From: "Stephan Müller" <smueller@chronox.de>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
Nicolai Stange <nstange@suse.de>
Cc: Hannes Reinecke <hare@suse.de>, Torsten Duwe <duwe@suse.de>,
Zaibo Xu <xuzaibo@huawei.com>,
Giovanni Cabiddu <giovanni.cabiddu@intel.com>,
David Howells <dhowells@redhat.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
linux-crypto@vger.kernel.org, linux-kernel@vger.kernel.org,
qat-linux@intel.com, keyrings@vger.kernel.org,
Nicolai Stange <nstange@suse.de>
Subject: Re: [PATCH 10/18] crypto: dh - introduce support for ephemeral key generation to dh-generic
Date: Sun, 05 Dec 2021 07:11:22 +0100 [thread overview]
Message-ID: <1972149.YKUYFuaPT4@positron.chronox.de> (raw)
In-Reply-To: <20211201004858.19831-11-nstange@suse.de>
Am Mittwoch, 1. Dezember 2021, 01:48:50 CET schrieb Nicolai Stange:
Hi Nicolai,
> The support for NVME in-band authentication currently in the works ([1])
> needs to generate ephemeral DH keys. Make dh-generic's ->set_secret()
> to generate an ephemeral key via the recently added crypto_dh_gen_privkey()
> in case the input ->key_size is zero. Note that this behaviour is in
> analogy to ecdh's ->set_secret().
>
> [1] https://lkml.kernel.org/r/20211122074727.25988-4-hare@suse.de
>
> Signed-off-by: Nicolai Stange <nstange@suse.de>
> ---
> crypto/dh.c | 24 ++++++++++++++++++++----
> 1 file changed, 20 insertions(+), 4 deletions(-)
>
> diff --git a/crypto/dh.c b/crypto/dh.c
> index 131b80064cb1..2e49b114e038 100644
> --- a/crypto/dh.c
> +++ b/crypto/dh.c
> @@ -71,25 +71,41 @@ static int dh_set_secret(struct crypto_kpp *tfm, const
> void *buf, {
> struct dh_ctx *ctx = dh_get_ctx(tfm);
> struct dh params;
> + char key[CRYPTO_DH_MAX_PRIVKEY_SIZE];
> + int err;
>
> /* Free the old MPI key if any */
> dh_clear_ctx(ctx);
>
> - if (crypto_dh_decode_key(buf, len, ¶ms) < 0)
> + err = crypto_dh_decode_key(buf, len, ¶ms);
> + if (err)
> goto err_clear_ctx;
>
> - if (dh_set_params(ctx, ¶ms) < 0)
> + if (!params.key_size) {
As this params data may come from user space, shouldn't we use the same logic
as in ecdh's set_key function:
if (!params.key || !params.key_size)
?
> + err = crypto_dh_gen_privkey(params.group_id, key,
> + ¶ms.key_size);
> + if (err)
> + goto err_clear_ctx;
> + params.key = key;
> + }
> +
> + err = dh_set_params(ctx, ¶ms);
> + if (err)
> goto err_clear_ctx;
>
> ctx->xa = mpi_read_raw_data(params.key, params.key_size);
> - if (!ctx->xa)
> + if (!ctx->xa) {
> + err = -EINVAL;
> goto err_clear_ctx;
> + }
> +
> + memzero_explicit(key, sizeof(key));
>
> return 0;
>
> err_clear_ctx:
> dh_clear_ctx(ctx);
> - return -EINVAL;
> + return err;
> }
>
> /*
Ciao
Stephan
next prev parent reply other threads:[~2021-12-05 6:11 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-01 0:48 [PATCH 00/18] crypto: dh - infrastructure for NVM in-band auth and FIPS conformance Nicolai Stange
2021-12-01 0:48 ` [PATCH 01/18] crypto: dh - remove struct dh's ->q member Nicolai Stange
2021-12-01 7:11 ` Hannes Reinecke
2021-12-01 0:48 ` [PATCH 02/18] crypto: dh - constify struct dh's pointer members Nicolai Stange
2021-12-01 7:13 ` Hannes Reinecke
2021-12-01 0:48 ` [PATCH 03/18] crypto: dh - optimize domain parameter serialization for well-known groups Nicolai Stange
2021-12-01 7:17 ` Hannes Reinecke
2021-12-09 9:08 ` Nicolai Stange
2021-12-01 0:48 ` [PATCH 04/18] crypto: dh - introduce RFC 7919 safe-prime groups Nicolai Stange
2021-12-01 7:23 ` Hannes Reinecke
2021-12-09 9:10 ` Nicolai Stange
2021-12-01 0:48 ` [PATCH 05/18] crypto: testmgr - add DH RFC 7919 ffdhe2048 test vector Nicolai Stange
2021-12-01 7:24 ` Hannes Reinecke
2021-12-01 0:48 ` [PATCH 06/18] crypto: dh - introduce RFC 3526 safe-prime groups Nicolai Stange
2021-12-01 7:24 ` Hannes Reinecke
2021-12-01 0:48 ` [PATCH 07/18] crypto: testmgr - add DH RFC 3526 modp2048 test vector Nicolai Stange
2021-12-01 7:25 ` Hannes Reinecke
2021-12-01 0:48 ` [PATCH 08/18] crypto: testmgr - run only subset of DH vectors based on config Nicolai Stange
2021-12-01 7:28 ` Hannes Reinecke
2021-12-09 9:18 ` Nicolai Stange
2021-12-01 0:48 ` [PATCH 09/18] crypto: dh - implement private key generation primitive Nicolai Stange
2021-12-01 7:28 ` Hannes Reinecke
2021-12-05 5:52 ` Stephan Müller
2021-12-08 6:20 ` Nicolai Stange
2021-12-08 7:16 ` Stephan Mueller
2021-12-01 0:48 ` [PATCH 10/18] crypto: dh - introduce support for ephemeral key generation to dh-generic Nicolai Stange
2021-12-01 7:29 ` Hannes Reinecke
2021-12-05 6:11 ` Stephan Müller [this message]
2021-12-08 6:32 ` Nicolai Stange
2021-12-01 0:48 ` [PATCH 11/18] crypto: dh - introduce support for ephemeral key generation to hpre driver Nicolai Stange
2021-12-01 7:30 ` Hannes Reinecke
2021-12-05 6:11 ` Stephan Müller
2021-12-01 0:48 ` [PATCH 12/18] crypto: dh - introduce support for ephemeral key generation to qat driver Nicolai Stange
2021-12-01 7:30 ` Hannes Reinecke
2021-12-05 6:11 ` Stephan Müller
2021-12-01 0:48 ` [PATCH 13/18] crypto: testmgr - add DH test vectors for key generation Nicolai Stange
2021-12-01 7:31 ` Hannes Reinecke
2021-12-01 0:48 ` [PATCH 14/18] lib/mpi: export mpi_rshift Nicolai Stange
2021-12-01 7:32 ` Hannes Reinecke
2021-12-01 0:48 ` [PATCH 15/18] crypto: dh - store group id in dh-generic's dh_ctx Nicolai Stange
2021-12-01 7:32 ` Hannes Reinecke
2021-12-01 0:48 ` [PATCH 16/18] crypto: dh - calculate Q from P for the full public key verification Nicolai Stange
2021-12-01 7:33 ` Hannes Reinecke
2021-12-05 6:07 ` Stephan Müller
2021-12-08 6:41 ` Nicolai Stange
2021-12-01 0:48 ` [PATCH 17/18] crypto: dh - try to match domain parameters to a known safe-prime group Nicolai Stange
2021-12-01 7:34 ` Hannes Reinecke
2021-12-01 0:48 ` [PATCH 18/18] crypto: dh - accept only approved safe-prime groups in FIPS mode Nicolai Stange
2021-12-01 7:34 ` Hannes Reinecke
2021-12-09 9:26 ` Nicolai Stange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1972149.YKUYFuaPT4@positron.chronox.de \
--to=smueller@chronox.de \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=duwe@suse.de \
--cc=giovanni.cabiddu@intel.com \
--cc=hare@suse.de \
--cc=herbert@gondor.apana.org.au \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nstange@suse.de \
--cc=qat-linux@intel.com \
--cc=xuzaibo@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox