| Message ID | 1458325927-14737-8-git-send-email-tudor-dan.ambarus@nxp.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Herbert Xu |
| Headers | show |
Am Freitag, 18. März 2016, 20:32:05 schrieb Tudor Ambarus: Hi Tudor, > This patch adds the function scatterwalk_sg_copychunks which writes > a chunk of data from a scatterwalk to another scatterwalk. > It will be used by caam driver to remove the leading zeros of RSA's > algorithm output. The following is unrelated to the patch, but regarding your statement: I lately read that leading zeros are skipped for RSA. Why is that implemented this way? The driver of my question is side channels. Don't we open ourselves up to side channel attacks when forgetting about zeros? Heck, by simply processing zeros in a modular exponentiation (of a private key), we have side channels, because processing of zeros is faster than ones. I am starting to wonder whether this magic with the leading zeros is going to hurt us? Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/crypto/scatterwalk.c b/crypto/scatterwalk.c index ea5815c..bc3222d 100644 --- a/crypto/scatterwalk.c +++ b/crypto/scatterwalk.c @@ -125,6 +125,32 @@ void scatterwalk_map_and_copy(void *buf, struct scatterlist *sg, } EXPORT_SYMBOL_GPL(scatterwalk_map_and_copy); +void scatterwalk_sg_copychunks(struct scatter_walk *dest, + struct scatter_walk *src, size_t nbytes) +{ + for (;;) { + unsigned int len_this_page = scatterwalk_pagelen(dest); + u8 *vaddr; + + if (len_this_page > nbytes) + len_this_page = nbytes; + + vaddr = scatterwalk_map(dest); + scatterwalk_copychunks(vaddr, src, len_this_page, 0); + scatterwalk_unmap(vaddr); + + scatterwalk_advance(dest, len_this_page); + + if (nbytes == len_this_page) + break; + + nbytes -= len_this_page; + + scatterwalk_pagedone(dest, 0, 1); + } +} +EXPORT_SYMBOL_GPL(scatterwalk_sg_copychunks); + int scatterwalk_bytes_sglen(struct scatterlist *sg, int num_bytes) { int offset = 0, n = 0; diff --git a/include/crypto/scatterwalk.h b/include/crypto/scatterwalk.h index 35f99b6..8b799c5 100644 --- a/include/crypto/scatterwalk.h +++ b/include/crypto/scatterwalk.h @@ -86,6 +86,8 @@ static inline void scatterwalk_unmap(void *vaddr) void scatterwalk_start(struct scatter_walk *walk, struct scatterlist *sg); void scatterwalk_copychunks(void *buf, struct scatter_walk *walk, size_t nbytes, int out); +void scatterwalk_sg_copychunks(struct scatter_walk *dest, + struct scatter_walk *src, size_t nbytes); void *scatterwalk_map(struct scatter_walk *walk); void scatterwalk_done(struct scatter_walk *walk, int out, int more);
This patch adds the function scatterwalk_sg_copychunks which writes a chunk of data from a scatterwalk to another scatterwalk. It will be used by caam driver to remove the leading zeros of RSA's algorithm output. Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@nxp.com> --- crypto/scatterwalk.c | 26 ++++++++++++++++++++++++++ include/crypto/scatterwalk.h | 2 ++ 2 files changed, 28 insertions(+)