new file mode 100644

@@ -0,0 +1,145 @@

+From 1216f535bb8c385e2ec10ed7e892695cef673438 Mon Sep 17 00:00:00 2001

+From: Keerthana K <keerthanak@vmware.com>

+Date: Sun, 15 Oct 2023 03:25:33 +0000

+Subject: [PATCH] ecc: Add pairwise consistency test for every generated ECC

+ keypairs

+

+Signed-off-by: Keerthana K <keerthanak@vmware.com>

+---

+ crypto/ecc.c | 113 +++++++++++++++++++++++++++++++++++++++++++++++++++

+ 1 file changed, 113 insertions(+)

+

+diff --git a/crypto/ecc.c b/crypto/ecc.c

+index fe3792c41..d2dee9323 100644

+--- a/crypto/ecc.c

+@@ -1492,6 +1492,117 @@ int ecc_gen_privkey(unsigned int curve_id, unsigned int ndigits, u64 *privkey)

+ 	return 0;

+ }

+ 

++#define ECC_MAX_PRIV_KEY_SZ 8

++#define ECC_MAX_PUB_KEY_SZ 12

++#define ECC_P256_SS_SZ 32

++#define ECC_P384_SS_SZ 48

++

++struct static_keypair {

++	u64 priv_key[ECC_MAX_PRIV_KEY_SZ];

++	u64 pub_key[ECC_MAX_PUB_KEY_SZ];

++};

++

++static const struct static_keypair ecc_p256 = {

++		.priv_key = {

++				9452439779319861540ULL,

++				11761858801976435446ULL,

++				10581797902970445963ULL,

++				9419536734775104336ULL,

++				0, 0, 0, 0,

++		},

++		.pub_key = {

++				3547918415549923098ULL,

++				14179485049500513917ULL,

++				17671096273477813563ULL,

++				6890828708320535478ULL,

++				216030908325808746ULL,

++				7709452682360784951ULL,

++				8590731219336823402ULL,

++				16071639722929465850ULL,

++				0, 0, 0, 0,

++		},

++};

++

++static const struct static_keypair ecc_p384 = {

++		.priv_key = {

++				14313235887423266569ULL,

++				9198168633825396889ULL,

++				1589555625840288886ULL,

++				6189876718282884870ULL,

++				17170508223326936035ULL,

++				10714409278094487103ULL,

++				0, 0,

++

++		},

++		.pub_key = {

++				3219089472411039846ULL,

++				6338061617631358942ULL,

++				16389706391199467349ULL,

++				16599922655348274198ULL,

++				13023764348400057054ULL,

++				12268192317188507592ULL,

++				14607969375289705108ULL,

++				4594462565568104956ULL,

++				12485352420393681765ULL,

++				10300752922574070944ULL,

++				15728762062766055403ULL,

++				2065027171005275110ULL,

++		},

++};

++

++static int ecc_pct(unsigned int curve_id, unsigned int ndigits,

++	    const u64 *private_key, const u64 *public_key)

++{

++	int ret = 0;

++	u64 *shared_secret_a = NULL;

++	u64 *shared_secret_b = NULL;

++	unsigned short ss_size = 0;

++	const u64* static_priv_key = NULL;

++	const u64* static_pub_key = NULL;

++

++	if (curve_id == 2) {

++		ss_size = ECC_P256_SS_SZ;

++		static_priv_key = ecc_p256.priv_key;

++		static_pub_key = ecc_p256.pub_key;

++	} else if (curve_id == 3) {

++		ss_size = ECC_P384_SS_SZ;

++		static_priv_key = ecc_p384.priv_key;

++		static_pub_key = ecc_p384.pub_key;

++	}

++

++	shared_secret_a = fcw_kmalloc(ss_size, GFP_KERNEL);

++	if (!shared_secret_a) {

++		ret = -ENOMEM;

++		goto out;

++	}

++	shared_secret_b = fcw_kmalloc(ss_size, GFP_KERNEL);

++	if (!shared_secret_b) {

++		ret = -ENOMEM;

++		goto out;

++	}

++

++	ret = crypto_ecdh_shared_secret(curve_id, ndigits,

++					static_priv_key, public_key, shared_secret_a);

++	if (ret < 0)

++		goto out;

++	ret = crypto_ecdh_shared_secret(curve_id, ndigits,

++					private_key, static_pub_key, shared_secret_b);

++	if (ret < 0)

++		goto out;

++

++	if (memcmp(shared_secret_a, shared_secret_b, ss_size)) {

++		fcw_printk("Pairwise Consistency Test for ECC keys failed\n");

++		ret = -EFAULT;

++		goto out;

++	}

++	fcw_printk("Pairwise Consistency Test for ECC keys passed\n");

++

++out:

++	kfree(shared_secret_a);

++	kfree(shared_secret_b);

++	return ret;

++}

++

+ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,

+ 		     const u64 *private_key, u64 *public_key)

+ {

+@@ -1524,6 +1635,8 @@ int ecc_make_pub_key(unsigned int curve_id, unsigned int ndigits,

+ 	ecc_swap_digits(pk->x, public_key, ndigits);

+ 	ecc_swap_digits(pk->y, &public_key[ndigits], ndigits);

+ 

++	ret = ecc_pct(curve_id, ndigits, private_key, public_key);

++

+ err_free_point:

+ 	ecc_free_point(pk);

+ out:

+-- 

+2.19.0

+

@@ -1945,7 +1945,7 @@ index 2e6b280f9..b23d8f1d9 100644

  static const struct kpp_testvec dh_tv_template[] = {

  	{

  	.secret =

-@@ -4399,6 +5958,58 @@ static const struct kpp_testvec ecdh_p384_tv_template[] = {

+@@ -4399,6 +5952,52 @@ static const struct kpp_testvec ecdh_p384_tv_template[] = {

  	.b_public_size = 96,

  	.expected_a_public_size = 96,

  	.expected_ss_size = 48

@@ -1953,19 +1953,13 @@ index 2e6b280f9..b23d8f1d9 100644

 +	.secret =

 +#ifdef __LITTLE_ENDIAN

 +	"\x02\x00" /* type */

-+	"\x36\x00" /* len */

-+	"\x30\x00" /* key_size */

++	"\x06\x00" /* len */

++	"\x00\x00", /* key_size */

 +#else

 +	"\x00\x02" /* type */

-+	"\x00\x36" /* len */

-+	"\x00\x30" /* key_size */

++	"\x00\x06" /* len */

++	"\x00\x00", /* key_size */

 +#endif

-+	"\x09\x9F\x3C\x70\x34\xD4\xA2\xC6"

-+	"\x99\x88\x4D\x73\xA3\x75\xA6\x7F"

-+	"\x76\x24\xEF\x7C\x6B\x3C\x0F\x16"

-+	"\x06\x47\xB6\x74\x14\xDC\xE6\x55"

-+	"\xE3\x5B\x53\x80\x41\xE6\x49\xEE"

-+	"\x3F\xAE\xF8\x96\x78\x3A\xB1\x94",

 +	.b_secret =

 +#ifdef __LITTLE_ENDIAN

 +	"\x02\x00" /* type */

@@ -1995,7 +1989,7 @@ index 2e6b280f9..b23d8f1d9 100644

 +	"\xDD\x5F\x0C\x68\x75\x9D\xD1\xFF"

 +	"\xF8\x3F\xA4\x01\x42\x20\x9D\xFF"

 +	"\x5E\xAA\xD9\x6D\xB9\xE6\x38\x6C",

-+	.secret_size = 54,

++	.secret_size = 6,

 +	.b_secret_size = 54,

 +	.b_public_size = 96,

 +	.expected_a_public_size = 96,

@@ -23,7 +23,7 @@

 Summary:        Kernel

 Name:           linux-esx

 Version:        6.1.56

-Release:        4%{?kat_build:.kat}%{?dist}

+Release:        5%{?kat_build:.kat}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org

 Group:          System Environment/Kernel

@@ -529,6 +529,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 %{_usrsrc}/linux-headers-%{uname_r}

 %changelog

+* Wed Nov 29 2023 Keerthana K <keerthanak@vmware.com> 6.1.56-5

+- Modified ecdh-nist-p384 vector to generate ECC keypair

 * Wed Nov 29 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 6.1.56-4

 - Upgrade canister to 5.0.0-6.1.56-3

 * Wed Nov 29 2023 Srish Srinivasan <ssrish@vmware.com> 6.1.56-3

@@ -16,7 +16,7 @@

 Summary:        Kernel

 Name:           linux-rt

 Version:        6.1.56

-Release:        4%{?kat_build:.kat}%{?dist}

+Release:        5%{?kat_build:.kat}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org

 Group:          System Environment/Kernel

@@ -560,6 +560,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 %{_usrsrc}/linux-headers-%{uname_r}

 %changelog

+* Wed Nov 29 2023 Keerthana K <keerthanak@vmware.com> 6.1.56-5

+- Modified ecdh-nist-p384 vector to generate ECC keypair

 * Wed Nov 29 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 6.1.56-4

 - Upgrade canister to 5.0.0-6.1.56-3

 * Wed Nov 29 2023 Srish Srinivasan <ssrish@vmware.com> 6.1.56-3

@@ -16,7 +16,7 @@

 Summary:        Kernel

 Name:           linux-secure

 Version:        6.1.56

-Release:        4%{?kat_build:.kat}%{?dist}

+Release:        5%{?kat_build:.kat}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org

 Group:          System Environment/Kernel

@@ -166,6 +166,7 @@ Patch10006: 0005-Move-__bug_table-section-to-fips_canister_wrapper.patch

 Patch10007: 0006-crypto-Add-prandom-module_kthread_exit-to-canister-w.patch

 Patch10008: 0007-crypto-Remove-EXPORT_SYMBOL-EXPORT_SYMBOL_GPL-from-c.patch

 Patch10009: 0008-Move-kernel-structures-usage.patch

+Patch10010: 0009-ecc-Add-pairwise-consistency-test-for-every-generate.patch

 %endif

 BuildArch:      x86_64

@@ -276,7 +277,7 @@ The kernel fips-canister

 %endif

 %if 0%{?canister_build}

-%autopatch -p1 -m10000 -M10009

+%autopatch -p1 -m10000 -M10010

 %endif

 %ifarch x86_64

@@ -459,6 +460,9 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 %endif

 %changelog

+* Wed Nov 29 2023 Keerthana K <keerthanak@vmware.com> 6.1.56-5

+- Add Pairwise Consistency Test for ECC generated keypairs

+- Modified ecdh-nist-p384 vector to generate ECC keypair

 * Wed Nov 29 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 6.1.56-4

 - Upgrade canister to 5.0.0-6.1.56-3

 * Wed Nov 29 2023 Srish Srinivasan <ssrish@vmware.com> 6.1.56-3

@@ -27,7 +27,7 @@

 Summary:        Kernel

 Name:           linux

 Version:        6.1.56

-Release:        5%{?acvp_build:.acvp}%{?kat_build:.kat}%{?dist}

+Release:        6%{?acvp_build:.acvp}%{?kat_build:.kat}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

@@ -793,6 +793,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 %{_datadir}/bash-completion/completions/bpftool

 %changelog

+* Wed Nov 29 2023 Keerthana K <keerthanak@vmware.com> 6.1.56-6

+- Modified ecdh-nist-p384 vector to generate ECC keypair

 * Wed Nov 29 2023 Vamsi Krishna Brahmajosyula <vbrahmajosyula@vmware.com> 6.1.56-5

 - Upgrade canister to 5.0.0-6.1.56-3

 * Wed Nov 29 2023 Srish Srinivasan <ssrish@vmware.com> 6.1.56-4