All of lore.kernel.org
 help / color / mirror / Atom feed
From: Herbert Xu <herbert@gondor.apana.org.au>
To: Andrzej Zaborowski <andrew.zaborowski@intel.com>,
	Tadeusz Struk <tadeusz.struk@intel.com>,
	Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
	Tudor Ambarus <tudor-dan.ambarus@nxp.com>,
	Stephan Mueller <smueller@chronox.de>,
	Mat Martineau <mathew.j.martineau@linux.intel.com>,
	Denis Kenzior <denkenz@gmail.com>,
	Salvatore Benedetto <salvatore.benedetto@intel.com>
Subject: [v2 PATCH 1/7] crypto: rsa - Generate fixed-length output
Date: Wed, 29 Jun 2016 17:58:27 +0800	[thread overview]
Message-ID: <E1bICGJ-0006n9-It@gondolin.me.apana.org.au> (raw)
In-Reply-To: 20160629095655.GA26056@gondor.apana.org.au

Every implementation of RSA that we have naturally generates
output with leading zeroes.  The one and only user of RSA,
pkcs1pad wants to have those leading zeroes in place, in fact
because they are currently absent it has to write those zeroes
itself.

So we shouldn't be stripping leading zeroes in the first place.
In fact this patch makes rsa-generic produce output with fixed
length so that pkcs1pad does not need to do any extra work.

This patch also changes DH to use the new interface.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
---

 crypto/rsa.c        |    8 +++----
 include/linux/mpi.h |    2 -
 lib/mpi/mpicoder.c  |   55 ++++++++++++++++++++++++----------------------------
 3 files changed, 31 insertions(+), 34 deletions(-)

diff --git a/crypto/rsa.c b/crypto/rsa.c
index dc692d4..4c280b6 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -108,7 +108,7 @@ static int rsa_enc(struct akcipher_request *req)
 	if (ret)
 		goto err_free_m;
 
-	ret = mpi_write_to_sgl(c, req->dst, &req->dst_len, &sign);
+	ret = mpi_write_to_sgl(c, req->dst, req->dst_len, &sign);
 	if (ret)
 		goto err_free_m;
 
@@ -147,7 +147,7 @@ static int rsa_dec(struct akcipher_request *req)
 	if (ret)
 		goto err_free_c;
 
-	ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
+	ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
 	if (ret)
 		goto err_free_c;
 
@@ -185,7 +185,7 @@ static int rsa_sign(struct akcipher_request *req)
 	if (ret)
 		goto err_free_m;
 
-	ret = mpi_write_to_sgl(s, req->dst, &req->dst_len, &sign);
+	ret = mpi_write_to_sgl(s, req->dst, req->dst_len, &sign);
 	if (ret)
 		goto err_free_m;
 
@@ -226,7 +226,7 @@ static int rsa_verify(struct akcipher_request *req)
 	if (ret)
 		goto err_free_s;
 
-	ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
+	ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
 	if (ret)
 		goto err_free_s;
 
diff --git a/include/linux/mpi.h b/include/linux/mpi.h
index f219559..1cc5ffb 100644
--- a/include/linux/mpi.h
+++ b/include/linux/mpi.h
@@ -80,7 +80,7 @@ void *mpi_get_buffer(MPI a, unsigned *nbytes, int *sign);
 int mpi_read_buffer(MPI a, uint8_t *buf, unsigned buf_len, unsigned *nbytes,
 		    int *sign);
 void *mpi_get_secure_buffer(MPI a, unsigned *nbytes, int *sign);
-int mpi_write_to_sgl(MPI a, struct scatterlist *sg, unsigned *nbytes,
+int mpi_write_to_sgl(MPI a, struct scatterlist *sg, unsigned nbytes,
 		     int *sign);
 
 #define log_mpidump g10_log_mpidump
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c
index 823cf5f..7150e5c 100644
--- a/lib/mpi/mpicoder.c
+++ b/lib/mpi/mpicoder.c
@@ -237,16 +237,13 @@ EXPORT_SYMBOL_GPL(mpi_get_buffer);
  * @a:		a multi precision integer
  * @sgl:	scatterlist to write to. Needs to be at least
  *		mpi_get_size(a) long.
- * @nbytes:	in/out param - it has the be set to the maximum number of
- *		bytes that can be written to sgl. This has to be at least
- *		the size of the integer a. On return it receives the actual
- *		length of the data written on success or the data that would
- *		be written if buffer was too small.
+ * @nbytes:	the number of bytes to write.  Leading bytes will be
+ *		filled with zero.
  * @sign:	if not NULL, it will be set to the sign of a.
  *
  * Return:	0 on success or error code in case of error
  */
-int mpi_write_to_sgl(MPI a, struct scatterlist *sgl, unsigned *nbytes,
+int mpi_write_to_sgl(MPI a, struct scatterlist *sgl, unsigned nbytes,
 		     int *sign)
 {
 	u8 *p, *p2;
@@ -258,43 +255,44 @@ int mpi_write_to_sgl(MPI a, struct scatterlist *sgl, unsigned *nbytes,
 #error please implement for this limb size.
 #endif
 	unsigned int n = mpi_get_size(a);
-	int i, x, y = 0, lzeros, buf_len;
-
-	if (!nbytes)
-		return -EINVAL;
+	int i, x, buf_len;
 
 	if (sign)
 		*sign = a->sign;
 
-	lzeros = count_lzeros(a);
-
-	if (*nbytes < n - lzeros) {
-		*nbytes = n - lzeros;
+	if (nbytes < n)
 		return -EOVERFLOW;
-	}
 
-	*nbytes = n - lzeros;
 	buf_len = sgl->length;
 	p2 = sg_virt(sgl);
 
-	for (i = a->nlimbs - 1 - lzeros / BYTES_PER_MPI_LIMB,
-			lzeros %= BYTES_PER_MPI_LIMB;
-		i >= 0; i--) {
+	while (nbytes > n) {
+		if (!buf_len) {
+			sgl = sg_next(sgl);
+			if (!sgl)
+				return -EINVAL;
+			buf_len = sgl->length;
+			p2 = sg_virt(sgl);
+		}
+
+		i = min_t(unsigned, nbytes - n, buf_len);
+		memset(p2, 0, i);
+		p2 += i;
+		buf_len -= i;
+		nbytes -= i;
+	}
+
+	for (i = a->nlimbs - 1; i >= 0; i--) {
 #if BYTES_PER_MPI_LIMB == 4
-		alimb = cpu_to_be32(a->d[i]);
+		alimb = a->d[i] ? cpu_to_be32(a->d[i]) : 0;
 #elif BYTES_PER_MPI_LIMB == 8
-		alimb = cpu_to_be64(a->d[i]);
+		alimb = a->d[i] ? cpu_to_be64(a->d[i]) : 0;
 #else
 #error please implement for this limb size.
 #endif
-		if (lzeros) {
-			y = lzeros;
-			lzeros = 0;
-		}
-
-		p = (u8 *)&alimb + y;
+		p = (u8 *)&alimb;
 
-		for (x = 0; x < sizeof(alimb) - y; x++) {
+		for (x = 0; x < sizeof(alimb); x++) {
 			if (!buf_len) {
 				sgl = sg_next(sgl);
 				if (!sgl)
@@ -305,7 +303,6 @@ int mpi_write_to_sgl(MPI a, struct scatterlist *sgl, unsigned *nbytes,
 			*p2++ = *p++;
 			buf_len--;
 		}
-		y = 0;
 	}
 	return 0;
 }

  reply	other threads:[~2016-06-29  9:58 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-22 10:14 crypto: rsa - Do not gratuitously drop leading zeroes Herbert Xu
2016-06-22 10:16 ` [PATCH 1/8] crypto: testmgr - Allow leading zeros in RSA Herbert Xu
2016-06-22 10:16 ` [PATCH 2/8] crypto: rsa - Generate fixed-length output Herbert Xu
2016-06-22 10:16 ` [PATCH 3/8] lib/mpi: Do not do sg_virt Herbert Xu
2016-06-22 10:16 ` [PATCH 4/8] crypto: rsa-pkcs1pad - Require hash to be present Herbert Xu
2016-06-22 13:20   ` Andrzej Zaborowski
2016-06-22 14:02     ` Herbert Xu
2016-06-22 14:19       ` Denis Kenzior
2016-06-22 14:20         ` Herbert Xu
2016-06-22 14:30           ` Denis Kenzior
2016-06-22 14:33             ` Herbert Xu
2016-06-22 15:39               ` Mat Martineau
2016-06-23  1:27                 ` Herbert Xu
2016-06-22 10:16 ` [PATCH 5/8] crypto: rsa-pkcs1pad - Remove bogus page splitting Herbert Xu
2016-06-22 10:16 ` [PATCH 6/8] crypto: rsa-pkcs1pad - Always use GFP_KERNEL Herbert Xu
2016-06-22 10:16 ` [PATCH 7/8] crypto: rsa-pkcs1pad - Move key size check to setkey Herbert Xu
2016-06-22 10:16 ` [PATCH 8/8] crypto: rsa-pkcs1pad - Avoid copying output when possible Herbert Xu
2016-06-23 15:25 ` crypto: rsa - Do not gratuitously drop leading zeroes Tadeusz Struk
2016-06-24 14:28   ` Herbert Xu
2016-06-24 15:25     ` Tadeusz Struk
2016-06-25  1:44       ` Herbert Xu
2016-06-24  7:27 ` Stephan Mueller
2016-06-24  8:41   ` Herbert Xu
2016-06-24  9:09     ` Stephan Mueller
2016-06-24  9:23     ` Stephan Mueller
2016-06-24  9:30       ` Herbert Xu
2016-06-29  9:56 ` [v2 PATCH 0/7] " Herbert Xu
2016-06-29  9:58   ` Herbert Xu [this message]
2016-06-29  9:58   ` [v2 PATCH 2/7] lib/mpi: Do not do sg_virt Herbert Xu
2016-06-29  9:58   ` [v2 PATCH 3/7] crypto: rsa-pkcs1pad - Require hash to be present Herbert Xu
2016-06-29  9:58   ` [v2 PATCH 4/7] crypto: rsa-pkcs1pad - Remove bogus page splitting Herbert Xu
2016-06-29  9:58   ` [v2 PATCH 5/7] crypto: rsa-pkcs1pad - Always use GFP_KERNEL Herbert Xu
2016-06-29  9:58   ` [v2 PATCH 6/7] crypto: rsa-pkcs1pad - Move key size check to setkey Herbert Xu
2016-06-29  9:58   ` [v2 PATCH 7/7] crypto: rsa-pkcs1pad - Avoid copying output when possible Herbert Xu
2016-06-29 10:26   ` [v3 PATCH 0/8] crypto: rsa - Do not gratuitously drop leading zeroes Herbert Xu
2016-06-29 10:29     ` [v3 PATCH 1/8] crypto: testmgr - Allow leading zeros in RSA Herbert Xu
2016-06-29 10:29     ` [v3 PATCH 2/8] crypto: rsa - Generate fixed-length output Herbert Xu
2016-06-29 11:23       ` Benedetto, Salvatore
2016-06-29 11:30         ` Herbert Xu
2016-06-29 10:29     ` [v3 PATCH 3/8] lib/mpi: Do not do sg_virt Herbert Xu
2016-06-29 10:29     ` [v3 PATCH 4/8] crypto: rsa-pkcs1pad - Require hash to be present Herbert Xu
2016-06-29 10:29     ` [v3 PATCH 5/8] crypto: rsa-pkcs1pad - Remove bogus page splitting Herbert Xu
2016-06-29 10:29     ` [v3 PATCH 6/8] crypto: rsa-pkcs1pad - Always use GFP_KERNEL Herbert Xu
2016-06-29 10:29     ` [v3 PATCH 7/8] crypto: rsa-pkcs1pad - Move key size check to setkey Herbert Xu
2016-06-29 10:29     ` [v3 PATCH 8/8] crypto: rsa-pkcs1pad - Avoid copying output when possible Herbert Xu
2016-06-29 11:31     ` [v4 PATCH 0/8] crypto: rsa - Do not gratuitously drop leading zeroes Herbert Xu
2016-06-29 11:32       ` [v4 PATCH 1/8] crypto: testmgr - Allow leading zeros in RSA Herbert Xu
2016-06-29 11:32       ` [v4 PATCH 2/8] crypto: rsa - Generate fixed-length output Herbert Xu
2016-06-29 11:32       ` [v4 PATCH 3/8] lib/mpi: Do not do sg_virt Herbert Xu
2016-06-29 11:32       ` [v4 PATCH 4/8] crypto: rsa-pkcs1pad - Require hash to be present Herbert Xu
2016-06-29 11:32       ` [v4 PATCH 5/8] crypto: rsa-pkcs1pad - Remove bogus page splitting Herbert Xu
2016-06-29 11:32       ` [v4 PATCH 6/8] crypto: rsa-pkcs1pad - Always use GFP_KERNEL Herbert Xu
2016-06-29 11:32       ` [v4 PATCH 7/8] crypto: rsa-pkcs1pad - Move key size check to setkey Herbert Xu
2016-06-29 11:32       ` [v4 PATCH 8/8] crypto: rsa-pkcs1pad - Avoid copying output when possible Herbert Xu
2016-07-02 17:55       ` [v4 PATCH 0/8] crypto: rsa - Do not gratuitously drop leading zeroes Stephan Mueller
2016-07-02 18:02         ` Stephan Mueller
2016-07-03  2:46         ` Herbert Xu
2016-07-03  5:57           ` Stephan Mueller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=E1bICGJ-0006n9-It@gondolin.me.apana.org.au \
    --to=herbert@gondor.apana.org.au \
    --cc=andrew.zaborowski@intel.com \
    --cc=denkenz@gmail.com \
    --cc=linux-crypto@vger.kernel.org \
    --cc=mathew.j.martineau@linux.intel.com \
    --cc=salvatore.benedetto@intel.com \
    --cc=smueller@chronox.de \
    --cc=tadeusz.struk@intel.com \
    --cc=tudor-dan.ambarus@nxp.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.