2 * FreeSec: libcrypt for NetBSD
4 * contrib/pgcrypto/crypt-des.c
6 * Copyright (c) 1994 David Burren
9 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
10 * this file should now *only* export crypt(), in order to make
11 * binaries of libcrypt exportable from the USA
13 * Adapted for FreeBSD-4.0 by Mark R V Murray
14 * this file should now *only* export px_crypt_des(), in order to make
15 * a module that can be optionally included in libcrypt.
17 * Redistribution and use in source and binary forms, with or without
18 * modification, are permitted provided that the following conditions
20 * 1. Redistributions of source code must retain the above copyright
21 * notice, this list of conditions and the following disclaimer.
22 * 2. Redistributions in binary form must reproduce the above copyright
23 * notice, this list of conditions and the following disclaimer in the
24 * documentation and/or other materials provided with the distribution.
25 * 3. Neither the name of the author nor the names of other contributors
26 * may be used to endorse or promote products derived from this software
27 * without specific prior written permission.
29 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
30 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
31 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
32 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
33 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
35 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
36 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
37 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
38 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
41 * $FreeBSD: src/secure/lib/libcrypt/crypt-des.c,v 1.12 1999/09/20 12:39:20 markm Exp $
43 * This is an original implementation of the DES and the crypt(3) interfaces
44 * by David Burren <davidb@werj.com.au>.
46 * An excellent reference on the underlying algorithm (and related
49 * B. Schneier, Applied Cryptography: protocols, algorithms,
50 * and source code in C, John Wiley & Sons, 1994.
52 * Note that in that book's description of DES the lookups for the initial,
53 * pbox, and final permutations are inverted (this has been brought to the
54 * attention of the author). A list of errata for this book has been
55 * posted to the sci.crypt newsgroup by the author and is available for FTP.
57 * ARCHITECTURE ASSUMPTIONS:
58 * It is assumed that the 8-byte arrays passed by reference can be
59 * addressed as arrays of uint32's (ie. the CPU is not picky about
64 #include "miscadmin.h"
65 #include "port/pg_bswap.h"
69 #define _PASSWORD_EFMT1 '_'
71 static const char _crypt_a64[] =
72 "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
74 static uint8 IP[64] = {
75 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
76 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
77 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
78 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
81 static uint8 inv_key_perm[64];
82 static uint8 u_key_perm[56];
83 static uint8 key_perm[56] = {
84 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
85 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
86 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
87 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
90 static uint8 key_shifts[16] = {
91 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
94 static uint8 inv_comp_perm[56];
95 static uint8 comp_perm[48] = {
96 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
97 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
98 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
99 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
103 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
106 static uint8 u_sbox[8][64];
107 static uint8 sbox[8][64] = {
109 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
110 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
111 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
112 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
115 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
116 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
117 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
118 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
121 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
122 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
123 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
124 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
127 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
128 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
129 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
130 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
133 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
134 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
135 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
136 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
139 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
140 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
141 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
142 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
145 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
146 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
147 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
148 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
151 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
152 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
153 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
154 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
158 static uint8 un_pbox[32];
159 static uint8 pbox[32] = {
160 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
161 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
164 static uint32 _crypt_bits32[32] =
166 0x80000000, 0x40000000, 0x20000000, 0x10000000,
167 0x08000000, 0x04000000, 0x02000000, 0x01000000,
168 0x00800000, 0x00400000, 0x00200000, 0x00100000,
169 0x00080000, 0x00040000, 0x00020000, 0x00010000,
170 0x00008000, 0x00004000, 0x00002000, 0x00001000,
171 0x00000800, 0x00000400, 0x00000200, 0x00000100,
172 0x00000080, 0x00000040, 0x00000020, 0x00000010,
173 0x00000008, 0x00000004, 0x00000002, 0x00000001
176 static uint8 _crypt_bits8[8] = {0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01};
178 static uint32 saltbits;
179 static long old_salt;
180 static uint32 *bits28,
182 static uint8 init_perm[64],
184 static uint32 en_keysl[16],
186 static uint32 de_keysl[16],
188 static int des_initialised = 0;
189 static uint8 m_sbox[4][4096];
190 static uint32 psbox[4][256];
191 static uint32 ip_maskl[8][256],
193 static uint32 fp_maskl[8][256],
195 static uint32 key_perm_maskl[8][128],
196 key_perm_maskr[8][128];
197 static uint32 comp_maskl[8][128],
199 static uint32 old_rawkey0,
203 ascii_to_bin(char ch)
208 return (ch - 'a' + 38);
212 return (ch - 'A' + 12);
235 old_rawkey0 = old_rawkey1 = 0L;
238 bits24 = (bits28 = _crypt_bits32 + 4) + 4;
241 * Invert the S-boxes, reordering the input bits.
