1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * RSA key extract helper |
4 | * |
5 | * Copyright (c) 2015, Intel Corporation |
6 | * Authors: Tadeusz Struk <tadeusz.struk@intel.com> |
7 | */ |
8 | #include <linux/kernel.h> |
9 | #include <linux/export.h> |
10 | #include <linux/err.h> |
11 | #include <linux/fips.h> |
12 | #include <crypto/internal/rsa.h> |
13 | #include "rsapubkey.asn1.h" |
14 | #include "rsaprivkey.asn1.h" |
15 | |
16 | int rsa_get_n(void *context, size_t hdrlen, unsigned char tag, |
17 | const void *value, size_t vlen) |
18 | { |
19 | struct rsa_key *key = context; |
20 | const u8 *ptr = value; |
21 | size_t n_sz = vlen; |
22 | |
23 | /* invalid key provided */ |
24 | if (!value || !vlen) |
25 | return -EINVAL; |
26 | |
27 | if (fips_enabled) { |
28 | while (n_sz && !*ptr) { |
29 | ptr++; |
30 | n_sz--; |
31 | } |
32 | |
33 | /* In FIPS mode only allow key size 2K and higher */ |
34 | if (n_sz < 256) { |
35 | pr_err("RSA: key size not allowed in FIPS mode\n" ); |
36 | return -EINVAL; |
37 | } |
38 | } |
39 | |
40 | key->n = value; |
41 | key->n_sz = vlen; |
42 | |
43 | return 0; |
44 | } |
45 | |
46 | int rsa_get_e(void *context, size_t hdrlen, unsigned char tag, |
47 | const void *value, size_t vlen) |
48 | { |
49 | struct rsa_key *key = context; |
50 | |
51 | /* invalid key provided */ |
52 | if (!value || !key->n_sz || !vlen || vlen > key->n_sz) |
53 | return -EINVAL; |
54 | |
55 | key->e = value; |
56 | key->e_sz = vlen; |
57 | |
58 | return 0; |
59 | } |
60 | |
61 | int rsa_get_d(void *context, size_t hdrlen, unsigned char tag, |
62 | const void *value, size_t vlen) |
63 | { |
64 | struct rsa_key *key = context; |
65 | |
66 | /* invalid key provided */ |
67 | if (!value || !key->n_sz || !vlen || vlen > key->n_sz) |
68 | return -EINVAL; |
69 | |
70 | key->d = value; |
71 | key->d_sz = vlen; |
72 | |
73 | return 0; |
74 | } |
75 | |
76 | int rsa_get_p(void *context, size_t hdrlen, unsigned char tag, |
77 | const void *value, size_t vlen) |
78 | { |
79 | struct rsa_key *key = context; |
80 | |
81 | /* invalid key provided */ |
82 | if (!value || !vlen || vlen > key->n_sz) |
83 | return -EINVAL; |
84 | |
85 | key->p = value; |
86 | key->p_sz = vlen; |
87 | |
88 | return 0; |
89 | } |
90 | |
91 | int rsa_get_q(void *context, size_t hdrlen, unsigned char tag, |
92 | const void *value, size_t vlen) |
93 | { |
94 | struct rsa_key *key = context; |
95 | |
96 | /* invalid key provided */ |
97 | if (!value || !vlen || vlen > key->n_sz) |
98 | return -EINVAL; |
99 | |
100 | key->q = value; |
101 | key->q_sz = vlen; |
102 | |
103 | return 0; |
104 | } |
105 | |
106 | int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag, |
107 | const void *value, size_t vlen) |
108 | { |
109 | struct rsa_key *key = context; |
110 | |
111 | /* invalid key provided */ |
112 | if (!value || !vlen || vlen > key->n_sz) |
113 | return -EINVAL; |
114 | |
115 | key->dp = value; |
116 | key->dp_sz = vlen; |
117 | |
118 | return 0; |
119 | } |
120 | |
121 | int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag, |
122 | const void *value, size_t vlen) |
123 | { |
124 | struct rsa_key *key = context; |
125 | |
126 | /* invalid key provided */ |
127 | if (!value || !vlen || vlen > key->n_sz) |
128 | return -EINVAL; |
129 | |
130 | key->dq = value; |
131 | key->dq_sz = vlen; |
132 | |
133 | return 0; |
134 | } |
135 | |
136 | int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag, |
137 | const void *value, size_t vlen) |
138 | { |
139 | struct rsa_key *key = context; |
140 | |
141 | /* invalid key provided */ |
142 | if (!value || !vlen || vlen > key->n_sz) |
143 | return -EINVAL; |
144 | |
145 | key->qinv = value; |
146 | key->qinv_sz = vlen; |
147 | |
148 | return 0; |
149 | } |
150 | |
151 | /** |
152 | * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the |
153 | * provided struct rsa_key, pointers to the raw key as is, |
154 | * so that the caller can copy it or MPI parse it, etc. |
155 | * |
156 | * @rsa_key: struct rsa_key key representation |
157 | * @key: key in BER format |
158 | * @key_len: length of key |
159 | * |
160 | * Return: 0 on success or error code in case of error |
161 | */ |
162 | int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key, |
163 | unsigned int key_len) |
164 | { |
165 | return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len); |
166 | } |
167 | EXPORT_SYMBOL_GPL(rsa_parse_pub_key); |
168 | |
169 | /** |
170 | * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the |
171 | * provided struct rsa_key, pointers to the raw key |
172 | * as is, so that the caller can copy it or MPI parse it, |
173 | * etc. |
174 | * |
175 | * @rsa_key: struct rsa_key key representation |
176 | * @key: key in BER format |
177 | * @key_len: length of key |
178 | * |
179 | * Return: 0 on success or error code in case of error |
180 | */ |
181 | int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key, |
182 | unsigned int key_len) |
183 | { |
184 | return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len); |
185 | } |
186 | EXPORT_SYMBOL_GPL(rsa_parse_priv_key); |
187 | |