Jarod Wilson wrote:
While its a slightly insane to bypass the key1 == key2 ||
key2 == key3 check in triple-des, since it reduces it to the
same strength as des, some folks do need to do this from time
to time for backwards compatibility with des.
My own case is FIPS CAVS test vectors. Many triple-des test
vectors use a single key, replicated 3x. In order to get the
expected results, des3_ede_setkey() needs to honor the weak
key flag.
Also adds a warning when a weak key is rejected, otherwise,
you silently get back a bogus result.
Signed-off-by: Jarod Wilson <jarod@xxxxxxxxxx>
v2: make CRYPTO_TFM_REQ_WEAK_KEY flag usage consistent w/rest of crypto
subsystem, per comments from Herbert in Red Hat bugzilla #474394.
---
crypto/des_generic.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index 5d0e458..9002073 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -868,7 +868,8 @@ static int des3_ede_setkey(struct crypto_tfm *tfm,
const u8 *key,
u32 *flags = &tfm->crt_flags;
if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
- !((K[2] ^ K[4]) | (K[3] ^ K[5]))))
+ !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
+ (*flags & CRYPTO_TFM_REQ_WEAK_KEY))
{
*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
return -EINVAL;
--
Jarod Wilson
jarod@xxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html