diff options
author | Nicolai Stange <nstange@suse.de> | 2022-02-21 13:10:53 +0100 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2022-03-02 23:47:51 +0100 |
commit | 7dce59819750d78513c70bf4a9024e265af88b23 (patch) | |
tree | b83c05d3649e2d626486937b70c0c0044f0b9470 /crypto/Kconfig | |
parent | crypto: dh - introduce common code for built-in safe-prime group support (diff) | |
download | linux-7dce59819750d78513c70bf4a9024e265af88b23.tar.xz linux-7dce59819750d78513c70bf4a9024e265af88b23.zip |
crypto: dh - implement ffdheXYZ(dh) templates
Current work on NVME in-band authentication support ([1]) needs to invoke
DH with the FFDHE safe-prime group parameters specified in RFC 7919.
Introduce a new CRYPTO_DH_RFC7919_GROUPS Kconfig option. If enabled, make
dh_generic register a couple of ffdheXYZ(dh) templates, one for each group:
ffdhe2048(dh), ffdhe3072(dh), ffdhe4096(dh), ffdhe6144(dh) and
ffdhe8192(dh). Their respective ->set_secret() expects a (serialized)
struct dh, just like the underlying "dh" implementation does, but with the
P and G values unset so that the safe-prime constants for the given group
can be filled in by the wrapping template.
Internally, a struct dh_safe_prime instance is being defined for each of
the ffdheXYZ(dh) templates as appropriate. In order to prepare for future
key generation, fill in the maximum security strength values as specified
by SP800-56Arev3 on the go, even though they're not needed at this point
yet.
Implement the respective ffdheXYZ(dh) crypto_template's ->create() by
simply forwarding any calls to the __dh_safe_prime_create() helper
introduced with the previous commit, passing the associated dh_safe_prime
in addition to the received ->create() arguments.
[1] https://lore.kernel.org/r/20211202152358.60116-1-hare@suse.de
Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto/Kconfig')
-rw-r--r-- | crypto/Kconfig | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/Kconfig b/crypto/Kconfig index d9573b3f081f..ba9434ad06ef 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -231,6 +231,12 @@ config CRYPTO_DH help Generic implementation of the Diffie-Hellman algorithm. +config CRYPTO_DH_RFC7919_GROUPS + bool "Support for RFC 7919 FFDHE group parameters" + depends on CRYPTO_DH + help + Provide support for RFC 7919 FFDHE group parameters. If unsure, say N. + config CRYPTO_ECC tristate select CRYPTO_RNG_DEFAULT |