aes,des: implement weak key detection (#465)

baloo · web-flow · commit e83fa489e10f · 2025-02-11T15:28:31.000-07:00
See RustCrypto/traits#1738
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -25,3 +25,7 @@ members = [
 
 [profile.dev]
 opt-level = 2
+
+[patch.crates-io]
+# https://github.com/RustCrypto/traits/pull/1742
+crypto-common = { git = "https://github.com/RustCrypto/traits.git" }
diff --git a/aes/Cargo.toml b/aes/Cargo.toml
@@ -15,6 +15,7 @@ categories = ["cryptography", "no-std"]
 [dependencies]
 cfg-if = "1"
 cipher = "=0.5.0-pre.7"
+subtle = { version = "2.6", default-features = false }
 zeroize = { version = "1.5.6", optional = true, default-features = false, features = [
     "aarch64",
 ] }
diff --git a/aes/src/armv8.rs b/aes/src/armv8.rs
@@ -19,6 +19,7 @@ mod test_expand;
 
 use cipher::{
     consts::{self, U16, U24, U32},
+    crypto_common::WeakKeyError,
     AlgorithmName, BlockCipherDecClosure, BlockCipherDecrypt, BlockCipherEncClosure,
     BlockCipherEncrypt, BlockSizeUser, Key, KeyInit, KeySizeUser,
 };
@@ -108,6 +109,10 @@ macro_rules! define_aes_impl {
                 let decrypt = $name_back_dec::from(encrypt.clone());
                 Self { encrypt, decrypt }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl From<$name_enc> for $name {
@@ -193,6 +198,10 @@ macro_rules! define_aes_impl {
                 let backend = $name_back_enc::new(key);
                 Self { backend }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl BlockSizeUser for $name_enc {
@@ -255,6 +264,10 @@ macro_rules! define_aes_impl {
                 let backend = encrypt.clone().into();
                 Self { backend }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl From<$name_enc> for $name_dec {
diff --git a/aes/src/autodetect.rs b/aes/src/autodetect.rs
@@ -4,6 +4,7 @@
 use crate::soft;
 use cipher::{
     consts::{U16, U24, U32},
+    crypto_common::WeakKeyError,
     AlgorithmName, BlockCipherDecClosure, BlockCipherDecrypt, BlockCipherEncClosure,
     BlockCipherEncrypt, BlockSizeUser, Key, KeyInit, KeySizeUser,
 };
@@ -103,6 +104,10 @@ macro_rules! define_aes_impl {
 
                 Self { inner, token }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl Clone for $name {
@@ -220,6 +225,10 @@ macro_rules! define_aes_impl {
 
                 Self { inner, token }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl Clone for $name_enc {
@@ -347,6 +356,10 @@ macro_rules! define_aes_impl {
 
                 Self { inner, token }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl Clone for $name_dec {
diff --git a/aes/src/macros.rs b/aes/src/macros.rs
@@ -103,3 +103,29 @@ macro_rules! impl_backends {
         }
     };
 }
+
+macro_rules! weak_key_test {
+    ($key: expr, $k: ty) => {{
+        // Check if any bit of the upper half of the key is set
+        //
+        // This follows the interpretation laid out in section `11.4.10.4 Reject of weak keys`
+        // from the TPM specification:
+        // ```
+        // In the case of AES, at least one bit in the upper half of the key must be set
+        // ```
+        // See: https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf#page=82
+        let mut weak = subtle::Choice::from(0);
+
+        for v in &$key
+            [..(<<$k as cipher::KeySizeUser>::KeySize as cipher::typenum::Unsigned>::USIZE / 2)]
+        {
+            weak |= <_ as subtle::ConstantTimeGreater>::ct_gt(v, &0);
+        }
+
+        if weak.unwrap_u8() == 0 {
+            Err(cipher::crypto_common::WeakKeyError)
+        } else {
+            Ok(())
+        }
+    }};
+}
diff --git a/aes/src/ni.rs b/aes/src/ni.rs
@@ -30,6 +30,7 @@ use core::arch::x86_64 as arch;
 
 use cipher::{
     consts::{self, U16, U24, U32},
+    crypto_common::WeakKeyError,
     AlgorithmName, BlockCipherDecClosure, BlockCipherDecrypt, BlockCipherEncClosure,
     BlockCipherEncrypt, BlockSizeUser, Key, KeyInit, KeySizeUser,
 };
@@ -118,6 +119,10 @@ macro_rules! define_aes_impl {
                 let decrypt = $name_dec::from(&encrypt);
                 Self { encrypt, decrypt }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl From<$name_enc> for $name {
@@ -193,6 +198,10 @@ macro_rules! define_aes_impl {
                     backend: $name_back_enc::new(key),
                 }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl BlockSizeUser for $name_enc {
@@ -253,6 +262,10 @@ macro_rules! define_aes_impl {
             fn new(key: &Key<Self>) -> Self {
                 $name_enc::new(key).into()
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl From<$name_enc> for $name_dec {
diff --git a/aes/src/soft.rs b/aes/src/soft.rs
@@ -15,6 +15,7 @@ pub(crate) mod fixslice;
 use crate::Block;
 use cipher::{
     consts::{U16, U24, U32},
+    crypto_common::WeakKeyError,
     inout::InOut,
     AlgorithmName, BlockCipherDecBackend, BlockCipherDecClosure, BlockCipherDecrypt,
     BlockCipherEncBackend, BlockCipherEncClosure, BlockCipherEncrypt, BlockSizeUser, Key, KeyInit,
@@ -67,6 +68,10 @@ macro_rules! define_aes_impl {
                     keys: $fixslice_key_schedule(key.into()),
                 }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl BlockSizeUser for $name {
@@ -146,6 +151,10 @@ macro_rules! define_aes_impl {
                 let inner = $name::new(key);
                 Self { inner }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl BlockSizeUser for $name_enc {
@@ -197,6 +206,10 @@ macro_rules! define_aes_impl {
                 let inner = $name::new(key);
                 Self { inner }
             }
+
+            fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+                weak_key_test!(key, Self)
+            }
         }
 
         impl From<$name_enc> for $name_dec {
diff --git a/aes/tests/weak.rs b/aes/tests/weak.rs
@@ -0,0 +1,24 @@
+use aes::Aes128;
+use cipher::{Key, KeyInit};
+use hex_literal::hex;
+
+#[test]
+fn test_weak_key() {
+    for k in &[
+        hex!("00000000000000000000000000000000"),
+        hex!("00000000000000000101010101010101"),
+        hex!("00000000000000000100000000000000"),
+    ] {
+        let k = Key::<Aes128>::from(*k);
+        assert!(Aes128::weak_key_test(&k).is_err());
+    }
+
+    for k in &[
+        hex!("00000000010000000000000000000000"),
+        hex!("00000000010000000101010101010101"),
+        hex!("00000000010000000100000000000000"),
+    ] {
+        let k = Key::<Aes128>::from(*k);
+        assert!(Aes128::weak_key_test(&k).is_ok());
+    }
+}
diff --git a/des/Cargo.toml b/des/Cargo.toml
@@ -14,9 +14,11 @@ categories = ["cryptography", "no-std"]
 
 [dependencies]
 cipher = "=0.5.0-pre.7"
+subtle = { version = "2.6", default-features = false }
 
 [dev-dependencies]
 cipher = { version = "=0.5.0-pre.7", features = ["dev"] }
+hex-literal = "0.4"
 
 [features]
 zeroize = ["cipher/zeroize"]
diff --git a/des/src/des.rs b/des/src/des.rs
@@ -4,11 +4,13 @@
 
 use cipher::{
     consts::{U1, U8},
+    crypto_common::WeakKeyError,
     AlgorithmName, Block, BlockCipherDecBackend, BlockCipherDecClosure, BlockCipherDecrypt,
     BlockCipherEncBackend, BlockCipherEncClosure, BlockCipherEncrypt, BlockSizeUser, InOut, Key,
     KeyInit, KeySizeUser, ParBlocksSizeUser,
 };
 use core::fmt;
+use subtle::{Choice, ConstantTimeEq};
 
 #[cfg(feature = "zeroize")]
 use cipher::zeroize::{Zeroize, ZeroizeOnDrop};
@@ -43,12 +45,94 @@ impl KeySizeUser for Des {
     type KeySize = U8;
 }
 
+static WEAK_KEYS: [[u8; 8]; 64] = [
+    [0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01],
+    [0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE],
+    [0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1],
+    [0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E],
+    [0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E],
+    [0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01],
+    [0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1],
+    [0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01],
+    [0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE],
+    [0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01],
+    [0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1],
+    [0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E],
+    [0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE],
+    [0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E],
+    [0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE],
+    [0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1],
+    [0x01, 0x01, 0x1F, 0x1F, 0x01, 0x01, 0x0E, 0x0E],
+    [0x1F, 0x1F, 0x01, 0x01, 0x0E, 0x0E, 0x01, 0x01],
+    [0xE0, 0xE0, 0x1F, 0x1F, 0xF1, 0xF1, 0x0E, 0x0E],
+    [0x01, 0x01, 0xE0, 0xE0, 0x01, 0x01, 0xF1, 0xF1],
+    [0x1F, 0x1F, 0xE0, 0xE0, 0x0E, 0x0E, 0xF1, 0xF1],
+    [0xE0, 0xE0, 0xFE, 0xFE, 0xF1, 0xF1, 0xFE, 0xFE],
+    [0x01, 0x01, 0xFE, 0xFE, 0x01, 0x01, 0xFE, 0xFE],
+    [0x1F, 0x1F, 0xFE, 0xFE, 0x0E, 0x0E, 0xFE, 0xFE],
+    [0xE0, 0xFE, 0x01, 0x1F, 0xF1, 0xFE, 0x01, 0x0E],
+    [0x01, 0x1F, 0x1F, 0x01, 0x01, 0x0E, 0x0E, 0x01],
+    [0x1F, 0xE0, 0x01, 0xFE, 0x0E, 0xF1, 0x01, 0xFE],
+    [0xE0, 0xFE, 0x1F, 0x01, 0xF1, 0xFE, 0x0E, 0x01],
+    [0x01, 0x1F, 0xE0, 0xFE, 0x01, 0x0E, 0xF1, 0xFE],
+    [0x1F, 0xE0, 0xE0, 0x1F, 0x0E, 0xF1, 0xF1, 0x0E],
