18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 28c2ecf20Sopenharmony_ci/* RSA asymmetric public-key algorithm [RFC3447] 38c2ecf20Sopenharmony_ci * 48c2ecf20Sopenharmony_ci * Copyright (c) 2015, Intel Corporation 58c2ecf20Sopenharmony_ci * Authors: Tadeusz Struk <tadeusz.struk@intel.com> 68c2ecf20Sopenharmony_ci */ 78c2ecf20Sopenharmony_ci 88c2ecf20Sopenharmony_ci#include <linux/module.h> 98c2ecf20Sopenharmony_ci#include <linux/mpi.h> 108c2ecf20Sopenharmony_ci#include <crypto/internal/rsa.h> 118c2ecf20Sopenharmony_ci#include <crypto/internal/akcipher.h> 128c2ecf20Sopenharmony_ci#include <crypto/akcipher.h> 138c2ecf20Sopenharmony_ci#include <crypto/algapi.h> 148c2ecf20Sopenharmony_ci 158c2ecf20Sopenharmony_cistruct rsa_mpi_key { 168c2ecf20Sopenharmony_ci MPI n; 178c2ecf20Sopenharmony_ci MPI e; 188c2ecf20Sopenharmony_ci MPI d; 198c2ecf20Sopenharmony_ci}; 208c2ecf20Sopenharmony_ci 218c2ecf20Sopenharmony_ci/* 228c2ecf20Sopenharmony_ci * RSAEP function [RFC3447 sec 5.1.1] 238c2ecf20Sopenharmony_ci * c = m^e mod n; 248c2ecf20Sopenharmony_ci */ 258c2ecf20Sopenharmony_cistatic int _rsa_enc(const struct rsa_mpi_key *key, MPI c, MPI m) 268c2ecf20Sopenharmony_ci{ 278c2ecf20Sopenharmony_ci /* (1) Validate 0 <= m < n */ 288c2ecf20Sopenharmony_ci if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0) 298c2ecf20Sopenharmony_ci return -EINVAL; 308c2ecf20Sopenharmony_ci 318c2ecf20Sopenharmony_ci /* (2) c = m^e mod n */ 328c2ecf20Sopenharmony_ci return mpi_powm(c, m, key->e, key->n); 338c2ecf20Sopenharmony_ci} 348c2ecf20Sopenharmony_ci 358c2ecf20Sopenharmony_ci/* 368c2ecf20Sopenharmony_ci * RSADP function [RFC3447 sec 5.1.2] 378c2ecf20Sopenharmony_ci * m = c^d mod n; 388c2ecf20Sopenharmony_ci */ 398c2ecf20Sopenharmony_cistatic int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c) 408c2ecf20Sopenharmony_ci{ 418c2ecf20Sopenharmony_ci /* (1) Validate 0 <= c < n */ 428c2ecf20Sopenharmony_ci if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0) 438c2ecf20Sopenharmony_ci return -EINVAL; 448c2ecf20Sopenharmony_ci 458c2ecf20Sopenharmony_ci /* (2) m = c^d mod n */ 468c2ecf20Sopenharmony_ci return mpi_powm(m, c, key->d, key->n); 478c2ecf20Sopenharmony_ci} 488c2ecf20Sopenharmony_ci 498c2ecf20Sopenharmony_cistatic inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm) 508c2ecf20Sopenharmony_ci{ 518c2ecf20Sopenharmony_ci return akcipher_tfm_ctx(tfm); 528c2ecf20Sopenharmony_ci} 538c2ecf20Sopenharmony_ci 548c2ecf20Sopenharmony_cistatic int rsa_enc(struct akcipher_request *req) 558c2ecf20Sopenharmony_ci{ 568c2ecf20Sopenharmony_ci struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 578c2ecf20Sopenharmony_ci const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 588c2ecf20Sopenharmony_ci MPI m, c = mpi_alloc(0); 598c2ecf20Sopenharmony_ci int ret = 0; 608c2ecf20Sopenharmony_ci int sign; 618c2ecf20Sopenharmony_ci 628c2ecf20Sopenharmony_ci if (!c) 638c2ecf20Sopenharmony_ci return -ENOMEM; 648c2ecf20Sopenharmony_ci 658c2ecf20Sopenharmony_ci if (unlikely(!pkey->n || !pkey->e)) { 668c2ecf20Sopenharmony_ci ret = -EINVAL; 678c2ecf20Sopenharmony_ci goto err_free_c; 688c2ecf20Sopenharmony_ci } 698c2ecf20Sopenharmony_ci 708c2ecf20Sopenharmony_ci ret = -ENOMEM; 718c2ecf20Sopenharmony_ci m = mpi_read_raw_from_sgl(req->src, req->src_len); 728c2ecf20Sopenharmony_ci if (!m) 738c2ecf20Sopenharmony_ci goto err_free_c; 748c2ecf20Sopenharmony_ci 758c2ecf20Sopenharmony_ci ret = _rsa_enc(pkey, c, m); 768c2ecf20Sopenharmony_ci if (ret) 778c2ecf20Sopenharmony_ci goto err_free_m; 788c2ecf20Sopenharmony_ci 798c2ecf20Sopenharmony_ci ret = mpi_write_to_sgl(c, req->dst, req->dst_len, &sign); 808c2ecf20Sopenharmony_ci if (ret) 818c2ecf20Sopenharmony_ci goto err_free_m; 828c2ecf20Sopenharmony_ci 838c2ecf20Sopenharmony_ci if (sign < 0) 848c2ecf20Sopenharmony_ci ret = -EBADMSG; 858c2ecf20Sopenharmony_ci 868c2ecf20Sopenharmony_cierr_free_m: 878c2ecf20Sopenharmony_ci mpi_free(m); 888c2ecf20Sopenharmony_cierr_free_c: 898c2ecf20Sopenharmony_ci mpi_free(c); 908c2ecf20Sopenharmony_ci return ret; 918c2ecf20Sopenharmony_ci} 928c2ecf20Sopenharmony_ci 938c2ecf20Sopenharmony_cistatic int rsa_dec(struct akcipher_request *req) 948c2ecf20Sopenharmony_ci{ 958c2ecf20Sopenharmony_ci struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); 968c2ecf20Sopenharmony_ci const struct rsa_mpi_key *pkey = rsa_get_key(tfm); 978c2ecf20Sopenharmony_ci MPI c, m = mpi_alloc(0); 988c2ecf20Sopenharmony_ci int ret = 0; 998c2ecf20Sopenharmony_ci int sign; 1008c2ecf20Sopenharmony_ci 1018c2ecf20Sopenharmony_ci if (!m) 1028c2ecf20Sopenharmony_ci return -ENOMEM; 1038c2ecf20Sopenharmony_ci 1048c2ecf20Sopenharmony_ci if (unlikely(!pkey->n || !pkey->d)) { 1058c2ecf20Sopenharmony_ci ret = -EINVAL; 1068c2ecf20Sopenharmony_ci goto err_free_m; 1078c2ecf20Sopenharmony_ci } 1088c2ecf20Sopenharmony_ci 1098c2ecf20Sopenharmony_ci ret = -ENOMEM; 1108c2ecf20Sopenharmony_ci c = mpi_read_raw_from_sgl(req->src, req->src_len); 1118c2ecf20Sopenharmony_ci if (!c) 1128c2ecf20Sopenharmony_ci goto err_free_m; 1138c2ecf20Sopenharmony_ci 1148c2ecf20Sopenharmony_ci ret = _rsa_dec(pkey, m, c); 1158c2ecf20Sopenharmony_ci if (ret) 1168c2ecf20Sopenharmony_ci goto err_free_c; 1178c2ecf20Sopenharmony_ci 1188c2ecf20Sopenharmony_ci ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign); 1198c2ecf20Sopenharmony_ci if (ret) 1208c2ecf20Sopenharmony_ci goto err_free_c; 1218c2ecf20Sopenharmony_ci 1228c2ecf20Sopenharmony_ci if (sign < 0) 1238c2ecf20Sopenharmony_ci ret = -EBADMSG; 1248c2ecf20Sopenharmony_cierr_free_c: 1258c2ecf20Sopenharmony_ci mpi_free(c); 1268c2ecf20Sopenharmony_cierr_free_m: 1278c2ecf20Sopenharmony_ci mpi_free(m); 1288c2ecf20Sopenharmony_ci return ret; 1298c2ecf20Sopenharmony_ci} 1308c2ecf20Sopenharmony_ci 1318c2ecf20Sopenharmony_cistatic void rsa_free_mpi_key(struct rsa_mpi_key *key) 1328c2ecf20Sopenharmony_ci{ 1338c2ecf20Sopenharmony_ci mpi_free(key->d); 1348c2ecf20Sopenharmony_ci mpi_free(key->e); 1358c2ecf20Sopenharmony_ci mpi_free(key->n); 1368c2ecf20Sopenharmony_ci key->d = NULL; 1378c2ecf20Sopenharmony_ci key->e = NULL; 1388c2ecf20Sopenharmony_ci key->n = NULL; 1398c2ecf20Sopenharmony_ci} 1408c2ecf20Sopenharmony_ci 1418c2ecf20Sopenharmony_cistatic int rsa_check_key_length(unsigned int len) 1428c2ecf20Sopenharmony_ci{ 1438c2ecf20Sopenharmony_ci switch (len) { 1448c2ecf20Sopenharmony_ci case 512: 1458c2ecf20Sopenharmony_ci case 1024: 1468c2ecf20Sopenharmony_ci case 1536: 1478c2ecf20Sopenharmony_ci case 2048: 1488c2ecf20Sopenharmony_ci case 3072: 1498c2ecf20Sopenharmony_ci case 4096: 1508c2ecf20Sopenharmony_ci return 0; 1518c2ecf20Sopenharmony_ci } 1528c2ecf20Sopenharmony_ci 1538c2ecf20Sopenharmony_ci return -EINVAL; 1548c2ecf20Sopenharmony_ci} 1558c2ecf20Sopenharmony_ci 1568c2ecf20Sopenharmony_cistatic int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, 1578c2ecf20Sopenharmony_ci unsigned int keylen) 1588c2ecf20Sopenharmony_ci{ 1598c2ecf20Sopenharmony_ci struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm); 1608c2ecf20Sopenharmony_ci struct rsa_key raw_key = {0}; 1618c2ecf20Sopenharmony_ci int ret; 1628c2ecf20Sopenharmony_ci 1638c2ecf20Sopenharmony_ci /* Free the old MPI key if any */ 1648c2ecf20Sopenharmony_ci rsa_free_mpi_key(mpi_key); 1658c2ecf20Sopenharmony_ci 1668c2ecf20Sopenharmony_ci ret = rsa_parse_pub_key(&raw_key, key, keylen); 1678c2ecf20Sopenharmony_ci if (ret) 1688c2ecf20Sopenharmony_ci return ret; 1698c2ecf20Sopenharmony_ci 1708c2ecf20Sopenharmony_ci mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz); 1718c2ecf20Sopenharmony_ci if (!mpi_key->e) 1728c2ecf20Sopenharmony_ci goto err; 1738c2ecf20Sopenharmony_ci 1748c2ecf20Sopenharmony_ci mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz); 1758c2ecf20Sopenharmony_ci if (!mpi_key->n) 1768c2ecf20Sopenharmony_ci goto err; 1778c2ecf20Sopenharmony_ci 1788c2ecf20Sopenharmony_ci if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) { 1798c2ecf20Sopenharmony_ci rsa_free_mpi_key(mpi_key); 1808c2ecf20Sopenharmony_ci return -EINVAL; 1818c2ecf20Sopenharmony_ci } 1828c2ecf20Sopenharmony_ci 1838c2ecf20Sopenharmony_ci return 0; 1848c2ecf20Sopenharmony_ci 1858c2ecf20Sopenharmony_cierr: 1868c2ecf20Sopenharmony_ci rsa_free_mpi_key(mpi_key); 1878c2ecf20Sopenharmony_ci return -ENOMEM; 1888c2ecf20Sopenharmony_ci} 1898c2ecf20Sopenharmony_ci 1908c2ecf20Sopenharmony_cistatic int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, 1918c2ecf20Sopenharmony_ci unsigned int keylen) 1928c2ecf20Sopenharmony_ci{ 1938c2ecf20Sopenharmony_ci struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm); 1948c2ecf20Sopenharmony_ci struct rsa_key raw_key = {0}; 1958c2ecf20Sopenharmony_ci int ret; 1968c2ecf20Sopenharmony_ci 1978c2ecf20Sopenharmony_ci /* Free the old MPI key if any */ 1988c2ecf20Sopenharmony_ci rsa_free_mpi_key(mpi_key); 1998c2ecf20Sopenharmony_ci 2008c2ecf20Sopenharmony_ci ret = rsa_parse_priv_key(&raw_key, key, keylen); 2018c2ecf20Sopenharmony_ci if (ret) 2028c2ecf20Sopenharmony_ci return ret; 2038c2ecf20Sopenharmony_ci 2048c2ecf20Sopenharmony_ci mpi_key->d = mpi_read_raw_data(raw_key.d, raw_key.d_sz); 2058c2ecf20Sopenharmony_ci if (!mpi_key->d) 2068c2ecf20Sopenharmony_ci goto err; 2078c2ecf20Sopenharmony_ci 2088c2ecf20Sopenharmony_ci mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz); 2098c2ecf20Sopenharmony_ci if (!mpi_key->e) 2108c2ecf20Sopenharmony_ci goto err; 2118c2ecf20Sopenharmony_ci 2128c2ecf20Sopenharmony_ci mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz); 2138c2ecf20Sopenharmony_ci if (!mpi_key->n) 2148c2ecf20Sopenharmony_ci goto err; 2158c2ecf20Sopenharmony_ci 2168c2ecf20Sopenharmony_ci if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) { 2178c2ecf20Sopenharmony_ci rsa_free_mpi_key(mpi_key); 2188c2ecf20Sopenharmony_ci return -EINVAL; 2198c2ecf20Sopenharmony_ci } 2208c2ecf20Sopenharmony_ci 2218c2ecf20Sopenharmony_ci return 0; 2228c2ecf20Sopenharmony_ci 2238c2ecf20Sopenharmony_cierr: 2248c2ecf20Sopenharmony_ci rsa_free_mpi_key(mpi_key); 2258c2ecf20Sopenharmony_ci return -ENOMEM; 2268c2ecf20Sopenharmony_ci} 2278c2ecf20Sopenharmony_ci 2288c2ecf20Sopenharmony_cistatic unsigned int rsa_max_size(struct crypto_akcipher *tfm) 2298c2ecf20Sopenharmony_ci{ 2308c2ecf20Sopenharmony_ci struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); 2318c2ecf20Sopenharmony_ci 2328c2ecf20Sopenharmony_ci return mpi_get_size(pkey->n); 2338c2ecf20Sopenharmony_ci} 2348c2ecf20Sopenharmony_ci 2358c2ecf20Sopenharmony_cistatic void rsa_exit_tfm(struct crypto_akcipher *tfm) 2368c2ecf20Sopenharmony_ci{ 2378c2ecf20Sopenharmony_ci struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm); 2388c2ecf20Sopenharmony_ci 2398c2ecf20Sopenharmony_ci rsa_free_mpi_key(pkey); 2408c2ecf20Sopenharmony_ci} 2418c2ecf20Sopenharmony_ci 2428c2ecf20Sopenharmony_cistatic struct akcipher_alg rsa = { 2438c2ecf20Sopenharmony_ci .encrypt = rsa_enc, 2448c2ecf20Sopenharmony_ci .decrypt = rsa_dec, 2458c2ecf20Sopenharmony_ci .set_priv_key = rsa_set_priv_key, 2468c2ecf20Sopenharmony_ci .set_pub_key = rsa_set_pub_key, 2478c2ecf20Sopenharmony_ci .max_size = rsa_max_size, 2488c2ecf20Sopenharmony_ci .exit = rsa_exit_tfm, 2498c2ecf20Sopenharmony_ci .base = { 2508c2ecf20Sopenharmony_ci .cra_name = "rsa", 2518c2ecf20Sopenharmony_ci .cra_driver_name = "rsa-generic", 2528c2ecf20Sopenharmony_ci .cra_priority = 100, 2538c2ecf20Sopenharmony_ci .cra_module = THIS_MODULE, 2548c2ecf20Sopenharmony_ci .cra_ctxsize = sizeof(struct rsa_mpi_key), 2558c2ecf20Sopenharmony_ci }, 2568c2ecf20Sopenharmony_ci}; 2578c2ecf20Sopenharmony_ci 2588c2ecf20Sopenharmony_cistatic int rsa_init(void) 2598c2ecf20Sopenharmony_ci{ 2608c2ecf20Sopenharmony_ci int err; 2618c2ecf20Sopenharmony_ci 2628c2ecf20Sopenharmony_ci err = crypto_register_akcipher(&rsa); 2638c2ecf20Sopenharmony_ci if (err) 2648c2ecf20Sopenharmony_ci return err; 2658c2ecf20Sopenharmony_ci 2668c2ecf20Sopenharmony_ci err = crypto_register_template(&rsa_pkcs1pad_tmpl); 2678c2ecf20Sopenharmony_ci if (err) { 2688c2ecf20Sopenharmony_ci crypto_unregister_akcipher(&rsa); 2698c2ecf20Sopenharmony_ci return err; 2708c2ecf20Sopenharmony_ci } 2718c2ecf20Sopenharmony_ci 2728c2ecf20Sopenharmony_ci return 0; 2738c2ecf20Sopenharmony_ci} 2748c2ecf20Sopenharmony_ci 2758c2ecf20Sopenharmony_cistatic void rsa_exit(void) 2768c2ecf20Sopenharmony_ci{ 2778c2ecf20Sopenharmony_ci crypto_unregister_template(&rsa_pkcs1pad_tmpl); 2788c2ecf20Sopenharmony_ci crypto_unregister_akcipher(&rsa); 2798c2ecf20Sopenharmony_ci} 2808c2ecf20Sopenharmony_ci 2818c2ecf20Sopenharmony_cisubsys_initcall(rsa_init); 2828c2ecf20Sopenharmony_cimodule_exit(rsa_exit); 2838c2ecf20Sopenharmony_ciMODULE_ALIAS_CRYPTO("rsa"); 2848c2ecf20Sopenharmony_ciMODULE_LICENSE("GPL"); 2858c2ecf20Sopenharmony_ciMODULE_DESCRIPTION("RSA generic algorithm"); 286