From: Simo Sorce <simo@redhat.com>
To: "Stephan Müller" <smueller@chronox.de>, linux-crypto@vger.kernel.org
Cc: herbert@gondor.apana.org.au
Subject: Re: [PATCH] crypto: DRBG - switch to HMAC SHA512 DRBG as default DRBG
Date: Thu, 20 May 2021 16:05:25 -0400 [thread overview]
Message-ID: <0eced9533d36392b5f8e9540d299631f1a9e1ff8.camel@redhat.com> (raw)
In-Reply-To: <3171520.o5pSzXOnS6@positron.chronox.de>
On Thu, 2021-05-20 at 21:31 +0200, Stephan Müller wrote:
> The default DRBG is the one that has the highest priority. The priority
> is defined based on the order of the list drbg_cores[] where the highest
> priority is given to the last entry by drbg_fill_array.
>
> With this patch the default DRBG is switched from HMAC SHA256 to HMAC
> SHA512 to support compliance with SP800-90B and SP800-90C (current
> draft).
>
> The user of the crypto API is completely unaffected by the change.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> ---
> crypto/drbg.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/crypto/drbg.c b/crypto/drbg.c
> index 1b4587e0ddad..ea85d4a0fe9e 100644
> --- a/crypto/drbg.c
> +++ b/crypto/drbg.c
> @@ -176,18 +176,18 @@ static const struct drbg_core drbg_cores[] = {
> .blocklen_bytes = 48,
> .cra_name = "hmac_sha384",
> .backend_cra_name = "hmac(sha384)",
> - }, {
> - .flags = DRBG_HMAC | DRBG_STRENGTH256,
> - .statelen = 64, /* block length of cipher */
> - .blocklen_bytes = 64,
> - .cra_name = "hmac_sha512",
> - .backend_cra_name = "hmac(sha512)",
> }, {
> .flags = DRBG_HMAC | DRBG_STRENGTH256,
> .statelen = 32, /* block length of cipher */
> .blocklen_bytes = 32,
> .cra_name = "hmac_sha256",
> .backend_cra_name = "hmac(sha256)",
> + }, {
> + .flags = DRBG_HMAC | DRBG_STRENGTH256,
> + .statelen = 64, /* block length of cipher */
> + .blocklen_bytes = 64,
> + .cra_name = "hmac_sha512",
> + .backend_cra_name = "hmac(sha512)",
> },
> #endif /* CONFIG_CRYPTO_DRBG_HMAC */
> };
We'd like this to ease certification pains.
Acked-by: simo Sorce <simo@redhat.com>
--
Simo Sorce
RHEL Crypto Team
Red Hat, Inc
next prev parent reply other threads:[~2021-05-20 20:05 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-20 19:31 [PATCH] crypto: DRBG - switch to HMAC SHA512 DRBG as default DRBG Stephan Müller
2021-05-20 20:05 ` Simo Sorce [this message]
2021-05-28 7:26 ` Herbert Xu
2021-06-24 14:30 ` Herbert Xu
2021-06-24 14:54 ` Stephan Mueller
2021-06-24 15:44 ` [PATCH] crypto: DRBG - self test for HMAC(SHA-512) Stephan Müller
[not found] ` <CAMusb+TVdPRtDCY88kREZgWNH8XtrJS4yLkK3UJFqhXgn36raw@mail.gmail.com>
2021-06-24 20:56 ` Vlad Dronov
2021-06-28 3:31 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0eced9533d36392b5f8e9540d299631f1a9e1ff8.camel@redhat.com \
--to=simo@redhat.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.