The support for NVME in-band authentication currently in the works ([1]) needs to generate ephemeral DH keys. Make dh-generic's ->set_secret() to generate an ephemeral key via the recently added crypto_dh_gen_privkey() in case the input ->key_size is zero. Note that this behaviour is in analogy to ecdh's ->set_secret(). [1] https://lkml.kernel.org/r/20211122074727.25988-4-hare@xxxxxxx Signed-off-by: Nicolai Stange <nstange@xxxxxxx> Reviewed-by: Hannes Reinecke <hare@xxxxxxx> --- crypto/dh.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/crypto/dh.c b/crypto/dh.c index 131b80064cb1..2e49b114e038 100644 --- a/crypto/dh.c +++ b/crypto/dh.c @@ -71,25 +71,41 @@ static int dh_set_secret(struct crypto_kpp *tfm, const void *buf, { struct dh_ctx *ctx = dh_get_ctx(tfm); struct dh params; + char key[CRYPTO_DH_MAX_PRIVKEY_SIZE]; + int err; /* Free the old MPI key if any */ dh_clear_ctx(ctx); - if (crypto_dh_decode_key(buf, len, ¶ms) < 0) + err = crypto_dh_decode_key(buf, len, ¶ms); + if (err) goto err_clear_ctx; - if (dh_set_params(ctx, ¶ms) < 0) + if (!params.key_size) { + err = crypto_dh_gen_privkey(params.group_id, key, + ¶ms.key_size); + if (err) + goto err_clear_ctx; + params.key = key; + } + + err = dh_set_params(ctx, ¶ms); + if (err) goto err_clear_ctx; ctx->xa = mpi_read_raw_data(params.key, params.key_size); - if (!ctx->xa) + if (!ctx->xa) { + err = -EINVAL; goto err_clear_ctx; + } + + memzero_explicit(key, sizeof(key)); return 0; err_clear_ctx: dh_clear_ctx(ctx); - return -EINVAL; + return err; } /* -- 2.26.2
