2008-12-08 15:38:19

by Jarod Wilson

Subject: Re: [PATCH v4] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set

While its a slightly insane to bypass the key1 == key2 ||
key2 == key3 check in triple-des, since it reduces it to the
same strength as des, some folks do need to do this from time
to time for backwards compatibility with des.

My own case is FIPS CAVS test vectors. Many triple-des test
vectors use a single key, replicated 3x. In order to get the
expected results, des3_ede_setkey() needs to only reject weak
keys if the CRYPTO_TFM_REQ_WEAK_KEY flag is set.

Also sets a more appropriate RES flag when a weak key is found.

This time, hopefully without unintended line wrapping...

Signed-off-by: Jarod Wilson <[email protected]>

---
crypto/des_generic.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index 5d0e458..5bd3ee3 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -868,9 +868,10 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
u32 *flags = &tfm->crt_flags;

if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
- !((K[2] ^ K[4]) | (K[3] ^ K[5]))))
+ !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
+ (*flags & CRYPTO_TFM_REQ_WEAK_KEY))
{
- *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
+ *flags |= CRYPTO_TFM_RES_WEAK_KEY;
return -EINVAL;
}

--
Jarod Wilson
[email protected]

2008-12-17 05:51:30

by Herbert Xu

Subject: Re: [PATCH v4] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set

On Mon, Dec 08, 2008 at 10:41:41AM -0500, Jarod Wilson wrote:
> While its a slightly insane to bypass the key1 == key2 ||
> key2 == key3 check in triple-des, since it reduces it to the
> same strength as des, some folks do need to do this from time
> to time for backwards compatibility with des.
>
> My own case is FIPS CAVS test vectors. Many triple-des test
> vectors use a single key, replicated 3x. In order to get the
> expected results, des3_ede_setkey() needs to only reject weak
> keys if the CRYPTO_TFM_REQ_WEAK_KEY flag is set.
>
> Also sets a more appropriate RES flag when a weak key is found.
>
> This time, hopefully without unintended line wrapping...
>
> Signed-off-by: Jarod Wilson <[email protected]>

Patch applied. Thanks Jarod!
--
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <[email protected]>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt