1
/*	$KAME: des_setkey.c,v 1.7 2001/09/10 04:03:58 itojun Exp $	*/
2

3
/* crypto/des/set_key.c */
4

5
/* Copyright (C) 1995-1996 Eric Young ([email protected])
6
 * All rights reserved.
7
 *
8
 * This file is part of an SSL implementation written
9
 * by Eric Young ([email protected]).
10
 * The implementation was written so as to conform with Netscapes SSL
11
 * specification.  This library and applications are
12
 * FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
13
 * as long as the following conditions are aheared to.
14
 *
15
 * Copyright remains Eric Young's, and as such any Copyright notices in
16
 * the code are not to be removed.  If this code is used in a product,
17
 * Eric Young should be given attribution as the author of the parts used.
18
 * This can be in the form of a textual message at program startup or
19
 * in documentation (online or textual) provided with the package.
20
 *
21
 * Redistribution and use in source and binary forms, with or without
22
 * modification, are permitted provided that the following conditions
23
 * are met:
24
 * 1. Redistributions of source code must retain the copyright
25
 *    notice, this list of conditions and the following disclaimer.
26
 * 2. Redistributions in binary form must reproduce the above copyright
27
 *    notice, this list of conditions and the following disclaimer in the
28
 *    documentation and/or other materials provided with the distribution.
29
 * 3. All advertising materials mentioning features or use of this software
30
 *    must display the following acknowledgement:
31
 *    This product includes software developed by Eric Young ([email protected])
32
 *
33
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
34
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
35
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
36
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
37
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
38
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
39
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
40
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
41
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
42
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43
 * SUCH DAMAGE.
44
 *
45
 * The licence and distribution terms for any publically available version or
46
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
47
 * copied and put under another distribution licence
48
 * [including the GNU Public Licence.]
49
 */
50

51
/* set_key.c v 1.4 eay 24/9/91
52
 * 1.4 Speed up by 400% :-)
53
 * 1.3 added register declarations.
54
 * 1.2 unrolled make_key_sched a bit more
55
 * 1.1 added norm_expand_bits
56
 * 1.0 First working version
57
 */
58

59
#include <sys/param.h>
60
#include <sys/systm.h>
61
#include <crypto/des/des_locl.h>
62
#include <crypto/des/podd.h>
63
#include <crypto/des/sk.h>
64

65
int des_check_key=0;
66

67
void des_set_odd_parity(unsigned char *key)
68
{
69
	int i;
70

71
	for (i=0; i<DES_KEY_SZ; i++)
72
		key[i]=odd_parity[key[i]];
73
}
74

75
int des_check_key_parity(const unsigned char *key)
76
{
77
	int i;
78

79
	for (i=0; i<DES_KEY_SZ; i++)
80
		{
81
		if (key[i] != odd_parity[key[i]])
82
			return(0);
83
		}
84
	return(1);
85
}
86

87
/* Weak and semi week keys as take from
88
 * %A D.W. Davies
89
 * %A W.L. Price
90
 * %T Security for Computer Networks
91
 * %I John Wiley & Sons
92
 * %D 1984
93
 * Many thanks to [email protected] (Steven Bellovin) for the reference
94
 * (and actual cblock values).
95
 */
96
#define NUM_WEAK_KEY	16
97
static des_cblock weak_keys[NUM_WEAK_KEY]={
98
	/* weak keys */
99
	{0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01},
100
	{0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE},
101
	{0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E},
102
	{0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1},
103
	/* semi-weak keys */
104
	{0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE},
105
	{0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01},
106
	{0x1F,0xE0,0x1F,0xE0,0x0E,0xF1,0x0E,0xF1},
107
	{0xE0,0x1F,0xE0,0x1F,0xF1,0x0E,0xF1,0x0E},
108
	{0x01,0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1},
109
	{0xE0,0x01,0xE0,0x01,0xF1,0x01,0xF1,0x01},
110
	{0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E,0xFE},
111
	{0xFE,0x1F,0xFE,0x1F,0xFE,0x0E,0xFE,0x0E},
112
	{0x01,0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E},
113
	{0x1F,0x01,0x1F,0x01,0x0E,0x01,0x0E,0x01},
114
	{0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE},
115
	{0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}};
116

