On 12/9/21 10:03 AM, Nicolai Stange wrote: > A future patch will make the DH implementation to reject domain parameters > not corresponding to any of the safe-prime groups approved by SP800-56Arev3 > in FIPS mode. > > The MODP groups specified by RFC 3526 are among those approved safe-prime > groups. Make them known to the kernel in order to enable the DH > implementation to recognize those when passed in from e.g. the > keyctl(KEYCTL_DH_COMPUTE) syscall. > > More specifically, introduce corresponding members to enum dh_group_id > as well as entries with the resp. domain parameters to the > safe_prime_groups[] array queried by crypto_dh_decode_key(). The resp. > ->max_strength value is set to the maximum supported security strength as > specified in SP800-56Arev3. > > As the domain parameters consume an substantial amount of space, make > RFC 3526 safe-prime group support selectable by means of the new > CRYPTO_DH_GROUPS_RFC3526 Kconfig option. > > Signed-off-by: Nicolai Stange <nstange@xxxxxxx> > --- > crypto/Kconfig | 6 ++ > crypto/dh_helper.c | 216 ++++++++++++++++++++++++++++++++++++++++++++ > include/crypto/dh.h | 7 ++ > 3 files changed, 229 insertions(+) > Reviewed-by: Hannes Reinecke <hare@xxxxxxx> Cheers, Hannes -- Dr. Hannes Reinecke Kernel Storage Architect hare@xxxxxxx +49 911 74053 688 SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg HRB 36809 (AG Nürnberg), GF: Felix Imendörffer
