]>
git.proxmox.com Git - mirror_ubuntu-kernels.git/blob - crypto/rsa.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* RSA asymmetric public-key algorithm [RFC3447]
4 * Copyright (c) 2015, Intel Corporation
5 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
8 #include <linux/fips.h>
9 #include <linux/module.h>
10 #include <linux/mpi.h>
11 #include <crypto/internal/rsa.h>
12 #include <crypto/internal/akcipher.h>
13 #include <crypto/akcipher.h>
14 #include <crypto/algapi.h>
28 * RSAEP function [RFC3447 sec 5.1.1]
31 static int _rsa_enc(const struct rsa_mpi_key
*key
, MPI c
, MPI m
)
33 /* (1) Validate 0 <= m < n */
34 if (mpi_cmp_ui(m
, 0) < 0 || mpi_cmp(m
, key
->n
) >= 0)
37 /* (2) c = m^e mod n */
38 return mpi_powm(c
, m
, key
->e
, key
->n
);
42 * RSADP function [RFC3447 sec 5.1.2]
45 * h = (m_1 - m_2) * qInv mod p;
48 static int _rsa_dec_crt(const struct rsa_mpi_key
*key
, MPI m_or_m1_or_h
, MPI c
)
53 /* (1) Validate 0 <= c < n */
54 if (mpi_cmp_ui(c
, 0) < 0 || mpi_cmp(c
, key
->n
) >= 0)
58 m12_or_qh
= mpi_alloc(0);
59 if (!m2
|| !m12_or_qh
)
62 /* (2i) m_1 = c^dP mod p */
63 ret
= mpi_powm(m_or_m1_or_h
, c
, key
->dp
, key
->p
);
67 /* (2i) m_2 = c^dQ mod q */
68 ret
= mpi_powm(m2
, c
, key
->dq
, key
->q
);
72 /* (2iii) h = (m_1 - m_2) * qInv mod p */
73 mpi_sub(m12_or_qh
, m_or_m1_or_h
, m2
);
74 mpi_mulm(m_or_m1_or_h
, m12_or_qh
, key
->qinv
, key
->p
);
76 /* (2iv) m = m_2 + q * h */
77 mpi_mul(m12_or_qh
, key
->q
, m_or_m1_or_h
);
78 mpi_addm(m_or_m1_or_h
, m2
, m12_or_qh
, key
->n
);
88 static inline struct rsa_mpi_key
*rsa_get_key(struct crypto_akcipher
*tfm
)
90 return akcipher_tfm_ctx(tfm
);
93 static int rsa_enc(struct akcipher_request
*req
)
95 struct crypto_akcipher
*tfm
= crypto_akcipher_reqtfm(req
);
96 const struct rsa_mpi_key
*pkey
= rsa_get_key(tfm
);
97 MPI m
, c
= mpi_alloc(0);
104 if (unlikely(!pkey
->n
|| !pkey
->e
)) {
110 m
= mpi_read_raw_from_sgl(req
->src
, req
->src_len
);
114 ret
= _rsa_enc(pkey
, c
, m
);
118 ret
= mpi_write_to_sgl(c
, req
->dst
, req
->dst_len
, &sign
);
132 static int rsa_dec(struct akcipher_request
*req
)
134 struct crypto_akcipher
*tfm
= crypto_akcipher_reqtfm(req
);
135 const struct rsa_mpi_key
*pkey
= rsa_get_key(tfm
);
136 MPI c
, m
= mpi_alloc(0);
143 if (unlikely(!pkey
->n
|| !pkey
->d
)) {
149 c
= mpi_read_raw_from_sgl(req
->src
, req
->src_len
);
153 ret
= _rsa_dec_crt(pkey
, m
, c
);
157 ret
= mpi_write_to_sgl(m
, req
->dst
, req
->dst_len
, &sign
);
170 static void rsa_free_mpi_key(struct rsa_mpi_key
*key
)
190 static int rsa_check_key_length(unsigned int len
)
208 static int rsa_check_exponent_fips(MPI e
)
213 if (!mpi_test_bit(e
, 0)) {
217 /* check if 2^16 < e < 2^256. */
218 if (mpi_cmp_ui(e
, 65536) <= 0) {
222 e_max
= mpi_alloc(0);
223 mpi_set_bit(e_max
, 256);
225 if (mpi_cmp(e
