155714Skris/* crypto/des/set_key.c */
255714Skris/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
355714Skris * All rights reserved.
455714Skris *
555714Skris * This package is an SSL implementation written
655714Skris * by Eric Young (eay@cryptsoft.com).
755714Skris * The implementation was written so as to conform with Netscapes SSL.
8280304Sjkim *
955714Skris * This library is free for commercial and non-commercial use as long as
1055714Skris * the following conditions are aheared to.  The following conditions
1155714Skris * apply to all code found in this distribution, be it the RC4, RSA,
1255714Skris * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
1355714Skris * included with this distribution is covered by the same copyright terms
1455714Skris * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15280304Sjkim *
1655714Skris * Copyright remains Eric Young's, and as such any Copyright notices in
1755714Skris * the code are not to be removed.
1855714Skris * If this package is used in a product, Eric Young should be given attribution
1955714Skris * as the author of the parts of the library used.
2055714Skris * This can be in the form of a textual message at program startup or
2155714Skris * in documentation (online or textual) provided with the package.
22280304Sjkim *
2355714Skris * Redistribution and use in source and binary forms, with or without
2455714Skris * modification, are permitted provided that the following conditions
2555714Skris * are met:
2655714Skris * 1. Redistributions of source code must retain the copyright
2755714Skris *    notice, this list of conditions and the following disclaimer.
2855714Skris * 2. Redistributions in binary form must reproduce the above copyright
2955714Skris *    notice, this list of conditions and the following disclaimer in the
3055714Skris *    documentation and/or other materials provided with the distribution.
3155714Skris * 3. All advertising materials mentioning features or use of this software
3255714Skris *    must display the following acknowledgement:
3355714Skris *    "This product includes cryptographic software written by
3455714Skris *     Eric Young (eay@cryptsoft.com)"
3555714Skris *    The word 'cryptographic' can be left out if the rouines from the library
3655714Skris *    being used are not cryptographic related :-).
37280304Sjkim * 4. If you include any Windows specific code (or a derivative thereof) from
3855714Skris *    the apps directory (application code) you must include an acknowledgement:
3955714Skris *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40280304Sjkim *
4155714Skris * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
4255714Skris * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
4355714Skris * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
4455714Skris * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
4555714Skris * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
4655714Skris * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
4755714Skris * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
4855714Skris * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
4955714Skris * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5055714Skris * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
5155714Skris * SUCH DAMAGE.
52280304Sjkim *
5355714Skris * The licence and distribution terms for any publically available version or
5455714Skris * derivative of this code cannot be changed.  i.e. this code cannot simply be
5555714Skris * copied and put under another distribution licence
5655714Skris * [including the GNU Public Licence.]
5755714Skris */
5855714Skris
59280304Sjkim/*-
60280304Sjkim * set_key.c v 1.4 eay 24/9/91
6155714Skris * 1.4 Speed up by 400% :-)
6255714Skris * 1.3 added register declarations.
6355714Skris * 1.2 unrolled make_key_sched a bit more
6455714Skris * 1.1 added norm_expand_bits
6555714Skris * 1.0 First working version
6655714Skris */
67246772Sjkim#include <openssl/crypto.h>
6855714Skris#include "des_locl.h"
6955714Skris
70280304SjkimOPENSSL_IMPLEMENT_GLOBAL(int, DES_check_key, 0)
71280304Sjkim                                                    /*
72280304Sjkim                                                     * defaults to false
73280304Sjkim                                                     */
74280304Sjkimstatic const unsigned char odd_parity[256] = {
75280304Sjkim    1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
76280304Sjkim    16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
77280304Sjkim    32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
78280304Sjkim    49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
79280304Sjkim    64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
80280304Sjkim    81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
81280304Sjkim    97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
82280304Sjkim    110,
83280304Sjkim    112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
84280304Sjkim    127,
85280304Sjkim    128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
86280304Sjkim    143,
87280304Sjkim    145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
88280304Sjkim    158,
89280304Sjkim    161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
90280304Sjkim    174,
91280304Sjkim    176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
92280304Sjkim    191,
93280304Sjkim    193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
94280304Sjkim    206,
95280304Sjkim    208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
96280304Sjkim    223,
97280304Sjkim    224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
98280304Sjkim    239,
99280304Sjkim    241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
100280304Sjkim    254
101280304Sjkim};
10255714Skris
103109998Smarkmvoid DES_set_odd_parity(DES_cblock *key)
104280304Sjkim{
105280304Sjkim    unsigned int i;
10655714Skris
107280304Sjkim    for (i = 0; i < DES_KEY_SZ; i++)
108280304Sjkim        (*key)[i] = odd_parity[(*key)[i]];
109280304Sjkim}
11055714Skris
111109998Smarkmint DES_check_key_parity(const_DES_cblock *key)
112280304Sjkim{
113280304Sjkim    unsigned int i;
11455714Skris
115280304Sjkim    for (i = 0; i < DES_KEY_SZ; i++) {
116280304Sjkim        if ((*key)[i] != odd_parity[(*key)[i]])
117280304Sjkim            return (0);
118280304Sjkim    }
119280304Sjkim    return (1);
120280304Sjkim}
12155714Skris
122280304Sjkim/*-
123280304Sjkim * Weak and semi week keys as take from
12455714Skris * %A D.W. Davies
12555714Skris * %A W.L. Price
12655714Skris * %T Security for Computer Networks
12755714Skris * %I John Wiley & Sons
12855714Skris * %D 1984
12955714Skris * Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
13055714Skris * (and actual cblock values).
13155714Skris */
132280304Sjkim#define NUM_WEAK_KEY    16
133280304Sjkimstatic const DES_cblock weak_keys[NUM_WEAK_KEY] = {
134280304Sjkim    /* weak keys */
135280304Sjkim    {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
136280304Sjkim    {0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
137280304Sjkim    {0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
138280304Sjkim    {0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1},
139280304Sjkim    /* semi-weak keys */
140280304Sjkim    {0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE},
141280304Sjkim    {0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01},
142280304Sjkim    {0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1},
143280304Sjkim    {0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E},
144280304Sjkim    {0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1},
145280304Sjkim    {0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01},
146280304Sjkim    {0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE},
147280304Sjkim    {0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E},
148280304Sjkim    {0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
149280304Sjkim    {0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
150280304Sjkim    {0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE},
151280304Sjkim    {0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
152280304Sjkim};
15355714Skris
154109998Smarkmint DES_is_weak_key(const_DES_cblock *key)
155280304Sjkim{
156280304Sjkim    int i;
15755714Skris
158280304Sjkim    for (i = 0; i < NUM_WEAK_KEY; i++)
159280304Sjkim        /*
160280304Sjkim         * Added == 0 to comparison, I obviously don't run this section very
161280304Sjkim         * often :-(, thanks to engineering@MorningStar.Com for the fix eay
162280304Sjkim         * 93/06/29 Another problem, I was comparing only the first 4 bytes,
163280304Sjkim         * 97/03/18
164280304Sjkim         */
165280304Sjkim        if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
166280304Sjkim            return (1);
167280304Sjkim    return (0);
168280304Sjkim}
16955714Skris
170280304Sjkim/*-
171280304Sjkim * NOW DEFINED IN des_local.h
172280304Sjkim * See ecb_encrypt.c for a pseudo description of these macros.
17355714Skris * #define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
174280304Sjkim *      (b)^=(t),\
175280304Sjkim *      (a)=((a)^((t)<<(n))))
17655714Skris */
17755714Skris
17855714Skris#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
179280304Sjkim        (a)=(a)^(t)^(t>>(16-(n))))
18055714Skris
181280304Sjkimstatic const DES_LONG des_skb[8][64] = {
182280304Sjkim    {
183280304Sjkim     /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
184280304Sjkim     0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
185280304Sjkim     0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
186280304Sjkim     0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
187280304Sjkim     0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
188280304Sjkim     0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
189280304Sjkim     0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
190280304Sjkim     0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
191280304Sjkim     0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
192280304Sjkim     0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
193280304Sjkim     0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
194280304Sjkim     0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
195280304Sjkim     0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
196280304Sjkim     0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
197280304Sjkim     0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
198280304Sjkim     0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
199280304Sjkim     0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
200280304Sjkim     },
201280304Sjkim    {
202280304Sjkim     /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
203280304Sjkim     0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
204280304Sjkim     0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
205280304Sjkim     0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
206280304Sjkim     0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
207280304Sjkim     0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
208280304Sjkim     0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
209280304Sjkim     0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
210280304Sjkim     0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
211280304Sjkim     0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
212280304Sjkim     0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
213280304Sjkim     0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
214280304Sjkim     0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
215280304Sjkim     0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
216280304Sjkim     0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
217280304Sjkim     0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
218280304Sjkim     0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
219280304Sjkim     },
220280304Sjkim    {
221280304Sjkim     /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
222280304Sjkim     0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
223280304Sjkim     0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
224280304Sjkim     0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
225280304Sjkim     0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
226280304Sjkim     0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
227280304Sjkim     0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
228280304Sjkim     0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
229280304Sjkim     0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
230280304Sjkim     0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
231280304Sjkim     0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
232280304Sjkim     0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
233280304Sjkim     0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
234280304Sjkim     0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
235280304Sjkim     0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
236280304Sjkim     0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
237280304Sjkim     0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
238280304Sjkim     },
239280304Sjkim    {
240280304Sjkim     /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
241280304Sjkim     0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
242280304Sjkim     0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
