lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 29 Feb 2024 10:11:05 +0100
From: Lukas Wunner <lukas@...ner.de>
To: Stefan Berger <stefanb@...ux.ibm.com>
Cc: keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
	herbert@...dor.apana.org.au, davem@...emloft.net,
	linux-kernel@...r.kernel.org, saulo.alessandre@....jus.br
Subject: Re: [PATCH v3 01/10] crypto: ecdsa - Convert byte arrays with key
 coordinates to digits

On Fri, Feb 23, 2024 at 03:41:40PM -0500, Stefan Berger wrote:
> +static inline void ecc_digits_from_bytes(const u8 *in, unsigned int nbytes,
> +					 u64 *out, unsigned int ndigits)
> +{
> +	unsigned int sz = ndigits << ECC_DIGITS_TO_BYTES_SHIFT;
> +	u8 tmp[ECC_MAX_DIGITS << ECC_DIGITS_TO_BYTES_SHIFT];
> +	unsigned int o = sz - nbytes;
> +
> +	memset(tmp, 0, o);
> +	memcpy(&tmp[o], in, nbytes);
> +	ecc_swap_digits(tmp, out, ndigits);
> +}

Copying the whole key into tmp seems inefficient.  You only need
special handling for the first few bytes of "in" (6 bytes in the
P521 case) and could use ecc_swap_digits() to convert the rest
of "in" directly to "out" without using tmp.

So it would be sufficient to allocate the first digit on the stack,
memset + memcpy, then convert that to native byte order into "in[0]"
and use ecc_swap_digits() for the rest.

And the special handling would be conditional on "!o", so is skipped
for existing curves.

Thanks,

Lukas

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