Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-10 06:01:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

crypto: ecdh - move curve_id of ECDH from the key to algorithm name

Browse Source 
1. crypto and crypto/atmel-ecc:
   Move curve id of ECDH from the key into the algorithm name instead
   in crypto and atmel-ecc, so ECDH algorithm name change form 'ecdh'
   to 'ecdh-nist-pxxx', and we cannot use 'curve_id' in 'struct ecdh';
2. crypto/testmgr and net/bluetooth:
   Modify 'testmgr.c', 'testmgr.h' and 'net/bluetooth' to adapt
   the modification.

Signed-off-by: Meng Yu <yumeng18@huawei.com>
Reviewed-by: Zaibo Xu <xuzaibo@huawei.com>
Reported-by: kernel test robot <lkp@intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
Meng Yu 2021-03-04 14:35:46 +08:00 committed by Herbert Xu
parent 9b94ae7290
commit 6763f5ea2d
9 changed files with 89 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
crypto/ecdh.c
View File

@ -23,33 +23,16 @@ static inline struct ecdh_ctx *ecdh_get_ctx(struct crypto_kpp *tfm)
return kpp_tfm_ctx(tfm); return kpp_tfm_ctx(tfm);
} }
static unsigned int ecdh_supported_curve(unsigned int curve_id)
{
switch (curve_id) {
case ECC_CURVE_NIST_P192: return ECC_CURVE_NIST_P192_DIGITS;
case ECC_CURVE_NIST_P256: return ECC_CURVE_NIST_P256_DIGITS;
default: return 0;
}
}
static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
unsigned int len) unsigned int len)
{ {
struct ecdh_ctx *ctx = ecdh_get_ctx(tfm); struct ecdh_ctx *ctx = ecdh_get_ctx(tfm);
struct ecdh params; struct ecdh params;
unsigned int ndigits;
if (crypto_ecdh_decode_key(buf, len, &params) < 0 || if (crypto_ecdh_decode_key(buf, len, &params) < 0 ||
params.key_size > sizeof(ctx->private_key)) params.key_size > sizeof(u64) * ctx->ndigits)
return -EINVAL; return -EINVAL;
ndigits = ecdh_supported_curve(params.curve_id);
if (!ndigits)
return -EINVAL;
ctx->curve_id = params.curve_id;
ctx->ndigits = ndigits;
if (!params.key || !params.key_size) if (!params.key || !params.key_size)
return ecc_gen_privkey(ctx->curve_id, ctx->ndigits, return ecc_gen_privkey(ctx->curve_id, ctx->ndigits,
ctx->private_key); ctx->private_key);
@ -140,13 +123,24 @@ static unsigned int ecdh_max_size(struct crypto_kpp *tfm)
return ctx->ndigits << (ECC_DIGITS_TO_BYTES_SHIFT + 1); return ctx->ndigits << (ECC_DIGITS_TO_BYTES_SHIFT + 1);
} }
static struct kpp_alg ecdh = { static int ecdh_nist_p192_init_tfm(struct crypto_kpp *tfm)
{
struct ecdh_ctx *ctx = ecdh_get_ctx(tfm);
ctx->curve_id = ECC_CURVE_NIST_P192;
ctx->ndigits = ECC_CURVE_NIST_P192_DIGITS;
return 0;
}
static struct kpp_alg ecdh_nist_p192 = {
.set_secret = ecdh_set_secret, .set_secret = ecdh_set_secret,
.generate_public_key = ecdh_compute_value, .generate_public_key = ecdh_compute_value,
.compute_shared_secret = ecdh_compute_value, .compute_shared_secret = ecdh_compute_value,
.max_size = ecdh_max_size, .max_size = ecdh_max_size,
.init = ecdh_nist_p192_init_tfm,
.base = { .base = {
.cra_name = "ecdh", .cra_name = "ecdh-nist-p192",
.cra_driver_name = "ecdh-generic", .cra_driver_name = "ecdh-generic",
.cra_priority = 100, .cra_priority = 100,
.cra_module = THIS_MODULE, .cra_module = THIS_MODULE,
@ -154,14 +148,48 @@ static struct kpp_alg ecdh = {
}, },
}; };
static int ecdh_nist_p256_init_tfm(struct crypto_kpp *tfm)
{
struct ecdh_ctx *ctx = ecdh_get_ctx(tfm);
ctx->curve_id = ECC_CURVE_NIST_P256;
ctx->ndigits = ECC_CURVE_NIST_P256_DIGITS;
return 0;
}
static struct kpp_alg ecdh_nist_p256 = {
.set_secret = ecdh_set_secret,
.generate_public_key = ecdh_compute_value,
.compute_shared_secret = ecdh_compute_value,
.max_size = ecdh_max_size,
.init = ecdh_nist_p256_init_tfm,
.base = {
.cra_name = "ecdh-nist-p256",
.cra_driver_name = "ecdh-generic",
.cra_priority = 100,
.cra_module = THIS_MODULE,
.cra_ctxsize = sizeof(struct ecdh_ctx),
},
};
static bool ecdh_nist_p192_registered;
static int ecdh_init(void) static int ecdh_init(void)
{ {
return crypto_register_kpp(&ecdh); int ret;
ret = crypto_register_kpp(&ecdh_nist_p192);
ecdh_nist_p192_registered = ret == 0;
return crypto_register_kpp(&ecdh_nist_p256);
} }
static void ecdh_exit(void) static void ecdh_exit(void)
{ {
crypto_unregister_kpp(&ecdh); if (ecdh_nist_p192_registered)
crypto_unregister_kpp(&ecdh_nist_p192);
crypto_unregister_kpp(&ecdh_nist_p256);
} }
subsys_initcall(ecdh_init); subsys_initcall(ecdh_init);

4
crypto/ecdh_helper.c
View File

@ -10,7 +10,7 @@
#include <crypto/ecdh.h> #include <crypto/ecdh.h>
#include <crypto/kpp.h> #include <crypto/kpp.h>
#define ECDH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 2 * sizeof(short)) #define ECDH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + sizeof(short))
static inline u8 *ecdh_pack_data(void *dst, const void *src, size_t sz) static inline u8 *ecdh_pack_data(void *dst, const void *src, size_t sz)
{ {
@ -46,7 +46,6 @@ int crypto_ecdh_encode_key(char *buf, unsigned int len,
return -EINVAL; return -EINVAL;
ptr = ecdh_pack_data(ptr, &secret, sizeof(secret)); ptr = ecdh_pack_data(ptr, &secret, sizeof(secret));
ptr = ecdh_pack_data(ptr, &params->curve_id, sizeof(params->curve_id));
ptr = ecdh_pack_data(ptr, &params->key_size, sizeof(params->key_size)); ptr = ecdh_pack_data(ptr, &params->key_size, sizeof(params->key_size));
ecdh_pack_data(ptr, params->key, params->key_size); ecdh_pack_data(ptr, params->key, params->key_size);
@ -70,7 +69,6 @@ int crypto_ecdh_decode_key(const char *buf, unsigned int len,
if (unlikely(len < secret.len)) if (unlikely(len < secret.len))
return -EINVAL; return -EINVAL;
ptr = ecdh_unpack_data(&params->curve_id, ptr, sizeof(params->curve_id));
ptr = ecdh_unpack_data(&params->key_size, ptr, sizeof(params->key_size)); ptr = ecdh_unpack_data(&params->key_size, ptr, sizeof(params->key_size));
if (secret.len != crypto_ecdh_key_len(params)) if (secret.len != crypto_ecdh_key_len(params))
return -EINVAL; return -EINVAL;

13
crypto/testmgr.c
View File

@ -4899,11 +4899,20 @@ static const struct alg_test_desc alg_test_descs[] = {
} }
}, { }, {
#endif #endif
.alg = "ecdh", #ifndef CONFIG_CRYPTO_FIPS
.alg = "ecdh-nist-p192",
.test = alg_test_kpp, .test = alg_test_kpp,
.fips_allowed = 1, .fips_allowed = 1,
.suite = { .suite = {
.kpp = __VECS(ecdh_tv_template) .kpp = __VECS(ecdh_p192_tv_template)
}
}, {
#endif
.alg = "ecdh-nist-p256",
.test = alg_test_kpp,
.fips_allowed = 1,
.suite = {
.kpp = __VECS(ecdh_p256_tv_template)
} }
}, { }, {
.alg = "ecrdsa", .alg = "ecrdsa",

34
crypto/testmgr.h
View File

@ -2261,19 +2261,17 @@ static const struct kpp_testvec curve25519_tv_template[] = {
} }
}; };
static const struct kpp_testvec ecdh_tv_template[] = {
{
#ifndef CONFIG_CRYPTO_FIPS #ifndef CONFIG_CRYPTO_FIPS
static const struct kpp_testvec ecdh_p192_tv_template[] = {
{
.secret = .secret =
#ifdef __LITTLE_ENDIAN #ifdef __LITTLE_ENDIAN
"\x02\x00" /* type */ "\x02\x00" /* type */
"\x20\x00" /* len */ "\x1e\x00" /* len */
"\x01\x00" /* curve_id */
"\x18\x00" /* key_size */ "\x18\x00" /* key_size */
#else #else
"\x00\x02" /* type */ "\x00\x02" /* type */
"\x00\x20" /* len */ "\x00\x1e" /* len */
"\x00\x01" /* curve_id */
"\x00\x18" /* key_size */ "\x00\x18" /* key_size */
#endif #endif
"\xb5\x05\xb1\x71\x1e\xbf\x8c\xda" "\xb5\x05\xb1\x71\x1e\xbf\x8c\xda"
@ -2301,18 +2299,20 @@ static const struct kpp_testvec ecdh_tv_template[] = {
.b_public_size = 48, .b_public_size = 48,
.expected_a_public_size = 48, .expected_a_public_size = 48,
.expected_ss_size = 24 .expected_ss_size = 24
}, { }
};
#endif #endif
static const struct kpp_testvec ecdh_p256_tv_template[] = {
{
.secret = .secret =
#ifdef __LITTLE_ENDIAN #ifdef __LITTLE_ENDIAN
"\x02\x00" /* type */ "\x02\x00" /* type */
"\x28\x00" /* len */ "\x26\x00" /* len */
"\x02\x00" /* curve_id */
"\x20\x00" /* key_size */ "\x20\x00" /* key_size */
#else #else
"\x00\x02" /* type */ "\x00\x02" /* type */
"\x00\x28" /* len */ "\x00\x26" /* len */
"\x00\x02" /* curve_id */
"\x00\x20" /* key_size */ "\x00\x20" /* key_size */
#endif #endif
"\x24\xd1\x21\xeb\xe5\xcf\x2d\x83" "\x24\xd1\x21\xeb\xe5\xcf\x2d\x83"
@ -2350,25 +2350,21 @@ static const struct kpp_testvec ecdh_tv_template[] = {
.secret = .secret =
#ifdef __LITTLE_ENDIAN #ifdef __LITTLE_ENDIAN
"\x02\x00" /* type */ "\x02\x00" /* type */
"\x08\x00" /* len */ "\x06\x00" /* len */
"\x02\x00" /* curve_id */
"\x00\x00", /* key_size */ "\x00\x00", /* key_size */
#else #else
"\x00\x02" /* type */ "\x00\x02" /* type */
"\x00\x08" /* len */ "\x00\x06" /* len */
"\x00\x02" /* curve_id */
"\x00\x00", /* key_size */ "\x00\x00", /* key_size */
#endif #endif
.b_secret = .b_secret =
#ifdef __LITTLE_ENDIAN #ifdef __LITTLE_ENDIAN
"\x02\x00" /* type */ "\x02\x00" /* type */
"\x28\x00" /* len */ "\x26\x00" /* len */
"\x02\x00" /* curve_id */
"\x20\x00" /* key_size */ "\x20\x00" /* key_size */
#else #else
"\x00\x02" /* type */ "\x00\x02" /* type */
"\x00\x28" /* len */ "\x00\x26" /* len */
"\x00\x02" /* curve_id */
"\x00\x20" /* key_size */ "\x00\x20" /* key_size */
#endif #endif
"\x24\xd1\x21\xeb\xe5\xcf\x2d\x83" "\x24\xd1\x21\xeb\xe5\xcf\x2d\x83"

28
drivers/crypto/atmel-ecc.c
View File

@ -34,7 +34,6 @@ static struct atmel_ecc_driver_data driver_data;
* of the user to not call set_secret() while * of the user to not call set_secret() while
* generate_public_key() or compute_shared_secret() are in flight. * generate_public_key() or compute_shared_secret() are in flight.
* @curve_id : elliptic curve id * @curve_id : elliptic curve id
* @n_sz : size in bytes of the n prime
* @do_fallback: true when the device doesn't support the curve or when the user * @do_fallback: true when the device doesn't support the curve or when the user
* wants to use its own private key. * wants to use its own private key.
*/ */
@ -43,7 +42,6 @@ struct atmel_ecdh_ctx {
struct crypto_kpp *fallback; struct crypto_kpp *fallback;
const u8 *public_key; const u8 *public_key;
unsigned int curve_id; unsigned int curve_id;
size_t n_sz;
bool do_fallback; bool do_fallback;
}; };
@ -51,7 +49,6 @@ static void atmel_ecdh_done(struct atmel_i2c_work_data *work_data, void *areq,
int status) int status)
{ {
struct kpp_request *req = areq; struct kpp_request *req = areq;
struct atmel_ecdh_ctx *ctx = work_data->ctx;
struct atmel_i2c_cmd *cmd = &work_data->cmd; struct atmel_i2c_cmd *cmd = &work_data->cmd;
size_t copied, n_sz; size_t copied, n_sz;
@ -59,7 +56,7 @@ static void atmel_ecdh_done(struct atmel_i2c_work_data *work_data, void *areq,
goto free_work_data; goto free_work_data;
/* might want less than we've got */ /* might want less than we've got */
n_sz = min_t(size_t, ctx->n_sz, req->dst_len); n_sz = min_t(size_t, ATMEL_ECC_NIST_P256_N_SIZE, req->dst_len);
/* copy the shared secret */ /* copy the shared secret */
copied = sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst, n_sz), copied = sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst, n_sz),
@ -73,14 +70,6 @@ free_work_data:
kpp_request_complete(req, status); kpp_request_complete(req, status);
} }
static unsigned int atmel_ecdh_supported_curve(unsigned int curve_id)
{
if (curve_id == ECC_CURVE_NIST_P256)
return ATMEL_ECC_NIST_P256_N_SIZE;
return 0;
}
/* /*
* A random private key is generated and stored in the device. The device * A random private key is generated and stored in the device. The device
* returns the pair public key. * returns the pair public key.
@ -104,8 +93,7 @@ static int atmel_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
return -EINVAL; return -EINVAL;
} }
ctx->n_sz = atmel_ecdh_supported_curve(params.curve_id); if (params.key_size) {
if (!ctx->n_sz || params.key_size) {
/* fallback to ecdh software implementation */ /* fallback to ecdh software implementation */
ctx->do_fallback = true; ctx->do_fallback = true;
return crypto_kpp_set_secret(ctx->fallback, buf, len); return crypto_kpp_set_secret(ctx->fallback, buf, len);
@ -125,7 +113,6 @@ static int atmel_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
goto free_cmd; goto free_cmd;
ctx->do_fallback = false; ctx->do_fallback = false;
