1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * RSA key extract helper
4 *
5 * Copyright (c) 2015, Intel Corporation
6 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
7 */
8 #include <linux/kernel.h>
9 #include <linux/export.h>
10 #include <linux/err.h>
11 #include <linux/fips.h>
12 #include <crypto/internal/rsa.h>
13 #include "rsapubkey.asn1.h"
14 #include "rsaprivkey.asn1.h"
15
rsa_get_n(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)16 int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
17 const void *value, size_t vlen)
18 {
19 struct rsa_key *key = context;
20 const u8 *ptr = value;
21 size_t n_sz = vlen;
22
23 /* invalid key provided */
24 if (!value || !vlen)
25 return -EINVAL;
26
27 if (fips_enabled) {
28 while (n_sz && !*ptr) {
29 ptr++;
30 n_sz--;
31 }
32
33 /* In FIPS mode only allow key size 2K and higher */
34 if (n_sz < 256) {
35 pr_err("RSA: key size not allowed in FIPS mode\n");
36 return -EINVAL;
37 }
38 }
39
40 key->n = value;
41 key->n_sz = vlen;
42
43 return 0;
44 }
45
rsa_get_e(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)46 int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
47 const void *value, size_t vlen)
48 {
49 struct rsa_key *key = context;
50
51 /* invalid key provided */
52 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
53 return -EINVAL;
54
55 key->e = value;
56 key->e_sz = vlen;
57
58 return 0;
59 }
60
rsa_get_d(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)61 int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
62 const void *value, size_t vlen)
63 {
64 struct rsa_key *key = context;
65
66 /* invalid key provided */
67 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
68 return -EINVAL;
69
70 key->d = value;
71 key->d_sz = vlen;
72
73 return 0;
74 }
75
rsa_get_p(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)76 int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
77 const void *value, size_t vlen)
78 {
79 struct rsa_key *key = context;
80
81 /* invalid key provided */
82 if (!value || !vlen || vlen > key->n_sz)
83 return -EINVAL;
84
85 key->p = value;
86 key->p_sz = vlen;
87
88 return 0;
89 }
90
rsa_get_q(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)91 int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
92 const void *value, size_t vlen)
93 {
94 struct rsa_key *key = context;
95
96 /* invalid key provided */
97 if (!value || !vlen || vlen > key->n_sz)
98 return -EINVAL;
99
100 key->q = value;
101 key->q_sz = vlen;
102
103 return 0;
104 }
105
rsa_get_dp(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)106 int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
107 const void *value, size_t vlen)
108 {
109 struct rsa_key *key = context;
110
111 /* invalid key provided */
112 if (!value || !vlen || vlen > key->n_sz)
113 return -EINVAL;
114
115 key->dp = value;
116 key->dp_sz = vlen;
117
118 return 0;
119 }
120
rsa_get_dq(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)121 int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
122 const void *value, size_t vlen)
123 {
124 struct rsa_key *key = context;
125
126 /* invalid key provided */
127 if (!value || !vlen || vlen > key->n_sz)
128 return -EINVAL;
129
130 key->dq = value;
131 key->dq_sz = vlen;
132
133 return 0;
134 }
135
rsa_get_qinv(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)136 int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
137 const void *value, size_t vlen)
138 {
139 struct rsa_key *key = context;
140
141 /* invalid key provided */
142 if (!value || !vlen || vlen > key->n_sz)
143 return -EINVAL;
144
145 key->qinv = value;
146 key->qinv_sz = vlen;
147
148 return 0;
149 }
150
151 /**
152 * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
153 * provided struct rsa_key, pointers to the raw key as is,
154 * so that the caller can copy it or MPI parse it, etc.
155 *
156 * @rsa_key: struct rsa_key key representation
157 * @key: key in BER format
158 * @key_len: length of key
159 *
160 * Return: 0 on success or error code in case of error
161 */
rsa_parse_pub_key(struct rsa_key * rsa_key,const void * key,unsigned int key_len)162 int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
163 unsigned int key_len)
164 {
165 return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
166 }
167 EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
168
169 /**
170 * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
171 * provided struct rsa_key, pointers to the raw key
172 * as is, so that the caller can copy it or MPI parse it,
173 * etc.
174 *
175 * @rsa_key: struct rsa_key key representation
176 * @key: key in BER format
177 * @key_len: length of key
178 *
179 * Return: 0 on success or error code in case of error
180 */
rsa_parse_priv_key(struct rsa_key * rsa_key,const void * key,unsigned int key_len)181 int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
182 unsigned int key_len)
183 {
184 return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
185 }
186 EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
187