From: Adrian-Ken Rueegsegger <rueegsegger@swiss-it.ch>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
linux-crypto@vger.kernel.org, davem@davemloft.net
Subject: Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode
Date: Sun, 01 Jun 2008 18:19:24 +0200 [thread overview]
Message-ID: <4842CC0C.2090703@swiss-it.ch> (raw)
In-Reply-To: <20080601155408.GA4737@localhost.localdomain>
Neil Horman wrote:
> On Sun, Jun 01, 2008 at 03:44:23AM +0200, Adrian-Ken Rueegsegger wrote:
>> Neil Horman wrote:
>>> On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote:
>>>> On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken Rüegsegger wrote:
>>>>> I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable?
>>>> If you could post a patch with those that would be very much
>>>> appreciated. Thanks!
>> I am putting together a patch using the test vectors found at [3] and the ones I gathered from ANSI X9.52 and ISO/IEC FDIS 10116:2005. Strange enough the ANSI and ISO test vectors pass while the ones from NIST do not yield the expected results. I have not yet identified the specific differences between the various test vector sets. It is not clearly stated if/which padding was employed so that might be the reason...
>>
>
> I thought that TDES input/output vectors had to be an even multiple of the key
> length. As such if the vectors aren't an even multiple, doesn't padding have to
> be employed?
It's actually multiple of the cipher's block length, which all plain-/ciphertext values of the test vectors are. I some cases keys are also padded if one only supplies 2 keys and not 3 (192 bits in total). Since I used the test vectors with three distinct 64 bit keys I was wrong with my thinking that padding could be an issue. As you mentioned in the other mail, I will see if something with my setup is off.
Adrian
>>> For future reference, do you have a link where NIST standard test vectors can be
>>> obtained?
>> A good place to start is [1]. More specifically for TDES: [2] and [3]. Note that the tests described in [2] will not work with the current DES3 implementation since the employed keys will be identified as weak keys and the setkey operation would fail.
>>
>> By the way: when explicitly trying to set a weak key for DES3 I got the following warning:
>>
>> setkey() failed flags=0
>>
>> Shouldn't the flags be set to CRYPTO_TFM_RES_BAD_KEY_SCHED at that point (see crypto/des_generic.c, line 873)?
> I ran into this too when I wrote my vector. I'm not sure why this is happening,
> as it appears the *flags->crt_flags | FLAGS statements should set these. I'm
> looking into why
> Neil
>
>> Thanks,
>> Adrian
>> __________
>>
>> [1] - http://csrc.nist.gov/groups/STM/cavp/standards.html
>> [2] - http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf
>> [3] - http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2008-06-01 16:19 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-23 20:18 [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode Neil Horman
2008-05-24 0:06 ` Herbert Xu
2008-05-24 0:34 ` Neil Horman
2008-05-24 0:36 ` Herbert Xu
2008-05-30 17:26 ` Adrian-Ken Rüegsegger
2008-05-30 22:46 ` Herbert Xu
2008-05-31 16:37 ` Neil Horman
2008-06-01 1:44 ` Adrian-Ken Rueegsegger
2008-06-01 15:54 ` Neil Horman
2008-06-01 16:19 ` Adrian-Ken Rueegsegger [this message]
2008-06-02 21:55 ` Adrian-Ken Rueegsegger
2008-06-01 1:10 ` Adrian-Ken Rueegsegger
2008-06-01 16:03 ` Neil Horman
2008-06-01 16:09 ` Adrian-Ken Rueegsegger
2008-06-01 22:18 ` Neil Horman
2008-06-01 22:43 ` Adrian-Ken Rueegsegger
2008-06-02 0:17 ` Neil Horman
2008-06-02 8:32 ` Herbert Xu
2008-06-02 12:45 ` Neil Horman
2008-06-02 12:48 ` Herbert Xu
2008-06-02 16:17 ` Neil Horman
2008-06-02 20:19 ` Adrian-Ken Rueegsegger
2008-06-02 20:45 ` Neil Horman
2008-06-03 10:00 ` Herbert Xu
-- strict thread matches above, loose matches on Subject: below --
2008-05-21 20:09 Neil Horman
2008-05-22 0:03 ` Herbert Xu
2008-05-22 11:38 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4842CC0C.2090703@swiss-it.ch \
--to=rueegsegger@swiss-it.ch \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.