[linux.git] / crypto / rsa.c

/* RSA asymmetric public-key algorithm [RFC3447]
 *
 * Copyright (c) 2015, Intel Corporation
 * Authors: Tadeusz Struk <[email protected]>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public Licence
 * as published by the Free Software Foundation; either version
 * 2 of the Licence, or (at your option) any later version.
 */

#include <linux/module.h>
#include <crypto/internal/rsa.h>
#include <crypto/internal/akcipher.h>
#include <crypto/akcipher.h>
#include <crypto/algapi.h>

/*
 * RSAEP function [RFC3447 sec 5.1.1]
 * c = m^e mod n;
 */
static int _rsa_enc(const struct rsa_key *key, MPI c, MPI m)
{
	/* (1) Validate 0 <= m < n */
	if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
		return -EINVAL;

	/* (2) c = m^e mod n */
	return mpi_powm(c, m, key->e, key->n);
}

/*
 * RSADP function [RFC3447 sec 5.1.2]
 * m = c^d mod n;
 */
static int _rsa_dec(const struct rsa_key *key, MPI m, MPI c)
{
	/* (1) Validate 0 <= c < n */
	if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0)
		return -EINVAL;

	/* (2) m = c^d mod n */
	return mpi_powm(m, c, key->d, key->n);
}

/*
 * RSASP1 function [RFC3447 sec 5.2.1]
 * s = m^d mod n
 */
static int _rsa_sign(const struct rsa_key *key, MPI s, MPI m)
{
	/* (1) Validate 0 <= m < n */
	if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
		return -EINVAL;

	/* (2) s = m^d mod n */
	return mpi_powm(s, m, key->d, key->n);
}

/*
 * RSAVP1 function [RFC3447 sec 5.2.2]
 * m = s^e mod n;
 */
static int _rsa_verify(const struct rsa_key *key, MPI m, MPI s)
{
	/* (1) Validate 0 <= s < n */
	if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0)
		return -EINVAL;

	/* (2) m = s^e mod n */
	return mpi_powm(m, s, key->e, key->n);
}

static inline struct rsa_key *rsa_get_key(struct crypto_akcipher *tfm)
{
	return akcipher_tfm_ctx(tfm);
}

static int rsa_enc(struct akcipher_request *req)
{
	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	const struct rsa_key *pkey = rsa_get_key(tfm);
	MPI m, c = mpi_alloc(0);
	int ret = 0;
	int sign;

	if (!c)
		return -ENOMEM;

	if (unlikely(!pkey->n || !pkey->e)) {
		ret = -EINVAL;
		goto err_free_c;
	}

	ret = -ENOMEM;
	m = mpi_read_raw_from_sgl(req->src, req->src_len);
	if (!m)
		goto err_free_c;

	ret = _rsa_enc(pkey, c, m);
	if (ret)
		goto err_free_m;

	ret = mpi_write_to_sgl(c, req->dst, &req->dst_len, &sign);
	if (ret)
		goto err_free_m;

	if (sign < 0)
		ret = -EBADMSG;

err_free_m:
	mpi_free(m);
err_free_c:
	mpi_free(c);
	return ret;
}

static int rsa_dec(struct akcipher_request *req)
{
	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	const struct rsa_key *pkey = rsa_get_key(tfm);
	MPI c, m = mpi_alloc(0);
	int ret = 0;
	int sign;

	if (!m)
		return -ENOMEM;

	if (unlikely(!pkey->n || !pkey->d)) {
		ret = -EINVAL;
		goto err_free_m;
	}

	ret = -ENOMEM;
	c = mpi_read_raw_from_sgl(req->src, req->src_len);
	if (!c)
		goto err_free_m;

	ret = _rsa_dec(pkey, m, c);
	if (ret)
		goto err_free_c;

	ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
	if (ret)
		goto err_free_c;

	if (sign < 0)
		ret = -EBADMSG;
err_free_c:
	mpi_free(c);
err_free_m:
	mpi_free(m);
	return ret;
}

static int rsa_sign(struct akcipher_request *req)
{
	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	const struct rsa_key *pkey = rsa_get_key(tfm);
	MPI m, s = mpi_alloc(0);
	int ret = 0;
	int sign;

	if (!s)
		return -ENOMEM;

	if (unlikely(!pkey->n || !pkey->d)) {
		ret = -EINVAL;
		goto err_free_s;
	}

	ret = -ENOMEM;
	m = mpi_read_raw_from_sgl(req->src, req->src_len);
	if (!m)
		goto err_free_s;

	ret = _rsa_sign(pkey, s, m);
	if (ret)
		goto err_free_m;

	ret = mpi_write_to_sgl(s, req->dst, &req->dst_len, &sign);
	if (ret)
		goto err_free_m;

	if (sign < 0)
		ret = -EBADMSG;

err_free_m:
	mpi_free(m);
err_free_s:
	mpi_free(s);
	return ret;
}

static int rsa_verify(struct akcipher_request *req)
{
	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	const struct rsa_key *pkey = rsa_get_key(tfm);
	MPI s, m = mpi_alloc(0);
	int ret = 0;
	int sign;

	if (!m)
		return -ENOMEM;

	if (unlikely(!pkey->n || !pkey->e)) {
		ret = -EINVAL;
		goto err_free_m;
	}

	ret = -ENOMEM;
	s = mpi_read_raw_from_sgl(req->src, req->src_len);
	if (!s) {
		ret = -ENOMEM;
		goto err_free_m;
	}

	ret = _rsa_verify(pkey, m, s);
	if (ret)
		goto err_free_s;

	ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
	if (ret)
		goto err_free_s;

	if (sign < 0)
		ret = -EBADMSG;

err_free_s:
	mpi_free(s);
err_free_m:
	mpi_free(m);
	return ret;
}

static int rsa_check_key_length(unsigned int len)
{
	switch (len) {
	case 512:
	case 1024:
	case 1536:
	case 2048:
	case 3072:
	case 4096:
		return 0;
	}

	return -EINVAL;
}

static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
			   unsigned int keylen)
{
	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
	int ret;

	ret = rsa_parse_pub_key(pkey, key, keylen);
	if (ret)
		return ret;

	if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
		rsa_free_key(pkey);
		ret = -EINVAL;
	}
	return ret;
}

static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
			    unsigned int keylen)
{
	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
	int ret;

	ret = rsa_parse_priv_key(pkey, key, keylen);
	if (ret)
		return ret;

	if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
		rsa_free_key(pkey);
		ret = -EINVAL;
	}
	return ret;
}

static int rsa_max_size(struct crypto_akcipher *tfm)
{
	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);

	return pkey->n ? mpi_get_size(pkey->n) : -EINVAL;
}

static void rsa_exit_tfm(struct crypto_akcipher *tfm)
{
	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);

	rsa_free_key(pkey);
}

static struct akcipher_alg rsa = {
	.encrypt = rsa_enc,
	.decrypt = rsa_dec,
	.sign = rsa_sign,
	.verify = rsa_verify,
	.set_priv_key = rsa_set_priv_key,
	.set_pub_key = rsa_set_pub_key,
	.max_size = rsa_max_size,
	.exit = rsa_exit_tfm,
	.base = {
		.cra_name = "rsa",
		.cra_driver_name = "rsa-generic",
		.cra_priority = 100,
		.cra_module = THIS_MODULE,
		.cra_ctxsize = sizeof(struct rsa_key),
	},
};

static int rsa_init(void)
{
	int err;

	err = crypto_register_akcipher(&rsa);
	if (err)
		return err;

	err = crypto_register_template(&rsa_pkcs1pad_tmpl);
	if (err) {
		crypto_unregister_akcipher(&rsa);
		return err;
	}

	return 0;
}

static void rsa_exit(void)
{
	crypto_unregister_template(&rsa_pkcs1pad_tmpl);
	crypto_unregister_akcipher(&rsa);
}

module_init(rsa_init);
module_exit(rsa_exit);
MODULE_ALIAS_CRYPTO("rsa");
MODULE_LICENSE("GPL");
MODULE_DESCRIPTION("RSA generic algorithm");
Commit	Line	Data
cfc2bb32 TS	1	/* RSA asymmetric public-key algorithm [RFC3447]
	2	*
	3	* Copyright (c) 2015, Intel Corporation
	4	* Authors: Tadeusz Struk <[email protected]>
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public Licence
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the Licence, or (at your option) any later version.
	10	*/
	11
	12	#include <linux/module.h>
	13	#include <crypto/internal/rsa.h>
	14	#include <crypto/internal/akcipher.h>
	15	#include <crypto/akcipher.h>
3d5b1ecd	16	#include <crypto/algapi.h>
cfc2bb32 TS	17
	18	/*
	19	* RSAEP function [RFC3447 sec 5.1.1]
	20	* c = m^e mod n;
	21	*/
	22	static int _rsa_enc(const struct rsa_key *key, MPI c, MPI m)
	23	{
	24	/* (1) Validate 0 <= m < n */
	25	if (mpi_cmp_ui(m, 0) < 0 \|\| mpi_cmp(m, key->n) >= 0)
	26	return -EINVAL;
	27
	28	/* (2) c = m^e mod n */
	29	return mpi_powm(c, m, key->e, key->n);
	30	}
	31
	32	/*
	33	* RSADP function [RFC3447 sec 5.1.2]
	34	* m = c^d mod n;
	35	*/
	36	static int _rsa_dec(const struct rsa_key *key, MPI m, MPI c)
	37	{
	38	/* (1) Validate 0 <= c < n */
	39	if (mpi_cmp_ui(c, 0) < 0 \|\| mpi_cmp(c, key->n) >= 0)
	40	return -EINVAL;
	41
	42	/* (2) m = c^d mod n */
	43	return mpi_powm(m, c, key->d, key->n);
	44	}
	45
	46	/*
	47	* RSASP1 function [RFC3447 sec 5.2.1]
	48	* s = m^d mod n
	49	*/
	50	static int _rsa_sign(const struct rsa_key *key, MPI s, MPI m)
	51	{
	52	/* (1) Validate 0 <= m < n */
	53	if (mpi_cmp_ui(m, 0) < 0 \|\| mpi_cmp(m, key->n) >= 0)
	54	return -EINVAL;
	55
	56	/* (2) s = m^d mod n */
	57	return mpi_powm(s, m, key->d, key->n);
	58	}
	59
	60	/*
	61	* RSAVP1 function [RFC3447 sec 5.2.2]
	62	* m = s^e mod n;
	63	*/
	64	static int _rsa_verify(const struct rsa_key *key, MPI m, MPI s)
	65	{
	66	/* (1) Validate 0 <= s < n */
	67	if (mpi_cmp_ui(s, 0) < 0 \|\| mpi_cmp(s, key->n) >= 0)
	68	return -EINVAL;
	69
	70	/* (2) m = s^e mod n */
	71	return mpi_powm(m, s, key->e, key->n);
	72	}
	73
	74	static inline struct rsa_key rsa_get_key(struct crypto_akcipher tfm)
	75	{
	76	return akcipher_tfm_ctx(tfm);
	77	}
	78
	79	static int rsa_enc(struct akcipher_request *req)
	80	{
81	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
82	const struct rsa_key *pkey = rsa_get_key(tfm);
83	MPI m, c = mpi_alloc(0);
84	int ret = 0;
85	int sign;
86
87	if (!c)
88	return -ENOMEM;
89
90	if (unlikely(!pkey->n \|\| !pkey->e)) {
91	ret = -EINVAL;
92	goto err_free_c;
93	}
94
22287b0b TS	95	ret = -ENOMEM;
	96	m = mpi_read_raw_from_sgl(req->src, req->src_len);
	97	if (!m)
cfc2bb32	98	goto err_free_c;
cfc2bb32 TS	99
	100	ret = _rsa_enc(pkey, c, m);
	101	if (ret)
	102	goto err_free_m;
	103
22287b0b	104	ret = mpi_write_to_sgl(c, req->dst, &req->dst_len, &sign);
cfc2bb32 TS	105	if (ret)
	106	goto err_free_m;
	107
22287b0b	108	if (sign < 0)
cfc2bb32	109	ret = -EBADMSG;
cfc2bb32 TS	110
	111	err_free_m:
	112	mpi_free(m);
	113	err_free_c:
	114	mpi_free(c);
	115	return ret;
	116	}
	117
	118	static int rsa_dec(struct akcipher_request *req)
	119	{
	120	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	121	const struct rsa_key *pkey = rsa_get_key(tfm);
	122	MPI c, m = mpi_alloc(0);
	123	int ret = 0;
	124	int sign;
	125
	126	if (!m)
	127	return -ENOMEM;
	128
	129	if (unlikely(!pkey->n \|\| !pkey->d)) {
	130	ret = -EINVAL;
	131	goto err_free_m;
	132	}
	133
22287b0b TS	134	ret = -ENOMEM;
	135	c = mpi_read_raw_from_sgl(req->src, req->src_len);
	136	if (!c)
cfc2bb32	137	goto err_free_m;
cfc2bb32 TS	138
	139	ret = _rsa_dec(pkey, m, c);
	140	if (ret)
	141	goto err_free_c;
	142
22287b0b	143	ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
cfc2bb32 TS	144	if (ret)
	145	goto err_free_c;
	146
22287b0b	147	if (sign < 0)
cfc2bb32	148	ret = -EBADMSG;
cfc2bb32 TS	149	err_free_c:
	150	mpi_free(c);
	151	err_free_m:
	152	mpi_free(m);
	153	return ret;
	154	}
	155
	156	static int rsa_sign(struct akcipher_request *req)
	157	{
	158	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	159	const struct rsa_key *pkey = rsa_get_key(tfm);
	160	MPI m, s = mpi_alloc(0);
	161	int ret = 0;
	162	int sign;
	163
	164	if (!s)
	165	return -ENOMEM;
	166
	167	if (unlikely(!pkey->n \|\| !pkey->d)) {
	168	ret = -EINVAL;
	169	goto err_free_s;
	170	}
	171
22287b0b TS	172	ret = -ENOMEM;
	173	m = mpi_read_raw_from_sgl(req->src, req->src_len);
	174	if (!m)
cfc2bb32	175	goto err_free_s;
cfc2bb32 TS	176
	177	ret = _rsa_sign(pkey, s, m);
	178	if (ret)
	179	goto err_free_m;
	180
22287b0b	181	ret = mpi_write_to_sgl(s, req->dst, &req->dst_len, &sign);
cfc2bb32 TS	182	if (ret)
	183	goto err_free_m;
	184
22287b0b	185	if (sign < 0)
cfc2bb32	186	ret = -EBADMSG;
cfc2bb32 TS	187
	188	err_free_m:
	189	mpi_free(m);
	190	err_free_s:
	191	mpi_free(s);
	192	return ret;
	193	}
	194
	195	static int rsa_verify(struct akcipher_request *req)
	196	{
	197	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	198	const struct rsa_key *pkey = rsa_get_key(tfm);
	199	MPI s, m = mpi_alloc(0);
	200	int ret = 0;
	201	int sign;
	202
	203	if (!m)
	204	return -ENOMEM;
	205
	206	if (unlikely(!pkey->n \|\| !pkey->e)) {
	207	ret = -EINVAL;
	208	goto err_free_m;
	209	}
	210
22287b0b TS	211	ret = -ENOMEM;
22287b0b TS	212	s = mpi_read_raw_from_sgl(req->src, req->src_len);
cfc2bb32 TS	213	if (!s) {
	214	ret = -ENOMEM;
	215	goto err_free_m;
	216	}
	217
	218	ret = _rsa_verify(pkey, m, s);
	219	if (ret)
	220	goto err_free_s;
	221
22287b0b	222	ret = mpi_write_to_sgl(m, req->dst, &req->dst_len, &sign);
cfc2bb32 TS	223	if (ret)
	224	goto err_free_s;
	225
22287b0b	226	if (sign < 0)
cfc2bb32	227	ret = -EBADMSG;
cfc2bb32 TS	228
	229	err_free_s:
	230	mpi_free(s);
	231	err_free_m:
	232	mpi_free(m);
	233	return ret;
	234	}
	235
6e8ec66c TS	236	static int rsa_check_key_length(unsigned int len)
	237	{
	238	switch (len) {
	239	case 512:
	240	case 1024:
	241	case 1536:
	242	case 2048:
	243	case 3072:
	244	case 4096:
	245	return 0;
	246	}
	247
	248	return -EINVAL;
	249	}
	250
22287b0b TS	251	static int rsa_set_pub_key(struct crypto_akcipher tfm, const void key,
22287b0b TS	252	unsigned int keylen)
cfc2bb32 TS	253	{
cfc2bb32 TS	254	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
6e8ec66c	255	int ret;
cfc2bb32	256
22287b0b	257	ret = rsa_parse_pub_key(pkey, key, keylen);
6e8ec66c TS	258	if (ret)
	259	return ret;
	260
	261	if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
	262	rsa_free_key(pkey);
	263	ret = -EINVAL;
	264	}
	265	return ret;
cfc2bb32 TS	266	}
cfc2bb32 TS	267
22287b0b TS	268	static int rsa_set_priv_key(struct crypto_akcipher tfm, const void key,
	269	unsigned int keylen)
	270	{
	271	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
	272	int ret;
	273
	274	ret = rsa_parse_priv_key(pkey, key, keylen);
	275	if (ret)
	276	return ret;
	277
	278	if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) {
	279	rsa_free_key(pkey);
	280	ret = -EINVAL;
	281	}
	282	return ret;
	283	}
	284
	285	static int rsa_max_size(struct crypto_akcipher *tfm)
	286	{
	287	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
	288
	289	return pkey->n ? mpi_get_size(pkey->n) : -EINVAL;
	290	}
	291
cfc2bb32 TS	292	static void rsa_exit_tfm(struct crypto_akcipher *tfm)
	293	{
	294	struct rsa_key *pkey = akcipher_tfm_ctx(tfm);
	295
	296	rsa_free_key(pkey);
	297	}
	298
	299	static struct akcipher_alg rsa = {
	300	.encrypt = rsa_enc,
	301	.decrypt = rsa_dec,
	302	.sign = rsa_sign,
	303	.verify = rsa_verify,
22287b0b TS	304	.set_priv_key = rsa_set_priv_key,
	305	.set_pub_key = rsa_set_pub_key,
	306	.max_size = rsa_max_size,
cfc2bb32 TS	307	.exit = rsa_exit_tfm,
	308	.base = {
	309	.cra_name = "rsa",
	310	.cra_driver_name = "rsa-generic",
	311	.cra_priority = 100,
	312	.cra_module = THIS_MODULE,
	313	.cra_ctxsize = sizeof(struct rsa_key),
	314	},
	315	};
	316
	317	static int rsa_init(void)
	318	{
3d5b1ecd AZ	319	int err;
	320
	321	err = crypto_register_akcipher(&rsa);
	322	if (err)
	323	return err;
	324
	325	err = crypto_register_template(&rsa_pkcs1pad_tmpl);
	326	if (err) {
	327	crypto_unregister_akcipher(&rsa);
	328	return err;
	329	}
	330
	331	return 0;
cfc2bb32 TS	332	}
	333
	334	static void rsa_exit(void)
	335	{
3d5b1ecd	336	crypto_unregister_template(&rsa_pkcs1pad_tmpl);
cfc2bb32 TS	337	crypto_unregister_akcipher(&rsa);
	338	}
	339
	340	module_init(rsa_init);
	341	module_exit(rsa_exit);
	342	MODULE_ALIAS_CRYPTO("rsa");
	343	MODULE_LICENSE("GPL");
	344	MODULE_DESCRIPTION("RSA generic algorithm");