[PATCH] Documentation: crypto: Fixed bugs, added example usage of calc_hash().

[Kamil Konieczny]

- Fixed bugs in example for shash and rng (added missing "*" and " *").
- Corrected pr_info() in calc_hash().
- Added example usage of calc_hash().
- No need for negate PTR_ERR to get error code, as crypto_alloc_rng
  already returns negative values like ERR_PTR(-ENOMEM). Fixed.

Signed-off-by: Kamil Konieczny 
---
 Documentation/crypto/api-samples.rst | 38 ++--
 1 file changed, 28 insertions(+), 10 deletions(-)

diff --git a/Documentation/crypto/api-samples.rst 
b/Documentation/crypto/api-samples.rst
index d021fd96a76d..2531948db89f 100644
--- a/Documentation/crypto/api-samples.rst
+++ b/Documentation/crypto/api-samples.rst
@@ -155,9 +155,9 @@ Code Example For Use of Operational State Memory With SHASH
 char ctx[];
 };
 
-static struct sdesc init_sdesc(struct crypto_shash *alg)
+static struct sdesc *init_sdesc(struct crypto_shash *alg)
 {
-struct sdesc sdesc;
+struct sdesc *sdesc;
 int size;
 
 size = sizeof(struct shash_desc) + crypto_shash_descsize(alg);
@@ -169,15 +169,16 @@ Code Example For Use of Operational State Memory With 
SHASH
 return sdesc;
 }
 
-static int calc_hash(struct crypto_shashalg,
- const unsigned chardata, unsigned int datalen,
- unsigned chardigest) {
-struct sdesc sdesc;
+static int calc_hash(struct crypto_shash *alg,
+ const unsigned char *data, unsigned int datalen,
+ unsigned char *digest)
+{
+struct sdesc *sdesc;
 int ret;
 
 sdesc = init_sdesc(alg);
 if (IS_ERR(sdesc)) {
-pr_info("trusted_key: can't alloc %s\n", hash_alg);
+pr_info("can't alloc sdesc\n");
 return PTR_ERR(sdesc);
 }
 
@@ -186,6 +187,23 @@ Code Example For Use of Operational State Memory With SHASH
 return ret;
 }
 
+static int test_hash(const unsigned char *data, unsigned int datalen,
+ unsigned char *digest)
+{
+struct crypto_shash *alg;
+char *hash_alg_name = "sha1-padlock-nano";
+int ret;
+
+alg = crypto_alloc_shash(hash_alg_name, CRYPTO_ALG_TYPE_SHASH, 0);
+if (IS_ERR(alg)) {
+pr_info("can't alloc alg %s\n", hash_alg_name);
+return PTR_ERR(alg);
+}
+ret = calc_hash(alg, data, datalen, digest);
+crypto_free_shash(alg);
+return ret;
+}
+
 
 Code Example For Random Number Generator Usage
 --
@@ -195,8 +213,8 @@ Code Example For Random Number Generator Usage
 
 static int get_random_numbers(u8 *buf, unsigned int len)
 {
-struct crypto_rngrng = NULL;
-chardrbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
+struct crypto_rng *rng = NULL;
+char *drbg = "drbg_nopr_sha256"; /* Hash DRBG with SHA-256, no PR */
 int ret;
 
 if (!buf || !len) {
@@ -207,7 +225,7 @@ Code Example For Random Number Generator Usage
 rng = crypto_alloc_rng(drbg, 0, 0);
 if (IS_ERR(rng)) {
 pr_debug("could not allocate RNG handle for %s\n", drbg);
-return -PTR_ERR(rng);
+return PTR_ERR(rng);
 }
 
 ret = crypto_rng_get_bytes(rng, buf, len);
-- 
2.7.4

[PATCH 13/36] docs-rst: add crypto API book to pdf output

[Mauro Carvalho Chehab]

The crypto API book was added without the bits required to
generate PDF output. Add them.

Signed-off-by: Mauro Carvalho Chehab 
---
 Documentation/conf.py|  2 ++
 Documentation/crypto/conf.py | 10 ++
 2 files changed, 12 insertions(+)
 create mode 100644 Documentation/crypto/conf.py

diff --git a/Documentation/conf.py b/Documentation/conf.py
index 15f34d6863a7..ce62723491d4 100644
--- a/Documentation/conf.py
+++ b/Documentation/conf.py
@@ -351,6 +351,8 @@ latex_documents = [
  'The kernel development community', 'manual'),
 ('core-api/index', 'core-api.tex', 'The kernel core API manual',
  'The kernel development community', 'manual'),
+('crypto/index', 'crypto-api.tex', 'Linux Kernel Crypto API manual',
+ 'The kernel development community', 'manual'),
 ('doc-guide/index', 'kernel-doc-guide.tex', 'Linux Kernel Documentation 
Guide',
  'The kernel development community', 'manual'),
 ('driver-api/index', 'driver-api.tex', 'The kernel driver API manual',
diff --git a/Documentation/crypto/conf.py b/Documentation/crypto/conf.py
new file mode 100644
index ..4335d251ddf3
--- /dev/null
+++ b/Documentation/crypto/conf.py
@@ -0,0 +1,10 @@
+# -*- coding: utf-8; mode: python -*-
+
+project = 'Linux Kernel Crypto API'
+
+tags.add("subproject")
+
+latex_documents = [
+('index', 'crypto-api.tex', 'Linux Kernel Crypto API manual',
+ 'The kernel development community', 'manual'),
+]
-- 
2.9.3

[PATCH 7/8] crypto: ecdh - fix ecdh_max_size

[Tudor Ambarus]

The function should return minimum size for output buffer
or error code if key hasn't been set.

Signed-off-by: Tudor Ambarus 
---
 crypto/ecdh.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index c1f0163..830dfb6 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -107,10 +107,10 @@ static int ecdh_compute_value(struct kpp_request *req)
 static int ecdh_max_size(struct crypto_kpp *tfm)
 {
struct ecdh_ctx *ctx = ecdh_get_ctx(tfm);
-   int nbytes = ctx->ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
 
-   /* Public key is made of two coordinates */
-   return 2 * nbytes;
+   /* Public key is made of two coordinates, add one to the left shift  */
+   return ctx->ndigits ? ctx->ndigits << (ECC_DIGITS_TO_BYTES_SHIFT + 1) :
+ -EINVAL;
 }
 
 static void no_exit_tfm(struct crypto_kpp *tfm)
-- 
2.7.4

[PATCH 5/8] crypto: ecc - remove casts in ecc_is_key_valid

[Tudor Ambarus]

ecc software implementation works with chunks of u64 data. There were some
unnecessary casts to u8 and then back to u64 for the ecc keys. This patch
removes the unnecessary casts.

Signed-off-by: Tudor Ambarus 
---
 crypto/ecc.c  | 6 +++---
 crypto/ecc.h  | 2 +-
 crypto/ecdh.c | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index e6f2725..e3a2b8f 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -904,7 +904,7 @@ static inline void ecc_swap_digits(const u64 *in, u64 *out,
 }
 
 int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
-const u8 *private_key, unsigned int private_key_len)
+const u64 *private_key, unsigned int private_key_len)
 {
int nbytes;
const struct ecc_curve *curve = ecc_get_curve(curve_id);
@@ -917,11 +917,11 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int 
ndigits,
if (private_key_len != nbytes)
return -EINVAL;
 
-   if (vli_is_zero((const u64 *)_key[0], ndigits))
+   if (vli_is_zero(private_key, ndigits))
return -EINVAL;
 
/* Make sure the private key is in the range [1, n-1]. */
-   if (vli_cmp(curve->n, (const u64 *)_key[0], ndigits) != 1)
+   if (vli_cmp(curve->n, private_key, ndigits) != 1)
return -EINVAL;
 
return 0;
diff --git a/crypto/ecc.h b/crypto/ecc.h
index f3351c4..af2ffdb 100644
--- a/crypto/ecc.h
+++ b/crypto/ecc.h
@@ -41,7 +41,7 @@
  * Returns 0 if the key is acceptable, a negative value otherwise
  */
 int ecc_is_key_valid(unsigned int curve_id, unsigned int ndigits,
-const u8 *private_key, unsigned int private_key_len);
+const u64 *private_key, unsigned int private_key_len);
 
 /**
  * ecdh_make_pub_key() - Compute an ECC public key
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index f69ec30..c1f0163 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -56,7 +56,7 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void 
*buf,
ctx->ndigits = ndigits;
 
if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits,
-(const u8 *)params.key, params.key_size) < 0)
+(const u64 *)params.key, params.key_size) < 0)
return -EINVAL;
 
memcpy(ctx->private_key, params.key, params.key_size);
-- 
2.7.4

[PATCH 6/8] crypto: dh - fix dh_max_size

[Tudor Ambarus]

The function should return minimum size for output buffer
or error code if key hasn't been set.

Signed-off-by: Tudor Ambarus 
---
 crypto/dh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/dh.c b/crypto/dh.c
index 7cec0498..325a5dd 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -148,7 +148,7 @@ static int dh_max_size(struct crypto_kpp *tfm)
 {
struct dh_ctx *ctx = dh_get_ctx(tfm);
 
-   return mpi_get_size(ctx->p);
+   return ctx->p ? mpi_get_size(ctx->p) : -EINVAL;
 }
 
 static void dh_exit_tfm(struct crypto_kpp *tfm)
-- 
2.7.4

[PATCH 8/8] crypto: ecc - don't be selfish on pubkeys

[Tudor Ambarus]

Rename ecdh_make_pub_key() to ecc_make_pub_key().
This function might as well be used by ecdsa.

Signed-off-by: Tudor Ambarus 
---
 crypto/ecc.c  | 4 ++--
 crypto/ecc.h  | 4 ++--
 crypto/ecdh.c | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index e3a2b8f..6c33c43 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -927,8 +927,8 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int 
ndigits,
return 0;
 }
 
-int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
- const u64 *private_key, u64 *public_key)
+int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,
+const u64 *private_key, u64 *public_key)
 {
int ret = 0;
struct ecc_point *pk;
diff --git a/crypto/ecc.h b/crypto/ecc.h
index af2ffdb..673c834 100644
--- a/crypto/ecc.h
+++ b/crypto/ecc.h
@@ -54,8 +54,8 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int 
ndigits,
  * Returns 0 if the public key was generated successfully, a negative value
  * if an error occurred.
  */
-int ecdh_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
- const u64 *private_key, u64 *public_key);
+int ecc_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
+const u64 *private_key, u64 *public_key);
 
 /**
  * crypto_ecdh_shared_secret() - Compute a shared secret
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 830dfb6..8b6450d 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -87,8 +87,8 @@ static int ecdh_compute_value(struct kpp_request *req)
 
buf = ctx->shared_secret;
} else {
-   ret = ecdh_make_pub_key(ctx->curve_id, ctx->ndigits,
-   ctx->private_key, ctx->public_key);
+   ret = ecc_make_pub_key(ctx->curve_id, ctx->ndigits,
+  ctx->private_key, ctx->public_key);
buf = ctx->public_key;
/* Public part is a point thus it has both coordinates */
nbytes *= 2;
-- 
2.7.4

[PATCH 4/8] crypto: ecc - remove casts in crypto_ecdh_shared_secret

[Tudor Ambarus]

ecc software implementation works with chunks of u64 data. There were some
unnecessary casts to u8 and then back to u64 for the ecc keys. This patch
removes the unnecessary casts.

Signed-off-by: Tudor Ambarus 
---
 crypto/ecc.c  | 12 ++--
 crypto/ecc.h  |  4 ++--
 crypto/ecdh.c |  6 +++---
 3 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 0d88cec..e6f2725 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -964,8 +964,8 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int 
ndigits,
 }
 
 int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
- const u8 *private_key, const u8 *public_key,
- u8 *secret)
+ const u64 *private_key, const u64 *public_key,
+ u64 *secret)
 {
int ret = 0;
struct ecc_point *product, *pk;
@@ -995,13 +995,13 @@ int crypto_ecdh_shared_secret(unsigned int curve_id, 
unsigned int ndigits,
goto err_alloc_product;
}
 
-   ecc_swap_digits((const u64 *)public_key, pk->x, ndigits);
-   ecc_swap_digits((const u64 *)_key[nbytes], pk->y, ndigits);
-   ecc_swap_digits((const u64 *)private_key, priv, ndigits);
+   ecc_swap_digits(public_key, pk->x, ndigits);
+   ecc_swap_digits(_key[ndigits], pk->y, ndigits);
+   ecc_swap_digits(private_key, priv, ndigits);
 
ecc_point_mult(product, pk, priv, rand_z, curve->p, ndigits);
 
-   ecc_swap_digits(product->x, (u64 *)secret, ndigits);
+   ecc_swap_digits(product->x, secret, ndigits);
 
if (ecc_point_is_zero(product))
ret = -EFAULT;
diff --git a/crypto/ecc.h b/crypto/ecc.h
index 0d1a2a6..f3351c4 100644
--- a/crypto/ecc.h
+++ b/crypto/ecc.h
@@ -73,6 +73,6 @@ int ecdh_make_pub_key(const unsigned int curve_id, unsigned 
int ndigits,
  * if an error occurred.
  */
 int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
- const u8 *private_key, const u8 *public_key,
- u8 *secret);
+ const u64 *private_key, const u64 *public_key,
+ u64 *secret);
 #endif
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 848a141..f69ec30 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -81,9 +81,9 @@ static int ecdh_compute_value(struct kpp_request *req)
return -EINVAL;
 
ret = crypto_ecdh_shared_secret(ctx->curve_id, ctx->ndigits,
-   (const u8 *)ctx->private_key,
-   (const u8 *)ctx->public_key,
-   (u8 *)ctx->shared_secret);
+   ctx->private_key,
+   ctx->public_key,
+   ctx->shared_secret);
 
buf = ctx->shared_secret;
} else {
-- 
2.7.4

[PATCH 0/8] cleanning and fixes for ecc, (ec)dh

[Tudor Ambarus]

The first two patches fix some typos and remove unused function arguments.

The next three remove some unnecessary casts for the ecc keys.

The next two fix the max_size() implemtations for (ec)dh. They were missing
the check if the key was set.

The last one allows other algorithms to use the function that generates
ecc public keys.

Tudor Ambarus (8):
  crypto: kpp, (ec)dh - fix typos
  crypto: ecc - remove unused function arguments
  crypto: ecc - remove casts in ecdh_make_pub_key
  crypto: ecc - remove casts in crypto_ecdh_shared_secret
  crypto: ecc - remove casts in ecc_is_key_valid
  crypto: dh - fix dh_max_size
  crypto: ecdh - fix ecdh_max_size
  crypto: ecc - don't be selfish on pubkeys

 crypto/dh.c   |  6 +++---
 crypto/dh_helper.c|  4 ++--
 crypto/ecc.c  | 32 ++--
 crypto/ecc.h  | 25 ++---
 crypto/ecdh.c | 24 +++-
 crypto/ecdh_helper.c  |  4 ++--
 include/crypto/dh.h   |  4 ++--
 include/crypto/ecdh.h |  4 ++--
 include/crypto/kpp.h  |  4 ++--
 9 files changed, 48 insertions(+), 59 deletions(-)

-- 
2.7.4

[PATCH 1/8] crypto: kpp, (ec)dh - fix typos

[Tudor Ambarus]

While here, add missing argument description (ndigits).

Signed-off-by: Tudor Ambarus 
---
 crypto/dh.c   | 4 ++--
 crypto/dh_helper.c| 4 ++--
 crypto/ecc.h  | 8 +---
 crypto/ecdh.c | 4 ++--
 crypto/ecdh_helper.c  | 4 ++--
 include/crypto/dh.h   | 4 ++--
 include/crypto/ecdh.h | 4 ++--
 include/crypto/kpp.h  | 4 ++--
 8 files changed, 19 insertions(+), 17 deletions(-)

diff --git a/crypto/dh.c b/crypto/dh.c
index 87e3542..7cec0498 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -4,9 +4,9 @@
  * Authors: Salvatore Benedetto 
  *
  * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
+ * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
+ * 2 of the License, or (at your option) any later version.
  */
 
 #include 
diff --git a/crypto/dh_helper.c b/crypto/dh_helper.c
index 02db76b..8ba8a3f 100644
--- a/crypto/dh_helper.c
+++ b/crypto/dh_helper.c
@@ -3,9 +3,9 @@
  * Authors: Salvatore Benedetto 
  *
  * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
+ * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
+ * 2 of the License, or (at your option) any later version.
  */
 #include 
 #include 
diff --git a/crypto/ecc.h b/crypto/ecc.h
index 663d598..37f4385 100644
--- a/crypto/ecc.h
+++ b/crypto/ecc.h
@@ -34,9 +34,9 @@
  * ecc_is_key_valid() - Validate a given ECDH private key
  *
  * @curve_id:  id representing the curve to use
- * @ndigits:   curve number of digits
+ * @ndigits:   curve's number of digits
  * @private_key:   private key to be used for the given curve
- * @private_key_len:   private key len
+ * @private_key_len:   private key length
  *
  * Returns 0 if the key is acceptable, a negative value otherwise
  */
@@ -47,9 +47,10 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int 
ndigits,
  * ecdh_make_pub_key() - Compute an ECC public key
  *
  * @curve_id:  id representing the curve to use
+ * @ndigits:   curve's number of digits
  * @private_key:   pregenerated private key for the given curve
  * @private_key_len:   length of private_key
- * @public_key:buffer for storing the public key generated
+ * @public_key:buffer for storing the generated public key
  * @public_key_len:length of the public_key buffer
  *
  * Returns 0 if the public key was generated successfully, a negative value
@@ -63,6 +64,7 @@ int ecdh_make_pub_key(const unsigned int curve_id, unsigned 
int ndigits,
  * crypto_ecdh_shared_secret() - Compute a shared secret
  *
  * @curve_id:  id representing the curve to use
+ * @ndigits:   curve's number of digits
  * @private_key:   private key of part A
  * @private_key_len:   length of private_key
  * @public_key:public key of counterpart B
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 63ca337..3623307 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -4,9 +4,9 @@
  * Authors: Salvator Benedetto 
  *
  * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
+ * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
+ * 2 of the License, or (at your option) any later version.
  */
 
 #include 
diff --git a/crypto/ecdh_helper.c b/crypto/ecdh_helper.c
index 3cd8a24..f05bea5 100644
--- a/crypto/ecdh_helper.c
+++ b/crypto/ecdh_helper.c
@@ -3,9 +3,9 @@
  * Authors: Salvatore Benedetto 
  *
  * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
+ * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
+ * 2 of the License, or (at your option) any later version.
  */
 #include 
 #include 
diff --git a/include/crypto/dh.h b/include/crypto/dh.h
index 6b424ad..f638998 100644
--- a/include/crypto/dh.h
+++ b/include/crypto/dh.h
@@ -73,9 +73,9 @@ int crypto_dh_encode_key(char *buf, unsigned int len, const 
struct dh *params);
 /**
  * crypto_dh_decode_key() - decode a private key
  * @buf:   Buffer holding a packet key that should be decoded
- * @len:   Lenth of the packet private key buffer
+ * @len:   Length of the packet private key buffer
  * @params:

[PATCH 2/8] crypto: ecc - remove unused function arguments

[Tudor Ambarus]

Signed-off-by: Tudor Ambarus 
---
 crypto/ecc.c  |  8 +++-
 crypto/ecc.h  | 13 +++--
 crypto/ecdh.c | 11 +--
 3 files changed, 11 insertions(+), 21 deletions(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 414c78a..69b4cc4 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -928,8 +928,7 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int 
ndigits,
 }
 
 int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
- const u8 *private_key, unsigned int private_key_len,
- u8 *public_key, unsigned int public_key_len)
+ const u8 *private_key, u8 *public_key)
 {
int ret = 0;
struct ecc_point *pk;
@@ -967,9 +966,8 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int 
ndigits,
 }
 
 int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
-  const u8 *private_key, unsigned int private_key_len,
-  const u8 *public_key, unsigned int public_key_len,
-  u8 *secret, unsigned int secret_len)
+ const u8 *private_key, const u8 *public_key,
+ u8 *secret)
 {
int ret = 0;
struct ecc_point *product, *pk;
diff --git a/crypto/ecc.h b/crypto/ecc.h
index 37f4385..1ca9bf7 100644
--- a/crypto/ecc.h
+++ b/crypto/ecc.h
@@ -49,16 +49,13 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int 
ndigits,
  * @curve_id:  id representing the curve to use
  * @ndigits:   curve's number of digits
  * @private_key:   pregenerated private key for the given curve
- * @private_key_len:   length of private_key
  * @public_key:buffer for storing the generated public key
- * @public_key_len:length of the public_key buffer
  *
  * Returns 0 if the public key was generated successfully, a negative value
  * if an error occurred.
  */
 int ecdh_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
- const u8 *private_key, unsigned int private_key_len,
- u8 *public_key, unsigned int public_key_len);
+ const u8 *private_key, u8 *public_key);
 
 /**
  * crypto_ecdh_shared_secret() - Compute a shared secret
@@ -66,11 +63,8 @@ int ecdh_make_pub_key(const unsigned int curve_id, unsigned 
int ndigits,
  * @curve_id:  id representing the curve to use
  * @ndigits:   curve's number of digits
  * @private_key:   private key of part A
- * @private_key_len:   length of private_key
  * @public_key:public key of counterpart B
- * @public_key_len:length of public_key
  * @secret:buffer for storing the calculated shared secret
- * @secret_len:length of the secret buffer
  *
  * Note: It is recommended that you hash the result of 
crypto_ecdh_shared_secret
  * before using it for symmetric encryption or HMAC.
@@ -79,7 +73,6 @@ int ecdh_make_pub_key(const unsigned int curve_id, unsigned 
int ndigits,
  * if an error occurred.
  */
 int crypto_ecdh_shared_secret(unsigned int curve_id, unsigned int ndigits,
-  const u8 *private_key, unsigned int private_key_len,
-  const u8 *public_key, unsigned int public_key_len,
-  u8 *secret, unsigned int secret_len);
+ const u8 *private_key, const u8 *public_key,
+ u8 *secret);
 #endif
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 3623307..69c3951 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -81,16 +81,15 @@ static int ecdh_compute_value(struct kpp_request *req)
return -EINVAL;
 
ret = crypto_ecdh_shared_secret(ctx->curve_id, ctx->ndigits,
-(const u8 *)ctx->private_key, nbytes,
-(const u8 *)ctx->public_key, 2 * 
nbytes,
-(u8 *)ctx->shared_secret, nbytes);
+   (const u8 *)ctx->private_key,
+   (const u8 *)ctx->public_key,
+   (u8 *)ctx->shared_secret);
 
buf = ctx->shared_secret;
} else {
ret = ecdh_make_pub_key(ctx->curve_id, ctx->ndigits,
-   (const u8 *)ctx->private_key, nbytes,
-   (u8 *)ctx->public_key,
-   sizeof(ctx->public_key));
+   (const u8 *)ctx->private_key,
+   (u8 *)ctx->public_key);
buf = ctx->public_key;
/* Public part is a point thus it has both coordinates */
nbytes *= 2;
-- 
2.7.4

[PATCH 3/8] crypto: ecc - remove casts in ecdh_make_pub_key

[Tudor Ambarus]

ecc software implementation works with chunks of u64 data. There were some
unnecessary casts to u8 and then back to u64 for the ecc keys. This patch
removes the unnecessary casts.

Signed-off-by: Tudor Ambarus 
---
 crypto/ecc.c  | 10 --
 crypto/ecc.h  |  2 +-
 crypto/ecdh.c |  3 +--
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/crypto/ecc.c b/crypto/ecc.c
index 69b4cc4..0d88cec 100644
--- a/crypto/ecc.c
+++ b/crypto/ecc.c
@@ -928,12 +928,11 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int 
ndigits,
 }
 
 int ecdh_make_pub_key(unsigned int curve_id, unsigned int ndigits,
- const u8 *private_key, u8 *public_key)
+ const u64 *private_key, u64 *public_key)
 {
int ret = 0;
struct ecc_point *pk;
u64 priv[ndigits];
-   unsigned int nbytes;
const struct ecc_curve *curve = ecc_get_curve(curve_id);
 
if (!private_key || !curve) {
@@ -941,7 +940,7 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int 
ndigits,
goto out;
}
 
-   ecc_swap_digits((const u64 *)private_key, priv, ndigits);
+   ecc_swap_digits(private_key, priv, ndigits);
 
pk = ecc_alloc_point(ndigits);
if (!pk) {
@@ -955,9 +954,8 @@ int ecdh_make_pub_key(unsigned int curve_id, unsigned int 
ndigits,
goto err_free_point;
}
 
-   nbytes = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
-   ecc_swap_digits(pk->x, (u64 *)public_key, ndigits);
-   ecc_swap_digits(pk->y, (u64 *)_key[nbytes], ndigits);
+   ecc_swap_digits(pk->x, public_key, ndigits);
+   ecc_swap_digits(pk->y, _key[ndigits], ndigits);
 
 err_free_point:
ecc_free_point(pk);
diff --git a/crypto/ecc.h b/crypto/ecc.h
index 1ca9bf7..0d1a2a6 100644
--- a/crypto/ecc.h
+++ b/crypto/ecc.h
@@ -55,7 +55,7 @@ int ecc_is_key_valid(unsigned int curve_id, unsigned int 
ndigits,
  * if an error occurred.
  */
 int ecdh_make_pub_key(const unsigned int curve_id, unsigned int ndigits,
- const u8 *private_key, u8 *public_key);
+ const u64 *private_key, u64 *public_key);
 
 /**
  * crypto_ecdh_shared_secret() - Compute a shared secret
diff --git a/crypto/ecdh.c b/crypto/ecdh.c
index 69c3951..848a141 100644
--- a/crypto/ecdh.c
+++ b/crypto/ecdh.c
@@ -88,8 +88,7 @@ static int ecdh_compute_value(struct kpp_request *req)
buf = ctx->shared_secret;
} else {
ret = ecdh_make_pub_key(ctx->curve_id, ctx->ndigits,
-   (const u8 *)ctx->private_key,
-   (u8 *)ctx->public_key);
+   ctx->private_key, ctx->public_key);
buf = ctx->public_key;
/* Public part is a point thus it has both coordinates */
nbytes *= 2;
-- 
2.7.4

Re: [PATCH 1/2] crypto: dh - fix dh_max_size

[Tudor Ambarus]

Please ignore this patch set. I will send all the changes in a new
patch set.

On 10.05.2017 16:04, Tudor Ambarus wrote:

The function should return minimum size for output buffer
or error code if key hasn't been set.

Signed-off-by: Tudor Ambarus 
---
 crypto/dh.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/dh.c b/crypto/dh.c
index 87e3542..53d17ff 100644
--- a/crypto/dh.c
+++ b/crypto/dh.c
@@ -148,7 +148,7 @@ static int dh_max_size(struct crypto_kpp *tfm)
 {
struct dh_ctx *ctx = dh_get_ctx(tfm);

-   return mpi_get_size(ctx->p);
+   return ctx->p ? mpi_get_size(ctx->p) : -EINVAL;
 }

 static void dh_exit_tfm(struct crypto_kpp *tfm)

Re: [PATCH 0/4] clean some ecc functions

[Tudor Ambarus]

Please ignore this patch set. I will send all the changes in a new
patch set.

On 10.05.2017 11:40, Tudor Ambarus wrote:

ecc software implementation works with chunks of u64 data. There were some
unnecessary casts to u8 and then back to u64 for the ecc keys. Remove the
unncessary casts.

Tudor Ambarus (4):
  crypto: ecc - remove unused function arguments
  crypto: ecc - remove casts in ecdh_make_pub_key
  crypto: ecc - remove casts in crypto_ecdh_shared_secret
  crypto: ecc - remove casts in ecc_is_key_valid

 crypto/ecc.c  | 30 +-
 crypto/ecc.h  | 15 ---
 crypto/ecdh.c | 12 +---
 3 files changed, 22 insertions(+), 35 deletions(-)

Re: [PATCH] hwrng: do not warn when there are no devices

[PrasannaKumar Muralidharan]

On 12 May 2017 at 13:17, Mike Frysinger  wrote:
>> Completely untested patch below. Will something like this work?
>>
>> --- a/drivers/char/hw_random/tpm-rng.c
>> +++ b/drivers/char/hw_random/tpm-rng.c
>> @@ -35,7 +35,13 @@ static int tpm_rng_read(struct hwrng *rng, void
>> *data, size_t max, bool wait)
>>
>>  static int __init rng_init(void)
>>  {
>> -   return hwrng_register(_rng);
>> +   struct tpm_chip *tpm_rng_chip = tpm_chip_find_get(TPM_ANY_NUM);
>> +   if (tpm_chip) {
>> +   tpm_put_ops(tpm_rng_chip);
>> +   return hwrng_register(_rng);
>> +   }
>> +
>> +   return -ENODEV;
>>  }
>>  module_init(rng_init);
>
> keep in mind that TPMs are often on slow buses like I2C, so i suspect
> rng_init runs before those have been initialized.  so this patch would
> break them.
>
> it would also break if the tpm drivers are modules that don't get
> loaded until later, but tpm-rng is built in.  or tpm-rng is loaded
> first.

Hmm. I am not aware of the tpm hardware or driver behavior. Based on
your explanation I see that this patch is not useful. It looks like it
is possible to detect the presence of tpm device and call
hwrng_register once the corresponding driver is loaded.

I leave it to Herbert to decide whether to accept this patch in
current form or not.

Regardless of whether this patch gets accepted or not I can work on a
better fix if you can provide instructions on how to setup and use
tpm. But that will be only after a couple of months.

Regards,
PrasannaKumar

Re: [PATCH] hwrng: do not warn when there are no devices

[Mike Frysinger]

On Fri, May 12, 2017 at 3:06 AM, PrasannaKumar Muralidharan wrote:
> On 12 May 2017 at 12:22, PrasannaKumar Muralidharan wrote:
> > On 12 May 2017 at 12:11, Mike Frysinger wrote:
> >> On Fri, May 12, 2017 at 2:15 AM, PrasannaKumar Muralidharan wrote:
> >>> On 12 May 2017 at 09:47, Mike Frysinger wrote:
> >>> > From: Mike Frysinger 
> >>> >
> >>> > If you build in hwrng & tpm-rng, but boot on a system that doesn't
> >>> > have a tpm (like via KVM), hwrng will spam the logs every 10 seconds
> >>> > with the line:
> >>> > hwrng: no data available
> >>> >
> >>> > This isn't terribly useful, so squelch the error in the ENODEV case.
> >>> > For all other errors, we still warn, and include the actual error.
> >
> > If the boot system does not have a tpm I think registering tpm-rng is
> > not useful. On tpm-rng load instead of registering with hwrng a check
> > can be made whether the system supports tpm. Is this possible?
>
> Completely untested patch below. Will something like this work?
>
> --- a/drivers/char/hw_random/tpm-rng.c
> +++ b/drivers/char/hw_random/tpm-rng.c
> @@ -35,7 +35,13 @@ static int tpm_rng_read(struct hwrng *rng, void
> *data, size_t max, bool wait)
>
>  static int __init rng_init(void)
>  {
> -   return hwrng_register(_rng);
> +   struct tpm_chip *tpm_rng_chip = tpm_chip_find_get(TPM_ANY_NUM);
> +   if (tpm_chip) {
> +   tpm_put_ops(tpm_rng_chip);
> +   return hwrng_register(_rng);
> +   }
> +
> +   return -ENODEV;
>  }
>  module_init(rng_init);

keep in mind that TPMs are often on slow buses like I2C, so i suspect
rng_init runs before those have been initialized.  so this patch would
break them.

it would also break if the tpm drivers are modules that don't get
loaded until later, but tpm-rng is built in.  or tpm-rng is loaded
first.
-mike

Re: [PATCH] hwrng: do not warn when there are no devices

[PrasannaKumar Muralidharan]

On 12 May 2017 at 12:22, PrasannaKumar Muralidharan
 wrote:
> On 12 May 2017 at 12:11, Mike Frysinger  wrote:
>> On Fri, May 12, 2017 at 2:15 AM, PrasannaKumar Muralidharan wrote:
>>> On 12 May 2017 at 09:47, Mike Frysinger  wrote:
>>> > From: Mike Frysinger 
>>> >
>>> > If you build in hwrng & tpm-rng, but boot on a system that doesn't
>>> > have a tpm (like via KVM), hwrng will spam the logs every 10 seconds
>>> > with the line:
>>> > hwrng: no data available
>>> >
>>> > This isn't terribly useful, so squelch the error in the ENODEV case.
>>> > For all other errors, we still warn, and include the actual error.
>
> If the boot system does not have a tpm I think registering tpm-rng is
> not useful. On tpm-rng load instead of registering with hwrng a check
> can be made whether the system supports tpm. Is this possible?

