From 720b34e3aa5055a58244802cd48921c200fed914 Mon Sep 17 00:00:00 2001
From: Nicolai Stange <nstange@suse.de>
Date: Fri, 19 Nov 2021 10:15:20 +0100
Subject: [PATCH 10/18] crypto: dh - introduce support for ephemeral key
generation to dh-generic
References: jsc#SLE-21132,bsc#1191256
Patch-mainline: Submitted, linux-crypto ML
The support for NVME in-band authentication currently in the works ([1])
needs to generate ephemeral DH keys. Make dh-generic's ->set_secret()
to generate an ephemeral key via the recently added crypto_dh_gen_privkey()
in case the input ->key_size is zero. Note that this behaviour is in
analogy to ecdh's ->set_secret().
[1] https://lkml.kernel.org/r/20211122074727.25988-4-hare@suse.de
Signed-off-by: Nicolai Stange <nstange@suse.de>
Reviewed-by: Hannes Reinecke <hare@suse.de>
---
crypto/dh.c | 24 ++++++++++++++++++++----
1 file changed, 20 insertions(+), 4 deletions(-)
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -75,25 +75,41 @@ static int dh_set_secret(struct crypto_k
{
struct dh_ctx *ctx = dh_get_ctx(tfm);
struct dh params;
+ char key[CRYPTO_DH_MAX_PRIVKEY_SIZE];
+ int err;
/* Free the old MPI key if any */
dh_clear_ctx(ctx);
- if (crypto_dh_decode_key(buf, len, ¶ms) < 0)
+ err = crypto_dh_decode_key(buf, len, ¶ms);
+ if (err)
goto err_clear_ctx;
- if (dh_set_params(ctx, ¶ms) < 0)
+ if (!params.key_size) {
+ err = crypto_dh_gen_privkey(params.group_id, key,
+ ¶ms.key_size);
+ if (err)
+ goto err_clear_ctx;
+ params.key = key;
+ }
+
+ err = dh_set_params(ctx, ¶ms);
+ if (err)
goto err_clear_ctx;
ctx->xa = mpi_read_raw_data(params.key, params.key_size);
- if (!ctx->xa)
+ if (!ctx->xa) {
+ err = -EINVAL;
goto err_clear_ctx;
+ }
+
+ memzero_explicit(key, sizeof(key));
return 0;
err_clear_ctx:
dh_clear_ctx(ctx);
- return -EINVAL;
+ return err;
}
/*