Re: [PATCH v2 4/6] crypto: ecdsa: add ECDSA SW implementation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am Freitag, 3. Februar 2017, 16:42:53 CET schrieb Nitin Kumbhar:

Hi Nitin,

> +
> +int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
> +		      unsigned int keylen)
> +{
> +	struct ecdsa_ctx *ctx = ecdsa_get_ctx(tfm);
> +	struct ecdsa params;
> +	unsigned int ndigits;
> +	unsigned int nbytes;
> +	u8 *params_qx, *params_qy;
> +	u64 *ctx_qx, *ctx_qy;
> +	int err = 0;
> +
> +	if (crypto_ecdsa_parse_pub_key(key, keylen, &params))
> +		return -EINVAL;
> +
> +	ndigits = ecdsa_supported_curve(params.curve_id);
> +	if (!ndigits)
> +		return -EINVAL;
> +
> +	err = ecc_is_pub_key_valid(params.curve_id, ndigits,
> +				   params.key, params.key_size);
> +	if (err)
> +		return err;
> +
> +	ctx->curve_id = params.curve_id;
> +	ctx->ndigits = ndigits;
> +	nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
> +
> +	params_qx = params.key;
> +	params_qy = params_qx + ECC_MAX_DIGIT_BYTES;
> +
> +	ctx_qx = ctx->public_key;
> +	ctx_qy = ctx_qx + ECC_MAX_DIGITS;
> +
> +	vli_copy_from_buf(ctx_qx, ndigits, params_qx, nbytes);
> +	vli_copy_from_buf(ctx_qy, ndigits, params_qy, nbytes);
> +
> +	memset(&params, 0, sizeof(params));
> +	return 0;
> +}
> +
> +int ecdsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
> +		       unsigned int keylen)
> +{
> +	struct ecdsa_ctx *ctx = ecdsa_get_ctx(tfm);
> +	struct ecdsa params;
> +	unsigned int ndigits;
> +	unsigned int nbytes;
> +
> +	if (crypto_ecdsa_parse_priv_key(key, keylen, &params))
> +		return -EINVAL;
> +
> +	ndigits = ecdsa_supported_curve(params.curve_id);
> +	if (!ndigits)
> +		return -EINVAL;
> +
> +	ctx->curve_id = params.curve_id;
> +	ctx->ndigits = ndigits;
> +	nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
> +
> +	if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits,
> +			     (const u8 *)params.key, params.key_size) < 0)
> +		return -EINVAL;
> +
> +	vli_copy_from_buf(ctx->private_key, ndigits, params.key, nbytes);
> +
> +	memset(&params, 0, sizeof(params));

Please use memzero_explicit as otherwise this memset will be optimized away. I 
think it could be used for the set_pub_key too, but there we do not have 
sensitive data and thus it would not be strictly needed.

> +	return 0;
> +}


Ciao
Stephan
[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux