• Joachim Vandersmissen's avatar
    crypto: ecc - update ecc_gen_privkey for FIPS 186-5 · dbad7b69
    Joachim Vandersmissen authored
    FIPS 186-5 [1] was released approximately 1 year ago. The most
    interesting change for ecc_gen_privkey is the removal of curves with
    order < 224 bits. This is minimum is now checked in step 1. It is
    unlikely that there is still any benefit in generating private keys for
    curves with n < 224, as those curves provide less than 112 bits of
    security strength and are therefore unsafe for any modern usage.
    
    This patch also updates the documentation for __ecc_is_key_valid and
    ecc_gen_privkey to clarify which FIPS 186-5 method is being used to
    generate private keys. Previous documentation mentioned that "extra
    random bits" was used. However, this did not match the code. Instead,
    the code currently uses (and always has used) the "rejection sampling"
    ("testing candidates" in FIPS 186-4) method.
    
    [1]: https://doi.org/10.6028/NIST.FIPS.186-5Signed-off-by: default avatarJoachim Vandersmissen <git@jvdsn.com>
    Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
    dbad7b69
ecc.c 42.3 KB