* Re: [PATCH v2] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set [not found] <200812041557.49601.jarod@redhat.com> @ 2008-12-05 15:03 ` Jarod Wilson 2008-12-05 15:24 ` Herbert Xu 0 siblings, 1 reply; 7+ messages in thread From: Jarod Wilson @ 2008-12-05 15:03 UTC (permalink / raw) To: linux-crypto; +Cc: Herbert Xu, Neil Horman, linux-kernel Jarod Wilson wrote: > While its a slightly insane to bypass the key1 == key2 || > key2 == key3 check in triple-des, since it reduces it to the > same strength as des, some folks do need to do this from time > to time for backwards compatibility with des. > > My own case is FIPS CAVS test vectors. Many triple-des test > vectors use a single key, replicated 3x. In order to get the > expected results, des3_ede_setkey() needs to honor the weak > key flag. > > Also adds a warning when a weak key is rejected, otherwise, > you silently get back a bogus result. > > Signed-off-by: Jarod Wilson <jarod@redhat.com> v2: make CRYPTO_TFM_REQ_WEAK_KEY flag usage consistent w/rest of crypto subsystem, per comments from Herbert in Red Hat bugzilla #474394. --- crypto/des_generic.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/crypto/des_generic.c b/crypto/des_generic.c index 5d0e458..9002073 100644 --- a/crypto/des_generic.c +++ b/crypto/des_generic.c @@ -868,7 +868,8 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key, u32 *flags = &tfm->crt_flags; if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || - !((K[2] ^ K[4]) | (K[3] ^ K[5])))) + !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && + (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; return -EINVAL; -- Jarod Wilson jarod@redhat.com ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set 2008-12-05 15:03 ` [PATCH v2] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set Jarod Wilson @ 2008-12-05 15:24 ` Herbert Xu 2008-12-06 5:39 ` [PATCH v3] " Jarod Wilson [not found] ` <200812051458.10426.jarod@redhat.com> 0 siblings, 2 replies; 7+ messages in thread From: Herbert Xu @ 2008-12-05 15:24 UTC (permalink / raw) To: Jarod Wilson; +Cc: linux-crypto, Neil Horman, linux-kernel On Fri, Dec 05, 2008 at 10:03:53AM -0500, Jarod Wilson wrote: > > if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || > - !((K[2] ^ K[4]) | (K[3] ^ K[5])))) > + !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && > + (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) > { > *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; This should be changed to RES_WEAK_KEY. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set 2008-12-05 15:24 ` Herbert Xu @ 2008-12-06 5:39 ` Jarod Wilson 2008-12-06 20:17 ` Neil Horman 2008-12-07 11:38 ` Herbert Xu [not found] ` <200812051458.10426.jarod@redhat.com> 1 sibling, 2 replies; 7+ messages in thread From: Jarod Wilson @ 2008-12-06 5:39 UTC (permalink / raw) To: Herbert Xu; +Cc: linux-crypto, Neil Horman, linux-kernel Jarod Wilson wrote: > While its a slightly insane to bypass the key1 == key2 || > key2 == key3 check in triple-des, since it reduces it to the > same strength as des, some folks do need to do this from time > to time for backwards compatibility with des. > > My own case is FIPS CAVS test vectors. Many triple-des test > vectors use a single key, replicated 3x. In order to get the > expected results, des3_ede_setkey() needs to honor the weak > key flag. v2: make CRYPTO_TFM_REQ_WEAK_KEY flag usage consistent w/rest of crypto subsystem, per comments from Herbert in Red Hat bugzilla #474394. v3: set more appropriate RES flag, also per Herbert. Signed-off-by: Jarod Wilson <jarod@redhat.com> --- crypto/des_generic.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/des_generic.c b/crypto/des_generic.c index 5d0e458..5bd3ee3 100644 --- a/crypto/des_generic.c +++ b/crypto/des_generic.c @@ -868,9 +868,10 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key, u32 *flags = &tfm->crt_flags; if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || - !((K[2] ^ K[4]) | (K[3] ^ K[5])))) + !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && + (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { - *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; + *flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } -- Jarod Wilson jarod@redhat.com ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v3] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set 2008-12-06 5:39 ` [PATCH v3] " Jarod Wilson @ 2008-12-06 20:17 ` Neil Horman 2008-12-07 11:38 ` Herbert Xu 1 sibling, 0 replies; 7+ messages in thread From: Neil Horman @ 2008-12-06 20:17 UTC (permalink / raw) To: Jarod Wilson; +Cc: Herbert Xu, linux-crypto, linux-kernel On Sat, Dec 06, 2008 at 12:39:38AM -0500, Jarod Wilson wrote: > Jarod Wilson wrote: >> While its a slightly insane to bypass the key1 == key2 || >> key2 == key3 check in triple-des, since it reduces it to the >> same strength as des, some folks do need to do this from time >> to time for backwards compatibility with des. >> >> My own case is FIPS CAVS test vectors. Many triple-des test >> vectors use a single key, replicated 3x. In order to get the >> expected results, des3_ede_setkey() needs to honor the weak >> key flag. > > v2: make CRYPTO_TFM_REQ_WEAK_KEY flag usage consistent w/rest > of crypto subsystem, per comments from Herbert in Red Hat > bugzilla #474394. > > v3: set more appropriate RES flag, also per Herbert. > > Signed-off-by: Jarod Wilson <jarod@redhat.com> > > --- > crypto/des_generic.c | 5 +++-- > 1 files changed, 3 insertions(+), 2 deletions(-) > > diff --git a/crypto/des_generic.c b/crypto/des_generic.c > index 5d0e458..5bd3ee3 100644 > --- a/crypto/des_generic.c > +++ b/crypto/des_generic.c > @@ -868,9 +868,10 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, > const u8 *key, > u32 *flags = &tfm->crt_flags; > > if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || > - !((K[2] ^ K[4]) | (K[3] ^ K[5])))) > + !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && > + (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) > { > - *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; > + *flags |= CRYPTO_TFM_RES_WEAK_KEY; > return -EINVAL; > } > > Looks good to me. Thanks Jarod! Acked-by: Neil Horman <nhorman@tuxdriver.com> ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v3] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set 2008-12-06 5:39 ` [PATCH v3] " Jarod Wilson 2008-12-06 20:17 ` Neil Horman @ 2008-12-07 11:38 ` Herbert Xu 1 sibling, 0 replies; 7+ messages in thread From: Herbert Xu @ 2008-12-07 11:38 UTC (permalink / raw) To: Jarod Wilson; +Cc: linux-crypto, Neil Horman, linux-kernel On Sat, Dec 06, 2008 at 12:39:38AM -0500, Jarod Wilson wrote: > > v3: set more appropriate RES flag, also per Herbert. BTW, please maintain the patch description as you would in the first submission. This makes it much easier for me to apply the patch. Feel free to summarise changes elsewhere in the email. > Signed-off-by: Jarod Wilson <jarod@redhat.com> I tried to apply it but I get $ git apply ~/p fatal: corrupt patch at line 29 $ patch -s -p1 < ~/p patch: **** malformed patch at line 29: u8 *key, $ Please fix it up and resubmit. Thanks, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <200812051458.10426.jarod@redhat.com>]
* Re: [PATCH v4] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set [not found] ` <200812051458.10426.jarod@redhat.com> @ 2008-12-08 15:41 ` Jarod Wilson 2008-12-17 5:51 ` Herbert Xu 0 siblings, 1 reply; 7+ messages in thread From: Jarod Wilson @ 2008-12-08 15:41 UTC (permalink / raw) To: Herbert Xu; +Cc: linux-crypto, Neil Horman, linux-kernel While its a slightly insane to bypass the key1 == key2 || key2 == key3 check in triple-des, since it reduces it to the same strength as des, some folks do need to do this from time to time for backwards compatibility with des. My own case is FIPS CAVS test vectors. Many triple-des test vectors use a single key, replicated 3x. In order to get the expected results, des3_ede_setkey() needs to only reject weak keys if the CRYPTO_TFM_REQ_WEAK_KEY flag is set. Also sets a more appropriate RES flag when a weak key is found. This time, hopefully without unintended line wrapping... Signed-off-by: Jarod Wilson <jarod@redhat.com> --- crypto/des_generic.c | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/crypto/des_generic.c b/crypto/des_generic.c index 5d0e458..5bd3ee3 100644 --- a/crypto/des_generic.c +++ b/crypto/des_generic.c @@ -868,9 +868,10 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key, u32 *flags = &tfm->crt_flags; if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) || - !((K[2] ^ K[4]) | (K[3] ^ K[5])))) + !((K[2] ^ K[4]) | (K[3] ^ K[5]))) && + (*flags & CRYPTO_TFM_REQ_WEAK_KEY)) { - *flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED; + *flags |= CRYPTO_TFM_RES_WEAK_KEY; return -EINVAL; } -- Jarod Wilson jarod@redhat.com ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v4] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set 2008-12-08 15:41 ` [PATCH v4] " Jarod Wilson @ 2008-12-17 5:51 ` Herbert Xu 0 siblings, 0 replies; 7+ messages in thread From: Herbert Xu @ 2008-12-17 5:51 UTC (permalink / raw) To: Jarod Wilson; +Cc: linux-crypto, Neil Horman, linux-kernel On Mon, Dec 08, 2008 at 10:41:41AM -0500, Jarod Wilson wrote: > While its a slightly insane to bypass the key1 == key2 || > key2 == key3 check in triple-des, since it reduces it to the > same strength as des, some folks do need to do this from time > to time for backwards compatibility with des. > > My own case is FIPS CAVS test vectors. Many triple-des test > vectors use a single key, replicated 3x. In order to get the > expected results, des3_ede_setkey() needs to only reject weak > keys if the CRYPTO_TFM_REQ_WEAK_KEY flag is set. > > Also sets a more appropriate RES flag when a weak key is found. > > This time, hopefully without unintended line wrapping... > > Signed-off-by: Jarod Wilson <jarod@redhat.com> Patch applied. Thanks Jarod! -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2008-12-17 5:51 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <200812041557.49601.jarod@redhat.com>
2008-12-05 15:03 ` [PATCH v2] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set Jarod Wilson
2008-12-05 15:24 ` Herbert Xu
2008-12-06 5:39 ` [PATCH v3] " Jarod Wilson
2008-12-06 20:17 ` Neil Horman
2008-12-07 11:38 ` Herbert Xu
[not found] ` <200812051458.10426.jarod@redhat.com>
2008-12-08 15:41 ` [PATCH v4] " Jarod Wilson
2008-12-17 5:51 ` Herbert Xu
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox