155714Skris/* crypto/des/set_key.c */ 255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 355714Skris * All rights reserved. 455714Skris * 555714Skris * This package is an SSL implementation written 655714Skris * by Eric Young (eay@cryptsoft.com). 755714Skris * The implementation was written so as to conform with Netscapes SSL. 8280297Sjkim * 955714Skris * This library is free for commercial and non-commercial use as long as 1055714Skris * the following conditions are aheared to. The following conditions 1155714Skris * apply to all code found in this distribution, be it the RC4, RSA, 1255714Skris * lhash, DES, etc., code; not just the SSL code. The SSL documentation 1355714Skris * included with this distribution is covered by the same copyright terms 1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15280297Sjkim * 1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in 1755714Skris * the code are not to be removed. 1855714Skris * If this package is used in a product, Eric Young should be given attribution 1955714Skris * as the author of the parts of the library used. 2055714Skris * This can be in the form of a textual message at program startup or 2155714Skris * in documentation (online or textual) provided with the package. 22280297Sjkim * 2355714Skris * Redistribution and use in source and binary forms, with or without 2455714Skris * modification, are permitted provided that the following conditions 2555714Skris * are met: 2655714Skris * 1. Redistributions of source code must retain the copyright 2755714Skris * notice, this list of conditions and the following disclaimer. 2855714Skris * 2. Redistributions in binary form must reproduce the above copyright 2955714Skris * notice, this list of conditions and the following disclaimer in the 3055714Skris * documentation and/or other materials provided with the distribution. 3155714Skris * 3. All advertising materials mentioning features or use of this software 3255714Skris * must display the following acknowledgement: 3355714Skris * "This product includes cryptographic software written by 3455714Skris * Eric Young (eay@cryptsoft.com)" 3555714Skris * The word 'cryptographic' can be left out if the rouines from the library 3655714Skris * being used are not cryptographic related :-). 37280297Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from 3855714Skris * the apps directory (application code) you must include an acknowledgement: 3955714Skris * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40280297Sjkim * 4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 4455714Skris * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 5155714Skris * SUCH DAMAGE. 52280297Sjkim * 5355714Skris * The licence and distribution terms for any publically available version or 5455714Skris * derivative of this code cannot be changed. i.e. this code cannot simply be 5555714Skris * copied and put under another distribution licence 5655714Skris * [including the GNU Public Licence.] 5755714Skris */ 5855714Skris 59280297Sjkim/*- 60280297Sjkim * set_key.c v 1.4 eay 24/9/91 6155714Skris * 1.4 Speed up by 400% :-) 6255714Skris * 1.3 added register declarations. 6355714Skris * 1.2 unrolled make_key_sched a bit more 6455714Skris * 1.1 added norm_expand_bits 6555714Skris * 1.0 First working version 6655714Skris */ 67246772Sjkim#include <openssl/crypto.h> 6855714Skris#include "des_locl.h" 6955714Skris 70280297SjkimOPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0) 71280297Sjkim /* 72280297Sjkim * defaults to false 73280297Sjkim */ 74280297Sjkimstatic const unsigned char odd_parity[256] = { 75280297Sjkim 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, 76280297Sjkim 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, 77280297Sjkim 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, 78280297Sjkim 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, 79280297Sjkim 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, 80280297Sjkim 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, 81280297Sjkim 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, 82280297Sjkim 110, 83280297Sjkim 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, 84280297Sjkim 127, 85280297Sjkim 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, 86280297Sjkim 143, 87280297Sjkim 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, 88280297Sjkim 158, 89280297Sjkim 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 90280297Sjkim 174, 91280297Sjkim 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 92280297Sjkim 191, 93280297Sjkim 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 94280297Sjkim 206, 95280297Sjkim 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 96280297Sjkim 223, 97280297Sjkim 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 98280297Sjkim 239, 99280297Sjkim 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, 100280297Sjkim 254 101280297Sjkim}; 10255714Skris 103109998Smarkmvoid DES_set_odd_parity(DES_cblock *key) 104280297Sjkim{ 105280297Sjkim unsigned int i; 10655714Skris 107280297Sjkim for (i = 0; i < DES_KEY_SZ; i++) 108280297Sjkim (*key)[i] = odd_parity[(*key)[i]]; 109280297Sjkim} 11055714Skris 111109998Smarkmint DES_check_key_parity(const_DES_cblock *key) 112280297Sjkim{ 113280297Sjkim unsigned int i; 11455714Skris 115280297Sjkim for (i = 0; i < DES_KEY_SZ; i++) { 116280297Sjkim if ((*key)[i] != odd_parity[(*key)[i]]) 117280297Sjkim return (0); 118280297Sjkim } 119280297Sjkim return (1); 120280297Sjkim} 12155714Skris 122280297Sjkim/*- 123325335Sjkim * Weak and semi weak keys as taken from 12455714Skris * %A D.W. Davies 12555714Skris * %A W.L. Price 12655714Skris * %T Security for Computer Networks 12755714Skris * %I John Wiley & Sons 12855714Skris * %D 1984 12955714Skris * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference 13055714Skris * (and actual cblock values). 13155714Skris */ 132280297Sjkim#define NUM_WEAK_KEY 16 133280297Sjkimstatic const DES_cblock weak_keys[NUM_WEAK_KEY] = { 134280297Sjkim /* weak keys */ 135280297Sjkim {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01}, 136280297Sjkim {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE}, 137280297Sjkim {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E}, 138280297Sjkim {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1}, 139280297Sjkim /* semi-weak keys */ 140280297Sjkim {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE}, 141280297Sjkim {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01}, 142280297Sjkim {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1}, 143280297Sjkim {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E}, 144280297Sjkim {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1}, 145280297Sjkim {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01}, 146280297Sjkim {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE}, 147280297Sjkim {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E}, 148280297Sjkim {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E}, 149280297Sjkim {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01}, 150280297Sjkim {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE}, 151280297Sjkim {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1} 152280297Sjkim}; 15355714Skris 154109998Smarkmint DES_is_weak_key(const_DES_cblock *key) 155280297Sjkim{ 156280297Sjkim int i; 15755714Skris 158280297Sjkim for (i = 0; i < NUM_WEAK_KEY; i++) 159280297Sjkim /* 160280297Sjkim * Added == 0 to comparison, I obviously don't run this section very 161280297Sjkim * often :-(, thanks to engineering@MorningStar.Com for the fix eay 162280297Sjkim * 93/06/29 Another problem, I was comparing only the first 4 bytes, 163280297Sjkim * 97/03/18 164280297Sjkim */ 165280297Sjkim if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0) 166280297Sjkim return (1); 167280297Sjkim return (0); 168280297Sjkim} 16955714Skris 170280297Sjkim/*- 171280297Sjkim * NOW DEFINED IN des_local.h 172280297Sjkim * See ecb_encrypt.c for a pseudo description of these macros. 17355714Skris * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ 174280297Sjkim * (b)^=(t),\ 175280297Sjkim * (a)=((a)^((t)<<(n)))) 17655714Skris */ 17755714Skris 17855714Skris#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ 179280297Sjkim (a)=(a)^(t)^(t>>(16-(n)))) 18055714Skris 181280297Sjkimstatic const DES_LONG des_skb[8][64] = { 182280297Sjkim { 183280297Sjkim /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ 184280297Sjkim 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, 185280297Sjkim 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L, 186280297Sjkim 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L, 187280297Sjkim 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L, 188280297Sjkim 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L, 189280297Sjkim 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, 190280297Sjkim 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L, 191280297Sjkim 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L, 192280297Sjkim 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L, 193280297Sjkim 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L, 194280297Sjkim 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, 195280297Sjkim 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L, 196280297Sjkim 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L, 197280297Sjkim 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L, 198280297Sjkim 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L, 199280297Sjkim 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, 200280297Sjkim }, 201280297Sjkim { 202280297Sjkim /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ 203280297Sjkim 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, 204280297Sjkim 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L, 205280297Sjkim 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L, 206280297Sjkim 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L, 207280297Sjkim 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L, 208280297Sjkim 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, 209280297Sjkim 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L, 210280297Sjkim 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L, 211280297Sjkim 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L, 212280297Sjkim 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L, 213280297Sjkim 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, 214280297Sjkim 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L, 215280297Sjkim 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L, 216280297Sjkim 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L, 217280297Sjkim 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L, 218280297Sjkim 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, 219280297Sjkim }, 220280297Sjkim { 221280297Sjkim /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ 222280297Sjkim 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, 223280297Sjkim 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L, 224280297Sjkim 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L, 225280297Sjkim 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L, 226280297Sjkim 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L, 227280297Sjkim 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, 228280297Sjkim 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L, 229280297Sjkim 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L, 230280297Sjkim 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L, 231280297Sjkim 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L, 232280297Sjkim 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, 233280297Sjkim 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L, 234280297Sjkim 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L, 235280297Sjkim 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L, 236280297Sjkim 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L, 237280297Sjkim 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, 238280297Sjkim }, 239280297Sjkim { 240280297Sjkim /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ 241280297Sjkim 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, 242280297Sjkim 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L, 243280297Sjkim 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L, 244280297Sjkim 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L, 245280297Sjkim 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L, 246280297Sjkim 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, 247280297Sjkim 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L, 248280297Sjkim 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L, 249280297Sjkim 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L, 250280297Sjkim 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L, 251280297Sjkim 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, 252280297Sjkim 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L, 253280297Sjkim 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L, 254280297Sjkim 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L, 255280297Sjkim 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L, 256280297Sjkim 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, 257280297Sjkim }, 258280297Sjkim { 259280297Sjkim /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ 260280297Sjkim 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, 261280297Sjkim 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L, 262280297Sjkim 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L, 263280297Sjkim 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L, 264280297Sjkim 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L, 265280297Sjkim 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, 266280297Sjkim 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L, 267280297Sjkim 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L, 268280297Sjkim 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L, 269280297Sjkim 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L, 270280297Sjkim 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, 271280297Sjkim 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L, 272280297Sjkim 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L, 273280297Sjkim 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L, 274280297Sjkim 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L, 275280297Sjkim 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, 276280297Sjkim }, 277280297Sjkim { 278280297Sjkim /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ 279280297Sjkim 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, 280280297Sjkim 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L, 281280297Sjkim 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L, 282280297Sjkim 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L, 283280297Sjkim 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L, 284280297Sjkim 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, 285280297Sjkim 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L, 286280297Sjkim 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L, 287280297Sjkim 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L, 288280297Sjkim 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L, 289280297Sjkim 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, 290280297Sjkim 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L, 291280297Sjkim 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L, 292280297Sjkim 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L, 293280297Sjkim 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L, 294280297Sjkim 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, 295280297Sjkim }, 296280297Sjkim { 297280297Sjkim /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ 298280297Sjkim 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, 299280297Sjkim 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L, 300280297Sjkim 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L, 301280297Sjkim 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L, 302280297Sjkim 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L, 303280297Sjkim 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, 304280297Sjkim 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L, 305280297Sjkim 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L, 306280297Sjkim 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L, 307280297Sjkim 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L, 308280297Sjkim 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, 309280297Sjkim 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L, 310280297Sjkim 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L, 311280297Sjkim 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L, 312280297Sjkim 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L, 313280297Sjkim 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, 