1 /* $OpenBSD: set_key.c,v 1.20 2017/02/09 03:43:05 dtucker Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
59 /* set_key.c v 1.4 eay 24/9/91
60 * 1.4 Speed up by 400% :-)
61 * 1.3 added register declarations.
62 * 1.2 unrolled make_key_sched a bit more
63 * 1.1 added norm_expand_bits
64 * 1.0 First working version
66 #include <openssl/crypto.h>
69 int DES_check_key
= 0; /* defaults to false */
71 static const unsigned char odd_parity
[256]={
72 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
73 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
74 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
75 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
76 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
77 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
78 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
79 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
80 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
81 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
82 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
83 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
84 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
85 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
86 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
87 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
89 void DES_set_odd_parity(DES_cblock
*key
)
93 for (i
=0; i
<DES_KEY_SZ
; i
++)
94 (*key
)[i
]=odd_parity
[(*key
)[i
]];
97 int DES_check_key_parity(const_DES_cblock
*key
)
101 for (i
=0; i
<DES_KEY_SZ
; i
++)
103 if ((*key
)[i
] != odd_parity
[(*key
)[i
]])
109 /* Weak and semi weak keys as taken from
112 * %T Security for Computer Networks
113 * %I John Wiley & Sons
115 * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
116 * (and actual cblock values).
118 #define NUM_WEAK_KEY 16
119 static const DES_cblock weak_keys
[NUM_WEAK_KEY
]={
121 {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
122 {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
123 {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
124 {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
126 {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
127 {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
128 {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
129 {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
130 {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
131 {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
132 {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
133 {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
134 {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
135 {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
136 {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
137 {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
140 DES_is_weak_key(const_DES_cblock
*key
)
144 for (i
= 0; i
< NUM_WEAK_KEY
; i
++)
145 if (memcmp(weak_keys
[i
], key
, sizeof(DES_cblock
)) == 0)
150 /* NOW DEFINED IN des_local.h
151 * See ecb_encrypt.c for a pseudo description of these macros.
152 * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
154 * (a)=((a)^((t)<<(n))))
157 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
158 (a)=(a)^(t)^(t>>(16-(n))))
160 static const DES_LONG des_skb
[8][64]={
162 /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
163 0x00000000L
,0x00000010L
,0x20000000L
,0x20000010L
,
164 0x00010000L
,0x00010010L
,0x20010000L
,0x20010010L
,
165 0x00000800L
,0x00000810L
,0x20000800L
,0x20000810L
,
166 0x00010800L
,0x00010810L
,0x20010800L
,0x20010810L
,
167 0x00000020L
,0x00000030L
,0x20000020L
,0x20000030L
,
168 0x00010020L
,0x00010030L
,0x20010020L
,0x20010030L
,
169 0x00000820L
,0x00000830L
,0x20000820L
,0x20000830L
,
170 0x00010820L