ctx->curve_id = params.curve_id;
atmel_i2c_init_genkey_cmd(cmd, DATA_SLOT_2); atmel_i2c_init_genkey_cmd(cmd, DATA_SLOT_2);
@ -263,6 +250,7 @@ static int atmel_ecdh_init_tfm(struct crypto_kpp *tfm)
struct crypto_kpp *fallback; struct crypto_kpp *fallback;
struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm); struct atmel_ecdh_ctx *ctx = kpp_tfm_ctx(tfm);
ctx->curve_id = ECC_CURVE_NIST_P256;
ctx->client = atmel_ecc_i2c_client_alloc(); ctx->client = atmel_ecc_i2c_client_alloc();
if (IS_ERR(ctx->client)) { if (IS_ERR(ctx->client)) {
pr_err("tfm - i2c_client binding failed\n"); pr_err("tfm - i2c_client binding failed\n");
@ -306,7 +294,7 @@ static unsigned int atmel_ecdh_max_size(struct crypto_kpp *tfm)
return ATMEL_ECC_PUBKEY_SIZE; return ATMEL_ECC_PUBKEY_SIZE;
} }
static struct kpp_alg atmel_ecdh = { static struct kpp_alg atmel_ecdh_nist_p256 = {
.set_secret = atmel_ecdh_set_secret, .set_secret = atmel_ecdh_set_secret,
.generate_public_key = atmel_ecdh_generate_public_key, .generate_public_key = atmel_ecdh_generate_public_key,
.compute_shared_secret = atmel_ecdh_compute_shared_secret, .compute_shared_secret = atmel_ecdh_compute_shared_secret,
@ -315,7 +303,7 @@ static struct kpp_alg atmel_ecdh = {
.max_size = atmel_ecdh_max_size, .max_size = atmel_ecdh_max_size,
.base = { .base = {
.cra_flags = CRYPTO_ALG_NEED_FALLBACK, .cra_flags = CRYPTO_ALG_NEED_FALLBACK,
.cra_name = "ecdh", .cra_name = "ecdh-nist-p256",
.cra_driver_name = "atmel-ecdh", .cra_driver_name = "atmel-ecdh",
.cra_priority = ATMEL_ECC_PRIORITY, .cra_priority = ATMEL_ECC_PRIORITY,
.cra_module = THIS_MODULE, .cra_module = THIS_MODULE,
@ -340,14 +328,14 @@ static int atmel_ecc_probe(struct i2c_client *client,
&driver_data.i2c_client_list); &driver_data.i2c_client_list);
spin_unlock(&driver_data.i2c_list_lock); spin_unlock(&driver_data.i2c_list_lock);
ret = crypto_register_kpp(&atmel_ecdh); ret = crypto_register_kpp(&atmel_ecdh_nist_p256);
if (ret) { if (ret) {
spin_lock(&driver_data.i2c_list_lock); spin_lock(&driver_data.i2c_list_lock);
list_del(&i2c_priv->i2c_client_list_node); list_del(&i2c_priv->i2c_client_list_node);
spin_unlock(&driver_data.i2c_list_lock); spin_unlock(&driver_data.i2c_list_lock);
dev_err(&client->dev, "%s alg registration failed\n", dev_err(&client->dev, "%s alg registration failed\n",
atmel_ecdh.base.cra_driver_name); atmel_ecdh_nist_p256.base.cra_driver_name);
} else { } else {
dev_info(&client->dev, "atmel ecc algorithms registered in /proc/crypto\n"); dev_info(&client->dev, "atmel ecc algorithms registered in /proc/crypto\n");
} }
@ -365,7 +353,7 @@ static int atmel_ecc_remove(struct i2c_client *client)
return -EBUSY; return -EBUSY;
} }
crypto_unregister_kpp(&atmel_ecdh); crypto_unregister_kpp(&atmel_ecdh_nist_p256);
spin_lock(&driver_data.i2c_list_lock); spin_lock(&driver_data.i2c_list_lock);
list_del(&i2c_priv->i2c_client_list_node); list_del(&i2c_priv->i2c_client_list_node);

2
include/crypto/ecdh.h
View File

@ -29,12 +29,10 @@
/** /**
* struct ecdh - define an ECDH private key * struct ecdh - define an ECDH private key
* *
* @curve_id: ECC curve the key is based on.
* @key: Private ECDH key * @key: Private ECDH key
* @key_size: Size of the private ECDH key * @key_size: Size of the private ECDH key
*/ */
struct ecdh { struct ecdh {
unsigned short curve_id;
char *key; char *key;
unsigned short key_size; unsigned short key_size;
}; };

2
net/bluetooth/ecdh_helper.c
View File

@ -126,8 +126,6 @@ int set_ecdh_privkey(struct crypto_kpp *tfm, const u8 private_key[32])
int err; int err;
struct ecdh p = {0}; struct ecdh p = {0};
p.curve_id = ECC_CURVE_NIST_P256;
if (private_key) { if (private_key) {
tmp = kmalloc(32, GFP_KERNEL); tmp = kmalloc(32, GFP_KERNEL);
if (!tmp) if (!tmp)

2
net/bluetooth/selftest.c
View File

@ -205,7 +205,7 @@ static int __init test_ecdh(void)
calltime = ktime_get(); calltime = ktime_get();
tfm = crypto_alloc_kpp("ecdh", 0, 0); tfm = crypto_alloc_kpp("ecdh-nist-p256", 0, 0);
if (IS_ERR(tfm)) { if (IS_ERR(tfm)) {
BT_ERR("Unable to create ECDH crypto context"); BT_ERR("Unable to create ECDH crypto context");
err = PTR_ERR(tfm); err = PTR_ERR(tfm);

6
net/bluetooth/smp.c
View File

@ -1386,7 +1386,7 @@ static struct smp_chan *smp_chan_create(struct l2cap_conn *conn)
goto zfree_smp; goto zfree_smp;
} }
smp->tfm_ecdh = crypto_alloc_kpp("ecdh", 0, 0); smp->tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0);
if (IS_ERR(smp->tfm_ecdh)) { if (IS_ERR(smp->tfm_ecdh)) {
BT_ERR("Unable to create ECDH crypto context"); BT_ERR("Unable to create ECDH crypto context");
goto free_shash; goto free_shash;
@ -3281,7 +3281,7 @@ static struct l2cap_chan *smp_add_cid(struct hci_dev *hdev, u16 cid)
return ERR_CAST(tfm_cmac); return ERR_CAST(tfm_cmac);
} }
tfm_ecdh = crypto_alloc_kpp("ecdh", 0, 0); tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0);
if (IS_ERR(tfm_ecdh)) { if (IS_ERR(tfm_ecdh)) {
BT_ERR("Unable to create ECDH crypto context"); BT_ERR("Unable to create ECDH crypto context");
crypto_free_shash(tfm_cmac); crypto_free_shash(tfm_cmac);
@ -3806,7 +3806,7 @@ int __init bt_selftest_smp(void)
return PTR_ERR(tfm_cmac); return PTR_ERR(tfm_cmac);
} }
tfm_ecdh = crypto_alloc_kpp("ecdh", 0, 0); tfm_ecdh = crypto_alloc_kpp("ecdh-nist-p256", 0, 0);
if (IS_ERR(tfm_ecdh)) { if (IS_ERR(tfm_ecdh)) {
BT_ERR("Unable to create ECDH crypto context"); BT_ERR("Unable to create ECDH crypto context");
crypto_free_shash(tfm_cmac); crypto_free_shash(tfm_cmac);