From: Adrian-Ken Rueegsegger <rueegsegger@swiss-it.ch>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>,
linux-crypto@vger.kernel.org, davem@davemloft.net
Subject: Re: [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode
Date: Sun, 01 Jun 2008 18:19:24 +0200 [thread overview]
Message-ID: <4842CC0C.2090703@swiss-it.ch> (raw)
In-Reply-To: <20080601155408.GA4737@localhost.localdomain>
Neil Horman wrote:
> On Sun, Jun 01, 2008 at 03:44:23AM +0200, Adrian-Ken Rueegsegger wrote:
>> Neil Horman wrote:
>>> On Sat, May 31, 2008 at 08:46:22AM +1000, Herbert Xu wrote:
>>>> On Fri, May 30, 2008 at 07:26:38PM +0200, Adrian-Ken Rüegsegger wrote:
>>>>> I was wondering why you created your own test vectors. Wouldn't standardized test vectors by NIST or ANSI be preferable?
>>>> If you could post a patch with those that would be very much
>>>> appreciated. Thanks!
>> I am putting together a patch using the test vectors found at [3] and the ones I gathered from ANSI X9.52 and ISO/IEC FDIS 10116:2005. Strange enough the ANSI and ISO test vectors pass while the ones from NIST do not yield the expected results. I have not yet identified the specific differences between the various test vector sets. It is not clearly stated if/which padding was employed so that might be the reason...
>>
>
> I thought that TDES input/output vectors had to be an even multiple of the key
> length. As such if the vectors aren't an even multiple, doesn't padding have to
> be employed?
It's actually multiple of the cipher's block length, which all plain-/ciphertext values of the test vectors are. I some cases keys are also padded if one only supplies 2 keys and not 3 (192 bits in total). Since I used the test vectors with three distinct 64 bit keys I was wrong with my thinking that padding could be an issue. As you mentioned in the other mail, I will see if something with my setup is off.
Adrian
>>> For future reference, do you have a link where NIST standard test vectors can be
>>> obtained?
>> A good place to start is [1]. More specifically for TDES: [2] and [3]. Note that the tests described in [2] will not work with the current DES3 implementation since the employed keys will be identified as weak keys and the setkey operation would fail.
>>
>> By the way: when explicitly trying to set a weak key for DES3 I got the following warning:
>>
>> setkey() failed flags=0
>>
>> Shouldn't the flags be set to CRYPTO_TFM_RES_BAD_KEY_SCHED at that point (see crypto/des_generic.c, line 873)?
> I ran into this too when I wrote my vector. I'm not sure why this is happening,
> as it appears the *flags->crt_flags | FLAGS statements should set these. I'm
> looking into why
> Neil
>
>> Thanks,
>> Adrian
>> __________
>>
>> [1] - http://csrc.nist.gov/groups/STM/cavp/standards.html
>> [2] - http://csrc.nist.gov/publications/nistpubs/800-20/800-20.pdf
>> [3] - http://csrc.nist.gov/groups/STM/cavp/documents/des/tripledes-vectors.zip
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2008-06-01 16:19 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-05-23 20:18 [PATCH] tcrypt: add self test for des3_ebe cipher operating in cbc mode Neil Horman
2008-05-24 0:06 ` Herbert Xu
2008-05-24 0:34 ` Neil Horman
2008-05-24 0:36 ` Herbert Xu
2008-05-30 17:26 ` Adrian-Ken Rüegsegger
2008-05-30 22:46 ` Herbert Xu
2008-05-31 16:37 ` Neil Horman
2008-06-01 1:44 ` Adrian-Ken Rueegsegger
2008-06-01 15:54 ` Neil Horman
2008-06-01 16:19 ` Adrian-Ken Rueegsegger [this message]
2008-06-02 21:55 ` Adrian-Ken Rueegsegger
2008-06-01 1:10 ` Adrian-Ken Rueegsegger
2008-06-01 16:03 ` Neil Horman
2008-06-01 16:09 ` Adrian-Ken Rueegsegger
2008-06-01 22:18 ` Neil Horman
2008-06-01 22:43 ` Adrian-Ken Rueegsegger
2008-06-02 0:17 ` Neil Horman
2008-06-02 8:32 ` Herbert Xu
2008-06-02 12:45 ` Neil Horman
2008-06-02 12:48 ` Herbert Xu
2008-06-02 16:17 ` Neil Horman
2008-06-02 20:19 ` Adrian-Ken Rueegsegger
2008-06-02 20:45 ` Neil Horman
2008-06-03 10:00 ` Herbert Xu
-- strict thread matches above, loose matches on Subject: below --
2008-05-21 20:09 Neil Horman
2008-05-22 0:03 ` Herbert Xu
2008-05-22 11:38 ` Neil Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4842CC0C.2090703@swiss-it.ch \
--to=rueegsegger@swiss-it.ch \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox