Commit | Line | Data |
---|---|---|
58771c1c SB |
1 | /* |
2 | * ECDH helper functions - KPP wrappings | |
3 | * | |
4 | * Copyright (C) 2017 Intel Corporation | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License version 2 as | |
8 | * published by the Free Software Foundation; | |
9 | * | |
10 | * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS | |
11 | * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
12 | * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. | |
13 | * IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY | |
14 | * CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES | |
15 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
16 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
17 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
18 | * | |
19 | * ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS, | |
20 | * COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS | |
21 | * SOFTWARE IS DISCLAIMED. | |
22 | */ | |
23 | #include "ecdh_helper.h" | |
24 | ||
58771c1c | 25 | #include <linux/scatterlist.h> |
58771c1c SB |
26 | #include <crypto/ecdh.h> |
27 | ||
28 | struct ecdh_completion { | |
29 | struct completion completion; | |
30 | int err; | |
31 | }; | |
32 | ||
33 | static void ecdh_complete(struct crypto_async_request *req, int err) | |
34 | { | |
35 | struct ecdh_completion *res = req->data; | |
36 | ||
37 | if (err == -EINPROGRESS) | |
38 | return; | |
39 | ||
40 | res->err = err; | |
41 | complete(&res->completion); | |
42 | } | |
43 | ||
44 | static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits) | |
45 | { | |
46 | int i; | |
47 | ||
48 | for (i = 0; i < ndigits; i++) | |
49 | out[i] = __swab64(in[ndigits - 1 - i]); | |
50 | } | |
51 | ||
a2976416 TA |
52 | int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64], |
53 | const u8 private_key[32], u8 secret[32]) | |
58771c1c | 54 | { |
58771c1c SB |
55 | struct kpp_request *req; |
56 | struct ecdh p; | |
57 | struct ecdh_completion result; | |
58 | struct scatterlist src, dst; | |
763d9a30 | 59 | u8 *tmp, *buf; |
58771c1c | 60 | unsigned int buf_len; |
a2976416 | 61 | int err; |
58771c1c | 62 | |
763d9a30 SB |
63 | tmp = kmalloc(64, GFP_KERNEL); |
64 | if (!tmp) | |
a2976416 | 65 | return -ENOMEM; |
763d9a30 | 66 | |
58771c1c | 67 | req = kpp_request_alloc(tfm, GFP_KERNEL); |
a2976416 TA |
68 | if (!req) { |
69 | err = -ENOMEM; | |
47eb2ac8 | 70 | goto free_tmp; |
a2976416 | 71 | } |
58771c1c SB |
72 | |
73 | init_completion(&result.completion); | |
74 | ||
75 | /* Security Manager Protocol holds digits in litte-endian order | |
76 | * while ECC API expect big-endian data | |
77 | */ | |
78 | swap_digits((u64 *)private_key, (u64 *)tmp, 4); | |
79 | p.key = (char *)tmp; | |
80 | p.key_size = 32; | |
81 | /* Set curve_id */ | |
82 | p.curve_id = ECC_CURVE_NIST_P256; | |
83 | buf_len = crypto_ecdh_key_len(&p); | |
84 | buf = kmalloc(buf_len, GFP_KERNEL); | |
a2976416 TA |
85 | if (!buf) { |
86 | err = -ENOMEM; | |
58771c1c | 87 | goto free_req; |
a2976416 | 88 | } |
5d4acfc1 | 89 | |
58771c1c SB |
90 | crypto_ecdh_encode_key(buf, buf_len, &p); |
91 | ||
92 | /* Set A private Key */ | |
93 | err = crypto_kpp_set_secret(tfm, (void *)buf, buf_len); | |
94 | if (err) | |
95 | goto free_all; | |
96 | ||
97 | swap_digits((u64 *)public_key, (u64 *)tmp, 4); /* x */ | |
98 | swap_digits((u64 *)&public_key[32], (u64 *)&tmp[32], 4); /* y */ | |
99 | ||
100 | sg_init_one(&src, tmp, 64); | |
101 | sg_init_one(&dst, secret, 32); | |
102 | kpp_request_set_input(req, &src, 64); | |
103 | kpp_request_set_output(req, &dst, 32); | |
104 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
105 | ecdh_complete, &result); | |
106 | err = crypto_kpp_compute_shared_secret(req); | |
107 | if (err == -EINPROGRESS) { | |
108 | wait_for_completion(&result.completion); | |
109 | err = result.err; | |
110 | } | |
111 | if (err < 0) { | |
112 | pr_err("alg: ecdh: compute shared secret failed. err %d\n", | |
113 | err); | |
114 | goto free_all; | |
115 | } | |
116 | ||
117 | swap_digits((u64 *)secret, (u64 *)tmp, 4); | |
118 | memcpy(secret, tmp, 32); | |
119 | ||
120 | free_all: | |
121 | kzfree(buf); | |
122 | free_req: | |
123 | kpp_request_free(req); | |
763d9a30 SB |
124 | free_tmp: |
125 | kfree(tmp); | |
a2976416 | 126 | return err; |
58771c1c SB |
127 | } |
128 | ||
a2976416 TA |
129 | int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64], |
130 | u8 private_key[32]) | |
58771c1c | 131 | { |
58771c1c SB |
132 | struct kpp_request *req; |
133 | struct ecdh p; | |
134 | struct ecdh_completion result; | |
135 | struct scatterlist dst; | |
763d9a30 | 136 | u8 *tmp, *buf; |
58771c1c | 137 | unsigned int buf_len; |
a2976416 | 138 | int err; |
58771c1c SB |
139 | const unsigned short max_tries = 16; |
140 | unsigned short tries = 0; | |
141 | ||
763d9a30 SB |
142 | tmp = kmalloc(64, GFP_KERNEL); |
143 | if (!tmp) | |
a2976416 | 144 | return -ENOMEM; |
763d9a30 | 145 | |
58771c1c | 146 | req = kpp_request_alloc(tfm, GFP_KERNEL); |
a2976416 TA |
147 | if (!req) { |
148 | err = -ENOMEM; | |
47eb2ac8 | 149 | goto free_tmp; |
a2976416 | 150 | } |
58771c1c SB |
151 | |
152 | init_completion(&result.completion); | |
153 | ||
154 | /* Set curve_id */ | |
155 | p.curve_id = ECC_CURVE_NIST_P256; | |
156 | p.key_size = 32; | |
157 | buf_len = crypto_ecdh_key_len(&p); | |
158 | buf = kmalloc(buf_len, GFP_KERNEL); | |
5d4acfc1 | 159 | if (!buf) |
58771c1c | 160 | goto free_req; |
58771c1c SB |
161 | |
162 | do { | |
163 | if (tries++ >= max_tries) | |
164 | goto free_all; | |
165 | ||
58771c1c SB |
166 | /* Set private Key */ |
167 | p.key = (char *)private_key; | |
168 | crypto_ecdh_encode_key(buf, buf_len, &p); | |
169 | err = crypto_kpp_set_secret(tfm, buf, buf_len); | |
170 | if (err) | |
171 | goto free_all; | |
172 | ||
173 | sg_init_one(&dst, tmp, 64); | |
f9583153 | 174 | kpp_request_set_input(req, NULL, 0); |
58771c1c SB |
175 | kpp_request_set_output(req, &dst, 64); |
176 | kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG, | |
177 | ecdh_complete, &result); | |
178 | ||
179 | err = crypto_kpp_generate_public_key(req); | |
180 | ||
181 | if (err == -EINPROGRESS) { | |
182 | wait_for_completion(&result.completion); | |
183 | err = result.err; | |
184 | } | |
185 | ||
186 | /* Private key is not valid. Regenerate */ | |
187 | if (err == -EINVAL) | |
188 | continue; | |
189 | ||
190 | if (err < 0) | |
191 | goto free_all; | |
192 | else | |
193 | break; | |
194 | ||
195 | } while (true); | |
196 | ||
197 | /* Keys are handed back in little endian as expected by Security | |
198 | * Manager Protocol | |
199 | */ | |
200 | swap_digits((u64 *)tmp, (u64 *)public_key, 4); /* x */ | |
201 | swap_digits((u64 *)&tmp[32], (u64 *)&public_key[32], 4); /* y */ | |
202 | swap_digits((u64 *)private_key, (u64 *)tmp, 4); | |
203 | memcpy(private_key, tmp, 32); | |
204 | ||
205 | free_all: | |
206 | kzfree(buf); | |
207 | free_req: | |
208 | kpp_request_free(req); | |
763d9a30 SB |
209 | free_tmp: |
210 | kfree(tmp); | |
a2976416 | 211 | return err; |
58771c1c | 212 | } |