Am Mittwoch, 9. September 2015, 09:15:32 schrieb Tadeusz Struk: Hi Tadeusz, >Rsa updates to reflect the API changes. > >Signed-off-by: Tadeusz Struk <tadeusz.struk@xxxxxxxxx> >--- > crypto/Makefile | 12 ++- > crypto/rsa.c | 188 >++++++++++++++++++++++++++++++++++------- crypto/rsa_helper.c | >42 ++++++++- > crypto/rsakey.asn1 | 5 - > crypto/rsaprivkey.asn1 | 11 ++ > crypto/rsapubkey.asn1 | 4 + > include/crypto/internal/rsa.h | 7 +- > 7 files changed, 220 insertions(+), 49 deletions(-) > delete mode 100644 crypto/rsakey.asn1 > create mode 100644 crypto/rsaprivkey.asn1 > create mode 100644 crypto/rsapubkey.asn1 > >diff --git a/crypto/Makefile b/crypto/Makefile >index 65e91da..d897e0b 100644 >--- a/crypto/Makefile >+++ b/crypto/Makefile >@@ -31,8 +31,16 @@ obj-$(CONFIG_CRYPTO_HASH2) += crypto_hash.o > obj-$(CONFIG_CRYPTO_PCOMP2) += pcompress.o > obj-$(CONFIG_CRYPTO_AKCIPHER2) += akcipher.o > >-$(obj)/rsakey-asn1.o: $(obj)/rsakey-asn1.c $(obj)/rsakey-asn1.h >-clean-files += rsakey-asn1.c rsakey-asn1.h >+$(obj)/rsapubkey-asn1.o: $(obj)/rsapubkey-asn1.c $(obj)/rsapubkey-asn1.h >+$(obj)/rsaprivkey-asn1.o: $(obj)/rsaprivkey-asn1.c $(obj)/rsaprivkey-asn1.h >+clean-files += rsapubkey-asn1.c rsapubkey-asn1.h >+clean-files += rsaprivkey-asn1.c rsaprivkey-asn1.h >+ >+rsa_generic-y := rsapubkey-asn1.o >+rsa_generic-y += rsaprivkey-asn1.o >+rsa_generic-y += rsa.o >+rsa_generic-y += rsa_helper.o >+obj-$(CONFIG_CRYPTO_RSA) += rsa_generic.o > > cryptomgr-y := algboss.o testmgr.o > >diff --git a/crypto/rsa.c b/crypto/rsa.c >index 93feae2..f5b956c 100644 >--- a/crypto/rsa.c >+++ b/crypto/rsa.c >@@ -13,6 +13,7 @@ > #include <crypto/internal/rsa.h> > #include <crypto/internal/akcipher.h> > #include <crypto/akcipher.h> >+#include <crypto/scatterwalk.h> > > /* > * RSAEP function [RFC3447 sec 5.1.1] >@@ -80,34 +81,57 @@ static int rsa_enc(struct akcipher_request *req) > struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); > const struct rsa_key *pkey = rsa_get_key(tfm); > MPI m, c = mpi_alloc(0); >+ int src_len = sg_len(req->src), dst_len = sg_len(req->dst); unsigned int? > int ret = 0; > int sign; > > if (!c) > return -ENOMEM; > >- if (unlikely(!pkey->n || !pkey->e)) { >+ if (unlikely(!pkey->n || !pkey->e || !src_len)) { > ret = -EINVAL; > goto err_free_c; > } > >- if (req->dst_len < mpi_get_size(pkey->n)) { >- req->dst_len = mpi_get_size(pkey->n); >+ if (dst_len < mpi_get_size(pkey->n)) { >+ req->out_len = mpi_get_size(pkey->n); > ret = -EOVERFLOW; > goto err_free_c; > } > >- m = mpi_read_raw_data(req->src, req->src_len); >- if (!m) { >- ret = -ENOMEM; >- goto err_free_c; >+ ret = -ENOMEM; >+ if (sg_is_last(req->src)) { >+ m = mpi_read_raw_data(sg_virt(req->src), src_len); >+ } else { >+ void *ptr = kmalloc(src_len, GFP_KERNEL); >+ >+ if (!ptr) >+ goto err_free_c; >+ >+ scatterwalk_map_and_copy(ptr, req->src, 0, src_len, 0); >+ m = mpi_read_raw_data(ptr, src_len); >+ kfree(ptr); > } >+ if (!m) >+ goto err_free_c; > > ret = _rsa_enc(pkey, c, m); > if (ret) > goto err_free_m; > >- ret = mpi_read_buffer(c, req->dst, req->dst_len, &req->dst_len, &sign); >+ if (sg_is_last(req->dst)) { >+ ret = mpi_read_buffer(c, sg_virt(req->dst), dst_len, >+ &req->out_len, &sign); >+ } else { >+ void *ptr = kmalloc(dst_len, GFP_KERNEL); >+ >+ if (!ptr) >+ goto err_free_m; >+ >+ ret = mpi_read_buffer(c, ptr, dst_len, &req->out_len, &sign); >+ scatterwalk_map_and_copy(ptr, req->dst, 0, dst_len, 1); >+ kfree(ptr); Just a question: this code is present 4 times, can that be put into a separate