lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 17 Dec 2020 11:07:30 +0800
From:   yumeng <yumeng18@...wei.com>
To:     Stephan Mueller <smueller@...onox.de>
CC:     <linux-crypto@...r.kernel.org>, <xuzaibo@...wei.com>,
        <wangzhou1@...ilicon.com>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v4 4/5] crypto: hisilicon/hpre - add 'ECDH' algorithm



在 2020/12/17 4:10, Stephan Mueller 写道:
> Am Mittwoch, dem 16.12.2020 um 10:39 +0800 schrieb yumeng:
>>
>>
>>
>>> Am Freitag, den 11.12.2020, 14:30 +0800 schrieb Meng Yu:
>>>>
>>>> +/* size in bytes of the n prime */
>>>> +#define HPRE_ECC_NIST_P128_N_SIZE      16
>>>
>>> Do we truly need P-128? Besides, I do not see that curve being defined in
>>> contemporary cipher specs.
>>>
>>>> +#define HPRE_ECC_NIST_P192_N_SIZE      24
>>>> +#define HPRE_ECC_NIST_P224_N_SIZE      28
>>>> +#define HPRE_ECC_NIST_P256_N_SIZE      32
>>>> +#define HPRE_ECC_NIST_P320_N_SIZE      40
>>>
>>> Do we truly need P-320? Besides, I do not see that curve being defined in
>>> contemporary cipher specs.
>>
>> Yes, in rfc 5903, only P-256, P-384 and P-521 is defined, but in
>> 'rfc5639' and  "SEC 2: Recommended Elliptic Curve Domain Parameters",
>> other curves like P-128, P-192, P-224, and P-320 curve parameters are
>> found, and they are used in 'openssl';
>> How about your idea?
> 
> Who is going to use that curve considering that common protocols that are
> implemented in the kernel do not use it?
> 
> Thanks
> Stephan
> 

I see in "SEC 2: Recommended Elliptic Curve Domain ParametersVersion2.0"
that 'Recommend Elliptic Curve Domain Parameters over Fp' are secp192,
secp224, secp256, secp384, and secp521, secp128 and secp320 are not
recommended.
So you mean it's better not to include secp128 and secp320, right?

Thanks,

Powered by blists - more mailing lists