18c2ecf20Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later
28c2ecf20Sopenharmony_ci/*
38c2ecf20Sopenharmony_ci * RSA key extract helper
48c2ecf20Sopenharmony_ci *
58c2ecf20Sopenharmony_ci * Copyright (c) 2015, Intel Corporation
68c2ecf20Sopenharmony_ci * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
78c2ecf20Sopenharmony_ci */
88c2ecf20Sopenharmony_ci#include <linux/kernel.h>
98c2ecf20Sopenharmony_ci#include <linux/export.h>
108c2ecf20Sopenharmony_ci#include <linux/err.h>
118c2ecf20Sopenharmony_ci#include <linux/fips.h>
128c2ecf20Sopenharmony_ci#include <crypto/internal/rsa.h>
138c2ecf20Sopenharmony_ci#include "rsapubkey.asn1.h"
148c2ecf20Sopenharmony_ci#include "rsaprivkey.asn1.h"
158c2ecf20Sopenharmony_ci
168c2ecf20Sopenharmony_ciint rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
178c2ecf20Sopenharmony_ci	      const void *value, size_t vlen)
188c2ecf20Sopenharmony_ci{
198c2ecf20Sopenharmony_ci	struct rsa_key *key = context;
208c2ecf20Sopenharmony_ci	const u8 *ptr = value;
218c2ecf20Sopenharmony_ci	size_t n_sz = vlen;
228c2ecf20Sopenharmony_ci
238c2ecf20Sopenharmony_ci	/* invalid key provided */
248c2ecf20Sopenharmony_ci	if (!value || !vlen)
258c2ecf20Sopenharmony_ci		return -EINVAL;
268c2ecf20Sopenharmony_ci
278c2ecf20Sopenharmony_ci	if (fips_enabled) {
288c2ecf20Sopenharmony_ci		while (n_sz && !*ptr) {
298c2ecf20Sopenharmony_ci			ptr++;
308c2ecf20Sopenharmony_ci			n_sz--;
318c2ecf20Sopenharmony_ci		}
328c2ecf20Sopenharmony_ci
338c2ecf20Sopenharmony_ci		/* In FIPS mode only allow key size 2K and higher */
348c2ecf20Sopenharmony_ci		if (n_sz < 256) {
358c2ecf20Sopenharmony_ci			pr_err("RSA: key size not allowed in FIPS mode\n");
368c2ecf20Sopenharmony_ci			return -EINVAL;
378c2ecf20Sopenharmony_ci		}
388c2ecf20Sopenharmony_ci	}
398c2ecf20Sopenharmony_ci
408c2ecf20Sopenharmony_ci	key->n = value;
418c2ecf20Sopenharmony_ci	key->n_sz = vlen;
428c2ecf20Sopenharmony_ci
438c2ecf20Sopenharmony_ci	return 0;
448c2ecf20Sopenharmony_ci}
458c2ecf20Sopenharmony_ci
468c2ecf20Sopenharmony_ciint rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
478c2ecf20Sopenharmony_ci	      const void *value, size_t vlen)
488c2ecf20Sopenharmony_ci{
498c2ecf20Sopenharmony_ci	struct rsa_key *key = context;
508c2ecf20Sopenharmony_ci
518c2ecf20Sopenharmony_ci	/* invalid key provided */
528c2ecf20Sopenharmony_ci	if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
538c2ecf20Sopenharmony_ci		return -EINVAL;
548c2ecf20Sopenharmony_ci
558c2ecf20Sopenharmony_ci	key->e = value;
568c2ecf20Sopenharmony_ci	key->e_sz = vlen;
578c2ecf20Sopenharmony_ci
588c2ecf20Sopenharmony_ci	return 0;
598c2ecf20Sopenharmony_ci}
608c2ecf20Sopenharmony_ci
618c2ecf20Sopenharmony_ciint rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
628c2ecf20Sopenharmony_ci	      const void *value, size_t vlen)
638c2ecf20Sopenharmony_ci{
648c2ecf20Sopenharmony_ci	struct rsa_key *key = context;
658c2ecf20Sopenharmony_ci
668c2ecf20Sopenharmony_ci	/* invalid key provided */
678c2ecf20Sopenharmony_ci	if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
688c2ecf20Sopenharmony_ci		return -EINVAL;
698c2ecf20Sopenharmony_ci
708c2ecf20Sopenharmony_ci	key->d = value;
718c2ecf20Sopenharmony_ci	key->d_sz = vlen;
728c2ecf20Sopenharmony_ci
738c2ecf20Sopenharmony_ci	return 0;
748c2ecf20Sopenharmony_ci}
758c2ecf20Sopenharmony_ci
768c2ecf20Sopenharmony_ciint rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
778c2ecf20Sopenharmony_ci	      const void *value, size_t vlen)
788c2ecf20Sopenharmony_ci{
798c2ecf20Sopenharmony_ci	struct rsa_key *key = context;
808c2ecf20Sopenharmony_ci
818c2ecf20Sopenharmony_ci	/* invalid key provided */
828c2ecf20Sopenharmony_ci	if (!value || !vlen || vlen > key->n_sz)
838c2ecf20Sopenharmony_ci		return -EINVAL;
848c2ecf20Sopenharmony_ci
858c2ecf20Sopenharmony_ci	key->p = value;
868c2ecf20Sopenharmony_ci	key->p_sz = vlen;
878c2ecf20Sopenharmony_ci
888c2ecf20Sopenharmony_ci	return 0;
898c2ecf20Sopenharmony_ci}
908c2ecf20Sopenharmony_ci
918c2ecf20Sopenharmony_ciint rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
928c2ecf20Sopenharmony_ci	      const void *value, size_t vlen)
938c2ecf20Sopenharmony_ci{
948c2ecf20Sopenharmony_ci	struct rsa_key *key = context;
958c2ecf20Sopenharmony_ci
968c2ecf20Sopenharmony_ci	/* invalid key provided */
978c2ecf20Sopenharmony_ci	if (!value || !vlen || vlen > key->n_sz)
988c2ecf20Sopenharmony_ci		return -EINVAL;
998c2ecf20Sopenharmony_ci
1008c2ecf20Sopenharmony_ci	key->q = value;
1018c2ecf20Sopenharmony_ci	key->q_sz = vlen;
1028c2ecf20Sopenharmony_ci
1038c2ecf20Sopenharmony_ci	return 0;
1048c2ecf20Sopenharmony_ci}
1058c2ecf20Sopenharmony_ci
1068c2ecf20Sopenharmony_ciint rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
1078c2ecf20Sopenharmony_ci	       const void *value, size_t vlen)
1088c2ecf20Sopenharmony_ci{
1098c2ecf20Sopenharmony_ci	struct rsa_key *key = context;
1108c2ecf20Sopenharmony_ci
1118c2ecf20Sopenharmony_ci	/* invalid key provided */
1128c2ecf20Sopenharmony_ci	if (!value || !vlen || vlen > key->n_sz)
1138c2ecf20Sopenharmony_ci		return -EINVAL;
1148c2ecf20Sopenharmony_ci
1158c2ecf20Sopenharmony_ci	key->dp = value;
1168c2ecf20Sopenharmony_ci	key->dp_sz = vlen;
1178c2ecf20Sopenharmony_ci
1188c2ecf20Sopenharmony_ci	return 0;
1198c2ecf20Sopenharmony_ci}
1208c2ecf20Sopenharmony_ci
1218c2ecf20Sopenharmony_ciint rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
1228c2ecf20Sopenharmony_ci	       const void *value, size_t vlen)
1238c2ecf20Sopenharmony_ci{
1248c2ecf20Sopenharmony_ci	struct rsa_key *key = context;
1258c2ecf20Sopenharmony_ci
1268c2ecf20Sopenharmony_ci	/* invalid key provided */
1278c2ecf20Sopenharmony_ci	if (!value || !vlen || vlen > key->n_sz)
1288c2ecf20Sopenharmony_ci		return -EINVAL;
1298c2ecf20Sopenharmony_ci
1308c2ecf20Sopenharmony_ci	key->dq = value;
1318c2ecf20Sopenharmony_ci	key->dq_sz = vlen;
1328c2ecf20Sopenharmony_ci
1338c2ecf20Sopenharmony_ci	return 0;
1348c2ecf20Sopenharmony_ci}
1358c2ecf20Sopenharmony_ci
1368c2ecf20Sopenharmony_ciint rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
1378c2ecf20Sopenharmony_ci		 const void *value, size_t vlen)
1388c2ecf20Sopenharmony_ci{
1398c2ecf20Sopenharmony_ci	struct rsa_key *key = context;
1408c2ecf20Sopenharmony_ci
1418c2ecf20Sopenharmony_ci	/* invalid key provided */
1428c2ecf20Sopenharmony_ci	if (!value || !vlen || vlen > key->n_sz)
1438c2ecf20Sopenharmony_ci		return -EINVAL;
1448c2ecf20Sopenharmony_ci
1458c2ecf20Sopenharmony_ci	key->qinv = value;
1468c2ecf20Sopenharmony_ci	key->qinv_sz = vlen;
1478c2ecf20Sopenharmony_ci
1488c2ecf20Sopenharmony_ci	return 0;
1498c2ecf20Sopenharmony_ci}
1508c2ecf20Sopenharmony_ci
1518c2ecf20Sopenharmony_ci/**
1528c2ecf20Sopenharmony_ci * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
1538c2ecf20Sopenharmony_ci *                       provided struct rsa_key, pointers to the raw key as is,
1548c2ecf20Sopenharmony_ci *                       so that the caller can copy it or MPI parse it, etc.
1558c2ecf20Sopenharmony_ci *
1568c2ecf20Sopenharmony_ci * @rsa_key:	struct rsa_key key representation
1578c2ecf20Sopenharmony_ci * @key:	key in BER format
1588c2ecf20Sopenharmony_ci * @key_len:	length of key
1598c2ecf20Sopenharmony_ci *
1608c2ecf20Sopenharmony_ci * Return:	0 on success or error code in case of error
1618c2ecf20Sopenharmony_ci */
1628c2ecf20Sopenharmony_ciint rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
1638c2ecf20Sopenharmony_ci		      unsigned int key_len)
1648c2ecf20Sopenharmony_ci{
1658c2ecf20Sopenharmony_ci	return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
1668c2ecf20Sopenharmony_ci}
1678c2ecf20Sopenharmony_ciEXPORT_SYMBOL_GPL(rsa_parse_pub_key);
1688c2ecf20Sopenharmony_ci
1698c2ecf20Sopenharmony_ci/**
1708c2ecf20Sopenharmony_ci * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
1718c2ecf20Sopenharmony_ci *                        provided struct rsa_key, pointers to the raw key
1728c2ecf20Sopenharmony_ci *                        as is, so that the caller can copy it or MPI parse it,
1738c2ecf20Sopenharmony_ci *                        etc.
1748c2ecf20Sopenharmony_ci *
1758c2ecf20Sopenharmony_ci * @rsa_key:	struct rsa_key key representation
1768c2ecf20Sopenharmony_ci * @key:	key in BER format
1778c2ecf20Sopenharmony_ci * @key_len:	length of key
1788c2ecf20Sopenharmony_ci *
1798c2ecf20Sopenharmony_ci * Return:	0 on success or error code in case of error
1808c2ecf20Sopenharmony_ci */
1818c2ecf20Sopenharmony_ciint rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
1828c2ecf20Sopenharmony_ci		       unsigned int key_len)
1838c2ecf20Sopenharmony_ci{
1848c2ecf20Sopenharmony_ci	return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
1858c2ecf20Sopenharmony_ci}
1868c2ecf20Sopenharmony_ciEXPORT_SYMBOL_GPL(rsa_parse_priv_key);
187