Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / kernel / common / 35f7d5225ffcbf1b759f641aec1735e3a89b1914 / . / crypto / dh_helper.c
blob: db9b2d9c58f04e766d350dcf136badef22dd7614 [file] [log] [blame]
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]1/*
2 * Copyright (c) 2016, Intel Corporation
3 * Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
4 *
5 * This program is free software; you can redistribute it and/or
Tudor-Dan Ambarusc0ca1212017-05-25 10:18:03 +0300[diff] [blame]6 * modify it under the terms of the GNU General Public License
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]7 * as published by the Free Software Foundation; either version
Tudor-Dan Ambarusc0ca1212017-05-25 10:18:03 +0300[diff] [blame]8 * 2 of the License, or (at your option) any later version.
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]9 */
10#include <linux/kernel.h>
11#include <linux/export.h>
12#include <linux/err.h>
13#include <linux/string.h>
14#include <crypto/dh.h>
15#include <crypto/kpp.h>
16
Eric Biggers35f7d522018-07-27 15:36:10 -0700[diff] [blame^]17#define DH_KPP_SECRET_MIN_SIZE (sizeof(struct kpp_secret) + 4 * sizeof(int))
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]18
19static inline u8 *dh_pack_data(void *dst, const void *src, size_t size)
20{
21 memcpy(dst, src, size);
22 return dst + size;
23}
24
25static inline const u8 *dh_unpack_data(void *dst, const void *src, size_t size)
26{
27 memcpy(dst, src, size);
28 return src + size;
29}
30
Tudor-Dan Ambaruscb195b32017-09-29 12:21:04 +0300[diff] [blame]31static inline unsigned int dh_data_size(const struct dh *p)
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]32{
Stephan Muellere3fe0ae2018-06-27 08:15:31 +0200[diff] [blame]33 return p->key_size + p->p_size + p->q_size + p->g_size;
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]34}
35
Tudor-Dan Ambarus5b3f3a82017-09-29 12:21:05 +0300[diff] [blame]36unsigned int crypto_dh_key_len(const struct dh *p)
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]37{
38 return DH_KPP_SECRET_MIN_SIZE + dh_data_size(p);
39}
40EXPORT_SYMBOL_GPL(crypto_dh_key_len);
41
42int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params)
43{
44 u8 *ptr = buf;
45 struct kpp_secret secret = {
46 .type = CRYPTO_KPP_SECRET_TYPE_DH,
47 .len = len
48 };
49
50 if (unlikely(!buf))
51 return -EINVAL;
52
53 if (len != crypto_dh_key_len(params))
54 return -EINVAL;
55
56 ptr = dh_pack_data(ptr, &secret, sizeof(secret));
57 ptr = dh_pack_data(ptr, &params->key_size, sizeof(params->key_size));
58 ptr = dh_pack_data(ptr, &params->p_size, sizeof(params->p_size));
Stephan Muellere3fe0ae2018-06-27 08:15:31 +0200[diff] [blame]59 ptr = dh_pack_data(ptr, &params->q_size, sizeof(params->q_size));
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]60 ptr = dh_pack_data(ptr, &params->g_size, sizeof(params->g_size));
61 ptr = dh_pack_data(ptr, params->key, params->key_size);
62 ptr = dh_pack_data(ptr, params->p, params->p_size);
Stephan Muellere3fe0ae2018-06-27 08:15:31 +0200[diff] [blame]63 ptr = dh_pack_data(ptr, params->q, params->q_size);
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]64 dh_pack_data(ptr, params->g, params->g_size);
65
66 return 0;
67}
68EXPORT_SYMBOL_GPL(crypto_dh_encode_key);
69
70int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params)
71{
72 const u8 *ptr = buf;
73 struct kpp_secret secret;
74
75 if (unlikely(!buf || len < DH_KPP_SECRET_MIN_SIZE))
76 return -EINVAL;
77
78 ptr = dh_unpack_data(&secret, ptr, sizeof(secret));
79 if (secret.type != CRYPTO_KPP_SECRET_TYPE_DH)
80 return -EINVAL;
81
82 ptr = dh_unpack_data(&params->key_size, ptr, sizeof(params->key_size));
83 ptr = dh_unpack_data(&params->p_size, ptr, sizeof(params->p_size));
Stephan Muellere3fe0ae2018-06-27 08:15:31 +0200[diff] [blame]84 ptr = dh_unpack_data(&params->q_size, ptr, sizeof(params->q_size));
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]85 ptr = dh_unpack_data(&params->g_size, ptr, sizeof(params->g_size));
86 if (secret.len != crypto_dh_key_len(params))
87 return -EINVAL;
88
Eric Biggersccd98882017-11-05 18:30:46 -0800[diff] [blame]89 /*
90 * Don't permit the buffer for 'key' or 'g' to be larger than 'p', since
91 * some drivers assume otherwise.
92 */
93 if (params->key_size > params->p_size ||
Stephan Muellere3fe0ae2018-06-27 08:15:31 +0200[diff] [blame]94 params->g_size > params->p_size || params->q_size > params->p_size)
Eric Biggersccd98882017-11-05 18:30:46 -0800[diff] [blame]95 return -EINVAL;
96
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]97 /* Don't allocate memory. Set pointers to data within
98 * the given buffer
99 */
100 params->key = (void *)ptr;
101 params->p = (void *)(ptr + params->key_size);
Stephan Muellere3fe0ae2018-06-27 08:15:31 +0200[diff] [blame]102 params->q = (void *)(ptr + params->key_size + params->p_size);
103 params->g = (void *)(ptr + params->key_size + params->p_size +
104 params->q_size);
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]105
Eric Biggers199512b2017-11-05 18:30:45 -0800[diff] [blame]106 /*
107 * Don't permit 'p' to be 0. It's not a prime number, and it's subject
108 * to corner cases such as 'mod 0' being undefined or
109 * crypto_kpp_maxsize() returning 0.
110 */
111 if (memchr_inv(params->p, 0, params->p_size) == NULL)
112 return -EINVAL;
113
Stephan Muellere3fe0ae2018-06-27 08:15:31 +0200[diff] [blame]114 /* It is permissible to not provide Q. */
115 if (params->q_size == 0)
116 params->q = NULL;
117
Salvatore Benedetto802c7f12016-06-22 17:49:14 +0100[diff] [blame]118 return 0;
119}
120EXPORT_SYMBOL_GPL(crypto_dh_decode_key);