On Mon, Apr 24, 2017 at 9:21 AM, Stephan Müller <smueller@xxxxxxxxxx> wrote: > Am Montag, 24. April 2017, 08:16:50 CEST schrieb Stephan Müller: > > Hi Gilad, > >> > >> > int __des3_ede_setkey(u32 *expkey, u32 *flags, const u8 *key, >> > >> > unsigned int keylen) >> > >> > However, this does not check that k1 == k3. In this case DES3 >> > becomes 2DES (2-keys TDEA), the use of which was dropped post 2015 >> > by NIST Special Publication 800-131A*. >> >> It is correct that the RFC wants at least a 2key 3DES. And it is correct >> that SP800-131A mandates 3key 3DES post 2015. All I am saying is that FIPS >> 140-2 does *not* require a technical verification of the 3 keys being not >> identical. > > One side note: we had discussed a patch to this function in the past, see [1]. > > [1] https://patchwork.kernel.org/patch/8293441/ > Thanks, I was not aware of that. I guess we could change the function to indicate that a key is valid for decryption but not encryption and have the implementation limiting based on that if there is an interest in SP800-131A compliance. Gilad -- Gilad Ben-Yossef Chief Coffee Drinker "If you take a class in large-scale robotics, can you end up in a situation where the homework eats your dog?" -- Jean-Baptiste Queru