crypto: ecc - make ecc into separate module

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

ecc.c have algorithms that could be used togeter by ecdh and ecrdsa.
Make it separate module. Add CRYPTO_ECC into Kconfig. EXPORT_SYMBOL and
document to what seems appropriate. Move structs ecc_point and ecc_curve
from ecc_curve_defs.h into ecc.h.

No code changes.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

authored by

Vitaly Chikunov and committed by

Herbert Xu 7 years ago 4a2289da 3d6228a5

+122 -23

5 changed files

expand all

crypto

Kconfig

Makefile

ecc.c

ecc.h

ecc_curve_defs.h

crypto/Kconfig

··· 248 248 help 249 249 Generic implementation of the Diffie-Hellman algorithm. 250 250 251 + config CRYPTO_ECC 252 + tristate 253 + 251 254 config CRYPTO_ECDH 252 255 tristate "ECDH algorithm" 256 + select CRYPTO_ECC 253 257 select CRYPTO_KPP 254 258 select CRYPTO_RNG_DEFAULT 255 259 help

+1 -1

crypto/Makefile

··· 147 147 obj-$(CONFIG_CRYPTO_USER_API_AEAD) += algif_aead.o 148 148 obj-$(CONFIG_CRYPTO_ZSTD) += zstd.o 149 149 obj-$(CONFIG_CRYPTO_OFB) += ofb.o 150 + obj-$(CONFIG_CRYPTO_ECC) += ecc.o 150 151 151 - ecdh_generic-y := ecc.o 152 152 ecdh_generic-y += ecdh.o 153 153 ecdh_generic-y += ecdh_helper.o 154 154 obj-$(CONFIG_CRYPTO_ECDH) += ecdh_generic.o

+18 -7

crypto/ecc.c

··· 24 24 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 25 25 */ 26 26 27 + #include <linux/module.h> 27 28 #include <linux/random.h> 28 29 #include <linux/slab.h> 29 30 #include <linux/swab.h> ··· 113 112 } 114 113 115 114 /* Returns true if vli == 0, false otherwise. */ 116 - static bool vli_is_zero(const u64 *vli, unsigned int ndigits) 115 + bool vli_is_zero(const u64 *vli, unsigned int ndigits) 117 116 { 118 117 int i; 119 118 ··· 124 123 125 124 return true; 126 125 } 126 + EXPORT_SYMBOL(vli_is_zero); 127 127 128 128 /* Returns nonzero if bit bit of vli is set. */ 129 129 static u64 vli_test_bit(const u64 *vli, unsigned int bit) ··· 173 171 } 174 172 175 173 /* Returns sign of left - right. */ 176 - static int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits) 174 + int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits) 177 175 { 178 176 int i; 179 177 ··· 186 184 187 185 return 0; 188 186 } 187 + EXPORT_SYMBOL(vli_cmp); 189 188 190 189 /* Computes result = in << c, returning carry. Can modify in place 191 190 * (if result == in). 0 < shift < 64. ··· 243 240 } 244 241 245 242 /* Computes result = left - right, returning borrow. Can modify in place. */ 246 - static u64 vli_sub(u64 *result, const u64 *left, const u64 *right, 243 + u64 vli_sub(u64 *result, const u64 *left, const u64 *right, 247 244 unsigned int ndigits) 248 245 { 249 246 u64 borrow = 0; ··· 261 258 262 259 return borrow; 263 260 } 261 + EXPORT_SYMBOL(vli_sub); 264 262 265 263 static uint128_t mul_64_64(u64 left, u64 right) 266 264 { ··· 561 557 * See "From Euclid's GCD to Montgomery Multiplication to the Great Divide" 562 558 * https://labs.oracle.com/techrep/2001/smli_tr-2001-95.pdf 563 559 */ 564 - static void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod, 560 + void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod, 565 561 unsigned int ndigits) 566 562 { 567 563 u64 a[ECC_MAX_DIGITS], b[ECC_MAX_DIGITS]; ··· 634 630 635 631 vli_set(result, u, ndigits); 636 632 } 633 + EXPORT_SYMBOL(vli_mod_inv); 637 634 638 635 /* ------ Point operations ------ */ 639 636 ··· 953 948 954 949 return __ecc_is_key_valid(curve, private_key, ndigits); 955 950 } 951 + EXPORT_SYMBOL(ecc_is_key_valid); 956 952 957 953 /* 958 954 * ECC private keys are generated using the method of extra random bits, ··· 1006 1000 1007 1001 return 0; 1008 1002 } 1003 + EXPORT_SYMBOL(ecc_gen_privkey); 1009 1004 1010 1005 int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits, 1011 1006 const u64 *private_key, u64 *public_key) ··· 1043 1036 out: 1044 1037 return ret; 1045 1038 } 1039 + EXPORT_SYMBOL(ecc_make_pub_key); 1046 1040 1047 1041 /* SP800-56A section 5.6.2.3.4 partial verification: ephemeral keys only */ 1048 - static int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve, 1049 - struct ecc_point *pk) 1042 + int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve, 1043 + struct ecc_point *pk) 1050 1044 { 1051 1045 u64 yy[ECC_MAX_DIGITS], xxx[ECC_MAX_DIGITS], w[ECC_MAX_DIGITS]; 1052 1046 ··· 1072 1064 return -EINVAL; 1073 1065 1074 1066 return 0; 1075 - 1076 1067 } 1068 + EXPORT_SYMBOL(ecc_is_pubkey_valid_partial); 1077 1069 1078 1070 int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, 1079 1071 const u64 *private_key, const u64 *public_key, ··· 1129 1121 out: 1130 1122 return ret; 1131 1123 } 1124 + EXPORT_SYMBOL(crypto_ecdh_shared_secret); 1125 + 1126 + MODULE_LICENSE("Dual BSD/GPL");

+99

crypto/ecc.h

··· 33 33 #define ECC_DIGITS_TO_BYTES_SHIFT 3 34 34 35 35 /** 36 + * struct ecc_point - elliptic curve point in affine coordinates 37 + * 38 + * @x: X coordinate in vli form. 39 + * @y: Y coordinate in vli form. 40 + * @ndigits: Length of vlis in u64 qwords. 41 + */ 42 + struct ecc_point { 43 + u64 *x; 44 + u64 *y; 45 + u8 ndigits; 46 + }; 47 + 48 + /** 49 + * struct ecc_curve - definition of elliptic curve 50 + * 51 + * @name: Short name of the curve. 52 + * @g: Generator point of the curve. 53 + * @p: Prime number, if Barrett's reduction is used for this curve 54 + * pre-calculated value 'mu' is appended to the @p after ndigits. 55 + * Use of Barrett's reduction is heuristically determined in 56 + * vli_mmod_fast(). 57 + * @n: Order of the curve group. 58 + * @a: Curve parameter a. 59 + * @b: Curve parameter b. 60 + */ 61 + struct ecc_curve { 62 + char *name; 63 + struct ecc_point g; 64 + u64 *p; 65 + u64 *n; 66 + u64 *a; 67 + u64 *b; 68 + }; 69 + 70 + /** 36 71 * ecc_is_key_valid() - Validate a given ECDH private key 37 72 * 38 73 * @curve_id: id representing the curve to use ··· 126 91 int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, 127 92 const u64 *private_key, const u64 *public_key, 128 93 u64 *secret); 94 + 95 + /** 96 + * ecc_is_pubkey_valid_partial() - Partial public key validation 97 + * 98 + * @curve: elliptic curve domain parameters 99 + * @pk: public key as a point 100 + * 101 + * Valdiate public key according to SP800-56A section 5.6.2.3.4 ECC Partial 102 + * Public-Key Validation Routine. 103 + * 104 + * Note: There is no check that the public key is in the correct elliptic curve 105 + * subgroup. 106 + * 107 + * Return: 0 if validation is successful, -EINVAL if validation is failed. 108 + */ 109 + int ecc_is_pubkey_valid_partial(const struct ecc_curve *curve, 110 + struct ecc_point *pk); 111 + 112 + /** 113 + * vli_is_zero() - Determine is vli is zero 114 + * 115 + * @vli: vli to check. 116 + * @ndigits: length of the @vli 117 + */ 118 + bool vli_is_zero(const u64 *vli, unsigned int ndigits); 119 + 120 + /** 121 + * vli_cmp() - compare left and right vlis 122 + * 123 + * @left: vli 124 + * @right: vli 125 + * @ndigits: length of both vlis 126 + * 127 + * Returns sign of @left - @right, i.e. -1 if @left < @right, 128 + * 0 if @left == @right, 1 if @left > @right. 129 + */ 130 + int vli_cmp(const u64 *left, const u64 *right, unsigned int ndigits); 131 + 132 + /** 133 + * vli_sub() - Subtracts right from left 134 + * 135 + * @result: where to write result 136 + * @left: vli 137 + * @right vli 138 + * @ndigits: length of all vlis 139 + * 140 + * Note: can modify in-place. 141 + * 142 + * Return: carry bit. 143 + */ 144 + u64 vli_sub(u64 *result, const u64 *left, const u64 *right, 145 + unsigned int ndigits); 146 + 147 + /** 148 + * vli_mod_inv() - Modular inversion 149 + * 150 + * @result: where to write vli number 151 + * @input: vli value to operate on 152 + * @mod: modulus 153 + * @ndigits: length of all vlis 154 + */ 155 + void vli_mod_inv(u64 *result, const u64 *input, const u64 *mod, 156 + unsigned int ndigits); 157 + 129 158 #endif

-15

crypto/ecc_curve_defs.h

··· 2 2 #ifndef _CRYTO_ECC_CURVE_DEFS_H 3 3 #define _CRYTO_ECC_CURVE_DEFS_H 4 4 5 - struct ecc_point { 6 - u64 *x; 7 - u64 *y; 8 - u8 ndigits; 9 - }; 10 - 11 - struct ecc_curve { 12 - char *name; 13 - struct ecc_point g; 14 - u64 *p; 15 - u64 *n; 16 - u64 *a; 17 - u64 *b; 18 - }; 19 - 20 5 /* NIST P-192: a = p - 3 */ 21 6 static u64 nist_p192_g_x[] = { 0xF4FF0AFD82FF1012ull, 0x7CBF20EB43A18800ull, 22 7 0x188DA80EB03090F6ull };