2 * FreeSec: libcrypt for NetBSD
4 * Copyright (c) 1994 David Burren
7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8 * this file should now *only* export crypt(), in order to make
9 * binaries of libcrypt exportable from the USA
11 * Adapted for FreeBSD-4.0 by Mark R V Murray
12 * this file should now *only* export crypt_des(), in order to make
13 * a module that can be optionally included in libcrypt.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. Neither the name of the author nor the names of other contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * This is an original implementation of the DES and the crypt(3) interfaces
40 * by David Burren <davidb@werj.com.au>.
42 * An excellent reference on the underlying algorithm (and related
45 * B. Schneier, Applied Cryptography: protocols, algorithms,
46 * and source code in C, John Wiley & Sons, 1994.
48 * Note that in that book's description of DES the lookups for the initial,
49 * pbox, and final permutations are inverted (this has been brought to the
50 * attention of the author). A list of errata for this book has been
51 * posted to the sci.crypt newsgroup by the author and is available for FTP.
53 * ARCHITECTURE ASSUMPTIONS:
54 * It is assumed that the 8-byte arrays passed by reference can be
55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about
60 #include <sys/cdefs.h>
61 #include <sys/types.h>
62 #include <sys/param.h>
63 #include <netinet/in.h>
69 /* Re-entrantify me -- all this junk needs to be in
70 * struct crypt_data to make this really reentrant... */
71 static u_char inv_key_perm[64];
72 static u_char inv_comp_perm[56];
73 static u_char un_pbox[32];
74 static u_int32_t en_keysl[16], en_keysr[16];
75 static u_int32_t de_keysl[16], de_keysr[16];
76 static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
77 static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
78 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
79 static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
80 static u_int32_t saltbits;
81 static u_int32_t old_salt;
82 static u_int32_t old_rawkey0, old_rawkey1;
85 /* Static stuff that stays resident and doesn't change after
86 * being initialized, and therefore doesn't need to be made
88 static u_char init_perm[64], final_perm[64];
89 static u_char m_sbox[4][4096];
90 static u_int32_t psbox[4][256];
96 static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
98 static const u_char IP[64] = {
99 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
100 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
101 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
102 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
105 static const u_char key_perm[56] = {
106 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
107 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
108 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
109 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
112 static const u_char key_shifts[16] = {
113 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
116 static const u_char comp_perm[48] = {
117 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
118 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
119 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
120 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
124 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
127 static const u_char sbox[8][64] = {
129 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
130 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
131 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
132 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
135 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
136 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
137 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
138 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
141 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
142 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
143 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
144 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
147 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
148 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
149 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
150 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
153 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
154 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
155 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
156 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
159 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
160 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
161 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
162 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
165 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
166 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
167 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
168 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
171 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
172 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
173 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
174 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
178 static const u_char pbox[32] = {
179 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
180 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
183 static const u_int32_t bits32[32] =
185 0x80000000, 0x40000000, 0x20000000, 0x10000000,
186 0x08000000, 0x04000000, 0x02000000, 0x01000000,
187 0x00800000, 0x00400000, 0x00200000, 0x00100000,
188 0x00080000, 0x00040000, 0x00020000, 0x00010000,
189 0x00008000, 0x00004000, 0x00002000, 0x00001000,
190 0x00000800, 0x00000400, 0x00000200, 0x00000100,
191 0x00000080, 0x00000040, 0x00000020, 0x00000010,
192 0x00000008, 0x00000004, 0x00000002, 0x00000001
195 static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
199 ascii_to_bin(char ch)
204 return(ch - 'a' + 38);
208 return(ch - 'A' + 12);
219 static int des_initialised = 0;
221 int i, j, b, k, inbit, obit;
222 u_int32_t *p, *il, *ir, *fl, *fr;
223 const u_int32_t *bits28, *bits24;
224 u_char u_sbox[8][64];
226 if (des_initialised==1)
229 old_rawkey0 = old_rawkey1 = 0L;
232 bits24 = (bits28 = bits32 + 4) + 4;
235 * Invert the S-boxes, reordering the input bits.
237 for (i = 0; i < 8; i++)
238 for (j = 0; j < 64; j++) {
239 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
240 u_sbox[i][j] = sbox[i][b];
244 * Convert the inverted S-boxes into 4 arrays of 8 bits.
245 * Each will handle 12 bits of the S-box input.
247 for (b = 0; b < 4; b++)
248 for (i = 0; i < 64; i++)
249 for (j = 0; j < 64; j++)
250 m_sbox[b][(i << 6) | j] =
251 (u_char)((u_sbox[(b << 1)][i] << 4) |
252 u_sbox[(b << 1) + 1][j]);
255 * Set up the initial & final permutations into a useful form, and
256 * initialise the inverted key permutation.
258 for (i = 0; i < 64; i++) {
259 init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
260 inv_key_perm[i] = 255;
264 * Invert the key permutation and initialise the inverted key
265 * compression permutation.
267 for (i = 0; i < 56; i++) {
268 inv_key_perm[key_perm[i] - 1] = (u_char)i;
269 inv_comp_perm[i] = 255;
273 * Invert the key compression permutation.
275 for (i = 0; i < 48; i++) {
276 inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
280 * Set up the OR-mask arrays for the initial and final permutations,
281 * and for the key initial and compression permutations.
283 for (k = 0; k < 8; k++) {
284 for (i = 0; i < 256; i++) {
285 *(il = &ip_maskl[k][i]) = 0L;
286 *(ir = &ip_maskr[k][i]) = 0L;
287 *(fl = &fp_maskl[k][i]) = 0L;
288 *(fr = &fp_maskr[k][i]) = 0L;
289 for (j = 0; j < 8; j++) {
292 if ((obit = init_perm[inbit]) < 32)
295 *ir |= bits32[obit-32];
296 if ((obit = final_perm[inbit]) < 32)
299 *fr |= bits32[obit - 32];
303 for (i = 0; i < 128; i++) {
304 *(il = &key_perm_maskl[k][i]) = 0L;
305 *(ir = &key_perm_maskr[k][i]) = 0L;
306 for (j = 0; j < 7; j++) {
308 if (i & bits8[j + 1]) {
309 if ((obit = inv_key_perm[inbit]) == 255)
314 *ir |= bits28[obit - 28];
317 *(il = &comp_maskl[k][i]) = 0L;
318 *(ir = &comp_maskr[k][i]) = 0L;
319 for (j = 0; j < 7; j++) {
321 if (i & bits8[j + 1]) {
322 if ((obit=inv_comp_perm[inbit]) == 255)
327 *ir |= bits24[obit - 24];
334 * Invert the P-box permutation, and convert into OR-masks for
335 * handling the output of the S-box arrays setup above.
337 for (i = 0; i < 32; i++)
338 un_pbox[pbox[i] - 1] = (u_char)i;
340 for (b = 0; b < 4; b++)
341 for (i = 0; i < 256; i++) {
342 *(p = &psbox[b][i]) = 0L;
343 for (j = 0; j < 8; j++) {
345 *p |= bits32[un_pbox[8 * b + j]];
354 setup_salt(u_int32_t salt)
356 u_int32_t obit, saltbit;
359 if (salt == old_salt)
366 for (i = 0; i < 24; i++) {
376 des_setkey(const char *key)
378 u_int32_t k0, k1, rawkey0, rawkey1;
383 rawkey0 = ntohl(*(const u_int32_t *) key);
384 rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
386 if ((rawkey0 | rawkey1)
387 && rawkey0 == old_rawkey0
388 && rawkey1 == old_rawkey1) {
390 * Already setup for this key.
391 * This optimisation fails on a zero key (which is weak and
392 * has bad parity anyway) in order to simplify the starting
397 old_rawkey0 = rawkey0;
398 old_rawkey1 = rawkey1;
401 * Do key permutation and split into two 28-bit subkeys.
403 k0 = key_perm_maskl[0][rawkey0 >> 25]
404 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
405 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
406 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
407 | key_perm_maskl[4][rawkey1 >> 25]
408 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
409 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
410 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
411 k1 = key_perm_maskr[0][rawkey0 >> 25]
412 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
413 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
414 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
415 | key_perm_maskr[4][rawkey1 >> 25]
416 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
417 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
418 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
420 * Rotate subkeys and do compression permutation.
423 for (round = 0; round < 16; round++) {
426 shifts += key_shifts[round];
428 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
429 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
431 de_keysl[15 - round] =
432 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
433 | comp_maskl[1][(t0 >> 14) & 0x7f]
434 | comp_maskl[2][(t0 >> 7) & 0x7f]
435 | comp_maskl[3][t0 & 0x7f]
436 | comp_maskl[4][(t1 >> 21) & 0x7f]
437 | comp_maskl[5][(t1 >> 14) & 0x7f]
438 | comp_maskl[6][(t1 >> 7) & 0x7f]
439 | comp_maskl[7][t1 & 0x7f];
441 de_keysr[15 - round] =
442 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
443 | comp_maskr[1][(t0 >> 14) & 0x7f]
444 | comp_maskr[2][(t0 >> 7) & 0x7f]
445 | comp_maskr[3][t0 & 0x7f]
446 | comp_maskr[4][(t1 >> 21) & 0x7f]
447 | comp_maskr[5][(t1 >> 14) & 0x7f]
448 | comp_maskr[6][(t1 >> 7) & 0x7f]
449 | comp_maskr[7][t1 & 0x7f];
456 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
459 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
461 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
462 u_int32_t f, r48l, r48r;
467 } else if (count > 0) {
483 * Do initial permutation (IP).
485 l = ip_maskl[0][l_in >> 24]
486 | ip_maskl[1][(l_in >> 16) & 0xff]
487 | ip_maskl[2][(l_in >> 8) & 0xff]
488 | ip_maskl[3][l_in & 0xff]
489 | ip_maskl[4][r_in >> 24]
490 | ip_maskl[5][(r_in >> 16) & 0xff]
491 | ip_maskl[6][(r_in >> 8) & 0xff]
492 | ip_maskl[7][r_in & 0xff];
493 r = ip_maskr[0][l_in >> 24]
494 | ip_maskr[1][(l_in >> 16) & 0xff]
495 | ip_maskr[2][(l_in >> 8) & 0xff]
496 | ip_maskr[3][l_in & 0xff]
497 | ip_maskr[4][r_in >> 24]
498 | ip_maskr[5][(r_in >> 16) & 0xff]
499 | ip_maskr[6][(r_in >> 8) & 0xff]
500 | ip_maskr[7][r_in & 0xff];
511 * Expand R to 48 bits (simulate the E-box).
513 r48l = ((r & 0x00000001) << 23)
514 | ((r & 0xf8000000) >> 9)
515 | ((r & 0x1f800000) >> 11)
516 | ((r & 0x01f80000) >> 13)
517 | ((r & 0x001f8000) >> 15);
519 r48r = ((r & 0x0001f800) << 7)
520 | ((r & 0x00001f80) << 5)
521 | ((r & 0x000001f8) << 3)
522 | ((r & 0x0000001f) << 1)
523 | ((r & 0x80000000) >> 31);
525 * Do salting for crypt() and friends, and
526 * XOR with the permuted key.
528 f = (r48l ^ r48r) & saltbits;
532 * Do sbox lookups (which shrink it back to 32 bits)
533 * and do the pbox permutation at the same time.
535 f = psbox[0][m_sbox[0][r48l >> 12]]
536 | psbox[1][m_sbox[1][r48l & 0xfff]]
537 | psbox[2][m_sbox[2][r48r >> 12]]
538 | psbox[3][m_sbox[3][r48r & 0xfff]];
540 * Now that we've permuted things, complete f().
550 * Do final permutation (inverse of IP).
552 *l_out = fp_maskl[0][l >> 24]
553 | fp_maskl[1][(l >> 16) & 0xff]
554 | fp_maskl[2][(l >> 8) & 0xff]
555 | fp_maskl[3][l & 0xff]
556 | fp_maskl[4][r >> 24]
557 | fp_maskl[5][(r >> 16) & 0xff]
558 | fp_maskl[6][(r >> 8) & 0xff]
559 | fp_maskl[7][r & 0xff];
560 *r_out = fp_maskr[0][l >> 24]
561 | fp_maskr[1][(l >> 16) & 0xff]
562 | fp_maskr[2][(l >> 8) & 0xff]
563 | fp_maskr[3][l & 0xff]
564 | fp_maskr[4][r >> 24]
565 | fp_maskr[5][(r >> 16) & 0xff]
566 | fp_maskr[6][(r >> 8) & 0xff]
567 | fp_maskr[7][r & 0xff];
574 des_cipher(const char *in, char *out, u_int32_t salt, int count)
576 u_int32_t l_out, r_out, rawl, rawr;
588 rawl = ntohl(*trans.ui32++);
589 rawr = ntohl(*trans.ui32);
591 retval = do_des(rawl, rawr, &l_out, &r_out, count);
594 *trans.ui32++ = htonl(l_out);
595 *trans.ui32 = htonl(r_out);
602 setkey(const char *key)
605 u_int32_t packed_keys[2];
608 p = (u_char *) packed_keys;
610 for (i = 0; i < 8; i++) {
612 for (j = 0; j < 8; j++)
616 des_setkey((char *)p);
621 encrypt(char *block, int flag)
631 for (i = 0; i < 2; i++) {
633 for (j = 0; j < 32; j++)
637 do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
638 for (i = 0; i < 2; i++)
639 for (j = 0; j < 32; j++)
640 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
643 char *__des_crypt(const unsigned char *key, const unsigned char *setting)
645 u_int32_t count, salt, l, r0, r1, keybuf[2];
647 static char output[21];
652 * Copy the key, shifting each character up by one bit
653 * and padding with zeros.
655 q = (u_char *)keybuf;
656 while (q - (u_char *)keybuf - 8) {
661 if (des_setkey((char *)keybuf))
665 if (*setting == _PASSWORD_EFMT1) {
669 * setting - underscore, 4 bytes of count, 4 bytes of salt
670 * key - unlimited characters
672 for (i = 1, count = 0L; i < 5; i++)
673 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
675 for (i = 5, salt = 0L; i < 9; i++)
676 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
680 * Encrypt the key with itself.
682 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
685 * And XOR with the next 8 characters of the key.
687 q = (u_char *)keybuf;
688 while (q - (u_char *)keybuf - 8 && *key)
691 if (des_setkey((char *)keybuf))
694 strncpy(output, setting, 9);
697 * Double check that we weren't given a short setting.
698 * If we were, the above code will probably have created
699 * wierd values for count and salt, but we don't really care.
700 * Just make sure the output string doesn't have an extra
704 p = (u_char *)output + strlen(output);
710 * setting - 2 bytes of salt
711 * key - up to 8 characters
715 salt = (ascii_to_bin(setting[1]) << 6)
716 | ascii_to_bin(setting[0]);
718 output[0] = setting[0];
720 * If the encrypted password that the salt was extracted from
721 * is only 1 character long, the salt will be corrupted. We
722 * need to ensure that the output string doesn't have an extra
725 output[1] = setting[1] ? setting[1] : output[0];
727 p = (u_char *)output + 2;
733 if (do_des(0L, 0L, &r0, &r1, (int)count))
736 * Now encode the result...
739 *p++ = ascii64[(l >> 18) & 0x3f];
740 *p++ = ascii64[(l >> 12) & 0x3f];
741 *p++ = ascii64[(l >> 6) & 0x3f];
742 *p++ = ascii64[l & 0x3f];
744 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
745 *p++ = ascii64[(l >> 18) & 0x3f];
746 *p++ = ascii64[(l >> 12) & 0x3f];
747 *p++ = ascii64[(l >> 6) & 0x3f];
748 *p++ = ascii64[l & 0x3f];
751 *p++ = ascii64[(l >> 12) & 0x3f];
752 *p++ = ascii64[(l >> 6) & 0x3f];
753 *p++ = ascii64[l & 0x3f];