xref: /linux/crypto/rsa.c (revision 2fe05e1139a555ae91f00a812cb9520e7d3022ab)
1 /* RSA asymmetric public-key algorithm [RFC3447]
2  *
3  * Copyright (c) 2015, Intel Corporation
4  * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/mpi.h>
14 #include <crypto/internal/rsa.h>
15 #include <crypto/internal/akcipher.h>
16 #include <crypto/akcipher.h>
17 #include <crypto/algapi.h>
18 
19 struct rsa_mpi_key {
20 	MPI n;
21 	MPI e;
22 	MPI d;
23 };
24 
25 /*
26  * RSAEP function [RFC3447 sec 5.1.1]
27  * c = m^e mod n;
28  */
29 static int _rsa_enc(const struct rsa_mpi_key *key, MPI c, MPI m)
30 {
31 	/* (1) Validate 0 <= m < n */
32 	if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
33 		return -EINVAL;
34 
35 	/* (2) c = m^e mod n */
36 	return mpi_powm(c, m, key->e, key->n);
37 }
38 
39 /*
40  * RSADP function [RFC3447 sec 5.1.2]
41  * m = c^d mod n;
42  */
43 static int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c)
44 {
45 	/* (1) Validate 0 <= c < n */
46 	if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0)
47 		return -EINVAL;
48 
49 	/* (2) m = c^d mod n */
50 	return mpi_powm(m, c, key->d, key->n);
51 }
52 
53 /*
54  * RSASP1 function [RFC3447 sec 5.2.1]
55  * s = m^d mod n
56  */
57 static int _rsa_sign(const struct rsa_mpi_key *key, MPI s, MPI m)
58 {
59 	/* (1) Validate 0 <= m < n */
60 	if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
61 		return -EINVAL;
62 
63 	/* (2) s = m^d mod n */
64 	return mpi_powm(s, m, key->d, key->n);
65 }
66 
67 /*
68  * RSAVP1 function [RFC3447 sec 5.2.2]
69  * m = s^e mod n;
70  */
71 static int _rsa_verify(const struct rsa_mpi_key *key, MPI m, MPI s)
72 {
73 	/* (1) Validate 0 <= s < n */
74 	if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0)
75 		return -EINVAL;
76 
77 	/* (2) m = s^e mod n */
78 	return mpi_powm(m, s, key->e, key->n);
79 }
80 
81 static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm)
82 {
83 	return akcipher_tfm_ctx(tfm);
84 }
85 
86 static int rsa_enc(struct akcipher_request *req)
87 {
88 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
89 	const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
90 	MPI m, c = mpi_alloc(0);
91 	int ret = 0;
92 	int sign;
93 
94 	if (!c)
95 		return -ENOMEM;
96 
97 	if (unlikely(!pkey->n || !pkey->e)) {
98 		ret = -EINVAL;
99 		goto err_free_c;
100 	}
101 
102 	ret = -ENOMEM;
103 	m = mpi_read_raw_from_sgl(req->src, req->src_len);
104 	if (!m)
105 		goto err_free_c;
106 
107 	ret = _rsa_enc(pkey, c, m);
108 	if (ret)
109 		goto err_free_m;
110 
111 	ret = mpi_write_to_sgl(c, req->dst, req->dst_len, &sign);
112 	if (ret)
113 		goto err_free_m;
114 
115 	if (sign < 0)
116 		ret = -EBADMSG;
117 
118 err_free_m:
119 	mpi_free(m);
120 err_free_c:
121 	mpi_free(c);
122 	return ret;
123 }
124 
125 static int rsa_dec(struct akcipher_request *req)
126 {
127 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
128 	const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
129 	MPI c, m = mpi_alloc(0);
130 	int ret = 0;
131 	int sign;
132 
133 	if (!m)
134 		return -ENOMEM;
135 
136 	if (unlikely(!pkey->n || !pkey->d)) {
137 		ret = -EINVAL;
138 		goto err_free_m;
139 	}
140 
141 	ret = -ENOMEM;
142 	c = mpi_read_raw_from_sgl(req->src, req->src_len);
143 	if (!c)
144 		goto err_free_m;
145 
146 	ret = _rsa_dec(pkey, m, c);
147 	if (ret)
148 		goto err_free_c;
149 
150 	ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
151 	if (ret)
152 		goto err_free_c;
153 
154 	if (sign < 0)
155 		ret = -EBADMSG;
156 err_free_c:
157 	mpi_free(c);
158 err_free_m:
159 	mpi_free(m);
160 	return ret;
161 }
162 
163 static int rsa_sign(struct akcipher_request *req)
164 {
165 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
166 	const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
167 	MPI m, s = mpi_alloc(0);
168 	int ret = 0;
169 	int sign;
170 
171 	if (!s)
172 		return -ENOMEM;
173 
174 	if (unlikely(!pkey->n || !pkey->d)) {
175 		ret = -EINVAL;
176 		goto err_free_s;
177 	}
178 
179 	ret = -ENOMEM;
180 	m = mpi_read_raw_from_sgl(req->src, req->src_len);
181 	if (!m)
182 		goto err_free_s;
183 
184 	ret = _rsa_sign(pkey, s, m);
185 	if (ret)
186 		goto err_free_m;
187 
188 	ret = mpi_write_to_sgl(s, req->dst, req->dst_len, &sign);
189 	if (ret)
190 		goto err_free_m;
191 
192 	if (sign < 0)
193 		ret = -EBADMSG;
194 
195 err_free_m:
196 	mpi_free(m);
197 err_free_s:
198 	mpi_free(s);
199 	return ret;
200 }
201 
202 static int rsa_verify(struct akcipher_request *req)
203 {
204 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
205 	const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
206 	MPI s, m = mpi_alloc(0);
207 	int ret = 0;
208 	int sign;
209 
210 	if (!m)
211 		return -ENOMEM;
212 
213 	if (unlikely(!pkey->n || !pkey->e)) {
214 		ret = -EINVAL;
215 		goto err_free_m;
216 	}
217 
218 	ret = -ENOMEM;
219 	s = mpi_read_raw_from_sgl(req->src, req->src_len);
220 	if (!s) {
221 		ret = -ENOMEM;
222 		goto err_free_m;
223 	}
224 
225 	ret = _rsa_verify(pkey, m, s);
226 	if (ret)
227 		goto err_free_s;
228 
229 	ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
230 	if (ret)
231 		goto err_free_s;
232 
233 	if (sign < 0)
234 		ret = -EBADMSG;
235 
236 err_free_s:
237 	mpi_free(s);
238 err_free_m:
239 	mpi_free(m);
240 	return ret;
241 }
242 
243 static void rsa_free_mpi_key(struct rsa_mpi_key *key)
244 {
245 	mpi_free(key->d);
246 	mpi_free(key->e);
247 	mpi_free(key->n);
248 	key->d = NULL;
249 	key->e = NULL;
250 	key->n = NULL;
251 }
252 
253 static int rsa_check_key_length(unsigned int len)
254 {
255 	switch (len) {
256 	case 512:
257 	case 1024:
258 	case 1536:
259 	case 2048:
260 	case 3072:
261 	case 4096:
262 		return 0;
263 	}
264 
265 	return -EINVAL;
266 }
267 
268 static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
269 			   unsigned int keylen)
270 {
271 	struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm);
272 	struct rsa_key raw_key = {0};
273 	int ret;
274 
275 	/* Free the old MPI key if any */
276 	rsa_free_mpi_key(mpi_key);
277 
278 	ret = rsa_parse_pub_key(&raw_key, key, keylen);
279 	if (ret)
280 		return ret;
281 
282 	mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz);
283 	if (!mpi_key->e)
284 		goto err;
285 
286 	mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz);
287 	if (!mpi_key->n)
288 		goto err;
289 
290 	if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) {
291 		rsa_free_mpi_key(mpi_key);
292 		return -EINVAL;
293 	}
294 
295 	return 0;
296 
297 err:
298 	rsa_free_mpi_key(mpi_key);
299 	return -ENOMEM;
300 }
301 
302 static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
303 			    unsigned int keylen)
304 {
305 	struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm);
306 	struct rsa_key raw_key = {0};
307 	int ret;
308 
309 	/* Free the old MPI key if any */
310 	rsa_free_mpi_key(mpi_key);
311 
312 	ret = rsa_parse_priv_key(&raw_key, key, keylen);
313 	if (ret)
314 		return ret;
315 
316 	mpi_key->d = mpi_read_raw_data(raw_key.d, raw_key.d_sz);
317 	if (!mpi_key->d)
318 		goto err;
319 
320 	mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz);
321 	if (!mpi_key->e)
322 		goto err;
323 
324 	mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz);
325 	if (!mpi_key->n)
326 		goto err;
327 
328 	if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) {
329 		rsa_free_mpi_key(mpi_key);
330 		return -EINVAL;
331 	}
332 
333 	return 0;
334 
335 err:
336 	rsa_free_mpi_key(mpi_key);
337 	return -ENOMEM;
338 }
339 
340 static unsigned int rsa_max_size(struct crypto_akcipher *tfm)
341 {
342 	struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm);
343 
344 	return mpi_get_size(pkey->n);
345 }
346 
347 static void rsa_exit_tfm(struct crypto_akcipher *tfm)
348 {
349 	struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm);
350 
351 	rsa_free_mpi_key(pkey);
352 }
353 
354 static struct akcipher_alg rsa = {
355 	.encrypt = rsa_enc,
356 	.decrypt = rsa_dec,
357 	.sign = rsa_sign,
358 	.verify = rsa_verify,
359 	.set_priv_key = rsa_set_priv_key,
360 	.set_pub_key = rsa_set_pub_key,
361 	.max_size = rsa_max_size,
362 	.exit = rsa_exit_tfm,
363 	.base = {
364 		.cra_name = "rsa",
365 		.cra_driver_name = "rsa-generic",
366 		.cra_priority = 100,
367 		.cra_module = THIS_MODULE,
368 		.cra_ctxsize = sizeof(struct rsa_mpi_key),
369 	},
370 };
371 
372 static int rsa_init(void)
373 {
374 	int err;
375 
376 	err = crypto_register_akcipher(&rsa);
377 	if (err)
378 		return err;
379 
380 	err = crypto_register_template(&rsa_pkcs1pad_tmpl);
381 	if (err) {
382 		crypto_unregister_akcipher(&rsa);
383 		return err;
384 	}
385 
386 	return 0;
387 }
388 
389 static void rsa_exit(void)
390 {
391 	crypto_unregister_template(&rsa_pkcs1pad_tmpl);
392 	crypto_unregister_akcipher(&rsa);
393 }
394 
395 module_init(rsa_init);
396 module_exit(rsa_exit);
397 MODULE_ALIAS_CRYPTO("rsa");
398 MODULE_LICENSE("GPL");
399 MODULE_DESCRIPTION("RSA generic algorithm");
400