kernel/linux.git/crypto/ecdh.c, branch v6.12.80

crypto: ecdh - Initialize ctx->private_key in proper byte order

2024-04-26T09:26:09+00:00

The private key in ctx->private_key is currently initialized in reverse byte order in ecdh_set_secret and whenever the key is needed in proper byte order the variable priv is introduced and the bytes from ctx->private_key are copied into priv while being byte-swapped (ecc_swap_digits). To get rid of the unnecessary byte swapping initialize ctx->private_key in proper byte order and clean up all functions that were previously using priv or were called with ctx->private_key: - ecc_gen_privkey: Directly initialize the passed ctx->private_key with random bytes filling all the digits of the private key. Get rid of the priv variable. This function only has ecdh_set_secret as a caller to create NIST P192/256/384 private keys. - crypto_ecdh_shared_secret: Called only from ecdh_compute_value with ctx->private_key. Get rid of the priv variable and work with the passed private_key directly. - ecc_make_pub_key: Called only from ecdh_compute_value with ctx->private_key. Get rid of the priv variable and work with the passed private_key directly. Cc: Salvatore Benedetto Signed-off-by: Stefan Berger Acked-by: Jarkko Sakkinen Signed-off-by: Herbert Xu

crypto: ecdh - Pass private key in proper byte order to check valid key

2024-04-26T09:26:09+00:00

ecc_is_key_valid expects a key with the most significant digit in the last entry of the digit array. Currently ecdh_set_secret passes a reversed key to ecc_is_key_valid that then passes the rather simple test checking whether the private key is in range [2, n-3]. For all current ecdh- supported curves (NIST P192/256/384) the 'n' parameter is a rather large number, therefore easily passing this test. Throughout the ecdh and ecc codebase the variable 'priv' is used for a private_key holding the bytes in proper byte order. Therefore, introduce priv in ecdh_set_secret and copy the bytes from ctx->private_key into priv in proper byte order by using ecc_swap_digits. Pass priv to ecc_is_valid_key. Cc: Ard Biesheuvel Cc: Salvatore Benedetto Signed-off-by: Stefan Berger Acked-by: Jarkko Sakkinen Signed-off-by: Herbert Xu

crypto: ecdh - explicitly zeroize private_key

2024-04-05T07:46:33+00:00

private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous key. In that scenario, some key material from the previous key would not be overwritten. The easiest solution is to explicitly zeroize the entire private_key array first. Note that this patch slightly changes the behavior of this function: previously, if the ecc_gen_privkey failed, the old private_key would remain. Now, the private_key is always zeroized. This behavior is consistent with the case where params.key is set and ecc_is_key_valid fails. Signed-off-by: Joachim Vandersmissen Signed-off-by: Herbert Xu

crypto: add init/exit annotations to init/exit funcs

2022-09-24T08:14:43+00:00

Add missing __init/__exit annotations to init/exit funcs. Signed-off-by: Xiu Jianfeng Signed-off-by: Herbert Xu

crypto: ecc - Move ecc.h to include/crypto/internal

2021-10-29T13:04:03+00:00

Move ecc.h header file to 'include/crypto/internal' so that it can be easily imported from everywhere in the kernel tree. This change is done to allow crypto device drivers to re-use the symbols exported by 'crypto/ecc.c', thus avoiding code duplication. Signed-off-by: Daniele Alessandrelli Signed-off-by: Herbert Xu

crypto: ecdh - register NIST P384 tfm

2021-05-28T07:11:47+00:00

Add ecdh_nist_p384_init_tfm and register and unregister P384 tfm. Signed-off-by: Hui Tang Signed-off-by: Herbert Xu

crypto: ecdh - fix 'ecdh_init'

2021-05-28T07:11:47+00:00

NIST P192 is not unregistered if failed to register NIST P256, actually it need to unregister the algorithms already registered. Signed-off-by: Hui Tang Signed-off-by: Herbert Xu

crypto: ecdh - fix ecdh-nist-p192's entry in testmgr

2021-05-28T07:11:47+00:00

Add a comment that p192 will fail to register in FIPS mode. Fix ecdh-nist-p192's entry in testmgr by removing the ifdefs and not setting fips_allowed. Signed-off-by: Hui Tang Signed-off-by: Herbert Xu

crypto: ecdh - extend 'cra_driver_name' with curve name

2021-05-21T08:17:29+00:00

Currently, 'cra_driver_name' cannot be used to specify ecdh algorithm with a special curve, so extending it with curve name. Although using 'cra_name' can also specify a special curve, but ecdh generic driver cannot be specified when vendor hardware accelerator has registered. Fixes: 6763f5ea2d9a ("crypto: ecdh - move curve_id of ECDH from ...") Signed-off-by: Hui Tang Signed-off-by: Herbert Xu

crypto: ecdh - move curve_id of ECDH from the key to algorithm name

2021-03-12T13:04:03+00:00

1. crypto and crypto/atmel-ecc: Move curve id of ECDH from the key into the algorithm name instead in crypto and atmel-ecc, so ECDH algorithm name change form 'ecdh' to 'ecdh-nist-pxxx', and we cannot use 'curve_id' in 'struct ecdh'; 2. crypto/testmgr and net/bluetooth: Modify 'testmgr.c', 'testmgr.h' and 'net/bluetooth' to adapt the modification. Signed-off-by: Meng Yu Reviewed-by: Zaibo Xu Reported-by: kernel test robot Signed-off-by: Herbert Xu

kernel/linux.git/crypto/ecdh.c, branch v6.12.80

crypto: ecdh - Initialize ctx->private_key in proper byte order

crypto: ecdh - Pass private key in proper byte order to check valid key

crypto: ecdh - explicitly zeroize private_key

crypto: add __init/__exit annotations to init/exit funcs

crypto: ecc - Move ecc.h to include/crypto/internal

crypto: ecdh - register NIST P384 tfm

crypto: ecdh - fix 'ecdh_init'

crypto: ecdh - fix ecdh-nist-p192's entry in testmgr

crypto: ecdh - extend 'cra_driver_name' with curve name

crypto: ecdh - move curve_id of ECDH from the key to algorithm name

crypto: add init/exit annotations to init/exit funcs