Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp4254700pxb;
        Mon, 21 Feb 2022 16:06:34 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwNYCZljGP/3WtsbHW+BtTskYDtyO946W1Dd56JhqzDg6GyCufK4KB3aH5uiIcLLSfUUalD
X-Received: by 2002:a05:6402:518b:b0:412:d173:1e29 with SMTP id q11-20020a056402518b00b00412d1731e29mr16477787edd.302.1645488393981;
        Mon, 21 Feb 2022 16:06:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645488393; cv=none;
        d=google.com; s=arc-20160816;
        b=zu6MEwfSMX3oxoKYAt11yzKXCNWwFSknbVwZ3qDBd5zdANYCLP9J9fpTk7SZTjTZmO
         0sr5AmKWKoAtTUfefA3GyhpmoJFePWVM18SJcVQ9o6DkR01cMG/W0eP+y3nVLmTZaf5B
         m85RNz6jE4CWJg+fNkluEUqei+SRaLyhCPfeukApToLKHOecTQFd7DPwA3j94ifmP441
         vdndF8dLEnnv/ybPdkbHOlY6dfG2a+b+GMXlJ909lObuPMwJZvVPtrN/QJMWzT76MhMy
         FyC07Fl9+0ZOpYQYqao/DHzaS6Y8G1SceKkSbxNMT1o+7SkAvoPR8mHBdhOSQ10AQjDu
         cLiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from:dkim-signature:dkim-signature;
        bh=NOqTT1XNzh9fvTWq3EP6c+EQZqVe2ujBsleekauTIRM=;
        b=tAE8Liruk8oIsNQpnDPXG5d5KB1DHy6daG424Mr+5g3tG1kX7AQGptI+wfPg4wV3sq
         oj+Rx/ba67oumFpaw/KZaQVg+PipYtoiF9OyYmLBaD2BouDQX07zvfXEIR5hfye7x2Ws
         NIgbEqAF6SVt0esxKC41XGSIWN2mLZSLsEl2dNg2tyJrEQkJOR8eE01LjbrAwlCF5ptV
         pW4wjHOl2ih2w3hmGGeJHXBxO1bGbh4vdhTej9wzqcPanFGyffK06SKyCCUpO/4oGUhY
         X6iMQHsaES4D4NyOn27NZsTBCKZMAjD7stx9XILmbwHHdO7rpbpxiZm9OoTpeut8WgTC
         or/Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=eD6b9B49;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=c5G7g3s4;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Return-Path: <linux-crypto-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id fj2si10896381ejc.867.2022.02.21.16.05.51;
        Mon, 21 Feb 2022 16:06:33 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@suse.de header.s=susede2_rsa header.b=eD6b9B49;
       dkim=neutral (no key) header.i=@suse.de header.s=susede2_ed25519 header.b=c5G7g3s4;
       spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=suse.de
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1357668AbiBUMOQ (ORCPT <rfc822;benevolent.opressor@gmail.com>
        + 99 others); Mon, 21 Feb 2022 07:14:16 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:42228 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1357494AbiBUMOF (ORCPT
        <rfc822;linux-crypto@vger.kernel.org>);
        Mon, 21 Feb 2022 07:14:05 -0500
Received: from smtp-out2.suse.de (smtp-out2.suse.de [195.135.220.29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1A33B205F6;
        Mon, 21 Feb 2022 04:11:12 -0800 (PST)
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by smtp-out2.suse.de (Postfix) with ESMTPS id 85C6B1F38E;
        Mon, 21 Feb 2022 12:11:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa;
        t=1645445471; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:  content-transfer-encoding:content-transfer-encoding;
        bh=NOqTT1XNzh9fvTWq3EP6c+EQZqVe2ujBsleekauTIRM=;
        b=eD6b9B49JF6/+W2shYM8+/n3Fr2qpshlYHS78/lbq6n1sMBFsXdZnddruiU0kcDIpjy41p
        g5Ef03y0PYrUnzuv6jNPgHrG5PddSCsZveH21MNvU+TBg/2q29QO7xZZIEcwimrxBndK+K
        be40IF9YnmFTjfO7LwBPkPgz4qnAwXU=
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;
        s=susede2_ed25519; t=1645445471;
        h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:
         mime-version:mime-version:  content-transfer-encoding:content-transfer-encoding;
        bh=NOqTT1XNzh9fvTWq3EP6c+EQZqVe2ujBsleekauTIRM=;
        b=c5G7g3s4A9OB2zWz54Qxh02mb6doK/LU12FROawvVZGQDLjxLoTSDjJlAAmTBhLVHwgI1j
        fWEWcoVo7qUuODBQ==
Received: from imap2.suse-dmz.suse.de (imap2.suse-dmz.suse.de [192.168.254.74])
        (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
         key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512)
        (No client certificate requested)
        by imap2.suse-dmz.suse.de (Postfix) with ESMTPS id 667BA13A9C;
        Mon, 21 Feb 2022 12:11:11 +0000 (UTC)
Received: from dovecot-director2.suse.de ([192.168.254.65])
        by imap2.suse-dmz.suse.de with ESMTPSA
        id A7j6GF+BE2JRWwAAMHmgww
        (envelope-from <nstange@suse.de>); Mon, 21 Feb 2022 12:11:11 +0000
From:   Nicolai Stange <nstange@suse.de>
To:     Herbert Xu <herbert@gondor.apana.org.au>,
        "David S. Miller" <davem@davemloft.net>
Cc:     =?UTF-8?q?Stephan=20M=C3=BCller?= <smueller@chronox.de>,
        Hannes Reinecke <hare@suse.de>, Torsten Duwe <duwe@suse.de>,
        David Howells <dhowells@redhat.com>,
        Jarkko Sakkinen <jarkko@kernel.org>,
        linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
        keyrings@vger.kernel.org, Nicolai Stange <nstange@suse.de>
Subject: [PATCH v4 00/15] crypto: dh - infrastructure for NVM in-band auth and FIPS conformance
Date:   Mon, 21 Feb 2022 13:10:46 +0100
Message-Id: <20220221121101.1615-1-nstange@suse.de>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
        SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

