Line data Source code
1 : /* $OpenBSD: set_key.c,v 1.4 2015/12/10 21:00:51 naddy Exp $ */
2 :
3 : /* lib/des/set_key.c */
4 : /* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
5 : * All rights reserved.
6 : *
7 : * This file is part of an SSL implementation written
8 : * by Eric Young (eay@mincom.oz.au).
9 : * The implementation was written so as to conform with Netscapes SSL
10 : * specification. This library and applications are
11 : * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
12 : * as long as the following conditions are aheared to.
13 : *
14 : * Copyright remains Eric Young's, and as such any Copyright notices in
15 : * the code are not to be removed. If this code is used in a product,
16 : * Eric Young should be given attribution as the author of the parts used.
17 : * This can be in the form of a textual message at program startup or
18 : * in documentation (online or textual) provided with the package.
19 : *
20 : * Redistribution and use in source and binary forms, with or without
21 : * modification, are permitted provided that the following conditions
22 : * are met:
23 : * 1. Redistributions of source code must retain the copyright
24 : * notice, this list of conditions and the following disclaimer.
25 : * 2. Redistributions in binary form must reproduce the above copyright
26 : * notice, this list of conditions and the following disclaimer in the
27 : * documentation and/or other materials provided with the distribution.
28 : * 3. All advertising materials mentioning features or use of this software
29 : * must display the following acknowledgement:
30 : * This product includes software developed by Eric Young (eay@mincom.oz.au)
31 : *
32 : * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
33 : * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
34 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
35 : * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
36 : * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
37 : * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
38 : * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
39 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
40 : * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
41 : * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 : * SUCH DAMAGE.
43 : *
44 : * The licence and distribution terms for any publically available version or
45 : * derivative of this code cannot be changed. i.e. this code cannot simply be
46 : * copied and put under another distribution licence
47 : * [including the GNU Public Licence.]
48 : */
49 :
50 : /* set_key.c v 1.4 eay 24/9/91
51 : * 1.4 Speed up by 400% :-)
52 : * 1.3 added register declarations.
53 : * 1.2 unrolled make_key_sched a bit more
54 : * 1.1 added norm_expand_bits
55 : * 1.0 First working version
56 : */
57 : #include "des_locl.h"
58 : #include "podd.h"
59 : #include "sk.h"
60 :
61 : static int check_parity(des_cblock (*key));
62 :
63 : int des_check_key=0;
64 :
65 : static int
66 0 : check_parity(des_cblock (*key))
67 : {
68 : int i;
69 :
70 0 : for (i = 0; i < DES_KEY_SZ; i++) {
71 0 : if ((*key)[i] != odd_parity[(*key)[i]])
72 0 : return(0);
73 : }
74 0 : return (1);
75 0 : }
76 :
77 : /* Weak and semi week keys as take from
78 : * %A D.W. Davies
79 : * %A W.L. Price
80 : * %T Security for Computer Networks
81 : * %I John Wiley & Sons
82 : * %D 1984
83 : * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
84 : * (and actual cblock values).
85 : */
86 : #define NUM_WEAK_KEY 16
87 : static des_cblock weak_keys[NUM_WEAK_KEY]={
88 : /* weak keys */
89 : {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
90 : {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
91 : {0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F},
92 : {0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0},
93 : /* semi-weak keys */
94 : {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
95 : {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
96 : {0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
97 : {0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
98 : {0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
99 : {0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
100 : {0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
101 : {0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
102 : {0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
103 : {0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
104 : {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
105 : {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
106 :
107 : int
108 0 : des_is_weak_key(des_cblock (*key))
109 : {
110 : int i;
111 :
112 0 : for (i = 0; i < NUM_WEAK_KEY; i++) {
113 : /* Added == 0 to comparision, I obviously don't run
114 : * this section very often :-(, thanks to
115 : * engineering@MorningStar.Com for the fix
116 : * eay 93/06/29 */
117 0 : if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
118 0 : return (1);
119 : }
120 0 : return (0);
121 0 : }
122 :
123 : /* NOW DEFINED IN des_local.h
124 : * See ecb_encrypt.c for a pseudo description of these macros.
125 : * #define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n))^(b)) & (m)),\
126 : * (b)^=(t),\
127 : * (a) = ((a)^((t) << (n))))
128 : */
129 :
130 : #define HPERM_OP(a, t, n, m) ((t) = ((((a) << (16 - (n)))^(a)) & (m)),\
131 : (a) = (a)^(t)^(t >> (16 - (n))))
132 :
133 : static int shifts2[16]={0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0};
134 :
135 : /* return 0 if key parity is odd (correct),
136 : * return -1 if key parity error,
137 : * return -2 if illegal weak key.
138 : */
139 : int
140 0 : des_set_key(des_cblock (*key), des_key_schedule schedule)
141 : {
142 : register u_int32_t c, d, t, s;
143 : register unsigned char *in;
144 : register u_int32_t *k;
145 : register int i;
146 :
147 0 : if (des_check_key) {
148 0 : if (!check_parity(key))
149 0 : return(-1);
150 :
151 0 : if (des_is_weak_key(key))
152 0 : return(-2);
153 : }
154 :
155 0 : k = (u_int32_t *) schedule;
156 0 : in = (unsigned char *) key;
157 :
158 0 : c2l(in, c);
159 0 : c2l(in, d);
160 :
161 : /* do PC1 in 60 simple operations */
162 : /* PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
163 : HPERM_OP(c, t, -2, 0xcccc0000L);
164 : HPERM_OP(c, t, -1, 0xaaaa0000L);
165 : HPERM_OP(c, t, 8, 0x00ff0000L);
166 : HPERM_OP(c, t, -1, 0xaaaa0000L);
167 : HPERM_OP(d, t, -8, 0xff000000L);
168 : HPERM_OP(d, t, 8, 0x00ff0000L);
169 : HPERM_OP(d, t, 2, 0x33330000L);
170 : d = ((d & 0x00aa00aaL) << 7L) | ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
171 : d = (d >> 8) | ((c & 0xf0000000L) >> 4);
172 : c &= 0x0fffffffL; */
173 :
174 : /* I now do it in 47 simple operations :-)
175 : * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
176 : * for the inspiration. :-) */
177 0 : PERM_OP (d, c, t, 4, 0x0f0f0f0fL);
178 0 : HPERM_OP(c, t, -2, 0xcccc0000L);
179 0 : HPERM_OP(d, t, -2, 0xcccc0000L);
180 0 : PERM_OP (d, c, t, 1, 0x55555555L);
181 0 : PERM_OP (c, d, t, 8, 0x00ff00ffL);
182 0 : PERM_OP (d, c, t, 1, 0x55555555L);
183 0 : d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
184 0 : ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
185 0 : c &= 0x0fffffffL;
186 :
187 0 : for (i = 0; i < ITERATIONS; i++) {
188 0 : if (shifts2[i])
189 0 : { c = ((c >> 2L) | (c << 26L)); d = ((d >> 2L) | (d << 26L)); }
190 : else
191 0 : { c = ((c >> 1L) | (c << 27L)); d = ((d >> 1L) | (d << 27L)); }
192 0 : c &= 0x0fffffffL;
193 0 : d &= 0x0fffffffL;
194 : /* could be a few less shifts but I am to lazy at this
195 : * point in time to investigate */
196 0 : s = des_skb[0][ (c ) & 0x3f ]|
197 0 : des_skb[1][((c >> 6) & 0x03) | ((c >> 7L) & 0x3c)]|
198 0 : des_skb[2][((c >> 13) & 0x0f) | ((c >> 14L) & 0x30)]|
199 0 : des_skb[3][((c >> 20) & 0x01) | ((c >> 21L) & 0x06) |
200 0 : ((c >> 22L) & 0x38)];
201 0 : t = des_skb[4][ (d ) & 0x3f ]|
202 0 : des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)]|
203 0 : des_skb[6][ (d >> 15L) & 0x3f ]|
204 0 : des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
205 :
206 : /* table contained 0213 4657 */
207 0 : *(k++) = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
208 0 : s = ((s >> 16L) | (t & 0xffff0000L));
209 :
210 0 : s = (s << 4L) | (s >> 28L);
211 0 : *(k++) = s & 0xffffffffL;
212 : }
213 0 : return (0);
214 0 : }
|
