linux/crypto/rsa_helper.c

/*
 * RSA key extract helper
 *
 * Copyright (c) 2015, Intel Corporation
 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
 * Software Foundation; either version 2 of the License, or (at your option)
 * any later version.
 *
 */
#include <linux/kernel.h>
#include <linux/export.h>
#include <linux/err.h>
#include <linux/fips.h>
#include <crypto/internal/rsa.h>
#include "rsapubkey-asn1.h"
#include "rsaprivkey-asn1.h"

int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
	      const void *value, size_t vlen)
{
	struct rsa_key *key = context;

	key->n = mpi_read_raw_data(value, vlen);

	if (!key->n)
		return -ENOMEM;

	/* In FIPS mode only allow key size 2K & 3K */
	if (fips_enabled && (mpi_get_size(key->n) != 256 &&
			     mpi_get_size(key->n) != 384)) {
		pr_err("RSA: key size not allowed in FIPS mode\n");
		mpi_free(key->n);
		key->n = NULL;
		return -EINVAL;
	}
	return 0;
}

int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
	      const void *value, size_t vlen)
{
	struct rsa_key *key = context;

	key->e = mpi_read_raw_data(value, vlen);

	if (!key->e)
		return -ENOMEM;

	return 0;
}

int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
	      const void *value, size_t vlen)
{
	struct rsa_key *key = context;

	key->d = mpi_read_raw_data(value, vlen);

	if (!key->d)
		return -ENOMEM;

	/* In FIPS mode only allow key size 2K & 3K */
	if (fips_enabled && (mpi_get_size(key->d) != 256 &&
			     mpi_get_size(key->d) != 384)) {
		pr_err("RSA: key size not allowed in FIPS mode\n");
		mpi_free(key->d);
		key->d = NULL;
		return -EINVAL;
	}
	return 0;
}

static void free_mpis(struct rsa_key *key)
{
	mpi_free(key->n);
	mpi_free(key->e);
	mpi_free(key->d);
	key->n = NULL;
	key->e = NULL;
	key->d = NULL;
}

/**
 * rsa_free_key() - frees rsa key allocated by rsa_parse_key()
 *
 * @rsa_key:	struct rsa_key key representation
 */
void rsa_free_key(struct rsa_key *key)
{
	free_mpis(key);
}
EXPORT_SYMBOL_GPL(rsa_free_key);

/**
 * rsa_parse_pub_key() - extracts an rsa public key from BER encoded buffer
 *			 and stores it in the provided struct rsa_key
 *
 * @rsa_key:	struct rsa_key key representation
 * @key:	key in BER format
 * @key_len:	length of key
 *
 * Return:	0 on success or error code in case of error
 */
int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
		      unsigned int key_len)
{
	int ret;

	free_mpis(rsa_key);
	ret = asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
	if (ret < 0)
		goto error;

	return 0;
error:
	free_mpis(rsa_key);
	return ret;
}
EXPORT_SYMBOL_GPL(rsa_parse_pub_key);

/**
 * rsa_parse_pub_key() - extracts an rsa private key from BER encoded buffer
 *			 and stores it in the provided struct rsa_key
 *
 * @rsa_key:	struct rsa_key key representation
 * @key:	key in BER format
 * @key_len:	length of key
 *
 * Return:	0 on success or error code in case of error
 */
int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
		       unsigned int key_len)
{
	int ret;

	free_mpis(rsa_key);
	ret = asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
	if (ret < 0)
		goto error;

	return 0;
error:
	free_mpis(rsa_key);
	return ret;
}
EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
crypto: rsa - add a new rsa generic implementation Add a new rsa generic SW implementation. This implements only cryptographic primitives. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Added select on ASN1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-16 20:31:01 +03:00			`/*`
			`* RSA key extract helper`
			`*`
			`* Copyright (c) 2015, Intel Corporation`
			`* Authors: Tadeusz Struk <tadeusz.struk@intel.com>`
			`*`
			`* This program is free software; you can redistribute it and/or modify it`
			`* under the terms of the GNU General Public License as published by the Free`
			`* Software Foundation; either version 2 of the License, or (at your option)`
			`* any later version.`
			`*`
			`*/`
			`#include <linux/kernel.h>`
			`#include <linux/export.h>`
			`#include <linux/err.h>`
			`#include <linux/fips.h>`
			`#include <crypto/internal/rsa.h>`
crypto: akcipher - Changes to asymmetric key API Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-10-08 19:26:55 +03:00			`#include "rsapubkey-asn1.h"`
			`#include "rsaprivkey-asn1.h"`
crypto: rsa - add a new rsa generic implementation Add a new rsa generic SW implementation. This implements only cryptographic primitives. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Added select on ASN1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-16 20:31:01 +03:00
			`int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,`
			`const void *value, size_t vlen)`
			`{`
			`struct rsa_key *key = context;`

			`key->n = mpi_read_raw_data(value, vlen);`

			`if (!key->n)`
			`return -ENOMEM;`

			`/* In FIPS mode only allow key size 2K & 3K */`
crypto: rsa - fix invalid check for keylen in fips mode The condition checking allowed key length was invalid. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-07-21 03:18:26 +03:00			`if (fips_enabled && (mpi_get_size(key->n) != 256 &&`
crypto: rsa - add a new rsa generic implementation Add a new rsa generic SW implementation. This implements only cryptographic primitives. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Added select on ASN1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-16 20:31:01 +03:00			`mpi_get_size(key->n) != 384)) {`
			`pr_err("RSA: key size not allowed in FIPS mode\n");`
			`mpi_free(key->n);`
			`key->n = NULL;`
			`return -EINVAL;`
			`}`
			`return 0;`
			`}`

			`int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,`
			`const void *value, size_t vlen)`
			`{`
			`struct rsa_key *key = context;`

			`key->e = mpi_read_raw_data(value, vlen);`

			`if (!key->e)`
			`return -ENOMEM;`

			`return 0;`
			`}`

			`int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,`
			`const void *value, size_t vlen)`
			`{`
			`struct rsa_key *key = context;`

			`key->d = mpi_read_raw_data(value, vlen);`

			`if (!key->d)`
			`return -ENOMEM;`

			`/* In FIPS mode only allow key size 2K & 3K */`
crypto: rsa - fix invalid check for keylen in fips mode The condition checking allowed key length was invalid. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-07-21 03:18:26 +03:00			`if (fips_enabled && (mpi_get_size(key->d) != 256 &&`
crypto: rsa - add a new rsa generic implementation Add a new rsa generic SW implementation. This implements only cryptographic primitives. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Added select on ASN1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-16 20:31:01 +03:00			`mpi_get_size(key->d) != 384)) {`
			`pr_err("RSA: key size not allowed in FIPS mode\n");`
			`mpi_free(key->d);`
			`key->d = NULL;`
			`return -EINVAL;`
			`}`
			`return 0;`
			`}`

			`static void free_mpis(struct rsa_key *key)`
			`{`
			`mpi_free(key->n);`
			`mpi_free(key->e);`
			`mpi_free(key->d);`
			`key->n = NULL;`
			`key->e = NULL;`
			`key->d = NULL;`
			`}`

			`/**`
			`* rsa_free_key() - frees rsa key allocated by rsa_parse_key()`
			`*`
			`* @rsa_key: struct rsa_key key representation`
			`*/`
			`void rsa_free_key(struct rsa_key *key)`
			`{`
			`free_mpis(key);`
			`}`
			`EXPORT_SYMBOL_GPL(rsa_free_key);`

			`/**`
crypto: akcipher - Changes to asymmetric key API Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-10-08 19:26:55 +03:00			`* rsa_parse_pub_key() - extracts an rsa public key from BER encoded buffer`
			`* and stores it in the provided struct rsa_key`
crypto: rsa - add a new rsa generic implementation Add a new rsa generic SW implementation. This implements only cryptographic primitives. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Added select on ASN1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-16 20:31:01 +03:00			`*`
			`* @rsa_key: struct rsa_key key representation`
			`* @key: key in BER format`
			`* @key_len: length of key`
			`*`
			`* Return: 0 on success or error code in case of error`
			`*/`
crypto: akcipher - Changes to asymmetric key API Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-10-08 19:26:55 +03:00			`int rsa_parse_pub_key(struct rsa_key rsa_key, const void key,`
			`unsigned int key_len)`
crypto: rsa - add a new rsa generic implementation Add a new rsa generic SW implementation. This implements only cryptographic primitives. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Added select on ASN1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-16 20:31:01 +03:00			`{`
			`int ret;`

			`free_mpis(rsa_key);`
crypto: akcipher - Changes to asymmetric key API Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-10-08 19:26:55 +03:00			`ret = asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);`
crypto: rsa - add a new rsa generic implementation Add a new rsa generic SW implementation. This implements only cryptographic primitives. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Added select on ASN1. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-06-16 20:31:01 +03:00			`if (ret < 0)`
			`goto error;`

			`return 0;`
			`error:`
			`free_mpis(rsa_key);`
			`return ret;`
			`}`
crypto: akcipher - Changes to asymmetric key API Setkey function has been split into set_priv_key and set_pub_key. Akcipher requests takes sgl for src and dst instead of void *. Users of the API i.e. two existing RSA implementation and test mgr code have been updated accordingly. Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> 2015-10-08 19:26:55 +03:00			`EXPORT_SYMBOL_GPL(rsa_parse_pub_key);`

			`/**`
			`* rsa_parse_pub_key() - extracts an rsa private key from BER encoded buffer`
			`* and stores it in the provided struct rsa_key`
			`*`
			`* @rsa_key: struct rsa_key key representation`
			`* @key: key in BER format`
			`* @key_len: length of key`
			`*`
			`* Return: 0 on success or error code in case of error`
			`*/`
			`int rsa_parse_priv_key(struct rsa_key rsa_key, const void key,`
			`unsigned int key_len)`
			`{`
			`int ret;`

			`free_mpis(rsa_key);`
			`ret = asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);`
			`if (ret < 0)`
			`goto error;`

			`return 0;`
			`error:`
			`free_mpis(rsa_key);`
			`return ret;`
			`}`
			`EXPORT_SYMBOL_GPL(rsa_parse_priv_key);`