243280304Sjkim     0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
244280304Sjkim     0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
245280304Sjkim     0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
246280304Sjkim     0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
247280304Sjkim     0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
248280304Sjkim     0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
249280304Sjkim     0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
250280304Sjkim     0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
251280304Sjkim     0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
252280304Sjkim     0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
253280304Sjkim     0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
254280304Sjkim     0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
255280304Sjkim     0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
256280304Sjkim     0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
257280304Sjkim     },
258280304Sjkim    {
259280304Sjkim     /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
260280304Sjkim     0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
261280304Sjkim     0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
262280304Sjkim     0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
263280304Sjkim     0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
264280304Sjkim     0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
265280304Sjkim     0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
266280304Sjkim     0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
267280304Sjkim     0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
268280304Sjkim     0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
269280304Sjkim     0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
270280304Sjkim     0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
271280304Sjkim     0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
272280304Sjkim     0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
273280304Sjkim     0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
274280304Sjkim     0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
275280304Sjkim     0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
276280304Sjkim     },
277280304Sjkim    {
278280304Sjkim     /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
279280304Sjkim     0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
280280304Sjkim     0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
281280304Sjkim     0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
282280304Sjkim     0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
283280304Sjkim     0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
284280304Sjkim     0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
285280304Sjkim     0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
286280304Sjkim     0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
287280304Sjkim     0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
288280304Sjkim     0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
289280304Sjkim     0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
290280304Sjkim     0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
291280304Sjkim     0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
292280304Sjkim     0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
293280304Sjkim     0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
294280304Sjkim     0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
295280304Sjkim     },
296280304Sjkim    {
297280304Sjkim     /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
298280304Sjkim     0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
299280304Sjkim     0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
300280304Sjkim     0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
301280304Sjkim     0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
302280304Sjkim     0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
303280304Sjkim     0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
304280304Sjkim     0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
305280304Sjkim     0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
306280304Sjkim     0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
307280304Sjkim     0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
308280304Sjkim     0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
309280304Sjkim     0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
310280304Sjkim     0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
311280304Sjkim     0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
312280304Sjkim     0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
313280304Sjkim     0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
314280304Sjkim     },
315280304Sjkim    {
316280304Sjkim     /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
317280304Sjkim     0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
318280304Sjkim     0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
319280304Sjkim     0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
320280304Sjkim     0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
321280304Sjkim     0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
322280304Sjkim     0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
323280304Sjkim     0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
324280304Sjkim     0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
325280304Sjkim     0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
326280304Sjkim     0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
327280304Sjkim     0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
328280304Sjkim     0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
329280304Sjkim     0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
330280304Sjkim     0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
331280304Sjkim     0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
332280304Sjkim     0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
333280304Sjkim     }
334280304Sjkim};
33559191Skris
336109998Smarkmint DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule)
337280304Sjkim{
338280304Sjkim    if (DES_check_key) {
339280304Sjkim        return DES_set_key_checked(key, schedule);
340280304Sjkim    } else {
341280304Sjkim        DES_set_key_unchecked(key, schedule);
342280304Sjkim        return 0;
343280304Sjkim    }
344280304Sjkim}
34559191Skris
346280304Sjkim/*-
347280304Sjkim * return 0 if key parity is odd (correct),
34855714Skris * return -1 if key parity error,
34955714Skris * return -2 if illegal weak key.
35055714Skris */
351109998Smarkmint DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule)
352280304Sjkim{
353280304Sjkim    if (!DES_check_key_parity(key))
354280304Sjkim        return (-1);
355280304Sjkim    if (DES_is_weak_key(key))
356280304Sjkim        return (-2);
357280304Sjkim    DES_set_key_unchecked(key, schedule);
358280304Sjkim    return 0;
359280304Sjkim}
36059191Skris
361109998Smarkmvoid DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule)
362238405Sjkim#ifdef OPENSSL_FIPS
363280304Sjkim{
364280304Sjkim    fips_cipher_abort(DES);
365280304Sjkim    private_DES_set_key_unchecked(key, schedule);
366280304Sjkim}
367280304Sjkim
368280304Sjkimvoid private_DES_set_key_unchecked(const_DES_cblock *key,
369280304Sjkim                                   DES_key_schedule *schedule)
370238405Sjkim#endif
371280304Sjkim{
372280304Sjkim    static const int shifts2[16] =
373280304Sjkim        { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
374280304Sjkim    register DES_LONG c, d, t, s, t2;
375280304Sjkim    register const unsigned char *in;
376280304Sjkim    register DES_LONG *k;
377280304Sjkim    register int i;
37855714Skris
379109998Smarkm#ifdef OPENBSD_DEV_CRYPTO
380280304Sjkim    memcpy(schedule->key, key, sizeof schedule->key);
381280304Sjkim    schedule->session = NULL;
382109998Smarkm#endif
383280304Sjkim    k = &schedule->ks->deslong[0];
384280304Sjkim    in = &(*key)[0];
38555714Skris
386280304Sjkim    c2l(in, c);
387280304Sjkim    c2l(in, d);
38855714Skris
389280304Sjkim    /*
390280304Sjkim     * do PC1 in 47 simple operations :-) Thanks to John Fletcher
391280304Sjkim     * (john_fletcher@lccmail.ocf.llnl.gov) for the inspiration. :-)
392280304Sjkim     */
393280304Sjkim    PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
394280304Sjkim    HPERM_OP(c, t, -2, 0xcccc0000L);
395280304Sjkim    HPERM_OP(d, t, -2, 0xcccc0000L);
396280304Sjkim    PERM_OP(d, c, t, 1, 0x55555555L);
397280304Sjkim    PERM_OP(c, d, t, 8, 0x00ff00ffL);
398280304Sjkim    PERM_OP(d, c, t, 1, 0x55555555L);
399280304Sjkim    d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
400280304Sjkim         ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
401280304Sjkim    c &= 0x0fffffffL;
40255714Skris
403280304Sjkim    for (i = 0; i < ITERATIONS; i++) {
404280304Sjkim        if (shifts2[i]) {
405280304Sjkim            c = ((c >> 2L) | (c << 26L));
406280304Sjkim            d = ((d >> 2L) | (d << 26L));
407280304Sjkim        } else {
408280304Sjkim            c = ((c >> 1L) | (c << 27L));
409280304Sjkim            d = ((d >> 1L) | (d << 27L));
410280304Sjkim        }
411280304Sjkim        c &= 0x0fffffffL;
412280304Sjkim        d &= 0x0fffffffL;
413280304Sjkim        /*
414280304Sjkim         * could be a few less shifts but I am to lazy at this point in time
415280304Sjkim         * to investigate
416280304Sjkim         */
417280304Sjkim        s = des_skb[0][(c) & 0x3f] |
418280304Sjkim            des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
419280304Sjkim            des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
420280304Sjkim            des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
421280304Sjkim                       ((c >> 22L) & 0x38)];
422280304Sjkim        t = des_skb[4][(d) & 0x3f] |
423280304Sjkim            des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
424280304Sjkim            des_skb[6][(d >> 15L) & 0x3f] |
425280304Sjkim            des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
42655714Skris
427280304Sjkim        /* table contained 0213 4657 */
428280304Sjkim        t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
429280304Sjkim        *(k++) = ROTATE(t2, 30) & 0xffffffffL;
43055714Skris
431280304Sjkim        t2 = ((s >> 16L) | (t & 0xffff0000L));
432280304Sjkim        *(k++) = ROTATE(t2, 26) & 0xffffffffL;
433280304Sjkim    }
434280304Sjkim}
43555714Skris
436109998Smarkmint DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule)
437280304Sjkim{
438280304Sjkim    return (DES_set_key(key, schedule));
439280304Sjkim}
440280304Sjkim
441280304Sjkim/*-
44259191Skris#undef des_fixup_key_parity
44359191Skrisvoid des_fixup_key_parity(des_cblock *key)
444280304Sjkim        {
445280304Sjkim        des_set_odd_parity(key);
446280304Sjkim        }
447109998Smarkm*/
448