From: Stefan Berger <stefanb@linux.ibm.com>
To: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
herbert@gondor.apana.org.au, davem@davemloft.net
Cc: linux-kernel@vger.kernel.org, saulo.alessandre@tse.jus.br,
Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH 09/14] crypto: ecdh - Use properly formatted digits to check for valid key
Date: Thu, 8 Feb 2024 17:18:35 -0500 [thread overview]
Message-ID: <20240208221840.3665874-10-stefanb@linux.ibm.com> (raw)
In-Reply-To: <20240208221840.3665874-1-stefanb@linux.ibm.com>
ecc_is_key_valid expects a key with the most significant digit in the last
entry of the digit array. Currently a reverse key is passed to
ecc_is_key_valid that then passes that rather simple test checking whether
the private key is in range [2, n-3]. For all current ecdh-supported
curves (NIST P192/256/384) n is a rather large number, therefore easily
passing this test. However, this will not work for NIST P521 anymore but
the properly prepared array of digits will need to be passed. Therefore,
use ecc_digits_from_array to create the digits array from the byte array
and pass the result to this test function. Use a swapped key in
ctx->private_key.
Note: The ctx->private_key is currently (unnecessarily) swapped and will
be swapped into proper order in ecc_make_pub_key and
crypto_ecdh_shared_secret before usage. Also the key generated in
ecc_gen_privkey, that is assigned to ctx->private_key, is currently
swapped. The above mention 'swap' and the ones mention here could likely
all be removed.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
crypto/ecdh.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 80afee3234fb..83029233c03e 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -27,6 +27,8 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
unsigned int len)
{
struct ecdh_ctx *ctx = ecdh_get_ctx(tfm);
+ u64 priv[ECC_MAX_DIGITS];
+ unsigned int nbytes;
struct ecdh params;
if (crypto_ecdh_decode_key(buf, len, ¶ms) < 0 ||
@@ -37,10 +39,13 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
return ecc_gen_privkey(ctx->curve_id, ctx->ndigits,
ctx->private_key);
- memcpy(ctx->private_key, params.key, params.key_size);
+ nbytes = ctx->ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
+
+ ecc_digits_from_array(params.key, nbytes, priv, ctx->ndigits);
+ ecc_swap_digits(priv, ctx->private_key, ctx->ndigits);
if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits,
- ctx->private_key, params.key_size) < 0) {
+ priv, params.key_size) < 0) {
memzero_explicit(ctx->private_key, params.key_size);
return -EINVAL;
}
--
2.43.0
next prev parent reply other threads:[~2024-02-08 22:19 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-08 22:18 [PATCH 00/14] Add support for NIST P521 to ecdsa and ecdh Stefan Berger
2024-02-08 22:18 ` [PATCH 01/14] crypto: ecdsa - Convert byte arrays with key coordinates to digits Stefan Berger
2024-02-09 19:36 ` kernel test robot
2024-02-08 22:18 ` [PATCH 02/14] crypto: ecdsa - Adjust tests on length of key material Stefan Berger
2024-02-08 22:18 ` [PATCH 03/14] crypto: ecdsa - Adjust res.x mod n for NIST P521 Stefan Berger
2024-02-08 22:18 ` [PATCH 04/14] crypto: ecc - Implement vli_mmod_fast_521 for NIST p521 Stefan Berger
2024-02-08 22:18 ` [PATCH 05/14] crypto: ecc - For NIST P521 use vli_num_bits to get number of bits Stefan Berger
2024-02-08 22:18 ` [PATCH 06/14] crypto: ecc - Add NIST P521 curve parameters Stefan Berger
2024-02-08 22:18 ` [PATCH 07/14] crypto: ecdsa - Register NIST P521 and extend test suite Stefan Berger
2024-02-08 22:18 ` [PATCH 08/14] x509: Add OID for NIST P521 and extend parser for it Stefan Berger
2024-02-08 22:18 ` Stefan Berger [this message]
2024-02-08 22:18 ` [PATCH 10/14] crypto: ecc - Implement ecc_digits_to_array to convert digits to byte array Stefan Berger
2024-02-08 22:18 ` [PATCH 11/14] crypto: Add nbits field to ecc_curve structure Stefan Berger
2024-02-08 22:18 ` [PATCH 12/14] crypto: ecc - Implement and use ecc_curve_get_nbytes to get curve's nbytes Stefan Berger
2024-02-08 22:18 ` [PATCH 13/14] crypto: ecdh - Use functions to copy digits from and to array Stefan Berger
2024-02-08 22:18 ` [PATCH 14/14] crypto: ecdh - Add support for NIST P521 and add test case Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240208221840.3665874-10-stefanb@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=saulo.alessandre@tse.jus.br \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.