Skip to content

20250418-linuxkm-lkcapi-cleanup #8696

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
philljj merged 2 commits into from
Apr 19, 2025
Merged

20250418-linuxkm-lkcapi-cleanup #8696

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fe244fb
linuxkm: clean up LKCAPI glue:
douzzer Apr 18, 2025
2e31cad
wolfssl/internal.h: clean up WOLFSSL_TEST_VIS comments and an unneede…
douzzer Apr 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 20 additions & 20 deletions linuxkm/lkcapi_ecdh_glue.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -133,15 +133,15 @@ static struct kpp_alg ecdh_nist_p384 = {
.exit = km_ecdh_exit,
};

/**
/*
* Set the secret. Kernel crypto expects secret is passed with
* struct kpp_secret as header, followed by secret data as payload.
* See these for more info:
* - crypto/ecdh_helper.c
* - include/crypto/kpp.h
*
* An empty payload means this function will gen the ecc key pair.
* */
*/
static int km_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
unsigned int len)
{
Expand Down Expand Up @@ -360,12 +360,12 @@ static int km_ecdh_nist_p384_init(struct crypto_kpp *tfm)
return km_ecdh_init(tfm, ECC_SECP384R1);
}

/**
/*
* Generate the ecc public key:
* - req->src should be null
* - req->dst is where we place the public key.
* The kernel api expects raw uncompressed pub key, without leading byte.
* */
*/
static int km_ecdh_gen_pub(struct kpp_request *req)
{
struct crypto_kpp * tfm = NULL;
Expand Down Expand Up @@ -463,11 +463,11 @@ static int km_ecdh_gen_pub(struct kpp_request *req)
return err;
}

/**
/*
* Generate ecc shared secret.
* - req->src has raw pub key from other party.
* - req->dst is shared secret output buffer.
* */
*/
static int km_ecdh_compute_shared_secret(struct kpp_request *req)
{
struct crypto_kpp * tfm = NULL;
Expand Down Expand Up @@ -596,7 +596,7 @@ static int linuxkm_test_ecdh_nist_p192(void)
{
int rc = 0;
/* reference values from kernel crypto/testmgr.h */
const byte secret[] = {
static const byte secret[] = {
#ifdef LITTLE_ENDIAN_ORDER
0x02, 0x00, /* type */
0x1e, 0x00, /* len */
Expand All @@ -613,7 +613,7 @@ static int linuxkm_test_ecdh_nist_p192(void)
};

/* 48 byte pub key */
const byte b_pub[] = {
static const byte b_pub[] = {
0xc3, 0xba, 0x67, 0x4b, 0x71, 0xec, 0xd0, 0x76,
0x7a, 0x99, 0x75, 0x64, 0x36, 0x13, 0x9a, 0x94,
0x5d, 0x8b, 0xdc, 0x60, 0x90, 0x91, 0xfd, 0x3f,
Expand All @@ -622,7 +622,7 @@ static int linuxkm_test_ecdh_nist_p192(void)
0x07, 0xd6, 0xbd, 0x1c, 0xe6, 0x8d, 0x9d, 0x67
};

const byte expected_a_pub[] = {
static const byte expected_a_pub[] = {
0x1a, 0x04, 0xdb, 0xa5, 0xe1, 0xdd, 0x4e, 0x79,
0xa3, 0xe6, 0xef, 0x0e, 0x5c, 0x80, 0x49, 0x85,
0xfa, 0x78, 0xb4, 0xef, 0x49, 0xbd, 0x4c, 0x7c,
Expand All @@ -632,7 +632,7 @@ static int linuxkm_test_ecdh_nist_p192(void)
};

/* 24 byte shared secret */
const byte shared_secret[] = {
static const byte shared_secret[] = {
0xf4, 0x57, 0xcc, 0x4f, 0x1f, 0x4e, 0x31, 0xcc,
0xe3, 0x40, 0x60, 0xc8, 0x06, 0x93, 0xc6, 0x2e,
0x99, 0x80, 0x81, 0x28, 0xaf, 0xc5, 0x51, 0x74
Expand All @@ -651,7 +651,7 @@ static int linuxkm_test_ecdh_nist_p256(void)
{
int rc = 0;
/* reference values from kernel crypto/testmgr.h */
const byte secret[] = {
static const byte secret[] = {
#ifdef LITTLE_ENDIAN_ORDER
0x02, 0x00, /* type */
0x26, 0x00, /* len */
Expand All @@ -668,7 +668,7 @@ static int linuxkm_test_ecdh_nist_p256(void)
};

/* 64 byte pub key */
const byte b_pub[] = {
static const byte b_pub[] = {
0xcc, 0xb4, 0xda, 0x74, 0xb1, 0x47, 0x3f, 0xea,
0x6c, 0x70, 0x9e, 0x38, 0x2d, 0xc7, 0xaa, 0xb7,
0x29, 0xb2, 0x47, 0x03, 0x19, 0xab, 0xdd, 0x34,
Expand All @@ -679,7 +679,7 @@ static int linuxkm_test_ecdh_nist_p256(void)
0x6f, 0xdb, 0xa9, 0xaa, 0xfc, 0x77, 0x81, 0xf3,
};

const byte expected_a_pub[] = {
static const byte expected_a_pub[] = {
0x1a, 0x7f, 0xeb, 0x52, 0x00, 0xbd, 0x3c, 0x31,
0x7d, 0xb6, 0x70, 0xc1, 0x86, 0xa6, 0xc7, 0xc4,
0x3b, 0xc5, 0x5f, 0x6c, 0x6f, 0x58, 0x3c, 0xf5,
Expand All @@ -691,7 +691,7 @@ static int linuxkm_test_ecdh_nist_p256(void)
};

/* 32 byte shared secret */
const byte shared_secret[] = {
static const byte shared_secret[] = {
0xea, 0x17, 0x6f, 0x7e, 0x6e, 0x57, 0x26, 0x38,
0x8b, 0xfb, 0x41, 0xeb, 0xba, 0xc8, 0x6d, 0xa5,
0xa8, 0x72, 0xd1, 0xff, 0xc9, 0x47, 0x3d, 0xaa,
Expand All @@ -710,7 +710,7 @@ static int linuxkm_test_ecdh_nist_p384(void)
{
int rc = 0;
/* reference values from kernel crypto/testmgr.h */
const byte secret[] = {
static const byte secret[] = {
#ifdef LITTLE_ENDIAN_ORDER
0x02, 0x00, /* type */
0x36, 0x00, /* len */
Expand All @@ -729,7 +729,7 @@ static int linuxkm_test_ecdh_nist_p384(void)
};

/* 96 byte pub key */
const byte b_pub[] = {
static const byte b_pub[] = {
0xE5, 0x58, 0xDB, 0xEF, 0x53, 0xEE, 0xCD, 0xE3,
0xD3, 0xFC, 0xCF, 0xC1, 0xAE, 0xA0, 0x8A, 0x89,
0xA9, 0x87, 0x47, 0x5D, 0x12, 0xFD, 0x95, 0x0D,
Expand All @@ -745,7 +745,7 @@ static int linuxkm_test_ecdh_nist_p384(void)
};

/* 96 byte pub key */
const byte expected_a_pub[] = {
static const byte expected_a_pub[] = {
0x66, 0x78, 0x42, 0xD7, 0xD1, 0x80, 0xAC, 0x2C,
0xDE, 0x6F, 0x74, 0xF3, 0x75, 0x51, 0xF5, 0x57,
0x55, 0xC7, 0x64, 0x5C, 0x20, 0xEF, 0x73, 0xE3,
Expand All @@ -761,7 +761,7 @@ static int linuxkm_test_ecdh_nist_p384(void)
};

/* 48 byte shared secret */
const byte shared_secret[] = {
static const byte shared_secret[] = {
0x11, 0x18, 0x73, 0x31, 0xC2, 0x79, 0x96, 0x2D,
0x93, 0xD6, 0x04, 0x24, 0x3F, 0xD5, 0x92, 0xCB,
0x9D, 0x0A, 0x92, 0x6F, 0x42, 0x2E, 0x47, 0x18,
Expand Down Expand Up @@ -796,10 +796,10 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
byte * dst_buf = NULL;
unsigned int src_len = pub_len;
unsigned int dst_len = 0;
/**
/*
* Allocate the kpp transform, and set up
* the kpp request.
* */
*/
tfm = crypto_alloc_kpp(driver, 0, 0);
if (IS_ERR(tfm)) {
pr_err("error: allocating kpp algorithm %s failed: %ld\n",
Expand Down
72 changes: 40 additions & 32 deletions linuxkm/lkcapi_ecdsa_glue.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -316,7 +316,7 @@ static int km_ecdsa_nist_p521_init(struct crypto_akcipher *tfm)
}
#endif /* HAVE_ECC521 */

/**
/*
* Verify an ecdsa_nist signature.
*
* The total size of req->src is src_len + dst_len:
Expand All @@ -326,7 +326,7 @@ static int km_ecdsa_nist_p521_init(struct crypto_akcipher *tfm)
* dst should be null.
* See kernel:
* - include/crypto/akcipher.h
* */
*/
static int km_ecdsa_verify(struct akcipher_request *req)
{
struct crypto_akcipher * tfm = NULL;
Expand Down Expand Up @@ -358,26 +358,18 @@ static int km_ecdsa_verify(struct akcipher_request *req)
goto ecdsa_verify_end;
}

sig = malloc(sig_len);
sig = malloc(sig_len + hash_len);
if (unlikely(sig == NULL)) {
err = -ENOMEM;
goto ecdsa_verify_end;
}

hash = malloc(hash_len);
if (unlikely(hash == NULL)) {
err = -ENOMEM;
goto ecdsa_verify_end;
}
hash = sig + sig_len;

memset(sig, 0, sig_len);
memset(hash, 0, hash_len);
memset(sig, 0, sig_len + hash_len);

/* copy sig from req->src to sig */
scatterwalk_map_and_copy(sig, req->src, 0, sig_len, 0);

/* copy hash from req->src to hash */
scatterwalk_map_and_copy(hash, req->src, sig_len, hash_len, 0);
/* copy sig and hash from req->src to sig and contiguous hash buffer. */
scatterwalk_map_and_copy(sig, req->src, 0, sig_len + hash_len, 0);

err = wc_ecc_verify_hash(sig, sig_len, hash, hash_len, &result, ctx->key);

Expand All @@ -401,7 +393,6 @@ static int km_ecdsa_verify(struct akcipher_request *req)

ecdsa_verify_end:
if (sig != NULL) { free(sig); sig = NULL; }
if (hash != NULL) { free(hash); hash = NULL; }

#ifdef WOLFKM_DEBUG_ECDSA
pr_info("info: exiting km_ecdsa_verify: %d\n", result);
Expand All @@ -416,7 +407,7 @@ static int linuxkm_test_ecdsa_nist_p192(void)
/* reference value from kernel crypto/testmgr.h
* OID_id_ecdsa_with_sha256 */
/* 49 byte pub key */
const byte p192_pub[] = {
static const byte p192_pub[] = {
0x04, 0xe2, 0x51, 0x24, 0x9b, 0xf7, 0xb6, 0x32,
0x82, 0x39, 0x66, 0x3d, 0x5b, 0xec, 0x3b, 0xae,
0x0c, 0xd5, 0xf2, 0x67, 0xd1, 0xc7, 0xe1, 0x02,
Expand All @@ -427,15 +418,15 @@ static int linuxkm_test_ecdsa_nist_p192(void)
};

