feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

add public function to check if a DES key is weak

Browse Source
This commit is contained in:
Jacob Barthelmeh
2017-01-04 09:59:53 -07:00
parent bebe60a4c1
commit cf6f4718e8
2 changed files with 84 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

143
src/ssl.c
View File

@@ -17873,7 +17873,7 @@ int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
return -2; return -2;
} }
else { else {
word32 i, mask, mask2; word32 i;
word32 sz = sizeof(WOLFSSL_DES_key_schedule); word32 sz = sizeof(WOLFSSL_DES_key_schedule);
/* sanity check before call to DES_check */ /* sanity check before call to DES_check */
@@ -17898,66 +17898,7 @@ int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
} }
} }
/* check is not weak. Weak key list from Nist if (wolfSSL_DES_is_weak_key(key) == 1) {
"Recommendation for the Triple
Data Encryption Algorithm
(TDEA) Block Cipher" */
mask = 0x01010101; mask2 = 0x01010101;
if (DES_check(mask, mask2, *key)) {
WOLFSSL_MSG("Weak key found");
return -2;
}
mask = 0xFEFEFEFE; mask2 = 0xFEFEFEFE;
if (DES_check(mask, mask2, *key)) {
WOLFSSL_MSG("Weak key found");
return -2;
}
mask = 0xE0E0E0E0; mask2 = 0xF1F1F1F1;
if (DES_check(mask, mask2, *key)) {
WOLFSSL_MSG("Weak key found");
return -2;
}
mask = 0x1F1F1F1F; mask2 = 0x0E0E0E0E;
if (DES_check(mask, mask2, *key)) {
WOLFSSL_MSG("Weak key found");
return -2;
}
/* semi-weak *key check (list from same Nist paper) */
mask = 0x011F011F; mask2 = 0x010E010E;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found");
return -2;
}
mask = 0x01E001E0; mask2 = 0x01F101F1;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found");
return -2;
}
mask = 0x01FE01FE; mask2 = 0x01FE01FE;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found");
return -2;
}
mask = 0x1FE01FE0; mask2 = 0x0EF10EF1;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found");
return -2;
}
mask = 0x1FFE1FFE; mask2 = 0x0EFE0EFE;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found"); WOLFSSL_MSG("Weak key found");
return -2; return -2;
} }
@@ -17970,6 +17911,86 @@ int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
} }
/* check is not weak. Weak key list from Nist "Recommendation for the Triple
* Data Encryption Algorithm (TDEA) Block Cipher"
*
* returns 1 if is weak 0 if not
*/
int wolfSSL_DES_is_weak_key(WOLFSSL_const_DES_cblock* key)
{
word32 mask, mask2;
WOLFSSL_ENTER("wolfSSL_DES_is_weak_key");
if (key == NULL) {
WOLFSSL_MSG("NULL key passed in");
return 1;
}
mask = 0x01010101; mask2 = 0x01010101;
if (DES_check(mask, mask2, *key)) {
WOLFSSL_MSG("Weak key found");
return 1;
}
mask = 0xFEFEFEFE; mask2 = 0xFEFEFEFE;
if (DES_check(mask, mask2, *key)) {
WOLFSSL_MSG("Weak key found");
return 1;
}
mask = 0xE0E0E0E0; mask2 = 0xF1F1F1F1;
if (DES_check(mask, mask2, *key)) {
WOLFSSL_MSG("Weak key found");
return 1;
}
mask = 0x1F1F1F1F; mask2 = 0x0E0E0E0E;
if (DES_check(mask, mask2, *key)) {
WOLFSSL_MSG("Weak key found");
return 1;
}
/* semi-weak *key check (list from same Nist paper) */
mask = 0x011F011F; mask2 = 0x010E010E;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found");
return 1;
}
mask = 0x01E001E0; mask2 = 0x01F101F1;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found");
return 1;
}
mask = 0x01FE01FE; mask2 = 0x01FE01FE;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found");
return 1;
}
mask = 0x1FE01FE0; mask2 = 0x0EF10EF1;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found");
return 1;
}
mask = 0x1FFE1FFE; mask2 = 0x0EFE0EFE;
if (DES_check(mask, mask2, *key) ||
DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
WOLFSSL_MSG("Weak key found");
return 1;
}
return 0;
}
void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes, void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes,
WOLFSSL_DES_key_schedule* key) WOLFSSL_DES_key_schedule* key)
{ {

2
wolfssl/openssl/des.h
View File

@@ -53,6 +53,7 @@ enum {
}; };
WOLFSSL_API int wolfSSL_DES_is_weak_key(WOLFSSL_const_DES_cblock* key);
WOLFSSL_API int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_API int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes,
WOLFSSL_DES_key_schedule* key); WOLFSSL_DES_key_schedule* key);
WOLFSSL_API int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes, WOLFSSL_API int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
@@ -86,6 +87,7 @@ typedef WOLFSSL_const_DES_cblock const_DES_cblock;
typedef WOLFSSL_DES_key_schedule DES_key_schedule; typedef WOLFSSL_DES_key_schedule DES_key_schedule;
#define DES_check_key(x) /* Define WOLFSSL_CHECK_DESKEY to check key */ #define DES_check_key(x) /* Define WOLFSSL_CHECK_DESKEY to check key */
#define DES_is_weak_key wolfSSL_DES_is_weak_key
#define DES_set_key wolfSSL_DES_set_key #define DES_set_key wolfSSL_DES_set_key
#define DES_set_key_checked wolfSSL_DES_set_key_checked #define DES_set_key_checked wolfSSL_DES_set_key_checked
#define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked #define DES_set_key_unchecked wolfSSL_DES_set_key_unchecked