diff mbox series

[v3,02/10] crypto: ecdsa - Adjust tests on length of key parameters

Message ID 20240223204149.4055630-3-stefanb@linux.ibm.com (mailing list archive)
State Superseded
Delegated to: Herbert Xu
Headers show
Series Add support for NIST P521 to ecdsa | expand

Commit Message

Stefan Berger Feb. 23, 2024, 8:41 p.m. UTC
In preparation for support of NIST P521, adjust the basic tests on the
length of the provided key parameters to only ensure that the length of the
x plus y coordinates parameter array is not an odd number and that each
coordinate fits into an array of 'ndigits' digits. Mathematical tests on
the key's parameters are then done in ecc_is_pubkey_valid_full rejecting
invalid keys.

The change is necessary since NIST P521 keys do not have keys with
coordinates that each fully require 'full' digits (= u64), unlike
NIST P192/256/384 that all require multiple 'full' digits.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 crypto/ecdsa.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Lukas Wunner Feb. 29, 2024, 9:16 a.m. UTC | #1
On Fri, Feb 23, 2024 at 03:41:41PM -0500, Stefan Berger wrote:
> @@ -239,7 +239,7 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig
>  	keylen--;
>  	digitlen = keylen >> 1;
>  
> -	ndigits = digitlen / sizeof(u64);
> +	ndigits = DIV_ROUND_UP(digitlen, sizeof(u64));
>  	if (ndigits != ctx->curve->g.ndigits)
>  		return -EINVAL;

This deletes a line inserted by the preceding patch in the series.
I'd prefer just squashing the two patches together.

Thanks,

Lukas
Stefan Berger Feb. 29, 2024, 8:28 p.m. UTC | #2
On 2/29/24 04:16, Lukas Wunner wrote:
> On Fri, Feb 23, 2024 at 03:41:41PM -0500, Stefan Berger wrote:
>> @@ -239,7 +239,7 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig
>>   	keylen--;
>>   	digitlen = keylen >> 1;
>>   
>> -	ndigits = digitlen / sizeof(u64);
>> +	ndigits = DIV_ROUND_UP(digitlen, sizeof(u64));
>>   	if (ndigits != ctx->curve->g.ndigits)
>>   		return -EINVAL;
> 
> This deletes a line inserted by the preceding patch in the series.
> I'd prefer just squashing the two patches together.
> 
Hm, I moved this part here into 1/10 and left he other hunk in 2/10 
since they deal with slightly different issues.

    Stefan

> Thanks,
> 
> Lukas
diff mbox series

Patch

diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index ba8fb76fd165..64e1e69d53ba 100644
--- a/crypto/ecdsa.c
+++ b/crypto/ecdsa.c
@@ -230,7 +230,7 @@  static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig
 	if (ret < 0)
 		return ret;
 
-	if (keylen < 1 || (((keylen - 1) >> 1) % sizeof(u64)) != 0)
+	if (keylen < 1 || ((keylen - 1) & 1) != 0)
 		return -EINVAL;
 	/* we only accept uncompressed format indicated by '4' */
 	if (d[0] != 4)
@@ -239,7 +239,7 @@  static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig
 	keylen--;
 	digitlen = keylen >> 1;
 
-	ndigits = digitlen / sizeof(u64);
+	ndigits = DIV_ROUND_UP(digitlen, sizeof(u64));
 	if (ndigits != ctx->curve->g.ndigits)
 		return -EINVAL;