crypto: ecdsa - Convert byte arrays with key coordinates to digits

For NIST P192/256/384 the public key's x and y parameters could be copied
directly from a given array since both parameters filled 'ndigits' of
digits (a 'digit' is a u64). For support of NIST P521 the key parameters
need to have leading zeros prepended to the most significant digit since
only 2 bytes of the most significant digit are provided.

Therefore, implement ecc_digits_from_bytes to convert a byte array into an
array of digits and use this function in ecdsa_set_pub_key where an input
byte array needs to be converted into digits.

Suggested-by: Lukas Wunner <lukas@wunner.de>
Tested-by: Lukas Wunner <lukas@wunner.de>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
index 3f9ec273a121fdb90eb1235a0b953cc1553f4cc4..e819d0983bd39dbde7ac989e7a3dd53ecdb666f0 100644 (file)
--- a/crypto/ecdsa.c
+++ b/crypto/ecdsa.c
@@ -222,9 +222,8 @@ static int ecdsa_ecc_ctx_reset(struct ecc_ctx *ctx)
 static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsigned int keylen)
 {
        struct ecc_ctx *ctx = akcipher_tfm_ctx(tfm);
+       unsigned int digitlen, ndigits;
        const unsigned char *d = key;
-       const u64 *digits = (const u64 *)&d[1];
-       unsigned int ndigits;
        int ret;
 
        ret = ecdsa_ecc_ctx_reset(ctx);
@@ -238,12 +237,17 @@ static int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, unsig
                return -EINVAL;
 
        keylen--;
-       ndigits = (keylen >> 1) / sizeof(u64);
+       digitlen = keylen >> 1;
+
+       ndigits = DIV_ROUND_UP(digitlen, sizeof(u64));
        if (ndigits != ctx->curve->g.ndigits)
                return -EINVAL;
 
-       ecc_swap_digits(digits, ctx->pub_key.x, ndigits);
-       ecc_swap_digits(&digits[ndigits], ctx->pub_key.y, ndigits);
+       d++;
+
+       ecc_digits_from_bytes(d, digitlen, ctx->pub_key.x, ndigits);
+       ecc_digits_from_bytes(&d[digitlen], digitlen, ctx->pub_key.y, ndigits);
+
        ret = ecc_is_pubkey_valid_full(ctx->curve, &ctx->pub_key);
 
        ctx->pub_key_set = ret == 0;

diff --git a/include/crypto/internal/ecc.h b/include/crypto/internal/ecc.h
index 4f6c1a68882fa117eaa17a47b3bd4a261b63bc7f..ab722a8986b7644d9198bd0eeb2927045b27613f 100644 (file)
--- a/include/crypto/internal/ecc.h
+++ b/include/crypto/internal/ecc.h
@@ -56,6 +56,27 @@ static inline void ecc_swap_digits(const void *in, u64 *out, unsigned int ndigit
                out[i] = get_unaligned_be64(&src[ndigits - 1 - i]);
 }
 
+/**
+ * ecc_digits_from_bytes() - Create ndigits-sized digits array from byte array
+ * @in:       Input byte array
+ * @nbytes    Size of input byte array
+ * @out       Output digits array
+ * @ndigits:  Number of digits to create from byte array
+ */
+static inline void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
+                                        u64 *out, unsigned int ndigits)
+{
+       unsigned int o = nbytes & 7;
+       __be64 msd = 0;
+
+       if (o) {
+               memcpy((u8 *)&msd + sizeof(msd) - o, in, o);
+               out[--ndigits] = be64_to_cpu(msd);
+               in += o;
+       }
+       ecc_swap_digits(in, out, ndigits);
+}
+
 /**
  * ecc_is_key_valid() - Validate a given ECDH private key
  *