1 /* RSA asymmetric public-key algorithm [RFC3447]
3 * Copyright (c) 2015, Intel Corporation
4 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/mpi.h>
14 #include <crypto/internal/rsa.h>
15 #include <crypto/internal/akcipher.h>
16 #include <crypto/akcipher.h>
17 #include <crypto/algapi.h>
26 * RSAEP function [RFC3447 sec 5.1.1]
29 static int _rsa_enc(const struct rsa_mpi_key
*key
, MPI c
, MPI m
)
31 /* (1) Validate 0 <= m < n */
32 if (mpi_cmp_ui(m
, 0) < 0 || mpi_cmp(m
, key
->n
) >= 0)
35 /* (2) c = m^e mod n */
36 return mpi_powm(c
, m
, key
->e
, key
->n
);
40 * RSADP function [RFC3447 sec 5.1.2]
43 static int _rsa_dec(const struct rsa_mpi_key
*key
, MPI m
, MPI c
)
45 /* (1) Validate 0 <= c < n */
46 if (mpi_cmp_ui(c
, 0) < 0 || mpi_cmp(c
, key
->n
) >= 0)
49 /* (2) m = c^d mod n */
50 return mpi_powm(m
, c
, key
->d
, key
->n
);
54 * RSASP1 function [RFC3447 sec 5.2.1]
57 static int _rsa_sign(const struct rsa_mpi_key
*key
, MPI s
, MPI m
)
59 /* (1) Validate 0 <= m < n */
60 if (mpi_cmp_ui(m
, 0) < 0 || mpi_cmp(m
, key
->n
) >= 0)
63 /* (2) s = m^d mod n */
64 return mpi_powm(s
, m
, key
->d
, key
->n
);
68 * RSAVP1 function [RFC3447 sec 5.2.2]
71 static int _rsa_verify(const struct rsa_mpi_key
*key
, MPI m
, MPI s
)
73 /* (1) Validate 0 <= s < n */
74 if (mpi_cmp_ui(s
, 0) < 0 || mpi_cmp(s
, key
->n
) >= 0)
77 /* (2) m = s^e mod n */
78 return mpi_powm(m
, s
, key
->e
, key
->n
);
81 static inline struct rsa_mpi_key
*rsa_get_key(struct crypto_akcipher
*tfm
)
83 return akcipher_tfm_ctx(tfm
);
86 static int rsa_enc(struct akcipher_request
*req
)
88 struct crypto_akcipher
*tfm
= crypto_akcipher_reqtfm(req
);
89 const struct rsa_mpi_key
*pkey
= rsa_get_key(tfm
);
90 MPI m
, c
= mpi_alloc(0);
97 if (unlikely(!pkey
->n
|| !pkey
->e
)) {
103 m
= mpi_read_raw_from_sgl(req
->src
, req
->src_len
);
107 ret
= _rsa_enc(pkey
, c
, m
);
111 ret
= mpi_write_to_sgl(c
, req
->dst
, req
->dst_len
, &sign
);
125 static int rsa_dec(struct akcipher_request
*req
)
127 struct crypto_akcipher
*tfm
= crypto_akcipher_reqtfm(req
);
128 const struct rsa_mpi_key
*pkey
= rsa_get_key(tfm
);
129 MPI c
, m
= mpi_alloc(0);
136 if (unlikely(!pkey
->n
|| !pkey
->d
)) {
142 c
= mpi_read_raw_from_sgl(req
->src
, req
->src_len
);
146 ret
= _rsa_dec(pkey
, m
, c
);
150 ret
= mpi_write_to_sgl(m
, req
->dst
, req
->dst_len
, &sign
);
163 static int rsa_sign(struct akcipher_request
*req
)
165 struct crypto_akcipher
*tfm
= crypto_akcipher_reqtfm(req
);
166 const struct rsa_mpi_key
*pkey
= rsa_get_key(tfm
);
167 MPI m
, s
= mpi_alloc(0);
174 if (unlikely(!pkey
->n
|| !pkey
->d
)) {
180 m
= mpi_read_raw_from_sgl(req
->src
, req
->src_len
);
184 ret
= _rsa_sign(pkey
, s
, m
);
188 ret
= mpi_write_to_sgl(s
, req
->dst
, req
->dst_len
, &sign
);
