yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-22 11:15:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

- Support for DES weak keys and parity bits added

Browse Source
This commit is contained in:
Paul Bakker 2011-01-15 17:32:24 +00:00
parent f92d7a8c81
commit 1f87fb6896
5 changed files with 179 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -13,6 +13,7 @@ Note: Most of these features have been donated by Fox-IT
verification to allow external blacklisting.
* Improved X509 certificate parsing to include extended
certificate fields, including Key Usage.
* Detection for DES weak keys and parity bits added
= Version 0.14.0 released on 2010-08-16
Features

42
include/polarssl/des.h
View File

@ -32,6 +32,8 @@
#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH -0x0C00
#define DES_KEY_SIZE 8
/**
* \brief DES context structure
*/
@ -56,6 +58,34 @@ des3_context;
extern "C" {
#endif
/**
* \brief Set key parity on the given key to odd.
*
* DES keys are 56 bits long, but each byte is padded with
* a parity bit to allow verification.
*
* \param key 8-byte secret key
*/
void des_key_set_parity( unsigned char key[DES_KEY_SIZE] );
/**
* \brief Check that key parity on the given key is odd.
*
* DES keys are 56 bits long, but each byte is padded with
* a parity bit to allow verification.
*
* \param key 8-byte secret key
*/
int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] );
/**
* \brief Check that key is not a weak or semi-weak DES key
*
* \param key 8-byte secret key
*/
int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] );
/**
* \brief DES key schedule (56-bit, encryption)
*
@ -64,7 +94,7 @@ extern "C" {
*
* \return 0
*/
int des_setkey_enc( des_context *ctx, const unsigned char key[8] );
int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
/**
* \brief DES key schedule (56-bit, decryption)
@ -74,7 +104,7 @@ int des_setkey_enc( des_context *ctx, const unsigned char key[8] );
*
* \return 0
*/
int des_setkey_dec( des_context *ctx, const unsigned char key[8] );
int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
/**
* \brief Triple-DES key schedule (112-bit, encryption)
@ -84,7 +114,7 @@ int des_setkey_dec( des_context *ctx, const unsigned char key[8] );
*
* \return 0
*/
int des3_set2key_enc( des3_context *ctx, const unsigned char key[16] );
int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
/**
* \brief Triple-DES key schedule (112-bit, decryption)
@ -94,7 +124,7 @@ int des3_set2key_enc( des3_context *ctx, const unsigned char key[16] );
*
* \return 0
*/
int des3_set2key_dec( des3_context *ctx, const unsigned char key[16] );
int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] );
/**
* \brief Triple-DES key schedule (168-bit, encryption)
@ -104,7 +134,7 @@ int des3_set2key_dec( des3_context *ctx, const unsigned char key[16] );
*
* \return 0
*/
int des3_set3key_enc( des3_context *ctx, const unsigned char key[24] );
int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
/**
* \brief Triple-DES key schedule (168-bit, decryption)
@ -114,7 +144,7 @@ int des3_set3key_enc( des3_context *ctx, const unsigned char key[24] );
*
* \return 0
*/
int des3_set3key_dec( des3_context *ctx, const unsigned char key[24] );
int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] );
/**
* \brief DES-ECB block encryption/decryption