,0x00010830L
,0x20010820L
,0x20010830L
,
171 0x00080000L
,0x00080010L
,0x20080000L
,0x20080010L
,
172 0x00090000L
,0x00090010L
,0x20090000L
,0x20090010L
,
173 0x00080800L
,0x00080810L
,0x20080800L
,0x20080810L
,
174 0x00090800L
,0x00090810L
,0x20090800L
,0x20090810L
,
175 0x00080020L
,0x00080030L
,0x20080020L
,0x20080030L
,
176 0x00090020L
,0x00090030L
,0x20090020L
,0x20090030L
,
177 0x00080820L
,0x00080830L
,0x20080820L
,0x20080830L
,
178 0x00090820L
,0x00090830L
,0x20090820L
,0x20090830L
,
180 /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
181 0x00000000L
,0x02000000L
,0x00002000L
,0x02002000L
,
182 0x00200000L
,0x02200000L
,0x00202000L
,0x02202000L
,
183 0x00000004L
,0x02000004L
,0x00002004L
,0x02002004L
,
184 0x00200004L
,0x02200004L
,0x00202004L
,0x02202004L
,
185 0x00000400L
,0x02000400L
,0x00002400L
,0x02002400L
,
186 0x00200400L
,0x02200400L
,0x00202400L
,0x02202400L
,
187 0x00000404L
,0x02000404L
,0x00002404L
,0x02002404L
,
188 0x00200404L
,0x02200404L
,0x00202404L
,0x02202404L
,
189 0x10000000L
,0x12000000L
,0x10002000L
,0x12002000L
,
190 0x10200000L
,0x12200000L
,0x10202000L
,0x12202000L
,
191 0x10000004L
,0x12000004L
,0x10002004L
,0x12002004L
,
192 0x10200004L
,0x12200004L
,0x10202004L
,0x12202004L
,
193 0x10000400L
,0x12000400L
,0x10002400L
,0x12002400L
,
194 0x10200400L
,0x12200400L
,0x10202400L
,0x12202400L
,
195 0x10000404L
,0x12000404L
,0x10002404L
,0x12002404L
,
196 0x10200404L
,0x12200404L
,0x10202404L
,0x12202404L
,
198 /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
199 0x00000000L
,0x00000001L
,0x00040000L
,0x00040001L
,
200 0x01000000L
,0x01000001L
,0x01040000L
,0x01040001L
,
201 0x00000002L
,0x00000003L
,0x00040002L
,0x00040003L
,
202 0x01000002L
,0x01000003L
,0x01040002L
,0x01040003L
,
203 0x00000200L
,0x00000201L
,0x00040200L
,0x00040201L
,
204 0x01000200L
,0x01000201L
,0x01040200L
,0x01040201L
,
205 0x00000202L
,0x00000203L
,0x00040202L
,0x00040203L
,
206 0x01000202L
,0x01000203L
,0x01040202L
,0x01040203L
,
207 0x08000000L
,0x08000001L
,0x08040000L
,0x08040001L
,
208 0x09000000L
,0x09000001L
,0x09040000L
,0x09040001L
,
209 0x08000002L
,0x08000003L
,0x08040002L
,0x08040003L
,
210 0x09000002L
,0x09000003L
,0x09040002L
,0x09040003L
,
211 0x08000200L
,0x08000201L
,0x08040200L
,0x08040201L
,
212 0x09000200L
,0x09000201L
,0x09040200L
,0x09040201L
,
213 0x08000202L
,0x08000203L
,0x08040202L
,0x08040203L
,
214 0x09000202L
,0x09000203L
,0x09040202L
,0x09040203L
,
216 /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
217 0x00000000L
,0x00100000L
,0x00000100L
,0x00100100L
,
218 0x00000008L
,0x00100008L
,0x00000108L
,0x00100108L
,
219 0x00001000L
,0x00101000L
,0x00001100L
,0x00101100L
,
220 0x00001008L
,0x00101008L
,0x00001108L
,0x00101108L
,
221 0x04000000L
,0x04100000L
,0x04000100L
,0x04100100L
,
222 0x04000008L
,0x04100008L
,0x04000108L
,0x04100108L
,
223 0x04001000L
,0x04101000L
,0x04001100L
,0x04101100L
,
224 0x04001008L
,0x04101008L
,0x04001108L
,0x04101108L
,
225 0x00020000L
,0x00120000L
,0x00020100L
,0x00120100L
,
226 0x00020008L
,0x00120008L
,0x00020108L
,0x00120108L
,
227 0x00021000L
,0x00121000L
,0x00021100L
,0x00121100L
,
228 0x00021008L
,0x00121008L
,0x00021108L
,0x00121108L
,
229 0x04020000L
,0x04120000L
,0x04020100L
,0x04120100L
,
230 0x04020008L
,0x04120008L
,0x04020108L
,0x04120108L
,
231 0x04021000L
,0x04121000L
,0x04021100L
,0x04121100L
,
232 0x04021008L
,0x04121008L
,0x04021108L
,0x04121108L
,
234 /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
235 0x00000000L
,0x10000000L
,0x00010000L
,0x10010000L
,
236 0x00000004L
,0x10000004L
,0x00010004L
,0x10010004L
,
237 0x20000000L
,0x30000000L
,0x20010000L
,0x30010000L
,
238 0x20000004L
,0x30000004L
,0x20010004L
,0x30010004L
,
239 0x00100000L
,0x10100000L
,0x00110000L
,0x10110000L
,
240 0x00100004L
,0x10100004L
,0x00110004L
,0x10110004L
,
241 0x20100000L
,0x30100000L
,0x20110000L
,0x30110000L
,
242 0x20100004L
,0x30100004L
,0x20110004L
,0x30110004L
,
243 0x00001000L
,0x10001000L
,0x00011000L
,0x10011000L
,
244 0x00001004L
,0x10001004L
,0x00011004L
,0x10011004L
,
245 0x20001000L
,0x30001000L
,0x20011000L
,0x30011000L
,
246 0x20001004L
,0x30001004L
,0x20011004L
,0x30011004L
,
247 0x00101000L
,0x10101000L
,0x00111000L
,0x10111000L
,
248 0x00101004L
,0x10101004L
,0x00111004L
,0x10111004L
,
249 0x20101000L
,0x30101000L
,0x20111000L
,0x30111000L
,
250 0x20101004L
,0x30101004L
,0x20111004L
,0x30111004L
,
252 /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
253 0x00000000L
,0x08000000L
,0x00000008L
,0x08000008L
,
254 0x00000400L
,0x08000400L
,0x00000408L
,0x08000408L
,
255 0x00020000L
,0x08020000L
,0x00020008L
,0x08020008L
,
256 0x00020400L
,0x08020400L
,0x00020408L
,0x08020408L
,
257 0x00000001L
,0x08000001L
,0x00000009L
,0x08000009L
,
258 0x00000401L
,0x08000401L
,0x00000409L
,0x08000409L
,
259 0x00020001L
,0x08020001L
,0x00020009L
,0x08020009L
,
260 0x00020401L
,0x08020401L
,0x00020409L
,0x08020409L
,
261 0x02000000L
,0x0A000000L
,0x02000008L
,0x0A000008L
,
262 0x02000400L
,0x0A000400L
,0x02000408L
,0x0A000408L
,
263 0x02020000L
,0x0A020000L
,0x02020008L
,0x0A020008L
,
264 0x02020400L
,0x0A020400L
,0x02020408L
,0x0A020408L
,
265 0x02000001L
,0x0A000001L
,0x02000009L
,0x0A000009L
,
266 0x02000401L
,0x0A000401L
,0x02000409L
,0x0A000409L
,
267 0x02020001L
,0x0A020001L
,0x02020009L
,0x0A020009L
,
268 0x02020401L
,0x0A020401L
,0x02020409L
,0x0A020409L
,
270 /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
271 0x00000000L
,0x00000100L
,0x00080000L
,0x00080100L
,
272 0x01000000L
,0x01000100L
,0x01080000L
,0x01080100L
,
273 0x00000010L
,0x00000110L
,0x00080010L
,0x00080110L
,
274 0x01000010L
,0x01000110L
,0x01080010L
,0x01080110L
,
275 0x00200000L
,0x00200100L
,0x00280000L
,0x00280100L
,
276 0x01200000L
,0x01200100L
,0x01280000L
,0x01280100L
,
277 0x00200010L
,0x00200110L
,0x00280010L
,0x00280110L
,
278 0x01200010L
,0x01200110L
,0x01280010L
,0x01280110L
,
279 0x00000200L
,0x00000300L
,0x00080200L
,0x00080300L
,
280 0x01000200L
,0x01000300L
,0x01080200L
,0x01080300L
,
281 0x00000210L
,0x00000310L
,0x00080210L
,0x00080310L
,
282 0x01000210L
,0x01000310L
,0x01080210L
,0x01080310L
,
283 0x00200200L
,0x00200300L
,0x00280200L
,0x00280300L
,
284 0x01200200L
,0x01200300L
,0x01280200L
,0x01280300L
,
285 0x00200210L
,0x00200310L
,0x00280210L
,0x00280310L
,
286 0x01200210L
,0x01200310L
,0x01280210L
,0x01280310L
,
288 /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
289 0x00000000L
,0x04000000L
,0x00040000L
,0x04040000L
,
290 0x00000002L
,0x04000002L
,0x00040002L
,0x04040002L
,
291 0x00002000L
,0x04002000L
,0x00042000L
,0x04042000L
,
292 0x00002002L
,0x04002002L
,0x00042002L
,0x04042002L
,
293 0x00000020L
,0x04000020L
,0x00040020L
,0x04040020L
,
294 0x00000022L
,0x04000022L
,0x00040022L
,0x04040022L
,
295 0x00002020L
,0x04002020L
,0x00042020L
,0x04042020L
,
296 0x00002022L
,0x04002022L
,0x00042022L
,0x04042022L
,
297 0x00000800L
,0x04000800L
,0x00040800L
,0x04040800L
,
298 0x00000802L
,0x04000802L
,0x00040802L
,0x04040802L
,
299 0x00002800L
,0x04002800L
,0x00042800L
,0x04042800L
,
300 0x00002802L
,0x04002802L
,0x00042802L
,0x04042802L
,
301 0x00000820L
,0x04000820L
,0x00040820L
,0x04040820L
,
302 0x00000822L
,0x04000822L
,0x00040822L
,0x04040822L
,
303 0x00002820L
,0x04002820L
,0x00042820L
,0x04042820L
,
304 0x00002822L
,0x04002822L
,0x00042822L
,0x04042822L
,
307 int DES_set_key(const_DES_cblock
*key
, DES_key_schedule
*schedule
)
311 return DES_set_key_checked(key
, schedule
);
315 DES_set_key_unchecked(key
, schedule
);
320 /* return 0 if key parity is odd (correct),
321 * return -1 if key parity error,
322 * return -2 if illegal weak key.
