On Tue, Mar 01, 2016 at 12:17:15PM +0100, Stephan Mueller wrote:
Hi Stephan,
> Am Dienstag, 1. März 2016, 11:08:34 schrieb Salvatore Benedetto:
>
> Hi Salvatore,
>
> > > > +static int dh_check_params_length(unsigned int p_len)
> > > > +{
> > > > + switch (p_len) {
> > > > + case 768:
> > > > + case 1024:
> > > > + case 1536:
> > > > + case 2048:
> > > > + case 3072:
> > > > + case 4096:
> > > > + return 0;
> > > > + }
> > > > + return -EINVAL;
> > > > +}
> > >
> > > What is the reason for restricting the size to 4096?
> >
> > Honestly no reason.
> > Could not find restrictions in the spec about the params length.
>
> I am just wondering because other DH impls allow longer sizes.
>
> And besides, I would like to disallow all < 2048 right from the start.
>
Hmm.. What range would you suggest?
I just thought that having the same range we support with RSA would be OK for now.
> > > > +
> > > > +static int dh_no_op(struct akcipher_request *req)
> > > > +{
> > > > + return -ENOPROTOOPT;
> > > > +}
> > > > +
> > > > +static int dh_set_priv_key(struct crypto_akcipher *tfm, const void
> > > > *key,
> > > > + unsigned int keylen)
> > > > +{
> > > > + struct dh_params *params = akcipher_tfm_ctx(tfm);
> > >
> > > dh_get_params?
> >
> > You mean adding a helper function? OK.
>
> Not adding, but using your helper function -- why do you have it there in the
> first place? :-)
>
True. I actually use it in dh_generate_public_key and
dh_compute_shared_secret. I'll fix that, thanks.
Regards,
Salvatore
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
