| Message ID | 1616838976-31936-1-git-send-email-yumeng18@huawei.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Herbert Xu |
| Headers | show |
| Series | crypto: hisilicon/hpre - Add processing of src_data in 'CURVE25519' | expand |
On Sat, Mar 27, 2021 at 05:56:16PM +0800, Meng Yu wrote: > HPRE can only deal with src_data smaller than 'p' in 'CURVE25519' > algorithm, but 'rfc7748' says: > 'Implementations MUST accept non-canonical values and process them as > if they had been reduced modulo the field prime' > So we get its modulus to p, and then deal it with HPRE. > > Signed-off-by: Meng Yu <yumeng18@huawei.com> > --- > drivers/crypto/hisilicon/hpre/hpre_crypto.c | 22 ++++++++++++++++++---- > 1 file changed, 18 insertions(+), 4 deletions(-) Patch applied. Thanks.
diff --git a/drivers/crypto/hisilicon/hpre/hpre_crypto.c b/drivers/crypto/hisilicon/hpre/hpre_crypto.c index d743c54..f363653 100644 --- a/drivers/crypto/hisilicon/hpre/hpre_crypto.c +++ b/drivers/crypto/hisilicon/hpre/hpre_crypto.c @@ -1729,6 +1729,17 @@ static int hpre_curve25519_msg_request_set(struct hpre_ctx *ctx, return 0; } +static void hpre_curve25519_src_modulo_p(u8 *ptr) +{ + int i; + + for (i = 0; i < CURVE25519_KEY_SIZE - 1; i++) + ptr[i] = 0; + + /* The modulus is ptr's last byte minus '0xed'(last byte of p) */ + ptr[i] -= 0xed; +} + static int hpre_curve25519_src_init(struct hpre_asym_request *hpre_req, struct scatterlist *data, unsigned int len) { @@ -1767,10 +1778,13 @@ static int hpre_curve25519_src_init(struct hpre_asym_request *hpre_req, curve = ecc_get_curve25519(); fill_curve_param(p, curve->p, CURVE25519_KEY_SIZE, curve->g.ndigits); - if (memcmp(ptr, p, ctx->key_sz) >= 0) { - dev_err(dev, "gx is out of p!\n"); - goto err; - } + + /* + * When src_data equals (2^255 - 19) ~ (2^255 - 1), it is out of p, + * we get its modulus to p, and then use it. + */ + if (memcmp(ptr, p, ctx->key_sz) >= 0) + hpre_curve25519_src_modulo_p(ptr); hpre_req->src = ptr; msg->in = cpu_to_le64(dma);
HPRE can only deal with src_data smaller than 'p' in 'CURVE25519' algorithm, but 'rfc7748' says: 'Implementations MUST accept non-canonical values and process them as if they had been reduced modulo the field prime' So we get its modulus to p, and then deal it with HPRE. Signed-off-by: Meng Yu <yumeng18@huawei.com> --- drivers/crypto/hisilicon/hpre/hpre_crypto.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-)