Constant-time checks for DES weak keys

peterdettman · peterdettman · commit 85e2cddac654 · 2026-02-04T20:09:52.000+07:00
diff --git a/core/src/main/java/org/bouncycastle/crypto/params/DESParameters.java b/core/src/main/java/org/bouncycastle/crypto/params/DESParameters.java
@@ -1,5 +1,7 @@
 package org.bouncycastle.crypto.params;
 
+import org.bouncycastle.util.Arrays;
+
 public class DESParameters
     extends KeyParameter
 {
@@ -58,27 +60,21 @@ public DESParameters(
      * @return true if the given DES key material is weak or semi-weak,
      *     false otherwise.
      */
-    public static boolean isWeakKey(
-        byte[] key,
-        int offset)
+    public static boolean isWeakKey(byte[] key, int offset)
     {
-        if (key.length - offset < DES_KEY_LENGTH)
+        if (offset > (key.length - DES_KEY_LENGTH))
         {
             throw new IllegalArgumentException("key material too short.");
         }
 
-        nextkey: for (int i = 0; i < N_DES_WEAK_KEYS; i++)
+        for (int i = 0; i < N_DES_WEAK_KEYS; i++)
         {
-            for (int j = 0; j < DES_KEY_LENGTH; j++)
+            if (Arrays.constantTimeAreEqual(DES_KEY_LENGTH, key, offset, DES_weak_keys, i * DES_KEY_LENGTH))
             {
-                if (key[j + offset] != DES_weak_keys[i * DES_KEY_LENGTH + j])
-                {
-                    continue nextkey;
-                }
+                return true;
             }
-
-            return true;
         }
+
         return false;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,7 @@`
`1`	`1`	`package org.bouncycastle.crypto.params;`
`2`	`2`
	`3`	`+import org.bouncycastle.util.Arrays;`
	`4`	`+`
`3`	`5`	`public class DESParameters`
`4`	`6`	`extends KeyParameter`
`5`	`7`	`{`
`@@ -58,27 +60,21 @@ public DESParameters(`
`58`	`60`	`* @return true if the given DES key material is weak or semi-weak,`
`59`	`61`	`* false otherwise.`
`60`	`62`	`*/`
`61`		`- public static boolean isWeakKey(`
`62`		`- byte[] key,`
`63`		`- int offset)`
	`63`	`+ public static boolean isWeakKey(byte[] key, int offset)`
`64`	`64`	`{`
`65`		`- if (key.length - offset < DES_KEY_LENGTH)`
	`65`	`+ if (offset > (key.length - DES_KEY_LENGTH))`
`66`	`66`	`{`
`67`	`67`	`throw new IllegalArgumentException("key material too short.");`
`68`	`68`	`}`
`69`	`69`
`70`		`- nextkey: for (int i = 0; i < N_DES_WEAK_KEYS; i++)`
	`70`	`+ for (int i = 0; i < N_DES_WEAK_KEYS; i++)`
`71`	`71`	`{`
`72`		`- for (int j = 0; j < DES_KEY_LENGTH; j++)`
	`72`	`+ if (Arrays.constantTimeAreEqual(DES_KEY_LENGTH, key, offset, DES_weak_keys, i * DES_KEY_LENGTH))`
`73`	`73`	`{`
`74`		`- if (key[j + offset] != DES_weak_keys[i * DES_KEY_LENGTH + j])`
`75`		`- {`
`76`		`- continue nextkey;`
`77`		`- }`
	`74`	`+ return true;`
`78`	`75`	`}`
`79`		`-`
`80`		`- return true;`
`81`	`76`	`}`
	`77`	`+`
`82`	`78`	`return false;`
`83`	`79`	`}`
`84`	`80`