Merge pull request #8696 from douzzer/20250418-linuxkm-lkcapi-cleanup

20250418-linuxkm-lkcapi-cleanup

Author: philljj

linuxkm/lkcapi_ecdh_glue.c

@@ -133,15 +133,15 @@ static struct kpp_alg ecdh_nist_p384 = {
     .exit                  = km_ecdh_exit,
 };
 
-/**
+/*
  * Set the secret. Kernel crypto expects secret is passed with
  * struct kpp_secret as header, followed by secret data as payload.
  * See these for more info:
  *  - crypto/ecdh_helper.c
  *  - include/crypto/kpp.h
  *
  * An empty payload means this function will gen the ecc key pair.
- * */
+ */
 static int km_ecdh_set_secret(struct crypto_kpp *tfm, const void *buf,
                               unsigned int len)
 {
@@ -360,12 +360,12 @@ static int km_ecdh_nist_p384_init(struct crypto_kpp *tfm)
     return km_ecdh_init(tfm, ECC_SECP384R1);
 }
 
-/**
+/*
  * Generate the ecc public key:
  *   - req->src should be null
  *   - req->dst is where we place the public key.
  * The kernel api expects raw uncompressed pub key, without leading byte.
- * */
+ */
 static int km_ecdh_gen_pub(struct kpp_request *req)
 {
     struct crypto_kpp *  tfm = NULL;
@@ -463,11 +463,11 @@ static int km_ecdh_gen_pub(struct kpp_request *req)
     return err;
 }
 
-/**
+/*
  * Generate ecc shared secret.
  *   - req->src has raw pub key from other party.
  *   - req->dst is shared secret output buffer.
- * */
+ */
 static int km_ecdh_compute_shared_secret(struct kpp_request *req)
 {
     struct crypto_kpp *  tfm = NULL;
@@ -596,7 +596,7 @@ static int linuxkm_test_ecdh_nist_p192(void)
 {
     int rc = 0;
     /* reference values from kernel crypto/testmgr.h */
-    const byte secret[] = {
+    static const byte secret[] = {
 #ifdef LITTLE_ENDIAN_ORDER
         0x02, 0x00, /* type */
         0x1e, 0x00, /* len */
@@ -613,7 +613,7 @@ static int linuxkm_test_ecdh_nist_p192(void)
     };
 
     /* 48 byte pub key */
-    const byte b_pub[] = {
+    static const byte b_pub[] = {
         0xc3, 0xba, 0x67, 0x4b, 0x71, 0xec, 0xd0, 0x76,
         0x7a, 0x99, 0x75, 0x64, 0x36, 0x13, 0x9a, 0x94,
         0x5d, 0x8b, 0xdc, 0x60, 0x90, 0x91, 0xfd, 0x3f,
@@ -622,7 +622,7 @@ static int linuxkm_test_ecdh_nist_p192(void)
         0x07, 0xd6, 0xbd, 0x1c, 0xe6, 0x8d, 0x9d, 0x67
     };
 
-    const byte expected_a_pub[] = {
+    static const byte expected_a_pub[] = {
         0x1a, 0x04, 0xdb, 0xa5, 0xe1, 0xdd, 0x4e, 0x79,
         0xa3, 0xe6, 0xef, 0x0e, 0x5c, 0x80, 0x49, 0x85,
         0xfa, 0x78, 0xb4, 0xef, 0x49, 0xbd, 0x4c, 0x7c,
@@ -632,7 +632,7 @@ static int linuxkm_test_ecdh_nist_p192(void)
     };
 
     /* 24 byte shared secret */
-    const byte shared_secret[] = {
+    static const byte shared_secret[] = {
         0xf4, 0x57, 0xcc, 0x4f, 0x1f, 0x4e, 0x31, 0xcc,
         0xe3, 0x40, 0x60, 0xc8, 0x06, 0x93, 0xc6, 0x2e,
         0x99, 0x80, 0x81, 0x28, 0xaf, 0xc5, 0x51, 0x74
@@ -651,7 +651,7 @@ static int linuxkm_test_ecdh_nist_p256(void)
 {
     int rc = 0;
     /* reference values from kernel crypto/testmgr.h */
-    const byte secret[] = {
+    static const byte secret[] = {
 #ifdef LITTLE_ENDIAN_ORDER
         0x02, 0x00, /* type */
         0x26, 0x00, /* len */
@@ -668,7 +668,7 @@ static int linuxkm_test_ecdh_nist_p256(void)
     };
 
