155714Skris/* crypto/des/set_key.c */
255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
355714Skris * All rights reserved.
455714Skris *
555714Skris * This package is an SSL implementation written
655714Skris * by Eric Young (eay@cryptsoft.com).
755714Skris * The implementation was written so as to conform with Netscapes SSL.
8280297Sjkim *
955714Skris * This library is free for commercial and non-commercial use as long as
1055714Skris * the following conditions are aheared to.  The following conditions
1155714Skris * apply to all code found in this distribution, be it the RC4, RSA,
1255714Skris * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
1355714Skris * included with this distribution is covered by the same copyright terms
1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15280297Sjkim *
1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in
1755714Skris * the code are not to be removed.
1855714Skris * If this package is used in a product, Eric Young should be given attribution
1955714Skris * as the author of the parts of the library used.
2055714Skris * This can be in the form of a textual message at program startup or
2155714Skris * in documentation (online or textual) provided with the package.
22280297Sjkim *
2355714Skris * Redistribution and use in source and binary forms, with or without
2455714Skris * modification, are permitted provided that the following conditions
2555714Skris * are met:
2655714Skris * 1. Redistributions of source code must retain the copyright
2755714Skris *    notice, this list of conditions and the following disclaimer.
2855714Skris * 2. Redistributions in binary form must reproduce the above copyright
2955714Skris *    notice, this list of conditions and the following disclaimer in the
3055714Skris *    documentation and/or other materials provided with the distribution.
3155714Skris * 3. All advertising materials mentioning features or use of this software
3255714Skris *    must display the following acknowledgement:
3355714Skris *    "This product includes cryptographic software written by
3455714Skris *     Eric Young (eay@cryptsoft.com)"
3555714Skris *    The word 'cryptographic' can be left out if the rouines from the library
3655714Skris *    being used are not cryptographic related :-).
37280297Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from
3855714Skris *    the apps directory (application code) you must include an acknowledgement:
3955714Skris *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40280297Sjkim *
4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
4455714Skris * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
5155714Skris * SUCH DAMAGE.
52280297Sjkim *
5355714Skris * The licence and distribution terms for any publically available version or
5455714Skris * derivative of this code cannot be changed.  i.e. this code cannot simply be
5555714Skris * copied and put under another distribution licence
5655714Skris * [including the GNU Public Licence.]
5755714Skris */
5855714Skris
59280297Sjkim/*-
60280297Sjkim * set_key.c v 1.4 eay 24/9/91
6155714Skris * 1.4 Speed up by 400% :-)
6255714Skris * 1.3 added register declarations.
6355714Skris * 1.2 unrolled make_key_sched a bit more
6455714Skris * 1.1 added norm_expand_bits
6555714Skris * 1.0 First working version
6655714Skris */
67246772Sjkim#include <openssl/crypto.h>
6855714Skris#include "des_locl.h"
6955714Skris
70280297SjkimOPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0)
71280297Sjkim                                                    /*
72280297Sjkim                                                     * defaults to false
73280297Sjkim                                                     */
74280297Sjkimstatic const unsigned char odd_parity[256] = {
75280297Sjkim    1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
76280297Sjkim    16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
77280297Sjkim    32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
78280297Sjkim    49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
79280297Sjkim    64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
80280297Sjkim    81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
81280297Sjkim    97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
82280297Sjkim    110,
83280297Sjkim    112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
84280297Sjkim    127,
85280297Sjkim    128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
86280297Sjkim    143,
87280297Sjkim    145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
88280297Sjkim    158,
89280297Sjkim    161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
90280297Sjkim    174,
91280297Sjkim    176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
92280297Sjkim    191,
93280297Sjkim    193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
94280297Sjkim    206,
95280297Sjkim    208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
96280297Sjkim    223,
97280297Sjkim    224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
98280297Sjkim    239,
99280297Sjkim    241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
100280297Sjkim    254
101280297Sjkim};
10255714Skris
103109998Smarkmvoid DES_set_odd_parity(DES_cblock *key)
104280297Sjkim{
105280297Sjkim    unsigned int i;
10655714Skris
107280297Sjkim    for (i = 0; i < DES_KEY_SZ; i++)
108280297Sjkim        (*key)[i] = odd_parity[(*key)[i]];
109280297Sjkim}
11055714Skris
111109998Smarkmint DES_check_key_parity(const_DES_cblock *key)
112280297Sjkim{
113280297Sjkim    unsigned int i;
11455714Skris
115280297Sjkim    for (i = 0; i < DES_KEY_SZ; i++) {
116280297Sjkim        if ((*key)[i] != odd_parity[(*key)[i]])
117280297Sjkim            return (0);
118280297Sjkim    }
119280297Sjkim    return (1);
120280297Sjkim}
12155714Skris
122280297Sjkim/*-
123325335Sjkim * Weak and semi weak keys as taken from
12455714Skris * %A D.W. Davies
12555714Skris * %A W.L. Price
12655714Skris * %T Security for Computer Networks
12755714Skris * %I John Wiley & Sons
12855714Skris * %D 1984
12955714Skris * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
13055714Skris * (and actual cblock values).
