Re: [PATCH v2 06/18] crypto: dh - introduce RFC 3526 safe-prime groups

[Hannes Reinecke]

On 12/9/21 10:03 AM, Nicolai Stange wrote:
> A future patch will make the DH implementation to reject domain parameters
> not corresponding to any of the safe-prime groups approved by SP800-56Arev3
> in FIPS mode.
> 
> The MODP groups specified by RFC 3526 are among those approved safe-prime
> groups. Make them known to the kernel in order to enable the DH
> implementation to recognize those when passed in from e.g. the
> keyctl(KEYCTL_DH_COMPUTE) syscall.
> 
> More specifically, introduce corresponding members to enum dh_group_id
> as well as entries with the resp. domain parameters to the
> safe_prime_groups[] array queried by crypto_dh_decode_key(). The resp.
> ->max_strength value is set to the maximum supported security strength as
> specified in SP800-56Arev3.
> 
> As the domain parameters consume an substantial amount of space, make
> RFC 3526 safe-prime group support selectable by means of the new
> CRYPTO_DH_GROUPS_RFC3526 Kconfig option.
> 
> Signed-off-by: Nicolai Stange <nstange@xxxxxxx>
> ---
>  crypto/Kconfig      |   6 ++
>  crypto/dh_helper.c  | 216 ++++++++++++++++++++++++++++++++++++++++++++
>  include/crypto/dh.h |   7 ++
>  3 files changed, 229 insertions(+)
> 
Reviewed-by: Hannes Reinecke <hare@xxxxxxx>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		           Kernel Storage Architect
hare@xxxxxxx			                  +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer