On 12/9/21 10:03 AM, Nicolai Stange wrote: > The previous patch introduced support for the safe-prime groups specified > by RFC 7919. In order to test this functionality, add a corresponding > ffdhe3072 test vector to testmgr. The choice of ffdhe3072 over e.g. > ffdhe2048 is justified by the fact that the NVMe spec mandates it for its > TLS profile. > > The test data has been generated with OpenSSL. > > Note that this new entry provides test coverage for the recent change to > crypto_dh_encode_key(), which made it to skip the serialization of domain > parameters for known groups, i.e. those with > ->group_id != DH_GROUP_ID_UNKNOWN. > > Moreover, a future patch will make the DH implementation to reject domain > parameters not corresponding to some safe-prime group approved by > SP800-56Arev3 in FIPS mode and the existing DH test vectors don't qualify. > So this patch here will ensure that there's still some suitable test vector > available. > > Signed-off-by: Nicolai Stange <nstange@xxxxxxx> > --- > crypto/testmgr.h | 124 +++++++++++++++++++++++++++++++++++++++++++++++ > 1 file changed, 124 insertions(+) > Reviewed-by: Hannes Reinecke <hare@xxxxxxx> Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@xxxxxxx +49 911 74053 688 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
