Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp1079938lqb;
        Wed, 29 May 2024 22:28:14 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVcBtA43f2vQuNJpKwZ6RbjnSCk7dcUxmAwQ5G6QHjWS1vVvm0K1oXHCLGlzxe7OWJeogU5eVgHeR+adOnHWYy5No+WchXIjHbowppbww==
X-Google-Smtp-Source: AGHT+IHC6wZUkV8abS5rxMALKFEqgH5JZSiukQ3cyKc+wXn5aK1uQZhyiltE8cgyspj14SIZRoKN
X-Received: by 2002:a05:6359:c07:b0:189:8b22:b95 with SMTP id e5c5f4694b2df-199b9861ae0mr84930455d.29.1717046894408;
        Wed, 29 May 2024 22:28:14 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717046894; cv=pass;
        d=google.com; s=arc-20160816;
        b=g3h2as4krCTXJ3UVVhza0IqGvi0cw+SUE9kBgnBA/sVguIbD9SuIuxrLppzpxUyhUj
         ALdd2w05sHgcNyOW658vIkDWJ833l2CLOe6nd6YyOHG5ns2+RAahwqeByRKTSAmyknF0
         DSHh7zAmb/gpRL6h6EE9POLN+TSHI4cTxPAf+pKYOAgOgy335wescknaBIkXHO/g8IG1
         VjDokXJCy1ffJpcNLeFr0uD0JNI9LXM2aSKUtDVxp+J06m3q1w5Qr330s2OCsJwmP92q
         9WdeV+dQSaFt/qR3aEzNqn9ix2b6KxJ8t59n//1Ytg5VzvpbTDoJ5Pd5QguZf5gbLY6C
         gI0A==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:references:to:from:subject:cc:message-id:date
         :content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:dkim-signature;
        bh=YIjzWtaBl7DKcChIpXeKAfzfw5UD8/brbpRge1cazkE=;
        fh=WWjADH6PQAccBbhAzysZ23DVRdk4u8LQanecdgGdGwE=;
        b=vPm36jiFcnpeTg1rlqi64RARPp9eWylZpLs/S50QBY6cA/JezSa6cmfdod5ZQBuCRY
         1t8O9UNjvWde2fJHCCdx+uKWJTLNvFOLU0aW+ZpMIQtUGCCXjygRWi3N0t+P6YlPHWio
         TWemnZzIc2/MzvJ156nOtGW0UDbBgPLOS1pNsPDyO6FOTm3+lNDg5Rfqv0Oib2UlujeA
         /C+HItJPDHFGgJmwnhs+318Ed8RwK5rNOLA+k3npGlK/aYVt6NgQ8ZxyhJIlyrTEFMVz
         kJOQjMh5GB75n5MX7vgWnVS+hIs8pp78ZDVFpUmQQf26GZWy0SOIdOgCePw0Rs2xgsoi
         iakw==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uF0QRilb;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-crypto+bounces-4516-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4516-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-crypto+bounces-4516-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1])
        by mx.google.com with ESMTPS id 41be03b00d2f7-682299340e9si11386180a12.596.2024.05.29.22.28.14
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 29 May 2024 22:28:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-4516-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=uF0QRilb;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-crypto+bounces-4516-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4516-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id E1440285487
	for <linux.lists.archive@gmail.com>; Thu, 30 May 2024 05:28:13 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 221AE143C4D;
	Thu, 30 May 2024 05:28:09 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="uF0QRilb"
X-Original-To: linux-crypto@vger.kernel.org
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C6B49143878;
	Thu, 30 May 2024 05:28:08 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717046888; cv=none; b=WYBtDWJsE1vCslhCcL42A1irvYbZFz4elj35kJScfIYjI9MbKejNHdefknmwl4itOJjQ38rzP+SqRW0xbdIG+2Gc6dy2LlUd4yG0/I2WCHNBdmg0Df9TRwiXeXpftQMM/OYtj9mLEUgxZ+2pIBWgpz/0XLXQ91hqtGdnNF0p+ds=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717046888; c=relaxed/simple;
	bh=HhxLngg+9MrDBAFyn+rA3EfB0F+kdCAVkPfHuQxHetQ=;
	h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To:
	 References:In-Reply-To; b=BQmHbIo8Oaw0bftzIJPbqPb185N9oqZM747bnemTphmKj8rCZ3znSy1rffCmz8MzAjur2gh9ZzKn6EXW2LwQ7i1QjHlmP+gwRwaQ7eecCe4kQ32KzUiT6b3DC7+bJQBNv6NT9M3tK2wtAjDiB7G3GRZrFtnCNTv0rGBATaY1OB0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=uF0QRilb; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id F2258C2BBFC;
	Thu, 30 May 2024 05:28:04 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1717046888;
	bh=HhxLngg+9MrDBAFyn+rA3EfB0F+kdCAVkPfHuQxHetQ=;
	h=Date:Cc:Subject:From:To:References:In-Reply-To:From;
	b=uF0QRilbM2sgFAaAhUnAluAl9zYRZZVhp+eNAo6BunLLZqBtK2Akx+Mwj1esh7+ur
	 +TgABnHZOJYQV4xYZBsNY9QIGoXNPgghpvr6aR+QgSg3JqglS4Lt6U6KL8WrHjZAGo
	 Xh9JzZsS/oUE9xzQ6WpBRixVfC1drhy1JMbd/arutdjIuhfaoz0PCQORXTRRO1DVYx
	 xoNd7RSlrIRgSQpojujABtle0/oa2rA1dry/8s/230FOLGV5AOr6zXx0PLfgBKMRAt
	 HW7xh0JdSXrXepB8RuGfW/N2fZGZzKr9yonj6zsqzbzhzjLYrVV6IYgQawwCXO/k4d
	 EEF/5H76uz3fQ==
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Thu, 30 May 2024 08:28:01 +0300
Message-Id: <D1MQBJSYUBRS.12KH2S8FUK0XS@kernel.org>
Cc: <linux-kernel@vger.kernel.org>, <lukas@wunner.de>
Subject: Re: [PATCH 1/2] crypto: ecdsa - Use ecc_digits_from_bytes to create
 hash digits array
From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Stefan Berger" <stefanb@linux.ibm.com>, <keyrings@vger.kernel.org>,
 <linux-crypto@vger.kernel.org>, <herbert@gondor.apana.org.au>,
 <davem@davemloft.net>
X-Mailer: aerc 0.17.0
References: <20240529230827.379111-1-stefanb@linux.ibm.com>
 <20240529230827.379111-2-stefanb@linux.ibm.com>
In-Reply-To: <20240529230827.379111-2-stefanb@linux.ibm.com>

On Thu May 30, 2024 at 2:08 AM EEST, Stefan Berger wrote:
> Since ecc_digits_from_bytes will provide zeros when an insufficient numbe=
r
> of bytes are passed in the input byte array, use it to create the hash
> digits directly from the input byte array. This avoids going through an
> intermediate byte array (rawhash) that has the first few bytes filled wit=
h
> zeros.
>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
>  crypto/ecdsa.c | 17 ++++-------------
>  1 file changed, 4 insertions(+), 13 deletions(-)
>
> diff --git a/crypto/ecdsa.c b/crypto/ecdsa.c
> index 258fffbf623d..fa029f36110b 100644
> --- a/crypto/ecdsa.c
> +++ b/crypto/ecdsa.c
> @@ -142,10 +142,8 @@ static int ecdsa_verify(struct akcipher_request *req=
)
>  	struct ecdsa_signature_ctx sig_ctx =3D {
>  		.curve =3D ctx->curve,
>  	};
> -	u8 rawhash[ECC_MAX_BYTES];
>  	u64 hash[ECC_MAX_DIGITS];
>  	unsigned char *buffer;
> -	ssize_t diff;
>  	int ret;
> =20
>  	if (unlikely(!ctx->pub_key_set))
> @@ -164,18 +162,11 @@ static int ecdsa_verify(struct akcipher_request *re=
q)
>  	if (ret < 0)
>  		goto error;
> =20
> -	/* if the hash is shorter then we will add leading zeros to fit to ndig=
its */
> -	diff =3D bufsize - req->dst_len;
> -	if (diff >=3D 0) {
> -		if (diff)
> -			memset(rawhash, 0, diff);
> -		memcpy(&rawhash[diff], buffer + req->src_len, req->dst_len);
> -	} else if (diff < 0) {
> -		/* given hash is longer, we take the left-most bytes */
> -		memcpy(&rawhash, buffer + req->src_len, bufsize);
> -	}
> +	if (bufsize > req->dst_len)
> +		bufsize =3D req->dst_len;
> =20
> -	ecc_swap_digits((u64 *)rawhash, hash, ctx->curve->g.ndigits);
> +	ecc_digits_from_bytes(buffer + req->src_len, bufsize,
> +			      hash, ctx->curve->g.ndigits);
> =20
>  	ret =3D _ecdsa_verify(ctx, hash, sig_ctx.r, sig_ctx.s);
> =20

Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>

I don't think it'd be even nit-picking to say that the function
called would really need kdoc. I had to spend about 20 minutes
to reacall ecc_digits_from_bytes().

Like something to remind what, how and why... So that you can
recap quickly. Once I got grip of it (for the 2nd time) the
code itself was just fine, no complains on that.

BR, Jarkko