All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Stephan Müller" <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	Nicolai Stange <nstange@suse.de>
Cc: Hannes Reinecke <hare@suse.de>, Torsten Duwe <duwe@suse.de>,
	Zaibo Xu <xuzaibo@huawei.com>,
	Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
	David Howells <dhowells@redhat.com>,
	Jarkko Sakkinen <jarkko@kernel.org>,
	linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
	qat-linux@intel.com, keyrings@vger.kernel.org,
	Nicolai Stange <nstange@suse.de>
Subject: Re: [PATCH 10/18] crypto: dh - introduce support for ephemeral key generation to dh-generic
Date: Sun, 05 Dec 2021 07:11:22 +0100	[thread overview]
Message-ID: <1972149.YKUYFuaPT4@positron.chronox.de> (raw)
In-Reply-To: <20211201004858.19831-11-nstange@suse.de>

Am Mittwoch, 1. Dezember 2021, 01:48:50 CET schrieb Nicolai Stange:

Hi Nicolai,

> The support for NVME in-band authentication currently in the works ([1])
> needs to generate ephemeral DH keys. Make dh-generic's ->set_secret()
> to generate an ephemeral key via the recently added crypto_dh_gen_privkey()
> in case the input ->key_size is zero. Note that this behaviour is in
> analogy to ecdh's ->set_secret().
> 
> [1] https://lkml.kernel.org/r/20211122074727.25988-4-hare@suse.de
> 
> Signed-off-by: Nicolai Stange <nstange@suse.de>
> ---
>  crypto/dh.c | 24 ++++++++++++++++++++----
>  1 file changed, 20 insertions(+), 4 deletions(-)
> 
> diff --git a/crypto/dh.c b/crypto/dh.c
> index 131b80064cb1..2e49b114e038 100644
> --- a/crypto/dh.c
> +++ b/crypto/dh.c
> @@ -71,25 +71,41 @@ static int dh_set_secret(struct crypto_kpp *tfm, const
> void *buf, {
>  	struct dh_ctx *ctx = dh_get_ctx(tfm);
>  	struct dh params;
> +	char key[CRYPTO_DH_MAX_PRIVKEY_SIZE];
> +	int err;
> 
>  	/* Free the old MPI key if any */
>  	dh_clear_ctx(ctx);
> 
> -	if (crypto_dh_decode_key(buf, len, &params) < 0)
> +	err = crypto_dh_decode_key(buf, len, &params);
> +	if (err)
>  		goto err_clear_ctx;
> 
> -	if (dh_set_params(ctx, &params) < 0)
> +	if (!params.key_size) {

As this params data may come from user space, shouldn't we use the same logic 
as in ecdh's set_key function:

if (!params.key || !params.key_size)

?


> +		err = crypto_dh_gen_privkey(params.group_id, key,
> +					    &params.key_size);
> +		if (err)
> +			goto err_clear_ctx;
> +		params.key = key;
> +	}
> +
> +	err = dh_set_params(ctx, &params);
> +	if (err)
>  		goto err_clear_ctx;
> 
>  	ctx->xa = mpi_read_raw_data(params.key, params.key_size);
> -	if (!ctx->xa)
> +	if (!ctx->xa) {
> +		err = -EINVAL;
>  		goto err_clear_ctx;
> +	}
> +
> +	memzero_explicit(key, sizeof(key));
> 
>  	return 0;
> 
>  err_clear_ctx:
>  	dh_clear_ctx(ctx);
> -	return -EINVAL;
> +	return err;
>  }
> 
>  /*


Ciao
Stephan



  parent reply	other threads:[~2021-12-05  6:11 UTC|newest]

Thread overview: 50+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-12-01  0:48 [PATCH 00/18] crypto: dh - infrastructure for NVM in-band auth and FIPS conformance Nicolai Stange
2021-12-01  0:48 ` [PATCH 01/18] crypto: dh - remove struct dh's ->q member Nicolai Stange
2021-12-01  7:11   ` Hannes Reinecke
2021-12-01  0:48 ` [PATCH 02/18] crypto: dh - constify struct dh's pointer members Nicolai Stange
2021-12-01  7:13   ` Hannes Reinecke
2021-12-01  0:48 ` [PATCH 03/18] crypto: dh - optimize domain parameter serialization for well-known groups Nicolai Stange
2021-12-01  7:17   ` Hannes Reinecke
2021-12-09  9:08     ` Nicolai Stange
2021-12-01  0:48 ` [PATCH 04/18] crypto: dh - introduce RFC 7919 safe-prime groups Nicolai Stange
2021-12-01  7:23   ` Hannes Reinecke
2021-12-09  9:10     ` Nicolai Stange
2021-12-01  0:48 ` [PATCH 05/18] crypto: testmgr - add DH RFC 7919 ffdhe2048 test vector Nicolai Stange
2021-12-01  7:24   ` Hannes Reinecke
2021-12-01  0:48 ` [PATCH 06/18] crypto: dh - introduce RFC 3526 safe-prime groups Nicolai Stange
2021-12-01  7:24   ` Hannes Reinecke
2021-12-01  0:48 ` [PATCH 07/18] crypto: testmgr - add DH RFC 3526 modp2048 test vector Nicolai Stange
2021-12-01  7:25   ` Hannes Reinecke
2021-12-01  0:48 ` [PATCH 08/18] crypto: testmgr - run only subset of DH vectors based on config Nicolai Stange
2021-12-01  7:28   ` Hannes Reinecke
2021-12-09  9:18     ` Nicolai Stange
2021-12-01  0:48 ` [PATCH 09/18] crypto: dh - implement private key generation primitive Nicolai Stange
2021-12-01  7:28   ` Hannes Reinecke
2021-12-05  5:52   ` Stephan Müller
2021-12-08  6:20     ` Nicolai Stange
2021-12-08  7:16       ` Stephan Mueller
2021-12-01  0:48 ` [PATCH 10/18] crypto: dh - introduce support for ephemeral key generation to dh-generic Nicolai Stange
2021-12-01  7:29   ` Hannes Reinecke
2021-12-05  6:11   ` Stephan Müller [this message]
2021-12-08  6:32     ` Nicolai Stange
2021-12-01  0:48 ` [PATCH 11/18] crypto: dh - introduce support for ephemeral key generation to hpre driver Nicolai Stange
2021-12-01  7:30   ` Hannes Reinecke
2021-12-05  6:11   ` Stephan Müller
2021-12-01  0:48 ` [PATCH 12/18] crypto: dh - introduce support for ephemeral key generation to qat driver Nicolai Stange
2021-12-01  7:30   ` Hannes Reinecke
2021-12-05  6:11   ` Stephan Müller
2021-12-01  0:48 ` [PATCH 13/18] crypto: testmgr - add DH test vectors for key generation Nicolai Stange
2021-12-01  7:31   ` Hannes Reinecke
2021-12-01  0:48 ` [PATCH 14/18] lib/mpi: export mpi_rshift Nicolai Stange
2021-12-01  7:32   ` Hannes Reinecke
2021-12-01  0:48 ` [PATCH 15/18] crypto: dh - store group id in dh-generic's dh_ctx Nicolai Stange
2021-12-01  7:32   ` Hannes Reinecke
2021-12-01  0:48 ` [PATCH 16/18] crypto: dh - calculate Q from P for the full public key verification Nicolai Stange
2021-12-01  7:33   ` Hannes Reinecke
2021-12-05  6:07   ` Stephan Müller
2021-12-08  6:41     ` Nicolai Stange
2021-12-01  0:48 ` [PATCH 17/18] crypto: dh - try to match domain parameters to a known safe-prime group Nicolai Stange
2021-12-01  7:34   ` Hannes Reinecke
2021-12-01  0:48 ` [PATCH 18/18] crypto: dh - accept only approved safe-prime groups in FIPS mode Nicolai Stange
2021-12-01  7:34   ` Hannes Reinecke
2021-12-09  9:26     ` Nicolai Stange

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1972149.YKUYFuaPT4@positron.chronox.de \
    --to=smueller@chronox.de \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=duwe@suse.de \
    --cc=giovanni.cabiddu@intel.com \
    --cc=hare@suse.de \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nstange@suse.de \
    --cc=qat-linux@intel.com \
    --cc=xuzaibo@huawei.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.