Disable Weak cipher check for DES KCV

Jussi Kivilinna jussi.kivilinna at iki.fi
Wed Jan 22 22:08:52 CET 2020


On 9.1.2020 3.57, Jan Bilek wrote:
> Hi Jussi,
> No problem and thanks for coming back on my email.
> You are right - "all KCV algorithms I managed to find encrypt zero input block with the actual key as key" - except cases where the key is a weak key. While this might sound ridiculous there are many cases like this - in production as well as in test environments. E.g. Thales HSM default-load key-set works with some weak keys and while doing symmetric crypto we need to support those as well (in testing / dev environments Thales HSM is almost always loaded with a default key set so crypto can be reproduced and validated).
> Hope it makes better sense now.

Ok. I guess for such testing use-case, we could add new gcry_cipher_ctl command to allow weak-keys on cipher object. After command is given to cipher object, setkey would still return weak-key error code, but otherwise setup algorithm for encryption/decryption. Usage would be like this:

 err = gcry_cipher_open(&handle, algo, mode, 0)
 assert(err == 0)
 err = gcry_cipher_ctl(handle, GCRYCTL_ALLOW_WEAK_KEY, NULL, 1)
 assert(err == 0)
 err = gcry_cipher_setkey(handle, weak_key_buf, weak_key_len)
 assert(err == GPG_ERR_WEAK_KEY)
 err = gcry_cipher_encrypt(handle, out, outlen, in, inlen)
 assert(err == 0)
 err = gcry_cipher_close(handle)
 assert(err == 0)


More information about the Gcrypt-devel mailing list