104
library/des.c
View File

@ -290,7 +290,95 @@ static const unsigned long RHs[16] =
#define SWAP(a,b) { unsigned long t = a; a = b; b = t; t = 0; }
static void des_setkey( unsigned long SK[32], const unsigned char key[8] )
static const unsigned char odd_parity_table[128] = { 1, 2, 4, 7, 8,
11, 13, 14, 16, 19, 21, 22, 25, 26, 28, 31, 32, 35, 37, 38, 41, 42, 44,
47, 49, 50, 52, 55, 56, 59, 61, 62, 64, 67, 69, 70, 73, 74, 76, 79, 81,
82, 84, 87, 88, 91, 93, 94, 97, 98, 100, 103, 104, 107, 109, 110, 112,
115, 117, 118, 121, 122, 124, 127, 128, 131, 133, 134, 137, 138, 140,
143, 145, 146, 148, 151, 152, 155, 157, 158, 161, 162, 164, 167, 168,
171, 173, 174, 176, 179, 181, 182, 185, 186, 188, 191, 193, 194, 196,
199, 200, 203, 205, 206, 208, 211, 213, 214, 217, 218, 220, 223, 224,
227, 229, 230, 233, 234, 236, 239, 241, 242, 244, 247, 248, 251, 253,
254 };
void des_key_set_parity( unsigned char key[DES_KEY_SIZE] )
{
int i;
for( i = 0; i < DES_KEY_SIZE; i++ )
key[i] = odd_parity_table[key[i] / 2];
}
/*
* Check the given key's parity, returns 1 on failure, 0 on SUCCESS
*/
int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] )
{
int i;
for( i = 0; i < DES_KEY_SIZE; i++ )
if ( key[i] != odd_parity_table[key[i] / 2] )
return( 1 );
return( 0 );
}
/*
* Table of weak and semi-weak keys
*
* Source: http://en.wikipedia.org/wiki/Weak_key
*
* Weak:
* Alternating ones + zeros (0x0101010101010101)
* Alternating 'F' + 'E' (0xFEFEFEFEFEFEFEFE)
* '0xE0E0E0E0F1F1F1F1'
* '0x1F1F1F1F0E0E0E0E'
*
* Semi-weak:
* 0x011F011F010E010E and 0x1F011F010E010E01
* 0x01E001E001F101F1 and 0xE001E001F101F101
* 0x01FE01FE01FE01FE and 0xFE01FE01FE01FE01
* 0x1FE01FE00EF10EF1 and 0xE01FE01FF10EF10E
* 0x1FFE1FFE0EFE0EFE and 0xFE1FFE1FFE0EFE0E
* 0xE0FEE0FEF1FEF1FE and 0xFEE0FEE0FEF1FEF1
*
*/
#define WEAK_KEY_COUNT 16
static const unsigned char weak_key_table[WEAK_KEY_COUNT][DES_KEY_SIZE] =
{
{ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 },
{ 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE },
{ 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E },
{ 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 },
{ 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E },
{ 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 },
{ 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 },
{ 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 },
{ 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE },
{ 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 },
{ 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 },
{ 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E },
{ 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE },
{ 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E },
{ 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE },
{ 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 }
};
int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] )
{
int i;
for( i = 0; i < WEAK_KEY_COUNT; i++ )
if( memcmp( weak_key_table[i], key, DES_KEY_SIZE) == 0)
return( 0 );
return( 1 );
}
static void des_setkey( unsigned long SK[32], const unsigned char key[DES_KEY_SIZE] )
{
int i;
unsigned long X, Y, T;
@ -362,7 +450,7 @@ static void des_setkey( unsigned long SK[32], const unsigned char key[8] )
/*
* DES key schedule (56-bit, encryption)
*/
int des_setkey_enc( des_context *ctx, const unsigned char key[8] )
int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
{
des_setkey( ctx->sk, key );
@ -372,7 +460,7 @@ int des_setkey_enc( des_context *ctx, const unsigned char key[8] )
/*
* DES key schedule (56-bit, decryption)
*/
int des_setkey_dec( des_context *ctx, const unsigned char key[8] )
int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] )
{
int i;
@ -389,7 +477,7 @@ int des_setkey_dec( des_context *ctx, const unsigned char key[8] )
static void des3_set2key( unsigned long esk[96],
unsigned long dsk[96],
const unsigned char key[16] )
const unsigned char key[DES_KEY_SIZE*2] )
{
int i;
@ -415,7 +503,7 @@ static void des3_set2key( unsigned long esk[96],
/*
* Triple-DES key schedule (112-bit, encryption)
*/
int des3_set2key_enc( des3_context *ctx, const unsigned char key[16] )
int des3_set2key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
{
unsigned long sk[96];
@ -428,7 +516,7 @@ int des3_set2key_enc( des3_context *ctx, const unsigned char key[16] )
/*
* Triple-DES key schedule (112-bit, decryption)
*/
int des3_set2key_dec( des3_context *ctx, const unsigned char key[16] )
int des3_set2key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 2] )
{
unsigned long sk[96];
@ -464,7 +552,7 @@ static void des3_set3key( unsigned long esk[96],
/*
* Triple-DES key schedule (168-bit, encryption)
*/
int des3_set3key_enc( des3_context *ctx, const unsigned char key[24] )
int des3_set3key_enc( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
{
unsigned long sk[96];
@ -477,7 +565,7 @@ int des3_set3key_enc( des3_context *ctx, const unsigned char key[24] )
/*
* Triple-DES key schedule (168-bit, decryption)
*/
int des3_set3key_dec( des3_context *ctx, const unsigned char key[24] )
int des3_set3key_dec( des3_context *ctx, const unsigned char key[DES_KEY_SIZE * 3] )
{
unsigned long sk[96];

3
tests/suites/test_suite_des.data
View File

@ -232,5 +232,8 @@ des_encrypt_cbc:"0123456789abcdef":"fedcba9876543210":"37363534333231204E6F77206
3DES-CBC 3Key Encrypt (Invalid input length)
des3_encrypt_cbc:3:"0123456789abcdeff1e0d3c2b5a49786fedcba9876543210":"fedcba9876543210":"37363534333231204E6F77206973207468652074696D65":"":POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
Run through parity bit tests
des_key_parity_run:
DES Selftest
des_selftest:

43
tests/suites/test_suite_des.function
View File

@ -254,6 +254,49 @@ des3_decrypt_cbc:key_count:hex_key_string:hex_iv_string:hex_src_string:hex_dst_s
}
END_CASE
BEGIN_CASE
des_key_parity_run:
{
int i, j, cnt;
unsigned char key[DES_KEY_SIZE];
unsigned int parity;
memset( key, 0, DES_KEY_SIZE );
cnt = 0;
// Iterate through all possible byte values
//
for( i = 0; i < 32; i++ )
{
for( j = 0; j < 8; j++ )
key[j] = cnt++;
// Set the key parity according to the table
//
des_key_set_parity( key );
// Check the parity with a function
//
for( j = 0; j < 8; j++ )
{
parity = key[j] ^ ( key[j] >> 4 );
parity = parity ^
( parity >> 1 ) ^
( parity >> 2 ) ^
( parity >> 3 );
parity &= 1;
if( parity != 1 )
TEST_ASSERT( 0 );
}
// Check the parity with the table
//
TEST_ASSERT( des_key_check_key_parity( key ) == 0 );
}
}
END_CASE
BEGIN_CASE
des_selftest:
{