Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters

[RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-16
[PATCH 01/11] crypto: add crypto_has_shash() · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 01/11] crypto: add crypto_has_shash() · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
[PATCH 02/11] crypto: add crypto_has_kpp() · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 02/11] crypto: add crypto_has_kpp() · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
[PATCH 08/11] nvmet: Parse fabrics commands on all queues · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 08/11] nvmet: Parse fabrics commands on all queues · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
[PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Hannes Reinecke <hare@suse.de> · 2021-07-17
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Eric Biggers <ebiggers@kernel.org> · 2021-07-17
Re: [PATCH 04/11] lib/base64: RFC4648-compliant base64 encoding · Eric Biggers <ebiggers@kernel.org> · 2021-07-17
[PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-17
Re: [PATCH 05/11] nvme: add definitions for NVMe In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-20
[PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 11/11] nvme: add non-standard ECDH and curve25517 algorithms · Hannes Reinecke <hare@suse.de> · 2021-07-19
[PATCH 10/11] nvmet-auth: implement support for augmented challenge · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 10/11] nvmet-auth: implement support for augmented challenge · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 10/11] nvmet-auth: implement support for augmented challenge · Hannes Reinecke <hare@suse.de> · 2021-07-18
[PATCH 07/11] nvme-auth: augmented challenge support · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Stephan Müller <hidden> · 2021-07-18
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 07/11] nvme-auth: augmented challenge support · Hannes Reinecke <hare@suse.de> · 2021-07-20
[PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-20
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-21
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Stephan Müller <hidden> · 2021-07-18
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-20
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Hannes Reinecke <hare@suse.de> · 2021-07-21
Re: [PATCH 06/11] nvme: Implement In-Band authentication · Vladislav Bolkhovitin <hidden> · 2021-07-21
[PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-07-17
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 03/11] crypto/ffdhe: Finite Field DH Ephemeral Parameters · Hannes Reinecke <hare@suse.de> · 2021-07-18
[PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-16
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Müller <hidden> · 2021-07-17
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-18
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Müller <hidden> · 2021-07-18
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Simo Sorce <hidden> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Simo Sorce <hidden> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Stephan Mueller <hidden> · 2021-07-20
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Vladislav Bolkhovitin <hidden> · 2021-07-23
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Herbert Xu <herbert@gondor.apana.org.au> · 2021-07-18
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Sagi Grimberg <sagi@grimberg.me> · 2021-07-19
Re: [PATCH 09/11] nvmet: Implement basic In-Band Authentication · Hannes Reinecke <hare@suse.de> · 2021-07-20
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Sagi Grimberg <sagi@grimberg.me> · 2021-07-17
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Simo Sorce <hidden> · 2021-07-19
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-19
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Vladislav Bolkhovitin <hidden> · 2021-07-20
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-21
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Vladislav Bolkhovitin <hidden> · 2021-07-21
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Vladislav Bolkhovitin <hidden> · 2021-07-23
Re: [RFC PATCH 00/11] nvme: In-band authentication support · Hannes Reinecke <hare@suse.de> · 2021-07-24

From: Hannes Reinecke <hare@suse.de>
Date: 2021-07-17 13:58:02
Also in: linux-nvme

On 7/17/21 8:14 AM, Sagi Grimberg wrote:

quoted

Add helper functions to generaten Finite Field DH Ephemeral Parameters as
specified in RFC 7919.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
  crypto/Kconfig         |   8 +
  crypto/Makefile        |   1 +
  crypto/ffdhe_helper.c  | 877 +++++++++++++++++++++++++++++++++++++++++
  include/crypto/ffdhe.h |  24 ++
  4 files changed, 910 insertions(+)
  create mode 100644 crypto/ffdhe_helper.c
  create mode 100644 include/crypto/ffdhe.h

diff --git a/crypto/Kconfig b/crypto/Kconfig
index ca3b02dcbbfa..1bea506ba56f 100644
--- a/crypto/Kconfig
+++ b/crypto/Kconfig

@@ -231,6 +231,14 @@ config CRYPTO_DH

      help
        Generic implementation of the Diffie-Hellman algorithm.
+config CRYPTO_FFDHE
+    tristate "Finite Field DH (RFC 7919) ephemeral parameters"

I'd stick with "Diffie-Hellman" in the tristate.

Ok.

quoted

+    select CRYPTO_DH
+    select CRYPTO_KPP
+    select CRYPTO_RNG_DEFAULT
+    help
+      Generic implementation of the Finite Field DH algorithm

Diffie-Hellman algorithm
And not sure I'd call it algorithm implementation, but rather a
helper but maybe something like:
Finite Field Diffie-Hellman ephemeral parameters helper implementation

Wasn't sure how to call it myself; as stated I'm not a security expert.

quoted

+
  config CRYPTO_ECC
      tristate

diff --git a/crypto/Makefile b/crypto/Makefile
index 10526d4559b8..d3bc79fba23f 100644
--- a/crypto/Makefile
+++ b/crypto/Makefile

@@ -177,6 +177,7 @@ obj-$(CONFIG_CRYPTO_OFB) += ofb.o

  obj-$(CONFIG_CRYPTO_ECC) += ecc.o
  obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o
  obj-$(CONFIG_CRYPTO_CURVE25519) += curve25519-generic.o
+obj-$(CONFIG_CRYPTO_FFDHE) += ffdhe_helper.o
  ecdh_generic-y += ecdh.o
  ecdh_generic-y += ecdh_helper.o

diff --git a/crypto/ffdhe_helper.c b/crypto/ffdhe_helper.c
new file mode 100644
index 000000000000..dc023e30c4e5
--- /dev/null
+++ b/crypto/ffdhe_helper.c

@@ -0,0 +1,877 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * Finite Field DH Ephemeral Parameters (RFC 7919)
+ *
+ * Copyright (c) 2021, Hannes Reinecke, SUSE Software Products
+ *
+ */
+
+#include <linux/module.h>
+#include <crypto/internal/kpp.h>
+#include <crypto/kpp.h>
+#include <crypto/dh.h>
+#include <linux/mpi.h>
+
+/*
+ * ffdhe2048 generator (g), modulus (p) and group size (q)

Maybe worth to refer exactly the source of these parameters
in the comment body (rfc section/appendix).

Sure. These actually are copies from RFC 7919, so will be adding a 
reference to it.

Cheers,

Hannes
-- 
Dr. Hannes Reinecke                Kernel Storage Architect
hare@suse.de                              +49 911 74053 688
SUSE Software Solutions GmbH, Maxfeldstr. 5, 90409 Nürnberg
HRB 36809 (AG Nürnberg), Geschäftsführer: Felix Imendörffer

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help