| 1 | /*
|
|---|
| 2 | * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 3 | *
|
|---|
| 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
|---|
| 6 | * in the file LICENSE in the source distribution or at
|
|---|
| 7 | * https://www.openssl.org/source/license.html
|
|---|
| 8 | */
|
|---|
| 9 |
|
|---|
| 10 | /*
|
|---|
| 11 | * CAST low level APIs are deprecated for public use, but still ok for
|
|---|
| 12 | * internal use.
|
|---|
| 13 | */
|
|---|
| 14 | #include "internal/deprecated.h"
|
|---|
| 15 |
|
|---|
| 16 | #include <openssl/cast.h>
|
|---|
| 17 | #include "cast_local.h"
|
|---|
| 18 | #include "cast_s.h"
|
|---|
| 19 |
|
|---|
| 20 | #define CAST_exp(l,A,a,n) \
|
|---|
| 21 | A[n/4]=l; \
|
|---|
| 22 | a[n+3]=(l )&0xff; \
|
|---|
| 23 | a[n+2]=(l>> 8)&0xff; \
|
|---|
| 24 | a[n+1]=(l>>16)&0xff; \
|
|---|
| 25 | a[n+0]=(l>>24)&0xff;
|
|---|
| 26 |
|
|---|
| 27 | #define S4 CAST_S_table4
|
|---|
| 28 | #define S5 CAST_S_table5
|
|---|
| 29 | #define S6 CAST_S_table6
|
|---|
| 30 | #define S7 CAST_S_table7
|
|---|
| 31 |
|
|---|
| 32 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data)
|
|---|
| 33 | {
|
|---|
| 34 | CAST_LONG x[16];
|
|---|
| 35 | CAST_LONG z[16];
|
|---|
| 36 | CAST_LONG k[32];
|
|---|
| 37 | CAST_LONG X[4], Z[4];
|
|---|
| 38 | CAST_LONG l, *K;
|
|---|
| 39 | int i;
|
|---|
| 40 |
|
|---|
| 41 | for (i = 0; i < 16; i++)
|
|---|
| 42 | x[i] = 0;
|
|---|
| 43 | if (len > 16)
|
|---|
| 44 | len = 16;
|
|---|
| 45 | for (i = 0; i < len; i++)
|
|---|
| 46 | x[i] = data[i];
|
|---|
| 47 | if (len <= 10)
|
|---|
| 48 | key->short_key = 1;
|
|---|
| 49 | else
|
|---|
| 50 | key->short_key = 0;
|
|---|
| 51 |
|
|---|
| 52 | K = &k[0];
|
|---|
| 53 | X[0] = ((x[0] << 24) | (x[1] << 16) | (x[2] << 8) | x[3]) & 0xffffffffL;
|
|---|
| 54 | X[1] = ((x[4] << 24) | (x[5] << 16) | (x[6] << 8) | x[7]) & 0xffffffffL;
|
|---|
| 55 | X[2] = ((x[8] << 24) | (x[9] << 16) | (x[10] << 8) | x[11]) & 0xffffffffL;
|
|---|
| 56 | X[3] =
|
|---|
| 57 | ((x[12] << 24) | (x[13] << 16) | (x[14] << 8) | x[15]) & 0xffffffffL;
|
|---|
| 58 |
|
|---|
| 59 | for (;;) {
|
|---|
| 60 | l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
|
|---|
| 61 | CAST_exp(l, Z, z, 0);
|
|---|
| 62 | l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
|
|---|
| 63 | CAST_exp(l, Z, z, 4);
|
|---|
| 64 | l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
|
|---|
| 65 | CAST_exp(l, Z, z, 8);
|
|---|
| 66 | l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
|
|---|
| 67 | CAST_exp(l, Z, z, 12);
|
|---|
| 68 |
|
|---|
| 69 | K[0] = S4[z[8]] ^ S5[z[9]] ^ S6[z[7]] ^ S7[z[6]] ^ S4[z[2]];
|
|---|
| 70 | K[1] = S4[z[10]] ^ S5[z[11]] ^ S6[z[5]] ^ S7[z[4]] ^ S5[z[6]];
|
|---|
| 71 | K[2] = S4[z[12]] ^ S5[z[13]] ^ S6[z[3]] ^ S7[z[2]] ^ S6[z[9]];
|
|---|