13155714Skris */
132280297Sjkim#define NUM_WEAK_KEY    16
133280297Sjkimstatic const DES_cblock weak_keys[NUM_WEAK_KEY] = {
134280297Sjkim    /* weak keys */
135280297Sjkim    {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
136280297Sjkim    {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
137280297Sjkim    {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
138280297Sjkim    {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
139280297Sjkim    /* semi-weak keys */
140280297Sjkim    {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
141280297Sjkim    {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
142280297Sjkim    {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
143280297Sjkim    {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
144280297Sjkim    {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
145280297Sjkim    {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
146280297Sjkim    {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
147280297Sjkim    {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
148280297Sjkim    {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
149280297Sjkim    {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
150280297Sjkim    {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
151280297Sjkim    {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
152280297Sjkim};
15355714Skris
154109998Smarkmint DES_is_weak_key(const_DES_cblock *key)
155280297Sjkim{
156280297Sjkim    int i;
15755714Skris
158280297Sjkim    for (i = 0; i < NUM_WEAK_KEY; i++)
159280297Sjkim        /*
160280297Sjkim         * Added == 0 to comparison, I obviously don't run this section very
161280297Sjkim         * often :-(, thanks to engineering@MorningStar.Com for the fix eay
162280297Sjkim         * 93/06/29 Another problem, I was comparing only the first 4 bytes,
163280297Sjkim         * 97/03/18
164280297Sjkim         */
165280297Sjkim        if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
166280297Sjkim            return (1);
167280297Sjkim    return (0);
168280297Sjkim}
16955714Skris
170280297Sjkim/*-
171280297Sjkim * NOW DEFINED IN des_local.h
172280297Sjkim * See ecb_encrypt.c for a pseudo description of these macros.
17355714Skris * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
174280297Sjkim *      (b)^=(t),\
175280297Sjkim *      (a)=((a)^((t)<<(n))))
17655714Skris */
17755714Skris
17855714Skris#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
179280297Sjkim        (a)=(a)^(t)^(t>>(16-(n))))
18055714Skris
181280297Sjkimstatic const DES_LONG des_skb[8][64] = {
182280297Sjkim    {
183280297Sjkim     /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
184280297Sjkim     0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
185280297Sjkim     0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
186280297Sjkim     0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
187280297Sjkim     0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
188280297Sjkim     0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
189280297Sjkim     0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
190280297Sjkim     0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
191280297Sjkim     0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
192280297Sjkim     0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
193280297Sjkim     0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
194280297Sjkim     0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
195280297Sjkim     0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
196280297Sjkim     0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
197280297Sjkim     0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
198280297Sjkim     0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
199280297Sjkim     0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
200280297Sjkim     },
201280297Sjkim    {
202280297Sjkim     /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
203280297Sjkim     0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
204280297Sjkim     0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
205280297Sjkim     0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
206280297Sjkim     0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
207280297Sjkim     0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
208280297Sjkim     0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
209280297Sjkim     0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
210280297Sjkim     0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
211280297Sjkim     0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
212280297Sjkim     0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
213280297Sjkim     0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
214280297Sjkim     0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
215280297Sjkim     0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
216280297Sjkim     0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
217280297Sjkim     0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
218280297Sjkim     0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
219280297Sjkim     },
220280297Sjkim    {
221280297Sjkim     /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
222280297Sjkim     0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
223280297Sjkim     0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
224280297Sjkim     0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
225280297Sjkim     0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
226280297Sjkim     0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
227280297Sjkim     0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
228280297Sjkim     0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
229280297Sjkim     0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
230280297Sjkim     0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
231280297Sjkim     0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
232280297Sjkim     0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
233280297Sjkim     0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
234280297Sjkim     0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
235280297Sjkim     0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
236280297Sjkim     0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
237280297Sjkim     0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
238280297Sjkim     },
239280297Sjkim    {
240280297Sjkim     /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
241280297Sjkim     0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
242280297Sjkim     0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
243280297Sjkim     0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
