[crypto] Add RFC 7919 FFDHE key exchange algorithms We currently support fully parameterized finite field Diffie-Hellman key exchange, where the peer provides not only its public key but also the (fully arbitrary) selection of the field prime and generator. RFC 7919 defines a family of finite fields all constructed from the natural logarithm constant "e", intended to be used as well-known fields where the peer simply names the field (e.g. "ffdhe2048") rather than providing the raw prime and generator values. Add support for this family of finite fields as key exchange algorithms, to allow for protocols such as TLS version 1.3 where parameterized fields are not permitted. We choose to support only up to ffdhe4096, since this is sufficient to exceed the security strength of our RNG (128 bits). Support for ffdhe6144 and ffdhe8192 could trivially be added by simply extending the "euler" constant and adding the relevant FFDHE_GROUP() declarations. Doing so would approximately double the space requirements for both read-only data (from 0.5kB to 1kB) and for uninitialised data (from 3.5kB to 7kB). Signed-off-by: Michael Brown <mcb30@ipxe.org>
iPXE is the leading open source network boot firmware. It provides a full PXE implementation enhanced with additional features such as:
boot from a web server via HTTP or HTTPS,
boot from an iSCSI, FCoE, or AoE SAN,
control the boot process with a script,
You can use iPXE to replace the existing PXE ROM on your network card, or you can chainload into iPXE to obtain the features of iPXE without the hassle of reflashing.
iPXE is free, open-source software licensed under the GNU GPL (with some portions under GPL-compatible licences).
You can download the rolling release binaries (built from the latest commit), or use the most recent stable release.
For full documentation, visit the iPXE website.
