Am Freitag, 8. April 2016, 13:09:02 schrieb Jeffrey Walton:
Hi Jeffrey,
> On Fri, Apr 8, 2016 at 12:55 PM, Stephan Mueller <smueller@xxxxxxxxxx>
wrote:
> > Am Freitag, 8. April 2016, 12:54:10 schrieb Jeffrey Walton:
> >
> > Hi Jeffrey,
> >
> >> > +int rsa_check_key_length(unsigned int len)
> >> > +{
> >> > + switch (len) {
> >> > + case 512:
> >> > + case 1024:
> >> > + case 1536:
> >> > + case 2048:
> >> > + case 3072:
> >> > + case 4096:
> >> > + return 0;
> >> > + }
> >> > +
> >> > + return -EINVAL;
> >> > +}
> >>
> >> That's an unusual restriction.
> >>
> >> > + key->n_sz = vlen;
> >> > + /* In FIPS mode only allow key size 2K & 3K */
> >> > + if (fips_enabled && (key->n_sz != 256 && key->n_sz != 384)) {
> >> > + dev_err(ctx->dev, "RSA: key size not allowed in FIPS
> >> > mode\n"); + goto err;
> >> > + }
> >>
> >> That's an unusual restriction, too. As far as I know, FIPS does not
> >> place that restriction.
> >
> > It does, see SP80-131A and the requirements on CAVS.
>
> I believe the controlling document is SP800-56B. SP800-131 is just a
> guide, and it digests the information from SP800-56B. For current FIPS
> 140 requirements (SP800-56B), RSA is a Finite Filed (FF) system, and
> the requirement is |N| >= 2048.
To be clear, SP800-131A requires that only 2k or higher is allowed. The second
constraint comes in with CAVS: you can only test 2k and 3k (and lately 4k)
RSA. As the requirement is to have CAVS certs, you can therefore only get
2k/3k/4k CAVS certs.
>
> Also, I did not see the restriction listed in SP800-131A Rev 1. Cf.,
> http://csrc.nist.gov/publications/drafts/800-131A/sp800-131a_r1_draft.pdf.
>
> Jeff
Ciao
Stephan
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
