From 6755fd269d5c100b0eca420db501ae58435efd6e Mon Sep 17 00:00:00 2001 From: Tudor-Dan Ambarus Date: Tue, 30 May 2017 17:52:48 +0300 Subject: crypto: ecdh - add privkey generation support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add support for generating ecc private keys. Generation of ecc private keys is helpful in a user-space to kernel ecdh offload because the keys are not revealed to user-space. Private key generation is also helpful to implement forward secrecy. If the user provides a NULL ecc private key, the kernel will generate it and further use it for ecdh. Move ecdh's object files below drbg's. drbg must be present in the kernel at the time of calling. Signed-off-by: Tudor Ambarus Reviewed-by: Stephan Müller Signed-off-by: Herbert Xu --- crypto/ecdh.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'crypto/ecdh.c') diff --git a/crypto/ecdh.c b/crypto/ecdh.c index 4aa0b0cb4627..61c7708905d0 100644 --- a/crypto/ecdh.c +++ b/crypto/ecdh.c @@ -55,6 +55,10 @@ static int ecdh_set_secret(struct crypto_kpp *tfm, const void *buf, ctx->curve_id = params.curve_id; ctx->ndigits = ndigits; + if (!params.key || !params.key_size) + return ecc_gen_privkey(ctx->curve_id, ctx->ndigits, + ctx->private_key); + if (ecc_is_key_valid(ctx->curve_id, ctx->ndigits, (const u64 *)params.key, params.key_size) < 0) return -EINVAL; -- cgit v1.2.3-58-ga151