1 /* $OpenBSD: set_key.c,v 1.20 2017/02/09 03:43:05 dtucker Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 /* set_key.c v 1.4 eay 24/9/91
60 * 1.4 Speed up by 400% :-)
61 * 1.3 added register declarations.
62 * 1.2 unrolled make_key_sched a bit more
63 * 1.1 added norm_expand_bits
64 * 1.0 First working version
65 */
66 #include <openssl/crypto.h>
67 #include "des_locl.h"
68
69 int DES_check_key = 0; /* defaults to false */
70
71 static const unsigned char odd_parity[256]={
72 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
73 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
74 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
75 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
76 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
77 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
78 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
79 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
80 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
81 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
82 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
83 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
84 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
85 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
86 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
87 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
88
DES_set_odd_parity(DES_cblock * key)89 void DES_set_odd_parity(DES_cblock *key)
90 {
91 unsigned int i;
92
93 for (i=0; i<DES_KEY_SZ; i++)
94 (*key)[i]=odd_parity[(*key)[i]];
95 }
96
DES_check_key_parity(const_DES_cblock * key)97 int DES_check_key_parity(const_DES_cblock *key)
98 {
99 unsigned int i;
100
101 for (i=0; i<DES_KEY_SZ; i++)
102 {
103 if ((*key)[i] != odd_parity[(*key)[i]])
104 return(0);
105 }
106 return(1);
107 }
108
109 /* Weak and semi weak keys as taken from
110 * %A D.W. Davies
111 * %A W.L. Price
112 * %T Security for Computer Networks
113 * %I John Wiley & Sons
114 * %D 1984
115 * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
116 * (and actual cblock values).
117 */
118 #define NUM_WEAK_KEY 16
119 static const DES_cblock weak_keys[NUM_WEAK_KEY]={
120 /* weak keys */
121 {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
122 {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
123 {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
124 {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
125 /* semi-weak keys */
126 {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
127 {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
128 {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
129 {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
130 {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
131 {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
132 {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
133 {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
134 {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
135 {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
136 {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
137 {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
138
139 int
DES_is_weak_key(const_DES_cblock * key)140 DES_is_weak_key(const_DES_cblock *key)
141 {
142 unsigned int i;
143
144 for (i = 0; i < NUM_WEAK_KEY; i++)
145 if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
146 return 1;
147 return 0;
148 }
149
150 /* NOW DEFINED IN des_local.h
151 * See ecb_encrypt.c for a pseudo description of these macros.
152 * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
153 * (b)^=(t),\
154 * (a)=((a)^((t)<<(n))))
155 */
156
157 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
158 (a)=(a)^(t)^(t>>(16-(n))))
159
160 static const DES_LONG des_skb[8][64]={
161 {
162 /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
163 0x00000000L,0x00000010L,0x20000000L,0x20000010L,
164 0x00010000L,0x00010010L,0x20010000L,0x20010010L,
165 0x00000800L,0x00000810L,0x20000800L,0x20000810L,
166 0x00010800L,0x00010810L,0x20010800L,0x20010810L,
167 0x00000020L,0x00000030L,0x20000020L,0x20000030L,
168 0x00010020L,0x00010030L,0x20010020L,0x20010030L,
169 0x00000820L,0x00000830L,0x20000820L,0x20000830L,
170 0x00010820L,0x00010830L,0x20010820L,0x20010830L,
171 0x00080000L,0x00080010L,0x20080000L,0x20080010L,
172 0x00090000L,0x00090010L,0x20090000L,0x20090010L,
173 0x00080800L,0x00080810L,0x20080800L,0x20080810L,
174 0x00090800L,0x00090810L,0x20090800L,0x20090810L,
175 0x00080020L,0x00080030L,0x20080020L,0x20080030L,
176 0x00090020L,0x00090030L,0x20090020L,0x20090030L,
177 0x00080820L,0x00080830L,0x20080820L,0x20080830L,
178 0x00090820L,0x00090830L,0x20090820L,0x20090830L,
179 },{
180 /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
181 0x00000000L,0x02000000L,0x00002000L,0x02002000L,
182 0x00200000L,0x02200000L,0x00202000L,0x02202000L,
183 0x00000004L,0x02000004L,0x00002004L,0x02002004L,
184 0x00200004L,0x02200004L,0x00202004L,0x02202004L,
185 0x00000400L,0x02000400L,0x00002400L,0x02002400L,
186 0x00200400L,0x02200400L,0x00202400L,0x02202400L,
187 0x00000404L,0x02000404L,0x00002404L,0x02002404L,
188 0x00200404L,0x02200404L,0x00202404L,0x02202404L,
189 0x10000000L,0x12000000L,0x10002000L,0x12002000L,
190 0x10200000L,0x12200000L,0x10202000L,0x12202000L,
191 0x10000004L,0x12000004L,0x10002004L,0x12002004L,
192 0x10200004L,0x12200004L,0x10202004L,0x12202004L,
193 0x10000400L,0x12000400L,0x10002400L,0x12002400L,
194 0x10200400L,0x12200400L,0x10202400L,0x12202400L,
195 0x10000404L,0x12000404L,0x10002404L,0x12002404L,
196 0x10200404L,0x12200404L,0x10202404L,0x12202404L,
197 },{
198 /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
199 0x00000000L,0x00000001L,0x00040000L,0x00040001L,
200 0x01000000L,0x01000001L,0x01040000L,0x01040001L,
201 0x00000002L,0x00000003L,0x00040002L,0x00040003L,
202 0x01000002L,0x01000003L,0x01040002L,0x01040003L,
203 0x00000200L,0x00000201L,0x00040200L,0x00040201L,
204 0x01000200L,0x01000201L,0x01040200L,0x01040201L,
205 0x00000202L,0x00000203L,0x00040202L,0x00040203L,
206 0x01000202L,0x01000203L,0x01040202L,0x01040203L,
207 0x08000000L,0x08000001L,0x08040000L,0x08040001L,
208 0x09000000L,0x09000001L,0x09040000L,0x09040001L,
209 0x08000002L,0x08000003L,0x08040002L,0x08040003L,
210 0x09000002L,0x09000003L,0x09040002L,0x09040003L,
211 0x08000200L,0x08000201L,0x08040200L,0x08040201L,
212 0x09000200L,0x09000201L,0x09040200L,0x09040201L,
213 0x08000202L,0x08000203L,0x08040202L,0x08040203L,
214 0x09000202L,0x09000203L,0x09040202L,0x09040203L,
215 },{
216 /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
217 0x00000000L,0x00100000L,0x00000100L,0x00100100L,
218 0x00000008L,0x00100008L,0x00000108L,0x00100108L,
219 0x00001000L,0x00101000L,0x00001100L,0x00101100L,
220 0x00001008L,0x00101008L,0x00001108L,0x00101108L,
221 0x04000000L,0x04100000L,0x04000100L,0x04100100L,
222 0x04000008L,0x04100008L,0x04000108L,0x04100108L,
223 0x04001000L,0x04101000L,0x04001100L,0x04101100L,
224 0x04001008L,0x04101008L,0x04001108L,0x04101108L,
225 0x00020000L,0x00120000L,0x00020100L,0x00120100L,
226 0x00020008L,0x00120008L,0x00020108L,0x00120108L,
227 0x00021000L,0x00121000L,0x00021100L,0x00121100L,
228 0x00021008L,0x00121008L,0x00021108L,0x00121108L,
229 0x04020000L,0x04120000L,0x04020100L,0x04120100L,
230 0x04020008L,0x04120008L,0x04020108L,0x04120108L,
231 0x04021000L,0x04121000L,0x04021100L,0x04121100L,
232 0x04021008L,0x04121008L,0x04021108L,0x04121108L,
233 },{
234 /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
235 0x00000000L,0x10000000L,0x00010000L,0x10010000L,
236 0x00000004L,0x10000004L,0x00010004L,0x10010004L,
237 0x20000000L,0x30000000L,0x20010000L,0x30010000L,
238 0x20000004L,0x30000004L,0x20010004L,0x30010004L,
239 0x00100000L,0x10100000L,0x00110000L,0x10110000L,
240 0x00100004L,0x10100004L,0x00110004L,0x10110004L,
241 0x20100000L,0x30100000L,0x20110000L,0x30110000L,
242 0x20100004L,0x30100004L,0x20110004L,0x30110004L,
243 0x00001000L,0x10001000L,0x00011000L,0x10011000L,
244 0x00001004L,0x10001004L,0x00011004L,0x10011004L,
245 0x20001000L,0x30001000L,0x20011000L,0x30011000L,
246 0x20001004L,0x30001004L,0x20011004L,0x30011004L,
247 0x00101000L,0x10101000L,0x00111000L,0x10111000L,
248 0x00101004L,0x10101004L,0x00111004L,0x10111004L,
249 0x20101000L,0x30101000L,0x20111000L,0x30111000L,
250 0x20101004L,0x30101004L,0x20111004L,0x30111004L,
251 },{
252 /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
253 0x00000000L,0x08000000L,0x00000008L,0x08000008L,
254 0x00000400L,0x08000400L,0x00000408L,0x08000408L,
255 0x00020000L,0x08020000L,0x00020008L,0x08020008L,
256 0x00020400L,0x08020400L,0x00020408L,0x08020408L,
257 0x00000001L,0x08000001L,0x00000009L,0x08000009L,
258 0x00000401L,0x08000401L,0x00000409L,0x08000409L,
259 0x00020001L,0x08020001L,0x00020009L,0x08020009L,
260 0x00020401L,0x08020401L,0x00020409L,0x08020409L,
261 0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
262 0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
263 0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
264 0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
265 0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
266 0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
267 0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
268 0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
269 },{
270 /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
