Commit | Line | Data |
---|---|---|
58771c1c SB |
1 | /* |
2 | * ECDH helper functions - KPP wrappings | |
3 | * | |
4 | * Copyright (C) 2017 Intel Corporation | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License version 2 as | |
8 | * published by the Free Software Foundation; | |
9 | * | |
10 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
11 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
12 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
13 | * IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
14 | * CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES | |
15 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
16 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
17 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
18 | * | |
19 | * ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, | |
20 | * COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
21 | * SOFTWARE IS DISCLAIMED. | |
22 | */ | |
23 | #include "ecdh_helper.h" | |
24 | ||
58771c1c SB |
25 | #include <linux/scatterlist.h> |
26 | #include <crypto/kpp.h> | |
27 | #include <crypto/ecdh.h> | |
28 | ||
29 | struct ecdh_completion { | |
30 | struct completion completion; | |
31 | int err; | |
32 | }; | |
33 | ||
34 | static void ecdh_complete(struct crypto_async_request *req, int err) | |
35 | { | |
36 | struct ecdh_completion *res = req->data; | |
37 | ||
38 | if (err == -EINPROGRESS) | |
39 | return; | |
40 | ||
41 | res->err = err; | |
42 | complete(&res->completion); | |
43 | } | |
44 | ||
45 | static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits) | |
46 | { | |
47 | int i; | |
48 | ||
49 | for (i = 0; i < ndigits; i++) | |
50 | out[i] = __swab64(in[ndigits - 1 - i]); | |
51 | } | |
52 | ||
53 | bool compute_ecdh_secret(const u8 public_key[64], const u8 private_key[32], | |
54 | u8 secret[32]) | |
55 | { | |
56 | struct crypto_kpp *tfm; | |
57 | struct kpp_request *req; | |
58 | struct ecdh p; | |
59 | struct ecdh_completion result; | |
60 | struct scatterlist src, dst; | |
763d9a30 | 61 | u8 *tmp, *buf; |
58771c1c SB |
62 | unsigned int buf_len; |
63 | int err = -ENOMEM; | |
64 | ||
763d9a30 SB |
65 | tmp = kmalloc(64, GFP_KERNEL); |
66 | if (!tmp) | |
67 | return false; | |
68 | ||
58771c1c SB |
69 | tfm = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); |
70 | if (IS_ERR(tfm)) { | |
71 | pr_err("alg: kpp: Failed to load tfm for kpp: %ld\n", | |
72 | PTR_ERR(tfm)); | |
763d9a30 | 73 | goto free_tmp; |
58771c1c SB |
74 | } |
75 | ||
76 | req = kpp_request_alloc(tfm, GFP_KERNEL); | |
77 | if (!req) | |
78 | goto free_kpp; | |
79 | ||
80 | init_completion(&result.completion); | |
81 | ||
82 | /* Security Manager Protocol holds digits in litte-endian order | |
83 | * while ECC API expect big-endian data | |
84 | */ | |
85 | swap_digits((u64 *)private_key, (u64 *)tmp, 4); | |
86 | p.key = (char *)tmp; | |
87 | p.key_size = 32; | |
88 | /* Set curve_id */ | |
89 | p.curve_id = ECC_CURVE_NIST_P256; | |
90 | buf_len = crypto_ecdh_key_len(&p); | |
91 | buf = kmalloc(buf_len, GFP_KERNEL); | |
5d4acfc1 | 92 | if (!buf) |
58771c1c | 93 | goto free_req; |
5d4acfc1 | 94 | |
58771c1c SB |
95 | crypto_ecdh_encode_key(buf, buf_len, &p); |
96 | ||
97 | /* Set A private Key */ | |
98 | err = crypto_kpp_set_secret(tfm, (void *)buf, buf_len); | |
99 | if (err) | |
100 | goto free_all; | |
101 | ||
102 | swap_digits((u64 *)public_key, (u64 *)tmp, 4); /* x */ | |
103 | swap_digits((u64 *)&public_key[32], (u64 *)&tmp[32], 4); /* y */ | |
104 | ||
105 | sg_init_one(&src, tmp, 64); | |
106 | sg_init_one(&dst, secret, 32); | |
107 | kpp_request_set_input(req, &src, 64); | |
108 | kpp_request_set_output(req, &dst, 32); | |
