1 /* RSA asymmetric public-key algorithm [RFC3447] 2 * 3 * Copyright (c) 2015, Intel Corporation 4 * Authors: Tadeusz Struk <tadeusz.struk@intel.com> 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public Licence 8 * as published by the Free Software Foundation; either version 9 * 2 of the Licence, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <crypto/internal/rsa.h> 14 #include <crypto/internal/akcipher.h> 15 #include <crypto/akcipher.h> 16 17 /* 18 * RSAEP function [RFC3447 sec 5.1.1] 19 * c = m^e mod n; 20 */ 21 static int _rsa_enc(const struct rsa_key *key, MPI c, MPI m) 22 { 23 /* (1) Validate 0 <= m < n */ 24 if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0) 25 return -EINVAL; 26 27 /* (2) c = m^e mod n */ 28 return mpi_powm(c, m, key->e, key->n); 29 } 30 31 /* 32 * RSADP function [RFC3447 sec 5.1.2] 33 * m = c^d mod n; 34 */ 35 static int _rsa_dec(const struct rsa_key *key, MPI m, MPI c) 36 { 37 /* (1) Validate 0 <= c < n */ 38 if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0) 39 return -EINVAL; 40 41 /* (2) m = c^d mod n */ 42 return mpi_powm(m, c, key->d, key->n); 43 } 44 45 /* 46 * RSASP1 function [RFC3447 sec 5.2.1] 47 * s = m^d mod n 48 */ 49 static int _rsa_sign(const struct rsa_key *key, MPI s, MPI m) 50 { 51 /* (1) Validate 0 <= m < n */ 52 if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0) 53 return -EINVAL; 54 55 /* (2) s = m^d mod n */ 56 return mpi_powm(s, m, key->d, key->n); 57 } 58 59 /* 60 * RSAVP1 function [RFC3447 sec 5.2.2] 61 * m = s^e mod n; 62 */ 63 static int _rsa_verify(const struct rsa_key *key, MPI m, MPI s) 64 { 65 /* (1) Validate 0 <= s < n */ 66 if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0) 67 return -EINVAL; 68 69 /* (2) m = s^e mod n */ 70 return mpi_powm(m, s, key->e, key->n); 71 } 72 73 static inline struct rsa_key *rsa_get_key(struct crypto_akcipher *tfm) 74 { 75 return akcipher_tfm_ctx(tfm); 76 } 77 78 static int rsa_enc(struct akcipher_request *req) 79 { 80 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 81 const struct rsa_key *pkey = rsa_get_key(tfm); 82 MPI m, c = mpi_alloc(0); 83 int ret = 0; 84 int sign; 85 86 if (!c) 87 return -ENOMEM; 88 89 if (unlikely(!pkey->n || !pkey->e)) { 90 ret = -EINVAL; 91 goto err_free_c; 92 } 93 94 if (req->dst_len < mpi_get_size(pkey->n)) { 95 req->dst_len = mpi_get_size(pkey->n); 96 ret = -EOVERFLOW; 97 goto err_free_c; 98 } 99 100 ret = -ENOMEM; 101 m = mpi_read_raw_from_sgl(req->src, req->src_len); 102 if (!m) 103 goto err_free_c; 104 105 ret = _rsa_enc(pkey, c, m); 106 if (ret) 107 goto err_free_m; 108 109 ret = mpi_write_to_sgl(c, req->dst, &req->dst_len, &sign); 110 if (ret) 111 goto err_free_m; 112 113 if (sign < 0) 114 ret = -EBADMSG; 115 116 err_free_m: 117 mpi_free(m); 118 err_free_c: 119 mpi_free(c); 120 return ret; 121 } 122 123 static int rsa_dec(struct akcipher_request *req) 124 { 125 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 126 const struct rsa_key *pkey = rsa_get_key(tfm); 127 MPI c, m = mpi_alloc(0); 128 int ret = 0; 129 int sign; 130 131 if (!m) 132 return -ENOMEM; 133 134 if (unlikely(!pkey->n || !pkey->d)) { 135 ret = -EINVAL; 136 goto err_free_m; 137 } 138 139 if (req->dst_len < mpi_get_size(pkey->n)) { 140 req->dst_len = mpi_get_size(pkey->n); 141 ret = -EOVERFLOW; 142 goto err_free_m; 143 } 144 145 ret = -ENOMEM; 146 c = mpi_read_raw_from_sgl(req->src, req->src_len); 147 if (!c) 148 goto err_free_m; 149 150 ret = _rsa_dec(pkey, m, c); 151 if (ret) 152 goto err_free_c; 153 154 ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign); 155 if (ret) 156 goto err_free_c; 157 158 if (sign < 0) 159 ret = -EBADMSG; 160 err_free_c: 161 mpi_free(c); 162 err_free_m: 163 mpi_free(m); 164 return ret; 165 } 166 167 static int rsa_sign(struct akcipher_request *req) 168 { 169 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 170 const struct rsa_key *pkey = rsa_get_key(tfm); 171 MPI m, s = mpi_alloc(0); 172 int ret = 0; 173 int sign; 174 175 if (!s) 176 return -ENOMEM; 177 178 if (unlikely(!pkey->n || !pkey->d)) { 179 ret = -EINVAL; 180 goto err_free_s; 181 } 182 183 if (req->dst_len < mpi_get_size(pkey->n)) { 184 req->dst_len = mpi_get_size(pkey->n); 185 ret = -EOVERFLOW; 186 goto err_free_s; 187 } 188 189 ret = -ENOMEM; 190 m = mpi_read_raw_from_sgl(req->src, req->src_len); 191 if (!m) 192 goto err_free_s; 193 194 ret = _rsa_sign(pkey, s, m); 195 if (ret) 196 goto err_free_m; 197 198 ret = mpi_write_to_sgl(s, req->dst, &req->dst_len, &sign); 199 if (ret) 200 goto err_free_m; 201 202 if (sign < 0) 203 ret = -EBADMSG; 204 205 err_free_m: 206 mpi_free(m); 207 err_free_s: 208 mpi_free(s); 209 return ret; 210 } 211 212 static int rsa_verify(struct akcipher_request *req) 213 { 214 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 215 const struct rsa_key *pkey = rsa_get_key(tfm); 216 MPI s, m = mpi_alloc(0); 217 int ret = 0; 218 int sign; 219 220 if (!m) 221 return -ENOMEM; 222 223 if (unlikely(!pkey->n || !pkey->e)) { 224 ret = -EINVAL; 225 goto err_free_m; 226 } 227 228 if (req->dst_len < mpi_get_size(pkey->n)) { 229 req->dst_len = mpi_get_size(pkey->n); 230 ret = -EOVERFLOW; 231 goto err_free_m; 232 } 233 234 ret = -ENOMEM; 235 s = mpi_read_raw_from_sgl(req->src, req->src_len); 236 if (!s) { 237 ret = -ENOMEM; 238 goto err_free_m; 239 } 240 241 ret = _rsa_verify(pkey, m, s); 242 if (ret) 243 goto err_free_s; 244 245 ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign); 246 if (ret) 247 goto err_free_s; 248 249 if (sign < 0) 250 ret = -EBADMSG; 251 252 err_free_s: 253 mpi_free(s); 254 err_free_m: 255 mpi_free(m); 256 return ret; 257 } 258 259 static int rsa_check_key_length(unsigned int len) 260 { 261 switch (len) { 262 case 512: 263 case 1024: 264 case 1536: 265 case 2048: 266 case 3072: 267 case 4096: 268 return 0; 269 } 270 271 return -EINVAL; 272 } 273 274 static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, 275 unsigned int keylen) 276 { 277 struct rsa_key *pkey = akcipher_tfm_ctx(tfm); 278 int ret; 279 280 ret = rsa_parse_pub_key(pkey, key, keylen); 281 if (ret) 282 return ret; 283 284 if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) { 285 rsa_free_key(pkey); 286 ret = -EINVAL; 287 } 288 return ret; 289 } 290 291 static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, 292 unsigned int keylen) 293 { 294 struct rsa_key *pkey = akcipher_tfm_ctx(tfm); 295 int ret; 296 297 ret = rsa_parse_priv_key(pkey, key, keylen); 298 if (ret) 299 return ret; 300 301 if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) { 302 rsa_free_key(pkey); 303 ret = -EINVAL; 304 } 305 return ret; 306 } 307 308 static int rsa_max_size(struct crypto_akcipher *tfm) 309 { 310 struct rsa_key *pkey = akcipher_tfm_ctx(tfm); 311 312 return pkey->n ? mpi_get_size(pkey->n) : -EINVAL; 313 } 314 315 static void rsa_exit_tfm(struct crypto_akcipher *tfm) 316 { 317 struct rsa_key *pkey = akcipher_tfm_ctx(tfm); 318 319 rsa_free_key(pkey); 320 } 321 322 static struct akcipher_alg rsa = { 323 .encrypt = rsa_enc, 324 .decrypt = rsa_dec, 325 .sign = rsa_sign, 326 .verify = rsa_verify, 327 .set_priv_key = rsa_set_priv_key, 328 .set_pub_key = rsa_set_pub_key, 329 .max_size = rsa_max_size, 330 .exit = rsa_exit_tfm, 331 .base = { 332 .cra_name = "rsa", 333 .cra_driver_name = "rsa-generic", 334 .cra_priority = 100, 335 .cra_module = THIS_MODULE, 336 .cra_ctxsize = sizeof(struct rsa_key), 337 }, 338 }; 339 340 static int rsa_init(void) 341 { 342 return crypto_register_akcipher(&rsa); 343 } 344 345 static void rsa_exit(void) 346 { 347 crypto_unregister_akcipher(&rsa); 348 } 349 350 module_init(rsa_init); 351 module_exit(rsa_exit); 352 MODULE_ALIAS_CRYPTO("rsa"); 353 MODULE_LICENSE("GPL"); 354 MODULE_DESCRIPTION("RSA generic algorithm"); 355