| 72 | K[3] = S4[z[14]] ^ S5[z[15]] ^ S6[z[1]] ^ S7[z[0]] ^ S7[z[12]];
|
|---|
| 73 |
|
|---|
| 74 | l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
|
|---|
| 75 | CAST_exp(l, X, x, 0);
|
|---|
| 76 | l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
|
|---|
| 77 | CAST_exp(l, X, x, 4);
|
|---|
| 78 | l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
|
|---|
| 79 | CAST_exp(l, X, x, 8);
|
|---|
| 80 | l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
|
|---|
| 81 | CAST_exp(l, X, x, 12);
|
|---|
| 82 |
|
|---|
| 83 | K[4] = S4[x[3]] ^ S5[x[2]] ^ S6[x[12]] ^ S7[x[13]] ^ S4[x[8]];
|
|---|
| 84 | K[5] = S4[x[1]] ^ S5[x[0]] ^ S6[x[14]] ^ S7[x[15]] ^ S5[x[13]];
|
|---|
| 85 | K[6] = S4[x[7]] ^ S5[x[6]] ^ S6[x[8]] ^ S7[x[9]] ^ S6[x[3]];
|
|---|
| 86 | K[7] = S4[x[5]] ^ S5[x[4]] ^ S6[x[10]] ^ S7[x[11]] ^ S7[x[7]];
|
|---|
| 87 |
|
|---|
| 88 | l = X[0] ^ S4[x[13]] ^ S5[x[15]] ^ S6[x[12]] ^ S7[x[14]] ^ S6[x[8]];
|
|---|
| 89 | CAST_exp(l, Z, z, 0);
|
|---|
| 90 | l = X[2] ^ S4[z[0]] ^ S5[z[2]] ^ S6[z[1]] ^ S7[z[3]] ^ S7[x[10]];
|
|---|
| 91 | CAST_exp(l, Z, z, 4);
|
|---|
| 92 | l = X[3] ^ S4[z[7]] ^ S5[z[6]] ^ S6[z[5]] ^ S7[z[4]] ^ S4[x[9]];
|
|---|
| 93 | CAST_exp(l, Z, z, 8);
|
|---|
| 94 | l = X[1] ^ S4[z[10]] ^ S5[z[9]] ^ S6[z[11]] ^ S7[z[8]] ^ S5[x[11]];
|
|---|
| 95 | CAST_exp(l, Z, z, 12);
|
|---|
| 96 |
|
|---|
| 97 | K[8] = S4[z[3]] ^ S5[z[2]] ^ S6[z[12]] ^ S7[z[13]] ^ S4[z[9]];
|
|---|
| 98 | K[9] = S4[z[1]] ^ S5[z[0]] ^ S6[z[14]] ^ S7[z[15]] ^ S5[z[12]];
|
|---|
| 99 | K[10] = S4[z[7]] ^ S5[z[6]] ^ S6[z[8]] ^ S7[z[9]] ^ S6[z[2]];
|
|---|
| 100 | K[11] = S4[z[5]] ^ S5[z[4]] ^ S6[z[10]] ^ S7[z[11]] ^ S7[z[6]];
|
|---|
| 101 |
|
|---|
| 102 | l = Z[2] ^ S4[z[5]] ^ S5[z[7]] ^ S6[z[4]] ^ S7[z[6]] ^ S6[z[0]];
|
|---|
| 103 | CAST_exp(l, X, x, 0);
|
|---|
| 104 | l = Z[0] ^ S4[x[0]] ^ S5[x[2]] ^ S6[x[1]] ^ S7[x[3]] ^ S7[z[2]];
|
|---|
| 105 | CAST_exp(l, X, x, 4);
|
|---|
| 106 | l = Z[1] ^ S4[x[7]] ^ S5[x[6]] ^ S6[x[5]] ^ S7[x[4]] ^ S4[z[1]];
|
|---|
| 107 | CAST_exp(l, X, x, 8);
|
|---|
| 108 | l = Z[3] ^ S4[x[10]] ^ S5[x[9]] ^ S6[x[11]] ^ S7[x[8]] ^ S5[z[3]];
|
|---|
| 109 | CAST_exp(l, X, x, 12);
|
|---|
| 110 |
|
|---|
| 111 | K[12] = S4[x[8]] ^ S5[x[9]] ^ S6[x[7]] ^ S7[x[6]] ^ S4[x[3]];
|
|---|
| 112 | K[13] = S4[x[10]] ^ S5[x[11]] ^ S6[x[5]] ^ S7[x[4]] ^ S5[x[7]];
|
|---|
| 113 | K[14] = S4[x[12]] ^ S5[x[13]] ^ S6[x[3]] ^ S7[x[2]] ^ S6[x[8]];
|
|---|
| 114 | K[15] = S4[x[14]] ^ S5[x[15]] ^ S6[x[1]] ^ S7[x[0]] ^ S7[x[13]];
|
|---|
| 115 | if (K != k)
|
|---|
| 116 | break;
|
|---|
| 117 | K += 16;
|
|---|
| 118 | }
|
|---|
| 119 |
|
|---|
| 120 | for (i = 0; i < 16; i++) {
|
|---|
| 121 | key->data[i * 2] = k[i];
|
|---|
| 122 | key->data[i * 2 + 1] = ((k[i + 16]) + 16) & 0x1f;
|
|---|
| 123 | }
|
|---|
| 124 | }
|
|---|
