On 12/9/21 10:03 AM, Nicolai Stange wrote: > The FFDHE groups specified by RFC 7919 are needed for the current work > on NVME ([1]) and also among the safe-prime groups approved by > SP800-56Arev3. Make them known to the kernel. > > More specifically, introduce corresponding members to enum dh_group_id > as well as entries with the resp. domain parameters to the > safe_prime_groups[] array queried by crypto_dh_decode_key(). The resp. > ->max_strength value is set to the maximum supported security strength as > specified in SP800-56Arev3. > > As the domain parameters consume an substantial amount of space, make > RFC 7919 safe-prime group support selectable by means of the new > CRYPTO_DH_GROUPS_RFC7919 Kconfig option. > > [1] https://lkml.kernel.org/r/20211122074727.25988-4-hare@xxxxxxx > > Signed-off-by: Nicolai Stange <nstange@xxxxxxx> > --- > crypto/Kconfig | 11 ++- > crypto/dh_helper.c | 219 +++++++++++++++++++++++++++++++++++++++++++- > include/crypto/dh.h | 7 ++ > 3 files changed, 235 insertions(+), 2 deletions(-) > Reviewed-by: Hannes Reinecke <hare@xxxxxxx> Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@xxxxxxx +49 911 74053 688 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
