@@ -260,6 +260,18 @@ static int alg_setsockopt(struct socket *sock, int level, int optname,
err = alg_setkey(sk, optval, optlen, type->setpubkey);
break;
+ case ALG_SET_DH_PARAMETERS:
+ if (sock->state == SS_CONNECTED)
+ goto unlock;
+
+ err = alg_setkey(sk, optval, optlen, type->dhparams);
+ break;
+ case ALG_SET_ECDH_CURVE:
+ if (sock->state == SS_CONNECTED)
+ goto unlock;
+
+ err = alg_setkey(sk, optval, optlen, type->ecdhcurve);
+ break;
case ALG_SET_AEAD_AUTHSIZE:
if (sock->state == SS_CONNECTED)
goto unlock;
@@ -53,6 +53,8 @@ struct af_alg_type {
void (*release)(void *private);
int (*setkey)(void *private, const u8 *key, unsigned int keylen);
int (*setpubkey)(void *private, const u8 *key, unsigned int keylen);
+ int (*dhparams)(void *private, const u8 *param, unsigned int paramlen);
+ int (*ecdhcurve)(void *private, const u8 *param, unsigned int paramlen);
int (*accept)(void *private, struct sock *sk);
int (*accept_nokey)(void *private, struct sock *sk);
int (*setauthsize)(void *private, unsigned int authsize);
@@ -35,6 +35,8 @@ struct af_alg_iv {
#define ALG_SET_AEAD_ASSOCLEN 4
#define ALG_SET_AEAD_AUTHSIZE 5
#define ALG_SET_PUBKEY 6
+#define ALG_SET_DH_PARAMETERS 7
+#define ALG_SET_ECDH_CURVE 8
/* Operations */
#define ALG_OP_DECRYPT 0
For supporting DH ciphers, user space must be able to set the DH parameters. The patch adds a new setsockopt call for setting these parameters. Similarly, the ECDH curve information can be set by user space via the newly added setsockopt call. Signed-off-by: Stephan Mueller <smueller@chronox.de> --- crypto/af_alg.c | 12 ++++++++++++ include/crypto/if_alg.h | 2 ++ include/uapi/linux/if_alg.h | 2 ++ 3 files changed, 16 insertions(+)