mirror of
https://github.com/torvalds/linux.git
synced 2024-11-23 04:31:50 +00:00
8be0b84e58
When parsing a private key, store all non-optional fields. These are required for enabling CRT mode for decrypt and verify Signed-off-by: Salvatore Benedetto <salvatore.benedetto@intel.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
192 lines
4.2 KiB
C
192 lines
4.2 KiB
C
/*
|
|
* RSA key extract helper
|
|
*
|
|
* Copyright (c) 2015, Intel Corporation
|
|
* Authors: Tadeusz Struk <tadeusz.struk@intel.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License as published by the Free
|
|
* Software Foundation; either version 2 of the License, or (at your option)
|
|
* any later version.
|
|
*
|
|
*/
|
|
#include <linux/kernel.h>
|
|
#include <linux/export.h>
|
|
#include <linux/err.h>
|
|
#include <linux/fips.h>
|
|
#include <crypto/internal/rsa.h>
|
|
#include "rsapubkey-asn1.h"
|
|
#include "rsaprivkey-asn1.h"
|
|
|
|
int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
|
|
const void *value, size_t vlen)
|
|
{
|
|
struct rsa_key *key = context;
|
|
const u8 *ptr = value;
|
|
size_t n_sz = vlen;
|
|
|
|
/* invalid key provided */
|
|
if (!value || !vlen)
|
|
return -EINVAL;
|
|
|
|
if (fips_enabled) {
|
|
while (!*ptr && n_sz) {
|
|
ptr++;
|
|
n_sz--;
|
|
}
|
|
|
|
/* In FIPS mode only allow key size 2K & 3K */
|
|
if (n_sz != 256 && n_sz != 384) {
|
|
pr_err("RSA: key size not allowed in FIPS mode\n");
|
|
return -EINVAL;
|
|
}
|
|
}
|
|
|
|
key->n = value;
|
|
key->n_sz = vlen;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
|
|
const void *value, size_t vlen)
|
|
{
|
|
struct rsa_key *key = context;
|
|
|
|
/* invalid key provided */
|
|
if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
|
|
return -EINVAL;
|
|
|
|
key->e = value;
|
|
key->e_sz = vlen;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
|
|
const void *value, size_t vlen)
|
|
{
|
|
struct rsa_key *key = context;
|
|
|
|
/* invalid key provided */
|
|
if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
|
|
return -EINVAL;
|
|
|
|
key->d = value;
|
|
key->d_sz = vlen;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
|
|
const void *value, size_t vlen)
|
|
{
|
|
struct rsa_key *key = context;
|
|
|
|
/* invalid key provided */
|
|
if (!value || !vlen || vlen > key->n_sz)
|
|
return -EINVAL;
|
|
|
|
key->p = value;
|
|
key->p_sz = vlen;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
|
|
const void *value, size_t vlen)
|
|
{
|
|
struct rsa_key *key = context;
|
|
|
|
/* invalid key provided */
|
|
if (!value || !vlen || vlen > key->n_sz)
|
|
return -EINVAL;
|
|
|
|
key->q = value;
|
|
key->q_sz = vlen;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
|
|
const void *value, size_t vlen)
|
|
{
|
|
struct rsa_key *key = context;
|
|
|
|
/* invalid key provided */
|
|
if (!value || !vlen || vlen > key->n_sz)
|
|
return -EINVAL;
|
|
|
|
key->dp = value;
|
|
key->dp_sz = vlen;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
|
|
const void *value, size_t vlen)
|
|
{
|
|
struct rsa_key *key = context;
|
|
|
|
/* invalid key provided */
|
|
if (!value || !vlen || vlen > key->n_sz)
|
|
return -EINVAL;
|
|
|
|
key->dq = value;
|
|
key->dq_sz = vlen;
|
|
|
|
return 0;
|
|
}
|
|
|
|
int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
|
|
const void *value, size_t vlen)
|
|
{
|
|
struct rsa_key *key = context;
|
|
|
|
/* invalid key provided */
|
|
if (!value || !vlen || vlen > key->n_sz)
|
|
return -EINVAL;
|
|
|
|
key->qinv = value;
|
|
key->qinv_sz = vlen;
|
|
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
|
|
* provided struct rsa_key, pointers to the raw key as is,
|
|
* so that the caller can copy it or MPI parse it, etc.
|
|
*
|
|
* @rsa_key: struct rsa_key key representation
|
|
* @key: key in BER format
|
|
* @key_len: length of key
|
|
*
|
|
* Return: 0 on success or error code in case of error
|
|
*/
|
|
int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
|
|
unsigned int key_len)
|
|
{
|
|
return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
|
|
}
|
|
EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
|
|
|
|
/**
|
|
* rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
|
|
* provided struct rsa_key, pointers to the raw key
|
|
* as is, so that the caller can copy it or MPI parse it,
|
|
* etc.
|
|
*
|
|
* @rsa_key: struct rsa_key key representation
|
|
* @key: key in BER format
|
|
* @key_len: length of key
|
|
*
|
|
* Return: 0 on success or error code in case of error
|
|
*/
|
|
int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
|
|
unsigned int key_len)
|
|
{
|
|
return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
|
|
}
|
|
EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
|