From: "Stephan Müller" <smueller@chronox.de>
To: Tudor Ambarus <tudor.ambarus@microchip.com>
Cc: herbert@gondor.apana.org.au, davem@davemloft.net,
linux-crypto@vger.kernel.org, marcel@holtmann.org,
Nicolas.Ferre@microchip.com
Subject: Re: [RFC PATCH v2 1/4] crypto: ecc - add privkey generation support
Date: Sun, 28 May 2017 20:44:15 +0200 [thread overview]
Message-ID: <8501918.Kgl28GDAYF@positron.chronox.de> (raw)
In-Reply-To: <1495034813-27143-2-git-send-email-tudor.ambarus@microchip.com>
Am Mittwoch, 17. Mai 2017, 17:26:50 CEST schrieb Tudor Ambarus:
Hi Tudor,
> Add support for generating ecc private keys.
>
> Generation of ecc private keys is helpful in a user-space to kernel
> ecdh offload because the keys are not revealed to user-space. Private
> key generation is also helpful to implement forward secrecy.
>
> Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
> ---
> crypto/ecc.c | 20 ++++++++++++++++++++
> crypto/ecc.h | 14 ++++++++++++++
> 2 files changed, 34 insertions(+)
>
> diff --git a/crypto/ecc.c b/crypto/ecc.c
> index 414c78a..a591907 100644
> --- a/crypto/ecc.c
> +++ b/crypto/ecc.c
> @@ -927,6 +927,26 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned
> int ndigits, return 0;
> }
>
> +int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64
> *privkey) +{
> + const struct ecc_curve *curve = ecc_get_curve(curve_id);
Shouldn't there be a check that a curve is selected? I.e. a check for an error
should be added?
> + u64 priv[ndigits];
Shouldn't there be a size check of ndigits?
> + unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
> +
> + get_random_bytes(priv, nbytes);
Can you please use crypto_get_default_rng / crypto_rng_get_bytes /
crypto_put_default_rng?
> +
> + if (vli_is_zero(priv, ndigits))
> + return -EINVAL;
> +
> + /* Make sure the private key is in the range [1, n-1]. */
> + if (vli_cmp(curve->n, priv, ndigits) != 1)
> + return -EINVAL;
> +
> + ecc_swap_digits(priv, privkey, ndigits);
Is a byteswap faster than a copy operation by looping through priv/privkey and
simply assinging the value?
> +
> + return 0;
> +}
> +
> int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
> const u8 *private_key, unsigned int private_key_len,
> u8 *public_key, unsigned int public_key_len)
> diff --git a/crypto/ecc.h b/crypto/ecc.h
> index 663d598..b94b7ce 100644
> --- a/crypto/ecc.h
> +++ b/crypto/ecc.h
> @@ -44,6 +44,20 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int
> ndigits, const u8 *private_key, unsigned int private_key_len);
>
> /**
> + * ecc_gen_privkey() - Generates an ECC private key.
> + * The private key is a random integer in the range 0 < random < n, where n
> is a + * prime that is the order of the cyclic subgroup generated by the
> distinguished + * point G.
> + * @curve_id: id representing the curve to use
> + * @ndigits: curve number of digits
> + * @private_key: buffer for storing the generated private key
> + *
> + * Returns 0 if the private key was generated successfully, a negative
> value + * if an error occurred.
> + */
> +int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64
> *privkey); +
> +/**
> * ecdh_make_pub_key() - Compute an ECC public key
> *
> * @curve_id: id representing the curve to use
Ciao
Stephan
next prev parent reply other threads:[~2017-05-28 18:44 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-17 15:26 [RFC PATCH v2 0/4] crypto: (ec)dh - add privkey generation support Tudor Ambarus
2017-05-17 15:26 ` [RFC PATCH v2 1/4] crypto: ecc " Tudor Ambarus
2017-05-28 18:44 ` Stephan Müller [this message]
2017-05-29 9:08 ` Tudor Ambarus
2017-05-29 9:23 ` Stephan Müller
2017-05-29 9:47 ` Tudor Ambarus
2017-05-29 9:56 ` Stephan Müller
2017-05-29 13:27 ` Tudor Ambarus
2017-05-17 15:26 ` [RFC PATCH v2 2/4] crypto: ecdh - allow user to provide NULL privkey Tudor Ambarus
2017-05-17 15:26 ` [RFC PATCH v2 3/4] crypto: dh " Tudor Ambarus
2017-05-28 18:50 ` Stephan Müller
2017-05-17 15:26 ` [RFC PATCH v2 4/4] crypto: testmgr - add genkey kpp test Tudor Ambarus
2017-05-26 13:44 ` Tudor Ambarus
2017-05-28 18:57 ` Stephan Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8501918.Kgl28GDAYF@positron.chronox.de \
--to=smueller@chronox.de \
--cc=Nicolas.Ferre@microchip.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=linux-crypto@vger.kernel.org \
--cc=marcel@holtmann.org \
--cc=tudor.ambarus@microchip.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).