[linux-2.6-block.git] / net / bluetooth / ecdh_helper.c

/*
 * ECDH helper functions - KPP wrappings
 *
 * Copyright (C) 2017 Intel Corporation
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation;
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
 * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
 * IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
 * CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 * ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
 * COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
 * SOFTWARE IS DISCLAIMED.
 */
#include "ecdh_helper.h"

#include <linux/scatterlist.h>
#include <crypto/ecdh.h>

struct ecdh_completion {
	struct completion completion;
	int err;
};

static void ecdh_complete(struct crypto_async_request *req, int err)
{
	struct ecdh_completion *res = req->data;

	if (err == -EINPROGRESS)
		return;

	res->err = err;
	complete(&res->completion);
}

static inline void swap_digits(u64 *in, u64 *out, unsigned int ndigits)
{
	int i;

	for (i = 0; i < ndigits; i++)
		out[i] = __swab64(in[ndigits - 1 - i]);
}

int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64],
			const u8 private_key[32], u8 secret[32])
{
	struct kpp_request *req;
	struct ecdh p;
	struct ecdh_completion result;
	struct scatterlist src, dst;
	u8 *tmp, *buf;
	unsigned int buf_len;
	int err;

	tmp = kmalloc(64, GFP_KERNEL);
	if (!tmp)
		return -ENOMEM;

	req = kpp_request_alloc(tfm, GFP_KERNEL);
	if (!req) {
		err = -ENOMEM;
		goto free_tmp;
	}

	init_completion(&result.completion);

	/* Security Manager Protocol holds digits in litte-endian order
	 * while ECC API expect big-endian data
	 */
	swap_digits((u64 *)private_key, (u64 *)tmp, 4);
	p.key = (char *)tmp;
	p.key_size = 32;
	/* Set curve_id */
	p.curve_id = ECC_CURVE_NIST_P256;
	buf_len = crypto_ecdh_key_len(&p);
	buf = kmalloc(buf_len, GFP_KERNEL);
	if (!buf) {
		err = -ENOMEM;
		goto free_req;
	}

	crypto_ecdh_encode_key(buf, buf_len, &p);

	/* Set A private Key */
	err = crypto_kpp_set_secret(tfm, (void *)buf, buf_len);
	if (err)
		goto free_all;

	swap_digits((u64 *)public_key, (u64 *)tmp, 4); /* x */
	swap_digits((u64 *)&public_key[32], (u64 *)&tmp[32], 4); /* y */

	sg_init_one(&src, tmp, 64);
	sg_init_one(&dst, secret, 32);
	kpp_request_set_input(req, &src, 64);
	kpp_request_set_output(req, &dst, 32);
	kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
				 ecdh_complete, &result);
	err = crypto_kpp_compute_shared_secret(req);
	if (err == -EINPROGRESS) {
		wait_for_completion(&result.completion);
		err = result.err;
	}
	if (err < 0) {
		pr_err("alg: ecdh: compute shared secret failed. err %d\n",
		       err);
		goto free_all;
	}

	swap_digits((u64 *)secret, (u64 *)tmp, 4);
	memcpy(secret, tmp, 32);

free_all:
	kzfree(buf);
free_req:
	kpp_request_free(req);
free_tmp:
	kfree(tmp);
	return err;
}

int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64],
		       u8 private_key[32])
{
	struct kpp_request *req;
	struct ecdh p;
	struct ecdh_completion result;
	struct scatterlist dst;
	u8 *tmp, *buf;
	unsigned int buf_len;
	int err;
	const unsigned short max_tries = 16;
	unsigned short tries = 0;

	tmp = kmalloc(64, GFP_KERNEL);
	if (!tmp)
		return -ENOMEM;

	req = kpp_request_alloc(tfm, GFP_KERNEL);
	if (!req) {
		err = -ENOMEM;
		goto free_tmp;
	}

	init_completion(&result.completion);

	/* Set curve_id */
	p.curve_id = ECC_CURVE_NIST_P256;
	p.key_size = 32;
	buf_len = crypto_ecdh_key_len(&p);
	buf = kmalloc(buf_len, GFP_KERNEL);
	if (!buf)
		goto free_req;

	do {
		if (tries++ >= max_tries)
			goto free_all;

		/* Set private Key */
		p.key = (char *)private_key;
		crypto_ecdh_encode_key(buf, buf_len, &p);
		err = crypto_kpp_set_secret(tfm, buf, buf_len);
		if (err)
			goto free_all;

		sg_init_one(&dst, tmp, 64);
		kpp_request_set_input(req, NULL, 0);
		kpp_request_set_output(req, &dst, 64);
		kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
					 ecdh_complete, &result);

		err = crypto_kpp_generate_public_key(req);

		if (err == -EINPROGRESS) {
			wait_for_completion(&result.completion);
			err = result.err;
		}

		/* Private key is not valid. Regenerate */
		if (err == -EINVAL)
			continue;

		if (err < 0)
			goto free_all;
		else
			break;

	} while (true);

	/* Keys are handed back in little endian as expected by Security
	 * Manager Protocol
	 */
	swap_digits((u64 *)tmp, (u64 *)public_key, 4); /* x */
	swap_digits((u64 *)&tmp[32], (u64 *)&public_key[32], 4); /* y */
	swap_digits((u64 *)private_key, (u64 *)tmp, 4);
	memcpy(private_key, tmp, 32);

free_all:
	kzfree(buf);
free_req:
	kpp_request_free(req);
free_tmp:
	kfree(tmp);
	return err;
}
Commit	Line	Data
58771c1c SB	1	/*
	2	* ECDH helper functions - KPP wrappings
	3	*
	4	* Copyright (C) 2017 Intel Corporation
	5	*
	6	* This program is free software; you can redistribute it and/or modify
	7	* it under the terms of the GNU General Public License version 2 as
	8	* published by the Free Software Foundation;
	9	*
	10	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
	11	* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	12	* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS.
	13	* IN NO EVENT SHALL THE COPYRIGHT HOLDER(S) AND AUTHOR(S) BE LIABLE FOR ANY
	14	* CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES
	15	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	16	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	17	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	18	*
	19	* ALL LIABILITY, INCLUDING LIABILITY FOR INFRINGEMENT OF ANY PATENTS,
	20	* COPYRIGHTS, TRADEMARKS OR OTHER RIGHTS, RELATING TO USE OF THIS
	21	* SOFTWARE IS DISCLAIMED.
	22	*/
	23	#include "ecdh_helper.h"
	24
58771c1c	25	#include <linux/scatterlist.h>
58771c1c SB	26	#include <crypto/ecdh.h>
	27
	28	struct ecdh_completion {
	29	struct completion completion;
	30	int err;
	31	};
	32
	33	static void ecdh_complete(struct crypto_async_request *req, int err)
	34	{
	35	struct ecdh_completion *res = req->data;
	36
	37	if (err == -EINPROGRESS)
	38	return;
	39
	40	res->err = err;
	41	complete(&res->completion);
	42	}
	43
	44	static inline void swap_digits(u64 in, u64 out, unsigned int ndigits)
	45	{
	46	int i;
	47
	48	for (i = 0; i < ndigits; i++)
	49	out[i] = __swab64(in[ndigits - 1 - i]);
	50	}
	51
a2976416 TA	52	int compute_ecdh_secret(struct crypto_kpp *tfm, const u8 public_key[64],
a2976416 TA	53	const u8 private_key[32], u8 secret[32])
58771c1c	54	{
58771c1c SB	55	struct kpp_request *req;
	56	struct ecdh p;
	57	struct ecdh_completion result;
	58	struct scatterlist src, dst;
763d9a30	59	u8 tmp, buf;
58771c1c	60	unsigned int buf_len;
a2976416	61	int err;
58771c1c	62
763d9a30 SB	63	tmp = kmalloc(64, GFP_KERNEL);
763d9a30 SB	64	if (!tmp)
a2976416	65	return -ENOMEM;
763d9a30	66
58771c1c	67	req = kpp_request_alloc(tfm, GFP_KERNEL);
a2976416 TA	68	if (!req) {
a2976416 TA	69	err = -ENOMEM;
47eb2ac8	70	goto free_tmp;
a2976416	71	}
58771c1c SB	72
	73	init_completion(&result.completion);
	74
	75	/* Security Manager Protocol holds digits in litte-endian order
	76	* while ECC API expect big-endian data
	77	*/
	78	swap_digits((u64 )private_key, (u64 )tmp, 4);
	79	p.key = (char *)tmp;
	80	p.key_size = 32;
	81	/* Set curve_id */
	82	p.curve_id = ECC_CURVE_NIST_P256;
	83	buf_len = crypto_ecdh_key_len(&p);
	84	buf = kmalloc(buf_len, GFP_KERNEL);
a2976416 TA	85	if (!buf) {
a2976416 TA	86	err = -ENOMEM;
58771c1c	87	goto free_req;
a2976416	88	}
5d4acfc1	89
58771c1c SB	90	crypto_ecdh_encode_key(buf, buf_len, &p);
	91
	92	/* Set A private Key */
	93	err = crypto_kpp_set_secret(tfm, (void *)buf, buf_len);
	94	if (err)
	95	goto free_all;
	96
	97	swap_digits((u64 )public_key, (u64 )tmp, 4); /* x */
	98	swap_digits((u64 )&public_key[32], (u64 )&tmp[32], 4); /* y */
	99
	100	sg_init_one(&src, tmp, 64);
	101	sg_init_one(&dst, secret, 32);
	102	kpp_request_set_input(req, &src, 64);
	103	kpp_request_set_output(req, &dst, 32);
	104	kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
	105	ecdh_complete, &result);
	106	err = crypto_kpp_compute_shared_secret(req);
	107	if (err == -EINPROGRESS) {
	108	wait_for_completion(&result.completion);
	109	err = result.err;
	110	}
	111	if (err < 0) {
	112	pr_err("alg: ecdh: compute shared secret failed. err %d\n",
	113	err);
	114	goto free_all;
	115	}
	116
	117	swap_digits((u64 )secret, (u64 )tmp, 4);
	118	memcpy(secret, tmp, 32);
	119
	120	free_all:
	121	kzfree(buf);
	122	free_req:
	123	kpp_request_free(req);
763d9a30 SB	124	free_tmp:
763d9a30 SB	125	kfree(tmp);
a2976416	126	return err;
58771c1c SB	127	}
58771c1c SB	128
a2976416 TA	129	int generate_ecdh_keys(struct crypto_kpp *tfm, u8 public_key[64],
a2976416 TA	130	u8 private_key[32])
58771c1c	131	{
58771c1c SB	132	struct kpp_request *req;
	133	struct ecdh p;
	134	struct ecdh_completion result;
	135	struct scatterlist dst;
763d9a30	136	u8 tmp, buf;
58771c1c	137	unsigned int buf_len;
a2976416	138	int err;
58771c1c SB	139	const unsigned short max_tries = 16;
	140	unsigned short tries = 0;
	141
763d9a30 SB	142	tmp = kmalloc(64, GFP_KERNEL);
763d9a30 SB	143	if (!tmp)
a2976416	144	return -ENOMEM;
763d9a30	145
58771c1c	146	req = kpp_request_alloc(tfm, GFP_KERNEL);
a2976416 TA	147	if (!req) {
a2976416 TA	148	err = -ENOMEM;
47eb2ac8	149	goto free_tmp;
a2976416	150	}
58771c1c SB	151
	152	init_completion(&result.completion);
	153
	154	/* Set curve_id */
	155	p.curve_id = ECC_CURVE_NIST_P256;
	156	p.key_size = 32;
	157	buf_len = crypto_ecdh_key_len(&p);
	158	buf = kmalloc(buf_len, GFP_KERNEL);
5d4acfc1	159	if (!buf)
58771c1c	160	goto free_req;
58771c1c SB	161
	162	do {
	163	if (tries++ >= max_tries)
	164	goto free_all;
	165
58771c1c SB	166	/* Set private Key */
	167	p.key = (char *)private_key;
	168	crypto_ecdh_encode_key(buf, buf_len, &p);
	169	err = crypto_kpp_set_secret(tfm, buf, buf_len);
	170	if (err)
	171	goto free_all;
	172
	173	sg_init_one(&dst, tmp, 64);
f9583153	174	kpp_request_set_input(req, NULL, 0);
58771c1c SB	175	kpp_request_set_output(req, &dst, 64);
	176	kpp_request_set_callback(req, CRYPTO_TFM_REQ_MAY_BACKLOG,
	177	ecdh_complete, &result);
	178
	179	err = crypto_kpp_generate_public_key(req);
	180
	181	if (err == -EINPROGRESS) {
	182	wait_for_completion(&result.completion);
	183	err = result.err;
	184	}
	185
	186	/* Private key is not valid. Regenerate */
	187	if (err == -EINVAL)
	188	continue;
	189
	190	if (err < 0)
	191	goto free_all;
	192	else
	193	break;
	194
	195	} while (true);
	196
	197	/* Keys are handed back in little endian as expected by Security
	198	* Manager Protocol
	199	*/
	200	swap_digits((u64 )tmp, (u64 )public_key, 4); /* x */
	201	swap_digits((u64 )&tmp[32], (u64 )&public_key[32], 4); /* y */
	202	swap_digits((u64 )private_key, (u64 )tmp, 4);
	203	memcpy(private_key, tmp, 32);
	204
	205	free_all:
	206	kzfree(buf);
	207	free_req:
	208	kpp_request_free(req);
763d9a30 SB	209	free_tmp:
763d9a30 SB	210	kfree(tmp);
a2976416	211	return err;
58771c1c	212	}