1 /* RSA asymmetric public-key algorithm [RFC3447] 2 * 3 * Copyright (c) 2015, Intel Corporation 4 * Authors: Tadeusz Struk <tadeusz.struk@intel.com> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/mpi.h> 14 #include <crypto/internal/rsa.h> 15 #include <crypto/internal/akcipher.h> 16 #include <crypto/akcipher.h> 17 #include <crypto/algapi.h> 18 19 struct rsa_mpi_key { 20 MPI n; 21 MPI e; 22 MPI d; 23 }; 24 25 /* 26 * RSAEP function [RFC3447 sec 5.1.1] 27 * c = m^e mod n; 28 */ 29 static int _rsa_enc(const struct rsa_mpi_key *key, MPI c, MPI m) 30 { 31 /* (1) Validate 0 <= m < n */ 32 if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0) 33 return -EINVAL; 34 35 /* (2) c = m^e mod n */ 36 return mpi_powm(c, m, key->e, key->n); 37 } 38 39 /* 40 * RSADP function [RFC3447 sec 5.1.2] 41 * m = c^d mod n; 42 */ 43 static int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c) 44 { 45 /* (1) Validate 0 <= c < n */ 46 if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0) 47 return -EINVAL; 48 49 /* (2) m = c^d mod n */ 50 return mpi_powm(m, c, key->d, key->n); 51 } 52 53 /* 54 * RSASP1 function [RFC3447 sec 5.2.1] 55 * s = m^d mod n 56 */ 57 static int _rsa_sign(const struct rsa_mpi_key *key, MPI s, MPI m) 58 { 59 /* (1) Validate 0 <= m < n */ 60 if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0) 61 return -EINVAL; 62 63 /* (2) s = m^d mod n */ 64 return mpi_powm(s, m, key->d, key->n); 65 } 66 67 /* 68 * RSAVP1 function [RFC3447 sec 5.2.2] 69 * m = s^e mod n; 70 */ 71 static int _rsa_verify(const struct rsa_mpi_key *key, MPI m, MPI s) 72 { 73 /* (1) Validate 0 <= s < n */ 74 if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0) 75 return -EINVAL; 76 77 /* (2) m = s^e mod n */ 78 return mpi_powm(m, s, key->e, key->n); 79 } 80 81 static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm) 82 { 83 return akcipher_tfm_ctx(tfm); 84 } 85 86 static int rsa_enc(struct akcipher_request *req) 87 { 88 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 89 const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 90 MPI m, c = mpi_alloc(0); 91 int ret = 0; 92 int sign; 93 94 if (!c) 95 return -ENOMEM; 96 97 if (unlikely(!pkey->n || !pkey->e)) { 98 ret = -EINVAL; 99 goto err_free_c; 100 } 101 102 ret = -ENOMEM; 103 m = mpi_read_raw_from_sgl(req->src, req->src_len); 104 if (!m) 105 goto err_free_c; 106 107 ret = _rsa_enc(pkey, c, m); 108 if (ret) 109 goto err_free_m; 110 111 ret = mpi_write_to_sgl(c, req->dst, req->dst_len, &sign); 112 if (ret) 113 goto err_free_m; 114 115 if (sign < 0) 116 ret = -EBADMSG; 117 118 err_free_m: 119 mpi_free(m); 120 err_free_c: 121 mpi_free(c); 122 return ret; 123 } 124 125 static int rsa_dec(struct akcipher_request *req) 126 { 127 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 128 const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 129 MPI c, m = mpi_alloc(0); 130 int ret = 0; 131 int sign; 132 133 if (!m) 134 return -ENOMEM; 135 136 if (unlikely(!pkey->n || !pkey->d)) { 137 ret = -EINVAL; 138 goto err_free_m; 139 } 140 141 ret = -ENOMEM; 142 c = mpi_read_raw_from_sgl(req->src, req->src_len); 143 if (!c) 144 goto err_free_m; 145 146 ret = _rsa_dec(pkey, m, c); 147 if (ret) 148 goto err_free_c; 149 150 ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign); 151 if (ret) 152 goto err_free_c; 153 154 if (sign < 0) 155 ret = -EBADMSG; 156 err_free_c: 157 mpi_free(c); 158 err_free_m: 159 mpi_free(m); 160 return ret; 161 } 162 163 static int rsa_sign(struct akcipher_request *req) 164 { 165 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 166 const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 167 MPI m, s = mpi_alloc(0); 168 int ret = 0; 169 int sign; 170 171 if (!s) 172 return -ENOMEM; 173 174 if (unlikely(!pkey->n || !pkey->d)) { 175 ret = -EINVAL; 176 goto err_free_s; 177 } 178 179 ret = -ENOMEM; 180 m = mpi_read_raw_from_sgl(req->src, req->src_len); 181 if (!m) 182 goto err_free_s; 183 184 ret = _rsa_sign(pkey, s, m); 185 if (ret) 186 goto err_free_m; 187 188 ret = mpi_write_to_sgl(s, req->dst, req->dst_len, &sign); 189 if (ret) 190 goto err_free_m; 191 192 if (sign < 0) 193 ret = -EBADMSG; 194 195 err_free_m: 196 mpi_free(m); 197 err_free_s: 198 mpi_free(s); 199 return ret; 200 } 201 202 static int rsa_verify(struct