314280297Sjkim }, 315280297Sjkim { 316280297Sjkim /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ 317280297Sjkim 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, 318280297Sjkim 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L, 319280297Sjkim 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L, 320280297Sjkim 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L, 321280297Sjkim 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L, 322280297Sjkim 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, 323280297Sjkim 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L, 324280297Sjkim 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L, 325280297Sjkim 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L, 326280297Sjkim 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L, 327280297Sjkim 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, 328280297Sjkim 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L, 329280297Sjkim 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L, 330280297Sjkim 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L, 331280297Sjkim 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L, 332280297Sjkim 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, 333280297Sjkim } 334280297Sjkim}; 33559191Skris 336109998Smarkmint DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) 337280297Sjkim{ 338280297Sjkim if (DES_check_key) { 339280297Sjkim return DES_set_key_checked(key, schedule); 340280297Sjkim } else { 341280297Sjkim DES_set_key_unchecked(key, schedule); 342280297Sjkim return 0; 343280297Sjkim } 344280297Sjkim} 34559191Skris 346280297Sjkim/*- 347280297Sjkim * return 0 if key parity is odd (correct), 34855714Skris * return -1 if key parity error, 34955714Skris * return -2 if illegal weak key. 35055714Skris */ 351109998Smarkmint DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) 352280297Sjkim{ 353280297Sjkim if (!DES_check_key_parity(key)) 354280297Sjkim return (-1); 355280297Sjkim if (DES_is_weak_key(key)) 356280297Sjkim return (-2); 357280297Sjkim DES_set_key_unchecked(key, schedule); 358280297Sjkim return 0; 359280297Sjkim} 36059191Skris 361109998Smarkmvoid DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) 362238405Sjkim#ifdef OPENSSL_FIPS 363280297Sjkim{ 364280297Sjkim fips_cipher_abort(DES); 365280297Sjkim private_DES_set_key_unchecked(key, schedule); 366280297Sjkim} 367280297Sjkim 368280297Sjkimvoid private_DES_set_key_unchecked(const_DES_cblock *key, 369280297Sjkim DES_key_schedule *schedule) 370238405Sjkim#endif 371280297Sjkim{ 372280297Sjkim static const int shifts2[16] = 373280297Sjkim { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; 374280297Sjkim register DES_LONG c, d, t, s, t2; 375280297Sjkim register const unsigned char *in; 376280297Sjkim register DES_LONG *k; 377280297Sjkim register int i; 37855714Skris 379109998Smarkm#ifdef OPENBSD_DEV_CRYPTO 380331638Sjkim memcpy(schedule->key, key, sizeof(schedule->key)); 381280297Sjkim schedule->session = NULL; 382109998Smarkm#endif 383280297Sjkim k = &schedule->ks->deslong[0]; 384280297Sjkim in = &(*key)[0]; 38555714Skris 386280297Sjkim c2l(in, c); 387280297Sjkim c2l(in, d); 38855714Skris 389280297Sjkim /* 390280297Sjkim * do PC1 in 47 simple operations :-) Thanks to John Fletcher 391280297Sjkim * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-) 392280297Sjkim */ 393280297Sjkim PERM_OP(d, c, t, 4, 0x0f0f0f0fL); 394280297Sjkim HPERM_OP(c, t, -2, 0xcccc0000L); 395280297Sjkim HPERM_OP(d, t, -2, 0xcccc0000L); 396280297Sjkim PERM_OP(d, c, t, 1, 0x55555555L); 397280297Sjkim PERM_OP(c, d, t, 8, 0x00ff00ffL); 398280297Sjkim PERM_OP(d, c, t, 1, 0x55555555L); 399280297Sjkim d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | 400280297Sjkim ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); 401280297Sjkim c &= 0x0fffffffL; 40255714Skris 403280297Sjkim for (i = 0; i < ITERATIONS; i++) { 404280297Sjkim if (shifts2[i]) { 405280297Sjkim c = ((c >> 2L) | (c << 26L)); 406280297Sjkim d = ((d >> 2L) | (d << 26L)); 407280297Sjkim } else { 408280297Sjkim c = ((c >> 1L) | (c << 27L)); 409280297Sjkim d = ((d >> 1L) | (d << 27L)); 410280297Sjkim } 411280297Sjkim c &= 0x0fffffffL; 412280297Sjkim d &= 0x0fffffffL; 413280297Sjkim /* 414280297Sjkim * could be a few less shifts but I am to lazy at this point in time 415280297Sjkim * to investigate 416280297Sjkim */ 417280297Sjkim s = des_skb[0][(c) & 0x3f] | 418280297Sjkim des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | 419280297Sjkim des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | 420280297Sjkim des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | 421280297Sjkim ((c >> 22L) & 0x38)]; 422280297Sjkim t = des_skb[4][(d) & 0x3f] | 423280297Sjkim des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | 424280297Sjkim des_skb[6][(d >> 15L) & 0x3f] | 425280297Sjkim des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; 42655714Skris 427280297Sjkim /* table contained 0213 4657 */ 428280297Sjkim t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; 429280297Sjkim *(k++) = ROTATE(t2, 30) & 0xffffffffL; 43055714Skris 431280297Sjkim t2 = ((s >> 16L) | (t & 0xffff0000L)); 432280297Sjkim *(k++) = ROTATE(t2, 26) & 0xffffffffL; 433280297Sjkim } 434280297Sjkim} 43555714Skris 436109998Smarkmint DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) 437280297Sjkim{ 438280297Sjkim return (DES_set_key(key, schedule)); 439280297Sjkim} 440280297Sjkim 441280297Sjkim/*- 44259191Skris#undef des_fixup_key_parity 44359191Skrisvoid des_fixup_key_parity(des_cblock *key) 444280297Sjkim { 445280297Sjkim des_set_odd_parity(key); 446280297Sjkim } 447109998Smarkm*/ 448