1 /* $OpenBSD: des_key.c,v 1.1 2024/08/31 15:56:09 jsing Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 #include <stdlib.h>
60
61 #include <openssl/crypto.h>
62
63 #include "des_local.h"
64
65 int DES_check_key = 0; /* defaults to false */
66 LCRYPTO_ALIAS(DES_check_key);
67
68 static const unsigned char odd_parity[256] = {
69 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
70 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
71 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
72 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
73 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
74 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
75 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, 110,
76 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, 127,
77 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, 143,
78 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, 158,
79 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, 174,
80 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, 191,
81 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, 206,
82 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, 223,
83 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, 239,
84 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, 254,
85 };
86
87 void
DES_set_odd_parity(DES_cblock * key)88 DES_set_odd_parity(DES_cblock *key)
89 {
90 unsigned int i;
91
92 for (i = 0; i < DES_KEY_SZ; i++)
93 (*key)[i] = odd_parity[(*key)[i]];
94 }
95 LCRYPTO_ALIAS(DES_set_odd_parity);
96
97 int
DES_check_key_parity(const_DES_cblock * key)98 DES_check_key_parity(const_DES_cblock *key)
99 {
100 unsigned int i;
101
102 for (i = 0; i < DES_KEY_SZ; i++) {
103 if ((*key)[i] != odd_parity[(*key)[i]])
104 return (0);
105 }
106 return (1);
107 }
108 LCRYPTO_ALIAS(DES_check_key_parity);
109
110 /* Weak and semi weak keys as taken from
111 * %A D.W. Davies
112 * %A W.L. Price
113 * %T Security for Computer Networks
114 * %I John Wiley & Sons
115 * %D 1984
116 * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
117 * (and actual cblock values).
118 */
119 #define NUM_WEAK_KEY 16
120 static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
121 /* weak keys */
122 {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
123 {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
124 {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
125 {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
126 /* semi-weak keys */
127 {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
128 {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
129 {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
130 {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
131 {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
132 {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
133 {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
134 {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
135 {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
136 {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
137 {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
138 {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1},
139 };
140
141 int
DES_is_weak_key(const_DES_cblock * key)142 DES_is_weak_key(const_DES_cblock *key)
143 {
144 unsigned int i;
145
146 for (i = 0; i < NUM_WEAK_KEY; i++)
147 if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
148 return 1;
149 return 0;
150 }
151 LCRYPTO_ALIAS(DES_is_weak_key);
152
153 /* NOW DEFINED IN des_local.h
154 * See ecb_encrypt.c for a pseudo description of these macros.
155 * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
156 * (b)^=(t),\
157 * (a)=((a)^((t)<<(n))))
158 */
159
160 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)), \
161 (a)=(a)^(t)^(t>>(16-(n))))
162
163 static const DES_LONG des_skb[8][64] = {
164 {
165 /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
166 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
167 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
168 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
169 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
170 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
171 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
172 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
173 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
174 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
175 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
176 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
177 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
178 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
179 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
180 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
181 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
182 }, {
183 /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
184 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
185 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
186 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
187 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
188 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
189 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
190 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
191 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
192 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
193 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
194 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
195 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
196 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
197 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
198 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
199 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
200 }, {
201 /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
202 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
203 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
204 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
205 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
206 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
207 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
208 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
209 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
210 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
211 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
212 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
213 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
214 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
215 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
216 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
217 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
218 }, {
219 /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
220 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
221 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
222 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
223 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
224 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
225 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
226 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
227 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
228 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
229 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
230 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
231 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
232 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
233 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
234 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
235 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
236 }, {
237 /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
238 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
239 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
240 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
241 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
242 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
243 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
244 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
245 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
246 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
247 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
248 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
249 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
250 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
251 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
252 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
253 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
254 }, {
255 /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
256 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
257 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
258 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
259 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
260 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
261 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
262 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
263 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
264 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
265 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
266 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
267 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
268 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
269 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
270 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
271 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
272 }, {
273 /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
274 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
275 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
276 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
277 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
278 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
279 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
280 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
281 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
282 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
283 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
284 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
285 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
286 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
287 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
288 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
289 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
290 }, {
291 /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
292 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
293 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
294 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
295 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
296 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
297 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
298 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
299 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
300 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
301 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
302 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
303 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
304 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
305 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
306 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
307 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
308 },
309 };
310
311 int
DES_set_key(const_DES_cblock * key,DES_key_schedule * schedule)312 DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
313 {
314 if (DES_check_key) {
315 return DES_set_key_checked(key, schedule);
316 } else {
317 DES_set_key_unchecked(key, schedule);
318 return 0;
319 }
320 }
321 LCRYPTO_ALIAS(DES_set_key);
322
323 /* return 0 if key parity is odd (correct),
324 * return -1 if key parity error,
325 * return -2 if illegal weak key.
326 */
327 int
DES_set_key_checked(const_DES_cblock * key,DES_key_schedule * schedule)328 DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
329 {
330 if (!DES_check_key_parity(key))
331 return (-1);
332 if (DES_is_weak_key(key))
333 return (-2);
334 DES_set_key_unchecked(key, schedule);
335 return 0;
336 }
337 LCRYPTO_ALIAS(DES_set_key_checked);
338
339 void
DES_set_key_unchecked(const_DES_cblock * key,DES_key_schedule * schedule)340 DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
341 {
342 static const int shifts2[16] = {0, 0,1, 1,1, 1,1, 1,0, 1,1, 1,1, 1,1, 0};
343 DES_LONG c, d, t, s, t2;
344 const unsigned char *in;
345 DES_LONG *k;
346 int i;
347
348 k = &schedule->ks->deslong[0];
349 in = &(*key)[0];
350
351 c2l(in, c);
352 c2l(in, d);
353
354 /* do PC1 in 47 simple operations :-)
355 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
356 * for the inspiration. :-) */
357 PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
358 HPERM_OP(c, t, -2, 0xcccc0000L);
359 HPERM_OP(d, t, -2, 0xcccc0000L);
360 PERM_OP(d, c, t, 1, 0x55555555L);
361 PERM_OP(c, d, t, 8, 0x00ff00ffL);
362 PERM_OP(d, c, t, 1, 0x55555555L);
363 d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
364 ((d & 0x00ff0000L) >> 16L)|((c & 0xf0000000L) >> 4L));
365 c &= 0x0fffffffL;
366
367 for (i = 0; i < ITERATIONS; i++) {
368 if (shifts2[i]) {
369 c = ((c >> 2L)|(c << 26L));
370 d = ((d >> 2L)|(d << 26L));
371 } else {
372 c = ((c >> 1L)|(c << 27L));
373 d = ((d >> 1L)|(d << 27L));
374 }
375 c &= 0x0fffffffL;
376 d &= 0x0fffffffL;
377 /* could be a few less shifts but I am to lazy at this
378 * point in time to investigate */
379 s = des_skb[0][(c)&0x3f]|
380 des_skb[1][((c >> 6L) & 0x03)|((c >> 7L) & 0x3c)]|
381 des_skb[2][((c >> 13L) & 0x0f)|((c >> 14L) & 0x30)]|
382 des_skb[3][((c >> 20L) & 0x01)|((c >> 21L) & 0x06) |
383 ((c >> 22L) & 0x38)];
384 t = des_skb[4][(d)&0x3f]|
385 des_skb[5][((d >> 7L) & 0x03)|((d >> 8L) & 0x3c)]|
386 des_skb[6][(d >> 15L) & 0x3f]|
387 des_skb[7][((d >> 21L) & 0x0f)|((d >> 22L) & 0x30)];
388
389 /* table contained 0213 4657 */
390 t2 = ((t << 16L)|(s & 0x0000ffffL)) & 0xffffffffL;
391 *(k++) = ROTATE(t2, 30) & 0xffffffffL;
392
393 t2 = ((s >> 16L)|(t & 0xffff0000L));
394 *(k++) = ROTATE(t2, 26) & 0xffffffffL;
395 }
396 }
397 LCRYPTO_ALIAS(DES_set_key_unchecked);
398
399 int
DES_key_sched(const_DES_cblock * key,DES_key_schedule * schedule)400 DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
401 {
402 return (DES_set_key(key, schedule));
403 }
404 LCRYPTO_ALIAS(DES_key_sched);
405
406 int
DES_random_key(DES_cblock * ret)407 DES_random_key(DES_cblock *ret)
408 {
409 do {
410 arc4random_buf(ret, sizeof(DES_cblock));
411 DES_set_odd_parity(ret);
412 } while (DES_is_weak_key(ret));
413 return (1);
414 }
415 LCRYPTO_ALIAS(DES_random_key);
416
417 void
DES_string_to_key(const char * str,DES_cblock * key)418 DES_string_to_key(const char *str, DES_cblock *key)
419 {
420 DES_key_schedule ks;
421 int i, length;
422 unsigned char j;
423
424 memset(key, 0, 8);
425 length = strlen(str);
426 #ifdef OLD_STR_TO_KEY
427 for (i = 0; i < length; i++)
428 (*key)[i % 8] ^= (str[i] << 1);
429 #else /* MIT COMPATIBLE */
430 for (i = 0; i < length; i++) {
431 j = str[i];
432 if ((i % 16) < 8)
433 (*key)[i % 8] ^= (j << 1);
434 else {
435 /* Reverse the bit order 05/05/92 eay */
436 j = ((j << 4) & 0xf0)|((j >> 4) & 0x0f);
437 j = ((j << 2) & 0xcc)|((j >> 2) & 0x33);
438 j = ((j << 1) & 0xaa)|((j >> 1) & 0x55);
439 (*key)[7 - (i % 8)] ^= j;
440 }
441 }
442 #endif
443 DES_set_odd_parity(key);
444 #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
445 if (DES_is_weak_key(key))
446 (*key)[7] ^= 0xF0;
447 DES_set_key(key, &ks);
448 #else
449 DES_set_key_unchecked(key, &ks);
450 #endif
451 DES_cbc_cksum((const unsigned char *)str, key, length, &ks, key);
452 explicit_bzero(&ks, sizeof(ks));
453 DES_set_odd_parity(key);
454 }
455 LCRYPTO_ALIAS(DES_string_to_key);
456
457 void
DES_string_to_2keys(const char * str,DES_cblock * key1,DES_cblock * key2)458 DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2)
459 {
460 DES_key_schedule ks;
461 int i, length;
462 unsigned char j;
463
464 memset(key1, 0, 8);
465 memset(key2, 0, 8);
466 length = strlen(str);
467 #ifdef OLD_STR_TO_KEY
468 if (length <= 8) {
469 for (i = 0; i < length; i++) {
470 (*key2)[i] = (*key1)[i] = (str[i] << 1);
471 }
472 } else {
473 for (i = 0; i < length; i++) {
474 if ((i/8) & 1)
475 (*key2)[i % 8] ^= (str[i] << 1);
476 else
477 (*key1)[i % 8] ^= (str[i] << 1);
478 }
479 }
480 #else /* MIT COMPATIBLE */
481 for (i = 0; i < length; i++) {
482 j = str[i];
483 if ((i % 32) < 16) {
484 if ((i % 16) < 8)
485 (*key1)[i % 8] ^= (j << 1);
486 else
487 (*key2)[i % 8] ^= (j << 1);
488 } else {
489 j = ((j << 4) & 0xf0)|((j >> 4) & 0x0f);
490 j = ((j << 2) & 0xcc)|((j >> 2) & 0x33);
491 j = ((j << 1) & 0xaa)|((j >> 1) & 0x55);
492 if ((i % 16) < 8)
493 (*key1)[7 - (i % 8)] ^= j;
494 else
495 (*key2)[7 - (i % 8)] ^= j;
496 }
497 }
498 if (length <= 8)
499 memcpy(key2, key1, 8);
500 #endif
501 DES_set_odd_parity(key1);
502 DES_set_odd_parity(key2);
503 #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
504 if (DES_is_weak_key(key1))
505 (*key1)[7] ^= 0xF0;
506 DES_set_key(key1, &ks);
507 #else
508 DES_set_key_unchecked(key1, &ks);
509 #endif
510 DES_cbc_cksum((const unsigned char *)str, key1, length, &ks, key1);
511 #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY
512 if (DES_is_weak_key(key2))
513 (*key2)[7] ^= 0xF0;
514 DES_set_key(key2, &ks);
515 #else
516 DES_set_key_unchecked(key2, &ks);
517 #endif
518 DES_cbc_cksum((const unsigned char *)str, key2, length, &ks, key2);
519 explicit_bzero(&ks, sizeof(ks));
520 DES_set_odd_parity(key1);
521 DES_set_odd_parity(key2);
522 }
523 LCRYPTO_ALIAS(DES_string_to_2keys);
524