+    [0xE0, 0xFE, 0xFE, 0xE0, 0xF1, 0xFE, 0xFE, 0xF1],
+    [0x01, 0x1F, 0xFE, 0xE0, 0x01, 0x0E, 0xFE, 0xF1],
+    [0x1F, 0xE0, 0xFE, 0x01, 0x0E, 0xF1, 0xFE, 0x01],
+    [0xFE, 0x01, 0x01, 0xFE, 0xFE, 0x01, 0x01, 0xFE],
+    [0x01, 0xE0, 0x1F, 0xFE, 0x01, 0xF1, 0x0E, 0xFE],
+    [0x1F, 0xFE, 0x01, 0xE0, 0x0E, 0xFE, 0x01, 0xF1],
+    [0xFE, 0x01, 0x1F, 0xE0, 0xFE, 0x01, 0x0E, 0xF1],
+    [0xFE, 0x01, 0xE0, 0x1F, 0xFE, 0x01, 0xF1, 0x0E],
+    [0x1F, 0xFE, 0xE0, 0x01, 0x0E, 0xFE, 0xF1, 0x01],
+    [0xFE, 0x1F, 0x01, 0xE0, 0xFE, 0x0E, 0x01, 0xF1],
+    [0x01, 0xE0, 0xE0, 0x01, 0x01, 0xF1, 0xF1, 0x01],
+    [0x1F, 0xFE, 0xFE, 0x1F, 0x0E, 0xFE, 0xFE, 0x0E],
+    [0xFE, 0x1F, 0xE0, 0x01, 0xFE, 0x0E, 0xF1, 0x01],
+    [0x01, 0xE0, 0xFE, 0x1F, 0x01, 0xF1, 0xFE, 0x0E],
+    [0xE0, 0x01, 0x01, 0xE0, 0xF1, 0x01, 0x01, 0xF1],
+    [0xFE, 0x1F, 0x1F, 0xFE, 0xFE, 0x0E, 0x0E, 0xFE],
+    [0x01, 0xFE, 0x1F, 0xE0, 0x01, 0xFE, 0x0E, 0xF1],
+    [0xE0, 0x01, 0x1F, 0xFE, 0xF1, 0x01, 0x0E, 0xFE],
+    [0xFE, 0xE0, 0x01, 0x1F, 0xFE, 0xF1, 0x01, 0x0E],
+    [0x01, 0xFE, 0xE0, 0x1F, 0x01, 0xFE, 0xF1, 0x0E],
+    [0xE0, 0x01, 0xFE, 0x1F, 0xF1, 0x01, 0xFE, 0x0E],
+    [0xFE, 0xE0, 0x1F, 0x01, 0xFE, 0xF1, 0x0E, 0x01],
+    [0x01, 0xFE, 0xFE, 0x01, 0x01, 0xFE, 0xFE, 0x01],
+    [0xE0, 0x1F, 0x01, 0xFE, 0xF1, 0x0E, 0x01, 0xFE],
+    [0xFE, 0xE0, 0xE0, 0xFE, 0xFE, 0xF1, 0xF1, 0xFE],
+    [0x1F, 0x01, 0x01, 0x1F, 0x0E, 0x01, 0x01, 0x0E],
+    [0xE0, 0x1F, 0x1F, 0xE0, 0xF1, 0x0E, 0x0E, 0xF1],
+    [0xFE, 0xFE, 0x01, 0x01, 0xFE, 0xFE, 0x01, 0x01],
+    [0x1F, 0x01, 0xE0, 0xFE, 0x0E, 0x01, 0xF1, 0xFE],
+    [0xE0, 0x1F, 0xFE, 0x01, 0xF1, 0x0E, 0xFE, 0x01],
+    [0xFE, 0xFE, 0x1F, 0x1F, 0xFE, 0xFE, 0x0E, 0x0E],
+    [0x1F, 0x01, 0xFE, 0xE0, 0x0E, 0x01, 0xFE, 0xF1],
+    [0xE0, 0xE0, 0x01, 0x01, 0xF1, 0xF1, 0x01, 0x01],
+    [0xFE, 0xFE, 0xE0, 0xE0, 0xFE, 0xFE, 0xF1, 0xF1],
+];
+
 impl KeyInit for Des {
     #[inline]
     fn new(key: &Key<Self>) -> Self {
         let keys = gen_keys(u64::from_be_bytes(key.0));
         Self { keys }
     }
+
+    #[inline]
+    fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {
+        let mut weak = Choice::from(0);
+
+        for weak_key in &WEAK_KEYS {
+            weak |= key.ct_eq(weak_key);
+        }
+
+        if weak.unwrap_u8() == 0 {
+            Ok(())
+        } else {
+            Err(WeakKeyError)
+        }
+    }
 }
 
 impl BlockSizeUser for Des {
diff --git a/des/src/tdes.rs b/des/src/tdes.rs
diff --git a/des/tests/weak.rs b/des/tests/weak.rs

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ mod test_expand;`
`19`	`19`
`20`	`20`	`use cipher::{`
`21`	`21`	`consts::{self, U16, U24, U32},`
	`22`	`+ crypto_common::WeakKeyError,`
`22`	`23`	`AlgorithmName, BlockCipherDecClosure, BlockCipherDecrypt, BlockCipherEncClosure,`
`23`	`24`	`BlockCipherEncrypt, BlockSizeUser, Key, KeyInit, KeySizeUser,`
`24`	`25`	`};`
`@@ -108,6 +109,10 @@ macro_rules! define_aes_impl {`
`108`	`109`	`let decrypt = $name_back_dec::from(encrypt.clone());`
`109`	`110`	`Self { encrypt, decrypt }`
`110`	`111`	`}`
	`112`	`+`
	`113`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`114`	`+ weak_key_test!(key, Self)`
	`115`	`+ }`
`111`	`116`	`}`
`112`	`117`
`113`	`118`	`impl From<$name_enc> for $name {`
`@@ -193,6 +198,10 @@ macro_rules! define_aes_impl {`
`193`	`198`	`let backend = $name_back_enc::new(key);`
`194`	`199`	`Self { backend }`
`195`	`200`	`}`
	`201`	`+`
	`202`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`203`	`+ weak_key_test!(key, Self)`
	`204`	`+ }`
`196`	`205`	`}`
`197`	`206`
`198`	`207`	`impl BlockSizeUser for $name_enc {`
`@@ -255,6 +264,10 @@ macro_rules! define_aes_impl {`
`255`	`264`	`let backend = encrypt.clone().into();`
`256`	`265`	`Self { backend }`
`257`	`266`	`}`
	`267`	`+`
	`268`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`269`	`+ weak_key_test!(key, Self)`
	`270`	`+ }`
`258`	`271`	`}`
`259`	`272`
`260`	`273`	`impl From<$name_enc> for $name_dec {`
Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@`
`4`	`4`	`use crate::soft;`
`5`	`5`	`use cipher::{`
`6`	`6`	`consts::{U16, U24, U32},`
	`7`	`+ crypto_common::WeakKeyError,`
`7`	`8`	`AlgorithmName, BlockCipherDecClosure, BlockCipherDecrypt, BlockCipherEncClosure,`
`8`	`9`	`BlockCipherEncrypt, BlockSizeUser, Key, KeyInit, KeySizeUser,`
`9`	`10`	`};`
`@@ -103,6 +104,10 @@ macro_rules! define_aes_impl {`
`103`	`104`
`104`	`105`	`Self { inner, token }`
`105`	`106`	`}`
	`107`	`+`
	`108`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`109`	`+ weak_key_test!(key, Self)`
	`110`	`+ }`
`106`	`111`	`}`
`107`	`112`
`108`	`113`	`impl Clone for $name {`
`@@ -220,6 +225,10 @@ macro_rules! define_aes_impl {`
`220`	`225`
`221`	`226`	`Self { inner, token }`
`222`	`227`	`}`
	`228`	`+`
	`229`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`230`	`+ weak_key_test!(key, Self)`
	`231`	`+ }`
`223`	`232`	`}`
`224`	`233`
`225`	`234`	`impl Clone for $name_enc {`
`@@ -347,6 +356,10 @@ macro_rules! define_aes_impl {`
`347`	`356`
`348`	`357`	`Self { inner, token }`
`349`	`358`	`}`
	`359`	`+`
	`360`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`361`	`+ weak_key_test!(key, Self)`
	`362`	`+ }`
`350`	`363`	`}`
`351`	`364`
`352`	`365`	`impl Clone for $name_dec {`
Original file line number	Diff line number	Diff line change
`@@ -30,6 +30,7 @@ use core::arch::x86_64 as arch;`
`30`	`30`
`31`	`31`	`use cipher::{`
`32`	`32`	`consts::{self, U16, U24, U32},`
	`33`	`+ crypto_common::WeakKeyError,`
`33`	`34`	`AlgorithmName, BlockCipherDecClosure, BlockCipherDecrypt, BlockCipherEncClosure,`
`34`	`35`	`BlockCipherEncrypt, BlockSizeUser, Key, KeyInit, KeySizeUser,`
`35`	`36`	`};`
`@@ -118,6 +119,10 @@ macro_rules! define_aes_impl {`
`118`	`119`	`let decrypt = $name_dec::from(&encrypt);`
`119`	`120`	`Self { encrypt, decrypt }`
`120`	`121`	`}`
	`122`	`+`
	`123`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`124`	`+ weak_key_test!(key, Self)`
	`125`	`+ }`
`121`	`126`	`}`
`122`	`127`
`123`	`128`	`impl From<$name_enc> for $name {`
`@@ -193,6 +198,10 @@ macro_rules! define_aes_impl {`
`193`	`198`	`backend: $name_back_enc::new(key),`
`194`	`199`	`}`
`195`	`200`	`}`
	`201`	`+`
	`202`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`203`	`+ weak_key_test!(key, Self)`
	`204`	`+ }`
`196`	`205`	`}`
`197`	`206`
`198`	`207`	`impl BlockSizeUser for $name_enc {`
`@@ -253,6 +262,10 @@ macro_rules! define_aes_impl {`
`253`	`262`	`fn new(key: &Key<Self>) -> Self {`
`254`	`263`	`$name_enc::new(key).into()`
`255`	`264`	`}`
	`265`	`+`
	`266`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`267`	`+ weak_key_test!(key, Self)`
	`268`	`+ }`
`256`	`269`	`}`
`257`	`270`
`258`	`271`	`impl From<$name_enc> for $name_dec {`
Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,7 @@ pub(crate) mod fixslice;`
`15`	`15`	`use crate::Block;`
`16`	`16`	`use cipher::{`
`17`	`17`	`consts::{U16, U24, U32},`
	`18`	`+ crypto_common::WeakKeyError,`
`18`	`19`	`inout::InOut,`
`19`	`20`	`AlgorithmName, BlockCipherDecBackend, BlockCipherDecClosure, BlockCipherDecrypt,`
`20`	`21`	`BlockCipherEncBackend, BlockCipherEncClosure, BlockCipherEncrypt, BlockSizeUser, Key, KeyInit,`
`@@ -67,6 +68,10 @@ macro_rules! define_aes_impl {`
`67`	`68`	`keys: $fixslice_key_schedule(key.into()),`
`68`	`69`	`}`
`69`	`70`	`}`
	`71`	`+`
	`72`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`73`	`+ weak_key_test!(key, Self)`
	`74`	`+ }`
`70`	`75`	`}`
`71`	`76`
`72`	`77`	`impl BlockSizeUser for $name {`
`@@ -146,6 +151,10 @@ macro_rules! define_aes_impl {`
`146`	`151`	`let inner = $name::new(key);`
`147`	`152`	`Self { inner }`
`148`	`153`	`}`
	`154`	`+`
	`155`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`156`	`+ weak_key_test!(key, Self)`
	`157`	`+ }`
`149`	`158`	`}`
`150`	`159`
`151`	`160`	`impl BlockSizeUser for $name_enc {`
`@@ -197,6 +206,10 @@ macro_rules! define_aes_impl {`
`197`	`206`	`let inner = $name::new(key);`
`198`	`207`	`Self { inner }`
`199`	`208`	`}`
	`209`	`+`
	`210`	`+ fn weak_key_test(key: &Key<Self>) -> Result<(), WeakKeyError> {`
	`211`	`+ weak_key_test!(key, Self)`
	`212`	`+ }`
`200`	`213`	`}`
`201`	`214`
`202`	`215`	`impl From<$name_enc> for $name_dec {`