From patchwork Thu Oct 17 19:09:26 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ard Biesheuvel X-Patchwork-Id: 176718 Delivered-To: patch@linaro.org Received: by 2002:a92:7e96:0:0:0:0:0 with SMTP id q22csp1360345ill; Thu, 17 Oct 2019 12:10:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqxtcfLZz0AqwLVLT8X1yQ4QQvNww6AnyNYM400kZb0C3QhEvDHGG/ct8f/Ta8KW+/tVHvNj X-Received: by 2002:a17:906:70c7:: with SMTP id g7mr5169098ejk.9.1571339446109; Thu, 17 Oct 2019 12:10:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571339446; cv=none; d=google.com; s=arc-20160816; b=H6Oh5AGb2tq+l/ogR6Kbax9ZiuJdEou+DG8bGvrn9o7ph3+QcJfb33d6HkBBhYSNAh EJHmDZUEfXnFrgatnTC8GO+d/IY1R+vO0DO2GNJ5oz8p6Ny/d7ATFAxXzBFj5g97ZrYV /Xou/H1vWQxsUHyfsGG1NQED5KqclRFiDobOmZBEriQIiUahzZNvYHQ9oJ11A1OKJd4a 67lUH5R3CuSPO2NP2yFW9PTn8CEm2hn6la9z2rYlbGaIrQyAX5rSSONdnCfvGTB3alo1 ePOMFR4Xqof/B+c5hcdQuulLYOQaFJqzTupCWJpV1EO98uIJdDK7AcdEggvzUDeIKqbd kK4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=yKl79+kaP0xH/w2JKqyPRO+ZyNZ4Omsm0yfmDUcEZAU=; b=RZozYtwtlCsqE2yEXNtHXuY8t8tEbaOglyp8Z+gsad0p9W/GWEL2+osd6Nv2iRAUyX 7tb6N3RCL4fEnf7WaX4vFnAcogNp17rmUhfa+Zdc3CejrFlGHtI2jvoabKCf088tACUn 4sH+fD0H+/B548u1GbPc1V2J7G8NvIgEkLj1LAJWQHnS6Jf/a+vpZ8SXphJvnQ+qtAsu 7LrEftpMPRGm8VjiUeeQlnl79cuylgwODOX+8nAtgf2Im1K5YY7mie74mTM7lHFABQhe MHWXG3ZEZCuWLx8ecddeMZ2yNy1SiuWzpr1Yw/Jw3/nUnwJpGczH4pbnYbVeU2LZcGwJ QV0Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LRMO86YY; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e31si2292605ede.199.2019.10.17.12.10.45; Thu, 17 Oct 2019 12:10:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=LRMO86YY; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2503407AbfJQTKp (ORCPT + 3 others); Thu, 17 Oct 2019 15:10:45 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:37798 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2503396AbfJQTKp (ORCPT ); Thu, 17 Oct 2019 15:10:45 -0400 Received: by mail-wm1-f66.google.com with SMTP id f22so3684473wmc.2 for ; Thu, 17 Oct 2019 12:10:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=yKl79+kaP0xH/w2JKqyPRO+ZyNZ4Omsm0yfmDUcEZAU=; b=LRMO86YY9JebVhHKaWJXLxasJczUY89pzRMJMlNFjEPds20yUbU8gNDzuHGSH1qKYr epTcLg5UF3k1RlkgQn9iBxLZ040s9Cr7wey0gPRcbC2rHofoHzBzIQWOcv0kn6EvGBXK aX/2phyKWlAv6g6sN0ZJZAGZ2p0hmPT/udRbgNSFRKDLMb+MNf355Dj64MT+Q4Z5Xb6T YbFSI0J8vo40tTG9B7ir7XjBj3eC030CU+IOoaFMror1RqkOC/D9Ps9/aGEWHWTCLBvp Z9P0Mqu0mSn3FgK1xvtqokYcpTDQOElQHQwaCQieRHpxdmJevt64zXRpipze9r6PvX/W ib0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yKl79+kaP0xH/w2JKqyPRO+ZyNZ4Omsm0yfmDUcEZAU=; b=dwEMOvtXPaWx2oZaFP7ZMRLta8Tre/rMoXtljy+RA6rpGzUk7Gvwq77G+HOKs/EPXI HHpTACxadubHts2wn1oLeAJHLEo8wHsml5UDnWXh5SbV6jGRc7jIawuUgS5tQUdkebHb y7BPJIr8xTEp9QShPT43dUMeZWQ9l8X0Oy5gFzxVGHII67XlJ4OJqq8z4tdXdWcyjbq2 ilwXiq7ZK9fCUz+2aaL2R9IjyGEDM4PSP6C82TvkLxecfrma9OxUcA6abVh0YQxrVTFC jQPf6AvGMfZtA/uZ3dBveWoqilz2FElqOJFFt5iB6sOnD2/lfCHr2xUBI+WRTe2jSpmf 4H6Q== X-Gm-Message-State: APjAAAX5llv8TjvIytqQXFXXy+qvpS0XVQGRIrNfd0069ldLmJHDwjUf er5YlL1Smbh62lPrxmfp6XA7u6Bmzr/YNKc+ X-Received: by 2002:a1c:2d54:: with SMTP id t81mr4344803wmt.167.1571339442186; Thu, 17 Oct 2019 12:10:42 -0700 (PDT) Received: from sudo.home ([2a01:cb1d:112:6f00:ccb6:e9d4:c1bc:d107]) by smtp.gmail.com with ESMTPSA id y3sm5124528wro.36.2019.10.17.12.10.41 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 17 Oct 2019 12:10:41 -0700 (PDT) From: Ard Biesheuvel To: linux-crypto@vger.kernel.org Cc: Ard Biesheuvel , Herbert Xu , David Miller , "Jason A . Donenfeld" , Samuel Neves , Arnd Bergmann , Eric Biggers , Andy Lutomirski , Martin Willi , Rene van Dorst , David Sterba Subject: [PATCH v4 29/35] crypto: curve25519 - implement generic KPP driver Date: Thu, 17 Oct 2019 21:09:26 +0200 Message-Id: <20191017190932.1947-30-ard.biesheuvel@linaro.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191017190932.1947-1-ard.biesheuvel@linaro.org> References: <20191017190932.1947-1-ard.biesheuvel@linaro.org> MIME-Version: 1.0 Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Expose the generic Curve25519 library via the crypto API KPP interface. Signed-off-by: Ard Biesheuvel --- crypto/Kconfig | 5 ++ crypto/Makefile | 1 + crypto/curve25519-generic.c | 93 ++++++++++++++++++++ 3 files changed, 99 insertions(+) -- 2.20.1 diff --git a/crypto/Kconfig b/crypto/Kconfig index ff077dd3a7b7..b83088e6a8e6 100644 --- a/crypto/Kconfig +++ b/crypto/Kconfig @@ -264,6 +264,11 @@ config CRYPTO_ECRDSA standard algorithms (called GOST algorithms). Only signature verification is implemented. +config CRYPTO_CURVE25519 + tristate "Curve25519 algorithm" + select CRYPTO_KPP + select CRYPTO_LIB_CURVE25519_GENERIC + comment "Authenticated Encryption with Associated Data" config CRYPTO_CCM diff --git a/crypto/Makefile b/crypto/Makefile index ecc69a726460..1e6cea469a4a 100644 --- a/crypto/Makefile +++ b/crypto/Makefile @@ -167,6 +167,7 @@ obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o obj-$(CONFIG_CRYPTO_OFB) += ofb.o obj-$(CONFIG_CRYPTO_ECC) += ecc.o obj-$(CONFIG_CRYPTO_ESSIV) += essiv.o +obj-$(CONFIG_CRYPTO_CURVE25519) += curve25519-generic.o ecdh_generic-y += ecdh.o ecdh_generic-y += ecdh_helper.o diff --git a/crypto/curve25519-generic.c b/crypto/curve25519-generic.c new file mode 100644 index 000000000000..0f4cd6347e3b --- /dev/null +++ b/crypto/curve25519-generic.c @@ -0,0 +1,93 @@ +// SPDX-License-Identifier: GPL-2.0-or-later + +#include +#include +#include +#include +#include + +static int curve25519_set_secret(struct crypto_kpp *tfm, const void *buf, + unsigned int len) +{ + u8 *secret = kpp_tfm_ctx(tfm); + + if (!len) + curve25519_generate_secret(secret); + else if (len == CURVE25519_KEY_SIZE && + crypto_memneq(buf, curve25519_null_point, CURVE25519_KEY_SIZE)) + memcpy(secret, buf, CURVE25519_KEY_SIZE); + else + return -EINVAL; + return 0; +} + +static int curve25519_compute_value(struct kpp_request *req) +{ + struct crypto_kpp *tfm = crypto_kpp_reqtfm(req); + const u8 *secret = kpp_tfm_ctx(tfm); + u8 public_key[CURVE25519_KEY_SIZE]; + u8 buf[CURVE25519_KEY_SIZE]; + int copied, nbytes; + u8 const *bp; + + if (req->src) { + copied = sg_copy_to_buffer(req->src, + sg_nents_for_len(req->src, + CURVE25519_KEY_SIZE), + public_key, CURVE25519_KEY_SIZE); + if (copied != CURVE25519_KEY_SIZE) + return -EINVAL; + bp = public_key; + } else { + bp = curve25519_base_point; + } + + curve25519_generic(buf, secret, bp); + + if (!crypto_memneq(buf, curve25519_null_point, CURVE25519_KEY_SIZE)) + return -EKEYREJECTED; + + /* might want less than we've got */ + nbytes = min_t(size_t, CURVE25519_KEY_SIZE, req->dst_len); + copied = sg_copy_from_buffer(req->dst, sg_nents_for_len(req->dst, + nbytes), + buf, nbytes); + if (copied != nbytes) + return -EINVAL; + return 0; +} + +static unsigned int curve25519_max_size(struct crypto_kpp *tfm) +{ + return CURVE25519_KEY_SIZE; +} + +static struct kpp_alg curve25519_alg = { + .base.cra_name = "curve25519", + .base.cra_driver_name = "curve25519-generic", + .base.cra_priority = 100, + .base.cra_module = THIS_MODULE, + .base.cra_ctxsize = CURVE25519_KEY_SIZE, + + .set_secret = curve25519_set_secret, + .generate_public_key = curve25519_compute_value, + .compute_shared_secret = curve25519_compute_value, + .max_size = curve25519_max_size, +}; + +static int curve25519_init(void) +{ + return crypto_register_kpp(&curve25519_alg); +} + +static void curve25519_exit(void) +{ + crypto_unregister_kpp(&curve25519_alg); +} + +subsys_initcall(curve25519_init); +module_exit(curve25519_exit); + +MODULE_ALIAS_CRYPTO("curve25519"); +MODULE_ALIAS_CRYPTO("curve25519-generic"); +MODULE_LICENSE("GPL");