202 static int rsa_verify(struct akcipher_request
*req
)
204 struct crypto_akcipher
*tfm
= crypto_akcipher_reqtfm(req
);
205 const struct rsa_mpi_key
*pkey
= rsa_get_key(tfm
);
206 MPI s
, m
= mpi_alloc(0);
213 if (unlikely(!pkey
->n
|| !pkey
->e
)) {
219 s
= mpi_read_raw_from_sgl(req
->src
, req
->src_len
);
225 ret
= _rsa_verify(pkey
, m
, s
);
229 ret
= mpi_write_to_sgl(m
, req
->dst
, req
->dst_len
, &sign
);
243 static void rsa_free_mpi_key(struct rsa_mpi_key
*key
)
253 static int rsa_check_key_length(unsigned int len
)
268 static int rsa_set_pub_key(struct crypto_akcipher
*tfm
, const void *key
,
271 struct rsa_mpi_key
*mpi_key
= akcipher_tfm_ctx(tfm
);
272 struct rsa_key raw_key
= {0};
275 /* Free the old MPI key if any */
276 rsa_free_mpi_key(mpi_key
);
278 ret
= rsa_parse_pub_key(&raw_key
, key
, keylen
);
282 mpi_key
->e
= mpi_read_raw_data(raw_key
.e
, raw_key
.e_sz
);
286 mpi_key
->n
= mpi_read_raw_data(raw_key
.n
, raw_key
.n_sz
);
290 if (rsa_check_key_length(mpi_get_size(mpi_key
->n
) << 3)) {
291 rsa_free_mpi_key(mpi_key
);
298 rsa_free_mpi_key(mpi_key
);
302 static int rsa_set_priv_key(struct crypto_akcipher
*tfm
, const void *key
,
305 struct rsa_mpi_key
*mpi_key
= akcipher_tfm_ctx(tfm
);
306 struct rsa_key raw_key
= {0};
309 /* Free the old MPI key if any */
310 rsa_free_mpi_key(mpi_key
);
312 ret
= rsa_parse_priv_key(&raw_key
, key
, keylen
);
316 mpi_key
->d
= mpi_read_raw_data(raw_key
.d
, raw_key
.d_sz
);
320 mpi_key
->e
= mpi_read_raw_data(raw_key
.e
, raw_key
.e_sz
);
324 mpi_key
->n
= mpi_read_raw_data(raw_key
.n
, raw_key
.n_sz
);
328 if (rsa_check_key_length(mpi_get_size(mpi_key
->n
) << 3)) {
329 rsa_free_mpi_key(mpi_key
);
336 rsa_free_mpi_key(mpi_key
);
340 static int rsa_max_size(struct crypto_akcipher
*tfm
)
342 struct rsa_mpi_key
*pkey
= akcipher_tfm_ctx(tfm
);
344 return pkey
->n
? mpi_get_size(pkey
->n
) : -EINVAL
;
347 static void rsa_exit_tfm(struct crypto_akcipher
*tfm
)
349 struct rsa_mpi_key
*pkey
= akcipher_tfm_ctx(tfm
);
351 rsa_free_mpi_key(pkey
);
354 static struct akcipher_alg rsa
= {
358 .verify
= rsa_verify
,
359 .set_priv_key
= rsa_set_priv_key
,
360 .set_pub_key
= rsa_set_pub_key
,
361 .max_size
= rsa_max_size
,
362 .exit
= rsa_exit_tfm
,
365 .cra_driver_name
= "rsa-generic",
367 .cra_module
= THIS_MODULE
,
368 .cra_ctxsize
= sizeof(struct rsa_mpi_key
),
372 static int rsa_init(void)
376 err
= crypto_register_akcipher(&rsa
);
380 err
= crypto_register_template(&rsa_pkcs1pad_tmpl
);
382 crypto_unregister_akcipher(&rsa
);
389 static void rsa_exit(void)
391 crypto_unregister_template(&rsa_pkcs1pad_tmpl
);
392 crypto_unregister_akcipher(&rsa
);
395 module_init(rsa_init
);
396 module_exit(rsa_exit
);
397 MODULE_ALIAS_CRYPTO("rsa");
398 MODULE_LICENSE("GPL");
399 MODULE_DESCRIPTION("RSA generic algorithm");