244280297Sjkim     0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
245280297Sjkim     0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
246280297Sjkim     0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
247280297Sjkim     0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
248280297Sjkim     0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
249280297Sjkim     0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
250280297Sjkim     0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
251280297Sjkim     0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
252280297Sjkim     0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
253280297Sjkim     0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
254280297Sjkim     0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
255280297Sjkim     0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
256280297Sjkim     0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
257280297Sjkim     },
258280297Sjkim    {
259280297Sjkim     /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
260280297Sjkim     0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
261280297Sjkim     0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
262280297Sjkim     0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
263280297Sjkim     0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
264280297Sjkim     0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
265280297Sjkim     0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
266280297Sjkim     0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
267280297Sjkim     0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
268280297Sjkim     0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
269280297Sjkim     0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
270280297Sjkim     0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
271280297Sjkim     0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
272280297Sjkim     0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
273280297Sjkim     0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
274280297Sjkim     0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
275280297Sjkim     0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
276280297Sjkim     },
277280297Sjkim    {
278280297Sjkim     /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
279280297Sjkim     0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
280280297Sjkim     0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
281280297Sjkim     0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
282280297Sjkim     0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
283280297Sjkim     0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
284280297Sjkim     0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
285280297Sjkim     0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
286280297Sjkim     0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
287280297Sjkim     0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
288280297Sjkim     0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
289280297Sjkim     0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
290280297Sjkim     0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
291280297Sjkim     0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
292280297Sjkim     0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
293280297Sjkim     0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
294280297Sjkim     0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
295280297Sjkim     },
296280297Sjkim    {
297280297Sjkim     /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
298280297Sjkim     0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
299280297Sjkim     0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
300280297Sjkim     0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
301280297Sjkim     0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
302280297Sjkim     0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
303280297Sjkim     0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
304280297Sjkim     0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
305280297Sjkim     0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
306280297Sjkim     0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
307280297Sjkim     0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
308280297Sjkim     0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
309280297Sjkim     0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
310280297Sjkim     0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
311280297Sjkim     0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
312280297Sjkim     0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
313280297Sjkim     0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
314280297Sjkim     },
315280297Sjkim    {
316280297Sjkim     /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
317280297Sjkim     0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
318280297Sjkim     0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
319280297Sjkim     0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
320280297Sjkim     0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
321280297Sjkim     0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
322280297Sjkim     0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
323280297Sjkim     0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
324280297Sjkim     0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
325280297Sjkim     0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
326280297Sjkim     0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
327280297Sjkim     0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
328280297Sjkim     0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
329280297Sjkim     0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
330280297Sjkim     0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
331280297Sjkim     0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
332280297Sjkim     0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
333280297Sjkim     }
334280297Sjkim};
33559191Skris
336109998Smarkmint DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
337280297Sjkim{
338280297Sjkim    if (DES_check_key) {
339280297Sjkim        return DES_set_key_checked(key, schedule);
340280297Sjkim    } else {
341280297Sjkim        DES_set_key_unchecked(key, schedule);
342280297Sjkim        return 0;
343280297Sjkim    }
344280297Sjkim}
34559191Skris
346280297Sjkim/*-
347280297Sjkim * return 0 if key parity is odd (correct),
34855714Skris * return -1 if key parity error,
34955714Skris * return -2 if illegal weak key.
35055714Skris */
351109998Smarkmint DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
352280297Sjkim{
353280297Sjkim    if (!DES_check_key_parity(key))
354280297Sjkim        return (-1);
355280297Sjkim    if (DES_is_weak_key(key))
356280297Sjkim        return (-2);
357280297Sjkim    DES_set_key_unchecked(key, schedule);
358280297Sjkim    return 0;
359280297Sjkim}
36059191Skris
361109998Smarkmvoid DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
362238405Sjkim#ifdef OPENSSL_FIPS
363280297Sjkim{
364280297Sjkim    fips_cipher_abort(DES);
365280297Sjkim    private_DES_set_key_unchecked(key, schedule);
366280297Sjkim}
367280297Sjkim
368280297Sjkimvoid private_DES_set_key_unchecked(const_DES_cblock *key,
369280297Sjkim                                   DES_key_schedule *schedule)
370238405Sjkim#endif
371280297Sjkim{
372280297Sjkim    static const int shifts2[16] =
373280297Sjkim        { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
374280297Sjkim    register DES_LONG c, d, t, s, t2;
375280297Sjkim    register const unsigned char *in;
376280297Sjkim    register DES_LONG *k;
377280297Sjkim    register int i;
37855714Skris
379109998Smarkm#ifdef OPENBSD_DEV_CRYPTO
380331638Sjkim    memcpy(schedule->key, key, sizeof(schedule->key));
381280297Sjkim    schedule->session = NULL;
382109998Smarkm#endif
383280297Sjkim    k = &schedule->ks->deslong[0];
384280297Sjkim    in = &(*key)[0];
38555714Skris
386280297Sjkim    c2l(in, c);
387280297Sjkim    c2l(in, d);
38855714Skris
389280297Sjkim    /*
390280297Sjkim     * do PC1 in 47 simple operations :-) Thanks to John Fletcher
391280297Sjkim     * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-)
392280297Sjkim     */
393280297Sjkim    PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
394280297Sjkim    HPERM_OP(c, t, -2, 0xcccc0000L);
395280297Sjkim    HPERM_OP(d, t, -2, 0xcccc0000L);
396280297Sjkim    PERM_OP(d, c, t, 1, 0x55555555L);
397280297Sjkim    PERM_OP(c, d, t, 8, 0x00ff00ffL);
398280297Sjkim    PERM_OP(d, c, t, 1, 0x55555555L);
399280297Sjkim    d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
400280297Sjkim         ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
401280297Sjkim    c &= 0x0fffffffL;
40255714Skris
403280297Sjkim    for (i = 0; i < ITERATIONS; i++) {
404280297Sjkim        if (shifts2[i]) {
405280297Sjkim            c = ((c >> 2L) | (c << 26L));
406280297Sjkim            d = ((d >> 2L) | (d << 26L));
407280297Sjkim        } else {
408280297Sjkim            c = ((c >> 1L) | (c << 27L));
409280297Sjkim            d = ((d >> 1L) | (d << 27L));
410280297Sjkim        }
411280297Sjkim        c &= 0x0fffffffL;
412280297Sjkim        d &= 0x0fffffffL;
413280297Sjkim        /*
414280297Sjkim         * could be a few less shifts but I am to lazy at this point in time
415280297Sjkim         * to investigate
416280297Sjkim         */
417280297Sjkim        s = des_skb[0][(c) & 0x3f] |
418280297Sjkim            des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
419280297Sjkim            des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
420280297Sjkim            des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
421280297Sjkim                       ((c >> 22L) & 0x38)];
422280297Sjkim        t = des_skb[4][(d) & 0x3f] |
423280297Sjkim            des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
424280297Sjkim            des_skb[6][(d >> 15L) & 0x3f] |
425280297Sjkim            des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
42655714Skris
427280297Sjkim        /* table contained 0213 4657 */
428280297Sjkim        t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
429280297Sjkim        *(k++) = ROTATE(t2, 30) & 0xffffffffL;
43055714Skris
431280297Sjkim        t2 = ((s >> 16L) | (t & 0xffff0000L));
432280297Sjkim        *(k++) = ROTATE(t2, 26) & 0xffffffffL;
433280297Sjkim    }
434280297Sjkim}
43555714Skris
436109998Smarkmint DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
437280297Sjkim{
438280297Sjkim    return (DES_set_key(key, schedule));
439280297Sjkim}
440280297Sjkim
441280297Sjkim/*-
44259191Skris#undef des_fixup_key_parity
44359191Skrisvoid des_fixup_key_parity(des_cblock *key)
444280297Sjkim        {
445280297Sjkim        des_set_odd_parity(key);
446280297Sjkim        }
447109998Smarkm*/
448