2 * FreeSec: libcrypt for NetBSD
4 * Copyright (c) 1994 David Burren
7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8 * this file should now *only* export crypt(), in order to make
9 * binaries of libcrypt exportable from the USA
11 * Adapted for FreeBSD-4.0 by Mark R V Murray
12 * this file should now *only* export crypt_des(), in order to make
13 * a module that can be optionally included in libcrypt.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. Neither the name of the author nor the names of other contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * This is an original implementation of the DES and the crypt(3) interfaces
40 * by David Burren <davidb@werj.com.au>.
42 * An excellent reference on the underlying algorithm (and related
45 * B. Schneier, Applied Cryptography: protocols, algorithms,
46 * and source code in C, John Wiley & Sons, 1994.
48 * Note that in that book's description of DES the lookups for the initial,
49 * pbox, and final permutations are inverted (this has been brought to the
50 * attention of the author). A list of errata for this book has been
51 * posted to the sci.crypt newsgroup by the author and is available for FTP.
53 * ARCHITECTURE ASSUMPTIONS:
54 * It is assumed that the 8-byte arrays passed by reference can be
55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about
60 #include <sys/cdefs.h>
61 #include <sys/types.h>
62 #include <sys/param.h>
63 #include <netinet/in.h>
69 /* Re-entrantify me -- all this junk needs to be in
70 * struct crypt_data to make this really reentrant... */
71 static u_char inv_key_perm[64];
72 static u_char inv_comp_perm[56];
73 static u_char un_pbox[32];
74 static u_int32_t en_keysl[16], en_keysr[16];
75 static u_int32_t de_keysl[16], de_keysr[16];
76 static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
77 static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
78 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
79 static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
80 static u_int32_t saltbits;
81 static u_int32_t old_salt;
82 static u_int32_t old_rawkey0, old_rawkey1;
85 /* Static stuff that stays resident and doesn't change after
86 * being initialized, and therefore doesn't need to be made
88 static u_char init_perm[64], final_perm[64];
89 static u_char m_sbox[4][4096];
90 static u_int32_t psbox[4][256];
96 static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
98 static const u_char IP[64] = {
99 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
100 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
101 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
102 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
105 static const u_char key_perm[56] = {
106 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
107 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
108 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
109 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
112 static const u_char key_shifts[16] = {
113 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
116 static const u_char comp_perm[48] = {
117 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
118 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
119 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
120 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
124 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
127 static const u_char sbox[8][64] = {
129 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
130 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
131 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
132 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
135 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
136 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
137 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
138 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
141 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
142 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
143 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
144 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
147 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
148 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
149 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
150 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
153 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
154 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
155 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
156 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
159 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
160 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
161 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
162 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
165 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
166 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
167 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
168 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
171 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
172 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
173 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
174 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
178 static const u_char pbox[32] = {
179 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
180 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
183 static const u_int32_t bits32[32] =
185 0x80000000, 0x40000000, 0x20000000, 0x10000000,
186 0x08000000, 0x04000000, 0x02000000, 0x01000000,
187 0x00800000, 0x00400000, 0x00200000, 0x00100000,
188 0x00080000, 0x00040000, 0x00020000, 0x00010000,
189 0x00008000, 0x00004000, 0x00002000, 0x00001000,
190 0x00000800, 0x00000400, 0x00000200, 0x00000100,
191 0x00000080, 0x00000040, 0x00000020, 0x00000010,
192 0x00000008, 0x00000004, 0x00000002, 0x00000001
195 static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
199 ascii_to_bin(char ch)
204 return(ch - 'a' + 38);
208 return(ch - 'A' + 12);
219 static int des_initialised = 0;
221 int i, j, b, k, inbit, obit;
222 u_int32_t *p, *il, *ir, *fl, *fr;
223 const u_int32_t *bits28, *bits24;
224 u_char u_sbox[8][64];
226 if (des_initialised==1)
229 old_rawkey0 = old_rawkey1 = 0L;
232 bits24 = (bits28 = bits32 + 4) + 4;
235 * Invert the S-boxes, reordering the input bits.
237 for (i = 0; i < 8; i++)
238 for (j = 0; j < 64; j++) {
239 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
240 u_sbox[i][j] = sbox[i][b];
244 * Convert the inverted S-boxes into 4 arrays of 8 bits.
245 * Each will handle 12 bits of the S-box input.
247 for (b = 0; b < 4; b++)
248 for (i = 0; i < 64; i++)
249 for (j = 0; j < 64; j++)
250 m_sbox[b][(i << 6) | j] =
251 (u_char)((u_sbox[(b << 1)][i] << 4) |
252 u_sbox[(b << 1) + 1][j]);
255 * Set up the initial & final permutations into a useful form, and
256 * initialise the inverted key permutation.
258 for (i = 0; i < 64; i++) {
259 init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
260 inv_key_perm[i] = 255;
264 * Invert the key permutation and initialise the inverted key
265 * compression permutation.
267 for (i = 0; i < 56; i++) {
268 inv_key_perm[key_perm[i] - 1] = (u_char)i;
269 inv_comp_perm[i] = 255;
273 * Invert the key compression permutation.
275 for (i = 0; i < 48; i++) {
276 inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
280 * Set up the OR-mask arrays for the initial and final permutations,
281 * and for the key initial and compression permutations.
283 for (k = 0; k < 8; k++) {
284 for (i = 0; i < 256; i++) {
285 *(il = &ip_maskl[k][i]) = 0L;
286 *(ir = &ip_maskr[k][i]) = 0L;
287 *(fl = &fp_maskl[k][i]) = 0L;
288 *(fr = &fp_maskr[k][i]) = 0L;
289 for (j = 0; j < 8; j++) {
292 if ((obit = init_perm[inbit]) < 32)
295 *ir |= bits32[obit-32];
296 if ((obit = final_perm[inbit]) < 32)
299 *fr |= bits32[obit - 32];
303 for (i = 0; i < 128; i++) {
304 *(il = &key_perm_maskl[k][i]) = 0L;
305 *(ir = &key_perm_maskr[k][i]) = 0L;
306 for (j = 0; j < 7; j++) {
308 if (i & bits8[j + 1]) {
309 if ((obit = inv_key_perm[inbit]) == 255)
314 *ir |= bits28[obit - 28];
317 *(il = &comp_maskl[k][i]) = 0L;
318 *(ir = &comp_maskr[k][i]) = 0L;
319 for (j = 0; j < 7; j++) {
321 if (i & bits8[j + 1]) {
322 if ((obit=inv_comp_perm[inbit]) == 255)
327 *ir |= bits24[obit - 24];
334 * Invert the P-box permutation, and convert into OR-masks for
335 * handling the output of the S-box arrays setup above.
337 for (i = 0; i < 32; i++)
338 un_pbox[pbox[i] - 1] = (u_char)i;
340 for (b = 0; b < 4; b++)
341 for (i = 0; i < 256; i++) {
342 *(p = &psbox[b][i]) = 0L;
343 for (j = 0; j < 8; j++) {
345 *p |= bits32[un_pbox[8 * b + j]];
354 setup_salt(u_int32_t salt)
356 u_int32_t obit, saltbit;
359 if (salt == old_salt)
366 for (i = 0; i < 24; i++) {
376 des_setkey(const char *key)
378 u_int32_t k0, k1, rawkey0, rawkey1;
383 rawkey0 = ntohl(*(const u_int32_t *) key);
384 rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
386 if ((rawkey0 | rawkey1)
387 && rawkey0 == old_rawkey0
388 && rawkey1 == old_rawkey1) {
390 * Already setup for this key.
391 * This optimisation fails on a zero key (which is weak and
392 * has bad parity anyway) in order to simplify the starting
397 old_rawkey0 = rawkey0;
398 old_rawkey1 = rawkey1;
401 * Do key permutation and split into two 28-bit subkeys.
403 k0 = key_perm_maskl[0][rawkey0 >> 25]
404 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
405 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
406 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
407 | key_perm_maskl[4][rawkey1 >> 25]
408 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
409 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
410 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
411 k1 = key_perm_maskr[0][rawkey0 >> 25]
412 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
413 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
414 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
415 | key_perm_maskr[4][rawkey1 >> 25]
416 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
417 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
418 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
420 * Rotate subkeys and do compression permutation.
423 for (round = 0; round < 16; round++) {
426 shifts += key_shifts[round];
428 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
429 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
431 de_keysl[15 - round] =
432 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
433 | comp_maskl[1][(t0 >> 14) & 0x7f]
434 | comp_maskl[2][(t0 >> 7) & 0x7f]
435 | comp_maskl[3][t0 & 0x7f]
436 | comp_maskl[4][(t1 >> 21) & 0x7f]
437 | comp_maskl[5][(t1 >> 14) & 0x7f]
438 | comp_maskl[6][(t1 >> 7) & 0x7f]
439 | comp_maskl[7][t1 & 0x7f];
441 de_keysr[15 - round] =
442 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
443 | comp_maskr[1][(t0 >> 14) & 0x7f]
444 | comp_maskr[2][(t0 >> 7) & 0x7f]
445 | comp_maskr[3][t0 & 0x7f]
446 | comp_maskr[4][(t1 >> 21) & 0x7f]
447 | comp_maskr[5][(t1 >> 14) & 0x7f]
448 | comp_maskr[6][(t1 >> 7) & 0x7f]
449 | comp_maskr[7][t1 & 0x7f];
455 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
457 /* l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format. */
458 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
459 u_int32_t f, r48l, r48r;
476 /* Do initial permutation (IP). */
477 l = ip_maskl[0][l_in >> 24]
478 | ip_maskl[1][(l_in >> 16) & 0xff]
479 | ip_maskl[2][(l_in >> 8) & 0xff]
480 | ip_maskl[3][l_in & 0xff]
481 | ip_maskl[4][r_in >> 24]
482 | ip_maskl[5][(r_in >> 16) & 0xff]
483 | ip_maskl[6][(r_in >> 8) & 0xff]
484 | ip_maskl[7][r_in & 0xff];
485 r = ip_maskr[0][l_in >> 24]
486 | ip_maskr[1][(l_in >> 16) & 0xff]
487 | ip_maskr[2][(l_in >> 8) & 0xff]
488 | ip_maskr[3][l_in & 0xff]
489 | ip_maskr[4][r_in >> 24]
490 | ip_maskr[5][(r_in >> 16) & 0xff]
491 | ip_maskr[6][(r_in >> 8) & 0xff]
492 | ip_maskr[7][r_in & 0xff];
500 /* Expand R to 48 bits (simulate the E-box). */
501 r48l = ((r & 0x00000001) << 23)
502 | ((r & 0xf8000000) >> 9)
503 | ((r & 0x1f800000) >> 11)
504 | ((r & 0x01f80000) >> 13)
505 | ((r & 0x001f8000) >> 15);
506 r48r = ((r & 0x0001f800) << 7)
507 | ((r & 0x00001f80) << 5)
508 | ((r & 0x000001f8) << 3)
509 | ((r & 0x0000001f) << 1)
510 | ((r & 0x80000000) >> 31);
512 * Do salting for crypt() and friends, and
513 * XOR with the permuted key.
515 f = (r48l ^ r48r) & saltbits;
519 * Do sbox lookups (which shrink it back to 32 bits)
520 * and do the pbox permutation at the same time.
522 f = psbox[0][m_sbox[0][r48l >> 12]]
523 | psbox[1][m_sbox[1][r48l & 0xfff]]
524 | psbox[2][m_sbox[2][r48r >> 12]]
525 | psbox[3][m_sbox[3][r48r & 0xfff]];
526 /* Now that we've permuted things, complete f(). */
534 /* Do final permutation (inverse of IP). */
535 *l_out = fp_maskl[0][l >> 24]
536 | fp_maskl[1][(l >> 16) & 0xff]
537 | fp_maskl[2][(l >> 8) & 0xff]
538 | fp_maskl[3][l & 0xff]
539 | fp_maskl[4][r >> 24]
540 | fp_maskl[5][(r >> 16) & 0xff]
541 | fp_maskl[6][(r >> 8) & 0xff]
542 | fp_maskl[7][r & 0xff];
543 *r_out = fp_maskr[0][l >> 24]
544 | fp_maskr[1][(l >> 16) & 0xff]
545 | fp_maskr[2][(l >> 8) & 0xff]
546 | fp_maskr[3][l & 0xff]
547 | fp_maskr[4][r >> 24]
548 | fp_maskr[5][(r >> 16) & 0xff]
549 | fp_maskr[6][(r >> 8) & 0xff]
550 | fp_maskr[7][r & 0xff];
557 des_cipher(const char *in, char *out, u_int32_t salt, int count)
559 u_int32_t l_out, r_out, rawl, rawr;
571 rawl = ntohl(*trans.ui32++);
572 rawr = ntohl(*trans.ui32);
574 retval = do_des(rawl, rawr, &l_out, &r_out, count);
577 *trans.ui32++ = htonl(l_out);
578 *trans.ui32 = htonl(r_out);
585 setkey(const char *key)
588 u_int32_t packed_keys[2];
591 p = (u_char *) packed_keys;
593 for (i = 0; i < 8; i++) {
595 for (j = 0; j < 8; j++)
599 des_setkey((char *)p);
604 encrypt(char *block, int flag)
614 for (i = 0; i < 2; i++) {
616 for (j = 0; j < 32; j++)
620 do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
621 for (i = 0; i < 2; i++)
622 for (j = 0; j < 32; j++)
623 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
626 char *__des_crypt(const unsigned char *key, const unsigned char *setting)
628 u_int32_t count, salt, l, r0, r1, keybuf[2];
630 static char output[21];
635 * Copy the key, shifting each character up by one bit
636 * and padding with zeros.
638 q = (u_char *)keybuf;
639 while (q - (u_char *)keybuf - 8) {
644 des_setkey((char *)keybuf);
647 if (*setting == _PASSWORD_EFMT1) {
651 * setting - underscore, 4 bytes of count, 4 bytes of salt
652 * key - unlimited characters
654 for (i = 1, count = 0L; i < 5; i++)
655 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
657 for (i = 5, salt = 0L; i < 9; i++)
658 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
662 * Encrypt the key with itself.
664 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
667 * And XOR with the next 8 characters of the key.
669 q = (u_char *)keybuf;
670 while (q - (u_char *)keybuf - 8 && *key)
673 des_setkey((char *)keybuf);
675 strncpy(output, setting, 9);
678 * Double check that we weren't given a short setting.
679 * If we were, the above code will probably have created
680 * wierd values for count and salt, but we don't really care.
681 * Just make sure the output string doesn't have an extra
685 p = (u_char *)output + strlen(output);
691 * setting - 2 bytes of salt
692 * key - up to 8 characters
696 salt = (ascii_to_bin(setting[1]) << 6)
697 | ascii_to_bin(setting[0]);
699 output[0] = setting[0];
701 * If the encrypted password that the salt was extracted from
702 * is only 1 character long, the salt will be corrupted. We
703 * need to ensure that the output string doesn't have an extra
706 output[1] = setting[1] ? setting[1] : output[0];
708 p = (u_char *)output + 2;
714 if (do_des(0L, 0L, &r0, &r1, (int)count))
717 * Now encode the result...
720 *p++ = ascii64[(l >> 18) & 0x3f];
721 *p++ = ascii64[(l >> 12) & 0x3f];
722 *p++ = ascii64[(l >> 6) & 0x3f];
723 *p++ = ascii64[l & 0x3f];
725 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
726 *p++ = ascii64[(l >> 18) & 0x3f];
727 *p++ = ascii64[(l >> 12) & 0x3f];
728 *p++ = ascii64[(l >> 6) & 0x3f];
729 *p++ = ascii64[l & 0x3f];
732 *p++ = ascii64[(l >> 12) & 0x3f];
733 *p++ = ascii64[(l >> 6) & 0x3f];
734 *p++ = ascii64[l & 0x3f];