Completely untested patch below. Will something like this work?

diff --git a/drivers/char/hw_random/tpm-rng.c b/drivers/char/hw_random/tpm-rng.c
index d6d4482..f78f8ca 100644
--- a/drivers/char/hw_random/tpm-rng.c
+++ b/drivers/char/hw_random/tpm-rng.c
@@ -35,7 +35,13 @@ static int tpm_rng_read(struct hwrng *rng, void
*data, size_t max, bool wait)

 static int __init rng_init(void)
 {
-   return hwrng_register(_rng);
+   struct tpm_chip *tpm_rng_chip = tpm_chip_find_get(TPM_ANY_NUM);
+   if (tpm_chip) {
+   tpm_put_ops(tpm_rng_chip);
+   return hwrng_register(_rng);
+   }
+
+   return -ENODEV;
 }
 module_init(rng_init);

Thanks,
PrasannaKumar

Re: [PATCH] hwrng: do not warn when there are no devices

[PrasannaKumar Muralidharan]

On 12 May 2017 at 12:11, Mike Frysinger  wrote:
> On Fri, May 12, 2017 at 2:15 AM, PrasannaKumar Muralidharan wrote:
>> On 12 May 2017 at 09:47, Mike Frysinger  wrote:
>> > From: Mike Frysinger 
>> >
>> > If you build in hwrng & tpm-rng, but boot on a system that doesn't
>> > have a tpm (like via KVM), hwrng will spam the logs every 10 seconds
>> > with the line:
>> > hwrng: no data available
>> >
>> > This isn't terribly useful, so squelch the error in the ENODEV case.
>> > For all other errors, we still warn, and include the actual error.

If the boot system does not have a tpm I think registering tpm-rng is
not useful. On tpm-rng load instead of registering with hwrng a check
can be made whether the system supports tpm. Is this possible?

>> This patch removes the logging but does not fix the real problem.
>> Better method would be to start the hwrng_fillfn thread when first rng
>> provider registers and stop it when the last rng provider unregisters.
>
> what you describe is already implemented in the hw random code.  the
> kthread only starts up when a registration happens, and will stop it
> when the last rng unregisters itself.
>
> the issue is that tpm-rng has registered itself here, but there aren't
> any tpm devices available.  so it returns ENODEV.

Missed it. Please see if the above comment can be addressed.

Thanks,
PrasannaKumar

Re: [PATCH] hwrng: do not warn when there are no devices

[Mike Frysinger]

On Fri, May 12, 2017 at 2:15 AM, PrasannaKumar Muralidharan wrote:
> On 12 May 2017 at 09:47, Mike Frysinger  wrote:
> > From: Mike Frysinger 
> >
> > If you build in hwrng & tpm-rng, but boot on a system that doesn't
> > have a tpm (like via KVM), hwrng will spam the logs every 10 seconds
> > with the line:
> > hwrng: no data available
> >
> > This isn't terribly useful, so squelch the error in the ENODEV case.
> > For all other errors, we still warn, and include the actual error.
>
> This patch removes the logging but does not fix the real problem.
> Better method would be to start the hwrng_fillfn thread when first rng
> provider registers and stop it when the last rng provider unregisters.

what you describe is already implemented in the hw random code.  the
kthread only starts up when a registration happens, and will stop it
when the last rng unregisters itself.

the issue is that tpm-rng has registered itself here, but there aren't
any tpm devices available.  so it returns ENODEV.
-mike

Re: [PATCH] hwrng: do not warn when there are no devices

[PrasannaKumar Muralidharan]

On 12 May 2017 at 09:47, Mike Frysinger  wrote:
> From: Mike Frysinger 
>
> If you build in hwrng & tpm-rng, but boot on a system that doesn't
> have a tpm (like via KVM), hwrng will spam the logs every 10 seconds
> with the line:
> hwrng: no data available
>
> This isn't terribly useful, so squelch the error in the ENODEV case.
> For all other errors, we still warn, and include the actual error.

This patch removes the logging but does not fix the real problem.
Better method would be to start the hwrng_fillfn thread when first rng
provider registers and stop it when the last rng provider unregisters.

> Signed-off-by: Mike Frysinger 
> ---
>  drivers/char/hw_random/core.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/char/hw_random/core.c b/drivers/char/hw_random/core.c
> index 503a41dfa193..da24bd5a9902 100644
> --- a/drivers/char/hw_random/core.c
> +++ b/drivers/char/hw_random/core.c
> @@ -392,7 +392,8 @@ static int hwrng_fillfn(void *unused)
> mutex_unlock(_mutex);
> put_rng(rng);
> if (rc <= 0) {
> -   pr_warn("hwrng: no data available\n");
> +   if (rc != -ENODEV)
> +   pr_warn("hwrng: no data available: %li\n", 
> rc);
> msleep_interruptible(1);
> continue;
> }
> --
> 2.12.0
>