Dedicated to RSA (hardware) implementations that want to use
raw integers instead of MPI keys.
Signed-off-by: Tudor Ambarus <tudor-dan.ambarus@xxxxxxx>
---
crypto/rsa.c | 15 ----
crypto/rsa_helper.c | 158 ++++++++++++++++++++++++++++++++++++++++++
include/crypto/internal/rsa.h | 24 +++++++
3 files changed, 182 insertions(+), 15 deletions(-)
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 2d53ad8..44baccf 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -235,21 +235,6 @@ err_free_m:
return ret;
}
-static int rsa_check_key_length(unsigned int len)
-{
- switch (len) {
- case 512:
- case 1024:
- case 1536:
- case 2048:
- case 3072:
- case 4096:
- return 0;
- }
-
- return -EINVAL;
-}
-
static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
unsigned int keylen)
{
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index 1ed32af..1708db8 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -14,6 +14,9 @@
#include <linux/export.h>
#include <linux/err.h>
#include <linux/fips.h>
+#include <linux/slab.h>
+#include <linux/dma-mapping.h>
+#include <linux/device.h>
#include <crypto/internal/rsa.h>
#include "rsapubkey-asn1.h"
#include "rsaprivkey-asn1.h"
@@ -190,3 +193,158 @@ void set_rsa_priv_action(struct rsa_asn1_action *action)
action->get_n = rsa_get_mpi_n;
}
EXPORT_SYMBOL_GPL(set_rsa_priv_action);
+
+int rsa_check_key_length(unsigned int len)
+{
+ switch (len) {
+ case 512:
+ case 1024:
+ case 1536:
+ case 2048:
+ case 3072:
+ case 4096:
+ return 0;
+ }
+
+ return -EINVAL;
+}
+EXPORT_SYMBOL_GPL(rsa_check_key_length);
+
+int raw_rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_raw_ctx *ctx = context;
+ struct rsa_raw_key *key = &ctx->key;
+ const char *ptr = value;
+ int ret = -EINVAL;
+
+ while (!*ptr && vlen) {
+ ptr++;
+ vlen--;
+ }
+
+ key->n_sz = vlen;
+ /* In FIPS mode only allow key size 2K & 3K */
+ if (fips_enabled && (key->n_sz != 256 && key->n_sz != 384)) {
+ dev_err(ctx->dev, "RSA: key size not allowed in FIPS mode\n");
+ goto err;
+ }
+ /* invalid key size provided */
+ ret = rsa_check_key_length(key->n_sz << 3);
+ if (ret)
+ goto err;
+
+ if (key->is_coherent)
+ key->n = kzalloc(key->n_sz, key->flags);
+ else
+ key->n = dma_zalloc_coherent(ctx->dev, key->n_sz, &key->dma_n,
+ key->flags);
+
+ if (!key->n) {
+ ret = -ENOMEM;
+ goto err;
+ }
+
+ memcpy(key->n, ptr, key->n_sz);
+
+ return 0;
+err:
+ key->n_sz = 0;
+ key->n = NULL;
+ return ret;
+}
+
+int raw_rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_raw_ctx *ctx = context;
+ struct rsa_raw_key *key = &ctx->key;
+ const char *ptr = value;
+
+ while (!*ptr && vlen) {
+ ptr++;
+ vlen--;
+ }
+
+ key->e_sz = vlen;
+
+ if (!key->n_sz || !vlen || vlen > key->n_sz) {
+ key->e = NULL;
+ return -EINVAL;
+ }
+
+ if (key->is_coherent)
+ key->e = kzalloc(key->e_sz, key->flags);
+ else
+ key->e = dma_zalloc_coherent(ctx->dev, key->n_sz, &key->dma_e,
+ key->flags);
+
+ if (!key->e)
+ return -ENOMEM;
+
+ if (key->is_coherent)
+ memcpy(key->e, ptr, key->e_sz);
+ else
+ memcpy(key->e + (key->n_sz - vlen), ptr, vlen);
+
+ return 0;
+}
+
+int raw_rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_raw_ctx *ctx = context;
+ struct rsa_raw_key *key = &ctx->key;
+ const char *ptr = value;
+ int ret = -EINVAL;
+
+ while (!*ptr && vlen) {
+ ptr++;
+ vlen--;
+ }
+
+ if (!key->n_sz || !vlen || vlen > key->n_sz)
+ goto err;
+
+ /* In FIPS mode only allow key size 2K & 3K */
+ if (fips_enabled && (vlen != 256 && vlen != 384)) {
+ dev_err(ctx->dev, "RSA: key size not allowed in FIPS mode\n");
+ goto err;
+ }
+
+ if (key->is_coherent)
+ key->d = kzalloc(key->n_sz, key->flags);
+ else
+ key->d = dma_zalloc_coherent(ctx->dev, key->n_sz, &key->dma_d,
+ key->flags);
+
+ if (!key->n) {
+ ret = -ENOMEM;
+ goto err;
+ }
+
+ if (key->is_coherent)
+ memcpy(key->d, ptr, vlen);
+ else
+ memcpy(key->d + (key->n_sz - vlen), ptr, vlen);
+
+ return 0;
+err:
+ key->d = NULL;
+ return ret;
+}
+
+void set_raw_rsa_pub_action(struct rsa_asn1_action *action)
+{
+ action->get_e = raw_rsa_get_e;
+ action->get_n = raw_rsa_get_n;
+}
+EXPORT_SYMBOL_GPL(set_raw_rsa_pub_action);
+
+void set_raw_rsa_priv_action(struct rsa_asn1_action *action)
+{
+ action->get_d = raw_rsa_get_d;
+ action->get_e = raw_rsa_get_e;
+ action->get_n = raw_rsa_get_n;
+}
+EXPORT_SYMBOL_GPL(set_raw_rsa_priv_action);
diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
index bf0f49d..7820e83 100644
--- a/include/crypto/internal/rsa.h
+++ b/include/crypto/internal/rsa.h
@@ -20,6 +20,19 @@ struct rsa_mpi_key {
MPI d;
};
+struct rsa_raw_key {
+ u8 *n;
+ u8 *e;
+ u8 *d;
+ dma_addr_t dma_n;
+ dma_addr_t dma_e;
+ dma_addr_t dma_d;
+ size_t n_sz;
+ size_t e_sz;
+ bool is_coherent;
+ gfp_t flags;
+};
+
struct rsa_asn1_action {
int (*get_n)(void *context, size_t hdrlen, unsigned char tag,
const void *value, size_t vlen);
@@ -34,6 +47,12 @@ struct rsa_ctx {
struct rsa_mpi_key key;
};
+struct rsa_raw_ctx {
+ struct rsa_asn1_action action;
+ struct rsa_raw_key key;
+ struct device *dev;
+};
+
void rsa_free_mpi_key(struct rsa_mpi_key *key);
int rsa_parse_mpi_pub_key(struct rsa_ctx *ctx, const void *key,
@@ -44,5 +63,10 @@ int rsa_parse_mpi_priv_key(struct rsa_ctx *ctx, const void *key,
void set_rsa_pub_action(struct rsa_asn1_action *action);
void set_rsa_priv_action(struct rsa_asn1_action *action);
+int rsa_check_key_length(unsigned int len);
+
+void set_raw_rsa_pub_action(struct rsa_asn1_action *action);
+void set_raw_rsa_priv_action(struct rsa_asn1_action *action);
+
extern struct crypto_template rsa_pkcs1pad_tmpl;
#endif
--
1.8.3.1
--
To unsubscribe from this list: send the line "unsubscribe linux-crypto" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
