dhe: check if DH params in SKE match the FIPS approved algorithmstmp-sp800-56ar3

SP800-56A rev. 3 restricts the FIPS compliant clients to use only
approved DH parameters, defined in RFC 7919 and RFC 3526.  This adds a
check in the handling of ServerKeyExchange if DHE is negotiated.

Signed-off-by: Daiki Ueno <ueno@gnu.org>

1 files changed, 24 insertions, 0 deletions

diff --git a/doc/credentials/Makefile.am b/doc/credentials/Makefile.am
index ecdd57a106..25778856f6 100644
--- a/doc/credentials/Makefile.am
+++ b/doc/credentials/Makefile.am
@@ -31,3 +31,27 @@ EXTRA_DIST += srp-passwd.txt  srp-tpasswd.conf
 
 EXTRA_DIST += psk-passwd.txt
 
+EXTRA_DIST += \
+	dhparams/rfc2409-group-1-768.pem	\
+	dhparams/rfc2409-group-2-1024.pem	\
+	dhparams/rfc3526-group-14-2048.pem	\
+	dhparams/rfc3526-group-15-3072.pem	\
+	dhparams/rfc3526-group-16-4096.pem	\
+	dhparams/rfc3526-group-17-6144.pem	\
+	dhparams/rfc3526-group-18-8192.pem	\
+	dhparams/rfc3526-group-5-1536.pem	\
+	dhparams/rfc5054-1024.pem		\
+	dhparams/rfc5054-1536.pem		\
+	dhparams/rfc5054-2048.pem		\
+	dhparams/rfc5054-3072.pem		\
+	dhparams/rfc5054-4096.pem		\
+	dhparams/rfc5054-6144.pem		\
+	dhparams/rfc5054-8192.pem		\
+	dhparams/rfc5114-group-22-1024.pem	\
+	dhparams/rfc5114-group-23-2048.pem	\
+	dhparams/rfc5114-group-24-2048.pem	\
+	dhparams/rfc7919-ffdhe2048.pem		\
+	dhparams/rfc7919-ffdhe3072.pem		\
+	dhparams/rfc7919-ffdhe4096.pem		\
+	dhparams/rfc7919-ffdhe6144.pem		\
+	dhparams/rfc7919-ffdhe8192.pem