324 int DES_set_key_checked(const_DES_cblock
*key
, DES_key_schedule
*schedule
)
326 if (!DES_check_key_parity(key
))
328 if (DES_is_weak_key(key
))
330 DES_set_key_unchecked(key
, schedule
);
334 void DES_set_key_unchecked(const_DES_cblock
*key
, DES_key_schedule
*schedule
)
336 static const int shifts2
[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
338 const unsigned char *in
;
342 k
= &schedule
->ks
->deslong
[0];
348 /* do PC1 in 47 simple operations :-)
349 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
350 * for the inspiration. :-) */
351 PERM_OP (d
,c
,t
,4,0x0f0f0f0fL
);
352 HPERM_OP(c
,t
,-2,0xcccc0000L
);
353 HPERM_OP(d
,t
,-2,0xcccc0000L
);
354 PERM_OP (d
,c
,t
,1,0x55555555L
);
355 PERM_OP (c
,d
,t
,8,0x00ff00ffL
);
356 PERM_OP (d
,c
,t
,1,0x55555555L
);
357 d
= (((d
&0x000000ffL
)<<16L)| (d
&0x0000ff00L
) |
358 ((d
&0x00ff0000L
)>>16L)|((c
&0xf0000000L
)>>4L));
361 for (i
=0; i
<ITERATIONS
; i
++)
364 { c
=((c
>>2L)|(c
<<26L)); d
=((d
>>2L)|(d
<<26L)); }
366 { c
=((c
>>1L)|(c
<<27L)); d
=((d
>>1L)|(d
<<27L)); }
369 /* could be a few less shifts but I am to lazy at this
370 * point in time to investigate */
371 s
= des_skb
[0][ (c
)&0x3f ]|
372 des_skb
[1][((c
>> 6L)&0x03)|((c
>> 7L)&0x3c)]|
373 des_skb
[2][((c
>>13L)&0x0f)|((c
>>14L)&0x30)]|
374 des_skb
[3][((c
>>20L)&0x01)|((c
>>21L)&0x06) |
376 t
= des_skb
[4][ (d
)&0x3f ]|
377 des_skb
[5][((d
>> 7L)&0x03)|((d
>> 8L)&0x3c)]|
378 des_skb
[6][ (d
>>15L)&0x3f ]|
379 des_skb
[7][((d
>>21L)&0x0f)|((d
>>22L)&0x30)];
381 /* table contained 0213 4657 */
382 t2
=((t
<<16L)|(s
&0x0000ffffL
))&0xffffffffL
;
383 *(k
++)=ROTATE(t2
,30)&0xffffffffL
;
385 t2
=((s
>>16L)|(t
&0xffff0000L
));
386 *(k
++)=ROTATE(t2
,26)&0xffffffffL
;
390 int DES_key_sched(const_DES_cblock
*key
, DES_key_schedule
*schedule
)
392 return(DES_set_key(key
,schedule
));
395 #undef des_fixup_key_parity
396 void des_fixup_key_parity(des_cblock *key)
398 des_set_odd_parity(key);