117
int des_is_weak_key(const unsigned char *key)
118
{
119
	int i;
120

121
	for (i=0; i<NUM_WEAK_KEY; i++)
122
		/* Added == 0 to comparison, I obviously don't run
123
		 * this section very often :-(, thanks to
124
		 * [email protected] for the fix
125
		 * eay 93/06/29
126
		 * Another problem, I was comparing only the first 4
127
		 * bytes, 97/03/18 */
128
		if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1);
129
	return(0);
130
}
131

132
/* NOW DEFINED IN des_local.h
133
 * See ecb_encrypt.c for a pseudo description of these macros. 
134
 * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
135
 * 	(b)^=(t),\
136
 * 	(a)=((a)^((t)<<(n))))
137
 */
138

139
#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
140
	(a)=(a)^(t)^(t>>(16-(n))))
141

142
int des_set_key(const unsigned char *key, des_key_schedule schedule)
143
{
144
	if (des_check_key)
145
	{
146
		return des_set_key_checked(key, schedule);
147
	}
148
	else
149
	{
150
		des_set_key_unchecked(key, schedule);
151
		return 0;
152
	}
153
}
154

155
/* return 0 if key parity is odd (correct),
156
 * return -1 if key parity error,
157
 * return -2 if illegal weak key.
158
 */
159
int des_set_key_checked(const unsigned char *key, des_key_schedule schedule)
160
{
161
	if (!des_check_key_parity(key))
162
		return(-1);
163
	if (des_is_weak_key(key))
164
		return(-2);
165
	des_set_key_unchecked(key, schedule);
166
	return 0;
167
}
168

169
void des_set_key_unchecked(const unsigned char *key, des_key_schedule schedule)
170
{
171
	static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0};
172
	DES_LONG c,d,t,s,t2;
173
	const unsigned char *in;
174
	DES_LONG *k;
175
	int i;
176

177
	k = &schedule->ks.deslong[0];
178
	in = key;
179

180
	c2l(in,c);
181
	c2l(in,d);
182

183
	/* do PC1 in 47 simple operations :-)
184
	 * Thanks to John Fletcher ([email protected])
185
	 * for the inspiration. :-) */
186
	PERM_OP (d,c,t,4,0x0f0f0f0fL);
187
	HPERM_OP(c,t,-2,0xcccc0000L);
188
	HPERM_OP(d,t,-2,0xcccc0000L);
189
	PERM_OP (d,c,t,1,0x55555555L);
190
	PERM_OP (c,d,t,8,0x00ff00ffL);
191
	PERM_OP (d,c,t,1,0x55555555L);
192
	d=	(((d&0x000000ffL)<<16L)| (d&0x0000ff00L)     |
193
		 ((d&0x00ff0000L)>>16L)|((c&0xf0000000L)>>4L));
194
	c&=0x0fffffffL;
195

196
	for (i=0; i<ITERATIONS; i++)
197
	{
198
		if (shifts2[i])
199
			{ c=((c>>2L)|(c<<26L)); d=((d>>2L)|(d<<26L)); }
200
		else
201
			{ c=((c>>1L)|(c<<27L)); d=((d>>1L)|(d<<27L)); }
202
		c&=0x0fffffffL;
203
		d&=0x0fffffffL;
204
		/* could be a few less shifts but I am to lazy at this
205
	 	* point in time to investigate */
206
		s=	des_skb[0][ (c    )&0x3f                ]|
207
			des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]|
208
			des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]|
209
			des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) |
210
						  	((c>>22L)&0x38)];
211
		t=	des_skb[4][ (d    )&0x3f                ]|
212
			des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]|
213
			des_skb[6][ (d>>15L)&0x3f                ]|
214
			des_skb[7][((d>>21L)&0x0f)|((d>>22L)&0x30)];
215

216
		/* table contained 0213 4657 */
217
		t2=((t<<16L)|(s&0x0000ffffL))&0xffffffffL;
218
		*(k++)=ROTATE(t2,30)&0xffffffffL;
219

220
		t2=((s>>16L)|(t&0xffff0000L));
221
		*(k++)=ROTATE(t2,26)&0xffffffffL;
222
	}
223
}
224

225
int des_key_sched(const unsigned char *key, des_key_schedule schedule)
226
{
227
	return(des_set_key(key,schedule));
228
}
229

230
void des_fixup_key_parity(unsigned char *key)
231
{
232
	des_set_odd_parity(key);
233
}
234

235