[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and
From: |
Daniel P . Berrangé |
Subject: |
Re: [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC |
Date: |
Fri, 9 Jul 2021 14:53:56 +0100 |
User-agent: |
Mutt/2.0.7 (2021-05-04) |
On Thu, Jul 08, 2021 at 01:50:54PM -0500, Eric Blake wrote:
> On Tue, Jul 06, 2021 at 10:59:14AM +0100, Daniel P. Berrangé wrote:
> > The GNUTLS crypto provider doesn't support DES-ECB, only DES-CBC.
>
> I had to go research these terms; DES-ECB is weaker (each block
> encrypted on its own), DES-CBC is stronger (the encryption of later
> blocks depend on the earlier text). Makes sense that GNUTLS has
> dropped support for the weaker form.
>
> > We can use the latter to simulate the former, if we encrypt only
> > 1 block (8 bytes) of data at a time, using a all-zeros IV. This
>
> using an all-zeros
>
> > is a very inefficient way to use the QCryptoCipher APIs, but
> > since the VNC authentication challenge is only 16 bytes, this
> > is acceptable. No other part of QEMU should be using DES. This
> > test case demonstrates the equivalence of ECB and CBC for the
> > single-block case.
>
> Agreed - both on the inefficiency (we're throwing away all the work
> spent on chaining the later blocks - thankfully there is only one such
> block in our 16-byte challenge), and on the fact that DES should be
> avoided where possible (our sole use is due to VNC's less-than-stellar
> "security").
Actually there isn't any work wasted chaining blocks, because we're
only writing one block of data.
The inefficiency is because we have to constantly re-create the
cipher context object after every 8 bytes. This massively dominates
over the cipher speed.
>
> >
> > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
> > ---
> > tests/unit/test-crypto-cipher.c | 23 +++++++++++++++++++++++
> > 1 file changed, 23 insertions(+)
>
> Reviewed-by: Eric Blake <eblake@redhat.com>
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- [PATCH 05/18] crypto: fix gcrypt min version 1.8 regression, (continued)
- [PATCH 05/18] crypto: fix gcrypt min version 1.8 regression, Daniel P . Berrangé, 2021/07/06
- [PATCH 03/18] crypto: skip essiv ivgen tests if AES+ECB isn't available, Daniel P . Berrangé, 2021/07/06
- [PATCH 09/18] crypto: delete built-in DES implementation, Daniel P . Berrangé, 2021/07/06
- [PATCH 06/18] crypto: drop gcrypt thread initialization code, Daniel P . Berrangé, 2021/07/06
- [PATCH 08/18] crypto: add crypto tests for single block DES-ECB and DES-CBC, Daniel P . Berrangé, 2021/07/06
- [PATCH 07/18] crypto: drop custom XTS support in gcrypt driver, Daniel P . Berrangé, 2021/07/06
- [PATCH 04/18] crypto: use &error_fatal in crypto tests, Daniel P . Berrangé, 2021/07/06
- [PATCH 10/18] crypto: delete built-in XTS cipher mode support, Daniel P . Berrangé, 2021/07/06
- [PATCH 12/18] crypto: flip priority of backends to prefer gcrypt, Daniel P . Berrangé, 2021/07/06
- [PATCH 13/18] crypto: introduce build system for gnutls crypto backend, Daniel P . Berrangé, 2021/07/06