libgcrypt: weak DES keys checking?

Simon Josefsson jas@extundo.com
Fri Aug 16 20:46:01 2002 

--=-=-=

Is there a users' list for libgcrypt?

The DES implementation in libgcrypt seem to check for weak, semi weak
and possibly weak keys, but it seems I can't get it to reject one of
the "middle" weak keys:

E0 E0 E0 E0 F1 F1 F1 F1 (with parity)
E0 E0 E0 E0 F0 F0 F0 F0 (without parity)
FF FF FF FF 00 00 00 00 (actual key)

What am I doing wrong?  Sample code attached.  The weak key table in
des.c seems rather opaque, perhaps there is a bug somewhere.

You need to patch CVS HEAD with the following to make DES work though.

Index: cipher/cipher.c
===================================================================
RCS file: /cvs/gnupg/libgcrypt/cipher/cipher.c,v
retrieving revision 1.45
diff -u -p -r1.45 cipher.c
--- cipher/cipher.c	14 Aug 2002 19:07:52 -0000	1.45
+++ cipher/cipher.c	16 Aug 2002 18:42:56 -0000
@@ -34,7 +34,7 @@
 #include "dynload.h"
 
 #define MAX_BLOCKSIZE 16
-#define TABLE_SIZE 14
+#define TABLE_SIZE 15
 #define CTX_MAGIC_NORMAL 0x24091964
 #define CTX_MAGIC_SECURE 0x46919042
 
@@ -229,7 +229,7 @@ setup_cipher_table(void)
 					 &cipher_table[i].decrypt     );
     if( !cipher_table[i].name )
 	BUG();
-
+    i++;
     cipher_table[i].algo = CIPHER_ALGO_DUMMY;
     cipher_table[i].name = "DUMMY";
     cipher_table[i].blocksize = 8;

--=-=-=
Content-Type: text/x-csrc
Content-Disposition: attachment; filename=gcry.c

#include <gcrypt.h>
#include <stdio.h>

/* gcc -o gcry gcry.c `libgcrypt-config --libs --cflags` */

int
main(int argc, char argv[])
{
  int res;
  GCRY_CIPHER_HD ch;
  int j;
  unsigned char key[8];

  ch = gcry_cipher_open (GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC, 0);
  if (ch == NULL)
    {
      puts("open fail");
      return 1;
    }

#define X & 0xFE
    key[0] = 0xE0 X;    key[1] = 0xE0 X;    key[2] = 0xE0 X;    key[3] = 0xE0 X;
    key[4] = 0xF1 X;    key[5] = 0xF1 X;    key[6] = 0xF1 X;    key[7] = 0xF1 X;

    printf("parity key: \n");
    for (j = 0; j < 8; j++)
	printf("%02X ", key[j]);
    printf("\n");

  res = gcry_cipher_setkey(ch, key, 8);
  if (res != GCRYERR_SUCCESS)
    {
      puts("setkey fail");
    }

  if (res == GCRYERR_WEAK_KEY)
    {
      printf("weak key\n");
    }

  gcry_cipher_close (ch);

  return 0;
}

--=-=-=--