From: Stephan Mueller <smueller@chronox.de>
To: Tadeusz Struk <tadeusz.struk@intel.com>
Cc: herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org,
keescook@chromium.org, jwboyer@redhat.com, richard@nod.at,
steved@redhat.com, qat-linux@intel.com, dhowells@redhat.com,
linux-crypto@vger.kernel.org, james.l.morris@oracle.com,
jkosina@suse.cz, zohar@linux.vnet.ibm.com, davem@davemloft.net,
vgoyal@redhat.com
Subject: Re: [PATCH RFC v4 2/4] crypto: add PKE API
Date: Fri, 12 Jun 2015 03:00:42 +0200 [thread overview]
Message-ID: <2901639.xlpED6EpBc@tauon.atsec.com> (raw)
In-Reply-To: <20150611190543.31826.357.stgit@tstruk-mobl1>
Am Thursday 11 June 2015, 12:05:44 schrieb Tadeusz Struk:
Hi Tadeusz,
>+
>+static int akcipher_clone_key(struct crypto_akcipher *tfm,
>+ const struct public_key *pkey)
>+{
>+ int i, ret = 0;
>+
>+ tfm->pkey = kzalloc(sizeof(*tfm->pkey), GFP_KERNEL);
>+
>+ if (!tfm->pkey)
>+ return -ENOMEM;
>+
>+ for (i = 0; i < ARRAY_SIZE(tfm->pkey->mpi); i++) {
>+ if (!pkey->mpi[i])
>+ continue;
>+
>+ if (mpi_copy(&tfm->pkey->mpi[i], pkey->mpi[i])) {
>+ akcipher_free_key(tfm->pkey);
>+ tfm->pkey = NULL;
>+ ret = -ENOMEM;
>+ break;
>+ }
>+ }
>+ return ret;
>+}
The testmgr code can mark an entire cipher implementation as fips_allowed=1 as
already done for RSA. However, unlike with the other ciphers, that flag must
go in conjunction with the used key sizes.
For FIPS mode, the following restrictions apply:
- RSA: 2048/3072
- DSA: L 2048 / N 224; L 2048 / N 256; L 3072 / N 256
- ECDSA: only the NIST curves
Any other key sizes for the given ciphers is not allowed in FIPS mode.
Should that constraint be considered here?
Ciao
Stephan
next prev parent reply other threads:[~2015-06-12 1:03 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-11 19:05 [PATCH RFC v4 0/4] crypto: Introduce Public Key Encryption API Tadeusz Struk
2015-06-11 19:05 ` [PATCH RFC v4 1/4] MPILIB: add mpi_read_buf(), mpi_copy() and mpi_get_size() helpers Tadeusz Struk
2015-06-12 2:44 ` Herbert Xu
2015-06-12 16:21 ` Stephan Mueller
2015-06-12 18:59 ` Tadeusz Struk
2015-06-11 19:05 ` [PATCH RFC v4 2/4] crypto: add PKE API Tadeusz Struk
2015-06-12 1:00 ` Stephan Mueller [this message]
2015-06-12 2:42 ` Herbert Xu
2015-06-12 2:45 ` Herbert Xu
2015-06-12 14:24 ` Tadeusz Struk
2015-06-12 2:59 ` Herbert Xu
2015-06-12 6:50 ` Tadeusz Struk
2015-06-12 6:56 ` Herbert Xu
2015-06-11 19:05 ` [PATCH RFC v4 3/4] crypto: rsa: add a new rsa generic implementation Tadeusz Struk
2015-06-11 19:05 ` [PATCH RFC v4 4/4] crypto: add tests vectors for RSA Tadeusz Struk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2901639.xlpED6EpBc@tauon.atsec.com \
--to=smueller@chronox.de \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=james.l.morris@oracle.com \
--cc=jkosina@suse.cz \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=qat-linux@intel.com \
--cc=richard@nod.at \
--cc=steved@redhat.com \
--cc=tadeusz.struk@intel.com \
--cc=vgoyal@redhat.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox