path: root/include/crypto/dh.h
diff options
authorStephan Mueller <smueller@chronox.de>2018-06-27 08:15:31 +0200
committerHerbert Xu <herbert@gondor.apana.org.au>2018-07-09 00:26:22 +0800
commite3fe0ae129622b78e710e75ecbf7aca7af5dda47 (patch)
treef95315c4f57e6a33c98a60dfc3a8566f21509ec4 /include/crypto/dh.h
parent73463ade0a57d2c7f23e1dfad25d32f18c79db95 (diff)
crypto: dh - add public key verification test
According to SP800-56A section, the public key to be processed for the DH operation shall be checked for appropriateness. The check shall covers the full verification test in case the domain parameter Q is provided as defined in SP800-56A section If Q is not provided, the partial check according to SP800-56A section is performed. The full verification test requires the presence of the domain parameter Q. Thus, the patch adds the support to handle Q. It is permissible to not provide the Q value as part of the domain parameters. This implies that the interface is still backwards-compatible where so far only P and G are to be provided. However, if Q is provided, it is imported. Without the test, the NIST ACVP testing fails. After adding this check, the NIST ACVP testing passes. Testing without providing the Q domain parameter has been performed to verify the interface has not changed. Signed-off-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'include/crypto/dh.h')
1 files changed, 4 insertions, 0 deletions
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index 71e1bb24d79f..7e0dad94cb2b 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -29,17 +29,21 @@
* @key: Private DH key
* @p: Diffie-Hellman parameter P
+ * @q: Diffie-Hellman parameter Q
* @g: Diffie-Hellman generator G
* @key_size: Size of the private DH key
* @p_size: Size of DH parameter P
+ * @q_size: Size of DH parameter Q
* @g_size: Size of DH generator G
struct dh {
void *key;
void *p;
+ void *q;
void *g;
unsigned int key_size;
unsigned int p_size;
+ unsigned int q_size;
unsigned int g_size;