From: Stephan Mueller <smueller@chronox.de>
To: Tadeusz Struk <tadeusz.struk@intel.com>
Cc: herbert@gondor.apana.org.au, linux-kernel@vger.kernel.org,
keescook@chromium.org, jwboyer@redhat.com, richard@nod.at,
steved@redhat.com, qat-linux@intel.com, dhowells@redhat.com,
linux-crypto@vger.kernel.org, james.l.morris@oracle.com,
jkosina@suse.cz, zohar@linux.vnet.ibm.com, davem@davemloft.net,
vgoyal@redhat.com
Subject: Re: [PATCH RFC v5 3/4] crypto: rsa: add a new rsa generic implementation
Date: Tue, 16 Jun 2015 01:23:14 +0200 [thread overview]
Message-ID: <3921303.7tkMvJ6vYE@tachyon.chronox.de> (raw)
In-Reply-To: <20150615201847.15697.55852.stgit@tstruk-mobl1>
Am Montag, 15. Juni 2015, 13:18:47 schrieb Tadeusz Struk:
Hi Tadeusz,
> Add a new rsa generic SW implementation.
> This implements only cryptographic primitives.
Thank you, that seems to address the issues around the FIPS side including the
self test code.
Though, I have one question:
> +
> +int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
> + const void *value, size_t vlen)
> +{
> + struct crypto_akcipher *tfm = context;
> + struct rsa_key *key = tfm->key;
> +
> + key->n = mpi_read_raw_data(value, vlen);
> +
> + if (!key->n)
> + return -ENOMEM;
> +
> + /* In FIPS mode only allow key size minimum 2K */
> + if (fips_enabled && (mpi_get_size(key->n) < 256)) {
Considering my previous email, shouldn't that check rather be
if (fips_enabled &&
((mpi_get_size(key->n) != 256) || (mpi_get_size(key->n) != 384))
?
> + pr_err("RSA: key size not allowed in FIPS mode\n");
> + mpi_free(key->n);
> + key->n = NULL;
> + return -EINVAL;
> + }
> +
> + return 0;
> +}
> +
> +int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
> + const void *value, size_t vlen)
> +{
> + struct crypto_akcipher *tfm = context;
> + struct rsa_key *key = tfm->key;
> +
> + key->e = mpi_read_raw_data(value, vlen);
> +
> + if (!key->e)
> + return -ENOMEM;
> +
> + return 0;
> +}
> +
> +int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
> + const void *value, size_t vlen)
> +{
> + struct crypto_akcipher *tfm = context;
> + struct rsa_key *key = tfm->key;
> +
> + key->d = mpi_read_raw_data(value, vlen);
> +
> + if (!key->d)
> + return -ENOMEM;
> +
> + /* In FIPS mode only allow key size minimum 2K */
> + if (fips_enabled && (mpi_get_size(key->d) < 256)) {
dto.
> + pr_err("RSA: key size not allowed in FIPS mode\n");
> + mpi_free(key->d);
> + key->d = NULL;
> + return -EINVAL;
> + }
> + return 0;
> +}
> +
Thanks
--
Ciao
Stephan
next prev parent reply other threads:[~2015-06-15 23:24 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-15 20:18 [PATCH RFC v5 0/4] crypto: Introduce Public Key Encryption API Tadeusz Struk
2015-06-15 20:18 ` [PATCH RFC v5 1/4] MPILIB: add mpi_read_buf() and mpi_get_size() helpers Tadeusz Struk
2015-06-16 6:40 ` Herbert Xu
2015-06-15 20:18 ` [PATCH RFC v5 2/4] crypto: add PKE API Tadeusz Struk
2015-06-15 23:46 ` Herbert Xu
2015-06-15 23:49 ` Herbert Xu
2015-06-15 23:50 ` Herbert Xu
2015-06-15 23:54 ` Herbert Xu
2015-06-15 23:59 ` Herbert Xu
2015-06-16 2:21 ` Tadeusz Struk
2015-06-16 2:29 ` Herbert Xu
2015-06-16 2:46 ` Tadeusz Struk
2015-06-16 2:50 ` Herbert Xu
2015-06-16 2:55 ` Tadeusz Struk
2015-06-16 0:05 ` Herbert Xu
2015-06-16 2:03 ` Tadeusz Struk
2015-06-16 2:27 ` Herbert Xu
2015-06-16 2:41 ` Tadeusz Struk
2015-06-16 3:25 ` Herbert Xu
2015-06-16 3:36 ` Tadeusz Struk
2015-06-16 4:06 ` Herbert Xu
2015-06-16 4:48 ` Tadeusz Struk
2015-06-16 2:29 ` Tadeusz Struk
2015-06-16 2:32 ` Herbert Xu
2015-06-15 20:18 ` [PATCH RFC v5 3/4] crypto: rsa: add a new rsa generic implementation Tadeusz Struk
2015-06-15 23:23 ` Stephan Mueller [this message]
2015-06-16 1:49 ` Tadeusz Struk
2015-06-16 2:19 ` Stephan Mueller
2015-06-16 2:26 ` Tadeusz Struk
2015-06-15 20:18 ` [PATCH RFC v5 4/4] crypto: add tests vectors for RSA Tadeusz Struk
2015-06-16 0:37 ` Herbert Xu
2015-06-16 6:26 ` Tadeusz Struk
2015-06-16 6:28 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3921303.7tkMvJ6vYE@tachyon.chronox.de \
--to=smueller@chronox.de \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=james.l.morris@oracle.com \
--cc=jkosina@suse.cz \
--cc=jwboyer@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=qat-linux@intel.com \
--cc=richard@nod.at \
--cc=steved@redhat.com \
--cc=tadeusz.struk@intel.com \
--cc=vgoyal@redhat.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox