From: Stefan Berger <stefanb@linux.ibm.com>
To: keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
herbert@gondor.apana.org.au, davem@davemloft.net
Cc: linux-kernel@vger.kernel.org, saulo.alessandre@tse.jus.br,
Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v3 02/10] crypto: ecdsa - Adjust tests on length of key parameters
Date: Fri, 23 Feb 2024 15:41:41 -0500 [thread overview]
Message-ID: <20240223204149.4055630-3-stefanb@linux.ibm.com> (raw)
In-Reply-To: <20240223204149.4055630-1-stefanb@linux.ibm.com>
In preparation for support of NIST P521, adjust the basic tests on the
length of the provided key parameters to only ensure that the length of the
x plus y coordinates parameter array is not an odd number and that each
coordinate fits into an array of 'ndigits' digits. Mathematical tests on
the key's parameters are then done in ecc_is_pubkey_valid_full rejecting
invalid keys.
The change is necessary since NIST P521 keys do not have keys with
coordinates that each fully require 'full' digits (= u64), unlike
NIST P192/256/384 that all require multiple 'full' digits.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
crypto/ecdsa.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index ba8fb76fd165..64e1e69d53ba 100644
--- a/crypto/ecdsa.c
+++ b/crypto/ecdsa.c
@@ -230,7 +230,7 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig
if (ret < 0)
return ret;
- if (keylen < 1 || (((keylen - 1) >> 1) % sizeof(u64)) != 0)
+ if (keylen < 1 || ((keylen - 1) & 1) != 0)
return -EINVAL;
/* we only accept uncompressed format indicated by '4' */
if (d[0] != 4)
@@ -239,7 +239,7 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig
keylen--;
digitlen = keylen >> 1;
- ndigits = digitlen / sizeof(u64);
+ ndigits = DIV_ROUND_UP(digitlen, sizeof(u64));
if (ndigits != ctx->curve->g.ndigits)
return -EINVAL;
--
2.43.0
next prev parent reply other threads:[~2024-02-23 20:42 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-23 20:41 [PATCH v3 00/10] Add support for NIST P521 to ecdsa Stefan Berger
2024-02-23 20:41 ` [PATCH v3 01/10] crypto: ecdsa - Convert byte arrays with key coordinates to digits Stefan Berger
2024-02-29 9:11 ` Lukas Wunner
2024-02-29 14:57 ` Stefan Berger
2024-02-29 16:48 ` Lukas Wunner
2024-02-29 17:20 ` Stefan Berger
2024-03-01 20:26 ` Jarkko Sakkinen
2024-03-01 20:48 ` Stefan Berger
2024-03-01 20:51 ` Jarkko Sakkinen
2024-03-02 14:00 ` Lukas Wunner
2024-03-02 21:19 ` Stefan Berger
2024-03-02 21:36 ` Lukas Wunner
2024-03-02 21:55 ` Jarkko Sakkinen
2024-02-23 20:41 ` Stefan Berger [this message]
2024-02-29 9:16 ` [PATCH v3 02/10] crypto: ecdsa - Adjust tests on length of key parameters Lukas Wunner
2024-02-29 20:28 ` Stefan Berger
2024-02-23 20:41 ` [PATCH v3 03/10] crypto: ecdsa - Extend res.x mod n calculation for NIST P521 Stefan Berger
2024-02-23 20:41 ` [PATCH v3 04/10] crypto: ecc - Implement vli_mmod_fast_521 for NIST p521 Stefan Berger
2024-02-23 20:41 ` [PATCH v3 05/10] crypto: ecc - Add nbits field to ecc_curve structure Stefan Berger
2024-02-23 20:41 ` [PATCH v3 06/10] crypte: ecc - Implement ecc_curve_get_nbits to get number of bits Stefan Berger
2024-02-27 20:15 ` Lukas Wunner
2024-02-29 20:29 ` Stefan Berger
2024-02-23 20:41 ` [PATCH v3 07/10] crypto: ecc - Use ecc_get_curve_nbits to get number of bits for NIST P521 Stefan Berger
2024-02-23 20:41 ` [PATCH v3 08/10] crypto: ecc - Add NIST P521 curve parameters Stefan Berger
2024-02-23 20:41 ` [PATCH v3 09/10] crypto: ecdsa - Register NIST P521 and extend test suite Stefan Berger
2024-02-23 20:41 ` [PATCH v3 10/10] x509: Add OID for NIST P521 and extend parser for it Stefan Berger
2024-02-29 9:34 ` [PATCH v3 00/10] Add support for NIST P521 to ecdsa Lukas Wunner
2024-02-29 18:45 ` Stefan Berger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240223204149.4055630-3-stefanb@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=saulo.alessandre@tse.jus.br \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.