[15412] in cryptography@c2.net mail archive
Problem solved - NetBSD kernel's DES implementation broken
daemon@ATHENA.MIT.EDU (VaX#n8)
Tue May 25 15:03:35 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: cryptography@metzdowd.com
Date: Mon, 17 May 2004 06:49:05 -0400
From: VaX#n8 <vax@carolina.rr.com>
Nevermind my previous message. The NetBSD kernel's des_set_key is hosed.
The key schedule is not correctly written to, and subkeys are left
uninitialized. It appears that someone changed the key schedule
organization and didn't change the code that rights to it.
(They added the weak_key field but forgot to account for that in des_set_key).
This code proves it (compile with -I/sys):
#include <stdio.h>
#include <stdlib.h>
#include <err.h>
#include <strings.h>
#include <sys/malloc.h>
#include <crypto/des/des.h>
int main() {
des_key_schedule ks;
int i, j;
const char *kptr = calloc(1, sizeof(des_cblock));
unsigned char *p;
des_set_key_unchecked ((des_cblock *)kptr, ks);
for (j = 0; j<(sizeof(des_key_schedule)/sizeof(struct des_ks_struct)); j++) {
for (i = 0; i < sizeof(des_cblock); i++) printf("%02x", ks[j].ks.cblock[i]);
printf(", ");
p = (char *) &ks[j].weak_key;
for (i = 0; i < sizeof(int); i++) printf("%02x", p[i]);
printf("\n");
}
printf("\n");
bzero(ks, sizeof(des_key_schedule));
des_set_key_unchecked ((des_cblock *)kptr, ks);
for (j = 0; j<(sizeof(des_key_schedule)/sizeof(struct des_ks_struct)); j++) {
for (i = 0; i < sizeof(des_cblock); i++) printf("%02x", ks[j].ks.cblock[i]);
printf(", ");
p = (char *) &ks[j].weak_key;
for (i = 0; i < sizeof(int); i++) printf("%02x", p[i]);
printf("\n");
}
exit(0);
}
Sample output:
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 1f000000
1f000000ecb8bfbf, 00720548
7c85040870aa0408, 07090000
000000002e850408, 58aa0408
40a90408ecb8bfbf, 1f000000
1f000000ecb8bfbf, 98b8bfbf
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
0000000000000000, 00000000
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
