1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* RSA asymmetric public-key algorithm [RFC3447]
4 * Copyright (c) 2015, Intel Corporation
5 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
8 #include <linux/fips.h>
9 #include <linux/module.h>
10 #include <linux/mpi.h>
11 #include <crypto/internal/rsa.h>
12 #include <crypto/internal/akcipher.h>
13 #include <crypto/akcipher.h>
14 #include <crypto/algapi.h>
28 * RSAEP function [RFC3447 sec 5.1.1]
31 static int _rsa_enc(const struct rsa_mpi_key *key, MPI c, MPI m)
33 /* (1) Validate 0 <= m < n */
34 if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
37 /* (2) c = m^e mod n */
38 return mpi_powm(c, m, key->e, key->n);
42 * RSADP function [RFC3447 sec 5.1.2]
45 * h = (m_1 - m_2) * qInv mod p;
48 static int _rsa_dec_crt(const struct rsa_mpi_key *key, MPI m_or_m1_or_h, MPI c)
53 /* (1) Validate 0 <= c < n */
54 if (mpi_cmp_ui(c, 0) < 0 || mpi_cmp(c, key->n) >= 0)
58 m12_or_qh = mpi_alloc(0);
59 if (!m2 || !m12_or_qh)
62 /* (2i) m_1 = c^dP mod p */
63 ret = mpi_powm(m_or_m1_or_h, c, key->dp, key->p);
67 /* (2i) m_2 = c^dQ mod q */
68 ret = mpi_powm(m2, c, key->dq, key->q);
72 /* (2iii) h = (m_1 - m_2) * qInv mod p */
73 mpi_sub(m12_or_qh, m_or_m1_or_h, m2);
74 mpi_mulm(m_or_m1_or_h, m12_or_qh, key->qinv, key->p);
76 /* (2iv) m = m_2 + q * h */
77 mpi_mul(m12_or_qh, key->q, m_or_m1_or_h);
78 mpi_addm(m_or_m1_or_h, m2, m12_or_qh, key->n);
88 static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm)
90 return akcipher_tfm_ctx(tfm);
93 static int rsa_enc(struct akcipher_request *req)
95 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
96 const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
97 MPI m, c = mpi_alloc(0);
104 if (unlikely(!pkey->n || !pkey->e)) {
110 m = mpi_read_raw_from_sgl(req->src, req->src_len);
114 ret = _rsa_enc(pkey, c, m);
118 ret = mpi_write_to_sgl(c, req->dst, req->dst_len, &sign);
132 static int rsa_dec(struct akcipher_request *req)
134 struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
135 const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
136 MPI c, m = mpi_alloc(0);
143 if (unlikely(!pkey->n || !pkey->d)) {
149 c = mpi_read_raw_from_sgl(req->src, req->src_len);
153 ret = _rsa_dec_crt(pkey, m, c);
157 ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
170 static void rsa_free_mpi_key(struct rsa_mpi_key *key)
190 static int rsa_check_key_length(unsigned int len)
208 static int rsa_check_exponent_fips(MPI e)
213 if (!mpi_test_bit(e, 0)) {
217 /* check if 2^16 < e < 2^256. */
218 if (mpi_cmp_ui(e, 65536) <= 0) {
222 e_max = mpi_alloc(0);
225 mpi_set_bit(e_max, 256);
227 if (mpi_cmp(e, e_max) >= 0) {
236 static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
239 struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm);
240 struct rsa_key raw_key = {0};
243 /* Free the old MPI key if any */
244 rsa_free_mpi_key(mpi_key);
246 ret = rsa_parse_pub_key(&raw_key, key, keylen);
250 mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz);
254 mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz);
258 if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) {
259 rsa_free_mpi_key(mpi_key);
263 if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) {
264 rsa_free_mpi_key(mpi_key);
271 rsa_free_mpi_key(mpi_key);
275 static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
278 struct rsa_mpi_key *mpi_key = akcipher_tfm_ctx(tfm);
279 struct rsa_key raw_key = {0};
282 /* Free the old MPI key if any */
283 rsa_free_mpi_key(mpi_key);
285 ret = rsa_parse_priv_key(&raw_key, key, keylen);
289 mpi_key->d = mpi_read_raw_data(raw_key.d, raw_key.d_sz);
293 mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz);
297 mpi_key->n = mpi_read_raw_data(raw_key.n, raw_key.n_sz);
301 mpi_key->p = mpi_read_raw_data(raw_key.p, raw_key.p_sz);
305 mpi_key->q = mpi_read_raw_data(raw_key.q, raw_key.q_sz);
309 mpi_key->dp = mpi_read_raw_data(raw_key.dp, raw_key.dp_sz);
313 mpi_key->dq = mpi_read_raw_data(raw_key.dq, raw_key.dq_sz);
317 mpi_key->qinv = mpi_read_raw_data(raw_key.qinv, raw_key.qinv_sz);
321 if (rsa_check_key_length(mpi_get_size(mpi_key->n) << 3)) {
322 rsa_free_mpi_key(mpi_key);
326 if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) {
327 rsa_free_mpi_key(mpi_key);
334 rsa_free_mpi_key(mpi_key);
338 static unsigned int rsa_max_size(struct crypto_akcipher *tfm)
340 struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm);
342 return mpi_get_size(pkey->n);
345 static void rsa_exit_tfm(struct crypto_akcipher *tfm)
347 struct rsa_mpi_key *pkey = akcipher_tfm_ctx(tfm);
349 rsa_free_mpi_key(pkey);
352 static struct akcipher_alg rsa = {
355 .set_priv_key = rsa_set_priv_key,
356 .set_pub_key = rsa_set_pub_key,
357 .max_size = rsa_max_size,
358 .exit = rsa_exit_tfm,
361 .cra_driver_name = "rsa-generic",
363 .cra_module = THIS_MODULE,
364 .cra_ctxsize = sizeof(struct rsa_mpi_key),
368 static int __init rsa_init(void)
372 err = crypto_register_akcipher(&rsa);
376 err = crypto_register_template(&rsa_pkcs1pad_tmpl);
378 crypto_unregister_akcipher(&rsa);
385 static void __exit rsa_exit(void)
387 crypto_unregister_template(&rsa_pkcs1pad_tmpl);
388 crypto_unregister_akcipher(&rsa);
391 subsys_initcall(rsa_init);
392 module_exit(rsa_exit);
393 MODULE_ALIAS_CRYPTO("rsa");
394 MODULE_LICENSE("GPL");
395 MODULE_DESCRIPTION("RSA generic algorithm");