diff options
| author | Stephan Mueller <smueller@chronox.de> | 2014-08-17 11:41:10 -0400 |
|---|---|---|
| committer | Herbert Xu <herbert@gondor.apana.org.au> | 2014-08-25 08:34:12 -0400 |
| commit | 05c81ccd9087d238c10b234eadb55632742e5518 (patch) | |
| tree | 11d1b1e9d391a1a7feb8d55c58f3938a2a24b370 /include/crypto | |
| parent | bc034ef5573ef4d81daa666c02a3df1ad28e24a7 (diff) | |
crypto: drbg - remove configuration of fixed values
SP800-90A mandates several hard-coded values. The old drbg_cores allows
the setting of these values per DRBG implementation. However, due to the
hard requirement of SP800-90A, these values are now returned globally
for each DRBG.
The ability to set such values per DRBG is therefore removed.
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/crypto')
| -rw-r--r-- | include/crypto/drbg.h | 19 |
1 files changed, 6 insertions, 13 deletions
diff --git a/include/crypto/drbg.h b/include/crypto/drbg.h index 831d786976c5..3d8e73a1a1c7 100644 --- a/include/crypto/drbg.h +++ b/include/crypto/drbg.h | |||
| @@ -82,15 +82,6 @@ typedef uint32_t drbg_flag_t; | |||
| 82 | struct drbg_core { | 82 | struct drbg_core { |
| 83 | drbg_flag_t flags; /* flags for the cipher */ | 83 | drbg_flag_t flags; /* flags for the cipher */ |
| 84 | __u8 statelen; /* maximum state length */ | 84 | __u8 statelen; /* maximum state length */ |
| 85 | /* | ||
| 86 | * maximum length of personalization string or additional input | ||
| 87 | * string -- exponent for base 2 | ||
| 88 | */ | ||
| 89 | __u8 max_addtllen; | ||
| 90 | /* maximum bits per RNG request -- exponent for base 2*/ | ||
| 91 | __u8 max_bits; | ||
| 92 | /* maximum number of requests -- exponent for base 2 */ | ||
| 93 | __u8 max_req; | ||
| 94 | __u8 blocklen_bytes; /* block size of output in bytes */ | 85 | __u8 blocklen_bytes; /* block size of output in bytes */ |
| 95 | char cra_name[CRYPTO_MAX_ALG_NAME]; /* mapping to kernel crypto API */ | 86 | char cra_name[CRYPTO_MAX_ALG_NAME]; /* mapping to kernel crypto API */ |
| 96 | /* kernel crypto API backend cipher name */ | 87 | /* kernel crypto API backend cipher name */ |
| @@ -156,18 +147,20 @@ static inline __u8 drbg_keylen(struct drbg_state *drbg) | |||
| 156 | 147 | ||
| 157 | static inline size_t drbg_max_request_bytes(struct drbg_state *drbg) | 148 | static inline size_t drbg_max_request_bytes(struct drbg_state *drbg) |
| 158 | { | 149 | { |
| 159 | /* max_bits is in bits, but buflen is in bytes */ | 150 | /* SP800-90A requires the limit 2**19 bits, but we return bytes */ |
| 160 | return (1 << (drbg->core->max_bits - 3)); | 151 | return (1 << 16); |
| 161 | } | 152 | } |
| 162 | 153 | ||
| 163 | static inline size_t drbg_max_addtl(struct drbg_state *drbg) | 154 | static inline size_t drbg_max_addtl(struct drbg_state *drbg) |
| 164 | { | 155 | { |
| 165 | return (1UL<<(drbg->core->max_addtllen)); | 156 | /* SP800-90A requires 2**35 bytes additional info str / pers str */ |
| 157 | return (1UL<<35); | ||
| 166 | } | 158 | } |
| 167 | 159 | ||
| 168 | static inline size_t drbg_max_requests(struct drbg_state *drbg) | 160 | static inline size_t drbg_max_requests(struct drbg_state *drbg) |
| 169 | { | 161 | { |
| 170 | return (1UL<<(drbg->core->max_req)); | 162 | /* SP800-90A requires 2**48 maximum requests before reseeding */ |
| 163 | return (1UL<<48); | ||
| 171 | } | 164 | } |
| 172 | 165 | ||
| 173 | /* | 166 | /* |