Commit 8ab4f148 authored by Tudor-Dan Ambarus's avatar Tudor-Dan Ambarus Committed by Stefan Bader

crypto: ecc - remove unnecessary casts

ecc software implementation works with chunks of u64 data. There were some
unnecessary casts to u8 and then back to u64 for the ecc keys. This patch
removes the unnecessary casts.
Signed-off-by: default avatarTudor Ambarus <tudor.ambarus@microchip.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>

CVE-2018-5383

(cherry picked from commit ad269597)
Signed-off-by: default avatarPaolo Pisati <paolo.pisati@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarConnor Kuehl <connor.kuehl@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent a3468588
...@@ -904,7 +904,7 @@ static inline void ecc_swap_digits(const u64 *in, u64 *out, ...@@ -904,7 +904,7 @@ static inline void ecc_swap_digits(const u64 *in, u64 *out,
} }
int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
const u8 *private_key, unsigned int private_key_len) const u64 *private_key, unsigned int private_key_len)
{ {
int nbytes; int nbytes;
const struct ecc_curve *curve = ecc_get_curve(curve_id); const struct ecc_curve *curve = ecc_get_curve(curve_id);
...@@ -917,23 +917,22 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, ...@@ -917,23 +917,22 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
if (private_key_len != nbytes) if (private_key_len != nbytes)
return -EINVAL; return -EINVAL;
if (vli_is_zero((const u64 *)&private_key[0], ndigits)) if (vli_is_zero(private_key, ndigits))
return -EINVAL; return -EINVAL;
/* Make sure the private key is in the range [1, n-1]. */ /* Make sure the private key is in the range [1, n-1]. */
if (vli_cmp(curve->n, (const u64 *)&private_key[0], ndigits) != 1) if (vli_cmp(curve->n, private_key, ndigits) != 1)
return -EINVAL; return -EINVAL;
return 0; return 0;
} }
int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits, int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
const u8 *private_key, u8 *public_key) const u64 *private_key, u64 *public_key)
{ {
int ret = 0; int ret = 0;
struct ecc_point *pk; struct ecc_point *pk;
u64 priv[ndigits]; u64 priv[ndigits];
unsigned int nbytes;
const struct ecc_curve *curve = ecc_get_curve(curve_id); const struct ecc_curve *curve = ecc_get_curve(curve_id);
if (!private_key || !curve) { if (!private_key || !curve) {
...@@ -941,7 +940,7 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits, ...@@ -941,7 +940,7 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
goto out; goto out;
} }
ecc_swap_digits((const u64 *)private_key, priv, ndigits); ecc_swap_digits(private_key, priv, ndigits);
pk = ecc_alloc_point(ndigits); pk = ecc_alloc_point(ndigits);
if (!pk) { if (!pk) {
...@@ -955,9 +954,8 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits, ...@@ -955,9 +954,8 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
goto err_free_point; goto err_free_point;
} }
nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT; ecc_swap_digits(pk->x, public_key, ndigits);
ecc_swap_digits(pk->x, (u64 *)public_key, ndigits); ecc_swap_digits(pk->y, &public_key[ndigits], ndigits);
ecc_swap_digits(pk->y, (u64 *)&public_key[nbytes], ndigits);
err_free_point: err_free_point:
ecc_free_point(pk); ecc_free_point(pk);
...@@ -966,8 +964,8 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits, ...@@ -966,8 +964,8 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
} }
int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
const u8 *private_key, const u8 *public_key, const u64 *private_key, const u64 *public_key,
u8 *secret) u64 *secret)
{ {
int ret = 0; int ret = 0;
struct ecc_point *product, *pk; struct ecc_point *product, *pk;
...@@ -997,13 +995,13 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, ...@@ -997,13 +995,13 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
goto err_alloc_product; goto err_alloc_product;
} }
ecc_swap_digits((const u64 *)public_key, pk->x, ndigits); ecc_swap_digits(public_key, pk->x, ndigits);
ecc_swap_digits((const u64 *)&public_key[nbytes], pk->y, ndigits); ecc_swap_digits(&public_key[ndigits], pk->y, ndigits);
ecc_swap_digits((const u64 *)private_key, priv, ndigits); ecc_swap_digits(private_key, priv, ndigits);
ecc_point_mult(product, pk, priv, rand_z, curve->p, ndigits); ecc_point_mult(product, pk, priv, rand_z, curve->p, ndigits);
ecc_swap_digits(product->x, (u64 *)secret, ndigits); ecc_swap_digits(product->x, secret, ndigits);
if (ecc_point_is_zero(product)) if (ecc_point_is_zero(product))
ret = -EFAULT; ret = -EFAULT;
......
...@@ -41,7 +41,7 @@ ...@@ -41,7 +41,7 @@
* Returns 0 if the key is acceptable, a negative value otherwise * Returns 0 if the key is acceptable, a negative value otherwise
*/ */
int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
const u8 *private_key, unsigned int private_key_len); const u64 *private_key, unsigned int private_key_len);
/** /**
* ecdh_make_pub_key() - Compute an ECC public key * ecdh_make_pub_key() - Compute an ECC public key
...@@ -55,7 +55,7 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits, ...@@ -55,7 +55,7 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
* if an error occurred. * if an error occurred.
*/ */
int ecdh_make_pub_key(const unsigned int curve_id, unsigned int ndigits, int ecdh_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
const u8 *private_key, u8 *public_key); const u64 *private_key, u64 *public_key);
/** /**
* crypto_ecdh_shared_secret() - Compute a shared secret * crypto_ecdh_shared_secret() - Compute a shared secret
...@@ -73,6 +73,6 @@ int ecdh_make_pub_key(const unsigned int curve_id, unsigned int ndigits, ...@@ -73,6 +73,6 @@ int ecdh_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
* if an error occurred. * if an error occurred.
*/ */
int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits, int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
const u8 *private_key, const u8 *public_key, const u64 *private_key, const u64 *public_key,
u8 *secret); u64 *secret);
#endif #endif
...@@ -55,7 +55,7 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, void *buf, unsigned int len) ...@@ -55,7 +55,7 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, void *buf, unsigned int len)
ctx->ndigits = ndigits; ctx->ndigits = ndigits;
if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits,
(const u8 *)params.key, params.key_size) < 0) (const u64 *)params.key, params.key_size) < 0)
return -EINVAL; return -EINVAL;
memcpy(ctx->private_key, params.key, params.key_size); memcpy(ctx->private_key, params.key, params.key_size);
...@@ -80,15 +80,14 @@ static int ecdh_compute_value(struct kpp_request *req) ...@@ -80,15 +80,14 @@ static int ecdh_compute_value(struct kpp_request *req)
return -EINVAL; return -EINVAL;
ret = crypto_ecdh_shared_secret(ctx->curve_id, ctx->ndigits, ret = crypto_ecdh_shared_secret(ctx->curve_id, ctx->ndigits,
(const u8 *)ctx->private_key, ctx->private_key,
(const u8 *)ctx->public_key, ctx->public_key,
(u8 *)ctx->shared_secret); ctx->shared_secret);
buf = ctx->shared_secret; buf = ctx->shared_secret;
} else { } else {
ret = ecdh_make_pub_key(ctx->curve_id, ctx->ndigits, ret = ecdh_make_pub_key(ctx->curve_id, ctx->ndigits,
(const u8 *)ctx->private_key, ctx->private_key, ctx->public_key);
(u8 *)ctx->public_key);
buf = ctx->public_key; buf = ctx->public_key;
/* Public part is a point thus it has both coordinates */ /* Public part is a point thus it has both coordinates */
nbytes *= 2; nbytes *= 2;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment