]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/cast/c_skey.c
c21ecdf89cfe5aa60b7d1f201025e8de7521c6b7
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include <openssl/cast.h>
11 #include "cast_local.h"
14 #define CAST_exp(l,A,a,n) \
17 a[n+2]=(l>> 8)&0xff; \
18 a[n+1]=(l>>16)&0xff; \
21 #define S4 CAST_S_table4
22 #define S5 CAST_S_table5
23 #define S6 CAST_S_table6
24 #define S7 CAST_S_table7
26 void CAST_set_key(CAST_KEY
*key
, int len
, const unsigned char *data
)
35 for (i
= 0; i
< 16; i
++)
39 for (i
= 0; i
< len
; i
++)
47 X
[0] = ((x
[0] << 24) | (x
[1] << 16) | (x
[2] << 8) | x
[3]) & 0xffffffffL
;
48 X
[1] = ((x
[4] << 24) | (x
[5] << 16) | (x
[6] << 8) | x
[7]) & 0xffffffffL
;
49 X
[2] = ((x
[8] << 24) | (x
[9] << 16) | (x
[10] << 8) | x
[11]) & 0xffffffffL
;
51 ((x
[12] << 24) | (x
[13] << 16) | (x
[14] << 8) | x
[15]) & 0xffffffffL
;
54 l
= X
[0] ^ S4
[x
[13]] ^ S5
[x
[15]] ^ S6
[x
[12]] ^ S7
[x
[14]] ^ S6
[x
[8]];
56 l
= X
[2] ^ S4
[z
[0]] ^ S5
[z
[2]] ^ S6
[z
[1]] ^ S7
[z
[3]] ^ S7
[x
[10]];
58 l
= X
[3] ^ S4
[z
[7]] ^ S5
[z
[6]] ^ S6
[z
[5]] ^ S7
[z
[4]] ^ S4
[x
[9]];
60 l
= X
[1] ^ S4
[z
[10]] ^ S5
[z
[9]] ^ S6
[z
[11]] ^ S7
[z
[8]] ^ S5
[x
[11]];
61 CAST_exp(l
, Z
, z
, 12);
63 K
[0] = S4
[z
[8]] ^ S5
[z
[9]] ^ S6
[z
[7]] ^ S7
[z
[6]] ^ S4
[z
[2]];
64 K
[1] = S4
[z
[10]] ^ S5
[z
[11]] ^ S6
[z
[5]] ^ S7
[z
[4]] ^ S5
[z
[6]];
65 K
[2] = S4
[z
[12]] ^ S5
[z
[13]] ^ S6
[z
[3]] ^ S7
[z
[2]] ^ S6
[z
[9]];
66 K
[3] = S4
[z
[14]] ^ S5
[z
[15]] ^ S6
[z
[1]] ^ S7
[z
[0]] ^ S7
[z
[12]];
68 l
= Z
[2] ^ S4
[z
[5]] ^ S5
[z
[7]] ^ S6
[z
[4]] ^ S7
[z
[6]] ^ S6
[z
[0]];
70 l
= Z
[0] ^ S4
[x
[0]] ^ S5
[x
[2]] ^ S6
[x
[1]] ^ S7
[x
[3]] ^ S7
[z
[2]];
72 l
= Z
[1] ^ S4
[x
[7]] ^ S5
[x
[6]] ^ S6
[x
[5]] ^ S7
[x
[4]] ^ S4
[z
[1]];
74 l
= Z
[3] ^ S4
[x
[10]] ^ S5
[x
[9]] ^ S6
[x
[11]] ^ S7
[x
[8]] ^ S5
[z
[3]];
75 CAST_exp(l
, X
, x
, 12);
77 K
[4] = S4
[x
[3]] ^ S5
[x
[2]] ^ S6
[x
[12]] ^ S7
[x
[13]] ^ S4
[x
[8]];
78 K
[5] = S4
[x
[1]] ^ S5
[x
[0]] ^ S6
[x
[14]] ^ S7
[x
[15]] ^ S5
[x
[13]];
79 K
[6] = S4
[x
[7]] ^ S5
[x
[6]] ^ S6
[x
[8]] ^ S7
[x
[9]] ^ S6
[x
[3]];
80 K
[7] = S4
[x
[5]] ^ S5
[x
[4]] ^ S6
[x
[10]] ^ S7
[x
[11]] ^ S7
[x
[7]];
82 l
= X
[0] ^ S4
[x
[13]] ^ S5
[x
[15]] ^ S6
[x
[12]] ^ S7
[x
[14]] ^ S6
[x
[8]];
84 l
= X
[2] ^ S4
[z
[0]] ^ S5
[z
[2]] ^ S6
[z
[1]] ^ S7
[z
[3]] ^ S7
[x
[10]];
86 l
= X
[3] ^ S4
[z
[7]] ^ S5
[z
[6]] ^ S6
[z
[5]] ^ S7
[z
[4]] ^ S4
[x
[9]];
88 l
= X
[1] ^ S4
[z
[10]] ^ S5
[z
[9]] ^ S6
[z
[11]] ^ S7
[z
[8]] ^ S5
[x
[11]];
89 CAST_exp(l
, Z
, z
, 12);
91 K
[8] = S4
[z
[3]] ^ S5
[z
[2]] ^ S6
[z
[12]] ^ S7
[z
[13]] ^ S4
[z
[9]];
92 K
[9] = S4
[z
[1]] ^ S5
[z
[0]] ^ S6
[z
[14]] ^ S7
[z
[15]] ^ S5
[z
[12]];
93 K
[10] = S4
[z
[7]] ^ S5
[z
[6]] ^ S6
[z
[8]] ^ S7
[z
[9]] ^ S6
[z
[2]];
94 K
[11] = S4
[z
[5]] ^ S5
[z
[4]] ^ S6
[z
[10]] ^ S7
[z
[11]] ^ S7
[z
[6]];
96 l
= Z
[2] ^ S4
[z
[5]] ^ S5
[z
[7]] ^ S6
[z
[4]] ^ S7
[z
[6]] ^ S6
[z
[0]];
98 l
= Z
[0] ^ S4
[x
[0]] ^ S5
[x
[2]] ^ S6
[x
[1]] ^ S7
[x
[3]] ^ S7
[z
[2]];
100 l
= Z
[1] ^ S4
[x
[7]] ^ S5
[x
[6]] ^ S6
[x
[5]] ^ S7
[x
[4]] ^ S4
[z
[1]];
101 CAST_exp(l
, X
, x
, 8);
102 l
= Z
[3] ^ S4
[x
[10]] ^ S5
[x
[9]] ^ S6
[x
[11]] ^ S7
[x
[8]] ^ S5
[z
[3]];
103 CAST_exp(l
, X
, x
, 12);
105 K
[12] = S4
[x
[8]] ^ S5
[x
[9]] ^ S6
[x
[7]] ^ S7
[x
[6]] ^ S4
[x
[3]];
106 K
[13] = S4
[x
[10]] ^ S5
[x
[11]] ^ S6
[x
[5]] ^ S7
[x
[4]] ^ S5
[x
[7]];
107 K
[14] = S4
[x
[12]] ^ S5
[x
[13]] ^ S6
[x
[3]] ^ S7
[x
[2]] ^ S6
[x
[8]];
108 K
[15] = S4
[x
[14]] ^ S5
[x
[15]] ^ S6
[x
[1]] ^ S7
[x
[0]] ^ S7
[x
[13]];
114 for (i
= 0; i
< 16; i
++) {
115 key
->data
[i
* 2] = k
[i
];
116 key
->data
[i
* 2 + 1] = ((k
[i
+ 16]) + 16) & 0x1f;