xref: /openbmc/linux/crypto/rsa.c (revision 2572f00d)
1 /* RSA asymmetric public-key algorithm [RFC3447]
2  *
3  * Copyright (c) 2015, Intel Corporation
4  * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <crypto/internal/rsa.h>
14 #include <crypto/internal/akcipher.h>
15 #include <crypto/akcipher.h>
16 
17 /*
18  * RSAEP function [RFC3447 sec 5.1.1]
19  * c = m^e mod n;
20  */
21 static int _rsa_enc(const struct rsa_key *key, MPI c, MPI m)
22 {
23 	/* (1) Validate 0 <= m < n */
24 	if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
25 		return -EINVAL;
26 
27 	/* (2) c = m^e mod n */
28 	return mpi_powm(c, m, key->e, key->n);
29 }
30 
31 /*
32  * RSADP function [RFC3447 sec 5.1.2]
33  * m = c^d mod n;
34  */
35 static int _rsa_dec(const struct rsa_key *key, MPI m, MPI c)
36 {
37 	/* (1) Validate 0 <= c < n */
38 	if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0)
39 		return -EINVAL;
40 
41 	/* (2) m = c^d mod n */
42 	return mpi_powm(m, c, key->d, key->n);
43 }
44 
45 /*
46  * RSASP1 function [RFC3447 sec 5.2.1]
47  * s = m^d mod n
48  */
49 static int _rsa_sign(const struct rsa_key *key, MPI s, MPI m)
50 {
51 	/* (1) Validate 0 <= m < n */
52 	if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
53 		return -EINVAL;
54 
55 	/* (2) s = m^d mod n */
56 	return mpi_powm(s, m, key->d, key->n);
57 }
58 
59 /*
60  * RSAVP1 function [RFC3447 sec 5.2.2]
61  * m = s^e mod n;
62  */
63 static int _rsa_verify(const struct rsa_key *key, MPI m, MPI s)
64 {
65 	/* (1) Validate 0 <= s < n */
66 	if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0)
67 		return -EINVAL;
68 
69 	/* (2) m = s^e mod n */
70 	return mpi_powm(m, s, key->e, key->n);
71 }
72 
73 static inline struct rsa_key *rsa_get_key(struct crypto_akcipher *tfm)
74 {
75 	return akcipher_tfm_ctx(tfm);
76 }
77 
78 static int rsa_enc(struct akcipher_request *req)
79 {
80 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
81 	const struct rsa_key *pkey = rsa_get_key(tfm);
82 	MPI m, c = mpi_alloc(0);
83 	int ret = 0;
84 	int sign;
85 
86 	if (!c)
87 		return -ENOMEM;
88 
89 	if (unlikely(!pkey->n || !pkey->e)) {
90 		ret = -EINVAL;
91 		goto err_free_c;
92 	}
93 
94 	if (req->dst_len < mpi_get_size(pkey->n)) {
95 		req->dst_len = mpi_get_size(pkey->n);
96 		ret = -EOVERFLOW;
97 		goto err_free_c;
98 	}
99 
100 	ret = -ENOMEM;
101 	m = mpi_read_raw_from_sgl(req->src, req->src_len);
102 	if (!m)
103 		goto err_free_c;
104 
105 	ret = _rsa_enc(pkey, c, m);
106 	if (ret)
107 		goto err_free_m;
108 
109 	ret = mpi_write_to_sgl(c, req->dst, &req->dst_len, &sign);
110 	if (ret)
111 		goto err_free_m;
112 
113 	if (sign < 0)
114 		ret = -EBADMSG;
115 
116 err_free_m:
117 	mpi_free(m);
118 err_free_c:
119 	mpi_free(c);
120 	return ret;
121 }
122 
123 static int rsa_dec(struct akcipher_request *req)
124 {
125 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
126 	const struct rsa_key *pkey = rsa_get_key(tfm);
127 	MPI c, m = mpi_alloc(0);
128 	int ret = 0;
129 	int sign;
130 
131 	if (!m)
132 		return -ENOMEM;
133 
134 	if (unlikely(!pkey->n || !pkey->d)) {
135 		ret = -EINVAL;
136 		goto err_free_m;
137 	}
138 
139 	if (req->dst_len < mpi_get_size(pkey->n)) {
140 		req->dst_len = mpi_get_size(pkey->n);
141 		ret = -EOVERFLOW;
142 		goto err_free_m;
143 	}
144 
145 	ret = -ENOMEM;
146 	c = mpi_read_raw_from_sgl(req->src, req->src_len);
147 	if (!c)
148 		goto err_free_m;
149 
150 	ret = _rsa_dec(pkey, m, c);
151 	if (ret)
152 		goto err_free_c;
153 
154 	ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
155 	if (ret)
156 		goto err_free_c;
157 
158 	if (sign < 0)
159 		ret = -EBADMSG;
160 err_free_c:
161 	mpi_free(c);
162 err_free_m:
163 	mpi_free(m);
164 	return ret;
165 }
166 
167 static int rsa_sign(struct akcipher_request *req)
168 {
169 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
170 	const struct rsa_key *pkey = rsa_get_key(tfm);
171 	MPI m, s = mpi_alloc(0);
172 	int ret = 0;
173 	int sign;
174 
175 	if (!s)
176 		return -ENOMEM;
177 
178 	if (unlikely(!pkey->n || !pkey->d)) {
179 		ret = -EINVAL;
180 		goto err_free_s;
181 	}
182 
183 	if (req->dst_len < mpi_get_size(pkey->n)) {
184 		req->dst_len = mpi_get_size(pkey->n);
185 		ret = -EOVERFLOW;
186 		goto err_free_s;
187 	}
188 
189 	ret = -ENOMEM;
190 	m = mpi_read_raw_from_sgl(req->src, req->src_len);
191 	if (!m)
192 		goto err_free_s;
193 
194 	ret = _rsa_sign(pkey, s, m);
195 	if (ret)
196 		goto err_free_m;
197 
198 	ret = mpi_write_to_sgl(s, req->dst, &req->dst_len, &sign);
199 	if (ret)
200 		goto err_free_m;
201 
202 	if (sign < 0)
203 		ret = -EBADMSG;
204 
205 err_free_m:
206 	mpi_free(m);
207 err_free_s:
208 	mpi_free(s);
209 	return ret;
210 }
211 
212 static int rsa_verify(struct akcipher_request *req)
213 {
214 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
215 	const struct rsa_key *pkey = rsa_get_key(tfm);
216 	MPI s, m = mpi_alloc(0);
217 	int ret = 0;
218 	int sign;
219 
220 	if (!m)
221 		return -ENOMEM;
222 
223 	if (unlikely(!pkey->n || !pkey->e)) {
224 		ret = -EINVAL;
225 		goto err_free_m;
226 	}
227 
228 	if (req->dst_len < mpi_get_size(pkey->n)) {
229 		req->dst_len = mpi_get_size(pkey->n);
230 		ret = -EOVERFLOW;
231 		goto err_free_m;
232 	}
233 
234 	ret = -ENOMEM;
235 	s = mpi_read_raw_from_sgl(req->src, req->src_len);
236 	if (!s) {
237 		ret = -ENOMEM;
238 		goto err_free_m;
239 	}
240 
241 	ret = _rsa_verify(pkey, m, s);
242 	if (ret)
243 		goto err_free_s;
244 
245 	ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
246 	if (ret)
247 		goto err_free_s;
248 
249 	if (sign < 0)
250 		ret = -EBADMSG;
251 
252 err_free_s:
253 	mpi_free(s);
254 err_free_m:
255 	mpi_free(m);
256 	return ret;
257 }
258 
259 static int rsa_check_key_length(unsigned int len)
260 {
261 	switch (len) {
262 	case 512:
263 	case 1024:
264 	case 1536:
265 	case 2048:
266 	case 3072:
267 	case 4096:
268 		return 0;
269 	}
270 
271 	return -EINVAL;
272 }
273 
274 static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
275 			   unsigned int keylen)
276 {
277 	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
278 	int ret;
279 
280 	ret = rsa_parse_pub_key(pkey, key, keylen);
281 	if (ret)
282 		return ret;
283 
284 	if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
285 		rsa_free_key(pkey);
286 		ret = -EINVAL;
287 	}
288 	return ret;
289 }
290 
291 static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
292 			    unsigned int keylen)
293 {
294 	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
295 	int ret;
296 
297 	ret = rsa_parse_priv_key(pkey, key, keylen);
298 	if (ret)
299 		return ret;
300 
301 	if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
302 		rsa_free_key(pkey);
303 		ret = -EINVAL;
304 	}
305 	return ret;
306 }
307 
308 static int rsa_max_size(struct crypto_akcipher *tfm)
309 {
310 	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
311 
312 	return pkey->n ? mpi_get_size(pkey->n) : -EINVAL;
313 }
314 
315 static void rsa_exit_tfm(struct crypto_akcipher *tfm)
316 {
317 	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
318 
319 	rsa_free_key(pkey);
320 }
321 
322 static struct akcipher_alg rsa = {
323 	.encrypt = rsa_enc,
324 	.decrypt = rsa_dec,
325 	.sign = rsa_sign,
326 	.verify = rsa_verify,
327 	.set_priv_key = rsa_set_priv_key,
328 	.set_pub_key = rsa_set_pub_key,
329 	.max_size = rsa_max_size,
330 	.exit = rsa_exit_tfm,
331 	.base = {
332 		.cra_name = "rsa",
333 		.cra_driver_name = "rsa-generic",
334 		.cra_priority = 100,
335 		.cra_module = THIS_MODULE,
336 		.cra_ctxsize = sizeof(struct rsa_key),
337 	},
338 };
339 
340 static int rsa_init(void)
341 {
342 	return crypto_register_akcipher(&rsa);
343 }
344 
345 static void rsa_exit(void)
346 {
347 	crypto_unregister_akcipher(&rsa);
348 }
349 
350 module_init(rsa_init);
351 module_exit(rsa_exit);
352 MODULE_ALIAS_CRYPTO("rsa");
353 MODULE_LICENSE("GPL");
354 MODULE_DESCRIPTION("RSA generic algorithm");
355