-
Bug
-
Resolution: Fixed
-
P3
-
5.0
-
b63
-
x86
-
linux
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux mp 2.6.12-8mdksmp #1 SMP Tue Jul 26 15:09:51 CEST 2005 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz unknown GNU/Linux
A DESCRIPTION OF THE PROBLEM :
According to javadoc DESKeySpec.isWeak(byte[] key, int offset) checks if the given key material is weak or semi-weak. Thera are four weak keys, and twelve semi-weak keys (FIPS PUB 74).
The four weak keys are
0101010101010101
FEFEFEFEFEFEFEFE
1F1F1F1F0E0E0E0E
E0E0E0E0F1F1F1F1
DESKeySpec.isWeak() incorrectly reports the two last keys as not being weak. In addition, the following keys are reported as weak, which are not.
1F1F1F1F1F1F1F1F
E0E0E0E0E0E0E0E0
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
The program in the source code section tests all sixteen weak and semi-weak keys. The third and fourth key should be reported as weak (true), but isWeak returns false. Conversely, the keys in the array notWeakKeys are incorrectly reported as weak
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The following keys are all weak
[1, 1, 1, 1, 1, 1, 1, 1]: true
[-2, -2, -2, -2, -2, -2, -2, -2]: true
[31, 31, 31, 31, 14, 14, 14, 14]: true
[-32, -32, -32, -32, -15, -15, -15, -15]: true
[1, -2, 1, -2, 1, -2, 1, -2]: true
[31, -32, 31, -32, 14, -15, 14, -15]: true
[1, -32, 1, -32, 1, -15, 1, -15]: true
[31, -2, 31, -2, 14, -2, 14, -2]: true
[1, 31, 1, 31, 1, 14, 1, 14]: true
[-32, -2, -32, -2, -15, -2, -15, -2]: true
[-2, 1, -2, 1, -2, 1, -2, 1]: true
[-32, 31, -32, 31, -15, 14, -15, 14]: true
[-32, 1, -32, 1, -15, 1, -15, 1]: true
[-2, 31, -2, 31, -2, 14, -2, 14]: true
[31, 1, 31, 1, 14, 1, 14, 1]: true
[-2, -32, -2, -32, -2, -15, -2, -15]: true
The following keys are not weak
[31, 31, 31, 31, 31, 31, 31, 31]: false
[-32, -32, -32, -32, -32, -32, -32, -32]: false
ACTUAL -
The following keys are all weak
[1, 1, 1, 1, 1, 1, 1, 1]: true
[-2, -2, -2, -2, -2, -2, -2, -2]: true
[31, 31, 31, 31, 14, 14, 14, 14]: false
[-32, -32, -32, -32, -15, -15, -15, -15]: false
[1, -2, 1, -2, 1, -2, 1, -2]: true
[31, -32, 31, -32, 14, -15, 14, -15]: true
[1, -32, 1, -32, 1, -15, 1, -15]: true
[31, -2, 31, -2, 14, -2, 14, -2]: true
[1, 31, 1, 31, 1, 14, 1, 14]: true
[-32, -2, -32, -2, -15, -2, -15, -2]: true
[-2, 1, -2, 1, -2, 1, -2, 1]: true
[-32, 31, -32, 31, -15, 14, -15, 14]: true
[-32, 1, -32, 1, -15, 1, -15, 1]: true
[-2, 31, -2, 31, -2, 14, -2, 14]: true
[31, 1, 31, 1, 14, 1, 14, 1]: true
[-2, -32, -2, -32, -2, -15, -2, -15]: true
The following keys are not weak
[31, 31, 31, 31, 31, 31, 31, 31]: true
[-32, -32, -32, -32, -32, -32, -32, -32]: true
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.security.InvalidKeyException;
import java.util.Arrays;
import javax.crypto.spec.DESKeySpec;
public class TestDESKeySpec {
public static byte[][] weakKeys = { {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
{(byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE},
{0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
{(byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xF1, (byte) 0xF1, (byte) 0xF1, (byte) 0xF1},
{0x01, (byte) 0xFE, 0x01, (byte) 0xFE, 0x01, (byte) 0xFE, 0x01, (byte) 0xFE },
{0x1F, (byte) 0xE0, 0x1F, (byte) 0xE0, 0x0E, (byte) 0xF1, 0x0E, (byte) 0xF1},
{0x01, (byte) 0xE0, 0x01, (byte) 0xE0, 0x01, (byte) 0xF1, 0x01, (byte) 0xF1},
{0x1F, (byte) 0xFE, 0x1F, (byte) 0xFE, 0x0E, (byte) 0xFE, 0x0E, (byte) 0xFE},
{0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
{(byte) 0xE0, (byte) 0xFE, (byte) 0xE0, (byte) 0xFE, (byte) 0xF1, (byte) 0xFE, (byte) 0xF1, (byte) 0xFE},
{(byte) 0xFE, 0x01, (byte) 0xFE, 0x01, (byte) 0xFE, 0x01, (byte) 0xFE, 0x01},
{(byte) 0xE0, 0x1F, (byte) 0xE0, 0x1F, (byte) 0xF1, 0x0E, (byte) 0xF1, 0x0E},
{(byte) 0xE0, 0x01, (byte) 0xE0, 0x01, (byte) 0xF1, 0x01, (byte) 0xF1, 0x01},
{(byte) 0xFE, 0x1F, (byte) 0xFE, 0x1F, (byte) 0xFE, 0x0E, (byte) 0xFE, 0x0E},
{0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
{(byte) 0xFE, (byte) 0xE0, (byte) 0xFE, (byte) 0xE0, (byte) 0xFE, (byte) 0xF1, (byte) 0xFE, (byte) 0xF1}
};
public static byte[][] notWeakKeys = { {0x1F, 0x1F, 0x1F, 0x1F, 0x1F, 0x1F, 0x1F, 0x1F},
{(byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0}
};
public static void main(String[] args) throws InvalidKeyException{
System.out.println("The following keys are all weak, and isWeak should return true");
for (byte[] key: weakKeys){
System.out.println(Arrays.toString(key)+": "+DESKeySpec.isWeak(key,0));
}
System.out.println("The following keys are not weak, and isWeak should return false");
for (byte[] key: notWeakKeys){
System.out.println(Arrays.toString(key)+": "+DESKeySpec.isWeak(key,0));
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
There is no workaround. DES key generators call this method to test the weakness of the generated keys.
The impact is low because of the extremely low probability of picking one of the weak keys when selecting random keys.
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode)
ADDITIONAL OS VERSION INFORMATION :
Linux mp 2.6.12-8mdksmp #1 SMP Tue Jul 26 15:09:51 CEST 2005 i686 Intel(R) Pentium(R) 4 CPU 2.80GHz unknown GNU/Linux
A DESCRIPTION OF THE PROBLEM :
According to javadoc DESKeySpec.isWeak(byte[] key, int offset) checks if the given key material is weak or semi-weak. Thera are four weak keys, and twelve semi-weak keys (FIPS PUB 74).
The four weak keys are
0101010101010101
FEFEFEFEFEFEFEFE
1F1F1F1F0E0E0E0E
E0E0E0E0F1F1F1F1
DESKeySpec.isWeak() incorrectly reports the two last keys as not being weak. In addition, the following keys are reported as weak, which are not.
1F1F1F1F1F1F1F1F
E0E0E0E0E0E0E0E0
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
The program in the source code section tests all sixteen weak and semi-weak keys. The third and fourth key should be reported as weak (true), but isWeak returns false. Conversely, the keys in the array notWeakKeys are incorrectly reported as weak
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The following keys are all weak
[1, 1, 1, 1, 1, 1, 1, 1]: true
[-2, -2, -2, -2, -2, -2, -2, -2]: true
[31, 31, 31, 31, 14, 14, 14, 14]: true
[-32, -32, -32, -32, -15, -15, -15, -15]: true
[1, -2, 1, -2, 1, -2, 1, -2]: true
[31, -32, 31, -32, 14, -15, 14, -15]: true
[1, -32, 1, -32, 1, -15, 1, -15]: true
[31, -2, 31, -2, 14, -2, 14, -2]: true
[1, 31, 1, 31, 1, 14, 1, 14]: true
[-32, -2, -32, -2, -15, -2, -15, -2]: true
[-2, 1, -2, 1, -2, 1, -2, 1]: true
[-32, 31, -32, 31, -15, 14, -15, 14]: true
[-32, 1, -32, 1, -15, 1, -15, 1]: true
[-2, 31, -2, 31, -2, 14, -2, 14]: true
[31, 1, 31, 1, 14, 1, 14, 1]: true
[-2, -32, -2, -32, -2, -15, -2, -15]: true
The following keys are not weak
[31, 31, 31, 31, 31, 31, 31, 31]: false
[-32, -32, -32, -32, -32, -32, -32, -32]: false
ACTUAL -
The following keys are all weak
[1, 1, 1, 1, 1, 1, 1, 1]: true
[-2, -2, -2, -2, -2, -2, -2, -2]: true
[31, 31, 31, 31, 14, 14, 14, 14]: false
[-32, -32, -32, -32, -15, -15, -15, -15]: false
[1, -2, 1, -2, 1, -2, 1, -2]: true
[31, -32, 31, -32, 14, -15, 14, -15]: true
[1, -32, 1, -32, 1, -15, 1, -15]: true
[31, -2, 31, -2, 14, -2, 14, -2]: true
[1, 31, 1, 31, 1, 14, 1, 14]: true
[-32, -2, -32, -2, -15, -2, -15, -2]: true
[-2, 1, -2, 1, -2, 1, -2, 1]: true
[-32, 31, -32, 31, -15, 14, -15, 14]: true
[-32, 1, -32, 1, -15, 1, -15, 1]: true
[-2, 31, -2, 31, -2, 14, -2, 14]: true
[31, 1, 31, 1, 14, 1, 14, 1]: true
[-2, -32, -2, -32, -2, -15, -2, -15]: true
The following keys are not weak
[31, 31, 31, 31, 31, 31, 31, 31]: true
[-32, -32, -32, -32, -32, -32, -32, -32]: true
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
import java.security.InvalidKeyException;
import java.util.Arrays;
import javax.crypto.spec.DESKeySpec;
public class TestDESKeySpec {
public static byte[][] weakKeys = { {0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
{(byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE, (byte) 0xFE},
{0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E},
{(byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xF1, (byte) 0xF1, (byte) 0xF1, (byte) 0xF1},
{0x01, (byte) 0xFE, 0x01, (byte) 0xFE, 0x01, (byte) 0xFE, 0x01, (byte) 0xFE },
{0x1F, (byte) 0xE0, 0x1F, (byte) 0xE0, 0x0E, (byte) 0xF1, 0x0E, (byte) 0xF1},
{0x01, (byte) 0xE0, 0x01, (byte) 0xE0, 0x01, (byte) 0xF1, 0x01, (byte) 0xF1},
{0x1F, (byte) 0xFE, 0x1F, (byte) 0xFE, 0x0E, (byte) 0xFE, 0x0E, (byte) 0xFE},
{0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E},
{(byte) 0xE0, (byte) 0xFE, (byte) 0xE0, (byte) 0xFE, (byte) 0xF1, (byte) 0xFE, (byte) 0xF1, (byte) 0xFE},
{(byte) 0xFE, 0x01, (byte) 0xFE, 0x01, (byte) 0xFE, 0x01, (byte) 0xFE, 0x01},
{(byte) 0xE0, 0x1F, (byte) 0xE0, 0x1F, (byte) 0xF1, 0x0E, (byte) 0xF1, 0x0E},
{(byte) 0xE0, 0x01, (byte) 0xE0, 0x01, (byte) 0xF1, 0x01, (byte) 0xF1, 0x01},
{(byte) 0xFE, 0x1F, (byte) 0xFE, 0x1F, (byte) 0xFE, 0x0E, (byte) 0xFE, 0x0E},
{0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01},
{(byte) 0xFE, (byte) 0xE0, (byte) 0xFE, (byte) 0xE0, (byte) 0xFE, (byte) 0xF1, (byte) 0xFE, (byte) 0xF1}
};
public static byte[][] notWeakKeys = { {0x1F, 0x1F, 0x1F, 0x1F, 0x1F, 0x1F, 0x1F, 0x1F},
{(byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0, (byte) 0xE0}
};
public static void main(String[] args) throws InvalidKeyException{
System.out.println("The following keys are all weak, and isWeak should return true");
for (byte[] key: weakKeys){
System.out.println(Arrays.toString(key)+": "+DESKeySpec.isWeak(key,0));
}
System.out.println("The following keys are not weak, and isWeak should return false");
for (byte[] key: notWeakKeys){
System.out.println(Arrays.toString(key)+": "+DESKeySpec.isWeak(key,0));
}
}
}
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
There is no workaround. DES key generators call this method to test the weakness of the generated keys.
The impact is low because of the extremely low probability of picking one of the weak keys when selecting random keys.