Add ASN.1 files and parser to support parsing PKCS #8 noncompressed private key information. It's better than direct parsing pure private key because PKCS #8 has a privateKeyAlgorithm to indicate the algorithm of private key, e.g. RSA from PKCS #1 Reviewed-by: Jiri Kosina <jkosina@xxxxxxx> Signed-off-by: Lee, Chun-Yi <jlee@xxxxxxxx> --- crypto/asymmetric_keys/Kconfig | 11 ++ crypto/asymmetric_keys/Makefile | 16 +++ crypto/asymmetric_keys/pkcs8.asn1 | 19 ++++ crypto/asymmetric_keys/pkcs8_info_parser.c | 152 ++++++++++++++++++++++++++++ crypto/asymmetric_keys/pkcs8_parser.h | 23 ++++ crypto/asymmetric_keys/pkcs8_private_key.c | 148 +++++++++++++++++++++++++++ crypto/asymmetric_keys/pkcs8_rsakey.asn1 | 29 ++++++ crypto/asymmetric_keys/public_key.c | 1 + include/crypto/public_key.h | 1 + 9 files changed, 400 insertions(+), 0 deletions(-) create mode 100644 crypto/asymmetric_keys/pkcs8.asn1 create mode 100644 crypto/asymmetric_keys/pkcs8_info_parser.c create mode 100644 crypto/asymmetric_keys/pkcs8_parser.h create mode 100644 crypto/asymmetric_keys/pkcs8_private_key.c create mode 100644 crypto/asymmetric_keys/pkcs8_rsakey.asn1 diff --git a/crypto/asymmetric_keys/Kconfig b/crypto/asymmetric_keys/Kconfig index 6d2c2ea..c0ebd57 100644 --- a/crypto/asymmetric_keys/Kconfig +++ b/crypto/asymmetric_keys/Kconfig @@ -35,4 +35,15 @@ config X509_CERTIFICATE_PARSER data and provides the ability to instantiate a crypto key from a public key packet found inside the certificate. +config PKCS8_PRIVATE_KEY_INFO_PARSER + tristate "PKCS #8 private key info parser" + depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE + select ASN1 + select OID_REGISTRY + select CRYPTO_SHA256 + help + This option provides support for parsing PKCS #8 RSA private key info + format blobs for key data and provides the ability to instantiate a + crypto key from a private key packet. + endif # ASYMMETRIC_KEY_TYPE diff --git a/crypto/asymmetric_keys/Makefile b/crypto/asymmetric_keys/Makefile index 0727204..65fbc45 100644 --- a/crypto/asymmetric_keys/Makefile +++ b/crypto/asymmetric_keys/Makefile @@ -23,5 +23,21 @@ $(obj)/x509_cert_parser.o: $(obj)/x509-asn1.h $(obj)/x509_rsakey-asn1.h $(obj)/x509-asn1.o: $(obj)/x509-asn1.c $(obj)/x509-asn1.h $(obj)/x509_rsakey-asn1.o: $(obj)/x509_rsakey-asn1.c $(obj)/x509_rsakey-asn1.h +# +# PKCS8 Private Key handling +# +obj-$(CONFIG_PKCS8_PRIVATE_KEY_INFO_PARSER) += pkcs8_key_parser.o +pkcs8_key_parser-y := \ + pkcs8-asn1.o \ + pkcs8_rsakey-asn1.o \ + pkcs8_info_parser.o \ + pkcs8_private_key.o + +$(obj)/pkcs8_info_parser.o: $(obj)/pkcs8-asn1.c $(obj)/pkcs8_rsakey-asn1.h +$(obj)/pkcs8-asn1.o: $(obj)/pkcs8-asn1.c $(obj)/pkcs8-asn1.h +$(obj)/pkcs8_rsakey-asn1.o: $(obj)/pkcs8_rsakey-asn1.c $(obj)/pkcs8_rsakey-asn1.h + clean-files += x509-asn1.c x509-asn1.h clean-files += x509_rsakey-asn1.c x509_rsakey-asn1.h +clean-files += pkcs8-asn1.c pkcs8-asn1.h +clean-files += pkcs8_rsakey-asn1.c pkcs8_rsakey-asn1.h diff --git a/crypto/asymmetric_keys/pkcs8.asn1 b/crypto/asymmetric_keys/pkcs8.asn1 new file mode 100644 index 0000000..89e845d --- /dev/null +++ b/crypto/asymmetric_keys/pkcs8.asn1 @@ -0,0 +1,19 @@ +-- +-- Representation of RSA PKCS#8 private key information. +-- + +PrivateKeyInfo ::= SEQUENCE { + version Version, + privateKeyAlgorithm AlgorithmIdentifier, + privateKey OCTET STRING ({ pkcs8_extract_key_data }) + -- Does not support attributes + -- attributes [ 0 ] Attributes OPTIONAL + } + +-- Version ::= INTEGER { two-prime(0), multi(1) } +Version ::= INTEGER + +AlgorithmIdentifier ::= SEQUENCE { + algorithm OBJECT IDENTIFIER ({ pkcs8_note_OID }), + parameters ANY OPTIONAL + } diff --git a/crypto/asymmetric_keys/pkcs8_info_parser.c b/crypto/asymmetric_keys/pkcs8_info_parser.c new file mode 100644 index 0000000..2da19b9 --- /dev/null +++ b/crypto/asymmetric_keys/pkcs8_info_parser.c @@ -0,0 +1,152 @@ +/* X.509 certificate parser + * + * Copyright (C) 2013 SUSE Linux Products GmbH. All rights reserved. + * Written by Lee, Chun-Yi (jlee@xxxxxxxx) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#define pr_fmt(fmt) "PKCS8: "fmt +#include <linux/kernel.h> +#include <linux/slab.h> +#include <linux/err.h> +#include <linux/oid_registry.h> +#include "public_key.h" +#include "pkcs8_parser.h" +#include "pkcs8-asn1.h" +#include "pkcs8_rsakey-asn1.h" + +struct pkcs8_parse_context { + struct pkcs8_info *info; /* Certificate being constructed */ + unsigned long data; /* Start of data */ + const void *key; /* Key data */ + size_t key_size; /* Size of key data */ + enum OID algo_oid; /* Algorithm OID */ + unsigned char nr_mpi; /* Number of MPIs stored */ +}; + +/* + * Free an PKCS #8 private key info + */ +void pkcs8_free_info(struct pkcs8_info *info) +{ + if (info) { + public_key_destroy(info->priv); + kfree(info); + } +} + +/* + * Parse an PKCS #8 Private Key Info + */ +struct pkcs8_info *pkcs8_info_parse(const void *data, size_t datalen) +{ + struct pkcs8_info *info; + struct pkcs8_parse_context *ctx; + long ret; + + ret = -ENOMEM; + info = kzalloc(sizeof(struct pkcs8_info), GFP_KERNEL); + if (!info) + goto error_no_info; + info->priv = kzalloc(sizeof(struct private_key), GFP_KERNEL); + if (!info->priv) + goto error_no_ctx; + ctx = kzalloc(sizeof(struct pkcs8_parse_context), GFP_KERNEL); + if (!ctx) + goto error_no_ctx; + + ctx->info = info; + ctx->data = (unsigned long)data; + + /* Attempt to decode the private key info */ + ret = asn1_ber_decoder(&pkcs8_decoder, ctx, data, datalen); + if (ret < 0) + goto error_decode; + + /* Decode the private key */ + ret = asn1_ber_decoder(&pkcs8_rsakey_decoder, ctx, + ctx->key, ctx->key_size); + if (ret < 0) + goto error_decode; + + kfree(ctx); + return info; + +error_decode: + kfree(ctx); +error_no_ctx: + pkcs8_free_info(info); +error_no_info: + return ERR_PTR(ret); +} + +/* + * Note an OID when we find one for later processing when we know how + * to interpret it. + */ +int pkcs8_note_OID(void *context, size_t hdrlen, + unsigned char tag, + const void *value, size_t vlen) +{ + struct pkcs8_parse_context *ctx = context; + + ctx->algo_oid = look_up_OID(value, vlen); + if (ctx->algo_oid == OID__NR) { + char buffer[50]; + sprint_oid(value, vlen, buffer, sizeof(buffer)); + pr_debug("Unknown OID: [%lu] %s\n", + (unsigned long)value - ctx->data, buffer); + } + return 0; +} + +/* + * Extract the data for the private key algorithm + */ +int pkcs8_extract_key_data(void *context, size_t hdrlen, + unsigned char tag, + const void *value, size_t vlen) +{ + struct pkcs8_parse_context *ctx = context; + + if (ctx->algo_oid != OID_rsaEncryption) + return -ENOPKG; + + ctx->info->privkey_algo = PKEY_ALGO_RSA; + ctx->key = value; + ctx->key_size = vlen; + return 0; +} + +/* + * Extract a RSA private key value + */ +int rsa_priv_extract_mpi(void *context, size_t hdrlen, + unsigned char tag, + const void *value, size_t vlen) +{ + struct pkcs8_parse_context *ctx = context; + MPI mpi; + + if (ctx->nr_mpi >= ARRAY_SIZE(ctx->info->priv->mpi)) { + /* does not grab exponent1, exponent2 and coefficient */ + if (ctx->nr_mpi > 8) { + pr_err("Too many public key MPIs in pkcs1 private key\n"); + return -EBADMSG; + } else { + ctx->nr_mpi++; + return 0; + } + } + + mpi = mpi_read_raw_data(value, vlen); + if (!mpi) + return -ENOMEM; + + ctx->info->priv->mpi[ctx->nr_mpi++] = mpi; + return 0; +} diff --git a/crypto/asymmetric_keys/pkcs8_parser.h b/crypto/asymmetric_keys/pkcs8_parser.h new file mode 100644 index 0000000..7f5d801 --- /dev/null +++ b/crypto/asymmetric_keys/pkcs8_parser.h @@ -0,0 +1,23 @@ +/* PKCS #8 parser internal definitions + * + * Copyright (C) 2013 SUSE Linux Products GmbH. All rights reserved. + * Written by Lee, Chun-Yi (jlee@xxxxxxxx) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#include <crypto/public_key.h> + +struct pkcs8_info { + enum pkey_algo privkey_algo:8; /* Private key algorithm */ + struct private_key *priv; /* Private key */ +}; + +/* + * pkcs8_parser.c + */ +extern void pkcs8_free_info(struct pkcs8_info *info); +extern struct pkcs8_info *pkcs8_info_parse(const void *data, size_t datalen); diff --git a/crypto/asymmetric_keys/pkcs8_private_key.c b/crypto/asymmetric_keys/pkcs8_private_key.c new file mode 100644 index 0000000..cf2545b --- /dev/null +++ b/crypto/asymmetric_keys/pkcs8_private_key.c @@ -0,0 +1,148 @@ +/* Instantiate a private key crypto key + * + * Copyright (C) 2013 SUSE Linux Products GmbH. All rights reserved. + * Written by Chun-Yi Lee (jlee@xxxxxxxx) + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public Licence + * as published by the Free Software Foundation; either version + * 2 of the Licence, or (at your option) any later version. + */ + +#define pr_fmt(fmt) "PKCS8: "fmt +#include <linux/module.h> +#include <linux/slab.h> +#include <keys/asymmetric-subtype.h> +#include <keys/asymmetric-parser.h> +#include <crypto/hash.h> +#include "private_key.h" +#include "pkcs8-asn1.h" +#include "pkcs8_parser.h" + +#define KEY_PREFIX "Private Key: " +#define FINGERPRINT_HASH "sha256" + +static const +struct private_key_algorithm *pkcs8_private_key_algorithms[PKEY_ALGO__LAST] = { + [PKEY_ALGO_DSA] = NULL, +#if defined(CONFIG_PUBLIC_KEY_ALGO_RSA) || \ + defined(CONFIG_PUBLIC_KEY_ALGO_RSA_MODULE) + [PKEY_ALGO_RSA] = &RSA_private_key_algorithm, +#endif +}; + +/* + * Attempt to parse a data blob for a private key. + */ +static int pkcs8_key_preparse(struct key_preparsed_payload *prep) +{ + struct pkcs8_info *info; + struct crypto_shash *tfm; + struct shash_desc *desc; + u8 *digest; + size_t digest_size, desc_size; + char *fingerprint, *description; + int i, ret; + + pr_info("pkcs8_key_preparse start\n"); + + info = pkcs8_info_parse(prep->data, prep->datalen); + if (IS_ERR(info)) + return PTR_ERR(info); + + info->priv->algo = pkcs8_private_key_algorithms[info->privkey_algo]; + info->priv->id_type = PKEY_ID_PKCS8; + + /* Hash the pkcs #8 blob to generate fingerprint */ + tfm = crypto_alloc_shash(FINGERPRINT_HASH, 0, 0); + if (IS_ERR(tfm)) { + ret = PTR_ERR(tfm); + goto error_shash; + } + desc_size = crypto_shash_descsize(tfm) + sizeof(*desc); + digest_size = crypto_shash_digestsize(tfm); + + ret = -ENOMEM; + + digest = kzalloc(digest_size + desc_size, GFP_KERNEL); + if (!digest) + goto error_digest; + desc = (void *) digest + digest_size; + desc->tfm = tfm; + desc->flags = CRYPTO_TFM_REQ_MAY_SLEEP; + + ret = crypto_shash_init(desc); + if (ret < 0) + goto error_shash_init; + ret = crypto_shash_finup(desc, prep->data, prep->datalen, digest); + if (ret < 0) + goto error_shash_finup; + + fingerprint = kzalloc(digest_size * 2 + 1, GFP_KERNEL); + if (!fingerprint) + goto error_fingerprint; + for (i = 0; i < digest_size; i++) + sprintf(fingerprint + i * 2, "%02x", digest[i]); + + /* Propose a description */ + description = kzalloc(strlen(KEY_PREFIX) + strlen(fingerprint) + 1, GFP_KERNEL); + if (!description) + goto error_description; + sprintf(description, "%s", KEY_PREFIX); + memcpy(description + strlen(KEY_PREFIX), fingerprint, strlen(fingerprint)); + + /* We're pinning the module by being linked against it */ + __module_get(private_key_subtype.owner); + prep->type_data[0] = &private_key_subtype; + prep->type_data[1] = fingerprint; + prep->payload = info->priv; + prep->description = description; + + /* size of 4096 bits private key file is 2.3K */ + prep->quotalen = 700; + + pr_info("pkcs8_key_preparse done\n"); + + /* We've finished with the information */ + kfree(digest); + crypto_free_shash(tfm); + info->priv = NULL; + pkcs8_free_info(info); + + return 0; + +error_description: + kfree(fingerprint); +error_fingerprint: +error_shash_finup: +error_shash_init: + kfree(digest); +error_digest: + crypto_free_shash(tfm); +error_shash: + info->priv = NULL; + pkcs8_free_info(info); + return ret; +} + +static struct asymmetric_key_parser pkcs8_private_key_parser = { + .owner = THIS_MODULE, + .name = "pkcs8", + .parse = pkcs8_key_preparse, +}; + +/* + * Module stuff + */ +static int __init pkcs8_private_key_init(void) +{ + return register_asymmetric_key_parser(&pkcs8_private_key_parser); +} + +static void __exit pkcs8_private_key_exit(void) +{ + unregister_asymmetric_key_parser(&pkcs8_private_key_parser); +} + +module_init(pkcs8_private_key_init); +module_exit(pkcs8_private_key_exit); diff --git a/crypto/asymmetric_keys/pkcs8_rsakey.asn1 b/crypto/asymmetric_keys/pkcs8_rsakey.asn1 new file mode 100644 index 0000000..d997c5e --- /dev/null +++ b/crypto/asymmetric_keys/pkcs8_rsakey.asn1 @@ -0,0 +1,29 @@ +-- +-- Representation of RSA private key with information. +-- + +RSAPrivateKey ::= SEQUENCE { + version Version, + modulus INTEGER ({ rsa_priv_extract_mpi }), -- n + publicExponent INTEGER ({ rsa_priv_extract_mpi }), -- e + privateExponent INTEGER ({ rsa_priv_extract_mpi }), -- d + prime1 INTEGER ({ rsa_priv_extract_mpi }), -- p + prime2 INTEGER ({ rsa_priv_extract_mpi }), -- q + exponent1 INTEGER ({ rsa_priv_extract_mpi }), -- d mod (p-1) + exponent2 INTEGER ({ rsa_priv_extract_mpi }), -- d mod (q-1) + coefficient INTEGER ({ rsa_priv_extract_mpi }) -- (inverse of q) mod p + -- Doesn't support multi-prime + -- otherPrimeInfos [ 0 ] OtherPrimeInfos OPTIONAL + } + +-- Version ::= INTEGER { two-prime(0), multi(1) } +Version ::= INTEGER + +-- OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo +OtherPrimeInfos ::= SEQUENCE OF OtherPrimeInfo + +OtherPrimeInfo ::= SEQUENCE { + prime INTEGER, -- ri + exponent INTEGER, -- di + coefficient INTEGER -- ti +} diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 97ff932..1636c4c 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -44,6 +44,7 @@ EXPORT_SYMBOL_GPL(pkey_hash_algo); const char *const pkey_id_type[PKEY_ID_TYPE__LAST] = { [PKEY_ID_PGP] = "PGP", [PKEY_ID_X509] = "X509", + [PKEY_ID_PKCS8] = "PKCS8", }; EXPORT_SYMBOL_GPL(pkey_id_type); diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 1cdf457..e51f294 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -41,6 +41,7 @@ extern const char *const pkey_hash_algo[PKEY_HASH__LAST]; enum pkey_id_type { PKEY_ID_PGP, /* OpenPGP generated key ID */ PKEY_ID_X509, /* X.509 arbitrary subjectKeyIdentifier */ + PKEY_ID_PKCS8, /* PKCS #8 Private Key */ PKEY_ID_TYPE__LAST }; -- 1.6.4.2 -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html