mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-01 02:36:02 +00:00
crypto: ecrdsa - Migrate to sig_alg backend
A sig_alg backend has just been introduced with the intent of moving all asymmetric sign/verify algorithms to it one by one. Migrate ecrdsa.c to the new backend. One benefit of the new API is the use of kernel buffers instead of sglists, which avoids the overhead of copying signature and digest sglists back into kernel buffers. ecrdsa.c is thus simplified quite a bit. Signed-off-by: Lukas Wunner <lukas@wunner.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
This commit is contained in:
parent
ef132350a3
commit
ae117924b2
@ -302,7 +302,7 @@ config CRYPTO_ECDSA
|
||||
config CRYPTO_ECRDSA
|
||||
tristate "EC-RDSA (Elliptic Curve Russian Digital Signature Algorithm)"
|
||||
select CRYPTO_ECC
|
||||
select CRYPTO_AKCIPHER
|
||||
select CRYPTO_SIG
|
||||
select CRYPTO_STREEBOG
|
||||
select OID_REGISTRY
|
||||
select ASN1
|
||||
|
@ -18,12 +18,11 @@
|
||||
|
||||
#include <linux/module.h>
|
||||
#include <linux/crypto.h>
|
||||
#include <crypto/sig.h>
|
||||
#include <crypto/streebog.h>
|
||||
#include <crypto/internal/akcipher.h>
|
||||
#include <crypto/internal/ecc.h>
|
||||
#include <crypto/akcipher.h>
|
||||
#include <crypto/internal/sig.h>
|
||||
#include <linux/oid_registry.h>
|
||||
#include <linux/scatterlist.h>
|
||||
#include "ecrdsa_params.asn1.h"
|
||||
#include "ecrdsa_pub_key.asn1.h"
|
||||
#include "ecrdsa_defs.h"
|
||||
@ -68,13 +67,12 @@ static const struct ecc_curve *get_curve_by_oid(enum OID oid)
|
||||
}
|
||||
}
|
||||
|
||||
static int ecrdsa_verify(struct akcipher_request *req)
|
||||
static int ecrdsa_verify(struct crypto_sig *tfm,
|
||||
const void *src, unsigned int slen,
|
||||
const void *digest, unsigned int dlen)
|
||||
{
|
||||
struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
|
||||
struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
|
||||
unsigned char sig[ECRDSA_MAX_SIG_SIZE];
|
||||
unsigned char digest[STREEBOG512_DIGEST_SIZE];
|
||||
unsigned int ndigits = req->dst_len / sizeof(u64);
|
||||
struct ecrdsa_ctx *ctx = crypto_sig_ctx(tfm);
|
||||
unsigned int ndigits = dlen / sizeof(u64);
|
||||
u64 r[ECRDSA_MAX_DIGITS]; /* witness (r) */
|
||||
u64 _r[ECRDSA_MAX_DIGITS]; /* -r */
|
||||
u64 s[ECRDSA_MAX_DIGITS]; /* second part of sig (s) */
|
||||
@ -91,25 +89,19 @@ static int ecrdsa_verify(struct akcipher_request *req)
|
||||
*/
|
||||
if (!ctx->curve ||
|
||||
!ctx->digest ||
|
||||
!req->src ||
|
||||
!src ||
|
||||
!digest ||
|
||||
!ctx->pub_key.x ||
|
||||
req->dst_len != ctx->digest_len ||
|
||||
req->dst_len != ctx->curve->g.ndigits * sizeof(u64) ||
|
||||
dlen != ctx->digest_len ||
|
||||
dlen != ctx->curve->g.ndigits * sizeof(u64) ||
|
||||
ctx->pub_key.ndigits != ctx->curve->g.ndigits ||
|
||||
req->dst_len * 2 != req->src_len ||
|
||||
WARN_ON(req->src_len > sizeof(sig)) ||
|
||||
WARN_ON(req->dst_len > sizeof(digest)))
|
||||
dlen * 2 != slen ||
|
||||
WARN_ON(slen > ECRDSA_MAX_SIG_SIZE) ||
|
||||
WARN_ON(dlen > STREEBOG512_DIGEST_SIZE))
|
||||
return -EBADMSG;
|
||||
|
||||
sg_copy_to_buffer(req->src, sg_nents_for_len(req->src, req->src_len),
|
||||
sig, req->src_len);
|
||||
sg_pcopy_to_buffer(req->src,
|
||||
sg_nents_for_len(req->src,
|
||||
req->src_len + req->dst_len),
|
||||
digest, req->dst_len, req->src_len);
|
||||
|
||||
vli_from_be64(s, sig, ndigits);
|
||||
vli_from_be64(r, sig + ndigits * sizeof(u64), ndigits);
|
||||
vli_from_be64(s, src, ndigits);
|
||||
vli_from_be64(r, src + ndigits * sizeof(u64), ndigits);
|
||||
|
||||
/* Step 1: verify that 0 < r < q, 0 < s < q */
|
||||
if (vli_is_zero(r, ndigits) ||
|
||||
@ -188,10 +180,10 @@ static u8 *ecrdsa_unpack_u32(u32 *dst, void *src)
|
||||
}
|
||||
|
||||
/* Parse BER encoded subjectPublicKey. */
|
||||
static int ecrdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
|
||||
static int ecrdsa_set_pub_key(struct crypto_sig *tfm, const void *key,
|
||||
unsigned int keylen)
|
||||
{
|
||||
struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
|
||||
struct ecrdsa_ctx *ctx = crypto_sig_ctx(tfm);
|
||||
unsigned int ndigits;
|
||||
u32 algo, paramlen;
|
||||
u8 *params;
|
||||
@ -249,9 +241,9 @@ static int ecrdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
|
||||
return 0;
|
||||
}
|
||||
|
||||
static unsigned int ecrdsa_max_size(struct crypto_akcipher *tfm)
|
||||
static unsigned int ecrdsa_max_size(struct crypto_sig *tfm)
|
||||
{
|
||||
struct ecrdsa_ctx *ctx = akcipher_tfm_ctx(tfm);
|
||||
struct ecrdsa_ctx *ctx = crypto_sig_ctx(tfm);
|
||||
|
||||
/*
|
||||
* Verify doesn't need any output, so it's just informational
|
||||
@ -260,11 +252,11 @@ static unsigned int ecrdsa_max_size(struct crypto_akcipher *tfm)
|
||||
return ctx->pub_key.ndigits * sizeof(u64);
|
||||
}
|
||||
|
||||
static void ecrdsa_exit_tfm(struct crypto_akcipher *tfm)
|
||||
static void ecrdsa_exit_tfm(struct crypto_sig *tfm)
|
||||
{
|
||||
}
|
||||
|
||||
static struct akcipher_alg ecrdsa_alg = {
|
||||
static struct sig_alg ecrdsa_alg = {
|
||||
.verify = ecrdsa_verify,
|
||||
.set_pub_key = ecrdsa_set_pub_key,
|
||||
.max_size = ecrdsa_max_size,
|
||||
@ -280,12 +272,12 @@ static struct akcipher_alg ecrdsa_alg = {
|
||||
|
||||
static int __init ecrdsa_mod_init(void)
|
||||
{
|
||||
return crypto_register_akcipher(&ecrdsa_alg);
|
||||
return crypto_register_sig(&ecrdsa_alg);
|
||||
}
|
||||
|
||||
static void __exit ecrdsa_mod_fini(void)
|
||||
{
|
||||
crypto_unregister_akcipher(&ecrdsa_alg);
|
||||
crypto_unregister_sig(&ecrdsa_alg);
|
||||
}
|
||||
|
||||
module_init(ecrdsa_mod_init);
|
||||
|
@ -5268,9 +5268,9 @@ static const struct alg_test_desc alg_test_descs[] = {
|
||||
}
|
||||
}, {
|
||||
.alg = "ecrdsa",
|
||||
.test = alg_test_akcipher,
|
||||
.test = alg_test_sig,
|
||||
.suite = {
|
||||
.akcipher = __VECS(ecrdsa_tv_template)
|
||||
.sig = __VECS(ecrdsa_tv_template)
|
||||
}
|
||||
}, {
|
||||
.alg = "essiv(authenc(hmac(sha256),cbc(aes)),sha256)",
|
||||
|
@ -1119,7 +1119,7 @@ static const struct sig_testvec ecdsa_nist_p521_tv_template[] = {
|
||||
/*
|
||||
* EC-RDSA test vectors are generated by gost-engine.
|
||||
*/
|
||||
static const struct akcipher_testvec ecrdsa_tv_template[] = {
|
||||
static const struct sig_testvec ecrdsa_tv_template[] = {
|
||||
{
|
||||
.key =
|
||||
"\x04\x40\xd5\xa7\x77\xf9\x26\x2f\x8c\xbd\xcc\xe3\x1f\x01\x94\x05"
|
||||
@ -1144,7 +1144,6 @@ static const struct akcipher_testvec ecrdsa_tv_template[] = {
|
||||
"\x79\xd2\x76\x64\xa3\xbd\x66\x10\x79\x05\x5a\x06\x42\xec\xb9\xc9",
|
||||
.m_size = 32,
|
||||
.public_key_vec = true,
|
||||
.siggen_sigver_test = true,
|
||||
},
|
||||
{
|
||||
.key =
|
||||
@ -1170,7 +1169,6 @@ static const struct akcipher_testvec ecrdsa_tv_template[] = {
|
||||
"\x11\x23\x4a\x70\x43\x52\x7a\x68\x11\x65\x45\x37\xbb\x25\xb7\x40",
|
||||
.m_size = 32,
|
||||
.public_key_vec = true,
|
||||
.siggen_sigver_test = true,
|
||||
},
|
||||
{
|
||||
.key =
|
||||
@ -1196,7 +1194,6 @@ static const struct akcipher_testvec ecrdsa_tv_template[] = {
|
||||
"\x9f\x16\xc6\x1c\xb1\x3f\x84\x41\x69\xec\x34\xfd\xf1\xf9\xa3\x39",
|
||||
.m_size = 32,
|
||||
.public_key_vec = true,
|
||||
.siggen_sigver_test = true,
|
||||
},
|
||||
{
|
||||
.key =
|
||||
@ -1231,7 +1228,6 @@ static const struct akcipher_testvec ecrdsa_tv_template[] = {
|
||||
"\xa8\xf6\x80\x01\xb9\x27\xac\xd8\x45\x96\x66\xa1\xee\x48\x08\x3f",
|
||||
.m_size = 64,
|
||||
.public_key_vec = true,
|
||||
.siggen_sigver_test = true,
|
||||
},
|
||||
{
|
||||
.key =
|
||||
@ -1266,7 +1262,6 @@ static const struct akcipher_testvec ecrdsa_tv_template[] = {
|
||||
"\x6d\xf4\xd2\x45\xc2\x83\xa0\x42\x95\x05\x9d\x89\x8e\x0a\xca\xcc",
|
||||
.m_size = 64,
|
||||
.public_key_vec = true,
|
||||
.siggen_sigver_test = true,
|
||||
},
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user