From: "Stephan Müller" <smueller@chronox.de>
To: Tudor Ambarus <tudor.ambarus@microchip.com>
Cc: herbert@gondor.apana.org.au, davem@davemloft.net,
linux-crypto@vger.kernel.org, marcel@holtmann.org,
Nicolas.Ferre@microchip.com
Subject: Re: [RFC PATCH v2 1/4] crypto: ecc - add privkey generation support
Date: Sun, 28 May 2017 20:44:15 +0200 [thread overview]
Message-ID: <8501918.Kgl28GDAYF@positron.chronox.de> (raw)
In-Reply-To: <1495034813-27143-2-git-send-email-tudor.ambarus@microchip.com>
Am Mittwoch, 17. Mai 2017, 17:26:50 CEST schrieb Tudor Ambarus:
Hi Tudor,
> Add support for generating ecc private keys.
>
> Generation of ecc private keys is helpful in a user-space to kernel
> ecdh offload because the keys are not revealed to user-space. Private
> key generation is also helpful to implement forward secrecy.
>
> Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
> ---
> crypto/ecc.c | 20 ++++++++++++++++++++
> crypto/ecc.h | 14 ++++++++++++++
> 2 files changed, 34 insertions(+)
>
> diff --git a/crypto/ecc.c b/crypto/ecc.c
> index 414c78a..a591907 100644
> --- a/crypto/ecc.c
> +++ b/crypto/ecc.c
> @@ -927,6 +927,26 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned
> int ndigits, return 0;
> }
>
> +int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64
> *privkey) +{
> + const struct ecc_curve *curve = ecc_get_curve(curve_id);
Shouldn't there be a check that a curve is selected? I.e. a check for an error
should be added?
> + u64 priv[ndigits];
Shouldn't there be a size check of ndigits?
> + unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
> +
> + get_random_bytes(priv, nbytes);
Can you please use crypto_get_default_rng / crypto_rng_get_bytes /
crypto_put_default_rng?
> +
> + if (vli_is_zero(priv, ndigits))
> + return -EINVAL;
> +
> + /* Make sure the private key is in the range [1, n-1]. */
> + if (vli_cmp(curve->n, priv, ndigits) != 1)
> + return -EINVAL;
> +
> + ecc_swap_digits(priv, privkey, ndigits);
Is a byteswap faster than a copy operation by looping through priv/privkey and
simply assinging the value?
> +
> + return 0;
> +}
> +
> int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
> const u8 *private_key, unsigned int private_key_len,
> u8 *public_key, unsigned int public_key_len)
> diff --git a/crypto/ecc.h b/crypto/ecc.h
> index 663d598..b94b7ce 100644
> --- a/crypto/ecc.h
> +++ b/crypto/ecc.h
> @@ -44,6 +44,20 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int
> ndigits, const u8 *private_key, unsigned int private_key_len);
>
> /**
> + * ecc_gen_privkey() - Generates an ECC private key.
> + * The private key is a random integer in the range 0 < random < n, where n
> is a + * prime that is the order of the cyclic subgroup generated by the
> distinguished + * point G.
> + * @curve_id: id representing the curve to use
> + * @ndigits: curve number of digits
> + * @private_key: buffer for storing the generated private key
> + *
> + * Returns 0 if the private key was generated successfully, a negative
> value + * if an error occurred.
> + */
> +int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64
> *privkey); +
> +/**
> * ecdh_make_pub_key() - Compute an ECC public key
> *
> * @curve_id: id representing the curve to use
Ciao
Stephan
next prev parent reply other threads:[~2017-05-28 18:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-17 15:26 [RFC PATCH v2 0/4] crypto: (ec)dh - add privkey generation support Tudor Ambarus
2017-05-17 15:26 ` [RFC PATCH v2 1/4] crypto: ecc " Tudor Ambarus
2017-05-28 18:44 ` Stephan Müller [this message]
2017-05-29 9:08 ` Tudor Ambarus
2017-05-29 9:23 ` Stephan Müller
2017-05-29 9:47 ` Tudor Ambarus
2017-05-29 9:56 ` Stephan Müller
2017-05-29 13:27 ` Tudor Ambarus
2017-05-17 15:26 ` [RFC PATCH v2 2/4] crypto: ecdh - allow user to provide NULL privkey Tudor Ambarus
2017-05-17 15:26 ` [RFC PATCH v2 3/4] crypto: dh " Tudor Ambarus
2017-05-28 18:50 ` Stephan Müller
2017-05-17 15:26 ` [RFC PATCH v2 4/4] crypto: testmgr - add genkey kpp test Tudor Ambarus
2017-05-26 13:44 ` Tudor Ambarus
2017-05-28 18:57 ` Stephan Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8501918.Kgl28GDAYF@positron.chronox.de \
--to=smueller@chronox.de \
--cc=Nicolas.Ferre@microchip.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=tudor.ambarus@microchip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.