des: add subkey equality check to TDES weak key test (#470)

des/src/des.rs

@@ -53,7 +53,8 @@ impl KeyInit for Des {
 
     #[inline]
     fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
-        match super::weak_key_test(&key.0) {
+        let key = u64::from_ne_bytes(key.0);
+        match super::weak_key_test(key) {
             0 => Ok(()),
             _ => Err(WeakKeyError),
         }

des/src/lib.rs

@@ -34,8 +34,7 @@ pub use crate::tdes::{TdesEde2, TdesEde3, TdesEee2, TdesEee3};
 /// Checks whether the key is weak.
 ///
 /// Returns 1 if the key is weak; otherwise, returns 0.
-fn weak_key_test(key: &[u8; 8]) -> u8 {
-    let key = u64::from_ne_bytes(*key);
+fn weak_key_test(key: u64) -> u8 {
     let mut is_weak = 0u8;
     for &weak_key in crate::consts::WEAK_KEYS {
         is_weak |= u8::from(key == weak_key);

des/src/tdes.rs

@@ -4,7 +4,6 @@ use crate::{utils::gen_keys, Des};
 use cipher::{
     consts::{U1, U16, U24, U8},
     crypto_common::WeakKeyError,
-    typenum::Unsigned,
     AlgorithmName, Block, BlockCipherDecBackend, BlockCipherDecClosure, BlockCipherDecrypt,
     BlockCipherEncBackend, BlockCipherEncClosure, BlockCipherEncrypt, BlockSizeUser, InOut, Key,
     KeyInit, KeySizeUser, ParBlocksSizeUser,
@@ -15,15 +14,34 @@ use core::fmt;
 use cipher::zeroize::ZeroizeOnDrop;
 
 #[inline]
-fn weak_key_test(key: &[u8]) -> Result<(), WeakKeyError> {
-    let sub_key_size = <Des as KeySizeUser>::KeySize::USIZE;
-    assert_eq!(key.len() % sub_key_size, 0);
+fn weak_key_test2(key: &[u8; 16]) -> Result<(), WeakKeyError> {
+    let k1 = u64::from_ne_bytes(key[..8].try_into().unwrap());
+    let k2 = u64::from_ne_bytes(key[8..16].try_into().unwrap());
 
     let mut is_weak = 0u8;
-    for des_key in key.chunks_exact(sub_key_size) {
-        let des_key = des_key.try_into().unwrap();
-        is_weak |= super::weak_key_test(des_key);
+    is_weak |= super::weak_key_test(k1);
+    is_weak |= super::weak_key_test(k2);
+    is_weak |= u8::from(k1 == k2);
+
+    match is_weak {
+        0 => Ok(()),
+        _ => Err(WeakKeyError),
     }
+}
+
+#[inline]
+fn weak_key_test3(key: &[u8; 24]) -> Result<(), WeakKeyError> {
+    let k1 = u64::from_ne_bytes(key[..8].try_into().unwrap());
+    let k2 = u64::from_ne_bytes(key[8..16].try_into().unwrap());
+    let k3 = u64::from_ne_bytes(key[16..24].try_into().unwrap());
+
+    let mut is_weak = 0u8;
+    is_weak |= super::weak_key_test(k1);
+    is_weak |= super::weak_key_test(k2);
+    is_weak |= super::weak_key_test(k3);
+    is_weak |= u8::from(k1 == k2);
+    is_weak |= u8::from(k1 == k3);
+    is_weak |= u8::from(k2 == k3);
 
     match is_weak {
         0 => Ok(()),
@@ -57,7 +75,7 @@ impl KeyInit for TdesEde3 {
 
     #[inline]
     fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
-        weak_key_test(key)
+        weak_key_test3(&key.0)
     }
 }
 
@@ -146,7 +164,7 @@ impl KeyInit for TdesEee3 {
 
     #[inline]
     fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
-        weak_key_test(key)
+        weak_key_test3(&key.0)
     }
 }
 
@@ -232,7 +250,7 @@ impl KeyInit for TdesEde2 {
 
     #[inline]
     fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
-        weak_key_test(key)
+        weak_key_test2(&key.0)
     }
 }
 
@@ -318,7 +336,7 @@ impl KeyInit for TdesEee2 {
 
     #[inline]
     fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
-        weak_key_test(key)
+        weak_key_test2(&key.0)
     }
 }
 

des/tests/weak.rs

@@ -17,6 +17,9 @@ fn weak_des() {
         hex!("010101010101010100000000000000000000000000000000"),
         hex!("0000000000000000fefefefefefefefe0000000000000000"),
         hex!("00000000000000000000000000000000e0e0e0e0f1f1f1f1"),
+        hex!("010203040506070801020304050607081112131415161718"),
+        hex!("010203040506070811121314151617180102030405060708"),
+        hex!("111213141516171801020304050607080102030405060708"),
     ] {
         let k = Key::<TdesEde3>::from(*k);
         assert!(TdesEde3::weak_key_test(&k).is_err());
@@ -27,6 +30,7 @@ fn weak_des() {
         hex!("01010101010101010000000000000000"),
         hex!("0000000000000000fefefefefefefefe"),
         hex!("0000000000000000e0e0e0e0f1f1f1f1"),
+        hex!("01020304050607080102030405060708"),
     ] {
         let k = Key::<TdesEde2>::from(*k);
         assert!(TdesEde2::weak_key_test(&k).is_err());