[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and
From: |
Eric Blake |
Subject: |
Re: [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC |
Date: |
Thu, 8 Jul 2021 13:50:54 -0500 |
User-agent: |
NeoMutt/20210205-556-f84451-dirty |
On Tue, Jul 06, 2021 at 10:59:14AM +0100, Daniel P. Berrangé wrote:
> The GNUTLS crypto provider doesn't support DES-ECB, only DES-CBC.
I had to go research these terms; DES-ECB is weaker (each block
encrypted on its own), DES-CBC is stronger (the encryption of later
blocks depend on the earlier text). Makes sense that GNUTLS has
dropped support for the weaker form.
> We can use the latter to simulate the former, if we encrypt only
> 1 block (8 bytes) of data at a time, using a all-zeros IV. This
using an all-zeros
> is a very inefficient way to use the QCryptoCipher APIs, but
> since the VNC authentication challenge is only 16 bytes, this
> is acceptable. No other part of QEMU should be using DES. This
> test case demonstrates the equivalence of ECB and CBC for the
> single-block case.
Agreed - both on the inefficiency (we're throwing away all the work
spent on chaining the later blocks - thankfully there is only one such
block in our 16-byte challenge), and on the fact that DES should be
avoided where possible (our sole use is due to VNC's less-than-stellar
"security").
>
> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> ---
> tests/unit/test-crypto-cipher.c | 23 +++++++++++++++++++++++
> 1 file changed, 23 insertions(+)
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
- Re: [PATCH 02/18] crypto: remove obsolete crypto test condition, (continued)
- [PATCH 05/18] crypto: fix gcrypt min version 1.8 regression, Daniel P . Berrangé, 2021/07/06
- [PATCH 03/18] crypto: skip essiv ivgen tests if AES+ECB isn't available, Daniel P . Berrangé, 2021/07/06
- [PATCH 09/18] crypto: delete built-in DES implementation, Daniel P . Berrangé, 2021/07/06
- [PATCH 06/18] crypto: drop gcrypt thread initialization code, Daniel P . Berrangé, 2021/07/06
- [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC, Daniel P . Berrangé, 2021/07/06
- Re: [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC,
Eric Blake <=
- [PATCH 07/18] crypto: drop custom XTS support in gcrypt driver, Daniel P . Berrangé, 2021/07/06
- [PATCH 04/18] crypto: use &error_fatal in crypto tests, Daniel P . Berrangé, 2021/07/06
- [PATCH 10/18] crypto: delete built-in XTS cipher mode support, Daniel P . Berrangé, 2021/07/06
- [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt, Daniel P . Berrangé, 2021/07/06
- [PATCH 13/18] crypto: introduce build system for gnutls crypto backend, Daniel P . Berrangé, 2021/07/06