]>
git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/cast/c_skey.c
d516e10ee36223a55c9e378878fd4fd69b0080cc
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * CAST low level APIs are deprecated for public use, but still ok for
14 #include "internal/deprecated.h"
16 #include <openssl/cast.h>
17 #include "cast_local.h"
20 #define CAST_exp(l,A,a,n) \
23 a[n+2]=(l>> 8)&0xff; \
24 a[n+1]=(l>>16)&0xff; \
27 #define S4 CAST_S_table4
28 #define S5 CAST_S_table5
29 #define S6 CAST_S_table6
30 #define S7 CAST_S_table7
32 void CAST_set_key(CAST_KEY
*key
, int len
, const unsigned char *data
)
41 for (i
= 0; i
< 16; i
++)
45 for (i
= 0; i
< len
; i
++)
53 X
[0] = ((x
[0] << 24) | (x
[1] << 16) | (x
[2] << 8) | x
[3]) & 0xffffffffL
;
54 X
[1] = ((x
[4] << 24) | (x
[5] << 16) | (x
[6] << 8) | x
[7]) & 0xffffffffL
;
55 X
[2] = ((x
[8] << 24) | (x
[9] << 16) | (x
[10] << 8) | x
[11]) & 0xffffffffL
;
57 ((x
[12] << 24) | (x
[13] << 16) | (x
[14] << 8) | x
[15]) & 0xffffffffL
;
60 l
= X
[0] ^ S4
[x
[13]] ^ S5
[x
[15]] ^ S6
[x
[12]] ^ S7
[x
[14]] ^ S6
[x
[8]];
62 l
= X
[2] ^ S4
[z
[0]] ^ S5
[z
[2]] ^ S6
[z
[1]] ^ S7
[z
[3]] ^ S7
[x
[10]];
64 l
= X
[3] ^ S4
[z
[7]] ^ S5
[z
[6]] ^ S6
[z
[5]] ^ S7
[z
[4]] ^ S4
[x
[9]];
66 l
= X
[1] ^ S4
[z
[10]] ^ S5
[z
[9]] ^ S6
[z
[11]] ^ S7
[z
[8]] ^ S5
[x
[11]];
67 CAST_exp(l
, Z
, z
, 12);
69 K
[0] = S4
[z
[8]] ^ S5
[z
[9]] ^ S6
[z
[7]] ^ S7
[z
[6]] ^ S4
[z
[2]];
70 K
[1] = S4
[z
[10]] ^ S5
[z
[11]] ^ S6
[z
[5]] ^ S7
[z
[4]] ^ S5
[z
[6]];
71 K
[2] = S4
[z
[12]] ^ S5
[z
[13]] ^ S6
[z
[3]] ^ S7
[z
[2]] ^ S6
[z
[9]];
72 K
[3] = S4
[z
[14]] ^ S5
[z
[15]] ^ S6
[z
[1]] ^ S7
[z
[0]] ^ S7
[z
[12]];
74 l
= Z
[2] ^ S4
[z
[5]] ^ S5
[z
[7]] ^ S6
[z
[4]] ^ S7
[z
[6]] ^ S6
[z
[0]];
76 l
= Z
[0] ^ S4
[x
[0]] ^ S5
[x
[2]] ^ S6
[x
[1]] ^ S7
[x
[3]] ^ S7
[z
[2]];
78 l
= Z
[1] ^ S4
[x
[7]] ^ S5
[x
[6]] ^ S6
[x
[5]] ^ S7
[x
[4]] ^ S4
[z
[1]];
80 l
= Z
[3] ^ S4
[x
[10]] ^ S5
[x
[9]] ^ S6
[x
[11]] ^ S7
[x
[8]] ^ S5
[z
[3]];
81 CAST_exp(l
, X
, x
, 12);
83 K
[4] = S4
[x
[3]] ^ S5
[x
[2]] ^ S6
[x
[12]] ^ S7
[x
[13]] ^ S4
[x
[8]];
84 K
[5] = S4
[x
[1]] ^ S5
[x
[0]] ^ S6
[x
[14]] ^ S7
[x
[15]] ^ S5
[x
[13]];
85 K
[6] = S4
[x
[7]] ^ S5
[x
[6]] ^ S6
[x
[8]] ^ S7
[x
[9]] ^ S6
[x
[3]];
86 K
[7] = S4
[x
[5]] ^ S5
[x
[4]] ^ S6
[x
[10]] ^ S7
[x
[11]] ^ S7
[x
[7]];
88 l
= X
[0] ^ S4
[x
[13]] ^ S5
[x
[15]] ^ S6
[x
[12]] ^ S7
[x
[14]] ^ S6
[x
[8]];
90 l
= X
[2] ^ S4
[z
[0]] ^ S5
[z
[2]] ^ S6
[z
[1]] ^ S7
[z
[3]] ^ S7
[x
[10]];
92 l
= X
[3] ^ S4
[z
[7]] ^ S5
[z
[6]] ^ S6
[z
[5]] ^ S7
[z
[4]] ^ S4
[x
[9]];
94 l
= X
[1] ^ S4
[z
[10]] ^ S5
[z
[9]] ^ S6
[z
[11]] ^ S7
[z
[8]] ^ S5
[x
[11]];
95 CAST_exp(l
, Z
, z
, 12);
97 K
[8] = S4
[z
[3]] ^ S5
[z
[2]] ^ S6
[z
[12]] ^ S7
[z
[13]] ^ S4
[z
[9]];
98 K
[9] = S4
[z
[1]] ^ S5
[z
[0]] ^ S6
[z
[14]] ^ S7
[z
[15]] ^ S5
[z
[12]];
99 K
[10] = S4
[z
[7]] ^ S5
[z
[6]] ^ S6
[z
[8]] ^ S7
[z
[9]] ^ S6
[z
[2]];
100 K
[11] = S4
[z
[5]] ^ S5
[z
[4]] ^ S6
[z
[10]] ^ S7
[z
[11]] ^ S7
[z
[6]];
102 l
= Z
[2] ^ S4
[z
[5]] ^ S5
[z
[7]] ^ S6
[z
[4]] ^ S7
[z
[6]] ^ S6
[z
[0]];
103 CAST_exp(l
, X
, x
, 0);
104 l
= Z
[0] ^ S4
[x
[0]] ^ S5
[x
[2]] ^ S6
[x
[1]] ^ S7
[x
[3]] ^ S7
[z
[2]];
105 CAST_exp(l
, X
, x
, 4);
106 l
= Z
[1] ^ S4
[x
[7]] ^ S5
[x
[6]] ^ S6
[x
[5]] ^ S7
[x
[4]] ^ S4
[z
[1]];
107 CAST_exp(l
, X
, x
, 8);
108 l
= Z
[3] ^ S4
[x
[10]] ^ S5
[x
[9]] ^ S6
[x
[11]] ^ S7
[x
[8]] ^ S5
[z
[3]];
109 CAST_exp(l
, X
, x
, 12);
111 K
[12] = S4
[x
[8]] ^ S5
[x
[9]] ^ S6
[x
[7]] ^ S7
[x
[6]] ^ S4
[x
[3]];
112 K
[13] = S4
[x
[10]] ^ S5
[x
[11]] ^ S6
[x
[5]] ^ S7
[x
[4]] ^ S5
[x
[7]];
113 K
[14] = S4
[x
[12]] ^ S5
[x
[13]] ^ S6
[x
[3]] ^ S7
[x
[2]] ^ S6
[x
[8]];
114 K
[15] = S4
[x
[14]] ^ S5
[x
[15]] ^ S6
[x
[1]] ^ S7
[x
[0]] ^ S7
[x
[13]];
120 for (i
= 0; i
< 16; i
++) {
121 key
->data
[i
* 2] = k
[i
];
122 key
->data
[i
* 2 + 1] = ((k
[i
+ 16]) + 16) & 0x1f;