All of lore.kernel.org
 help / color / mirror / Atom feed
* Re: [PATCH v2] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set
       [not found] <200812041557.49601.jarod@redhat.com>
@ 2008-12-05 15:03 ` Jarod Wilson
  2008-12-05 15:24   ` Herbert Xu
  0 siblings, 1 reply; 7+ messages in thread
From: Jarod Wilson @ 2008-12-05 15:03 UTC (permalink / raw)
  To: linux-crypto; +Cc: Herbert Xu, Neil Horman, linux-kernel

Jarod Wilson wrote:
> While its a slightly insane to bypass the key1 == key2 ||
> key2 == key3 check in triple-des, since it reduces it to the
> same strength as des, some folks do need to do this from time
> to time for backwards compatibility with des.
> 
> My own case is FIPS CAVS test vectors. Many triple-des test
> vectors use a single key, replicated 3x. In order to get the
> expected results, des3_ede_setkey() needs to honor the weak
> key flag.
> 
> Also adds a warning when a weak key is rejected, otherwise,
> you silently get back a bogus result.
> 
> Signed-off-by: Jarod Wilson <jarod@redhat.com>

v2: make CRYPTO_TFM_REQ_WEAK_KEY flag usage consistent w/rest of crypto 
subsystem, per comments from Herbert in Red Hat bugzilla #474394.

---
  crypto/des_generic.c |    3 ++-
  1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index 5d0e458..9002073 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -868,7 +868,8 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, 
const u8 *key,
  	u32 *flags = &tfm->crt_flags;

  	if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
-		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))))
+		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
+		     (*flags & CRYPTO_TFM_REQ_WEAK_KEY))
  	{
  		*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
  		return -EINVAL;


-- 
Jarod Wilson
jarod@redhat.com

^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [PATCH v2] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set
  2008-12-05 15:03 ` [PATCH v2] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set Jarod Wilson
@ 2008-12-05 15:24   ` Herbert Xu
  2008-12-06  5:39     ` [PATCH v3] " Jarod Wilson
       [not found]     ` <200812051458.10426.jarod@redhat.com>
  0 siblings, 2 replies; 7+ messages in thread
From: Herbert Xu @ 2008-12-05 15:24 UTC (permalink / raw)
  To: Jarod Wilson; +Cc: linux-crypto, Neil Horman, linux-kernel

On Fri, Dec 05, 2008 at 10:03:53AM -0500, Jarod Wilson wrote:
>
>  	if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
> -		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))))
> +		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
> +		     (*flags & CRYPTO_TFM_REQ_WEAK_KEY))
>  	{
>  		*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;

This should be changed to RES_WEAK_KEY.

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v3] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set
  2008-12-05 15:24   ` Herbert Xu
@ 2008-12-06  5:39     ` Jarod Wilson
  2008-12-06 20:17       ` Neil Horman
  2008-12-07 11:38       ` Herbert Xu
       [not found]     ` <200812051458.10426.jarod@redhat.com>
  1 sibling, 2 replies; 7+ messages in thread
From: Jarod Wilson @ 2008-12-06  5:39 UTC (permalink / raw)
  To: Herbert Xu; +Cc: linux-crypto, Neil Horman, linux-kernel

Jarod Wilson wrote:
> While its a slightly insane to bypass the key1 == key2 ||
> key2 == key3 check in triple-des, since it reduces it to the
> same strength as des, some folks do need to do this from time
> to time for backwards compatibility with des.
>
> My own case is FIPS CAVS test vectors. Many triple-des test
> vectors use a single key, replicated 3x. In order to get the
> expected results, des3_ede_setkey() needs to honor the weak
> key flag.

v2: make CRYPTO_TFM_REQ_WEAK_KEY flag usage consistent w/rest
of crypto subsystem, per comments from Herbert in Red Hat
bugzilla #474394.

v3: set more appropriate RES flag, also per Herbert.

Signed-off-by: Jarod Wilson <jarod@redhat.com>

---
  crypto/des_generic.c |    5 +++--
  1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index 5d0e458..5bd3ee3 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -868,9 +868,10 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const 
u8 *key,
  	u32 *flags = &tfm->crt_flags;

  	if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
-		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))))
+		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
+		     (*flags & CRYPTO_TFM_REQ_WEAK_KEY))
  	{
-		*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
+		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
  		return -EINVAL;
  	}


-- 
Jarod Wilson
jarod@redhat.com


^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [PATCH v3] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set
  2008-12-06  5:39     ` [PATCH v3] " Jarod Wilson
@ 2008-12-06 20:17       ` Neil Horman
  2008-12-07 11:38       ` Herbert Xu
  1 sibling, 0 replies; 7+ messages in thread
From: Neil Horman @ 2008-12-06 20:17 UTC (permalink / raw)
  To: Jarod Wilson; +Cc: Herbert Xu, linux-crypto, linux-kernel

On Sat, Dec 06, 2008 at 12:39:38AM -0500, Jarod Wilson wrote:
> Jarod Wilson wrote:
>> While its a slightly insane to bypass the key1 == key2 ||
>> key2 == key3 check in triple-des, since it reduces it to the
>> same strength as des, some folks do need to do this from time
>> to time for backwards compatibility with des.
>>
>> My own case is FIPS CAVS test vectors. Many triple-des test
>> vectors use a single key, replicated 3x. In order to get the
>> expected results, des3_ede_setkey() needs to honor the weak
>> key flag.
>
> v2: make CRYPTO_TFM_REQ_WEAK_KEY flag usage consistent w/rest
> of crypto subsystem, per comments from Herbert in Red Hat
> bugzilla #474394.
>
> v3: set more appropriate RES flag, also per Herbert.
>
> Signed-off-by: Jarod Wilson <jarod@redhat.com>
>
> ---
>  crypto/des_generic.c |    5 +++--
>  1 files changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/crypto/des_generic.c b/crypto/des_generic.c
> index 5d0e458..5bd3ee3 100644
> --- a/crypto/des_generic.c
> +++ b/crypto/des_generic.c
> @@ -868,9 +868,10 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, 
> const u8 *key,
>  	u32 *flags = &tfm->crt_flags;
>
>  	if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
> -		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))))
> +		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
> +		     (*flags & CRYPTO_TFM_REQ_WEAK_KEY))
>  	{
> -		*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
> +		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
>  		return -EINVAL;
>  	}
>
>
Looks good to me.  Thanks Jarod!
Acked-by: Neil Horman <nhorman@tuxdriver.com>

