AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

64-bit block ciphers are incompatible with some modes

Browse Source 
Only allow selected modes with 64-bit block ciphers (i.e. DES).

This removes some storage tests and creates corresponding op_fail tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2022-03-18 10:18:58 +01:00
parent e6b85b4d42
commit c47d3a4286
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
scripts/mbedtls_dev/crypto_knowledge.py
View File

@ -218,6 +218,12 @@ class KeyType:
return False return False
if self.head == 'HMAC' and alg.head == 'HMAC': if self.head == 'HMAC' and alg.head == 'HMAC':
return True return True
if self.head == 'DES':
# 64-bit block ciphers only allow a reduced set of modes.
return alg.head in [
'CBC_NO_PADDING', 'CBC_PKCS7',
'ECB_NO_PADDING',
]
if self.head in BLOCK_CIPHERS and \ if self.head in BLOCK_CIPHERS and \
alg.head in frozenset.union(BLOCK_MAC_MODES, alg.head in frozenset.union(BLOCK_MAC_MODES,
BLOCK_CIPHER_MODES, BLOCK_CIPHER_MODES,