xref: /openbmc/linux/crypto/rsa.c (revision ec8f24b7faaf3d4799a7c3f4c1b87f6b02778ad1) 
1 /* RSA asymmetric public-key algorithm [RFC3447]
2  *
3  * Copyright (c) 2015, Intel Corporation
4  * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public Licence
8  * as published by the Free Software Foundation; either version
9  * 2 of the Licence, or (at your option) any later version.
10  */
11 
12 #include <linux/module.h>
13 #include <linux/mpi.h>
14 #include <crypto/internal/rsa.h>
15 #include <crypto/internal/akcipher.h>
16 #include <crypto/akcipher.h>
17 #include <crypto/algapi.h>
18 
19 struct rsa_mpi_key {
20 	MPI n;
21 	MPI e;
22 	MPI d;
23 };
24 
25 /*
26  * RSAEP function [RFC3447 sec 5.1.1]
27  * c = m^e mod n;
28  */
29 static int _rsa_enc(const struct rsa_mpi_key *key, MPI c, MPI m)
30 {
31 	/* (1) Validate 0 <= m < n */
32 	if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
33 		return -EINVAL;
34 
35 	/* (2) c = m^e mod n */
36 	return mpi_powm(c, m, key->e, key->n);
37 }
38 
39 /*
40  * RSADP function [RFC3447 sec 5.1.2]
41  * m = c^d mod n;
42  */
43 static int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c)
44 {
45 	/* (1) Validate 0 <= c < n */
46 	if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0)
47 		return -EINVAL;
48 
49 	/* (2) m = c^d mod n */
50 	return mpi_powm(m, c, key->d, key->n);
51 }
52 
53 static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm)
54 {
55 	return akcipher_tfm_ctx(tfm);
56 }
57 
58 static int rsa_enc(struct akcipher_request *req)
59 {
60 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
61 	const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
62 	MPI m, c = mpi_alloc(0);
63 	int ret = 0;
64 	int sign;
65 
66 	if (!c)
67 		return -ENOMEM;
68 
69 	if (unlikely(!pkey->n || !pkey->e)) {
70 		ret = -EINVAL;
71 		goto err_free_c;
72 	}
73 
74 	ret = -ENOMEM;
75 	m = mpi_read_raw_from_sgl(req->src, req->src_len);
76 	if (!m)
77 		goto err_free_c;
78 
79 	ret = _rsa_enc(pkey, c, m);
80 	if (ret)
81 		goto err_free_m;
82 
83 	ret = mpi_write_to_sgl(c, req->dst, req->dst_len, &sign);
84 	if (ret)
85 		goto err_free_m;
86 
87 	if (sign < 0)
88 		ret = -EBADMSG;
89 
90 err_free_m:
91 	mpi_free(m);
92 err_free_c:
93 	mpi_free(c);
94 	return ret;
95 }
96 
97 static int rsa_dec(struct akcipher_request *req)
98 {
99 	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
100 	const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
101 	MPI c, m = mpi_alloc(0);
102 	int ret = 0;
103 	int sign;
104 
105 	if (!m)
106 		return -ENOMEM;
107 
108 	if (unlikely(!pkey->n || !pkey->d)) {
109 		ret = -EINVAL;
110 		goto err_free_m;
111 	}
112 
113 	ret = -ENOMEM;
114 	c = mpi_read_raw_from_sgl(req->src, req->src_len);
115 	if (!c)
116 		goto err_free_m;
117 
118 	ret = _rsa_dec(pkey, m, c);
119 	if (ret)
120 		goto err_free_c;
121 
122 	ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
123 	if (ret)
124 		goto err_free_c;
125 
126 	if (sign < 0)
127 		ret = -EBADMSG;
128 err_free_c:
129 	mpi_free(c);
130 err_free_m:
131 	mpi_free(m);
132 	return ret;
133 }
134 
135 static void rsa_free_mpi_key(struct rsa_mpi_key *key)
136 {
137 	mpi_free(key->d);
138 	mpi_free(key->e);
139 	mpi_free(key->n);
140 	key->d = NULL;
141 	key->e = NULL;
142 	key->n = NULL;
143 }
144 
145 static int rsa_check_key_length(unsigned int len)
146 {
147 	switch (len) {
148 	case 512:
149 	case 1024:
150 	case 1536:
151 	case 2048:
152 	case 3072:
153 	case 4096:
154 		return 0;
155 	}
156 
157 	return -EINVAL;
158 }
159 
160 static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
161 			   unsigned int keylen)
162 {
163 	struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm);
164 	struct rsa_key raw_key = {0};
165 	int ret;
166 
167 	/* Free the old MPI key if any */
168 	rsa_free_mpi_key(mpi_key);
169 
170 	ret = rsa_parse_pub_key(&raw_key, key, keylen);
171 	if (ret)
172 		return ret;
173 
174 	mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz);
175 	if (!mpi_key->e)
176 		goto err;
177 
178 	mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz);
179 	if (!mpi_key->n)
180 		goto err;
181 
182 	if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) {
183 		rsa_free_mpi_key(mpi_key);
184 		return -EINVAL;
185 	}
186 
187 	return 0;
188 
189 err:
190 	rsa_free_mpi_key(mpi_key);
191 	return -ENOMEM;
192 }
193 
194 static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
195 			    unsigned int keylen)
196 {
197 	struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm);
198 	struct rsa_key raw_key = {0};
199 	int ret;
200 
201 	/* Free the old MPI key if any */
202 	rsa_free_mpi_key(mpi_key);
203 
204 	ret = rsa_parse_priv_key(&raw_key, key, keylen);
205 	if (ret)
206 		return ret;
207 
208 	mpi_key->d = mpi_read_raw_data(raw_key.d, raw_key.d_sz);
209 	if (!mpi_key->d)
210 		goto err;
211 
212 	mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz);
213 	if (!mpi_key->e)
214 		goto err;
215 
216 	mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz);
217 	if (!mpi_key->n)
218 		goto err;
219 
220 	if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) {
221 		rsa_free_mpi_key(mpi_key);
222 		return -EINVAL;
223 	}
224 
225 	return 0;
226 
227 err:
228 	rsa_free_mpi_key(mpi_key);
229 	return -ENOMEM;
230 }
231 
232 static unsigned int rsa_max_size(struct crypto_akcipher *tfm)
233 {
234 	struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm);
235 
236 	return mpi_get_size(pkey->n);
237 }
238 
239 static void rsa_exit_tfm(struct crypto_akcipher *tfm)
240 {
241 	struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm);
242 
243 	rsa_free_mpi_key(pkey);
244 }
245 
246 static struct akcipher_alg rsa = {
247 	.encrypt = rsa_enc,
248 	.decrypt = rsa_dec,
249 	.set_priv_key = rsa_set_priv_key,
250 	.set_pub_key = rsa_set_pub_key,
251 	.max_size = rsa_max_size,
252 	.exit = rsa_exit_tfm,
253 	.base = {
254 		.cra_name = "rsa",
255 		.cra_driver_name = "rsa-generic",
256 		.cra_priority = 100,
257 		.cra_module = THIS_MODULE,
258 		.cra_ctxsize = sizeof(struct rsa_mpi_key),
259 	},
260 };
261 
262 static int rsa_init(void)
263 {
264 	int err;
265 
266 	err = crypto_register_akcipher(&rsa);
267 	if (err)
268 		return err;
269 
270 	err = crypto_register_template(&rsa_pkcs1pad_tmpl);
271 	if (err) {
272 		crypto_unregister_akcipher(&rsa);
273 		return err;
274 	}
275 
276 	return 0;
277 }
278 
279 static void rsa_exit(void)
280 {
281 	crypto_unregister_template(&rsa_pkcs1pad_tmpl);
282 	crypto_unregister_akcipher(&rsa);
283 }
284 
285 subsys_initcall(rsa_init);
286 module_exit(rsa_exit);
287 MODULE_ALIAS_CRYPTO("rsa");
288 MODULE_LICENSE("GPL");
289 MODULE_DESCRIPTION("RSA generic algorithm");
290