, e_max
) >= 0) {
234 static int rsa_set_pub_key(struct crypto_akcipher
*tfm
, const void *key
,
237 struct rsa_mpi_key
*mpi_key
= akcipher_tfm_ctx(tfm
);
238 struct rsa_key raw_key
= {0};
241 /* Free the old MPI key if any */
242 rsa_free_mpi_key(mpi_key
);
244 ret
= rsa_parse_pub_key(&raw_key
, key
, keylen
);
248 mpi_key
->e
= mpi_read_raw_data(raw_key
.e
, raw_key
.e_sz
);
252 mpi_key
->n
= mpi_read_raw_data(raw_key
.n
, raw_key
.n_sz
);
256 if (rsa_check_key_length(mpi_get_size(mpi_key
->n
) << 3)) {
257 rsa_free_mpi_key(mpi_key
);
261 if (fips_enabled
&& rsa_check_exponent_fips(mpi_key
->e
)) {
262 rsa_free_mpi_key(mpi_key
);
269 rsa_free_mpi_key(mpi_key
);
273 static int rsa_set_priv_key(struct crypto_akcipher
*tfm
, const void *key
,
276 struct rsa_mpi_key
*mpi_key
= akcipher_tfm_ctx(tfm
);
277 struct rsa_key raw_key
= {0};
280 /* Free the old MPI key if any */
281 rsa_free_mpi_key(mpi_key
);
283 ret
= rsa_parse_priv_key(&raw_key
, key
, keylen
);
287 mpi_key
->d
= mpi_read_raw_data(raw_key
.d
, raw_key
.d_sz
);
291 mpi_key
->e
= mpi_read_raw_data(raw_key
.e
, raw_key
.e_sz
);
295 mpi_key
->n
= mpi_read_raw_data(raw_key
.n
, raw_key
.n_sz
);
299 mpi_key
->p
= mpi_read_raw_data(raw_key
.p
, raw_key
.p_sz
);
303 mpi_key
->q
= mpi_read_raw_data(raw_key
.q
, raw_key
.q_sz
);
307 mpi_key
->dp
= mpi_read_raw_data(raw_key
.dp
, raw_key
.dp_sz
);
311 mpi_key
->dq
= mpi_read_raw_data(raw_key
.dq
, raw_key
.dq_sz
);
315 mpi_key
->qinv
= mpi_read_raw_data(raw_key
.qinv
, raw_key
.qinv_sz
);
319 if (rsa_check_key_length(mpi_get_size(mpi_key
->n
) << 3)) {
320 rsa_free_mpi_key(mpi_key
);
324 if (fips_enabled
&& rsa_check_exponent_fips(mpi_key
->e
)) {
325 rsa_free_mpi_key(mpi_key
);
332 rsa_free_mpi_key(mpi_key
);
336 static unsigned int rsa_max_size(struct crypto_akcipher
*tfm
)
338 struct rsa_mpi_key
*pkey
= akcipher_tfm_ctx(tfm
);
340 return mpi_get_size(pkey
->n
);
343 static void rsa_exit_tfm(struct crypto_akcipher
*tfm
)
345 struct rsa_mpi_key
*pkey
= akcipher_tfm_ctx(tfm
);
347 rsa_free_mpi_key(pkey
);
350 static struct akcipher_alg rsa
= {
353 .set_priv_key
= rsa_set_priv_key
,
354 .set_pub_key
= rsa_set_pub_key
,
355 .max_size
= rsa_max_size
,
356 .exit
= rsa_exit_tfm
,
359 .cra_driver_name
= "rsa-generic",
361 .cra_module
= THIS_MODULE
,
362 .cra_ctxsize
= sizeof(struct rsa_mpi_key
),
366 static int __init
rsa_init(void)
370 err
= crypto_register_akcipher(&rsa
);
374 err
= crypto_register_template(&rsa_pkcs1pad_tmpl
);
376 crypto_unregister_akcipher(&rsa
);
383 static void __exit
rsa_exit(void)
385 crypto_unregister_template(&rsa_pkcs1pad_tmpl
);
386 crypto_unregister_akcipher(&rsa
);
389 subsys_initcall(rsa_init
);
390 module_exit(rsa_exit
);
391 MODULE_ALIAS_CRYPTO("rsa");
392 MODULE_LICENSE("GPL");
393 MODULE_DESCRIPTION("RSA generic algorithm");