inline? >+ } > if (ret) > goto err_free_m; > >@@ -128,34 +152,57 @@ static int rsa_dec(struct akcipher_request *req) > struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); > const struct rsa_key *pkey = rsa_get_key(tfm); > MPI c, m = mpi_alloc(0); >+ int src_len = sg_len(req->src), dst_len = sg_len(req->dst); unsigned int? > int ret = 0; > int sign; > > if (!m) > return -ENOMEM; > >- if (unlikely(!pkey->n || !pkey->d)) { >+ if (unlikely(!pkey->n || !pkey->d || !src_len)) { > ret = -EINVAL; > goto err_free_m; > } > >- if (req->dst_len < mpi_get_size(pkey->n)) { >- req->dst_len = mpi_get_size(pkey->n); >+ if (dst_len < mpi_get_size(pkey->n)) { >+ req->out_len = mpi_get_size(pkey->n); > ret = -EOVERFLOW; > goto err_free_m; > } > >- c = mpi_read_raw_data(req->src, req->src_len); >- if (!c) { >- ret = -ENOMEM; >- goto err_free_m; >+ ret = -ENOMEM; >+ if (sg_is_last(req->src)) { >+ c = mpi_read_raw_data(sg_virt(req->src), src_len); >+ } else { >+ void *ptr = kmalloc(src_len, GFP_KERNEL); >+ >+ if (!ptr) >+ goto err_free_m; >+ >+ scatterwalk_map_and_copy(ptr, req->src, 0, src_len, 0); >+ c = mpi_read_raw_data(ptr, src_len); >+ kfree(ptr); > } >+ if (!c) >+ goto err_free_m; > > ret = _rsa_dec(pkey, m, c); > if (ret) > goto err_free_c; > >- ret = mpi_read_buffer(m, req->dst, req->dst_len, &req->dst_len, &sign); >+ if (sg_is_last(req->dst)) { >+ ret = mpi_read_buffer(m, sg_virt(req->dst), dst_len, >+ &req->out_len, &sign); >+ } else { >+ void *ptr = kmalloc(dst_len, GFP_KERNEL); >+ >+ if (!ptr) >+ goto err_free_c; >+ >+ ret = mpi_read_buffer(m, ptr, dst_len, &req->out_len, &sign); >+ scatterwalk_map_and_copy(ptr, req->dst, 0, dst_len, 1); >+ kfree(ptr); >+ } > if (ret) > goto err_free_c; > >@@ -176,34 +223,58 @@ static int rsa_sign(struct akcipher_request *req) > struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); > const struct rsa_key *pkey = rsa_get_key(tfm); > MPI m, s = mpi_alloc(0); >+ int src_len = sg_len(req->src), dst_len = sg_len(req->dst); unsigned int? > int ret = 0; > int sign; > > if (!s) > return -ENOMEM; > >- if (unlikely(!pkey->n || !pkey->d)) { >+ if (unlikely(!pkey->n || !pkey->d || !src_len)) { > ret = -EINVAL; > goto err_free_s; > } > >- if (req->dst_len < mpi_get_size(pkey->n)) { >- req->dst_len = mpi_get_size(pkey->n); >+ if (dst_len < mpi_get_size(pkey->n)) { >+ req->out_len = mpi_get_size(pkey->n); > ret = -EOVERFLOW; > goto err_free_s; > } > >- m = mpi_read_raw_data(req->src, req->src_len); >- if (!m) { >- ret = -ENOMEM; >- goto err_free_s; >+ ret = -ENOMEM; >+ if (sg_is_last(req->src)) { >+ m = mpi_read_raw_data(sg_virt(req->src), src_len); >+ } else { >+ void *ptr = kmalloc(src_len, GFP_KERNEL); >+ >+ if (!ptr) >+ goto err_free_s; >+ >+ scatterwalk_map_and_copy(ptr, req->src, 0, src_len, 0); >+ m = mpi_read_raw_data(ptr, src_len); >+ kfree(ptr); >+ > } >+ if (!m) >+ goto err_free_s; > > ret = _rsa_sign(pkey, s, m); > if (ret) > goto err_free_m; > >- ret = mpi_read_buffer(s, req->dst, req->dst_len, &req->dst_len, &sign); >+ if (sg_is_last(req->dst)) { >+ ret = mpi_read_buffer(s, sg_virt(req->dst), dst_len, >+ &req->out_len, &sign); >+ } else { >+ void *ptr = kmalloc(dst_len, GFP_KERNEL); >+ >+ if (!ptr) >+ goto err_free_m; >+ >+ ret = mpi_read_buffer(s, ptr, dst_len, &req->out_len, &sign); >+ scatterwalk_map_and_copy(ptr, req->dst, 0, dst_len, 1); >+ kfree(ptr); >+ } > if (ret) > goto err_free_m; > >@@ -224,24 +295,37 @@ static int rsa_verify(struct akcipher_request *req) > struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req); > const struct rsa_key *pkey = rsa_get_key(tfm); > MPI s, m = mpi_alloc(0); >+ int src_len = sg_len(req->src), dst_len = sg_len(req->dst); unsigned int? > int ret = 0; > int sign; > > if (!m) > return -ENOMEM; > >- if (unlikely(!pkey->n || !pkey->e)) { >+ if (unlikely(!pkey->n || !pkey->e || !src_len)) { > ret = -EINVAL; > goto err_free_m; > } > >- if (req->dst_len < mpi_get_size(pkey->n)) { >- req->dst_len = mpi_get_size(pkey->n); >+ if (dst_len < mpi_get_size(pkey->n)) { >+ req->out_len = mpi_get_size(pkey->n); > ret = -EOVERFLOW; > goto err_free_m; > } > >- s = mpi_read_raw_data(req->src, req->src_len); >+ ret = -ENOMEM; >+ if (sg_is_last(req->src)) { >+ s = mpi_read_raw_data(sg_virt(req->src), src_len); >+ } else { >+ void *ptr = kmalloc(src_len, GFP_KERNEL); >+ >+ if (!ptr) >+ goto err_free_m; >+ >+ scatterwalk_map_and_copy(ptr, req->src, 0, src_len, 0); >+ s = mpi_read_raw_data(ptr, src_len); >+ kfree(ptr); >+ } > if (!s) { > ret = -ENOMEM; > goto err_free_m; >@@ -251,7 +335,19 @@ static int rsa_verify(struct akcipher_request *req) > if (ret) > goto err_free_s; > >- ret = mpi_read_buffer(m, req->dst, req->dst_len, &req->dst_len, &sign); >+ if (sg_is_last(req->dst)) { >+ ret = mpi_read_buffer(m, sg_virt(req->dst), dst_len, >+ &req->out_len, &sign); >+ } else { >+ void *ptr = kmalloc(dst_len, GFP_KERNEL); >+ >+ if (!ptr) >+ goto err_free_s; >+ >+ ret = mpi_read_buffer(m, ptr, dst_len, &req->out_len, &sign); >+ scatterwalk_map_and_copy(ptr, req->dst, 0, dst_len, 1); >+ kfree(ptr); >+ } > if (ret) > goto err_free_s; > >@@ -282,13 +378,30 @@ static int rsa_check_key_length(unsigned int len) > return -EINVAL; > } > >-static int rsa_setkey(struct crypto_akcipher *tfm, const void *key, >- unsigned int keylen) >+static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, >+ unsigned int keylen) >+{ >+ struct rsa_key *pkey = akcipher_tfm_ctx(tfm); >+ int ret; >+ >+ ret = rsa_parse_pub_key(pkey, key, keylen); >+ if (ret) >+ return ret; >+ >+ if (rsa_check_key_length(mpi_get_size(pkey->n) << 3)) { >+ rsa_free_key(pkey); >+ ret = -EINVAL; >+ } >+ return ret; >+} >+ >+static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, >+ unsigned int keylen) > { > struct rsa_key *pkey = akcipher_tfm_ctx(tfm); > int ret; > >- ret = rsa_parse_key(pkey, key, keylen); >+ ret = rsa_parse_priv_key(pkey, key, keylen); > if (ret) > return ret; > >@@ -299,6 +412,13 @@ static int rsa_setkey(struct crypto_akcipher *tfm, const >void *key, return ret; > } > >+static int rsa_get_len(struct crypto_akcipher *tfm) >+{ >+ struct rsa_key *pkey = akcipher_tfm_ctx(tfm); >+ >+ return pkey->n ? mpi_get_size(pkey->n) : -EINVAL; >+} >+ > static void rsa_exit_tfm(struct crypto_akcipher *tfm) > { > struct rsa_key *pkey = akcipher_tfm_ctx(tfm); >@@ -311,7 +431,9 @@ static struct akcipher_alg rsa = { > .decrypt = rsa_dec, > .sign = rsa_sign, > .verify = rsa_verify, >- .setkey = rsa_setkey, >+ .set_priv_key = rsa_set_priv_key, >+ .set_pub_key = rsa_set_pub_key, >+ .get_len = rsa_get_len, > .exit = rsa_exit_tfm, > .base = { > .cra_name = "rsa", >diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c >index 8d96ce9..d226f48 100644 >--- a/crypto/rsa_helper.c >+++ b/crypto/rsa_helper.c >@@ -15,7 +15,8 @@ > #include <linux/err.h> > #include <linux/fips.h> > #include <crypto/internal/rsa.h> >-#include "rsakey-asn1.h" >+#include "rsapubkey-asn1.h" >+#include "rsaprivkey-asn1.h" > > int rsa_get_n(void *context, size_t hdrlen, unsigned char tag, > const void *value, size_t vlen) >@@ -94,8 +95,8 @@ void rsa_free_key(struct rsa_key *key) > EXPORT_SYMBOL_GPL(rsa_free_key); > > /** >- * rsa_parse_key() - extracts an rsa key from BER encoded buffer >- * and stores it in the provided struct rsa_key >+ * rsa_parse_pub_key() - extracts an rsa public key from BER encoded buffer >+ * and stores it in the provided struct rsa_key > * > * @rsa_key: struct rsa_key key representation > * @key: key in BER format >@@ -103,13 +104,13 @@ EXPORT_SYMBOL_GPL(rsa_free_key); > * > * Return: 0 on success or error code in case of error > */ >-int rsa_parse_key(struct rsa_key *rsa_key, const void *key, >- unsigned int key_len) >+int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key, >+ unsigned int key_len) > { > int ret; > > free_mpis(rsa_key); >- ret = asn1_ber_decoder(&rsakey_decoder, rsa_key, key, key_len); >+ ret = asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len); > if (ret < 0) > goto error; > >@@ -118,4 +119,31 @@ error: > free_mpis(rsa_key); > return ret; > } >-EXPORT_SYMBOL_GPL(rsa_parse_key); >+EXPORT_SYMBOL_GPL(rsa_parse_pub_key); >+ >+/** >+ * rsa_parse_pub_key() - extracts an rsa private key from BER encoded buffer >+ * and stores it in the provided struct rsa_key rsa_parse_*priv*_key >+ * >+ * @rsa_key: struct rsa_key key representation >+ * @key: key in BER format >+ * @key_len: length of key >+ * >+ * Return: 0 on success or error code in case of error >+ */ >+int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key, >+ unsigned int key_len) >+{ >+ int ret; >+ >+ free_mpis(rsa_key); >+ ret = asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len); >+ if (ret < 0) >+ goto error; >+ >+ return 0; >+error: >+ free_mpis(rsa_key); >+ return ret; >+} >+EXPORT_SYMBOL_GPL(rsa_parse_priv_key); >diff --git a/crypto/rsakey.asn1 b/crypto/rsakey.asn1 >deleted file mode 100644 >index 3c7b5df..0000000 >--- a/crypto/rsakey.asn1 >+++ /dev/null >@@ -1,5 +0,0 @@ >-RsaKey ::= SEQUENCE { >- n INTEGER ({ rsa_get_n }), >- e INTEGER ({ rsa_get_e }), >- d INTEGER ({ rsa_get_d }) >-} >diff --git a/crypto/rsaprivkey.asn1 b/crypto/rsaprivkey.asn1 >new file mode 100644 >index 0000000..731aea5 >--- /dev/null >+++ b/crypto/rsaprivkey.asn1 >@@ -0,0 +1,11 @@ >+RsaPrivKey ::= SEQUENCE { >+ version INTEGER, >+ n INTEGER ({ rsa_get_n }), >+ e INTEGER ({ rsa_get_e }), >+ d INTEGER ({ rsa_get_d }), >+ prime1 INTEGER, >+ prime2 INTEGER, >+ exponent1 INTEGER, >+ exponent2 INTEGER, >+ coefficient INTEGER >+} >diff --git a/crypto/rsapubkey.asn1 b/crypto/rsapubkey.asn1 >new file mode 100644 >index 0000000..725498e >--- /dev/null >+++ b/crypto/rsapubkey.asn1 >@@ -0,0 +1,4 @@ >+RsaPubKey ::= SEQUENCE { >+ n INTEGER ({ rsa_get_n }), >+ e INTEGER ({ rsa_get_e }) >+} >diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h >index a8c8636..f997e2d 100644 >--- a/include/crypto/internal/rsa.h >+++ b/include/crypto/internal/rsa.h >@@ -20,8 +20,11 @@ struct rsa_key { > MPI d; > }; > >-int rsa_parse_key(struct rsa_key *rsa_key, const void *key, >- unsigned int key_len); >+int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key, >+ unsigned int key_len); >+ >+int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key, >+ unsigned int key_len); > > void rsa_free_key(struct rsa_key *rsa_key); > #endif > >-- >To unsubscribe from this list: send the line "unsubscribe linux-crypto" in >the body of a message to majordomo@xxxxxxxxxxxxxxx >More majordomo info at http://vger.kernel.org/majordomo-info.html Ciao Stephan -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html