1 /* RSA asymmetric public-key algorithm [RFC3447] 2 * 3 * Copyright (c) 2015, Intel Corporation 4 * Authors: Tadeusz Struk <tadeusz.struk@intel.com> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/mpi.h> 14 #include <crypto/internal/rsa.h> 15 #include <crypto/internal/akcipher.h> 16 #include <crypto/akcipher.h> 17 #include <crypto/algapi.h> 18 19 struct rsa_mpi_key { 20 MPI n; 21 MPI e; 22 MPI d; 23 }; 24 25 /* 26 * RSAEP function [RFC3447 sec 5.1.1] 27 * c = m^e mod n; 28 */ 29 static int _rsa_enc(const struct rsa_mpi_key *key, MPI c, MPI m) 30 { 31 /* (1) Validate 0 <= m < n */ 32 if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0) 33 return -EINVAL; 34 35 /* (2) c = m^e mod n */ 36 return mpi_powm(c, m, key->e, key->n); 37 } 38 39 /* 40 * RSADP function [RFC3447 sec 5.1.2] 41 * m = c^d mod n; 42 */ 43 static int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c) 44 { 45 /* (1) Validate 0 <= c < n */ 46 if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0) 47 return -EINVAL; 48 49 /* (2) m = c^d mod n */ 50 return mpi_powm(m, c, key->d, key->n); 51 } 52 53 /* 54 * RSASP1 function [RFC3447 sec 5.2.1] 55 * s = m^d mod n 56 */ 57 static int _rsa_sign(const struct rsa_mpi_key *key, MPI s, MPI m) 58 { 59 /* (1) Validate 0 <= m < n */ 60 if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0) 61 return -EINVAL; 62 63 /* (2) s = m^d mod n */ 64 return mpi_powm(s, m, key->d, key->n); 65 } 66 67 /* 68 * RSAVP1 function [RFC3447 sec 5.2.2] 69 * m = s^e mod n; 70 */ 71 static int _rsa_verify(const struct rsa_mpi_key *key, MPI m, MPI s) 72 { 73 /* (1) Validate 0 <= s < n */ 74 if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0) 75 return -EINVAL; 76 77 /* (2) m = s^e mod n */ 78 return mpi_powm(m, s, key->e, key->n); 79 } 80 81 static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm) 82 { 83 return akcipher_tfm_ctx(tfm); 84 } 85 86 static int rsa_enc(struct akcipher_request *req) 87 { 88 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 89 const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 90 MPI m, c = mpi_alloc(0); 91 int ret = 0; 92 int sign; 93 94 if (!c) 95 return -ENOMEM; 96 97 if (unlikely(!pkey->n || !pkey->e)) { 98 ret = -EINVAL; 99 goto err_free_c; 100 } 101 102 ret = -ENOMEM; 103 m = mpi_read_raw_from_sgl(req->src, req->src_len); 104 if (!m) 105 goto err_free_c; 106 107 ret = _rsa_enc(pkey, c, m); 108 if (ret) 109 goto err_free_m; 110 111 ret = mpi_write_to_sgl(c, req->dst, req->dst_len, &sign); 112 if (ret) 113 goto err_free_m; 114 115 if (sign < 0) 116 ret = -EBADMSG; 117 118 err_free_m: 119 mpi_free(m); 120 err_free_c: 121 mpi_free(c); 122 return ret; 123 } 124 125 static int rsa_dec(struct akcipher_request *req) 126 { 127 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 128 const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 129 MPI c, m = mpi_alloc(0); 130 int ret = 0; 131 int sign; 132 133 if (!m) 134 return -ENOMEM; 135 136 if (unlikely(!pkey->n || !pkey->d)) { 137 ret = -EINVAL; 138 goto err_free_m; 139 } 140 141 ret = -ENOMEM; 142 c = mpi_read_raw_from_sgl(req->src, req->src_len); 143 if (!c) 144 goto err_free_m; 145 146 ret = _rsa_dec(pkey, m, c); 147 if (ret) 148 goto err_free_c; 149 150 ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign); 151 if (ret) 152 goto err_free_c; 153 154 if (sign < 0) 155 ret = -EBADMSG; 156 err_free_c: 157 mpi_free(c); 158 err_free_m: 159 mpi_free(m); 160 return ret; 161 } 162 163 static int rsa_sign(struct akcipher_request *req) 164 { 165 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 166 const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 167 MPI m, s = mpi_alloc(0); 168 int ret = 0; 169 int sign; 170 171 if (!s) 172 return -ENOMEM; 173 174 if (unlikely(!pkey->n || !pkey->d)) { 175 ret = -EINVAL; 176 goto err_free_s; 177 } 178 179 ret = -ENOMEM; 180 m = mpi_read_raw_from_sgl(req->src, req->src_len); 181 if (!m) 182 goto err_free_s; 183 184 ret = _rsa_sign(pkey, s, m); 185 if (ret) 186 goto err_free_m; 187 188 ret = mpi_write_to_sgl(s, req->dst, req->dst_len, &sign); 189 if (ret) 190 goto err_free_m; 191 192 if (sign < 0) 193 ret = -EBADMSG; 194 195 err_free_m: 196 mpi_free(m); 197 err_free_s: 198 mpi_free(s); 199 return ret; 200 } 201 202 static int rsa_verify(struct akcipher_request *req) 203 { 204 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 205 const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 206 MPI s, m = mpi_alloc(0); 207 int ret = 0; 208 int sign; 209 210 if (!m) 211 return -ENOMEM; 212 213 if (unlikely(!pkey->n || !pkey->e)) { 214 ret = -EINVAL; 215 goto err_free_m; 216 } 217 218 s = mpi_read_raw_from_sgl(req->src, req->src_len); 219 if (!s) { 220 ret = -ENOMEM; 221 goto err_free_m; 222 } 223 224 ret = _rsa_verify(pkey, m, s); 225 if (ret) 226 goto err_free_s; 227 228 ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign); 229 if (ret) 230 goto err_free_s; 231 232 if (sign < 0) 233 ret = -EBADMSG; 234 235 err_free_s: 236 mpi_free(s); 237 err_free_m: 238 mpi_free(m); 239 return ret; 240 } 241 242 static void rsa_free_mpi_key(struct rsa_mpi_key *key) 243 { 244 mpi_free(key->d); 245 mpi_free(key->e); 246 mpi_free(key->n); 247 key->d = NULL; 248 key->e = NULL; 249 key->n = NULL; 250 } 251 252 static int rsa_check_key_length(unsigned int len) 253 { 254 switch (len) { 255 case 512: 256 case 1024: 257 case 1536: 258 case 2048: 259 case 3072: 260 case 4096: 261 return 0; 262 } 263 264 return -EINVAL; 265 } 266 267 static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, 268 unsigned int keylen) 269 { 270 struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm); 271 struct rsa_key raw_key = {0}; 272 int ret; 273 274 /* Free the old MPI key if any */ 275 rsa_free_mpi_key(mpi_key); 276 277 ret = rsa_parse_pub_key(&raw_key, key, keylen); 278 if (ret) 279 return ret; 280 281 mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz); 282 if (!mpi_key->e) 283 goto err; 284 285 mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz); 286 if (!mpi_key->n) 287 goto err; 288 289 if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) { 290 rsa_free_mpi_key(mpi_key); 291 return -EINVAL; 292 } 293 294 return 0; 295 296 err: 297 rsa_free_mpi_key(mpi_key); 298 return -ENOMEM; 299 } 300 301 static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, 302 unsigned int keylen) 303 { 304 struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm); 305 struct rsa_key raw_key = {0}; 306 int ret; 307 308 /* Free the old MPI key if any */ 309 rsa_free_mpi_key(mpi_key); 310 311 ret = rsa_parse_priv_key(&raw_key, key, keylen); 312 if (ret) 313 return ret; 314 315 mpi_key->d = mpi_read_raw_data(raw_key.d, raw_key.d_sz); 316 if (!mpi_key->d) 317 goto err; 318 319 mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz); 320 if (!mpi_key->e) 321 goto err; 322 323 mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz); 324 if (!mpi_key->n) 325 goto err; 326 327 if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) { 328 rsa_free_mpi_key(mpi_key); 329 return -EINVAL; 330 } 331 332 return 0; 333 334 err: 335 rsa_free_mpi_key(mpi_key); 336 return -ENOMEM; 337 } 338 339 static unsigned int rsa_max_size(struct crypto_akcipher *tfm) 340 { 341 struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); 342 343 return mpi_get_size(pkey->n); 344 } 345 346 static void rsa_exit_tfm(struct crypto_akcipher *tfm) 347 { 348 struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); 349 350 rsa_free_mpi_key(pkey); 351 } 352 353 static struct akcipher_alg rsa = { 354 .encrypt = rsa_enc, 355 .decrypt = rsa_dec, 356 .sign = rsa_sign, 357 .verify = rsa_verify, 358 .set_priv_key = rsa_set_priv_key, 359 .set_pub_key = rsa_set_pub_key, 360 .max_size = rsa_max_size, 361 .exit = rsa_exit_tfm, 362 .base = { 363 .cra_name = "rsa", 364 .cra_driver_name = "rsa-generic", 365 .cra_priority = 100, 366 .cra_module = THIS_MODULE, 367 .cra_ctxsize = sizeof(struct rsa_mpi_key), 368 }, 369 }; 370 371 static int rsa_init(void) 372 { 373 int err; 374 375 err = crypto_register_akcipher(&rsa); 376 if (err) 377 return err; 378 379 err = crypto_register_template(&rsa_pkcs1pad_tmpl); 380 if (err) { 381 crypto_unregister_akcipher(&rsa); 382 return err; 383 } 384 385 return 0; 386 } 387 388 static void rsa_exit(void) 389 { 390 crypto_unregister_template(&rsa_pkcs1pad_tmpl); 391 crypto_unregister_akcipher(&rsa); 392 } 393 394 module_init(rsa_init); 395 module_exit(rsa_exit); 396 MODULE_ALIAS_CRYPTO("rsa"); 397 MODULE_LICENSE("GPL"); 398 MODULE_DESCRIPTION("RSA generic algorithm"); 399