git.ipfire.org Git - thirdparty/ipxe.git/commit

author	Michael Brown <mcb30@ipxe.org>
	Wed, 17 Jun 2026 09:48:18 +0000 (10:48 +0100)
committer	Michael Brown <mcb30@ipxe.org>
	Wed, 17 Jun 2026 12:38:50 +0000 (13:38 +0100)
commit	25072c19053fe87993486e411eb85d059856f1fc
tree	d638601a71b5bd840d465e0756158f023b2b7a61	tree \| snapshot
parent	70d63bec9418dd9f4b9dce46fd0f04b6cb00c0fe	commit \| diff

[crypto] Use private data field for key exchange algorithms

For historical reasons, TLS versions 1.2 and earlier identify FFDHE
groups by specifying the raw group prime and generator (the "dh_p" and
"dh_g" fields in ServerDHParams), rather than using a numeric code to
identify a named group.

This adds complexity to the process of identifying the internal key
exchange algorithm. One option would be to extend the definition of
struct tls_key_exchange_algorithm to include the identifying values
for the field prime and generator, but this is undesirable since the
field prime values may be large, and these values are already
available (indirectly) in ffdhe.c.

Extend our definition of a key exchange algorithm to include an opaque
private data field. This allows us to remove the wrapper functions
currently created by FFDHE_GROUP() and WEIERSTRASS_CURVE(), and opens
up the option of accessing the existing FFDHE field prime and
generator values from within the TLS layer.

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/crypto/ffdhe.c		diff \| blob \| blame \| history
src/crypto/weierstrass.c		diff \| blob \| blame \| history
src/crypto/x25519.c		diff \| blob \| blame \| history
src/include/ipxe/crypto.h		diff \| blob \| blame \| history
src/include/ipxe/ffdhe.h		diff \| blob \| blame \| history
src/include/ipxe/weierstrass.h		diff \| blob \| blame \| history