incubator-nuttx/crypto/set_key.c

298 lines
8.3 KiB
C

/****************************************************************************
* crypto/set_key.c
* $OpenBSD: set_key.c,v 1.5 2021/03/12 10:22:46 jsg Exp $
* lib/des/set_key.c
* Copyright (C) 1995 Eric Young (eay@mincom.oz.au)
* All rights reserved.
*
* This file is part of an SSL implementation written
* by Eric Young (eay@mincom.oz.au).
* The implementation was written so as to conform with Netscapes SSL
* specification. This library and applications are
* FREE FOR COMMERCIAL AND NON-COMMERCIAL USE
* as long as the following conditions are aheared to.
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed. If this code is used in a product,
* Eric Young should be given attribution as the author of the parts used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by
* Eric Young (eay@mincom.oz.au)
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed.
* i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*
* set_key.c v 1.4 eay 24/9/91
* 1.4 Speed up by 400% :-)
* 1.3 added register declarations.
* 1.2 unrolled make_key_sched a bit more
* 1.1 added norm_expand_bits
* 1.0 First working version
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include "des_locl.h"
#include "podd.h"
#include "sk.h"
static int check_parity(FAR des_cblock *key);
int des_check_key;
static int check_parity(FAR des_cblock *key)
{
int i;
for (i = 0; i < DES_KEY_SZ; i++)
{
if (*key[i] != odd_parity[*key[i]])
{
return 0;
}
}
return 1;
}
/* Weak and semi week keys as take from
* %A D.W. Davies
* %A W.L. Price
* %T Security for Computer Networks
* %I John Wiley & Sons
* %D 1984
* Many thanks to smb@ulysses.att.com (Steven Bellovin) for the reference
* (and actual cblock values).
*/
#define NUM_WEAK_KEY 16
static des_cblock weak_keys[NUM_WEAK_KEY] =
{
/* weak keys */
{
0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
},
{
0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe, 0xfe
},
{
0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f, 0x1f
},
{
0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0, 0xe0
},
/* semi-weak keys */
{
0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe
},
{
0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01, 0xfe, 0x01
},
{
0x1f, 0xe0, 0x1f, 0xe0, 0x0e, 0xf1, 0x0e, 0xf1
},
{
0xe0, 0x1f, 0xe0, 0x1f, 0xf1, 0x0e, 0xf1, 0x0e
},
{
0x01, 0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1
},
{
0xe0, 0x01, 0xe0, 0x01, 0xf1, 0x01, 0xf1, 0x01
},
{
0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e, 0xfe
},
{
0xfe, 0x1f, 0xfe, 0x1f, 0xfe, 0x0e, 0xfe, 0x0e
},
{
0x01, 0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e
},
{
0x1f, 0x01, 0x1f, 0x01, 0x0e, 0x01, 0x0e, 0x01
},
{
0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1, 0xfe
},
{
0xfe, 0xe0, 0xfe, 0xe0, 0xfe, 0xf1, 0xfe, 0xf1
}
};
/****************************************************************************
* Public Functions
****************************************************************************/
int des_is_weak_key(FAR des_cblock *key)
{
int i;
for (i = 0; i < NUM_WEAK_KEY; i++)
{
/* Added == 0 to comparison, I obviously don't run
* this section very often :-(, thanks to
* engineering@MorningStar.Com for the fix
* eay 93/06/29
*/
if (bcmp(weak_keys[i], key, sizeof(des_cblock)) == 0)
{
return 1;
}
}
return 0;
}
/* NOW DEFINED IN des_local.h
* See ecb_encrypt.c for a pseudo description of these macros.
* #define PERM_OP(a, b, t, n, m) ((t) = ((((a) >> (n))^(b)) & (m)),\
* (b)^=(t),\
* (a) = ((a)^((t) << (n))))
*/
#define HPERM_OP(a, t, n, m) ((t) = ((((a) << (16 - (n)))^(a)) & (m)),\
(a) = (a)^(t)^(t >> (16 - (n))))
static int shifts2[16] =
{
0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0
};
/* return 0 if key parity is odd (correct),
* return -1 if key parity error,
* return -2 if illegal weak key.
*/
int des_set_key(FAR des_cblock *key, des_key_schedule schedule)
{
register uint32_t c;
register uint32_t d;
register uint32_t t;
register uint32_t s;
FAR register unsigned char *in;
FAR register uint32_t *k;
register int i;
if (des_check_key)
{
if (!check_parity(key))
{
return(-1);
}
if (des_is_weak_key(key))
{
return(-2);
}
}
k = (FAR uint32_t *)schedule;
in = (FAR unsigned char *)key;
c2l(in, c);
c2l(in, d);
/* do PC1 in 60 simple operations */
/* PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
* HPERM_OP(c, t, -2, 0xcccc0000L);
* HPERM_OP(c, t, -1, 0xaaaa0000L);
* HPERM_OP(c, t, 8, 0x00ff0000L);
* HPERM_OP(c, t, -1, 0xaaaa0000L);
* HPERM_OP(d, t, -8, 0xff000000L);
* HPERM_OP(d, t, 8, 0x00ff0000L);
* HPERM_OP(d, t, 2, 0x33330000L);
* d = ((d & 0x00aa00aaL) << 7L) |
* ((d & 0x55005500L) >> 7L) | (d & 0xaa55aa55L);
* d = (d >> 8) | ((c & 0xf0000000L) >> 4);
* c &= 0x0fffffffL;
*/
/* I now do it in 47 simple operations :-)
* Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov)
* for the inspiration. :-)
*/
PERM_OP (d, c, t, 4, 0x0f0f0f0fl);
HPERM_OP(c, t, -2, 0xcccc0000l);
HPERM_OP(d, t, -2, 0xcccc0000l);
PERM_OP (d, c, t, 1, 0x55555555l);
PERM_OP (c, d, t, 8, 0x00ff00ffl);
PERM_OP (d, c, t, 1, 0x55555555l);
d = (((d & 0x000000ffl) << 16l) | (d & 0x0000ff00l) |
((d & 0x00ff0000l) >> 16l) | ((c & 0xf0000000l) >> 4l));
c &= 0x0fffffffl;
for (i = 0; i < ITERATIONS; i++)
{
if (shifts2[i])
{
c = ((c >> 2l) | (c << 26l)); d = ((d >> 2l) | (d << 26l));
}
else
{
c = ((c >> 1l) | (c << 27l)); d = ((d >> 1l) | (d << 27l));
}
c &= 0x0fffffffl;
d &= 0x0fffffffl;
/* could be a few less shifts but I am to lazy at this
* point in time to investigate
*/
s = des_skb[0][(c) & 0x3f] |
des_skb[1][((c >> 6) & 0x03) | ((c >> 7l) & 0x3c)] |
des_skb[2][((c >> 13) & 0x0f) | ((c >> 14l) & 0x30)] |
des_skb[3][((c >> 20) & 0x01) | ((c >> 21l) & 0x06) |
((c >> 22l) & 0x38)];
t = des_skb[4][(d) & 0x3f] |
des_skb[5][((d >> 7l) & 0x03) | ((d >> 8l) & 0x3c)] |
des_skb[6][(d >> 15l) & 0x3f] |
des_skb[7][((d >> 21l) & 0x0f) | ((d >> 22l) & 0x30)];
/* table contained 0213 4657 */
*(k++) = ((t << 16l) | (s & 0x0000ffffl)) & 0xffffffffl;
s = ((s >> 16l) | (t & 0xffff0000l));
s = (s << 4l) | (s >> 28l);
*(k++) = s & 0xffffffffl;
}
return 0;
}