On Tue, Jun 13, 2023 at 04:17:31PM +0000, Mahmoud Adam wrote: > check if rsa public exponent is odd and check its value is between > 2^16 < e < 2^256. > > FIPS 186-5 DSS (page 35)[1] specify that: > 1. The public exponent e shall be selected with the following constraints: > (a) The public verification exponent e shall be selected prior to > generating the primes, p and q, and the private signature exponent > d. > (b) The exponent e shall be an odd positive integer such that: > 2^16 < e < 2^256. > > [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf > > Signed-off-by: Mahmoud Adam <mngyadam@xxxxxxxxxx> > --- > crypto/rsa.c | 36 ++++++++++++++++++++++++++++++++++++ > 1 file changed, 36 insertions(+) > > diff --git a/crypto/rsa.c b/crypto/rsa.c > index c50f2d2a4d06..c79613cdce6e 100644 > --- a/crypto/rsa.c > +++ b/crypto/rsa.c > @@ -205,6 +205,32 @@ static int rsa_check_key_length(unsigned int len) > return -EINVAL; > } > > +static int rsa_check_exponent_fips(MPI e) > +{ > + MPI e_max = NULL; > + > + /* check if odd */ > + if (!mpi_test_bit(e, 0)) { > + return -EINVAL; > + } > + > + /* check if 2^16 < e < 2^256. */ > + if (mpi_cmp_ui(e, 65536) <= 0) { > + return -EINVAL; > + } > + > + e_max = mpi_alloc(0); > + mpi_set_bit(e_max, 256); > + > + if (mpi_cmp(e, e_max) >= 0) { > + mpi_free(e_max); > + return -EINVAL; > + } > + > + mpi_free(e_max); > + return 0; > +} > + > static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, > unsigned int keylen) > { > @@ -232,6 +258,11 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key, > return -EINVAL; > } > > + if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) { > + rsa_free_mpi_key(mpi_key); > + return -EINVAL; > + } > + > return 0; > > err: > @@ -290,6 +321,11 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key, > return -EINVAL; > } > > + if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) { > + rsa_free_mpi_key(mpi_key); > + return -EINVAL; > + } > + > return 0; > > err: > -- > 2.40.1 Cc Stephan Mueller -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt