d5c3b17898
On the quest to remove all VLAs from the kernel[1], this avoids VLAs by just using the maximum allocation size (4 bytes) for stack arrays. All the VLAs in ecc were either 3 or 4 bytes (or a multiple), so just make it 4 bytes all the time. Initialization routines are adjusted to check that ndigits does not end up larger than the arrays. This includes a removal of the earlier attempt at this fix from commit a963834b4742 ("crypto/ecc: Remove stack VLA usage") [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
94 lines
3.7 KiB
C
94 lines
3.7 KiB
C
/*
|
|
* Copyright (c) 2013, Kenneth MacKay
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions are
|
|
* met:
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
#ifndef _CRYPTO_ECC_H
|
|
#define _CRYPTO_ECC_H
|
|
|
|
#define ECC_CURVE_NIST_P192_DIGITS 3
|
|
#define ECC_CURVE_NIST_P256_DIGITS 4
|
|
#define ECC_MAX_DIGITS ECC_CURVE_NIST_P256_DIGITS
|
|
|
|
#define ECC_DIGITS_TO_BYTES_SHIFT 3
|
|
|
|
/**
|
|
* ecc_is_key_valid() - Validate a given ECDH private key
|
|
*
|
|
* @curve_id: id representing the curve to use
|
|
* @ndigits: curve's number of digits
|
|
* @private_key: private key to be used for the given curve
|
|
* @private_key_len: private key length
|
|
*
|
|
* Returns 0 if the key is acceptable, a negative value otherwise
|
|
*/
|
|
int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
|
|
const u64 *private_key, unsigned int private_key_len);
|
|
|
|
/**
|
|
* ecc_gen_privkey() - Generates an ECC private key.
|
|
* The private key is a random integer in the range 0 < random < n, where n is a
|
|
* prime that is the order of the cyclic subgroup generated by the distinguished
|
|
* point G.
|
|
* @curve_id: id representing the curve to use
|
|
* @ndigits: curve number of digits
|
|
* @private_key: buffer for storing the generated private key
|
|
*
|
|
* Returns 0 if the private key was generated successfully, a negative value
|
|
* if an error occurred.
|
|
*/
|
|
int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey);
|
|
|
|
/**
|
|
* ecc_make_pub_key() - Compute an ECC public key
|
|
*
|
|
* @curve_id: id representing the curve to use
|
|
* @ndigits: curve's number of digits
|
|
* @private_key: pregenerated private key for the given curve
|
|
* @public_key: buffer for storing the generated public key
|
|
*
|
|
* Returns 0 if the public key was generated successfully, a negative value
|
|
* if an error occurred.
|
|
*/
|
|
int ecc_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
|
|
const u64 *private_key, u64 *public_key);
|
|
|
|
/**
|
|
* crypto_ecdh_shared_secret() - Compute a shared secret
|
|
*
|
|
* @curve_id: id representing the curve to use
|
|
* @ndigits: curve's number of digits
|
|
* @private_key: private key of part A
|
|
* @public_key: public key of counterpart B
|
|
* @secret: buffer for storing the calculated shared secret
|
|
*
|
|
* Note: It is recommended that you hash the result of crypto_ecdh_shared_secret
|
|
* before using it for symmetric encryption or HMAC.
|
|
*
|
|
* Returns 0 if the shared secret was generated successfully, a negative value
|
|
* if an error occurred.
|
|
*/
|
|
int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
|
|
const u64 *private_key, const u64 *public_key,
|
|
u64 *secret);
|
|
#endif
|