Message ID | 20220221121101.1615-6-nstange@suse.de (mailing list archive) |
---|---|
State | Accepted |
Delegated to: | Herbert Xu |
Headers | show |
Series | crypto: dh - infrastructure for NVM in-band auth and FIPS conformance | expand |
On 2/21/22 13:10, Nicolai Stange wrote: > A subsequent commit will introduce "dh" wrapping templates of the form > "ffdhe2048(dh)", "ffdhe3072(dh)" and so on in order to provide built-in > support for the well-known safe-prime ffdhe group parameters specified in > RFC 7919. > > Those templates' ->set_secret() will wrap the inner "dh" implementation's > ->set_secret() and set the ->p and ->g group parameters as appropriate on > the way inwards. More specifically, > - A ffdheXYZ(dh) user would call crypto_dh_encode() on a struct dh instance > having ->p == ->g == NULL as well as ->p_size == ->g_size == 0 and pass > the resulting buffer to the outer ->set_secret(). > - This outer ->set_secret() would then decode the struct dh via > crypto_dh_decode_key(), set ->p, ->g, ->p_size as well as ->g_size as > appropriate for the group in question and encode the struct dh again > before passing it further down to the inner "dh"'s ->set_secret(). > > The problem is that crypto_dh_decode_key() implements some basic checks > which would reject parameter sets with ->p_size == 0 and thus, the ffdheXYZ > templates' ->set_secret() cannot use it as-is for decoding the passed > buffer. As the inner "dh"'s ->set_secret() will eventually conduct said > checks on the final parameter set anyway, the outer ->set_secret() really > only needs the decoding functionality. > > Split out the pure struct dh decoding part from crypto_dh_decode_key() into > the new __crypto_dh_decode_key(). > > __crypto_dh_decode_key() gets defined in crypto/dh_helper.c, but will have > to get called from crypto/dh.c and thus, its declaration must be somehow > made available to the latter. Strictly speaking, __crypto_dh_decode_key() > is internal to the dh_generic module, yet it would be a bit over the top > to introduce a new header like e.g. include/crypto/internal/dh.h > containing just a single prototype. Add the __crypto_dh_decode_key() > declaration to include/crypto/dh.h instead. > > Provide a proper kernel-doc annotation, even though > __crypto_dh_decode_key() is purposedly not on the function list specified > in Documentation/crypto/api-kpp.rst. > > Signed-off-by: Nicolai Stange <nstange@suse.de> > --- > crypto/dh_helper.c | 27 +++++++++++++++++++-------- > include/crypto/dh.h | 16 ++++++++++++++++ > 2 files changed, 35 insertions(+), 8 deletions(-) > Reviewed-by: Hannes Reinecke <hare@suse.de> Cheers, Hannes
diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c index aabc91e4f63f..2d499879328b 100644 --- a/crypto/dh_helper.c +++ b/crypto/dh_helper.c @@ -63,7 +63,7 @@ int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params) } EXPORT_SYMBOL_GPL(crypto_dh_encode_key); -int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params) +int __crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params) { const u8 *ptr = buf; struct kpp_secret secret; @@ -81,6 +81,24 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params) if (secret.len != crypto_dh_key_len(params)) return -EINVAL; + /* Don't allocate memory. Set pointers to data within + * the given buffer + */ + params->key = (void *)ptr; + params->p = (void *)(ptr + params->key_size); + params->g = (void *)(ptr + params->key_size + params->p_size); + + return 0; +} + +int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params) +{ + int err; + + err = __crypto_dh_decode_key(buf, len, params); + if (err) + return err; + /* * Don't permit the buffer for 'key' or 'g' to be larger than 'p', since * some drivers assume otherwise. @@ -89,13 +107,6 @@ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params) params->g_size > params->p_size) return -EINVAL; - /* Don't allocate memory. Set pointers to data within - * the given buffer - */ - params->key = (void *)ptr; - params->p = (void *)(ptr + params->key_size); - params->g = (void *)(ptr + params->key_size + params->p_size); - /* * Don't permit 'p' to be 0. It's not a prime number, and it's subject * to corner cases such as 'mod 0' being undefined or diff --git a/include/crypto/dh.h b/include/crypto/dh.h index 67f3f6bca527..7b863e911cb4 100644 --- a/include/crypto/dh.h +++ b/include/crypto/dh.h @@ -79,4 +79,20 @@ int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params); */ int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params); +/** + * __crypto_dh_decode_key() - decode a private key without parameter checks + * @buf: Buffer holding a packet key that should be decoded + * @len: Length of the packet private key buffer + * @params: Buffer allocated by the caller that is filled with the + * unpacked DH private key. + * + * Internal function providing the same services as the exported + * crypto_dh_decode_key(), but without any of those basic parameter + * checks conducted by the latter. + * + * Return: -EINVAL if buffer has insufficient size, 0 on success + */ +int __crypto_dh_decode_key(const char *buf, unsigned int len, + struct dh *params); + #endif
A subsequent commit will introduce "dh" wrapping templates of the form "ffdhe2048(dh)", "ffdhe3072(dh)" and so on in order to provide built-in support for the well-known safe-prime ffdhe group parameters specified in RFC 7919. Those templates' ->set_secret() will wrap the inner "dh" implementation's ->set_secret() and set the ->p and ->g group parameters as appropriate on the way inwards. More specifically, - A ffdheXYZ(dh) user would call crypto_dh_encode() on a struct dh instance having ->p == ->g == NULL as well as ->p_size == ->g_size == 0 and pass the resulting buffer to the outer ->set_secret(). - This outer ->set_secret() would then decode the struct dh via crypto_dh_decode_key(), set ->p, ->g, ->p_size as well as ->g_size as appropriate for the group in question and encode the struct dh again before passing it further down to the inner "dh"'s ->set_secret(). The problem is that crypto_dh_decode_key() implements some basic checks which would reject parameter sets with ->p_size == 0 and thus, the ffdheXYZ templates' ->set_secret() cannot use it as-is for decoding the passed buffer. As the inner "dh"'s ->set_secret() will eventually conduct said checks on the final parameter set anyway, the outer ->set_secret() really only needs the decoding functionality. Split out the pure struct dh decoding part from crypto_dh_decode_key() into the new __crypto_dh_decode_key(). __crypto_dh_decode_key() gets defined in crypto/dh_helper.c, but will have to get called from crypto/dh.c and thus, its declaration must be somehow made available to the latter. Strictly speaking, __crypto_dh_decode_key() is internal to the dh_generic module, yet it would be a bit over the top to introduce a new header like e.g. include/crypto/internal/dh.h containing just a single prototype. Add the __crypto_dh_decode_key() declaration to include/crypto/dh.h instead. Provide a proper kernel-doc annotation, even though __crypto_dh_decode_key() is purposedly not on the function list specified in Documentation/crypto/api-kpp.rst. Signed-off-by: Nicolai Stange <nstange@suse.de> --- crypto/dh_helper.c | 27 +++++++++++++++++++-------- include/crypto/dh.h | 16 ++++++++++++++++ 2 files changed, 35 insertions(+), 8 deletions(-)