On Tue, Jul 06, 2021 at 10:59:14AM +0100, Daniel P. Berrangé wrote: > The GNUTLS crypto provider doesn't support DES-ECB, only DES-CBC.
I had to go research these terms; DES-ECB is weaker (each block encrypted on its own), DES-CBC is stronger (the encryption of later blocks depend on the earlier text). Makes sense that GNUTLS has dropped support for the weaker form. > We can use the latter to simulate the former, if we encrypt only > 1 block (8 bytes) of data at a time, using a all-zeros IV. This using an all-zeros > is a very inefficient way to use the QCryptoCipher APIs, but > since the VNC authentication challenge is only 16 bytes, this > is acceptable. No other part of QEMU should be using DES. This > test case demonstrates the equivalence of ECB and CBC for the > single-block case. Agreed - both on the inefficiency (we're throwing away all the work spent on chaining the later blocks - thankfully there is only one such block in our 16-byte challenge), and on the fact that DES should be avoided where possible (our sole use is due to VNC's less-than-stellar "security"). > > Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> > --- > tests/unit/test-crypto-cipher.c | 23 +++++++++++++++++++++++ > 1 file changed, 23 insertions(+) Reviewed-by: Eric Blake <ebl...@redhat.com> -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
