linux/include/crypto/dh.h

99 lines
3.0 KiB
C
Raw Normal View History

/* SPDX-License-Identifier: GPL-2.0-or-later */
/*
* Diffie-Hellman secret to be used with kpp API along with helper functions
*
* Copyright (c) 2016, Intel Corporation
* Authors: Salvatore Benedetto <salvatore.benedetto@intel.com>
*/
#ifndef _CRYPTO_DH_
#define _CRYPTO_DH_
/**
* DOC: DH Helper Functions
*
* To use DH with the KPP cipher API, the following data structure and
* functions should be used.
*
* To use DH with KPP, the following functions should be used to operate on
* a DH private key. The packet private key that can be set with
* the KPP API function call of crypto_kpp_set_secret.
*/
/**
* struct dh - define a DH private key
*
* @key: Private DH key
* @p: Diffie-Hellman parameter P
* @g: Diffie-Hellman generator G
* @key_size: Size of the private DH key
* @p_size: Size of DH parameter P
* @g_size: Size of DH generator G
*/
struct dh {
const void *key;
const void *p;
const void *g;
unsigned int key_size;
unsigned int p_size;
unsigned int g_size;
};
/**
* crypto_dh_key_len() - Obtain the size of the private DH key
* @params: private DH key
*
* This function returns the packet DH key size. A caller can use that
* with the provided DH private key reference to obtain the required
* memory size to hold a packet key.
*
* Return: size of the key in bytes
*/
unsigned int crypto_dh_key_len(const struct dh *params);
/**
* crypto_dh_encode_key() - encode the private key
* @buf: Buffer allocated by the caller to hold the packet DH
* private key. The buffer should be at least crypto_dh_key_len
* bytes in size.
* @len: Length of the packet private key buffer
* @params: Buffer with the caller-specified private key
*
* The DH implementations operate on a packet representation of the private
* key.
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
int crypto_dh_encode_key(char *buf, unsigned int len, const struct dh *params);
/**
* crypto_dh_decode_key() - decode a private key
* @buf: Buffer holding a packet key that should be decoded
* @len: Length of the packet private key buffer
* @params: Buffer allocated by the caller that is filled with the
* unpacked DH private key.
*
* The unpacking obtains the private key by pointing @p to the correct location
* in @buf. Thus, both pointers refer to the same memory.
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
int crypto_dh_decode_key(const char *buf, unsigned int len, struct dh *params);
crypto: dh - split out deserialization code from crypto_dh_decode() A subsequent commit will introduce "dh" wrapping templates of the form "ffdhe2048(dh)", "ffdhe3072(dh)" and so on in order to provide built-in support for the well-known safe-prime ffdhe group parameters specified in RFC 7919. Those templates' ->set_secret() will wrap the inner "dh" implementation's ->set_secret() and set the ->p and ->g group parameters as appropriate on the way inwards. More specifically, - A ffdheXYZ(dh) user would call crypto_dh_encode() on a struct dh instance having ->p == ->g == NULL as well as ->p_size == ->g_size == 0 and pass the resulting buffer to the outer ->set_secret(). - This outer ->set_secret() would then decode the struct dh via crypto_dh_decode_key(), set ->p, ->g, ->p_size as well as ->g_size as appropriate for the group in question and encode the struct dh again before passing it further down to the inner "dh"'s ->set_secret(). The problem is that crypto_dh_decode_key() implements some basic checks which would reject parameter sets with ->p_size == 0 and thus, the ffdheXYZ templates' ->set_secret() cannot use it as-is for decoding the passed buffer. As the inner "dh"'s ->set_secret() will eventually conduct said checks on the final parameter set anyway, the outer ->set_secret() really only needs the decoding functionality. Split out the pure struct dh decoding part from crypto_dh_decode_key() into the new __crypto_dh_decode_key(). __crypto_dh_decode_key() gets defined in crypto/dh_helper.c, but will have to get called from crypto/dh.c and thus, its declaration must be somehow made available to the latter. Strictly speaking, __crypto_dh_decode_key() is internal to the dh_generic module, yet it would be a bit over the top to introduce a new header like e.g. include/crypto/internal/dh.h containing just a single prototype. Add the __crypto_dh_decode_key() declaration to include/crypto/dh.h instead. Provide a proper kernel-doc annotation, even though __crypto_dh_decode_key() is purposedly not on the function list specified in Documentation/crypto/api-kpp.rst. Signed-off-by: Nicolai Stange <nstange@suse.de> Reviewed-by: Hannes Reinecke <hare@suse.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2022-02-21 20:10:51 +08:00
/**
* __crypto_dh_decode_key() - decode a private key without parameter checks
* @buf: Buffer holding a packet key that should be decoded
* @len: Length of the packet private key buffer
* @params: Buffer allocated by the caller that is filled with the
* unpacked DH private key.
*
* Internal function providing the same services as the exported
* crypto_dh_decode_key(), but without any of those basic parameter
* checks conducted by the latter.
*
* Return: -EINVAL if buffer has insufficient size, 0 on success
*/
int __crypto_dh_decode_key(const char *buf, unsigned int len,
struct dh *params);
#endif