crypto: add crypto tests for single block DES-ECB and DES-CBC

The GNUTLS crypto provider doesn't support DES-ECB, only DES-CBC. We can use the latter to simulate the former, if we encrypt only 1 block (8 bytes) of data at a time, using an all-zeros IV. This is a very inefficient way to use the QCryptoCipher APIs, but since the VNC authentication challenge is only 16 bytes, this is acceptable. No other part of QEMU should be using DES. This test case demonstrates the equivalence of ECB and CBC for the single-block case. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-06-29 13:09:16 +01:00 · 2021-06-29 13:09:16 +01:00 · f8157e100c
parent 7b40aa4b96
commit f8157e100c
1 changed files with 23 additions and 0 deletions
--- a/tests/unit/test-crypto-cipher.c
+++ b/tests/unit/test-crypto-cipher.c
@ -149,6 +149,29 @@ static QCryptoCipherTestData test_data[] = {
            "39f23369a9d9bacfa530e26304231461"
            "b2eb05e2c39be9fcda6c19078c6a9d1b",
    },
+    {
+        /*
+         * Testing 'password' as plaintext fits
+         * in single AES block, and gives identical
+         * ciphertext in ECB and CBC modes
+         */
+        .path = "/crypto/cipher/des-rfb-ecb-56-one-block",
+        .alg = QCRYPTO_CIPHER_ALG_DES_RFB,
+        .mode = QCRYPTO_CIPHER_MODE_ECB,
+        .key = "0123456789abcdef",
+        .plaintext = "70617373776f7264",
+        .ciphertext = "73fa80b66134e403",
+    },
+    {
+        /* See previous comment */
+        .path = "/crypto/cipher/des-rfb-cbc-56-one-block",
+        .alg = QCRYPTO_CIPHER_ALG_DES_RFB,
+        .mode = QCRYPTO_CIPHER_MODE_CBC,
+        .key = "0123456789abcdef",
+        .iv = "0000000000000000",
+        .plaintext = "70617373776f7264",
+        .ciphertext = "73fa80b66134e403",
+    },
    {
        .path = "/crypto/cipher/des-rfb-ecb-56",
        .alg = QCRYPTO_CIPHER_ALG_DES_RFB,