^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) * RSA key extract helper
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Copyright (c) 2015, Intel Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #include <linux/kernel.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #include <linux/export.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10) #include <linux/err.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/fips.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <crypto/internal/rsa.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include "rsapubkey.asn1.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include "rsaprivkey.asn1.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) struct rsa_key *key = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) const u8 *ptr = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) size_t n_sz = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) /* invalid key provided */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24) if (!value || !vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) if (fips_enabled) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) while (n_sz && !*ptr) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) ptr++;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) n_sz--;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) /* In FIPS mode only allow key size 2K and higher */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) if (n_sz < 256) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) pr_err("RSA: key size not allowed in FIPS mode\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40) key->n = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) key->n_sz = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) struct rsa_key *key = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) /* invalid key provided */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) key->e = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) key->e_sz = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) struct rsa_key *key = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) /* invalid key provided */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) key->d = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) key->d_sz = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) struct rsa_key *key = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81) /* invalid key provided */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) if (!value || !vlen || vlen > key->n_sz)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) key->p = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) key->p_sz = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94) struct rsa_key *key = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) /* invalid key provided */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) if (!value || !vlen || vlen > key->n_sz)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) key->q = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) key->q_sz = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) struct rsa_key *key = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) /* invalid key provided */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) if (!value || !vlen || vlen > key->n_sz)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) key->dp = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) key->dp_sz = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) struct rsa_key *key = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) /* invalid key provided */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) if (!value || !vlen || vlen > key->n_sz)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) key->dq = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) key->dq_sz = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) const void *value, size_t vlen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) struct rsa_key *key = context;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) /* invalid key provided */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) if (!value || !vlen || vlen > key->n_sz)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) return -EINVAL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) key->qinv = value;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) key->qinv_sz = vlen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) * provided struct rsa_key, pointers to the raw key as is,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) * so that the caller can copy it or MPI parse it, etc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) * @rsa_key: struct rsa_key key representation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) * @key: key in BER format
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) * @key_len: length of key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) * Return: 0 on success or error code in case of error
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) unsigned int key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) /**
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) * provided struct rsa_key, pointers to the raw key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) * as is, so that the caller can copy it or MPI parse it,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) * etc.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) * @rsa_key: struct rsa_key key representation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) * @key: key in BER format
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) * @key_len: length of key
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) * Return: 0 on success or error code in case of error
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) unsigned int key_len)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags