2 * FreeSec: libcrypt for NetBSD
4 * Copyright (c) 1994 David Burren
7 * Adapted for FreeBSD-2.0 by Geoffrey M. Rehmet
8 * this file should now *only* export crypt(), in order to make
9 * binaries of libcrypt exportable from the USA
11 * Adapted for FreeBSD-4.0 by Mark R V Murray
12 * this file should now *only* export crypt_des(), in order to make
13 * a module that can be optionally included in libcrypt.
15 * Redistribution and use in source and binary forms, with or without
16 * modification, are permitted provided that the following conditions
18 * 1. Redistributions of source code must retain the above copyright
19 * notice, this list of conditions and the following disclaimer.
20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in the
22 * documentation and/or other materials provided with the distribution.
23 * 3. Neither the name of the author nor the names of other contributors
24 * may be used to endorse or promote products derived from this software
25 * without specific prior written permission.
27 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
28 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
29 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
30 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
31 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
32 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
33 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
34 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
35 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
36 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
39 * This is an original implementation of the DES and the crypt(3) interfaces
40 * by David Burren <davidb@werj.com.au>.
42 * An excellent reference on the underlying algorithm (and related
45 * B. Schneier, Applied Cryptography: protocols, algorithms,
46 * and source code in C, John Wiley & Sons, 1994.
48 * Note that in that book's description of DES the lookups for the initial,
49 * pbox, and final permutations are inverted (this has been brought to the
50 * attention of the author). A list of errata for this book has been
51 * posted to the sci.crypt newsgroup by the author and is available for FTP.
53 * ARCHITECTURE ASSUMPTIONS:
54 * It is assumed that the 8-byte arrays passed by reference can be
55 * addressed as arrays of u_int32_t's (ie. the CPU is not picky about
60 #include <sys/cdefs.h>
61 #include <sys/types.h>
62 #include <sys/param.h>
63 #include <netinet/in.h>
68 /* Re-entrantify me -- all this junk needs to be in
69 * struct crypt_data to make this really reentrant... */
70 static u_char inv_key_perm[64];
71 static u_char inv_comp_perm[56];
72 static u_char u_sbox[8][64];
73 static u_char un_pbox[32];
74 static u_int32_t en_keysl[16], en_keysr[16];
75 static u_int32_t de_keysl[16], de_keysr[16];
76 static u_int32_t ip_maskl[8][256], ip_maskr[8][256];
77 static u_int32_t fp_maskl[8][256], fp_maskr[8][256];
78 static u_int32_t key_perm_maskl[8][128], key_perm_maskr[8][128];
79 static u_int32_t comp_maskl[8][128], comp_maskr[8][128];
80 static u_int32_t saltbits;
81 static u_int32_t old_salt;
82 static u_int32_t old_rawkey0, old_rawkey1;
85 /* Static stuff that stays resident and doesn't change after
86 * being initialized, and therefore doesn't need to be made
88 static u_char init_perm[64], final_perm[64];
89 static u_char m_sbox[4][4096];
90 static u_int32_t psbox[4][256];
96 static const u_char ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
98 static const u_char IP[64] = {
99 58, 50, 42, 34, 26, 18, 10, 2, 60, 52, 44, 36, 28, 20, 12, 4,
100 62, 54, 46, 38, 30, 22, 14, 6, 64, 56, 48, 40, 32, 24, 16, 8,
101 57, 49, 41, 33, 25, 17, 9, 1, 59, 51, 43, 35, 27, 19, 11, 3,
102 61, 53, 45, 37, 29, 21, 13, 5, 63, 55, 47, 39, 31, 23, 15, 7
105 static const u_char key_perm[56] = {
106 57, 49, 41, 33, 25, 17, 9, 1, 58, 50, 42, 34, 26, 18,
107 10, 2, 59, 51, 43, 35, 27, 19, 11, 3, 60, 52, 44, 36,
108 63, 55, 47, 39, 31, 23, 15, 7, 62, 54, 46, 38, 30, 22,
109 14, 6, 61, 53, 45, 37, 29, 21, 13, 5, 28, 20, 12, 4
112 static const u_char key_shifts[16] = {
113 1, 1, 2, 2, 2, 2, 2, 2, 1, 2, 2, 2, 2, 2, 2, 1
116 static const u_char comp_perm[48] = {
117 14, 17, 11, 24, 1, 5, 3, 28, 15, 6, 21, 10,
118 23, 19, 12, 4, 26, 8, 16, 7, 27, 20, 13, 2,
119 41, 52, 31, 37, 47, 55, 30, 40, 51, 45, 33, 48,
120 44, 49, 39, 56, 34, 53, 46, 42, 50, 36, 29, 32
124 * No E box is used, as it's replaced by some ANDs, shifts, and ORs.
127 static const u_char sbox[8][64] = {
129 14, 4, 13, 1, 2, 15, 11, 8, 3, 10, 6, 12, 5, 9, 0, 7,
130 0, 15, 7, 4, 14, 2, 13, 1, 10, 6, 12, 11, 9, 5, 3, 8,
131 4, 1, 14, 8, 13, 6, 2, 11, 15, 12, 9, 7, 3, 10, 5, 0,
132 15, 12, 8, 2, 4, 9, 1, 7, 5, 11, 3, 14, 10, 0, 6, 13
135 15, 1, 8, 14, 6, 11, 3, 4, 9, 7, 2, 13, 12, 0, 5, 10,
136 3, 13, 4, 7, 15, 2, 8, 14, 12, 0, 1, 10, 6, 9, 11, 5,
137 0, 14, 7, 11, 10, 4, 13, 1, 5, 8, 12, 6, 9, 3, 2, 15,
138 13, 8, 10, 1, 3, 15, 4, 2, 11, 6, 7, 12, 0, 5, 14, 9
141 10, 0, 9, 14, 6, 3, 15, 5, 1, 13, 12, 7, 11, 4, 2, 8,
142 13, 7, 0, 9, 3, 4, 6, 10, 2, 8, 5, 14, 12, 11, 15, 1,
143 13, 6, 4, 9, 8, 15, 3, 0, 11, 1, 2, 12, 5, 10, 14, 7,
144 1, 10, 13, 0, 6, 9, 8, 7, 4, 15, 14, 3, 11, 5, 2, 12
147 7, 13, 14, 3, 0, 6, 9, 10, 1, 2, 8, 5, 11, 12, 4, 15,
148 13, 8, 11, 5, 6, 15, 0, 3, 4, 7, 2, 12, 1, 10, 14, 9,
149 10, 6, 9, 0, 12, 11, 7, 13, 15, 1, 3, 14, 5, 2, 8, 4,
150 3, 15, 0, 6, 10, 1, 13, 8, 9, 4, 5, 11, 12, 7, 2, 14
153 2, 12, 4, 1, 7, 10, 11, 6, 8, 5, 3, 15, 13, 0, 14, 9,
154 14, 11, 2, 12, 4, 7, 13, 1, 5, 0, 15, 10, 3, 9, 8, 6,
155 4, 2, 1, 11, 10, 13, 7, 8, 15, 9, 12, 5, 6, 3, 0, 14,
156 11, 8, 12, 7, 1, 14, 2, 13, 6, 15, 0, 9, 10, 4, 5, 3
159 12, 1, 10, 15, 9, 2, 6, 8, 0, 13, 3, 4, 14, 7, 5, 11,
160 10, 15, 4, 2, 7, 12, 9, 5, 6, 1, 13, 14, 0, 11, 3, 8,
161 9, 14, 15, 5, 2, 8, 12, 3, 7, 0, 4, 10, 1, 13, 11, 6,
162 4, 3, 2, 12, 9, 5, 15, 10, 11, 14, 1, 7, 6, 0, 8, 13
165 4, 11, 2, 14, 15, 0, 8, 13, 3, 12, 9, 7, 5, 10, 6, 1,
166 13, 0, 11, 7, 4, 9, 1, 10, 14, 3, 5, 12, 2, 15, 8, 6,
167 1, 4, 11, 13, 12, 3, 7, 14, 10, 15, 6, 8, 0, 5, 9, 2,
168 6, 11, 13, 8, 1, 4, 10, 7, 9, 5, 0, 15, 14, 2, 3, 12
171 13, 2, 8, 4, 6, 15, 11, 1, 10, 9, 3, 14, 5, 0, 12, 7,
172 1, 15, 13, 8, 10, 3, 7, 4, 12, 5, 6, 11, 0, 14, 9, 2,
173 7, 11, 4, 1, 9, 12, 14, 2, 0, 6, 10, 13, 15, 3, 5, 8,
174 2, 1, 14, 7, 4, 10, 8, 13, 15, 12, 9, 0, 3, 5, 6, 11
178 static const u_char pbox[32] = {
179 16, 7, 20, 21, 29, 12, 28, 17, 1, 15, 23, 26, 5, 18, 31, 10,
180 2, 8, 24, 14, 32, 27, 3, 9, 19, 13, 30, 6, 22, 11, 4, 25
183 static const u_int32_t bits32[32] =
185 0x80000000, 0x40000000, 0x20000000, 0x10000000,
186 0x08000000, 0x04000000, 0x02000000, 0x01000000,
187 0x00800000, 0x00400000, 0x00200000, 0x00100000,
188 0x00080000, 0x00040000, 0x00020000, 0x00010000,
189 0x00008000, 0x00004000, 0x00002000, 0x00001000,
190 0x00000800, 0x00000400, 0x00000200, 0x00000100,
191 0x00000080, 0x00000040, 0x00000020, 0x00000010,
192 0x00000008, 0x00000004, 0x00000002, 0x00000001
195 static const u_char bits8[8] = { 0x80, 0x40, 0x20, 0x10, 0x08, 0x04, 0x02, 0x01 };
196 static const u_int32_t *bits28, *bits24;
200 ascii_to_bin(char ch)
205 return(ch - 'a' + 38);
209 return(ch - 'A' + 12);
220 int i, j, b, k, inbit, obit;
221 u_int32_t *p, *il, *ir, *fl, *fr;
222 static int des_initialised = 0;
224 if (des_initialised==1)
227 old_rawkey0 = old_rawkey1 = 0L;
230 bits24 = (bits28 = bits32 + 4) + 4;
233 * Invert the S-boxes, reordering the input bits.
235 for (i = 0; i < 8; i++)
236 for (j = 0; j < 64; j++) {
237 b = (j & 0x20) | ((j & 1) << 4) | ((j >> 1) & 0xf);
238 u_sbox[i][j] = sbox[i][b];
242 * Convert the inverted S-boxes into 4 arrays of 8 bits.
243 * Each will handle 12 bits of the S-box input.
245 for (b = 0; b < 4; b++)
246 for (i = 0; i < 64; i++)
247 for (j = 0; j < 64; j++)
248 m_sbox[b][(i << 6) | j] =
249 (u_char)((u_sbox[(b << 1)][i] << 4) |
250 u_sbox[(b << 1) + 1][j]);
253 * Set up the initial & final permutations into a useful form, and
254 * initialise the inverted key permutation.
256 for (i = 0; i < 64; i++) {
257 init_perm[final_perm[i] = IP[i] - 1] = (u_char)i;
258 inv_key_perm[i] = 255;
262 * Invert the key permutation and initialise the inverted key
263 * compression permutation.
265 for (i = 0; i < 56; i++) {
266 inv_key_perm[key_perm[i] - 1] = (u_char)i;
267 inv_comp_perm[i] = 255;
271 * Invert the key compression permutation.
273 for (i = 0; i < 48; i++) {
274 inv_comp_perm[comp_perm[i] - 1] = (u_char)i;
278 * Set up the OR-mask arrays for the initial and final permutations,
279 * and for the key initial and compression permutations.
281 for (k = 0; k < 8; k++) {
282 for (i = 0; i < 256; i++) {
283 *(il = &ip_maskl[k][i]) = 0L;
284 *(ir = &ip_maskr[k][i]) = 0L;
285 *(fl = &fp_maskl[k][i]) = 0L;
286 *(fr = &fp_maskr[k][i]) = 0L;
287 for (j = 0; j < 8; j++) {
290 if ((obit = init_perm[inbit]) < 32)
293 *ir |= bits32[obit-32];
294 if ((obit = final_perm[inbit]) < 32)
297 *fr |= bits32[obit - 32];
301 for (i = 0; i < 128; i++) {
302 *(il = &key_perm_maskl[k][i]) = 0L;
303 *(ir = &key_perm_maskr[k][i]) = 0L;
304 for (j = 0; j < 7; j++) {
306 if (i & bits8[j + 1]) {
307 if ((obit = inv_key_perm[inbit]) == 255)
312 *ir |= bits28[obit - 28];
315 *(il = &comp_maskl[k][i]) = 0L;
316 *(ir = &comp_maskr[k][i]) = 0L;
317 for (j = 0; j < 7; j++) {
319 if (i & bits8[j + 1]) {
320 if ((obit=inv_comp_perm[inbit]) == 255)
325 *ir |= bits24[obit - 24];
332 * Invert the P-box permutation, and convert into OR-masks for
333 * handling the output of the S-box arrays setup above.
335 for (i = 0; i < 32; i++)
336 un_pbox[pbox[i] - 1] = (u_char)i;
338 for (b = 0; b < 4; b++)
339 for (i = 0; i < 256; i++) {
340 *(p = &psbox[b][i]) = 0L;
341 for (j = 0; j < 8; j++) {
343 *p |= bits32[un_pbox[8 * b + j]];
352 setup_salt(long salt)
354 u_int32_t obit, saltbit;
357 if (salt == old_salt)
364 for (i = 0; i < 24; i++) {
374 des_setkey(const char *key)
376 u_int32_t k0, k1, rawkey0, rawkey1;
381 rawkey0 = ntohl(*(const u_int32_t *) key);
382 rawkey1 = ntohl(*(const u_int32_t *) (key + 4));
384 if ((rawkey0 | rawkey1)
385 && rawkey0 == old_rawkey0
386 && rawkey1 == old_rawkey1) {
388 * Already setup for this key.
389 * This optimisation fails on a zero key (which is weak and
390 * has bad parity anyway) in order to simplify the starting
395 old_rawkey0 = rawkey0;
396 old_rawkey1 = rawkey1;
399 * Do key permutation and split into two 28-bit subkeys.
401 k0 = key_perm_maskl[0][rawkey0 >> 25]
402 | key_perm_maskl[1][(rawkey0 >> 17) & 0x7f]
403 | key_perm_maskl[2][(rawkey0 >> 9) & 0x7f]
404 | key_perm_maskl[3][(rawkey0 >> 1) & 0x7f]
405 | key_perm_maskl[4][rawkey1 >> 25]
406 | key_perm_maskl[5][(rawkey1 >> 17) & 0x7f]
407 | key_perm_maskl[6][(rawkey1 >> 9) & 0x7f]
408 | key_perm_maskl[7][(rawkey1 >> 1) & 0x7f];
409 k1 = key_perm_maskr[0][rawkey0 >> 25]
410 | key_perm_maskr[1][(rawkey0 >> 17) & 0x7f]
411 | key_perm_maskr[2][(rawkey0 >> 9) & 0x7f]
412 | key_perm_maskr[3][(rawkey0 >> 1) & 0x7f]
413 | key_perm_maskr[4][rawkey1 >> 25]
414 | key_perm_maskr[5][(rawkey1 >> 17) & 0x7f]
415 | key_perm_maskr[6][(rawkey1 >> 9) & 0x7f]
416 | key_perm_maskr[7][(rawkey1 >> 1) & 0x7f];
418 * Rotate subkeys and do compression permutation.
421 for (round = 0; round < 16; round++) {
424 shifts += key_shifts[round];
426 t0 = (k0 << shifts) | (k0 >> (28 - shifts));
427 t1 = (k1 << shifts) | (k1 >> (28 - shifts));
429 de_keysl[15 - round] =
430 en_keysl[round] = comp_maskl[0][(t0 >> 21) & 0x7f]
431 | comp_maskl[1][(t0 >> 14) & 0x7f]
432 | comp_maskl[2][(t0 >> 7) & 0x7f]
433 | comp_maskl[3][t0 & 0x7f]
434 | comp_maskl[4][(t1 >> 21) & 0x7f]
435 | comp_maskl[5][(t1 >> 14) & 0x7f]
436 | comp_maskl[6][(t1 >> 7) & 0x7f]
437 | comp_maskl[7][t1 & 0x7f];
439 de_keysr[15 - round] =
440 en_keysr[round] = comp_maskr[0][(t0 >> 21) & 0x7f]
441 | comp_maskr[1][(t0 >> 14) & 0x7f]
442 | comp_maskr[2][(t0 >> 7) & 0x7f]
443 | comp_maskr[3][t0 & 0x7f]
444 | comp_maskr[4][(t1 >> 21) & 0x7f]
445 | comp_maskr[5][(t1 >> 14) & 0x7f]
446 | comp_maskr[6][(t1 >> 7) & 0x7f]
447 | comp_maskr[7][t1 & 0x7f];
454 do_des( u_int32_t l_in, u_int32_t r_in, u_int32_t *l_out, u_int32_t *r_out, int count)
457 * l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
459 u_int32_t l, r, *kl, *kr, *kl1, *kr1;
460 u_int32_t f, r48l, r48r;
465 } else if (count > 0) {
481 * Do initial permutation (IP).
483 l = ip_maskl[0][l_in >> 24]
484 | ip_maskl[1][(l_in >> 16) & 0xff]
485 | ip_maskl[2][(l_in >> 8) & 0xff]
486 | ip_maskl[3][l_in & 0xff]
487 | ip_maskl[4][r_in >> 24]
488 | ip_maskl[5][(r_in >> 16) & 0xff]
489 | ip_maskl[6][(r_in >> 8) & 0xff]
490 | ip_maskl[7][r_in & 0xff];
491 r = ip_maskr[0][l_in >> 24]
492 | ip_maskr[1][(l_in >> 16) & 0xff]
493 | ip_maskr[2][(l_in >> 8) & 0xff]
494 | ip_maskr[3][l_in & 0xff]
495 | ip_maskr[4][r_in >> 24]
496 | ip_maskr[5][(r_in >> 16) & 0xff]
497 | ip_maskr[6][(r_in >> 8) & 0xff]
498 | ip_maskr[7][r_in & 0xff];
509 * Expand R to 48 bits (simulate the E-box).
511 r48l = ((r & 0x00000001) << 23)
512 | ((r & 0xf8000000) >> 9)
513 | ((r & 0x1f800000) >> 11)
514 | ((r & 0x01f80000) >> 13)
515 | ((r & 0x001f8000) >> 15);
517 r48r = ((r & 0x0001f800) << 7)
518 | ((r & 0x00001f80) << 5)
519 | ((r & 0x000001f8) << 3)
520 | ((r & 0x0000001f) << 1)
521 | ((r & 0x80000000) >> 31);
523 * Do salting for crypt() and friends, and
524 * XOR with the permuted key.
526 f = (r48l ^ r48r) & saltbits;
530 * Do sbox lookups (which shrink it back to 32 bits)
531 * and do the pbox permutation at the same time.
533 f = psbox[0][m_sbox[0][r48l >> 12]]
534 | psbox[1][m_sbox[1][r48l & 0xfff]]
535 | psbox[2][m_sbox[2][r48r >> 12]]
536 | psbox[3][m_sbox[3][r48r & 0xfff]];
538 * Now that we've permuted things, complete f().
548 * Do final permutation (inverse of IP).
