lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <354c93c4-1a3a-a22b-1bd6-0815d4128aa0@suse.de>
Date:   Mon, 21 Feb 2022 15:15:51 +0100
From:   Hannes Reinecke <hare@...e.de>
To:     Nicolai Stange <nstange@...e.de>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        "David S. Miller" <davem@...emloft.net>
Cc:     Stephan Müller <smueller@...onox.de>,
        Torsten Duwe <duwe@...e.de>,
        David Howells <dhowells@...hat.com>,
        Jarkko Sakkinen <jarkko@...nel.org>,
        linux-crypto@...r.kernel.org, linux-kernel@...r.kernel.org,
        keyrings@...r.kernel.org
Subject: Re: [PATCH v4 07/15] crypto: dh - implement ffdheXYZ(dh) templates

On 2/21/22 13:10, Nicolai Stange wrote:
> Current work on NVME in-band authentication support ([1]) needs to invoke
> DH with the FFDHE safe-prime group parameters specified in RFC 7919.
> 
> Introduce a new CRYPTO_DH_RFC7919_GROUPS Kconfig option. If enabled, make
> dh_generic register a couple of ffdheXYZ(dh) templates, one for each group:
> ffdhe2048(dh), ffdhe3072(dh), ffdhe4096(dh), ffdhe6144(dh) and
> ffdhe8192(dh). Their respective ->set_secret() expects a (serialized)
> struct dh, just like the underlying "dh" implementation does, but with the
> P and G values unset so that the safe-prime constants for the given group
> can be filled in by the wrapping template.
> 
> Internally, a struct dh_safe_prime instance is being defined for each of
> the ffdheXYZ(dh) templates as appropriate. In order to prepare for future
> key generation, fill in the maximum security strength values as specified
> by SP800-56Arev3 on the go, even though they're not needed at this point
> yet.
> 
> Implement the respective ffdheXYZ(dh) crypto_template's ->create() by
> simply forwarding any calls to the __dh_safe_prime_create() helper
> introduced with the previous commit, passing the associated dh_safe_prime
> in addition to the received ->create() arguments.
> 
> [1] https://lore.kernel.org/r/20211202152358.60116-1-hare@suse.de
> 
> Signed-off-by: Nicolai Stange <nstange@...e.de>
> ---
>   crypto/Kconfig |   6 +
>   crypto/dh.c    | 298 ++++++++++++++++++++++++++++++++++++++++++++++++-
>   2 files changed, 303 insertions(+), 1 deletion(-)
> 
Reviewed-by: Hannes Reinecke <hare@...e.de>

Cheers,

Hannes
-- 
Dr. Hannes Reinecke		           Kernel Storage Architect
hare@...e.de			                  +49 911 74053 688
SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), GF: Felix Imendörffer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