-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
driver: crypto: hisilicon: add X25519 and X448 algorithm #7001
Conversation
@jforissier @jenswi-linaro Do you have any comments? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The commit message could have a few more words about what this patch does. The comment at the start of mpre_mongomery.c
, "Kunpeng hardware accelerator hpre montgomery algorithm implementation", gives an idea of what's going on.
|
||
ret = hpre_bin_from_crypto_bin(p, p, msg->key_bytes, msg->curve_bytes); | ||
if (ret) { | ||
EMSG("Fail to transfer montgomery p from crypto_bin to |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please keep this print in one line, same goes the for other prints. It's OK if this line with the format string becomes longer than 80.
|
||
/* NID_X25519 */ | ||
/* p = (2 ^ 255 - 19) big endian */ | ||
static uint8_t g_x25519_p[] = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
const
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05 | ||
}; | ||
|
||
static struct hpre_mgm_curve g_curve_list[] = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
const
also.
This change will also request the related argument of hpre_montgomery_params_fill()
and hpre_montgomery_request_init()
is also const
.
|
||
return TEE_SUCCESS; | ||
pub_err: | ||
free(key->priv); |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
return HISI_QM_DRVCRYPT_EINVAL; | ||
} | ||
|
||
return 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
return HISI_QM_DRVCRYPT_NO_ERR
shift = bsize - p_size; | ||
ret = memcmp(u + shift, p + shift, p_size); | ||
if (ret >= 0) { | ||
EMSG("u > p"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
>
or >=
?
return ret; | ||
} | ||
|
||
static struct drvcrypt_montgomery driver_x25519 = { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
const
?
{ | ||
struct hisi_qp *montgomery_qp; | ||
TEE_Result res = TEE_SUCCESS; | ||
int32_t ret = 0; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Type should be enum hisi_drv_status
.
res
and ret
labels are very similar, it can be confusing. Could you rename one of them? For example:
- int32_t ret = 0;
+ enum hisi_drv_status status = HISI_QM_DRVCRYPT_NO_ERR;
ret = hpre_montgomery_do_task(&msg); | ||
if (ret) { | ||
EMSG("Fail to do montgomery shared secret task! ret = 0x%" | ||
PIRX16, ret); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/PIRX16
/PRIX32
/
|
||
ret = hpre_montgomery_do_task(&msg); | ||
if (ret) { | ||
EMSG("Fail to do montgomery key pair task ret = 0x%"PRIX16, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/PRIX16
/PRIX32
uint8_t *privkey, | ||
uint8_t *pubkey) | ||
{ | ||
TEE_Result ret = TEE_SUCCESS; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ret
should be of type enum hisi_drv_status
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You forgot to address this comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry,missed this.
Solved.
062673d
to
dab1242
Compare
|
||
static TEE_Result hpre_montgomery_do_task(struct hpre_montgomery_msg *msg) | ||
{ | ||
struct hisi_qp *montgomery_qp; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
= NULL
|
||
ret = hpre_montgomery_do_task(&msg); | ||
if (ret) { | ||
EMSG("Fail to do montgomery shared secret task! ret = 0x%"PIRX32, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/PIRX32/PRIX32/
uint32_t result; | ||
}; | ||
|
||
TEE_Result hpre_montgomery_init(void); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think exporting this function is needed, it's called from an initcall level. It could be static
within hpre_montgomery.c.
#ifndef __HPRE_MONTGOMERYH__ | ||
#define __HPRE_MONTGOMERYH__ | ||
|
||
#include <stdbool.h> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems stdbool.h is no more needed.
df95b85
to
5d2eb2f
Compare
@jenswi-linaro @etienne-lms All comments have been solved. |
@jenswi-linaro @etienne-lms All comments have been solved. |
* byte to zero instead. | ||
*/ | ||
if (msg->key_bytes == BITS_TO_BYTES(X25519_KEY_BITS)) { | ||
dst[31] &= 248; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a comment explaining that this is for the X25519 case with a 32-byte integer.
It's a bit curious that masking is done using decimal values instead of hexadecimal, it might be worth mentioning that's how it's done in the example in the RFC.
dst[0] |= 64; | ||
u[0] &= 0x7F; | ||
} else { | ||
dst[55 + bsize - dsize] &= 252; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a comment explaining that this is for the X448 case with a 56-byte integer.
Why is bsize - dsize
needed?
struct hpre_montgomery_msg *msg = info; | ||
struct hpre_sqe *sqe = bd; | ||
|
||
sqe->w0 = msg->alg_type | (0x1 << HPRE_DONE_SHIFT); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Prefer SHIFT_U32(0x1, HPRE_DONE_SHIFT)
core/drivers/crypto/hisilicon/sub.mk
Outdated
@@ -6,3 +6,4 @@ srcs-y += sec_cipher.c | |||
srcs-$(CFG_HISILICON_ACC_V3) += hpre_main.c | |||
srcs-$(CFG_HISILICON_ACC_V3) += hpre_dh.c | |||
srcs-$(CFG_HISILICON_ACC_V3) += hpre_ecc.c | |||
srcs-$(CFG_HISILICON_ACC_V3) += hpre_montgomery.c |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the missing end-of-line character.
@jenswi-linaro @etienne-lms All comments have been solved. |
1 similar comment
@jenswi-linaro @etienne-lms All comments have been solved. |
uint8_t *privkey, | ||
uint8_t *pubkey) | ||
{ | ||
TEE_Result ret = TEE_SUCCESS; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You forgot to address this comment.
err1 = HPRE_TASK_ETYPE1(sqe->w0); | ||
done = HPRE_TASK_DONE(sqe->w0); | ||
if (done != HPRE_HW_TASK_DONE || err || err1) { | ||
EMSG("HPRE do x_dh fail! done=0x%"PRIX16", etype=0x%"PRIX16",etype1=0x%"PRIX16, done, err, err1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For coding style:
EMSG("HPRE do x_dh fail! done=0x%"PRIX16", etype=0x%"PRIX16", etype1=0x%"PRIX16,
done, err, err1);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solved
|
||
ret = hpre_montgomery_do_task(&msg); | ||
if (ret) { | ||
EMSG("Fail to do montgomery shared secret task! ret = 0x%"PRIX32, ret); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
EMSG("Fail to do montgomery shared secret task! ret = %#"PRIX32,
ret);
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solved.
* Copyright (c) 2024 HiSilicon Limited. | ||
*/ | ||
#ifndef __HPRE_MONTGOMERYH__ | ||
#define __HPRE_MONTGOMERYH__ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/__HPRE_MONTGOMERYH__
/__HPRE_MONTGOMERY_H__
/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Solved.
uint8_t *u = msg->in; | ||
uint8_t *dst = k; | ||
uint32_t bsize = msg->key_bytes; | ||
uint32_t dsize = msg->curve_bytes; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the difference between dsize
and psize
? They always hold the same value.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
psize is the size of public key. Its value is the same as curve_bytes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe I can just use dsize here
* to 576 when curve_bytes is between 384 and 576, and the high-order | ||
* bits will be set to 0. | ||
*/ | ||
dst[55 + bsize - dsize] &= 0xFC; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I never got an answer to why bsize - dsize
is needed. Doesn't dst[55 + bsize - dsize]
address out of range of dst[]
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is our hardware limit that key_bytes will be set to 72(576/8) when curve_bytes is between 48 and 72.So, dsize is 56 here, and bsize is 72.
dst[0 + bsize - dsize] |= 0x80; | ||
} | ||
|
||
shift = bsize - psize; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would you describe shift
, what does it represent?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shift means the offset I need to take into accout when I deal with the data related to protocol
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
due to hardware limit mentioned above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It sounds like offset
would be a better name. Please add a comment describing how this variable is used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
solved
eb4c4a9
to
1f5bc64
Compare
|
@etienne-lms All comments have been solved |
add operation of X25519 and X448 algorithm, including alloc_keypair, gen_keypar and shared_secret Signed-off-by: yuzexi <[email protected]> Acked-by: Jens Wiklander <[email protected]> Acked-by: Etienne Carriere <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me.
@jforissier All comments have been solved. |
add X22519 and X448