109 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
110 | ecdh_complete, &result); | |
111 | err = crypto_kpp_compute_shared_secret(req); | |
112 | if (err == -EINPROGRESS) { | |
113 | wait_for_completion(&result.completion); | |
114 | err = result.err; | |
115 | } | |
116 | if (err < 0) { | |
117 | pr_err("alg: ecdh: compute shared secret failed. err %d\n", | |
118 | err); | |
119 | goto free_all; | |
120 | } | |
121 | ||
122 | swap_digits((u64 *)secret, (u64 *)tmp, 4); | |
123 | memcpy(secret, tmp, 32); | |
124 | ||
125 | free_all: | |
126 | kzfree(buf); | |
127 | free_req: | |
128 | kpp_request_free(req); | |
129 | free_kpp: | |
130 | crypto_free_kpp(tfm); | |
763d9a30 SB |
131 | free_tmp: |
132 | kfree(tmp); | |
58771c1c SB |
133 | return (err == 0); |
134 | } | |
135 | ||
136 | bool generate_ecdh_keys(u8 public_key[64], u8 private_key[32]) | |
137 | { | |
138 | struct crypto_kpp *tfm; | |
139 | struct kpp_request *req; | |
140 | struct ecdh p; | |
141 | struct ecdh_completion result; | |
142 | struct scatterlist dst; | |
763d9a30 | 143 | u8 *tmp, *buf; |
58771c1c SB |
144 | unsigned int buf_len; |
145 | int err = -ENOMEM; | |
146 | const unsigned short max_tries = 16; | |
147 | unsigned short tries = 0; | |
148 | ||
763d9a30 SB |
149 | tmp = kmalloc(64, GFP_KERNEL); |
150 | if (!tmp) | |
151 | return false; | |
152 | ||
58771c1c SB |
153 | tfm = crypto_alloc_kpp("ecdh", CRYPTO_ALG_INTERNAL, 0); |
154 | if (IS_ERR(tfm)) { | |
155 | pr_err("alg: kpp: Failed to load tfm for kpp: %ld\n", | |
156 | PTR_ERR(tfm)); | |
763d9a30 | 157 | goto free_tmp; |
58771c1c SB |
158 | } |
159 | ||
160 | req = kpp_request_alloc(tfm, GFP_KERNEL); | |
161 | if (!req) | |
162 | goto free_kpp; | |
163 | ||
164 | init_completion(&result.completion); | |
165 | ||
166 | /* Set curve_id */ | |
167 | p.curve_id = ECC_CURVE_NIST_P256; | |
168 | p.key_size = 32; | |
169 | buf_len = crypto_ecdh_key_len(&p); | |
170 | buf = kmalloc(buf_len, GFP_KERNEL); | |
5d4acfc1 | 171 | if (!buf) |
58771c1c | 172 | goto free_req; |
58771c1c SB |
173 | |
174 | do { | |
175 | if (tries++ >= max_tries) | |
176 | goto free_all; | |
177 | ||
58771c1c SB |
178 | /* Set private Key */ |
179 | p.key = (char *)private_key; | |
180 | crypto_ecdh_encode_key(buf, buf_len, &p); | |
181 | err = crypto_kpp_set_secret(tfm, buf, buf_len); | |
182 | if (err) | |
183 | goto free_all; | |
184 | ||
185 | sg_init_one(&dst, tmp, 64); | |
f9583153 | 186 | kpp_request_set_input(req, NULL, 0); |
58771c1c SB |
187 | kpp_request_set_output(req, &dst, 64); |
188 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
189 | ecdh_complete, &result); | |
190 | ||
191 | err = crypto_kpp_generate_public_key(req); | |
192 | ||
193 | if (err == -EINPROGRESS) { | |
194 | wait_for_completion(&result.completion); | |
195 | err = result.err; | |
196 | } | |
197 | ||
198 | /* Private key is not valid. Regenerate */ | |
199 | if (err == -EINVAL) | |
200 | continue; | |
201 | ||
202 | if (err < 0) | |
203 | goto free_all; | |
204 | else | |
205 | break; | |
206 | ||
207 | } while (true); | |
208 | ||
209 | /* Keys are handed back in little endian as expected by Security | |
210 | * Manager Protocol | |
211 | */ | |
212 | swap_digits((u64 *)tmp, (u64 *)public_key, 4); /* x */ | |
213 | swap_digits((u64 *)&tmp[32], (u64 *)&public_key[32], 4); /* y */ | |
214 | swap_digits((u64 *)private_key, (u64 *)tmp, 4); | |
215 | memcpy(private_key, tmp, 32); | |
216 | ||
217 | free_all: | |
218 | kzfree(buf); | |
219 | free_req: | |
220 | kpp_request_free(req); | |
221 | free_kpp: | |
222 | crypto_free_kpp(tfm); | |
763d9a30 SB |
223 | free_tmp: |
224 | kfree(tmp); | |
58771c1c SB |
225 | return (err == 0); |
226 | } |