-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: add function to free rsa keypair #4028
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks reasonable to me but I would prefer to merge this only when we have at least one user of the new function.
Also, I think the CAAM driver (core/drivers/crypto/caam/acipher/caam_rsa.c
) needs to implement the new function otherwise crypto_acipher_free_rsa_keypair()
would crash.
@cneveux @sdininno @clementfaure
We could make the implementation of void crypto_acipher_free_rsa_public_key(struct rsa_public_key *s)
{
if (!s)
return;
crypto_bignum_free(s->n);
crypto_bignum_free(s->e);
} This should always be valid, same goes for the corresponding |
Function |
@jenswi-linaro |
The allocation in |
What I can see if I'm not wrong, there is a conversion from user binary buffer to internal TEE big number buffer. Then when exporting TEE internal big number buffer to User, there is a conversion big number to binary. Hence why adding this overhead that may not be useful? In case of CAAM Driver, the TEE internal big number must be converted back to binary to be used by the HW. I will not generalize but I never see a HW module using a big number format for the operation. I would be more logic to not convert User binary to bignumber when not needed and let the library or driver doing the conversion it needs. |
@cneveux, now I fear we have hijacked this PR. I agree with you, there's no point in using an intermediate format that will just be converted again. I'm happy to help sorting that out, but perhaps in another PR/Issue/private conversation. So back to this PR. For the time being let's have three implementations of @elias-vd, Jerome pointed out that: optee_os/core/drivers/crypto/caam/acipher/caam_rsa.c Lines 1650 to 1659 in 30c53a7
needs to have a .free_keypair initialization too.
|
I agree on the needs to have the |
Fixed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Acked-by: Jerome Forissier <jerome@forissier.org>
Preferably as a preparatory commit in #4011.
Please fix the compile error |
The new commit contains a new function to free the rsa keypair. The problem was that the |
static void do_keypair_free(struct caam_rsa_keypair *key) | ||
static void do_keypair_free_bn(struct rsa_keypair *key) | ||
{ | ||
if (!s) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test can be removed since this function is only called if key
isn't NULL.
@cneveux @sdininno @clementfaure are you OK with this too? |
Minor but if we want to be consistent with the Otherwise I'm ok |
@@ -85,7 +85,7 @@ static uint8_t caam_era; | |||
* | |||
* @key RSA keypair | |||
*/ | |||
static void do_keypair_free_bn(struct rsa_keypair *key) | |||
static void do_keypair_free(struct rsa_keypair *key) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This function name is duplicated. I suggested to rename it do_free_keypair
@@ -85,7 +85,7 @@ static uint8_t caam_era; | |||
* | |||
* @key RSA keypair | |||
*/ | |||
static void do_keypair_free(struct rsa_keypair *key) | |||
static void do_free_keypair(struct rsa_keypair *key) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
And so you have to change .free_keypair = &do_keypair_free,
to .free_keypair = &do_free_keypair,
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
minor: looks not very nice these 2 functions almost have the same names: do_keypair_free()
and do_fre_keypair
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are not doing the same and this is internal to the caam driver. This doesn't cause a problem for me
I think all comments have been addressed. If you agree I will sqash the commits? |
There was no function to proper free a rsa kepair from inside a PTA. Now there is crypto_acipher_free_rsa_keypair(). Signed-off-by: Elias von Däniken <elias.vondaeniken@bluewin.ch> Acked-by: Jerome Forissier <jerome@forissier.org> Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
792fb5d
to
50e8bb8
Compare
This seems about ready for merging, @cneveux is this OK with you? |
Yes, I'm ok with the latest update |
There was no function to proper free a rsa kepair from inside a PTA
or the core itself. Now there is crypto_acipher_free_rsa_keypair().
Signed-off-by: E. von Däniken elias.vondaeniken@bluewin.ch