     /* 64 byte pub key */
-    const byte b_pub[] = {
+    static const byte b_pub[] = {
         0xcc, 0xb4, 0xda, 0x74, 0xb1, 0x47, 0x3f, 0xea,
         0x6c, 0x70, 0x9e, 0x38, 0x2d, 0xc7, 0xaa, 0xb7,
         0x29, 0xb2, 0x47, 0x03, 0x19, 0xab, 0xdd, 0x34,
@@ -679,7 +679,7 @@ static int linuxkm_test_ecdh_nist_p256(void)
         0x6f, 0xdb, 0xa9, 0xaa, 0xfc, 0x77, 0x81, 0xf3,
     };
 
-    const byte expected_a_pub[] = {
+    static const byte expected_a_pub[] = {
         0x1a, 0x7f, 0xeb, 0x52, 0x00, 0xbd, 0x3c, 0x31,
         0x7d, 0xb6, 0x70, 0xc1, 0x86, 0xa6, 0xc7, 0xc4,
         0x3b, 0xc5, 0x5f, 0x6c, 0x6f, 0x58, 0x3c, 0xf5,
@@ -691,7 +691,7 @@ static int linuxkm_test_ecdh_nist_p256(void)
     };
 
     /* 32 byte shared secret */
-    const byte shared_secret[] = {
+    static const byte shared_secret[] = {
         0xea, 0x17, 0x6f, 0x7e, 0x6e, 0x57, 0x26, 0x38,
         0x8b, 0xfb, 0x41, 0xeb, 0xba, 0xc8, 0x6d, 0xa5,
         0xa8, 0x72, 0xd1, 0xff, 0xc9, 0x47, 0x3d, 0xaa,
@@ -710,7 +710,7 @@ static int linuxkm_test_ecdh_nist_p384(void)
 {
     int rc = 0;
     /* reference values from kernel crypto/testmgr.h */
-    const byte secret[] = {
+    static const byte secret[] = {
 #ifdef LITTLE_ENDIAN_ORDER
         0x02, 0x00, /* type */
         0x36, 0x00, /* len */
@@ -729,7 +729,7 @@ static int linuxkm_test_ecdh_nist_p384(void)
     };
 
     /* 96 byte pub key */
-    const byte b_pub[] = {
+    static const byte b_pub[] = {
         0xE5, 0x58, 0xDB, 0xEF, 0x53, 0xEE, 0xCD, 0xE3,
         0xD3, 0xFC, 0xCF, 0xC1, 0xAE, 0xA0, 0x8A, 0x89,
         0xA9, 0x87, 0x47, 0x5D, 0x12, 0xFD, 0x95, 0x0D,
@@ -745,7 +745,7 @@ static int linuxkm_test_ecdh_nist_p384(void)
     };
 
     /* 96 byte pub key */
-    const byte expected_a_pub[] = {
+    static const byte expected_a_pub[] = {
         0x66, 0x78, 0x42, 0xD7, 0xD1, 0x80, 0xAC, 0x2C,
         0xDE, 0x6F, 0x74, 0xF3, 0x75, 0x51, 0xF5, 0x57,
         0x55, 0xC7, 0x64, 0x5C, 0x20, 0xEF, 0x73, 0xE3,
@@ -761,7 +761,7 @@ static int linuxkm_test_ecdh_nist_p384(void)
     };
 
     /* 48 byte shared secret */
-    const byte shared_secret[] = {
+    static const byte shared_secret[] = {
         0x11, 0x18, 0x73, 0x31, 0xC2, 0x79, 0x96, 0x2D,
         0x93, 0xD6, 0x04, 0x24, 0x3F, 0xD5, 0x92, 0xCB,
         0x9D, 0x0A, 0x92, 0x6F, 0x42, 0x2E, 0x47, 0x18,
@@ -796,10 +796,10 @@ static int linuxkm_test_ecdh_nist_driver(const char * driver,
     byte *               dst_buf = NULL;
     unsigned int         src_len = pub_len;
     unsigned int         dst_len = 0;
-    /**
+    /*
      * Allocate the kpp transform, and set up
      * the kpp request.
-     * */
+     */
     tfm = crypto_alloc_kpp(driver, 0, 0);
     if (IS_ERR(tfm)) {
         pr_err("error: allocating kpp algorithm %s failed: %ld\n",

linuxkm/lkcapi_ecdsa_glue.c

@@ -316,7 +316,7 @@ static int km_ecdsa_nist_p521_init(struct crypto_akcipher *tfm)
 }
 #endif /* HAVE_ECC521 */
 
-/**
+/*
  * Verify an ecdsa_nist signature.
  *
  * The total size of req->src is src_len + dst_len:
@@ -326,7 +326,7 @@ static int km_ecdsa_nist_p521_init(struct crypto_akcipher *tfm)
  * dst should be null.
  * See kernel:
  *   - include/crypto/akcipher.h
- * */
+ */
 static int km_ecdsa_verify(struct akcipher_request *req)
 {
     struct crypto_akcipher * tfm = NULL;
@@ -358,26 +358,18 @@ static int km_ecdsa_verify(struct akcipher_request *req)
         goto ecdsa_verify_end;
     }
 
-    sig = malloc(sig_len);
+    sig = malloc(sig_len + hash_len);
     if (unlikely(sig == NULL)) {
         err = -ENOMEM;
         goto ecdsa_verify_end;
     }
 
-    hash = malloc(hash_len);
-    if (unlikely(hash == NULL)) {
-        err = -ENOMEM;
-        goto ecdsa_verify_end;
-    }
+    hash = sig + sig_len;
 
-    memset(sig, 0, sig_len);
-    memset(hash, 0, hash_len);
+    memset(sig, 0, sig_len + hash_len);
 
-    /* copy sig from req->src to sig */
-    scatterwalk_map_and_copy(sig, req->src, 0, sig_len, 0);
-
-    /* copy hash from req->src to hash */
-    scatterwalk_map_and_copy(hash, req->src, sig_len, hash_len, 0);
+    /* copy sig and hash from req->src to sig and contiguous hash buffer. */
+    scatterwalk_map_and_copy(sig, req->src, 0, sig_len + hash_len, 0);
 
     err = wc_ecc_verify_hash(sig, sig_len, hash, hash_len, &result, ctx->key);
 
@@ -401,7 +393,6 @@ static int km_ecdsa_verify(struct akcipher_request *req)
 
 ecdsa_verify_end:
     if (sig != NULL) { free(sig); sig = NULL; }
-    if (hash != NULL) { free(hash); hash = NULL; }
 
     #ifdef WOLFKM_DEBUG_ECDSA
     pr_info("info: exiting km_ecdsa_verify: %d\n", result);
@@ -416,7 +407,7 @@ static int linuxkm_test_ecdsa_nist_p192(void)
     /* reference value from kernel crypto/testmgr.h
      * OID_id_ecdsa_with_sha256 */
     /* 49 byte pub key */
-    const byte p192_pub[] = {
+    static const byte p192_pub[] = {
         0x04, 0xe2, 0x51, 0x24, 0x9b, 0xf7, 0xb6, 0x32,
         0x82, 0x39, 0x66, 0x3d, 0x5b, 0xec, 0x3b, 0xae,
         0x0c, 0xd5, 0xf2, 0x67, 0xd1, 0xc7, 0xe1, 0x02,
@@ -427,15 +418,15 @@ static int linuxkm_test_ecdsa_nist_p192(void)
     };
 
     /* 32 byte hash */
-    const byte hash[] = {
+    static const byte hash[] = {
         0x35, 0xec, 0xa1, 0xa0, 0x9e, 0x14, 0xde, 0x33,
         0x03, 0xb6, 0xf6, 0xbd, 0x0c, 0x2f, 0xb2, 0xfd,
         0x1f, 0x27, 0x82, 0xa5, 0xd7, 0x70, 0x3f, 0xef,
         0xa0, 0x82, 0x69, 0x8e, 0x73, 0x31, 0x8e, 0xd7
     };
 
     /* 55 byte sig */
-    const byte sig[] = {
+    static const byte sig[] = {
         0x30, 0x35, 0x02, 0x18, 0x3f, 0x72, 0x3f, 0x1f,
         0x42, 0xd2, 0x3f, 0x1d, 0x6b, 0x1a, 0x58, 0x56,
         0xf1, 0x8f, 0xf7, 0xfd, 0x01, 0x48, 0xfb, 0x5f,
@@ -467,7 +458,7 @@ static int linuxkm_test_ecdsa_nist_p256(void)
     /* reference value from kernel crypto/testmgr.h
      * OID_id_ecdsa_with_sha256 */
     /* 65 byte pub key */
-    const byte p256_pub[] = {
+    static const byte p256_pub[] = {
         0x04, 0xf1, 0xea, 0xc4, 0x53, 0xf3, 0xb9, 0x0e,
         0x9f, 0x7e, 0xad, 0xe3, 0xea, 0xd7, 0x0e, 0x0f,
         0xd6, 0x98, 0x9a, 0xca, 0x92, 0x4d, 0x0a, 0x80,
@@ -480,15 +471,15 @@ static int linuxkm_test_ecdsa_nist_p256(void)
     };
 
     /* 32 byte hash */
-    const byte hash[] = {
+    static const byte hash[] = {
         0x8f, 0x43, 0x43, 0x46, 0x64, 0x8f, 0x6b, 0x96,
         0xdf, 0x89, 0xdd, 0xa9, 0x01, 0xc5, 0x17, 0x6b,
         0x10, 0xa6, 0xd8, 0x39, 0x61, 0xdd, 0x3c, 0x1a,
         0xc8, 0x8b, 0x59, 0xb2, 0xdc, 0x32, 0x7a, 0xa4
     };
 
     /* 71 byte sig */
-    const byte sig[] = {
+    static const byte sig[] = {
         0x30, 0x45, 0x02, 0x20, 0x08, 0x31, 0xfa, 0x74,
         0x0d, 0x1d, 0x21, 0x5d, 0x09, 0xdc, 0x29, 0x63,
         0xa8, 0x1a, 0xad, 0xfc, 0xac, 0x44, 0xc3, 0xe8,
@@ -520,7 +511,7 @@ static int linuxkm_test_ecdsa_nist_p384(void)
     /* reference value from kernel crypto/testmgr.h
      * OID_id_ecdsa_with_sha384 */
     /* 97 byte pub key */
-    const byte p384_pub[] = {
+    static const byte p384_pub[] = {
         0x04, 0x3a, 0x2f, 0x62, 0xe7, 0x1a, 0xcf, 0x24,
         0xd0, 0x0b, 0x7c, 0xe0, 0xed, 0x46, 0x0a, 0x4f,
         0x74, 0x16, 0x43, 0xe9, 0x1a, 0x25, 0x7c, 0x55,
@@ -537,7 +528,7 @@ static int linuxkm_test_ecdsa_nist_p384(void)
     };
 
     /* 48 byte hash */
-    const byte hash[] = {
+    static const byte hash[] = {
         0x8d, 0xf2, 0xc0, 0xe9, 0xa8, 0xf3, 0x8e, 0x44,
         0xc4, 0x8c, 0x1a, 0xa0, 0xb8, 0xd7, 0x17, 0xdf,
         0xf2, 0x37, 0x1b, 0xc6, 0xe3, 0xf5, 0x62, 0xcc,
@@ -547,7 +538,7 @@ static int linuxkm_test_ecdsa_nist_p384(void)
     };
 
