| | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
| | 2 | /* |
| | 3 | * RSA key extract helper |
| | 4 | * |
| | 5 | * Copyright (c) 2015, Intel Corporation |
| | 6 | * Authors: Tadeusz Struk <[email protected]> |
| | 7 | */ |
| | 8 | #include <linux/kernel.h> |
| | 9 | #include <linux/export.h> |
| | 10 | #include <linux/err.h> |
| | 11 | #include <linux/fips.h> |
| | 12 | #include <crypto/internal/rsa.h> |
| | 13 | #include "rsapubkey.asn1.h" |
| | 14 | #include "rsaprivkey.asn1.h" |
| | 15 | |
| | 16 | int rsa_get_n(void *context, size_t hdrlen, unsigned char tag, |
| | 17 | const void *value, size_t vlen) |
| | 18 | { |
| | 19 | struct rsa_key *key = context; |
| | 20 | const u8 *ptr = value; |
| | 21 | size_t n_sz = vlen; |
| | 22 | |
| | 23 | /* invalid key provided */ |
| | 24 | if (!value || !vlen) |
| | 25 | return -EINVAL; |
| | 26 | |
| | 27 | if (fips_enabled) { |
| | 28 | while (n_sz && !*ptr) { |
| | 29 | ptr++; |
| | 30 | n_sz--; |
| | 31 | } |
| | 32 | |
| | 33 | /* In FIPS mode only allow key size 2K and higher */ |
| | 34 | if (n_sz < 256) { |
| | 35 | pr_err("RSA: key size not allowed in FIPS mode\n"); |
| | 36 | return -EINVAL; |
| | 37 | } |
| | 38 | } |
| | 39 | |
| | 40 | key->n = value; |
| | 41 | key->n_sz = vlen; |
| | 42 | |
| | 43 | return 0; |
| | 44 | } |
| | 45 | |
| | 46 | int rsa_get_e(void *context, size_t hdrlen, unsigned char tag, |
| | 47 | const void *value, size_t vlen) |
| | 48 | { |
| | 49 | struct rsa_key *key = context; |
| | 50 | |
| | 51 | /* invalid key provided */ |
| | 52 | if (!value || !key->n_sz || !vlen || vlen > key->n_sz) |
| | 53 | return -EINVAL; |
| | 54 | |
| | 55 | key->e = value; |
| | 56 | key->e_sz = vlen; |
| | 57 | |
| | 58 | return 0; |
| | 59 | } |
| | 60 | |
| | 61 | int rsa_get_d(void *context, size_t hdrlen, unsigned char tag, |
| | 62 | const void *value, size_t vlen) |
| | 63 | { |
| | 64 | struct rsa_key *key = context; |
| | 65 | |
| | 66 | /* invalid key provided */ |
| | 67 | if (!value || !key->n_sz || !vlen || vlen > key->n_sz) |
| | 68 | return -EINVAL; |
| | 69 | |
| | 70 | key->d = value; |
| | 71 | key->d_sz = vlen; |
| | 72 | |
| | 73 | return 0; |
| | 74 | } |
| | 75 | |
| | 76 | int rsa_get_p(void *context, size_t hdrlen, unsigned char tag, |
| | 77 | const void *value, size_t vlen) |
| | 78 | { |
| | 79 | struct rsa_key *key = context; |
| | 80 | |
| | 81 | /* invalid key provided */ |
| | 82 | if (!value || !vlen || vlen > key->n_sz) |
| | 83 | return -EINVAL; |
| | 84 | |
| | 85 | key->p = value; |
| | 86 | key->p_sz = vlen; |
| | 87 | |
| | 88 | return 0; |
| | 89 | } |
| | 90 | |
| | 91 | int rsa_get_q(void *context, size_t hdrlen, unsigned char tag, |
| | 92 | const void *value, size_t vlen) |
| | 93 | { |
| | 94 | struct rsa_key *key = context; |
| | 95 | |
| | 96 | /* invalid key provided */ |
| | 97 | if (!value || !vlen || vlen > key->n_sz) |
| | 98 | return -EINVAL; |
| | 99 | |
| | 100 | key->q = value; |
| | 101 | key->q_sz = vlen; |
| | 102 | |
| | 103 | return 0; |
| | 104 | } |
| | 105 | |
| | 106 | int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag, |
| | 107 | const void *value, size_t vlen) |
| | 108 | { |
| | 109 | struct rsa_key *key = context; |
| | 110 | |
| | 111 | /* invalid key provided */ |
| | 112 | if (!value || !vlen || vlen > key->n_sz) |
| | 113 | return -EINVAL; |
| | 114 | |
| | 115 | key->dp = value; |
| | 116 | key->dp_sz = vlen; |
| | 117 | |
| | 118 | return 0; |
| | 119 | } |
| | 120 | |
| | 121 | int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag, |
| | 122 | const void *value, size_t vlen) |
| | 123 | { |
| | 124 | struct rsa_key *key = context; |
| | 125 | |
| | 126 | /* invalid key provided */ |
| | 127 | if (!value || !vlen || vlen > key->n_sz) |
| | 128 | return -EINVAL; |
| | 129 | |
| | 130 | key->dq = value; |
| | 131 | key->dq_sz = vlen; |
| | 132 | |
| | 133 | return 0; |
| | 134 | } |
| | 135 | |
| | 136 | int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag, |
| | 137 | const void *value, size_t vlen) |
| | 138 | { |
| | 139 | struct rsa_key *key = context; |
| | 140 | |
| | 141 | /* invalid key provided */ |
| | 142 | if (!value || !vlen || vlen > key->n_sz) |
| | 143 | return -EINVAL; |
| | 144 | |
| | 145 | key->qinv = value; |
| | 146 | key->qinv_sz = vlen; |
| | 147 | |
| | 148 | return 0; |
| | 149 | } |
| | 150 | |
| | 151 | /** |
| | 152 | * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the |
| | 153 | * provided struct rsa_key, pointers to the raw key as is, |
| | 154 | * so that the caller can copy it or MPI parse it, etc. |
| | 155 | * |
| | 156 | * @rsa_key: struct rsa_key key representation |
| | 157 | * @key: key in BER format |
| | 158 | * @key_len: length of key |
| | 159 | * |
| | 160 | * Return: 0 on success or error code in case of error |
| | 161 | */ |
| | 162 | int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key, |
| | 163 | unsigned int key_len) |
| | 164 | { |
| | 165 | return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len); |
| | 166 | } |
| | 167 | EXPORT_SYMBOL_GPL(rsa_parse_pub_key); |
| | 168 | |
| | 169 | /** |
| | 170 | * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the |
| | 171 | * provided struct rsa_key, pointers to the raw key |
| | 172 | * as is, so that the caller can copy it or MPI parse it, |
| | 173 | * etc. |
| | 174 | * |
| | 175 | * @rsa_key: struct rsa_key key representation |
| | 176 | * @key: key in BER format |
| | 177 | * @key_len: length of key |
| | 178 | * |
| | 179 | * Return: 0 on success or error code in case of error |
| | 180 | */ |
| | 181 | int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key, |
| | 182 | unsigned int key_len) |
| | 183 | { |
| | 184 | return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len); |
| | 185 | } |
| | 186 | EXPORT_SYMBOL_GPL(rsa_parse_priv_key); |
projects / linux.git / blame_incremental