Skip to content

Commit

Permalink
crypto: des3_ede - permit weak keys unless REQ_WEAK_KEY set
Browse files Browse the repository at this point in the history 
While its a slightly insane to bypass the key1 == key2 ||
key2 == key3 check in triple-des, since it reduces it to the
same strength as des, some folks do need to do this from time
to time for backwards compatibility with des.

My own case is FIPS CAVS test vectors. Many triple-des test
vectors use a single key, replicated 3x. In order to get the
expected results, des3_ede_setkey() needs to only reject weak
keys if the CRYPTO_TFM_REQ_WEAK_KEY flag is set.

Also sets a more appropriate RES flag when a weak key is found.

Signed-off-by: Jarod Wilson <[email protected]>
Signed-off-by: Herbert Xu <[email protected]>
  • Loading branch information
@jarodwilson @herbertx
jarodwilson authored and herbertx committed Dec 25, 2008
1 parent bd9d20d commit ad79cdd
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions crypto/des_generic.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -868,9 +868,10 @@ static int des3_ede_setkey(struct crypto_tfm *tfm, const u8 *key,
u32 *flags = &tfm->crt_flags;

if (unlikely(!((K[0] ^ K[2]) | (K[1] ^ K[3])) ||
!((K[2] ^ K[4]) | (K[3] ^ K[5]))))
!((K[2] ^ K[4]) | (K[3] ^ K[5]))) &&
(*flags & CRYPTO_TFM_REQ_WEAK_KEY))
{
*flags |= CRYPTO_TFM_RES_BAD_KEY_SCHED;
*flags |= CRYPTO_TFM_RES_WEAK_KEY;
return -EINVAL;
}

Expand Down

0 comments on commit ad79cdd

Please sign in to comment.