On Thu, Jul 08, 2021 at 01:50:54PM -0500, Eric Blake wrote: > On Tue, Jul 06, 2021 at 10:59:14AM +0100, Daniel P. Berrangé wrote: > > The GNUTLS crypto provider doesn't support DES-ECB, only DES-CBC. > > I had to go research these terms; DES-ECB is weaker (each block > encrypted on its own), DES-CBC is stronger (the encryption of later > blocks depend on the earlier text). Makes sense that GNUTLS has > dropped support for the weaker form. > > > We can use the latter to simulate the former, if we encrypt only > > 1 block (8 bytes) of data at a time, using a all-zeros IV. This > > using an all-zeros > > > is a very inefficient way to use the QCryptoCipher APIs, but > > since the VNC authentication challenge is only 16 bytes, this > > is acceptable. No other part of QEMU should be using DES. This > > test case demonstrates the equivalence of ECB and CBC for the > > single-block case. > > Agreed - both on the inefficiency (we're throwing away all the work > spent on chaining the later blocks - thankfully there is only one such > block in our 16-byte challenge), and on the fact that DES should be > avoided where possible (our sole use is due to VNC's less-than-stellar > "security").
Actually there isn't any work wasted chaining blocks, because we're only writing one block of data. The inefficiency is because we have to constantly re-create the cipher context object after every 8 bytes. This massively dominates over the cipher speed. > > > > > Signed-off-by: Daniel P. Berrangé <berra...@redhat.com> > > --- > > tests/unit/test-crypto-cipher.c | 23 +++++++++++++++++++++++ > > 1 file changed, 23 insertions(+) > > Reviewed-by: Eric Blake <ebl...@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