     /* 104 byte sig */
-    const byte sig[] = {
+    static const byte sig[] = {
         0x30, 0x66, 0x02, 0x31, 0x00, 0x9b, 0x28, 0x68,
         0xc0, 0xa1, 0xea, 0x8c, 0x50, 0xee, 0x2e, 0x62,
         0x35, 0x46, 0xfa, 0x00, 0xd8, 0x2d, 0x7a, 0x91,
@@ -584,7 +575,7 @@ static int linuxkm_test_ecdsa_nist_p521(void)
     /* reference value from kernel crypto/testmgr.h
      * OID_id_ecdsa_with_sha521 */
     /* 133 byte pub key */
-    const byte p521_pub[] = {
+    static const byte p521_pub[] = {
         0x04, 0x00, 0xc7, 0x65, 0xee, 0x0b, 0x86, 0x7d,
         0x8f, 0x02, 0xf1, 0x74, 0x5b, 0xb0, 0x4c, 0x3f,
         0xa6, 0x35, 0x60, 0x9f, 0x55, 0x23, 0x11, 0xcc,
@@ -605,7 +596,7 @@ static int linuxkm_test_ecdsa_nist_p521(void)
     };
 
     /* 64 byte hash */
-    const byte hash[] = {
+    static const byte hash[] = {
         0x5c, 0xa6, 0xbc, 0x79, 0xb8, 0xa0, 0x1e, 0x11,
         0x83, 0xf7, 0xe9, 0x05, 0xdf, 0xba, 0xf7, 0x69,
         0x97, 0x22, 0x32, 0xe4, 0x94, 0x7c, 0x65, 0xbd,
@@ -617,7 +608,7 @@ static int linuxkm_test_ecdsa_nist_p521(void)
     };
 
     /* 139 byte sig */
-    const byte sig[] = {
+    static const byte sig[] = {
         0x30, 0x81, 0x88, 0x02, 0x42, 0x01, 0x5c, 0x71,
         0x86, 0x96, 0xac, 0x21, 0x33, 0x7e, 0x4e, 0xaa,
         0x86, 0xec, 0xa8, 0x05, 0x03, 0x52, 0x56, 0x63,
@@ -664,11 +655,26 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
     struct crypto_akcipher *  tfm = NULL;
     struct akcipher_request * req = NULL;
     struct scatterlist        src_tab[2];
+    byte *                    param_copy = NULL;
     byte *                    bad_sig = NULL;
-    /**
+
+    /* Allocate param_copy -- scatterwalk_map_and_copy() unmaps the buffers in
+     * the sg list, so we can't safely use the passed pointers directly.
+     */
+    param_copy = (byte *)malloc(sig_len + hash_len);
+    if (! param_copy) {
+        pr_err("error: allocating param_copy buffer failed.\n");
+        goto test_ecdsa_nist_end;
+    }
+    memcpy(param_copy, sig, sig_len);
+    sig = param_copy;
+    memcpy(param_copy + sig_len, hash, hash_len);
+    hash = param_copy + sig_len;
+
+    /*
      * Allocate the akcipher transform, and set up
      * the akcipher request.
-     * */
+     */
     tfm = crypto_alloc_akcipher(driver, 0, 0);
     if (IS_ERR(tfm)) {
         pr_err("error: allocating akcipher algorithm %s failed: %ld\n",
@@ -699,14 +705,15 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
         }
     }
 
-    /**
+    /*
      * Set sig as src, and null as dst.
      * src_tab is:
      *   src_tab[0]: signature
      *   src_tab[1]: message (hash)
      *
      * src_len is sig size
-     * dst_len is hash size. */
+     * dst_len is hash size.
+     */
     sg_init_table(src_tab, 2);
     sg_set_buf(&src_tab[0], sig, sig_len);
     sg_set_buf(&src_tab[1], hash, hash_len);
@@ -747,6 +754,7 @@ static int linuxkm_test_ecdsa_nist_driver(const char * driver,
 test_ecdsa_nist_end:
     if (req) { akcipher_request_free(req); req = NULL; }
     if (tfm) { crypto_free_akcipher(tfm); tfm = NULL; }
+    if (param_copy) { free(param_copy); }
     if (bad_sig) { free(bad_sig); bad_sig = NULL; }
 
     #ifdef WOLFKM_DEBUG_ECDSA