linux/crypto/rsa.c
<<
>>
Prefs 
   1/* RSA asymmetric public-key algorithm [RFC3447]
   2 *
   3 * Copyright (c) 2015, Intel Corporation
   4 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public Licence
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the Licence, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <crypto/internal/rsa.h>
  14#include <crypto/internal/akcipher.h>
  15#include <crypto/akcipher.h>
  16#include <crypto/algapi.h>
  17
  18/*
  19 * RSAEP function [RFC3447 sec 5.1.1]
  20 * c = m^e mod n;
  21 */
  22static int _rsa_enc(const struct rsa_key *key, MPI c, MPI m)
  23{
  24        /* (1) Validate 0 <= m < n */
  25        if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
  26                return -EINVAL;
  27
  28        /* (2) c = m^e mod n */
  29        return mpi_powm(c, m, key->e, key->n);
  30}
  31
  32/*
  33 * RSADP function [RFC3447 sec 5.1.2]
  34 * m = c^d mod n;
  35 */
  36static int _rsa_dec(const struct rsa_key *key, MPI m, MPI c)
  37{
  38        /* (1) Validate 0 <= c < n */
  39        if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0)
  40                return -EINVAL;
  41
  42        /* (2) m = c^d mod n */
  43        return mpi_powm(m, c, key->d, key->n);
  44}
  45
  46/*
  47 * RSASP1 function [RFC3447 sec 5.2.1]
  48 * s = m^d mod n
  49 */
  50static int _rsa_sign(const struct rsa_key *key, MPI s, MPI m)
  51{
  52        /* (1) Validate 0 <= m < n */
  53        if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
  54                return -EINVAL;
  55
  56        /* (2) s = m^d mod n */
  57        return mpi_powm(s, m, key->d, key->n);
  58}
  59
  60/*
  61 * RSAVP1 function [RFC3447 sec 5.2.2]
  62 * m = s^e mod n;
  63 */
  64static int _rsa_verify(const struct rsa_key *key, MPI m, MPI s)
  65{
  66        /* (1) Validate 0 <= s < n */
  67        if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0)
  68                return -EINVAL;
  69
  70        /* (2) m = s^e mod n */
  71        return mpi_powm(m, s, key->e, key->n);
  72}
  73
  74static inline struct rsa_key *rsa_get_key(struct crypto_akcipher *tfm)
  75{
  76        return akcipher_tfm_ctx(tfm);
  77}
  78
  79static int rsa_enc(struct akcipher_request *req)
  80{
  81        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
  82        const struct rsa_key *pkey = rsa_get_key(tfm);
  83        MPI m, c = mpi_alloc(0);
  84        int ret = 0;
  85        int sign;
  86
  87        if (!c)
  88                return -ENOMEM;
  89
  90        if (unlikely(!pkey->n || !pkey->e)) {
  91                ret = -EINVAL;
  92                goto err_free_c;
  93        }
  94
  95        ret = -ENOMEM;
  96        m = mpi_read_raw_from_sgl(req->src, req->src_len);
  97        if (!m)
  98                goto err_free_c;
  99
 100        ret = _rsa_enc(pkey, c, m);
 101        if (ret)
 102                goto err_free_m;
 103
 104        ret = mpi_write_to_sgl(c, req->dst, &req->dst_len, &sign);
 105        if (ret)
 106                goto err_free_m;
 107
 108        if (sign < 0)
 109                ret = -EBADMSG;
 110
 111err_free_m:
 112        mpi_free(m);
 113err_free_c:
 114        mpi_free(c);
 115        return ret;
 116}
 117
 118static int rsa_dec(struct akcipher_request *req)
 119{
 120        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 121        const struct rsa_key *pkey = rsa_get_key(tfm);
 122        MPI c, m = mpi_alloc(0);
 123        int ret = 0;
 124        int sign;
 125
 126        if (!m)
 127                return -ENOMEM;
 128
 129        if (unlikely(!pkey->n || !pkey->d)) {
 130                ret = -EINVAL;
 131                goto err_free_m;
 132        }
 133
 134        ret = -ENOMEM;
 135        c = mpi_read_raw_from_sgl(req->src, req->src_len);
 136        if (!c)
 137                goto err_free_m;
 138
 139        ret = _rsa_dec(pkey, m, c);
 140        if (ret)
 141                goto err_free_c;
 142
 143        ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
 144        if (ret)
 145                goto err_free_c;
 146
 147        if (sign < 0)
 148                ret = -EBADMSG;
 149err_free_c:
 150        mpi_free(c);
 151err_free_m:
 152        mpi_free(m);
 153        return ret;
 154}
 155
 156static int rsa_sign(struct akcipher_request *req)
 157{
 158        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 159        const struct rsa_key *pkey = rsa_get_key(tfm);
 160        MPI m, s = mpi_alloc(0);
 161        int ret = 0;
 162        int sign;
 163
 164        if (!s)
 165                return -ENOMEM;
 166
 167        if (unlikely(!pkey->n || !pkey->d)) {
 168                ret = -EINVAL;
 169                goto err_free_s;
 170        }
 171
 172        ret = -ENOMEM;