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v3] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set
  2008-12-06  5:39     ` [PATCH v3] " Jarod Wilson
  2008-12-06 20:17       ` Neil Horman
@ 2008-12-07 11:38       ` Herbert Xu
  1 sibling, 0 replies; 7+ messages in thread
From: Herbert Xu @ 2008-12-07 11:38 UTC (permalink / raw)
  To: Jarod Wilson; +Cc: linux-crypto, Neil Horman, linux-kernel

On Sat, Dec 06, 2008 at 12:39:38AM -0500, Jarod Wilson wrote:
>
> v3: set more appropriate RES flag, also per Herbert.

BTW, please maintain the patch description as you would in the
first submission.  This makes it much easier for me to apply the
patch.  Feel free to summarise changes elsewhere in the email.

> Signed-off-by: Jarod Wilson <jarod@redhat.com>

I tried to apply it but I get

$ git apply ~/p
fatal: corrupt patch at line 29
$ patch -s -p1 < ~/p
patch: **** malformed patch at line 29: u8 *key,

$ 

Please fix it up and resubmit.

Thanks,
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread
* Re: [PATCH v4] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set
       [not found]     ` <200812051458.10426.jarod@redhat.com>
@ 2008-12-08 15:41       ` Jarod Wilson
  2008-12-17  5:51         ` Herbert Xu
  0 siblings, 1 reply; 7+ messages in thread
From: Jarod Wilson @ 2008-12-08 15:41 UTC (permalink / raw)
  To: Herbert Xu; +Cc: linux-crypto, Neil Horman, linux-kernel

While its a slightly insane to bypass the key1 == key2 ||
key2 == key3 check in triple-des, since it reduces it to the
same strength as des, some folks do need to do this from time
to time for backwards compatibility with des.

My own case is FIPS CAVS test vectors. Many triple-des test
vectors use a single key, replicated 3x. In order to get the
expected results, des3_ede_setkey() needs to only reject weak
keys if the CRYPTO_TFM_REQ_WEAK_KEY flag is set.

Also sets a more appropriate RES flag when a weak key is found.

This time, hopefully without unintended line wrapping...

Signed-off-by: Jarod Wilson <jarod@redhat.com>

---
 crypto/des_generic.c |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/crypto/des_generic.c b/crypto/des_generic.c
index 5d0e458..5bd3ee3 100644
--- a/crypto/des_generic.c
+++ b/crypto/des_generic.c
@@ -868,9 +868,10 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
 	u32 *flags = &tfm->crt_flags;
 
 	if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
-		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))))
+		     !((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
+		     (*flags & CRYPTO_TFM_REQ_WEAK_KEY))
 	{
-		*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
+		*flags |= CRYPTO_TFM_RES_WEAK_KEY;
 		return -EINVAL;
 	}
 
-- 
Jarod Wilson
jarod@redhat.com

^ permalink raw reply related	[flat|nested] 7+ messages in thread
* Re: [PATCH v4] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set
  2008-12-08 15:41       ` [PATCH v4] " Jarod Wilson
@ 2008-12-17  5:51         ` Herbert Xu
  0 siblings, 0 replies; 7+ messages in thread
From: Herbert Xu @ 2008-12-17  5:51 UTC (permalink / raw)
  To: Jarod Wilson; +Cc: linux-crypto, Neil Horman, linux-kernel

On Mon, Dec 08, 2008 at 10:41:41AM -0500, Jarod Wilson wrote:
> While its a slightly insane to bypass the key1 == key2 ||
> key2 == key3 check in triple-des, since it reduces it to the
> same strength as des, some folks do need to do this from time
> to time for backwards compatibility with des.
> 
> My own case is FIPS CAVS test vectors. Many triple-des test
> vectors use a single key, replicated 3x. In order to get the
> expected results, des3_ede_setkey() needs to only reject weak
> keys if the CRYPTO_TFM_REQ_WEAK_KEY flag is set.
> 
> Also sets a more appropriate RES flag when a weak key is found.
> 
> This time, hopefully without unintended line wrapping...
> 
> Signed-off-by: Jarod Wilson <jarod@redhat.com>

Patch applied.  Thanks Jarod!
-- 
Visit Openswan at http://www.openswan.org/
Email: Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

^ permalink raw reply	[flat|nested] 7+ messages in thread
end of thread, other threads:[~2008-12-17  5:51 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <200812041557.49601.jarod@redhat.com>
2008-12-05 15:03 ` [PATCH v2] crypto: des3_ede: permit weak keys unless REQ_WEAK_KEY set Jarod Wilson
2008-12-05 15:24   ` Herbert Xu
2008-12-06  5:39     ` [PATCH v3] " Jarod Wilson
2008-12-06 20:17       ` Neil Horman
2008-12-07 11:38       ` Herbert Xu
     [not found]     ` <200812051458.10426.jarod@redhat.com>
2008-12-08 15:41       ` [PATCH v4] " Jarod Wilson
2008-12-17  5:51         ` Herbert Xu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.