2 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * set_key.c v 1.4 eay 24/9/91
12 * 1.4 Speed up by 400% :-)
13 * 1.3 added register declarations.
14 * 1.2 unrolled make_key_sched a bit more
15 * 1.1 added norm_expand_bits
16 * 1.0 First working version
20 * DES low level APIs are deprecated for public use, but still ok for internal
23 #include "internal/deprecated.h"
25 #include <openssl/crypto.h>
26 #include "des_local.h"
28 static const unsigned char odd_parity[256] = {
29 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
30 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
31 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
32 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
33 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
34 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
35 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
37 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
39 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
41 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
43 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
45 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
47 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
49 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
51 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
53 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
57 void DES_set_odd_parity(DES_cblock *key)
61 for (i = 0; i < DES_KEY_SZ; i++)
62 (*key)[i] = odd_parity[(*key)[i]];
65 int DES_check_key_parity(const_DES_cblock *key)
69 for (i = 0; i < DES_KEY_SZ; i++) {
70 if ((*key)[i] != odd_parity[(*key)[i]])
77 * Weak and semi weak keys as taken from
80 * %T Security for Computer Networks
81 * %I John Wiley & Sons
84 #define NUM_WEAK_KEY 16
85 static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
87 {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
88 {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
89 {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
90 {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
92 {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
93 {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
94 {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
95 {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
96 {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
97 {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
98 {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
99 {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
100 {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
101 {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
102 {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
103 {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
106 int DES_is_weak_key(const_DES_cblock *key)
110 for (i = 0; i < NUM_WEAK_KEY; i++)
111 if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
117 * NOW DEFINED IN des_local.h
118 * See ecb_encrypt.c for a pseudo description of these macros.
119 * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
121 * (a)=((a)^((t)<<(n))))
124 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
125 (a)=(a)^(t)^(t>>(16-(n))))
127 static const DES_LONG des_skb[8][64] = {
129 /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
130 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
131 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
132 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
133 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
134 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
135 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
136 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
137 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
138 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
139 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
140 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
141 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
142 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
143 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
144 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
145 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
148 /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
149 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
150 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
151 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
152 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
153 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
154 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
155 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
156 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
157 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
158 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
159 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
160 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
161 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
162 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
163 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
164 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
167 /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
168 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
169 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
170 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
171 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
172 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
173 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
174 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
175 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
176 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
177 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
178 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
179 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
180 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
181 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
182 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
183 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
186 /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
187 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
188 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
189 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
190 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
191 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
192 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
193 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
194 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
195 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
196 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
197 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
198 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
199 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
200 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
201 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
202 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
205 /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
206 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
207 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
208 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
209 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
210 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
211 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
212 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
213 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
214 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
215 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
216 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
217 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
218 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
219 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
220 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
221 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
224 /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
225 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
226 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
227 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
228 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
229 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
230 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
231 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
232 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
233 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
234 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
235 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
236 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
237 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
238 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
239 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
240 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
243 /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
244 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
245 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
246 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
247 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
248 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
249 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
250 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
251 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
252 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
253 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
254 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
255 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
256 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
257 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
258 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
259 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
262 /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
263 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
264 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
265 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
266 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
267 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
268 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
269 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
270 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
271 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
272 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
273 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
274 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
275 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
276 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
277 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
278 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
282 /* Return values as DES_set_key_checked() but always set the key */
283 int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
287 if (!DES_check_key_parity(key))
289 if (DES_is_weak_key(key))
291 DES_set_key_unchecked(key, schedule);
296 * return 0 if key parity is odd (correct),
297 * return -1 if key parity error,
298 * return -2 if illegal weak key.
300 int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
302 if (!DES_check_key_parity(key))
304 if (DES_is_weak_key(key))
306 DES_set_key_unchecked(key, schedule);
310 void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
312 static const int shifts2[16] =
313 { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
314 register DES_LONG c, d, t, s, t2;
315 register const unsigned char *in;
316 register DES_LONG *k;
319 #ifdef OPENBSD_DEV_CRYPTO
320 memcpy(schedule->key, key, sizeof(schedule->key));
321 schedule->session = NULL;
323 k = &schedule->ks->deslong[0];
330 * do PC1 in 47 simple operations. Thanks to John Fletcher
331 * for the inspiration.
333 PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
334 HPERM_OP(c, t, -2, 0xcccc0000L);
335 HPERM_OP(d, t, -2, 0xcccc0000L);
336 PERM_OP(d, c, t, 1, 0x55555555L);
337 PERM_OP(c, d, t, 8, 0x00ff00ffL);
338 PERM_OP(d, c, t, 1, 0x55555555L);
339 d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
340 ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
343 for (i = 0; i < ITERATIONS; i++) {
345 c = ((c >> 2L) | (c << 26L));
346 d = ((d >> 2L) | (d << 26L));
348 c = ((c >> 1L) | (c << 27L));
349 d = ((d >> 1L) | (d << 27L));
354 * could be a few less shifts but I am to lazy at this point in time
357 s = des_skb[0][(c) & 0x3f] |
358 des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
359 des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
360 des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
361 ((c >> 22L) & 0x38)];
362 t = des_skb[4][(d) & 0x3f] |
363 des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
364 des_skb[6][(d >> 15L) & 0x3f] |
365 des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
367 /* table contained 0213 4657 */
368 t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
369 *(k++) = ROTATE(t2, 30) & 0xffffffffL;
371 t2 = ((s >> 16L) | (t & 0xffff0000L));
372 *(k++) = ROTATE(t2, 26) & 0xffffffffL;
376 int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
378 return DES_set_key(key, schedule);
projects / openssl.git / blob