 173        m = mpi_read_raw_from_sgl(req->src, req->src_len);
 174        if (!m)
 175                goto err_free_s;
 176
 177        ret = _rsa_sign(pkey, s, m);
 178        if (ret)
 179                goto err_free_m;
 180
 181        ret = mpi_write_to_sgl(s, req->dst, &req->dst_len, &sign);
 182        if (ret)
 183                goto err_free_m;
 184
 185        if (sign < 0)
 186                ret = -EBADMSG;
 187
 188err_free_m:
 189        mpi_free(m);
 190err_free_s:
 191        mpi_free(s);
 192        return ret;
 193}
 194
 195static int rsa_verify(struct akcipher_request *req)
 196{
 197        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 198        const struct rsa_key *pkey = rsa_get_key(tfm);
 199        MPI s, m = mpi_alloc(0);
 200        int ret = 0;
 201        int sign;
 202
 203        if (!m)
 204                return -ENOMEM;
 205
 206        if (unlikely(!pkey->n || !pkey->e)) {
 207                ret = -EINVAL;
 208                goto err_free_m;
 209        }
 210
 211        ret = -ENOMEM;
 212        s = mpi_read_raw_from_sgl(req->src, req->src_len);
 213        if (!s) {
 214                ret = -ENOMEM;
 215                goto err_free_m;
 216        }
 217
 218        ret = _rsa_verify(pkey, m, s);
 219        if (ret)
 220                goto err_free_s;
 221
 222        ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
 223        if (ret)
 224                goto err_free_s;
 225
 226        if (sign < 0)
 227                ret = -EBADMSG;
 228
 229err_free_s:
 230        mpi_free(s);
 231err_free_m:
 232        mpi_free(m);
 233        return ret;
 234}
 235
 236static int rsa_check_key_length(unsigned int len)
 237{
 238        switch (len) {
 239        case 512:
 240        case 1024:
 241        case 1536:
 242        case 2048:
 243        case 3072:
 244        case 4096:
 245                return 0;
 246        }
 247
 248        return -EINVAL;
 249}
 250
 251static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
 252                           unsigned int keylen)
 253{
 254        struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
 255        int ret;
 256
 257        ret = rsa_parse_pub_key(pkey, key, keylen);
 258        if (ret)
 259                return ret;
 260
 261        if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
 262                rsa_free_key(pkey);
 263                ret = -EINVAL;
 264        }
 265        return ret;
 266}
 267
 268static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
 269                            unsigned int keylen)
 270{
 271        struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
 272        int ret;
 273
 274        ret = rsa_parse_priv_key(pkey, key, keylen);
 275        if (ret)
 276                return ret;
 277
 278        if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
 279                rsa_free_key(pkey);
 280                ret = -EINVAL;
 281        }
 282        return ret;
 283}
 284
 285static int rsa_max_size(struct crypto_akcipher *tfm)
 286{
 287        struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
 288
 289        return pkey->n ? mpi_get_size(pkey->n) : -EINVAL;
 290}
 291
 292static void rsa_exit_tfm(struct crypto_akcipher *tfm)
 293{
 294        struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
 295
 296        rsa_free_key(pkey);
 297}
 298
 299static struct akcipher_alg rsa = {
 300        .encrypt = rsa_enc,
 301        .decrypt = rsa_dec,
 302        .sign = rsa_sign,
 303        .verify = rsa_verify,
 304        .set_priv_key = rsa_set_priv_key,
 305        .set_pub_key = rsa_set_pub_key,
 306        .max_size = rsa_max_size,
 307        .exit = rsa_exit_tfm,
 308        .base = {
 309                .cra_name = "rsa",
 310                .cra_driver_name = "rsa-generic",
 311                .cra_priority = 100,
 312                .cra_module = THIS_MODULE,
 313                .cra_ctxsize = sizeof(struct rsa_key),
 314        },
 315};
 316
 317static int rsa_init(void)
 318{
 319        int err;
 320
 321        err = crypto_register_akcipher(&rsa);
 322        if (err)
 323                return err;
 324
 325        err = crypto_register_template(&rsa_pkcs1pad_tmpl);
 326        if (err) {
 327                crypto_unregister_akcipher(&rsa);
 328                return err;
 329        }
 330
 331        return 0;
 332}
 333
 334static void rsa_exit(void)
 335{
 336        crypto_unregister_template(&rsa_pkcs1pad_tmpl);
 337        crypto_unregister_akcipher(&rsa);
 338}
 339
 340module_init(rsa_init);
 341module_exit(rsa_exit);
 342MODULE_ALIAS_CRYPTO("rsa");
 343MODULE_LICENSE("GPL");
 344MODULE_DESCRIPTION("RSA generic algorithm");
 345
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.