From 7d8a6851bb529d02118db442c7cc99568f64ba81 Mon Sep 17 00:00:00 2001 From: Artyom Pavlov Date: Sat, 1 Feb 2025 03:23:11 +0300 Subject: [PATCH 1/2] crypto-common: add methods for weak key testing --- crypto-common/src/lib.rs | 54 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) diff --git a/crypto-common/src/lib.rs b/crypto-common/src/lib.rs index 3b503d4c6..6b6e4c2f2 100644 --- a/crypto-common/src/lib.rs +++ b/crypto-common/src/lib.rs @@ -163,6 +163,19 @@ pub trait KeyInit: KeySizeUser + Sized { /// Create new value from fixed size key. fn new(key: &Key) -> Self; + /// Check if the key might be considered weak. + #[inline] + fn weak_key_test(_key: &Key) -> Result<(), WeakKeyError> { + Ok(()) + } + + /// Create new value from fixed size key after checking it for weakness. + #[inline] + fn new_checked(key: &Key) -> Result { + Self::weak_key_test(key)?; + Ok(Self::new(key)) + } + /// Create new value from variable size key. #[inline] fn new_from_slice(key: &[u8]) -> Result { @@ -195,6 +208,19 @@ pub trait KeyIvInit: KeySizeUser + IvSizeUser + Sized { /// Create new value from fixed length key and nonce. fn new(key: &Key, iv: &Iv) -> Self; + /// Check if the key might be considered weak. + #[inline] + fn weak_key_test(_key: &Key) -> Result<(), WeakKeyError> { + Ok(()) + } + + /// Create new value from fixed length key and nonce after checking the key for weakness. + #[inline] + fn new_checked(key: &Key, iv: &Iv) -> Result { + Self::weak_key_test(iv)?; + Ok(Self::new(key, iv)) + } + /// Create new value from variable length key and nonce. #[inline] fn new_from_slices(key: &[u8], iv: &[u8]) -> Result { @@ -330,6 +356,11 @@ where fn new_from_slices(key: &[u8], iv: &[u8]) -> Result { T::Inner::new_from_slice(key).and_then(|i| T::inner_iv_slice_init(i, iv)) } + + #[inline] + fn weak_key_test(key: &Key) -> Result<(), WeakKeyError> { + T::Inner::weak_key_test(key) + } } impl KeyInit for T @@ -348,6 +379,11 @@ where .map_err(|_| InvalidLength) .map(Self::inner_init) } + + #[inline] + fn weak_key_test(key: &Key) -> Result<(), WeakKeyError> { + T::Inner::weak_key_test(key) + } } // Unfortunately this blanket impl is impossible without mutually @@ -370,6 +406,11 @@ where .map_err(|_| InvalidLength) .map(Self::inner_init) } + + #[inline] + fn weak_key_test(key: &Key) -> Result<(), WeakKeyError> { + T::Inner::weak_key_test(key) + } } */ @@ -387,3 +428,16 @@ impl fmt::Display for InvalidLength { } impl core::error::Error for InvalidLength {} + +/// The error type returned when a key is found to be weak. +#[derive(Copy, Clone, Eq, PartialEq, Debug)] +pub struct WeakKeyError; + +impl fmt::Display for WeakKeyError { + #[inline] + fn fmt(&self, f: &mut fmt::Formatter<'_>) -> Result<(), fmt::Error> { + f.write_str("WeakKey") + } +} + +impl core::error::Error for WeakKeyError {} From dca5fdcb030b200491fc7f8dd086ad4711f6ce50 Mon Sep 17 00:00:00 2001 From: Artyom Pavlov Date: Sat, 1 Feb 2025 03:24:51 +0300 Subject: [PATCH 2/2] fix --- crypto-common/src/lib.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto-common/src/lib.rs b/crypto-common/src/lib.rs index 6b6e4c2f2..79f7857cf 100644 --- a/crypto-common/src/lib.rs +++ b/crypto-common/src/lib.rs @@ -217,7 +217,7 @@ pub trait KeyIvInit: KeySizeUser + IvSizeUser + Sized { /// Create new value from fixed length key and nonce after checking the key for weakness. #[inline] fn new_checked(key: &Key, iv: &Iv) -> Result { - Self::weak_key_test(iv)?; + Self::weak_key_test(key)?; Ok(Self::new(key, iv)) }