crypto: hisilicon/hpre - Add processing of src_data in 'CURVE25519'

mainline inclusion
from mainline-v5.13-rc1
commit 0ae86992
category: feature
bugzilla: 173981
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ae869926fab00b95709518d72cca2d50a29eccd

----------------------------------------------------------------------

HPRE can only deal with src_data smaller than 'p' in 'CURVE25519'
algorithm, but 'rfc7748' says:
'Implementations MUST accept non-canonical values and process them as
if they had been reduced modulo the field prime'
So we get its modulus to p, and then deal it with HPRE.
Signed-off-by: NMeng Yu <yumeng18@huawei.com>
Signed-off-by: NHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: NMingqiang Ling <lingmingqiang@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

drivers/crypto/hisilicon/hpre/hpre_crypto.c

@@ -1729,6 +1729,17 @@ static int hpre_curve25519_msg_request_set(struct hpre_ctx *ctx,
 	return 0;
 }
 
+static void hpre_curve25519_src_modulo_p(u8 *ptr)
+{
+	int i;
+
+	for (i = 0; i < CURVE25519_KEY_SIZE - 1; i++)
+		ptr[i] = 0;
+
+	/* The modulus is ptr's last byte minus '0xed'(last byte of p) */
+	ptr[i] -= 0xed;
+}
+
 static int hpre_curve25519_src_init(struct hpre_asym_request *hpre_req,
 				    struct scatterlist *data, unsigned int len)
 {
@@ -1767,10 +1778,13 @@ static int hpre_curve25519_src_init(struct hpre_asym_request *hpre_req,
 	curve = ecc_get_curve25519();
 
 	fill_curve_param(p, curve->p, CURVE25519_KEY_SIZE, curve->g.ndigits);
-	if (memcmp(ptr, p, ctx->key_sz) >= 0) {
-		dev_err(dev, "gx is out of p!\n");
-		goto err;
-	}
+
+	/*
+	 * When src_data equals (2^255 - 19) ~  (2^255 - 1), it is out of p,
+	 * we get its modulus to p, and then use it.
+	 */
+	if (memcmp(ptr, p, ctx->key_sz) >= 0)
+		hpre_curve25519_src_modulo_p(ptr);
 
 	hpre_req->src = ptr;
 	msg->in = cpu_to_le64(dma);