Re: [PATCH v2 4/6] crypto: ecdsa: add ECDSA SW implementation

Sun, 05 Feb 2017 01:52:21 -0800 

Am Freitag, 3. Februar 2017, 16:42:53 CET schrieb Nitin Kumbhar:

Hi Nitin,

> +
> +int ecdsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
> +                   unsigned int keylen)
> +{
> +     struct ecdsa_ctx *ctx = ecdsa_get_ctx(tfm);
> +     struct ecdsa params;
> +     unsigned int ndigits;
> +     unsigned int nbytes;
> +     u8 *params_qx, *params_qy;
> +     u64 *ctx_qx, *ctx_qy;
> +     int err = 0;
> +
> +     if (crypto_ecdsa_parse_pub_key(key, keylen, &params))
> +             return -EINVAL;
> +
> +     ndigits = ecdsa_supported_curve(params.curve_id);
> +     if (!ndigits)
> +             return -EINVAL;
> +
> +     err = ecc_is_pub_key_valid(params.curve_id, ndigits,
> +                                params.key, params.key_size);
> +     if (err)
> +             return err;
> +
> +     ctx->curve_id = params.curve_id;
> +     ctx->ndigits = ndigits;
> +     nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
> +
> +     params_qx = params.key;
> +     params_qy = params_qx + ECC_MAX_DIGIT_BYTES;
> +
> +     ctx_qx = ctx->public_key;
> +     ctx_qy = ctx_qx + ECC_MAX_DIGITS;
> +
> +     vli_copy_from_buf(ctx_qx, ndigits, params_qx, nbytes);
> +     vli_copy_from_buf(ctx_qy, ndigits, params_qy, nbytes);
> +
> +     memset(&params, 0, sizeof(params));
> +     return 0;
> +}
> +
> +int ecdsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
> +                    unsigned int keylen)
> +{
> +     struct ecdsa_ctx *ctx = ecdsa_get_ctx(tfm);
> +     struct ecdsa params;
> +     unsigned int ndigits;
> +     unsigned int nbytes;
> +
> +     if (crypto_ecdsa_parse_priv_key(key, keylen, &params))
> +             return -EINVAL;
> +
> +     ndigits = ecdsa_supported_curve(params.curve_id);
> +     if (!ndigits)
> +             return -EINVAL;
> +
> +     ctx->curve_id = params.curve_id;
> +     ctx->ndigits = ndigits;
> +     nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
> +
> +     if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits,
> +                          (const u8 *)params.key, params.key_size) < 0)
> +             return -EINVAL;
> +
> +     vli_copy_from_buf(ctx->private_key, ndigits, params.key, nbytes);
> +
> +     memset(&params, 0, sizeof(params));

Please use memzero_explicit as otherwise this memset will be optimized away. I 
think it could be used for the set_pub_key too, but there we do not have 
sensitive data and thus it would not be strictly needed.

> +     return 0;
> +}


Ciao
Stephan

Reply via email to