Re: [PATCH v3 2/3] crypto: rsa_helper - add raw integer parser actions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Apr 8, 2016 at 12:55 PM, Stephan Mueller <smueller@xxxxxxxxxx> wrote:
> Am Freitag, 8. April 2016, 12:54:10 schrieb Jeffrey Walton:
>
> Hi Jeffrey,
>
>> > +int rsa_check_key_length(unsigned int len)
>> > +{
>> > +       switch (len) {
>> > +       case 512:
>> > +       case 1024:
>> > +       case 1536:
>> > +       case 2048:
>> > +       case 3072:
>> > +       case 4096:
>> > +               return 0;
>> > +       }
>> > +
>> > +       return -EINVAL;
>> > +}
>>
>> That's an unusual restriction.
>>
>> > +       key->n_sz = vlen;
>> > +       /* In FIPS mode only allow key size 2K & 3K */
>> > +       if (fips_enabled && (key->n_sz != 256 && key->n_sz != 384)) {
>> > +               dev_err(ctx->dev, "RSA: key size not allowed in FIPS
>> > mode\n"); +               goto err;
>> > +       }
>>
>> That's an unusual restriction, too. As far as I know, FIPS does not
>> place that restriction.
>
> It does, see SP80-131A and the requirements on CAVS.

I believe the controlling document is SP800-56B. SP800-131 is just a
guide, and it digests the information from SP800-56B. For current FIPS
140 requirements (SP800-56B), RSA is a Finite Filed (FF) system, and
the requirement is |N| >= 2048.

Also, I did not see the restriction listed in SP800-131A Rev 1. Cf.,
http://csrc.nist.gov/publications/drafts/800-131A/sp800-131a_r1_draft.pdf.

Jeff
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux