From patchwork Wed May 17 10:38:33 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tudor Ambarus <tudor.ambarus@microchip.com>
X-Patchwork-Id: 9730813
X-Patchwork-Delegate: herbert@gondor.apana.org.au
Return-Path: <linux-crypto-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	7551660363 for <patchwork-linux-crypto@patchwork.kernel.org>;
	Wed, 17 May 2017 10:38:57 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6AEDC28689
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Wed, 17 May 2017 10:38:57 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 5F9EE286E7; Wed, 17 May 2017 10:38:57 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 12F7D286DF
	for <patchwork-linux-crypto@patchwork.kernel.org>;
	Wed, 17 May 2017 10:38:56 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752296AbdEQKiz (ORCPT
	<rfc822;patchwork-linux-crypto@patchwork.kernel.org>);
	Wed, 17 May 2017 06:38:55 -0400
Received: from esa6.microchip.iphmx.com ([216.71.154.253]:37484 "EHLO
	esa6.microchip.iphmx.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751782AbdEQKiy (ORCPT
	<rfc822;linux-crypto@vger.kernel.org>);
	Wed, 17 May 2017 06:38:54 -0400
X-IronPort-AV: E=Sophos;i="5.38,353,1491289200"; d="scan'208";a="526990"
Received: from smtpout.microchip.com (HELO email.microchip.com)
	([198.175.253.82])
	by esa6.microchip.iphmx.com with ESMTP/TLS/DHE-RSA-AES256-SHA;
	17 May 2017 03:38:54 -0700
Received: from rob-ult-M18064.microchip.com (10.10.76.4) by
	chn-sv-exch06.mchp-main.com (10.10.76.107) with Microsoft SMTP Server
	id 14.3.181.6; Wed, 17 May 2017 03:38:53 -0700
From: Tudor Ambarus <tudor.ambarus@microchip.com>
To: <herbert@gondor.apana.org.au>
CC: <linux-crypto@vger.kernel.org>, <smueller@chronox.de>,
	<marcel@holtmann.org>, <Nicolas.Ferre@microchip.com>,
	Tudor Ambarus <tudor.ambarus@microchip.com>
Subject: [RFC PATCH 1/4] crypto: ecc - add privkey generation support
Date: Wed, 17 May 2017 13:38:33 +0300
Message-ID: <1495017516-10048-2-git-send-email-tudor.ambarus@microchip.com>
X-Mailer: git-send-email 2.7.4
In-Reply-To: <1495017516-10048-1-git-send-email-tudor.ambarus@microchip.com>
References: <1495017516-10048-1-git-send-email-tudor.ambarus@microchip.com>
MIME-Version: 1.0
Sender: linux-crypto-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Add support for generating ecc private keys.

Generation of ecc private keys is helpful in a user-space to kernel
ecdh offload because the keys are not revealed to user-space. Private
key generation is also helpful to implement forward secrecy.

Signed-off-by: Tudor Ambarus <tudor.ambarus@microchip.com>
---
 crypto/ecc.c | 20 ++++++++++++++++++++
 crypto/ecc.h | 14 ++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 414c78a..a591907 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -927,6 +927,26 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
 	return 0;
 }
 
+int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)
+{
+	const struct ecc_curve *curve = ecc_get_curve(curve_id);
+	u64 priv[ndigits];
+	unsigned int nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
+
+	get_random_bytes(priv, nbytes);
+
+	if (vli_is_zero(priv, ndigits))
+		return -EINVAL;
+
+	/* Make sure the private key is in the range [1, n-1]. */
+	if (vli_cmp(curve->n, priv, ndigits) != 1)
+		return -EINVAL;
+
+	ecc_swap_digits(priv, privkey, ndigits);
+
+	return 0;
+}
+
 int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
 		      const u8 *private_key, unsigned int private_key_len,
 		      u8 *public_key, unsigned int public_key_len)
diff --git a/crypto/ecc.h b/crypto/ecc.h
index 663d598..b94b7ce 100644
--- a/crypto/ecc.h
+++ b/crypto/ecc.h
@@ -44,6 +44,20 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
 		     const u8 *private_key, unsigned int private_key_len);
 
 /**
+ * ecc_gen_privkey() -  Generates an ECC private key.
+ * The private key is a random integer in the range 0 < random < n, where n is a
+ * prime that is the order of the cyclic subgroup generated by the distinguished
+ * point G.
+ * @curve_id:		id representing the curve to use
+ * @ndigits:		curve number of digits
+ * @private_key:	buffer for storing the generated private key
+ *
+ * Returns 0 if the private key was generated successfully, a negative value
+ * if an error occurred.
+ */
+int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey);
+
+/**
  * ecdh_make_pub_key() - Compute an ECC public key
  *
  * @curve_id:		id representing the curve to use