/* 32 byte hash */
const byte hash[] = {
static const byte hash[] = {
0x35, 0xec, 0xa1, 0xa0, 0x9e, 0x14, 0xde, 0x33,
0x03, 0xb6, 0xf6, 0xbd, 0x0c, 0x2f, 0xb2, 0xfd,
0x1f, 0x27, 0x82, 0xa5, 0xd7, 0x70, 0x3f, 0xef,
0xa0, 0x82, 0x69, 0x8e, 0x73, 0x31, 0x8e, 0xd7
};

/* 55 byte sig */
const byte sig[] = {
static const byte sig[] = {
0x30, 0x35, 0x02, 0x18, 0x3f, 0x72, 0x3f, 0x1f,
0x42, 0xd2, 0x3f, 0x1d, 0x6b, 0x1a, 0x58, 0x56,
0xf1, 0x8f, 0xf7, 0xfd, 0x01, 0x48, 0xfb, 0x5f,
Expand Down Expand Up @@ -467,7 +458,7 @@ static int linuxkm_test_ecdsa_nist_p256(void)
/* reference value from kernel crypto/testmgr.h
* OID_id_ecdsa_with_sha256 */
/* 65 byte pub key */
const byte p256_pub[] = {
static const byte p256_pub[] = {
0x04, 0xf1, 0xea, 0xc4, 0x53, 0xf3, 0xb9, 0x0e,
0x9f, 0x7e, 0xad, 0xe3, 0xea, 0xd7, 0x0e, 0x0f,
0xd6, 0x98, 0x9a, 0xca, 0x92, 0x4d, 0x0a, 0x80,
Expand All @@ -480,15 +471,15 @@ static int linuxkm_test_ecdsa_nist_p256(void)
};

/* 32 byte hash */
const byte hash[] = {
static const byte hash[] = {
0x8f, 0x43, 0x43, 0x46, 0x64, 0x8f, 0x6b, 0x96,
0xdf, 0x89, 0xdd, 0xa9, 0x01, 0xc5, 0x17, 0x6b,
0x10, 0xa6, 0xd8, 0x39, 0x61, 0xdd, 0x3c, 0x1a,
0xc8, 0x8b, 0x59, 0xb2, 0xdc, 0x32, 0x7a, 0xa4
};

/* 71 byte sig */
const byte sig[] = {
static const byte sig[] = {
0x30, 0x45, 0x02, 0x20, 0x08, 0x31, 0xfa, 0x74,
0x0d, 0x1d, 0x21, 0x5d, 0x09, 0xdc, 0x29, 0x63,
0xa8, 0x1a, 0xad, 0xfc, 0xac, 0x44, 0xc3, 0xe8,
Expand Down Expand Up @@ -520,7 +511,7 @@ static int linuxkm_test_ecdsa_nist_p384(void)
/* reference value from kernel crypto/testmgr.h
* OID_id_ecdsa_with_sha384 */
/* 97 byte pub key */
const byte p384_pub[] = {
static const byte p384_pub[] = {
0x04, 0x3a, 0x2f, 0x62, 0xe7, 0x1a, 0xcf, 0x24,
0xd0, 0x0b, 0x7c, 0xe0, 0xed, 0x46, 0x0a, 0x4f,
0x74, 0x16, 0x43, 0xe9, 0x1a, 0x25, 0x7c, 0x55,
Expand All @@ -537,7 +528,7 @@ static int linuxkm_test_ecdsa_nist_p384(void)
};

/* 48 byte hash */
const byte hash[] = {
static const byte hash[] = {
0x8d, 0xf2, 0xc0, 0xe9, 0xa8, 0xf3, 0x8e, 0x44,
0xc4, 0x8c, 0x1a, 0xa0, 0xb8, 0xd7, 0x17, 0xdf,
0xf2, 0x37, 0x1b, 0xc6, 0xe3, 0xf5, 0x62, 0xcc,
Expand All @@ -547,7 +538,7 @@ static int linuxkm_test_ecdsa_nist_p384(void)
};

/* 104 byte sig */
const byte sig[] = {
static const byte sig[] = {
0x30, 0x66, 0x02, 0x31, 0x00, 0x9b, 0x28, 0x68,
0xc0, 0xa1, 0xea, 0x8c, 0x50, 0xee, 0x2e, 0x62,
0x35, 0x46, 0xfa, 0x00, 0xd8, 0x2d, 0x7a, 0x91,
Expand Down Expand Up @@ -584,7 +575,7 @@ static int linuxkm_test_ecdsa_nist_p521(void)
/* reference value from kernel crypto/testmgr.h
* OID_id_ecdsa_with_sha521 */
/* 133 byte pub key */
const byte p521_pub[] = {
static const byte p521_pub[] = {
0x04, 0x00, 0xc7, 0x65, 0xee, 0x0b, 0x86, 0x7d,
0x8f, 0x02, 0xf1, 0x74, 0x5b, 0xb0, 0x4c, 0x3f,
0xa6, 0x35, 0x60, 0x9f, 0x55, 0x23, 0x11, 0xcc,
Expand All @@ -605,7 +596,7 @@ static int linuxkm_test_ecdsa_nist_p521(void)
};

/* 64 byte hash */
const byte hash[] = {
static const byte hash[] = {
0x5c, 0xa6, 0xbc, 0x79, 0xb8, 0xa0, 0x1e, 0x11,
0x83, 0xf7, 0xe9, 0x05, 0xdf, 0xba, 0xf7, 0x69,
0x97, 0x22, 0x32, 0xe4, 0x94, 0x7c, 0x65, 0xbd,
Expand All @@ -617,7 +608,7 @@ static int linuxkm_test_ecdsa_nist_p521(void)
};

/* 139 byte sig */
const byte sig[] = {
static const byte sig[] = {
0x30, 0x81, 0x88, 0x02, 0x42, 0x01, 0x5c, 0x71,
0x86, 0x96, 0xac, 0x21, 0x33, 0x7e, 0x4e, 0xaa,
0x86, 0xec, 0xa8, 0x05, 0x03, 0x52, 0x56, 0x63,
Expand Down Expand Up @@ -664,11 +655,26 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
struct crypto_akcipher * tfm = NULL;
struct akcipher_request * req = NULL;
struct scatterlist src_tab[2];
byte * param_copy = NULL;
byte * bad_sig = NULL;
/**

/* Allocate param_copy -- scatterwalk_map_and_copy() unmaps the buffers in
* the sg list, so we can't safely use the passed pointers directly.
*/
param_copy = (byte *)malloc(sig_len + hash_len);
if (! param_copy) {
pr_err("error: allocating param_copy buffer failed.\n");
goto test_ecdsa_nist_end;
}
memcpy(param_copy, sig, sig_len);
sig = param_copy;
memcpy(param_copy + sig_len, hash, hash_len);
hash = param_copy + sig_len;

/*
* Allocate the akcipher transform, and set up
* the akcipher request.
* */
*/
tfm = crypto_alloc_akcipher(driver, 0, 0);
if (IS_ERR(tfm)) {
pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
Expand Down Expand Up @@ -699,14 +705,15 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
}
}

/**
/*
* Set sig as src, and null as dst.
* src_tab is:
* src_tab[0]: signature
* src_tab[1]: message (hash)
*
* src_len is sig size
* dst_len is hash size. */
* dst_len is hash size.
*/
sg_init_table(src_tab, 2);
sg_set_buf(&src_tab[0], sig, sig_len);
sg_set_buf(&src_tab[1], hash, hash_len);
Expand Down Expand Up @@ -747,6 +754,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
test_ecdsa_nist_end:
if (req) { akcipher_request_free(req); req = NULL; }
if (tfm) { crypto_free_akcipher(tfm); tfm = NULL; }
if (param_copy) { free(param_copy); }
if (bad_sig) { free(bad_sig); bad_sig = NULL; }

#ifdef WOLFKM_DEBUG_ECDSA
Expand Down
Loading