64-bit block ciphers are incompatible with some modes
Only allow selected modes with 64-bit block ciphers (i.e. DES). This removes some storage tests and creates corresponding op_fail tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
e6b85b4d42
commit
c47d3a4286
1 changed files with 6 additions and 0 deletions
|
@ -218,6 +218,12 @@ class KeyType:
|
|||
return False
|
||||
if self.head == 'HMAC' and alg.head == 'HMAC':
|
||||
return True
|
||||
if self.head == 'DES':
|
||||
# 64-bit block ciphers only allow a reduced set of modes.
|
||||
return alg.head in [
|
||||
'CBC_NO_PADDING', 'CBC_PKCS7',
|
||||
'ECB_NO_PADDING',
|
||||
]
|
||||
if self.head in BLOCK_CIPHERS and \
|
||||
alg.head in frozenset.union(BLOCK_MAC_MODES,
|
||||
BLOCK_CIPHER_MODES,
|
||||
|
|
Loading…
Reference in a new issue