243 for (i = 0; i < 8; i++)
244 for (j = 0; j < 64; j++)
246 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
247 u_sbox[i][j] = sbox[i][b];
251 * Convert the inverted S-boxes into 4 arrays of 8 bits. Each will handle
252 * 12 bits of the S-box input.
254 for (b = 0; b < 4; b++)
255 for (i = 0; i < 64; i++)
256 for (j = 0; j < 64; j++)
257 m_sbox[b][(i << 6) | j] =
258 (u_sbox[(b << 1)][i] << 4) |
259 u_sbox[(b << 1) + 1][j];
262 * Set up the initial & final permutations into a useful form, and
263 * initialise the inverted key permutation.
265 for (i = 0; i < 64; i++)
267 init_perm[final_perm[i] = IP[i] - 1] = i;
268 inv_key_perm[i] = 255;
272 * Invert the key permutation and initialise the inverted key compression
275 for (i = 0; i < 56; i++)
277 u_key_perm[i] = key_perm[i] - 1;
278 inv_key_perm[key_perm[i] - 1] = i;
279 inv_comp_perm[i] = 255;
283 * Invert the key compression permutation.
285 for (i = 0; i < 48; i++)
286 inv_comp_perm[comp_perm[i] - 1] = i;
289 * Set up the OR-mask arrays for the initial and final permutations, and
290 * for the key initial and compression permutations.
292 for (k = 0; k < 8; k++)
294 for (i = 0; i < 256; i++)
296 *(il = &ip_maskl[k][i]) = 0L;
297 *(ir = &ip_maskr[k][i]) = 0L;
298 *(fl = &fp_maskl[k][i]) = 0L;
299 *(fr = &fp_maskr[k][i]) = 0L;
300 for (j = 0; j < 8; j++)
303 if (i & _crypt_bits8[j])
305 if ((obit = init_perm[inbit]) < 32)
306 *il |= _crypt_bits32[obit];
308 *ir |= _crypt_bits32[obit - 32];
309 if ((obit = final_perm[inbit]) < 32)
310 *fl |= _crypt_bits32[obit];
312 *fr |= _crypt_bits32[obit - 32];
316 for (i = 0; i < 128; i++)
318 *(il = &key_perm_maskl[k][i]) = 0L;
319 *(ir = &key_perm_maskr[k][i]) = 0L;
320 for (j = 0; j < 7; j++)
323 if (i & _crypt_bits8[j + 1])
325 if ((obit = inv_key_perm[inbit]) == 255)
330 *ir |= bits28[obit - 28];
333 *(il = &comp_maskl[k][i]) = 0L;
334 *(ir = &comp_maskr[k][i]) = 0L;
335 for (j = 0; j < 7; j++)
338 if (i & _crypt_bits8[j + 1])
340 if ((obit = inv_comp_perm[inbit]) == 255)
345 *ir |= bits24[obit - 24];
352 * Invert the P-box permutation, and convert into OR-masks for handling
353 * the output of the S-box arrays setup above.
355 for (i = 0; i < 32; i++)
356 un_pbox[pbox[i] - 1] = i;
358 for (b = 0; b < 4; b++)
359 for (i = 0; i < 256; i++)
361 *(p = &psbox[b][i]) = 0L;
362 for (j = 0; j < 8; j++)
364 if (i & _crypt_bits8[j])
365 *p |= _crypt_bits32[un_pbox[8 * b + j]];
373 setup_salt(long salt)
379 if (salt == old_salt)
386 for (i = 0; i < 24; i++)
396 des_setkey(const char *key)
405 if (!des_initialised)
408 rawkey0 = pg_ntoh32(*(const uint32 *) key);
409 rawkey1 = pg_ntoh32(*(const uint32 *) (key + 4));
411 if ((rawkey0 | rawkey1)
412 && rawkey0 == old_rawkey0
413 && rawkey1 == old_rawkey1)
416 * Already setup for this key. This optimization fails on a zero key
417 * (which is weak and has bad parity anyway) in order to simplify the
418 * starting conditions.
422 old_rawkey0 = rawkey0;
423 old_rawkey1 = rawkey1;
426 * Do key permutation and split into two 28-bit subkeys.
428 k0 = key_perm_maskl[0][rawkey0 >> 25]
429 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
430 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
431 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
432 | key_perm_maskl[4][rawkey1 >> 25]
433 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
434 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
435 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
436 k1 = key_perm_maskr[0][rawkey0 >> 25]
437 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
438 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
439 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
440 | key_perm_maskr[4][rawkey1 >> 25]
441 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
442 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
443 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
446 * Rotate subkeys and do compression permutation.
449 for (round = 0; round < 16; round++)
454 shifts += key_shifts[round];
456 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
457 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
459 de_keysl[15 - round] =
460 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
461 | comp_maskl[1][(t0 >> 14) & 0x7f]
462 | comp_maskl[2][(t0 >> 7) & 0x7f]
463 | comp_maskl[3][t0 & 0x7f]
464 | comp_maskl[4][(t1 >> 21) & 0x7f]
465 | comp_maskl[5][(t1 >> 14) & 0x7f]
466 | comp_maskl[6][(t1 >> 7) & 0x7f]
467 | comp_maskl[7][t1 & 0x7f];
469 de_keysr[15 - round] =
470 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
471 | comp_maskr[1][(t0 >> 14) & 0x7f]
472 | comp_maskr[2][(t0 >> 7) & 0x7f]
473 | comp_maskr[3][t0 & 0x7f]
474 | comp_maskr[4][(t1 >> 21) & 0x7f]
475 | comp_maskr[5][(t1 >> 14) & 0x7f]
476 | comp_maskr[6][(t1 >> 7) & 0x7f]
477 | comp_maskr[7][t1 & 0x7f];
483 do_des(uint32 l_in, uint32 r_in, uint32 *l_out, uint32 *r_out, int count)
486 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
520 * Do initial permutation (IP).
522 l = ip_maskl[0][l_in >> 24]
523 | ip_maskl[1][(l_in >> 16) & 0xff]
524 | ip_maskl[2][(l_in >> 8) & 0xff]
525 | ip_maskl[3][l_in & 0xff]
526 | ip_maskl[4][r_in >> 24]
527 | ip_maskl[5][(r_in >> 16) & 0xff]
528 | ip_maskl[6][(r_in >> 8) & 0xff]
529 | ip_maskl[7][r_in & 0xff];
530 r = ip_maskr[0][l_in >> 24]
531 | ip_maskr[1][(l_in >> 16) & 0xff]
532 | ip_maskr[2][(l_in >> 8) & 0xff]
533 | ip_maskr[3][l_in & 0xff]
534 | ip_maskr[4][r_in >> 24]
535 | ip_maskr[5][(r_in >> 16) & 0xff]
536 | ip_maskr[6][(r_in >> 8) & 0xff]
537 | ip_maskr[7][r_in & 0xff];
541 CHECK_FOR_INTERRUPTS();
552 * Expand R to 48 bits (simulate the E-box).
554 r48l = ((r & 0x00000001) << 23)
555 | ((r & 0xf8000000) >> 9)
556 | ((r & 0x1f800000) >> 11)
557 | ((r & 0x01f80000) >> 13)
558 | ((r & 0x001f8000) >> 15);
560 r48r = ((r & 0x0001f800) << 7)
561 | ((r & 0x00001f80) << 5)
562 | ((r & 0x000001f8) << 3)
563 | ((r & 0x0000001f) << 1)
564 | ((r & 0x80000000) >> 31);
567 * Do salting for crypt() and friends, and XOR with the permuted
570 f = (r48l ^ r48r) & saltbits;
575 * Do sbox lookups (which shrink it back to 32 bits) and do the
576 * pbox permutation at the same time.
578 f = psbox[0][m_sbox[0][r48l >> 12]]
579 | psbox[1][m_sbox[1][r48l & 0xfff]]
580 | psbox[2][m_sbox[2][r48r >> 12]]
581 | psbox[3][m_sbox[3][r48r & 0xfff]];
584 * Now that we've permuted things, complete f().
595 * Do final permutation (inverse of IP).
597 *l_out = fp_maskl[0][l >> 24]
598 | fp_maskl[1][(l >> 16) & 0xff]
599 | fp_maskl[2][(l >> 8) & 0xff]
600 | fp_maskl[3][l & 0xff]
601 | fp_maskl[4][r >> 24]
602 | fp_maskl[5][(r >> 16) & 0xff]
603 | fp_maskl[6][(r >> 8) & 0xff]
604 | fp_maskl[7][r & 0xff];
605 *r_out = fp_maskr[0][l >> 24]
606 | fp_maskr[1][(l >> 16) & 0xff]
607 | fp_maskr[2][(l >> 8) & 0xff]
608 | fp_maskr[3][l & 0xff]
609 | fp_maskr[4][r >> 24]
610 | fp_maskr[5][(r >> 16) & 0xff]
611 | fp_maskr[6][(r >> 8) & 0xff]
612 | fp_maskr[7][r & 0xff];
617 des_cipher(const char *in, char *out, long salt, int count)
626 if (!des_initialised)
631 /* copy data to avoid assuming input is word-aligned */
632 memcpy(buffer, in, sizeof(buffer));
634 rawl = pg_ntoh32(buffer[0]);
635 rawr = pg_ntoh32(buffer[1]);
637 retval = do_des(rawl, rawr, &l_out, &r_out, count);
641 buffer[0] = pg_hton32(l_out);
642 buffer[1] = pg_hton32(r_out);
644 /* copy data to avoid assuming output is word-aligned */
645 memcpy(out, buffer, sizeof(buffer));
651 px_crypt_des(const char *key, const char *setting)
662 static char output[21];
664 if (!des_initialised)
669 * Copy the key, shifting each character up by one bit and padding with
672 q = (uint8 *) keybuf;
673 while (q - (uint8 *) keybuf - 8)
679 if (des_setkey((char *) keybuf))
683 if (*setting == _PASSWORD_EFMT1)
686 * "new"-style: setting must be a 9-character (underscore, then 4
687 * bytes of count, then 4 bytes of salt) string. See CRYPT(3) under
688 * the "Extended crypt" heading for further details.
690 * Unlimited characters of the input key are used. This is known as
691 * the "Extended crypt" DES method.
694 if (strlen(setting) < 9)
696 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
697 errmsg("invalid salt")));
699 for (i = 1, count = 0L; i < 5; i++)
700 count |= ascii_to_bin(setting[i]) << (i - 1) * 6;
702 for (i = 5, salt = 0L; i < 9; i++)
703 salt |= ascii_to_bin(setting[i]) << (i - 5) * 6;
708 * Encrypt the key with itself.
710 if (des_cipher((char *) keybuf, (char *) keybuf, 0L, 1))
714 * And XOR with the next 8 characters of the key.
716 q = (uint8 *) keybuf;
717 while (q - (uint8 *) keybuf - 8 && *key)
720 if (des_setkey((char *) keybuf))
723 StrNCpy(output, setting, 10);
726 * Double check that we weren't given a short setting. If we were, the
727 * above code will probably have created weird values for count and
728 * salt, but we don't really care. Just make sure the output string
729 * doesn't have an extra NUL in it.
731 p = output + strlen(output);
734 #endif /* !DISABLE_XDES */
737 * "old"-style: setting - 2 bytes of salt key - only up to the first 8
738 * characters of the input key are used.
742 if (strlen(setting) < 2)
744 (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
745 errmsg("invalid salt")));
747 salt = (ascii_to_bin(setting[1]) << 6)
748 | ascii_to_bin(setting[0]);
750 output[0] = setting[0];
753 * If the encrypted password that the salt was extracted from is only
754 * 1 character long, the salt will be corrupted. We need to ensure
755 * that the output string doesn't have an extra NUL in it!
757 output[1] = setting[1] ? setting[1] : output[0];
766 if (do_des(0L, 0L, &r0, &r1, count))
770 * Now encode the result...
773 *p++ = _crypt_a64[(l >> 18) & 0x3f];
774 *p++ = _crypt_a64[(l >> 12) & 0x3f];
775 *p++ = _crypt_a64[(l >> 6) & 0x3f];
776 *p++ = _crypt_a64[l & 0x3f];
778 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
779 *p++ = _crypt_a64[(l >> 18) & 0x3f];
780 *p++ = _crypt_a64[(l >> 12) & 0x3f];
781 *p++ = _crypt_a64[(l >> 6) & 0x3f];
782 *p++ = _crypt_a64[l & 0x3f];
785 *p++ = _crypt_a64[(l >> 12) & 0x3f];
786 *p++ = _crypt_a64[(l >> 6) & 0x3f];
787 *p++ = _crypt_a64[l & 0x3f];