1 /* crypto/des/set_key.c */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
59 /* set_key.c v 1.4 eay 24/9/91
60 * 1.4 Speed up by 400% :-)
61 * 1.3 added register declarations.
62 * 1.2 unrolled make_key_sched a bit more
63 * 1.1 added norm_expand_bits
64 * 1.0 First working version
70 OPENSSL_GLOBAL int des_check_key=0;
72 void des_set_odd_parity(des_cblock *key)
76 for (i=0; i<DES_KEY_SZ; i++)
77 (*key)[i]=odd_parity[(*key)[i]];
80 int des_check_key_parity(const_des_cblock *key)
84 for (i=0; i<DES_KEY_SZ; i++)
86 if ((*key)[i] != odd_parity[(*key)[i]])
92 /* Weak and semi week keys as take from
95 * %T Security for Computer Networks
96 * %I John Wiley & Sons
98 * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
99 * (and actual cblock values).
101 #define NUM_WEAK_KEY 16
102 static des_cblock weak_keys[NUM_WEAK_KEY]={
104 {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
105 {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
106 {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
107 {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
109 {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
110 {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
111 {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
112 {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
113 {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
114 {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
115 {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
116 {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
117 {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
118 {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
119 {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
120 {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
122 int des_is_weak_key(const_des_cblock *key)
126 for (i=0; i<NUM_WEAK_KEY; i++)
127 /* Added == 0 to comparison, I obviously don't run
128 * this section very often :-(, thanks to
129 * engineering@MorningStar.Com for the fix
131 * Another problem, I was comparing only the first 4
133 if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1);
137 /* NOW DEFINED IN des_local.h
138 * See ecb_encrypt.c for a pseudo description of these macros.
139 * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
141 * (a)=((a)^((t)<<(n))))
144 #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
145 (a)=(a)^(t)^(t>>(16-(n))))
147 int des_set_key(const_des_cblock *key, des_key_schedule schedule)
151 return des_set_key_checked(key, schedule);
155 des_set_key_unchecked(key, schedule);
160 /* return 0 if key parity is odd (correct),
161 * return -1 if key parity error,
162 * return -2 if illegal weak key.
164 int des_set_key_checked(const_des_cblock *key, des_key_schedule schedule)
166 if (!des_check_key_parity(key))
168 if (des_is_weak_key(key))
170 des_set_key_unchecked(key, schedule);
174 void des_set_key_unchecked(const_des_cblock *key, des_key_schedule schedule)
176 static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
177 register DES_LONG c,d,t,s,t2;
178 register const unsigned char *in;
179 register DES_LONG *k;
182 k = &schedule->ks.deslong[0];
188 /* do PC1 in 60 simple operations */
189 /* PERM_OP(d,c,t,4,0x0f0f0f0fL);
190 HPERM_OP(c,t,-2, 0xcccc0000L);
191 HPERM_OP(c,t,-1, 0xaaaa0000L);
192 HPERM_OP(c,t, 8, 0x00ff0000L);
193 HPERM_OP(c,t,-1, 0xaaaa0000L);
194 HPERM_OP(d,t,-8, 0xff000000L);
195 HPERM_OP(d,t, 8, 0x00ff0000L);
196 HPERM_OP(d,t, 2, 0x33330000L);
197 d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L);
198 d=(d>>8)|((c&0xf0000000L)>>4);
201 /* I now do it in 47 simple operations :-)
202 * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
203 * for the inspiration. :-) */
204 PERM_OP (d,c,t,4,0x0f0f0f0fL);
205 HPERM_OP(c,t,-2,0xcccc0000L);
206 HPERM_OP(d,t,-2,0xcccc0000L);
207 PERM_OP (d,c,t,1,0x55555555L);
208 PERM_OP (c,d,t,8,0x00ff00ffL);
209 PERM_OP (d,c,t,1,0x55555555L);
210 d= (((d&0x000000ffL)<<16L)| (d&0x0000ff00L) |
211 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
214 for (i=0; i<ITERATIONS; i++)
217 { c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
219 { c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
222 /* could be a few less shifts but I am to lazy at this
223 * point in time to investigate */
224 s= des_skb[0][ (c )&0x3f ]|
225 des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
226 des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
227 des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
229 t= des_skb[4][ (d )&0x3f ]|
230 des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
231 des_skb[6][ (d>>15L)&0x3f ]|
232 des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
234 /* table contained 0213 4657 */
235 t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
236 *(k++)=ROTATE(t2,30)&0xffffffffL;
238 t2=((s>>16L)|(t&0xffff0000L));
239 *(k++)=ROTATE(t2,26)&0xffffffffL;
243 int des_key_sched(const_des_cblock *key, des_key_schedule schedule)
245 return(des_set_key(key,schedule));
248 #undef des_fixup_key_parity
249 void des_fixup_key_parity(des_cblock *key)
251 des_set_odd_parity(key);