segment']['12 bit index']['48 bit half index']

Code the routine with 4 (one dimensional) vectors.

- Design the internal data format & uglify the DES loops so that
the compiler does not need to do bit shifts when indexing vectors.

Revision history
****************

UFC patchlevel 0: base version; released to alt.sources on Sep 24 1991
UFC patchlevel 1: patch released to alt.sources on Sep 27 1991.
No longer rebuilds sb tables when seeing a new salt.
UFC-crypt pl0: Essentially UFC pl 1. Released to comp.sources.misc
on Oct 22 1991.
UFC-crypt pl1: Released to comp.sources.misc in march 1992
* setkey/encrypt routines added
* added validation/benchmarking programs
* reworked keyschedule setup code
* memory demands reduced
* 64 bit support added
112 changes: 112 additions & 0 deletions crypt/cert.c
@@ -0,0 +1,112 @@

/*
* This crypt(3) validation program shipped with UFC-crypt
* is derived from one distributed with Phil Karns PD DES package.
*
* @(#)cert.c 1.8 11 Aug 1996
*/

#include <stdio.h>
#include "crypt.h"

int totfails = 0;

#if __STDC__ - 0
int main (int argc, char *argv[]);
void get8 (char *cp);
void put8 (char *cp);
void good_bye (void) __attribute__ ((noreturn));
#else
void get8(), put8();
#endif

void good_bye ()
{
if(totfails == 0) {
printf("Passed DES validation suite\n");
exit(0);
} else {
printf("%d failures during DES validation suite!!!\n", totfails);
exit(1);
}
}

int
main(argc, argv)
int argc;
char *argv[];
{
char key[64],plain[64],cipher[64],answer[64];
int i;
int test;
int fail;

for(test=0;!feof(stdin);test++){

get8(key);
printf(" K: "); put8(key);
setkey(key);

get8(plain);
printf(" P: "); put8(plain);

get8(answer);
printf(" C: "); put8(answer);

for(i=0;i<64;i++)
cipher[i] = plain[i];
encrypt(cipher, 0);

for(i=0;i<64;i++)
if(cipher[i] != answer[i])
break;
fail = 0;
if(i != 64){
printf(" Encrypt FAIL");
fail++; totfails++;
}

encrypt(cipher, 1);

for(i=0;i<64;i++)
if(cipher[i] != plain[i])
break;
if(i != 64){
printf(" Decrypt FAIL");
fail++; totfails++;
}

if(fail == 0)
printf(" OK");
printf("\n");
}
good_bye();
}
void
get8(cp)
char *cp;
{
int i,j,t;

for(i=0;i<8;i++){
scanf("%2x",&t);
if(feof(stdin))
good_bye();
for(j=0; j<8 ; j++) {
*cp++ = (t & (0x01 << (7-j))) != 0;
}
}
}
void
put8(cp)
char *cp;
{
int i,j,t;

for(i=0;i<8;i++){
t = 0;
for(j = 0; j<8; j++)
t = (t<<1) | *cp++;
printf("%02x", t);
}
}

0 comments on commit 63f791d

Please sign in to comment.