From: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Date: Wed, 3 Apr 2019 12:28:50 +0000 (+0200)
Subject: reduce minimum crypto key size to 1024bit
X-Git-Tag: v1.9^2~8
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=4e648f76930af8c376a833677d940b2b0efc3c86;p=mirror_kronosnet.git

reduce minimum crypto key size to 1024bit

Since the key is used for AES/3DES and HMAC operations only, this is
safe. AES/3DES use keys in the 128- to 256-bit range, HMAC with
MD5/SHA1/SHA2 should use keys with a minimum of 128- to 512-bit (in both
cases, depending on the actual algorithm used).

This reduction also keeps knet compatible with existing Corosync 2.x
keyfiles, which are 1024-bit.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---

diff --git a/libknet/libknet.h b/libknet/libknet.h
index 36fefa5..0331b1f 100644
--- a/libknet/libknet.h
+++ b/libknet/libknet.h
@@ -587,8 +587,7 @@ int knet_handle_pmtud_get(knet_handle_t knet_h,
 				unsigned int *data_mtu);
 
 
-
-#define KNET_MIN_KEY_LEN  256
+#define KNET_MIN_KEY_LEN  128
 #define KNET_MAX_KEY_LEN 4096
 
 struct knet_handle_crypto_cfg {