From: "Benedetto, Salvatore" <salvatore.benedetto@intel.com>
To: Stephan Mueller <smueller@chronox.de>
Cc: "herbert@gondor.apana.org.au" <herbert@gondor.apana.org.au>,
"linux-crypto@vger.kernel.org" <linux-crypto@vger.kernel.org>,
"Benedetto, Salvatore" <salvatore.benedetto@intel.com>
Subject: RE: [PATCH 2/2] crypto: kpp - Add DH software implementation
Date: Wed, 13 Apr 2016 09:07:38 +0000 [thread overview]
Message-ID: <309B30E91F5E2846B79BD9AA9711D0318E80ED@IRSMSX102.ger.corp.intel.com> (raw)
In-Reply-To: <365125038.ZIqeO5uAXD@tauon.atsec.com>
> -----Original Message-----
> From: linux-crypto-owner@vger.kernel.org [mailto:linux-crypto-
> owner@vger.kernel.org] On Behalf Of Stephan Mueller
> Sent: Tuesday, April 12, 2016 2:21 PM
> To: Benedetto, Salvatore <salvatore.benedetto@intel.com>
> Cc: herbert@gondor.apana.org.au; linux-crypto@vger.kernel.org
> Subject: Re: [PATCH 2/2] crypto: kpp - Add DH software implementation
>
> > >
> > > > include/crypto/dh.h | 23 ++++++
> > > > 6 files changed, 631 insertions(+) create mode 100644
> > > > crypto/dh.c create mode 100644 include/crypto/dh.h
> > > >
> > > > +
> > > > +static int dh_check_params_length(unsigned int p_len) {
> > > > + switch (p_len) {
> > > > + case 1536:
> > > > + case 2048:
> > > > + case 3072:
> > > > + case 4096:
> > > > + case 6144:
> > > > + case 8192:
> > > > + return 0;
> > >
> > > Does the math require this check?
> > >
> > > Wouldn't it be better to implement limits to the low side (i.e.
> > > p_len <
> > > 1536) and then add a real limit due to the implementation (e.g. it
> > > must be multiple of full bytes)?
> >
> > The math itself does not require any check that I'm aware of.
> > As for the real limit, I think we have to add that as an hardware that
> > is only capable of handling up to 4096 bytes, should fall back to the
> > software implementation if a bigger param is used.
>
> Then why not leave that check to the respective HW implementation and
> provide support for all parameters in software? I.e. simply replace this check
> with a lower boundary check only?
>
I don't see any particular benefit in replacing this check with a lower boundary
check only. Values other than those listed are very unlikely.
Anyway, if you feel so strong about it and other people think the same I'm
OK with either check :-) Either case shouldn't harm.
Thanks,
Salvatore
next prev parent reply other threads:[~2016-04-13 9:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-12 10:39 [PATCH 0/2] Key-agreement Protocol Primitives (KPP) API Salvatore Benedetto
2016-04-12 10:39 ` [PATCH 1/2] crypto: Key-agreement Protocol Primitives API (KPP) Salvatore Benedetto
2016-04-12 10:39 ` [PATCH 2/2] crypto: kpp - Add DH software implementation Salvatore Benedetto
2016-04-12 13:00 ` Stephan Mueller
2016-04-12 13:18 ` Benedetto, Salvatore
2016-04-12 13:21 ` Stephan Mueller
2016-04-13 9:07 ` Benedetto, Salvatore [this message]
2016-04-13 9:23 ` Stephan Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=309B30E91F5E2846B79BD9AA9711D0318E80ED@IRSMSX102.ger.corp.intel.com \
--to=salvatore.benedetto@intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.