Re: [PATCH] crypto: implement DH primitives under akcipher API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 01, 2016 at 12:17:15PM +0100, Stephan Mueller wrote:

Hi Stephan,

> Am Dienstag, 1. März 2016, 11:08:34 schrieb Salvatore Benedetto:
> 
> Hi Salvatore,
> 
> > > > +static int dh_check_params_length(unsigned int p_len)
> > > > +{
> > > > +	switch (p_len) {
> > > > +	case 768:
> > > > +	case 1024:
> > > > +	case 1536:
> > > > +	case 2048:
> > > > +	case 3072:
> > > > +	case 4096:
> > > > +		return 0;
> > > > +	}
> > > > +	return -EINVAL;
> > > > +}
> > > 
> > > What is the reason for restricting the size to 4096?
> > 
> > Honestly no reason.
> > Could not find restrictions in the spec about the params length.
> 
> I am just wondering because other DH impls allow longer sizes.
> 
> And besides, I would like to disallow all < 2048 right from the start.
>

Hmm.. What range would you suggest?

I just thought that having the same range we support with RSA would be OK for now.

> > > > +
> > > > +static int dh_no_op(struct akcipher_request *req)
> > > > +{
> > > > +	return -ENOPROTOOPT;
> > > > +}
> > > > +
> > > > +static int dh_set_priv_key(struct crypto_akcipher *tfm, const void
> > > > *key,
> > > > +			   unsigned int keylen)
> > > > +{
> > > > +	struct dh_params *params = akcipher_tfm_ctx(tfm);
> > > 
> > > dh_get_params?
> > 
> > You mean adding a helper function? OK.
> 
> Not adding, but using your helper function -- why do you have it there in the 
> first place? :-)
>

True. I actually use it in dh_generate_public_key and
dh_compute_shared_secret. I'll fix that, thanks.

Regards,
Salvatore
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux