29 Oct, 2018
1 commit
-
On the quest to remove all VLAs from the kernel[1], this avoids VLAs
by just using the maximum allocation size (4 bytes) for stack arrays.
All the VLAs in ecc were either 3 or 4 bytes (or a multiple), so just
make it 4 bytes all the time. Initialization routines are adjusted to
check that ndigits does not end up larger than the arrays.This includes a removal of the earlier attempt at this fix from
commit a963834b4742 ("crypto/ecc: Remove stack VLA usage")[1] https://lkml.org/lkml/2018/3/7/621
Signed-off-by: Kees Cook
Signed-off-by: Herbert Xu
03 Aug, 2017
1 commit
-
ecdh_ctx contained static allocated data for the shared secret
and public key.The shared secret and the public key were doomed to concurrency
issues because they could be shared by multiple crypto requests.The concurrency is fixed by replacing per-tfm shared secret and
public key with per-request dynamically allocated shared secret
and public key.Signed-off-by: Tudor Ambarus
Signed-off-by: Herbert Xu
10 Jun, 2017
6 commits
-
Add support for generating ecc private keys.
Generation of ecc private keys is helpful in a user-space to kernel
ecdh offload because the keys are not revealed to user-space. Private
key generation is also helpful to implement forward secrecy.If the user provides a NULL ecc private key, the kernel will generate it
and further use it for ecdh.Move ecdh's object files below drbg's. drbg must be present in the kernel
at the time of calling.Signed-off-by: Tudor Ambarus
Reviewed-by: Stephan Müller
Signed-off-by: Herbert Xu -
crypto_kpp_maxsize() asks for the output buffer size without
caring for errors. It allways assume that will be called after
a valid setkey. Comply with it and return what he wants.nbytes has no sense now, remove it and directly return the maxsize.
Signed-off-by: Tudor Ambarus
Signed-off-by: Herbert Xu -
Rename ecdh_make_pub_key() to ecc_make_pub_key().
ecdh_make_pub_key() is not dh specific and the reference
to dh is wrong.Signed-off-by: Tudor Ambarus
Signed-off-by: Herbert Xu -
ecc software implementation works with chunks of u64 data. There were some
unnecessary casts to u8 and then back to u64 for the ecc keys. This patch
removes the unnecessary casts.Signed-off-by: Tudor Ambarus
Signed-off-by: Herbert Xu -
Signed-off-by: Tudor Ambarus
Signed-off-by: Herbert Xu -
While here, add missing argument description (ndigits).
Signed-off-by: Tudor Ambarus
Signed-off-by: Herbert Xu
09 Mar, 2017
1 commit
-
Constify the buffer passed to crypto_kpp_set_secret() and
kpp_alg.set_secret, since it is never modified.Signed-off-by: Eric Biggers
Signed-off-by: Herbert Xu
24 Jun, 2016
1 commit
-
There is another ecdh_shared_secret in net/bluetooth/ecc.c
Fixes: 3c4b23901a0c ("crypto: ecdh - Add ECDH software support")
Signed-off-by: Stephen Rothwell
Signed-off-by: Herbert Xu
23 Jun, 2016
1 commit
-
* Implement ECDH under kpp API
* Provide ECC software support for curve P-192 and
P-256.
* Add kpp test for ECDH with data generated by OpenSSLSigned-off-by: Salvatore Benedetto
Signed-off-by: Herbert Xu