Hi all,

first of all, to the people primarily interested in security/keys/, there's
a rather trivial change to security/keys/dh.c in patch 4/15. It would be
great to get ACKs for that...

This patchset's main objective is to provide the DH related preprequisite
bits needed by the upcoming support for NVME in-band authentication ([1]),
namely
- support for the RFC 7919 ffdheXYZ group parameters (patches [1-8/15]) and
- an ephemeral key generation primitive for these (patches [9-11/15]).

With this in place, it happens to become relatively straight-forward to
achieve conformance with NIST SP800-56Ar3. The remainder of this patchset,
i.e. patches [12-15/15], implements the required changes.

The previous v3 of this patchset can be found at [2]. The only difference
between v3 and the v4 here is the removal of a superfluous "default n"
Kconfig statement in patch [7/15] ("crypto: dh - implement ffdheXYZ(dh)
templates").

I would like to reiterate that [12/15] ("crypto: api - allow algs only in
specific constructions in FIPS mode") is heavily based on a patch
previously posted by Herbert. Please refer to the v3 cover letter at [2]
for the full history.

Finally note that Stephan has granted his
Tested-by: Stephan Mueller <smueller@chronox.de>
to v3 already ([3]). Stephan, with the trivial diff between v3 and v4,
would you be Ok with carrying it over?

Thanks,

Nicolai

[1] https://lore.kernel.org/r/20211202152358.60116-1-hare@suse.de
[2] https://lore.kernel.org/r/20220202104012.4193-1-nstange@suse.de
[3] https://lore.kernel.org/r/8937519.l8FpVtv5Hg@tauon.chronox.de

Nicolai Stange (15):
  crypto: kpp - provide support for KPP template instances
  crypto: kpp - provide support for KPP spawns
  crypto: dh - remove struct dh's ->q member
  crypto: dh - constify struct dh's pointer members
  crypto: dh - split out deserialization code from crypto_dh_decode()
  crypto: dh - introduce common code for built-in safe-prime group
    support
  crypto: dh - implement ffdheXYZ(dh) templates
  crypto: testmgr - add known answer tests for ffdheXYZ(dh) templates
  crypto: dh - implement private key generation primitive for
    ffdheXYZ(dh)
  crypto: testmgr - add keygen tests for ffdheXYZ(dh) templates
  crypto: dh - allow for passing NULL to the ffdheXYZ(dh)s'
    ->set_secret()
  crypto: api - allow algs only in specific constructions in FIPS mode
  crypto: dh - disallow plain "dh" usage in FIPS mode
  lib/mpi: export mpi_rshift
  crypto: dh - calculate Q from P for the full public key verification

 crypto/Kconfig                |    7 +
 crypto/algapi.c               |   18 +-
 crypto/api.c                  |   19 +-
 crypto/dh.c                   |  687 +++++++++++++++-
 crypto/dh_helper.c            |   42 +-
 crypto/kpp.c                  |   29 +
 crypto/tcrypt.c               |    4 +-
 crypto/testmgr.c              |   61 +-
 crypto/testmgr.h              | 1445 ++++++++++++++++++++++++++++++++-
 include/crypto/dh.h           |   26 +-
 include/crypto/internal/kpp.h |  158 ++++
 include/linux/crypto.h        |    9 +
 lib/mpi/mpi-bit.c             |    1 +
 security/keys/dh.c            |    2 +-
 14 files changed, 2441 insertions(+), 67 deletions(-)

-- 
2.26.2