akcipher_request *req) 203 { 204 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 205 const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 206 MPI s, m = mpi_alloc(0); 207 int ret = 0; 208 int sign; 209 210 if (!m) 211 return -ENOMEM; 212 213 if (unlikely(!pkey->n || !pkey->e)) { 214 ret = -EINVAL; 215 goto err_free_m; 216 } 217 218 ret = -ENOMEM; 219 s = mpi_read_raw_from_sgl(req->src, req->src_len); 220 if (!s) { 221 ret = -ENOMEM; 222 goto err_free_m; 223 } 224 225 ret = _rsa_verify(pkey, m, s); 226 if (ret) 227 goto err_free_s; 228 229 ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign); 230 if (ret) 231 goto err_free_s; 232 233 if (sign < 0) 234 ret = -EBADMSG; 235 236 err_free_s: 237 mpi_free(s); 238 err_free_m: 239 mpi_free(m); 240 return ret; 241 } 242 243 static void rsa_free_mpi_key(struct rsa_mpi_key *key) 244 { 245 mpi_free(key->d); 246 mpi_free(key->e); 247 mpi_free(key->n); 248 key->d = NULL; 249 key->e = NULL; 250 key->n = NULL; 251 } 252 253 static int rsa_check_key_length(unsigned int len) 254 { 255 switch (len) { 256 case 512: 257 case 1024: 258 case 1536: 259 case 2048: 260 case 3072: 261 case 4096: 262 return 0; 263 } 264 265 return -EINVAL; 266 } 267 268 static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, 269 unsigned int keylen) 270 { 271 struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm); 272 struct rsa_key raw_key = {0}; 273 int ret; 274 275 /* Free the old MPI key if any */ 276 rsa_free_mpi_key(mpi_key); 277 278 ret = rsa_parse_pub_key(&raw_key, key, keylen); 279 if (ret) 280 return ret; 281 282 mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz); 283 if (!mpi_key->e) 284 goto err; 285 286 mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz); 287 if (!mpi_key->n) 288 goto err; 289 290 if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) { 291 rsa_free_mpi_key(mpi_key); 292 return -EINVAL; 293 } 294 295 return 0; 296 297 err: 298 rsa_free_mpi_key(mpi_key); 299 return -ENOMEM; 300 } 301 302 static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, 303 unsigned int keylen) 304 { 305 struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm); 306 struct rsa_key raw_key = {0}; 307 int ret; 308 309 /* Free the old MPI key if any */ 310 rsa_free_mpi_key(mpi_key); 311 312 ret = rsa_parse_priv_key(&raw_key, key, keylen); 313 if (ret) 314 return ret; 315 316 mpi_key->d = mpi_read_raw_data(raw_key.d, raw_key.d_sz); 317 if (!mpi_key->d) 318 goto err; 319 320 mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz); 321 if (!mpi_key->e) 322 goto err; 323 324 mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz); 325 if (!mpi_key->n) 326 goto err; 327 328 if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) { 329 rsa_free_mpi_key(mpi_key); 330 return -EINVAL; 331 } 332 333 return 0; 334 335 err: 336 rsa_free_mpi_key(mpi_key); 337 return -ENOMEM; 338 } 339 340 static unsigned int rsa_max_size(struct crypto_akcipher *tfm) 341 { 342 struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); 343 344 return mpi_get_size(pkey->n); 345 } 346 347 static void rsa_exit_tfm(struct crypto_akcipher *tfm) 348 { 349 struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); 350 351 rsa_free_mpi_key(pkey); 352 } 353 354 static struct akcipher_alg rsa = { 355 .encrypt = rsa_enc, 356 .decrypt = rsa_dec, 357 .sign = rsa_sign, 358 .verify = rsa_verify, 359 .set_priv_key = rsa_set_priv_key, 360 .set_pub_key = rsa_set_pub_key, 361 .max_size = rsa_max_size, 362 .exit = rsa_exit_tfm, 363 .base = { 364 .cra_name = "rsa", 365 .cra_driver_name = "rsa-generic", 366 .cra_priority = 100, 367 .cra_module = THIS_MODULE, 368 .cra_ctxsize = sizeof(struct rsa_mpi_key), 369 }, 370 }; 371 372 static int rsa_init(void) 373 { 374 int err; 375 376 err = crypto_register_akcipher(&rsa); 377 if (err) 378 return err; 379 380 err = crypto_register_template(&rsa_pkcs1pad_tmpl); 381 if (err) { 382 crypto_unregister_akcipher(&rsa); 383 return err; 384 } 385 386 return 0; 387 } 388 389 static void rsa_exit(void) 390 { 391 crypto_unregister_template(&rsa_pkcs1pad_tmpl); 392 crypto_unregister_akcipher(&rsa); 393 } 394 395 module_init(rsa_init); 396 module_exit(rsa_exit); 397 MODULE_ALIAS_CRYPTO("rsa"); 398 MODULE_LICENSE("GPL"); 399 MODULE_DESCRIPTION("RSA generic algorithm"); 400