271 0x00000000L,0x00000100L,0x00080000L,0x00080100L,
272 0x01000000L,0x01000100L,0x01080000L,0x01080100L,
273 0x00000010L,0x00000110L,0x00080010L,0x00080110L,
274 0x01000010L,0x01000110L,0x01080010L,0x01080110L,
275 0x00200000L,0x00200100L,0x00280000L,0x00280100L,
276 0x01200000L,0x01200100L,0x01280000L,0x01280100L,
277 0x00200010L,0x00200110L,0x00280010L,0x00280110L,
278 0x01200010L,0x01200110L,0x01280010L,0x01280110L,
279 0x00000200L,0x00000300L,0x00080200L,0x00080300L,
280 0x01000200L,0x01000300L,0x01080200L,0x01080300L,
281 0x00000210L,0x00000310L,0x00080210L,0x00080310L,
282 0x01000210L,0x01000310L,0x01080210L,0x01080310L,
283 0x00200200L,0x00200300L,0x00280200L,0x00280300L,
284 0x01200200L,0x01200300L,0x01280200L,0x01280300L,
285 0x00200210L,0x00200310L,0x00280210L,0x00280310L,
286 0x01200210L,0x01200310L,0x01280210L,0x01280310L,
287 },{
288 /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
289 0x00000000L,0x04000000L,0x00040000L,0x04040000L,
290 0x00000002L,0x04000002L,0x00040002L,0x04040002L,
291 0x00002000L,0x04002000L,0x00042000L,0x04042000L,
292 0x00002002L,0x04002002L,0x00042002L,0x04042002L,
293 0x00000020L,0x04000020L,0x00040020L,0x04040020L,
294 0x00000022L,0x04000022L,0x00040022L,0x04040022L,
295 0x00002020L,0x04002020L,0x00042020L,0x04042020L,
296 0x00002022L,0x04002022L,0x00042022L,0x04042022L,
297 0x00000800L,0x04000800L,0x00040800L,0x04040800L,
298 0x00000802L,0x04000802L,0x00040802L,0x04040802L,
299 0x00002800L,0x04002800L,0x00042800L,0x04042800L,
300 0x00002802L,0x04002802L,0x00042802L,0x04042802L,
301 0x00000820L,0x04000820L,0x00040820L,0x04040820L,
302 0x00000822L,0x04000822L,0x00040822L,0x04040822L,
303 0x00002820L,0x04002820L,0x00042820L,0x04042820L,
304 0x00002822L,0x04002822L,0x00042822L,0x04042822L,
305 }};
306
DES_set_key(const_DES_cblock * key,DES_key_schedule * schedule)307 int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
308 {
309 if (DES_check_key)
310 {
311 return DES_set_key_checked(key, schedule);
312 }
313 else
314 {
315 DES_set_key_unchecked(key, schedule);
316 return 0;
317 }
318 }
319
320 /* return 0 if key parity is odd (correct),
321 * return -1 if key parity error,
322 * return -2 if illegal weak key.
323 */
DES_set_key_checked(const_DES_cblock * key,DES_key_schedule * schedule)324 int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
325 {
326 if (!DES_check_key_parity(key))
327 return(-1);
328 if (DES_is_weak_key(key))
329 return(-2);
330 DES_set_key_unchecked(key, schedule);
331 return 0;
332 }
333
DES_set_key_unchecked(const_DES_cblock * key,DES_key_schedule * schedule)334 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
335 {
336 static const int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
337 DES_LONG c,d,t,s,t2;
338 const unsigned char *in;
339 DES_LONG *k;
340 int i;
341
342 k = &schedule->ks->deslong[0];
343 in = &(*key)[0];
344
345 c2l(in,c);
346 c2l(in,d);
347
348 /* do PC1 in 47 simple operations :-)
349 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
350 * for the inspiration. :-) */
351 PERM_OP (d,c,t,4,0x0f0f0f0fL);
352 HPERM_OP(c,t,-2,0xcccc0000L);
353 HPERM_OP(d,t,-2,0xcccc0000L);
354 PERM_OP (d,c,t,1,0x55555555L);
355 PERM_OP (c,d,t,8,0x00ff00ffL);
356 PERM_OP (d,c,t,1,0x55555555L);
357 d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) |
358 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
359 c&=0x0fffffffL;
360
361 for (i=0; i<ITERATIONS; i++)
362 {
363 if (shifts2[i])
364 { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
365 else
366 { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
367 c&=0x0fffffffL;
368 d&=0x0fffffffL;
369 /* could be a few less shifts but I am to lazy at this
370 * point in time to investigate */
371 s= des_skb[0][ (c )&0x3f ]|
372 des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
373 des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
374 des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
375 ((c>>22L)&0x38)];
376 t= des_skb[4][ (d )&0x3f ]|
377 des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
378 des_skb[6][ (d>>15L)&0x3f ]|
379 des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
380
381 /* table contained 0213 4657 */
382 t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
383 *(k++)=ROTATE(t2,30)&0xffffffffL;
384
385 t2=((s>>16L)|(t&0xffff0000L));
386 *(k++)=ROTATE(t2,26)&0xffffffffL;
387 }
388 }
389
DES_key_sched(const_DES_cblock * key,DES_key_schedule * schedule)390 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
391 {
392 return(DES_set_key(key,schedule));
393 }
394 /*
395 #undef des_fixup_key_parity
396 void des_fixup_key_parity(des_cblock *key)
397 {
398 des_set_odd_parity(key);
399 }
400 */
401