crypto: hisilicon/hpre - ensure private key less than n

Message ID	20230707131819.50016-1-qianweili@huawei.com (mailing list archive)
State	Accepted
Delegated to:	Herbert Xu
Headers	show Return-Path: <linux-crypto-owner@vger.kernel.org> From: Weili Qian <qianweili@huawei.com> To: <herbert@gondor.apana.org.au> CC: <linux-kernel@vger.kernel.org>, <linux-crypto@vger.kernel.org>, <liulongfang@huawei.com> Subject: [PATCH] crypto: hisilicon/hpre - ensure private key less than n Date: Fri, 7 Jul 2023 21:18:19 +0800 Message-ID: <20230707131819.50016-1-qianweili@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII Precedence: bulk
Series	crypto: hisilicon/hpre - ensure private key less than n \| expand crypto: hisilicon/hpre - ensure private key less than n

Message ID

20230707131819.50016-1-qianweili@huawei.com (mailing list archive)

State

Accepted

Delegated to:

Herbert Xu

Headers

From: Weili Qian <qianweili@huawei.com>
To: <herbert@gondor.apana.org.au>
CC: <linux-kernel@vger.kernel.org>, <linux-crypto@vger.kernel.org>,
        <liulongfang@huawei.com>
Subject: [PATCH] crypto: hisilicon/hpre - ensure private key less than n
Date: Fri, 7 Jul 2023 21:18:19 +0800
Message-ID: <20230707131819.50016-1-qianweili@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type: text/plain; charset=US-ASCII
Precedence: bulk

Series

crypto: hisilicon/hpre - ensure private key less than n | expand

Commit Message

Weili Qian July 7, 2023, 1:18 p.m. UTC

The private key of the curve key size generated by stdrng, which maybe
not less than n. Therefore, the private key with the curve key size
minus 1 is generated to ensure that the private key is less than n.

Signed-off-by: Weili Qian <qianweili@huawei.com>
---
 drivers/crypto/hisilicon/hpre/hpre_crypto.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

Comments

Herbert Xu July 14, 2023, 9 a.m. UTC | #1

On Fri, Jul 07, 2023 at 09:18:19PM +0800, Weili Qian wrote:
> The private key of the curve key size generated by stdrng, which maybe
> not less than n. Therefore, the private key with the curve key size
> minus 1 is generated to ensure that the private key is less than n.
> 
> Signed-off-by: Weili Qian <qianweili@huawei.com>
> ---
>  drivers/crypto/hisilicon/hpre/hpre_crypto.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)

Patch applied.  Thanks.

diff --git a/drivers/crypto/hisilicon/hpre/hpre_crypto.c b/drivers/crypto/hisilicon/hpre/hpre_crypto.c
index 8ede77310dc5..9a1c61be32cc 100644
--- a/drivers/crypto/hisilicon/hpre/hpre_crypto.c
+++ b/drivers/crypto/hisilicon/hpre/hpre_crypto.c
@@ -1392,9 +1392,9 @@  static int hpre_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
 				unsigned int len)
 {
 	struct hpre_ctx *ctx = kpp_tfm_ctx(tfm);
+	unsigned int sz, sz_shift, curve_sz;
 	struct device *dev = ctx->dev;
 	char key[HPRE_ECC_MAX_KSZ];
-	unsigned int sz, sz_shift;
 	struct ecdh params;
 	int ret;
 
@@ -1406,7 +1406,13 @@  static int hpre_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
 	/* Use stdrng to generate private key */
 	if (!params.key || !params.key_size) {
 		params.key = key;
-		params.key_size = hpre_ecdh_get_curvesz(ctx->curve_id);
+		curve_sz = hpre_ecdh_get_curvesz(ctx->curve_id);
+		if (!curve_sz) {
+			dev_err(dev, "Invalid curve size!\n");
+			return -EINVAL;
+		}
+
+		params.key_size = curve_sz - 1;
 		ret = ecdh_gen_privkey(ctx, &params);
 		if (ret)
 			return ret;