Re: [RFC PATCH 01/30] crypto: des/3des_ede - add new helpers to verify key length

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, 22 Jun 2019 at 07:06, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Sat, Jun 22, 2019 at 02:30:43AM +0200, Ard Biesheuvel wrote:
> > The recently added helper routines to perform key strength validation
> > of 3ede_keys is slightly inadequate, since it doesn't check the key
> > length, and it comes in two versions, neither of which are highly
>
> The skcipher helper doesn't need to check the key length because
> it's the responsibility of the crypto API to check the key length
> through min_keysize/max_keysize.
>
> But yes if you're going to do a helper for lib/des then you'd need
> to check the key length but please keep it separate from the skcipher
> helper.
>

Ah yes, I had missed the fact that skcipher checks the lengths
already. But actually, that applies equally to ablkcipher and cipher,
so only aead instantiations need to perform the length check
explicitly.

I will drop the key_len arg from these helper routines, but I'd still
like to convert the skcipher helper into a generic helper that takes a
struct crypto_tfm*.

I'll also add some better documentation of the API in the next rev.



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux