]>
git.ipfire.org Git - thirdparty/linux.git/blob - crypto/rsa.c
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* RSA asymmetric public-key algorithm [RFC3447]
4 * Copyright (c) 2015, Intel Corporation
5 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
8 #include <linux/fips.h>
9 #include <linux/module.h>
10 #include <linux/mpi.h>
11 #include <crypto/internal/rsa.h>
12 #include <crypto/internal/akcipher.h>
13 #include <crypto/akcipher.h>
14 #include <crypto/algapi.h>
28 * RSAEP function [RFC3447 sec 5.1.1]
31 static int _rsa_enc(const struct rsa_mpi_key
*key
, MPI c
, MPI m
)
33 /* (1) Validate 0 <= m < n */
34 if (mpi_cmp_ui(m
, 0) < 0 || mpi_cmp(m
, key
->n
) >= 0)
37 /* (2) c = m^e mod n */
38 return mpi_powm(c
, m
, key
->e
, key
->n
);
42 * RSADP function [RFC3447 sec 5.1.2]
45 * h = (m_1 - m_2) * qInv mod p;
48 static int _rsa_dec_crt(const struct rsa_mpi_key
*key
, MPI m_or_m1_or_h
, MPI c
)
53 /* (1) Validate 0 <= c < n */
54 if (mpi_cmp_ui(c
, 0) < 0 || mpi_cmp(c
, key
->n
) >= 0)
58 m12_or_qh
= mpi_alloc(0);
59 if (!m2
|| !m12_or_qh
)
62 /* (2i) m_1 = c^dP mod p */
63 ret
= mpi_powm(m_or_m1_or_h
, c
, key
->dp
, key
->p
);
67 /* (2i) m_2 = c^dQ mod q */
68 ret
= mpi_powm(m2
, c
, key
->dq
, key
->q
);
72 /* (2iii) h = (m_1 - m_2) * qInv mod p */
73 mpi_sub(m12_or_qh
, m_or_m1_or_h
, m2
);
74 mpi_mulm(m_or_m1_or_h
, m12_or_qh
, key
->qinv
, key
->p
);
76 /* (2iv) m = m_2 + q * h */
77 mpi_mul(m12_or_qh
, key
->q
, m_or_m1_or_h
);
78 mpi_addm(m_or_m1_or_h
, m2
, m12_or_qh
, key
->n
);
88 static inline struct rsa_mpi_key
*rsa_get_key(struct crypto_akcipher
*tfm
)
90 return akcipher_tfm_ctx(tfm
);
93 static int rsa_enc(struct akcipher_request
*req
)
95 struct crypto_akcipher
*tfm
= crypto_akcipher_reqtfm(req
);
96 const struct rsa_mpi_key
*pkey
= rsa_get_key(tfm
);
97 MPI m
, c
= mpi_alloc(0);
104 if (unlikely(!pkey
->n
|| !pkey
->e
)) {
110 m
= mpi_read_raw_from_sgl(req
->src
, req
->src_len
);
114 ret
= _rsa_enc(pkey
, c
, m
);
118 ret
= mpi_write_to_sgl(c
, req
->dst
, req
->dst_len
, &sign
);
132 static int rsa_dec(struct akcipher_request
*req
)
134 struct crypto_akcipher
*tfm
= crypto_akcipher_reqtfm(req
);
135 const struct rsa_mpi_key
*pkey
= rsa_get_key(tfm
);
136 MPI c
, m
= mpi_alloc(0);
143 if (unlikely(!pkey
->n
|| !pkey
->d
)) {
149 c
= mpi_read_raw_from_sgl(req
->src
, req
->src_len
);
153 ret
= _rsa_dec_crt(pkey
, m
, c
);
157 ret
= mpi_write_to_sgl(m
, req
->dst
, req
->dst_len
, &sign
);
170 static void rsa_free_mpi_key(struct rsa_mpi_key
*key
)
190 static int rsa_check_key_length(unsigned int len
)
208 static int rsa_set_pub_key(struct crypto_akcipher
*tfm
, const void *key
,
211 struct rsa_mpi_key
*mpi_key
= akcipher_tfm_ctx(tfm
);
212 struct rsa_key raw_key
= {0};
215 /* Free the old MPI key if any */
216 rsa_free_mpi_key(mpi_key
);
218 ret
= rsa_parse_pub_key(&raw_key
, key
, keylen
);
222 mpi_key
->e
= mpi_read_raw_data(raw_key
.e
, raw_key
.e_sz
);
226 mpi_key
->n
= mpi_read_raw_data(raw_key
.n
, raw_key
.n_sz
);
230 if (rsa_check_key_length(mpi_get_size(mpi_key
->n
) << 3)) {
231 rsa_free_mpi_key(mpi_key
);
238 rsa_free_mpi_key(mpi_key
);
242 static int rsa_set_priv_key(struct crypto_akcipher
*tfm
, const void *key
,
245 struct rsa_mpi_key
*mpi_key
= akcipher_tfm_ctx(tfm
);
246 struct rsa_key raw_key
= {0};
249 /* Free the old MPI key if any */
250 rsa_free_mpi_key(mpi_key
);
252 ret
= rsa_parse_priv_key(&raw_key
, key
, keylen
);
256 mpi_key
->d
= mpi_read_raw_data(raw_key
.d
, raw_key
.d_sz
);
260 mpi_key
->e
= mpi_read_raw_data(raw_key
.e
, raw_key
.e_sz
);
264 mpi_key
->n
= mpi_read_raw_data(raw_key
.n
, raw_key
.n_sz
);
268 mpi_key
->p
= mpi_read_raw_data(raw_key
.p
, raw_key
.p_sz
);
272 mpi_key
->q
= mpi_read_raw_data(raw_key
.q
, raw_key
.q_sz
);
276 mpi_key
->dp
= mpi_read_raw_data(raw_key
.dp
, raw_key
.dp_sz
);
280 mpi_key
->dq
= mpi_read_raw_data(raw_key
.dq
, raw_key
.dq_sz
);
284 mpi_key
->qinv
= mpi_read_raw_data(raw_key
.qinv
, raw_key
.qinv_sz
);
288 if (rsa_check_key_length(mpi_get_size(mpi_key
->n
) << 3)) {
289 rsa_free_mpi_key(mpi_key
);
296 rsa_free_mpi_key(mpi_key
);
300 static unsigned int rsa_max_size(struct crypto_akcipher
*tfm
)
302 struct rsa_mpi_key
*pkey
= akcipher_tfm_ctx(tfm
);
304 return mpi_get_size(pkey
->n
);
307 static void rsa_exit_tfm(struct crypto_akcipher
*tfm
)
309 struct rsa_mpi_key
*pkey
= akcipher_tfm_ctx(tfm
);
311 rsa_free_mpi_key(pkey
);
314 static struct akcipher_alg rsa
= {
317 .set_priv_key
= rsa_set_priv_key
,
318 .set_pub_key
= rsa_set_pub_key
,
319 .max_size
= rsa_max_size
,
320 .exit
= rsa_exit_tfm
,
323 .cra_driver_name
= "rsa-generic",
325 .cra_module
= THIS_MODULE
,
326 .cra_ctxsize
= sizeof(struct rsa_mpi_key
),
330 static int __init
rsa_init(void)
334 err
= crypto_register_akcipher(&rsa
);
338 err
= crypto_register_template(&rsa_pkcs1pad_tmpl
);
340 crypto_unregister_akcipher(&rsa
);
347 static void __exit
rsa_exit(void)
349 crypto_unregister_template(&rsa_pkcs1pad_tmpl
);
350 crypto_unregister_akcipher(&rsa
);
353 subsys_initcall(rsa_init
);
354 module_exit(rsa_exit
);
355 MODULE_ALIAS_CRYPTO("rsa");
356 MODULE_LICENSE("GPL");
357 MODULE_DESCRIPTION("RSA generic algorithm");