<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body style="font-family: 'Segoe UI',Frutiger,'Frutiger Linotype','Dejavu Sans','Helvetica Neue',Arial,sans-serif; font-size: 14px;">
<div class="hiri-body-wrapper" contenteditable="true">
<div>Ping?<br>
</div>
</div>
<div class="hiri-extra" contenteditable="true">
<p>On 2019-12-21 11:40:06+10:00 Jan Bilek wrote:</p>
<blockquote style="padding-left:10px; border-left:1px solid #ccc; margin:0">
<div>
<div class="hiri-body-wrapper">Hi,<br>
<br>
We have a problem here where I need to encrypt a block of data with zeros.<br>
<br>
<><br>
gcry_check_version (NULL);
<div> unsigned char key[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};</div>
<div> unsigned char out[8];</div>
<div> unsigned char data[8];</div>
<div></div>
<div> gcry_error_t err = 0;</div>
<div> gcry_cipher_hd_t hd = nullptr;</div>
<div></div>
<div> err = gcry_cipher_open(&hd, GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB, 0);</div>
<div> //auto blklen = gcry_cipher_get_algo_blklen(GCRY_CIPHER_DES);</div>
<div> //auto algolen = gcry_cipher_get_algo_keylen (GCRY_CIPHER_DES);</div>
<div> err = gcry_cipher_setkey (hd, key, sizeof(key));</div>
<div></div>
<div> std::cerr << "gpg_err_code: " << gpg_err_code(err) << std::endl;</div>
<div> std::cerr << "gpg_strerror: " << gpg_strerror(err) << std::endl;</div>
<div></div>
<div> gcry_cipher_encrypt(hd, out, sizeof(key), data, 8);</div>
<div></div>
<div> if (err) {</div>
<div> std::cerr << "Failed to perform cryptography" << std::endl;</div>
<div> std::cerr << " cipher: " << static_cast<int>(GCRY_CIPHER_DES) << std::endl;</div>
<div> std::cerr << " mode: " << static_cast<int>(GCRY_CIPHER_MODE_ECB) << std::endl;</div>
<div> //std::cerr << " keyBlock: " << BinToHex<std::string>(key) << std::endl;</div>
<div> //std::cerr << " out: " << BinToHex<std::string>(out) << std::endl;</div>
<div> //std::cerr << " data: " << BinToHex<std::string>(encryptedData) << std::endl;</div>
<div> }</div>
</><br>
<br>
This blows on:<br>
<br>
gpg_err_code: 43</div>
<div class="hiri-body-wrapper">gpg_strerror: Weak encryption key</div>
<div class="hiri-body-wrapper">cipher_encrypt: key not set<br>
<br>
Tracked back t in a source to libcrypt / cipher / des.c<br>
<br>
r. 1384 do_des_setkey<br>
r. 1021 is_weak_key<br>
<br>
if (is_weak_key (key)) {</div>
<div class="hiri-body-wrapper"> _gcry_burn_stack (64);</div>
<div class="hiri-body-wrapper"> return GPG_ERR_WEAK_KEY;</div>
<div class="hiri-body-wrapper"> }<br>
<br>
cipher.c<br>
r.797 <br>
<br>
rc = c->spec->setkey (&c->context.c, key, keylen, c);
<div class="hiri-body-wrapper"> if (!rc) {<br>
<br>
} else</div>
<div class="hiri-body-wrapper"> c->marks.key = 0;<br>
</div>
... then disallows weak key setting completely, resulting in a failure.<br>
<br>
This has quite an impact on multiple (still) in-use KCV operations (e.g. KCV_METHOD_VISA) where key needs to be encrypted with a zero key to get its KCV.<br>
<br>
May I propose a patch? (See in attachment).<br>
<br>
Thanks & Cheers,<br>
Jan</div>
</div>
</blockquote>
</div>
</body>
</html>