* [PATCH v2 0/2] crypto: ecdh & ecc: Fix private key byte ordering issues
@ 2024-04-17 16:21 Stefan Berger
2024-04-17 16:21 ` [PATCH v2 1/2] crypto: ecdh - Pass private key in proper byte order to check valid key Stefan Berger
2024-04-17 16:21 ` [PATCH v2 2/2] crypto: ecdh & ecc - Initialize ctx->private_key in proper byte order Stefan Berger
0 siblings, 2 replies; 5+ messages in thread
From: Stefan Berger @ 2024-04-17 16:21 UTC (permalink / raw)
To: linux-crypto, herbert, davem
Cc: linux-kernel, jarkko, ardb, salvatore.benedetto, git, Stefan Berger
The 1st patch fixes a byte ordering issue where ctx->private_key is
currently passed to ecc_is_key_valid but the key is in reverse byte order.
To solve this issue it introduces the variable 'priv' that is already used
throughout the ecc and ecdh code bases for a private key in proper byte
order and calls the function with 'priv'.
The 2nd patch gets rid of the 'priv' variable wherever it is used to hold
a private key (byte-swapped initialized from ctx->private_key) in proper
byte order and uses ctx->private_key directly that is now initialized in
proper byte order.
Regards,
Stefan
v2:
- Added missing zeroizing of priv variable (1/2)
- Improved patch description (2/2)
Stefan Berger (2):
crypto: ecdh - Pass private key in proper byte order to check valid
key
crypto: ecdh & ecc - Initialize ctx->private_key in proper byte order
crypto/ecc.c | 29 ++++++++++-------------------
crypto/ecdh.c | 9 ++++++---
include/crypto/internal/ecc.h | 3 ++-
3 files changed, 18 insertions(+), 23 deletions(-)
--
2.43.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH v2 1/2] crypto: ecdh - Pass private key in proper byte order to check valid key
2024-04-17 16:21 [PATCH v2 0/2] crypto: ecdh & ecc: Fix private key byte ordering issues Stefan Berger
@ 2024-04-17 16:21 ` Stefan Berger
2024-04-17 22:42 ` Jarkko Sakkinen
2024-04-17 16:21 ` [PATCH v2 2/2] crypto: ecdh & ecc - Initialize ctx->private_key in proper byte order Stefan Berger
1 sibling, 1 reply; 5+ messages in thread
From: Stefan Berger @ 2024-04-17 16:21 UTC (permalink / raw)
To: linux-crypto, herbert, davem
Cc: linux-kernel, jarkko, ardb, salvatore.benedetto, git, Stefan Berger
ecc_is_key_valid expects a key with the most significant digit in the last
entry of the digit array. Currently ecdh_set_secret passes a reversed key
to ecc_is_key_valid that then passes the rather simple test checking
whether the private key is in range [2, n-3]. For all current ecdh-
supported curves (NIST P192/256/384) the 'n' parameter is a rather large
number, therefore easily passing this test.
Throughout the ecdh and ecc codebase the variable 'priv' is used for a
private_key holding the bytes in proper byte order. Therefore, introduce
priv in ecdh_set_secret and copy the bytes from ctx->private_key into
priv in proper byte order by using ecc_swap_digits. Pass priv to
ecc_is_valid_key.
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
crypto/ecdh.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 3049f147e011..c02c9a2b9682 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -27,7 +27,9 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
unsigned int len)
{
struct ecdh_ctx *ctx = ecdh_get_ctx(tfm);
+ u64 priv[ECC_MAX_DIGITS];
struct ecdh params;
+ int ret = 0;
if (crypto_ecdh_decode_key(buf, len, ¶ms) < 0 ||
params.key_size > sizeof(u64) * ctx->ndigits)
@@ -40,13 +42,16 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
ctx->private_key);
memcpy(ctx->private_key, params.key, params.key_size);
+ ecc_swap_digits(ctx->private_key, priv, ctx->ndigits);
if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits,
- ctx->private_key, params.key_size) < 0) {
+ priv, params.key_size) < 0) {
memzero_explicit(ctx->private_key, params.key_size);
- return -EINVAL;
+ ret = -EINVAL;
}
- return 0;
+ memzero_explicit(priv, sizeof(priv));
+
+ return ret;
}
static int ecdh_compute_value(struct kpp_request *req)
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH v2 2/2] crypto: ecdh & ecc - Initialize ctx->private_key in proper byte order
2024-04-17 16:21 [PATCH v2 0/2] crypto: ecdh & ecc: Fix private key byte ordering issues Stefan Berger
2024-04-17 16:21 ` [PATCH v2 1/2] crypto: ecdh - Pass private key in proper byte order to check valid key Stefan Berger
@ 2024-04-17 16:21 ` Stefan Berger
2024-04-17 22:43 ` Jarkko Sakkinen
1 sibling, 1 reply; 5+ messages in thread
From: Stefan Berger @ 2024-04-17 16:21 UTC (permalink / raw)
To: linux-crypto, herbert, davem
Cc: linux-kernel, jarkko, ardb, salvatore.benedetto, git, Stefan Berger
The private key in ctx->private_key is currently initialized in reverse
byte order in ecdh_set_secret and whenever the key is needed in proper
byte order the variable priv is introduced and the bytes from
ctx->private_key are copied into priv while being byte-swapped
(ecc_swap_digits). To get rid of the unnecessary byte swapping initialize
ctx->private_key in proper byte order and clean up all functions that were
previously using priv or were called with ctx->private_key:
- ecc_gen_privkey: Directly initialize the passed ctx->private_key with
random bytes and get rid of the priv variable. This function only has
ecdh_set_secret as a caller.
- crypto_ecdh_shared_secret: Called only from ecdh_compute_value with
ctx->private_key. Get rid of the priv variable and work with the passed
private_key directly.
- ecc_make_pub_key: Called only from ecdh_compute_value with
ctx->private_key. Get rid of the priv variable and work with the passed
private_key directly.
Cc: Salvatore Benedetto <salvatore.benedetto@intel.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
crypto/ecc.c | 29 ++++++++++-------------------
crypto/ecdh.c | 8 +++-----
include/crypto/internal/ecc.h | 3 ++-
3 files changed, 15 insertions(+), 25 deletions(-)
diff --git a/crypto/ecc.c b/crypto/ecc.c
index 2e05387b9499..c1d2e884be1e 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -1497,10 +1497,10 @@ EXPORT_SYMBOL(ecc_is_key_valid);
* This method generates a private key uniformly distributed in the range
* [2, n-3].
*/
-int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
+int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
+ u64 *private_key)
{
const struct ecc_curve *curve = ecc_get_curve(curve_id);
- u64 priv[ECC_MAX_DIGITS];
unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
unsigned int nbits = vli_num_bits(curve->n, ndigits);
int err;
@@ -1509,7 +1509,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
* Step 1 & 2: check that N is included in Table 1 of FIPS 186-5,
* section 6.1.1.
*/
- if (nbits < 224 || ndigits > ARRAY_SIZE(priv))
+ if (nbits < 224)
return -EINVAL;
/*
@@ -1527,17 +1527,16 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
return -EFAULT;
/* Step 3: obtain N returned_bits from the DRBG. */
- err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes);
+ err = crypto_rng_get_bytes(crypto_default_rng,
+ (u8 *)private_key, nbytes);
crypto_put_default_rng();
if (err)
return err;
/* Step 4: make sure the private key is in the valid range. */
- if (__ecc_is_key_valid(curve, priv, ndigits))
+ if (__ecc_is_key_valid(curve, private_key, ndigits))
return -EINVAL;
- ecc_swap_digits(priv, privkey, ndigits);
-
return 0;
}
EXPORT_SYMBOL(ecc_gen_privkey);
@@ -1547,23 +1546,20 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
{
int ret = 0;
struct ecc_point *pk;
- u64 priv[ECC_MAX_DIGITS];
const struct ecc_curve *curve = ecc_get_curve(curve_id);
- if (!private_key || ndigits > ARRAY_SIZE(priv)) {
+ if (!private_key) {
ret = -EINVAL;
goto out;
}
- ecc_swap_digits(private_key, priv, ndigits);
-
pk = ecc_alloc_point(ndigits);
if (!pk) {
ret = -ENOMEM;
goto out;
}
- ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits);
+ ecc_point_mult(pk, &curve->g, private_key, NULL, curve, ndigits);
/* SP800-56A rev 3 5.6.2.1.3 key check */
if (ecc_is_pubkey_valid_full(curve, pk)) {
@@ -1647,13 +1643,11 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
{
int ret = 0;
struct ecc_point *product, *pk;
- u64 priv[ECC_MAX_DIGITS];
u64 rand_z[ECC_MAX_DIGITS];
unsigned int nbytes;
const struct ecc_curve *curve = ecc_get_curve(curve_id);
- if (!private_key || !public_key ||
- ndigits > ARRAY_SIZE(priv) || ndigits > ARRAY_SIZE(rand_z)) {
+ if (!private_key || !public_key || ndigits > ARRAY_SIZE(rand_z)) {
ret = -EINVAL;
goto out;
}
@@ -1674,15 +1668,13 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
if (ret)
goto err_alloc_product;
- ecc_swap_digits(private_key, priv, ndigits);
-
product = ecc_alloc_point(ndigits);
if (!product) {
ret = -ENOMEM;
goto err_alloc_product;
}
- ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
+ ecc_point_mult(product, pk, private_key, rand_z, curve, ndigits);
if (ecc_point_is_zero(product)) {
ret = -EFAULT;
@@ -1692,7 +1684,6 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
ecc_swap_digits(product->x, secret, ndigits);
err_validity:
- memzero_explicit(priv, sizeof(priv));
memzero_explicit(rand_z, sizeof(rand_z));
ecc_free_point(product);
err_alloc_product:
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index c02c9a2b9682..72cfd1590156 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -27,7 +27,6 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
unsigned int len)
{
struct ecdh_ctx *ctx = ecdh_get_ctx(tfm);
- u64 priv[ECC_MAX_DIGITS];
struct ecdh params;
int ret = 0;
@@ -41,15 +40,14 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
return ecc_gen_privkey(ctx->curve_id, ctx->ndigits,
ctx->private_key);
- memcpy(ctx->private_key, params.key, params.key_size);
- ecc_swap_digits(ctx->private_key, priv, ctx->ndigits);
+ ecc_digits_from_bytes(params.key, params.key_size,
+ ctx->private_key, ctx->ndigits);
if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits,
- priv, params.key_size) < 0) {
+ ctx->private_key, params.key_size) < 0) {
memzero_explicit(ctx->private_key, params.key_size);
ret = -EINVAL;
}
- memzero_explicit(priv, sizeof(priv));
return ret;
}
diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/ecc.h
index 4e2f5f938e91..7ca1f463d1ec 100644
--- a/include/crypto/internal/ecc.h
+++ b/include/crypto/internal/ecc.h
@@ -103,7 +103,8 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
* Returns 0 if the private key was generated successfully, a negative value
* if an error occurred.
*/
-int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey);
+int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
+ u64 *private_key);
/**
* ecc_make_pub_key() - Compute an ECC public key
--
2.43.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH v2 1/2] crypto: ecdh - Pass private key in proper byte order to check valid key
2024-04-17 16:21 ` [PATCH v2 1/2] crypto: ecdh - Pass private key in proper byte order to check valid key Stefan Berger
@ 2024-04-17 22:42 ` Jarkko Sakkinen
0 siblings, 0 replies; 5+ messages in thread
From: Jarkko Sakkinen @ 2024-04-17 22:42 UTC (permalink / raw)
To: Stefan Berger, linux-crypto, herbert, davem
Cc: linux-kernel, ardb, salvatore.benedetto, git
On Wed Apr 17, 2024 at 7:21 PM EEST, Stefan Berger wrote:
> ecc_is_key_valid expects a key with the most significant digit in the last
> entry of the digit array. Currently ecdh_set_secret passes a reversed key
> to ecc_is_key_valid that then passes the rather simple test checking
> whether the private key is in range [2, n-3]. For all current ecdh-
> supported curves (NIST P192/256/384) the 'n' parameter is a rather large
> number, therefore easily passing this test.
>
> Throughout the ecdh and ecc codebase the variable 'priv' is used for a
> private_key holding the bytes in proper byte order. Therefore, introduce
> priv in ecdh_set_secret and copy the bytes from ctx->private_key into
> priv in proper byte order by using ecc_swap_digits. Pass priv to
> ecc_is_valid_key.
>
> Cc: Ard Biesheuvel <ardb@kernel.org>
> Cc: Salvatore Benedetto <salvatore.benedetto@intel.com>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> crypto/ecdh.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/crypto/ecdh.c b/crypto/ecdh.c
> index 3049f147e011..c02c9a2b9682 100644
> --- a/crypto/ecdh.c
> +++ b/crypto/ecdh.c
> @@ -27,7 +27,9 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
> unsigned int len)
> {
> struct ecdh_ctx *ctx = ecdh_get_ctx(tfm);
> + u64 priv[ECC_MAX_DIGITS];
> struct ecdh params;
> + int ret = 0;
>
> if (crypto_ecdh_decode_key(buf, len, ¶ms) < 0 ||
> params.key_size > sizeof(u64) * ctx->ndigits)
> @@ -40,13 +42,16 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
> ctx->private_key);
>
> memcpy(ctx->private_key, params.key, params.key_size);
> + ecc_swap_digits(ctx->private_key, priv, ctx->ndigits);
>
> if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits,
> - ctx->private_key, params.key_size) < 0) {
> + priv, params.key_size) < 0) {
> memzero_explicit(ctx->private_key, params.key_size);
> - return -EINVAL;
> + ret = -EINVAL;
> }
> - return 0;
> + memzero_explicit(priv, sizeof(priv));
> +
> + return ret;
> }
>
> static int ecdh_compute_value(struct kpp_request *req)
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH v2 2/2] crypto: ecdh & ecc - Initialize ctx->private_key in proper byte order
2024-04-17 16:21 ` [PATCH v2 2/2] crypto: ecdh & ecc - Initialize ctx->private_key in proper byte order Stefan Berger
@ 2024-04-17 22:43 ` Jarkko Sakkinen
0 siblings, 0 replies; 5+ messages in thread
From: Jarkko Sakkinen @ 2024-04-17 22:43 UTC (permalink / raw)
To: Stefan Berger, linux-crypto, herbert, davem
Cc: linux-kernel, ardb, salvatore.benedetto, git
On Wed Apr 17, 2024 at 7:21 PM EEST, Stefan Berger wrote:
> The private key in ctx->private_key is currently initialized in reverse
> byte order in ecdh_set_secret and whenever the key is needed in proper
> byte order the variable priv is introduced and the bytes from
> ctx->private_key are copied into priv while being byte-swapped
> (ecc_swap_digits). To get rid of the unnecessary byte swapping initialize
> ctx->private_key in proper byte order and clean up all functions that were
> previously using priv or were called with ctx->private_key:
>
> - ecc_gen_privkey: Directly initialize the passed ctx->private_key with
> random bytes and get rid of the priv variable. This function only has
> ecdh_set_secret as a caller.
>
> - crypto_ecdh_shared_secret: Called only from ecdh_compute_value with
> ctx->private_key. Get rid of the priv variable and work with the passed
> private_key directly.
>
> - ecc_make_pub_key: Called only from ecdh_compute_value with
> ctx->private_key. Get rid of the priv variable and work with the passed
> private_key directly.
>
> Cc: Salvatore Benedetto <salvatore.benedetto@intel.com>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
> crypto/ecc.c | 29 ++++++++++-------------------
> crypto/ecdh.c | 8 +++-----
> include/crypto/internal/ecc.h | 3 ++-
> 3 files changed, 15 insertions(+), 25 deletions(-)
>
> diff --git a/crypto/ecc.c b/crypto/ecc.c
> index 2e05387b9499..c1d2e884be1e 100644
> --- a/crypto/ecc.c
> +++ b/crypto/ecc.c
> @@ -1497,10 +1497,10 @@ EXPORT_SYMBOL(ecc_is_key_valid);
> * This method generates a private key uniformly distributed in the range
> * [2, n-3].
> */
> -int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
> +int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
> + u64 *private_key)
> {
> const struct ecc_curve *curve = ecc_get_curve(curve_id);
> - u64 priv[ECC_MAX_DIGITS];
> unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
> unsigned int nbits = vli_num_bits(curve->n, ndigits);
> int err;
> @@ -1509,7 +1509,7 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
> * Step 1 & 2: check that N is included in Table 1 of FIPS 186-5,
> * section 6.1.1.
> */
> - if (nbits < 224 || ndigits > ARRAY_SIZE(priv))
> + if (nbits < 224)
> return -EINVAL;
>
> /*
> @@ -1527,17 +1527,16 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
> return -EFAULT;
>
> /* Step 3: obtain N returned_bits from the DRBG. */
> - err = crypto_rng_get_bytes(crypto_default_rng, (u8 *)priv, nbytes);
> + err = crypto_rng_get_bytes(crypto_default_rng,
> + (u8 *)private_key, nbytes);
> crypto_put_default_rng();
> if (err)
> return err;
>
> /* Step 4: make sure the private key is in the valid range. */
> - if (__ecc_is_key_valid(curve, priv, ndigits))
> + if (__ecc_is_key_valid(curve, private_key, ndigits))
> return -EINVAL;
>
> - ecc_swap_digits(priv, privkey, ndigits);
> -
> return 0;
> }
> EXPORT_SYMBOL(ecc_gen_privkey);
> @@ -1547,23 +1546,20 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
> {
> int ret = 0;
> struct ecc_point *pk;
> - u64 priv[ECC_MAX_DIGITS];
> const struct ecc_curve *curve = ecc_get_curve(curve_id);
>
> - if (!private_key || ndigits > ARRAY_SIZE(priv)) {
> + if (!private_key) {
> ret = -EINVAL;
> goto out;
> }
>
> - ecc_swap_digits(private_key, priv, ndigits);
> -
> pk = ecc_alloc_point(ndigits);
> if (!pk) {
> ret = -ENOMEM;
> goto out;
> }
>
> - ecc_point_mult(pk, &curve->g, priv, NULL, curve, ndigits);
> + ecc_point_mult(pk, &curve->g, private_key, NULL, curve, ndigits);
>
> /* SP800-56A rev 3 5.6.2.1.3 key check */
> if (ecc_is_pubkey_valid_full(curve, pk)) {
> @@ -1647,13 +1643,11 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
> {
> int ret = 0;
> struct ecc_point *product, *pk;
> - u64 priv[ECC_MAX_DIGITS];
> u64 rand_z[ECC_MAX_DIGITS];
> unsigned int nbytes;
> const struct ecc_curve *curve = ecc_get_curve(curve_id);
>
> - if (!private_key || !public_key ||
> - ndigits > ARRAY_SIZE(priv) || ndigits > ARRAY_SIZE(rand_z)) {
> + if (!private_key || !public_key || ndigits > ARRAY_SIZE(rand_z)) {
> ret = -EINVAL;
> goto out;
> }
> @@ -1674,15 +1668,13 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
> if (ret)
> goto err_alloc_product;
>
> - ecc_swap_digits(private_key, priv, ndigits);
> -
> product = ecc_alloc_point(ndigits);
> if (!product) {
> ret = -ENOMEM;
> goto err_alloc_product;
> }
>
> - ecc_point_mult(product, pk, priv, rand_z, curve, ndigits);
> + ecc_point_mult(product, pk, private_key, rand_z, curve, ndigits);
>
> if (ecc_point_is_zero(product)) {
> ret = -EFAULT;
> @@ -1692,7 +1684,6 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
> ecc_swap_digits(product->x, secret, ndigits);
>
> err_validity:
> - memzero_explicit(priv, sizeof(priv));
> memzero_explicit(rand_z, sizeof(rand_z));
> ecc_free_point(product);
> err_alloc_product:
> diff --git a/crypto/ecdh.c b/crypto/ecdh.c
> index c02c9a2b9682..72cfd1590156 100644
> --- a/crypto/ecdh.c
> +++ b/crypto/ecdh.c
> @@ -27,7 +27,6 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
> unsigned int len)
> {
> struct ecdh_ctx *ctx = ecdh_get_ctx(tfm);
> - u64 priv[ECC_MAX_DIGITS];
> struct ecdh params;
> int ret = 0;
>
> @@ -41,15 +40,14 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
> return ecc_gen_privkey(ctx->curve_id, ctx->ndigits,
> ctx->private_key);
>
> - memcpy(ctx->private_key, params.key, params.key_size);
> - ecc_swap_digits(ctx->private_key, priv, ctx->ndigits);
> + ecc_digits_from_bytes(params.key, params.key_size,
> + ctx->private_key, ctx->ndigits);
>
> if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits,
> - priv, params.key_size) < 0) {
> + ctx->private_key, params.key_size) < 0) {
> memzero_explicit(ctx->private_key, params.key_size);
> ret = -EINVAL;
> }
> - memzero_explicit(priv, sizeof(priv));
>
> return ret;
> }
> diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/ecc.h
> index 4e2f5f938e91..7ca1f463d1ec 100644
> --- a/include/crypto/internal/ecc.h
> +++ b/include/crypto/internal/ecc.h
> @@ -103,7 +103,8 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
> * Returns 0 if the private key was generated successfully, a negative value
> * if an error occurred.
> */
> -int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey);
> +int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits,
> + u64 *private_key);
>
> /**
> * ecc_make_pub_key() - Compute an ECC public key
Acked-by: Jarkko Sakkinen <jarkko@kernel.org>
BR, Jarkko
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-04-17 22:43 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-17 16:21 [PATCH v2 0/2] crypto: ecdh & ecc: Fix private key byte ordering issues Stefan Berger
2024-04-17 16:21 ` [PATCH v2 1/2] crypto: ecdh - Pass private key in proper byte order to check valid key Stefan Berger
2024-04-17 22:42 ` Jarkko Sakkinen
2024-04-17 16:21 ` [PATCH v2 2/2] crypto: ecdh & ecc - Initialize ctx->private_key in proper byte order Stefan Berger
2024-04-17 22:43 ` Jarkko Sakkinen
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.