From: Mat Martineau <mathew.j.martineau@linux.intel.com>
To: "Stephan Müller" <smueller@chronox.de>
Cc: herbert@gondor.apana.org.au, ebiggers@kernel.org,
Jarkko Sakkinen <jarkko@kernel.org>,
"dhowells@redhat.com" <dhowells@redhat.com>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
keyrings <keyrings@vger.kernel.org>,
simo@redhat.com
Subject: Re: [PATCH v3 3/4] security: DH - remove dead code for zero padding
Date: Wed, 17 Nov 2021 13:28:46 -0800 (PST) [thread overview]
Message-ID: <f98dbf21-50d1-7847-18cb-2f5093a8ac8@linux.intel.com> (raw)
In-Reply-To: <3323567.LZWGnKmheA@positron.chronox.de>
[-- Attachment #1: Type: text/plain, Size: 3069 bytes --]
On Mon, 15 Nov 2021, Stephan Müller wrote:
> Remove the specific code that adds a zero padding that was intended
> to be invoked when the DH operation result was smaller than the
> modulus. However, this cannot occur any more these days because the
> function mpi_write_to_sgl is used in the code path that calculates the
> shared secret in dh_compute_value. This MPI service function guarantees
> that leading zeros are introduced as needed to ensure the resulting data
> is exactly as long as the modulus. This implies that the specific code
> to add zero padding is dead code which can be safely removed.
>
> Signed-off-by: Stephan Mueller <smueller@chronox.de>
> ---
> security/keys/dh.c | 25 ++++---------------------
> 1 file changed, 4 insertions(+), 21 deletions(-)
Hi Stephan -
Thanks for the cleanup!
Acked-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
>
> diff --git a/security/keys/dh.c b/security/keys/dh.c
> index 1abfa70ed6e1..56e12dae4534 100644
> --- a/security/keys/dh.c
> +++ b/security/keys/dh.c
> @@ -141,7 +141,7 @@ static void kdf_dealloc(struct kdf_sdesc *sdesc)
> * 'dlen' must be a multiple of the digest size.
> */
> static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
> - u8 *dst, unsigned int dlen, unsigned int zlen)
> + u8 *dst, unsigned int dlen)
> {
> struct shash_desc *desc = &sdesc->shash;
> unsigned int h = crypto_shash_digestsize(desc->tfm);
> @@ -158,22 +158,6 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
> if (err)
> goto err;
>
> - if (zlen && h) {
> - u8 tmpbuffer[32];
> - size_t chunk = min_t(size_t, zlen, sizeof(tmpbuffer));
> - memset(tmpbuffer, 0, chunk);
> -
> - do {
> - err = crypto_shash_update(desc, tmpbuffer,
> - chunk);
> - if (err)
> - goto err;
> -
> - zlen -= chunk;
> - chunk = min_t(size_t, zlen, sizeof(tmpbuffer));
> - } while (zlen);
> - }
> -
> if (src && slen) {
> err = crypto_shash_update(desc, src, slen);
> if (err)
> @@ -198,7 +182,7 @@ static int kdf_ctr(struct kdf_sdesc *sdesc, const u8 *src, unsigned int slen,
>
> static int keyctl_dh_compute_kdf(struct kdf_sdesc *sdesc,
> char __user *buffer, size_t buflen,
> - uint8_t *kbuf, size_t kbuflen, size_t lzero)
> + uint8_t *kbuf, size_t kbuflen)
> {
> uint8_t *outbuf = NULL;
> int ret;
> @@ -211,7 +195,7 @@ static int keyctl_dh_compute_kdf(struct kdf_sdesc *sdesc,
> goto err;
> }
>
> - ret = kdf_ctr(sdesc, kbuf, kbuflen, outbuf, outbuf_len, lzero);
> + ret = kdf_ctr(sdesc, kbuf, kbuflen, outbuf, outbuf_len);
> if (ret)
> goto err;
>
> @@ -384,8 +368,7 @@ long __keyctl_dh_compute(struct keyctl_dh_params __user *params,
> }
>
> ret = keyctl_dh_compute_kdf(sdesc, buffer, buflen, outbuf,
> - req->dst_len + kdfcopy->otherinfolen,
> - outlen - req->dst_len);
> + req->dst_len + kdfcopy->otherinfolen);
> } else if (copy_to_user(buffer, outbuf, req->dst_len) == 0) {
> ret = req->dst_len;
> } else {
> --
> 2.33.1
>
>
>
>
>
--
Mat Martineau
Intel
next prev parent reply other threads:[~2021-11-17 21:28 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-15 8:41 [PATCH v3 0/4] Add SP800-108 KDF implementation to crypto API Stephan Müller
2021-11-15 8:42 ` [PATCH v3 1/4] crypto: Add key derivation self-test support code Stephan Müller
2021-11-15 8:43 ` [PATCH v3 2/4] crypto: add SP800-108 counter key derivation function Stephan Müller
2021-11-17 19:11 ` Eric Biggers
2021-11-18 8:07 ` Stephan Mueller
2021-11-15 8:43 ` [PATCH v3 3/4] security: DH - remove dead code for zero padding Stephan Müller
2021-11-17 21:28 ` Mat Martineau [this message]
2021-11-18 8:37 ` Stephan Mueller
2021-11-15 8:44 ` [PATCH v3 4/4] security: DH - use KDF implementation from crypto API Stephan Müller
2021-11-17 21:45 ` Mat Martineau
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f98dbf21-50d1-7847-18cb-2f5093a8ac8@linux.intel.com \
--to=mathew.j.martineau@linux.intel.com \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=simo@redhat.com \
--cc=smueller@chronox.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox