64-bit block ciphers are incompatible with some modes Only allow selected modes with 64-bit block ciphers (i.e. DES). This removes some storage tests and creates corresponding op_fail tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 4eb1c7e965f675eb12046d270f0d8c359880732b [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Fri Mar 18 10:18:58 2022 +0100
committer: Gilles Peskine <Gilles.Peskine@arm.com> Fri Apr 15 16:15:48 2022 +0200
tree: 5116f7186c700e31930190776af42a9afe0dc951
parent: 0de11438bb90535cd23b98f6f99aff0c54ecb45a [diff] [blame]
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index bf6541c..354dee0 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py

@@ -216,6 +216,12 @@
             return False
         if self.head == 'HMAC' and alg.head == 'HMAC':
             return True
+        if self.head == 'DES':
+            # 64-bit block ciphers only allow a reduced set of modes.
+            return alg.head in [
+                'CBC_NO_PADDING', 'CBC_PKCS7',
+                'ECB_NO_PADDING',
+            ]
         if self.head in BLOCK_CIPHERS and \
            alg.head in frozenset.union(BLOCK_MAC_MODES,
                                        BLOCK_CIPHER_MODES,
commit	4eb1c7e965f675eb12046d270f0d8c359880732b	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Mar 18 10:18:58 2022 +0100
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Apr 15 16:15:48 2022 +0200
tree	5116f7186c700e31930190776af42a9afe0dc951
parent	0de11438bb90535cd23b98f6f99aff0c54ecb45a [diff] [blame]