550 *l_out = fp_maskl[0][l >> 24]
551 | fp_maskl[1][(l >> 16) & 0xff]
552 | fp_maskl[2][(l >> 8) & 0xff]
553 | fp_maskl[3][l & 0xff]
554 | fp_maskl[4][r >> 24]
555 | fp_maskl[5][(r >> 16) & 0xff]
556 | fp_maskl[6][(r >> 8) & 0xff]
557 | fp_maskl[7][r & 0xff];
558 *r_out = fp_maskr[0][l >> 24]
559 | fp_maskr[1][(l >> 16) & 0xff]
560 | fp_maskr[2][(l >> 8) & 0xff]
561 | fp_maskr[3][l & 0xff]
562 | fp_maskr[4][r >> 24]
563 | fp_maskr[5][(r >> 16) & 0xff]
564 | fp_maskr[6][(r >> 8) & 0xff]
565 | fp_maskr[7][r & 0xff];
572 des_cipher(const char *in, char *out, u_int32_t salt, int count)
574 u_int32_t l_out, r_out, rawl, rawr;
586 rawl = ntohl(*trans.ui32++);
587 rawr = ntohl(*trans.ui32);
589 retval = do_des(rawl, rawr, &l_out, &r_out, count);
592 *trans.ui32++ = htonl(l_out);
593 *trans.ui32 = htonl(r_out);
600 setkey(const char *key)
603 u_int32_t packed_keys[2];
606 p = (u_char *) packed_keys;
608 for (i = 0; i < 8; i++) {
610 for (j = 0; j < 8; j++)
614 des_setkey((char *)p);
619 encrypt(char *block, int flag)
629 for (i = 0; i < 2; i++) {
631 for (j = 0; j < 32; j++)
635 do_des(io[0], io[1], io, io + 1, flag ? -1 : 1);
636 for (i = 0; i < 2; i++)
637 for (j = 0; j < 32; j++)
638 block[(i << 5) | j] = (io[i] & bits32[j]) ? 1 : 0;
642 __des_crypt(const char *key, const char *setting)
644 u_int32_t count, salt, l, r0, r1, keybuf[2];
646 static char output[21];
651 * Copy the key, shifting each character up by one bit
652 * and padding with zeros.
654 q = (u_char *)keybuf;
655 while (q - (u_char *)keybuf - 8) {
660 if (des_setkey((char *)keybuf))
664 if (*setting == _PASSWORD_EFMT1) {
668 * setting - underscore, 4 bytes of count, 4 bytes of salt
669 * key - unlimited characters
671 for (i = 1, count = 0L; i < 5; i++)
672 count |= ascii_to_bin(setting[i]) << ((i - 1) * 6);
674 for (i = 5, salt = 0L; i < 9; i++)
675 salt |= ascii_to_bin(setting[i]) << ((i - 5) * 6);
679 * Encrypt the key with itself.
681 if (des_cipher((char *)keybuf, (char *)keybuf, 0L, 1))
684 * And XOR with the next 8 characters of the key.
686 q = (u_char *)keybuf;
687 while (q - (u_char *)keybuf - 8 && *key)
690 if (des_setkey((char *)keybuf))
693 strncpy(output, setting, 9);
696 * Double check that we weren't given a short setting.
697 * If we were, the above code will probably have created
698 * wierd values for count and salt, but we don't really care.
699 * Just make sure the output string doesn't have an extra
703 p = (u_char *)output + strlen(output);
709 * setting - 2 bytes of salt
710 * key - up to 8 characters
714 salt = (ascii_to_bin(setting[1]) << 6)
715 | ascii_to_bin(setting[0]);
717 output[0] = setting[0];
719 * If the encrypted password that the salt was extracted from
720 * is only 1 character long, the salt will be corrupted. We
721 * need to ensure that the output string doesn't have an extra
724 output[1] = setting[1] ? setting[1] : output[0];
726 p = (u_char *)output + 2;
732 if (do_des(0L, 0L, &r0, &r1, (int)count))
735 * Now encode the result...
738 *p++ = ascii64[(l >> 18) & 0x3f];
739 *p++ = ascii64[(l >> 12) & 0x3f];
740 *p++ = ascii64[(l >> 6) & 0x3f];
741 *p++ = ascii64[l & 0x3f];
743 l = (r0 << 16) | ((r1 >> 16) & 0xffff);
744 *p++ = ascii64[(l >> 18) & 0x3f];
745 *p++ = ascii64[(l >> 12) & 0x3f];
746 *p++ = ascii64[(l >> 6) & 0x3f];
747 *p++ = ascii64[l & 0x3f];
750 *p++ = ascii64[(l >> 12) & 0x3f];
751 *p++ = ascii64[(l >> 6) & 0x3f];
752 *p++ = ascii64[l & 0x3f];