1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * RSA key extract helper
4  *
5  * Copyright (c) 2015, Intel Corporation
6  * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
7  */
8 #include <linux/kernel.h>
9 #include <linux/export.h>
10 #include <linux/err.h>
11 #include <linux/fips.h>
12 #include <crypto/internal/rsa.h>
13 #include "rsapubkey.asn1.h"
14 #include "rsaprivkey.asn1.h"
15 
rsa_get_n(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)16 int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
17 	      const void *value, size_t vlen)
18 {
19 	struct rsa_key *key = context;
20 	const u8 *ptr = value;
21 	size_t n_sz = vlen;
22 
23 	/* invalid key provided */
24 	if (!value || !vlen)
25 		return -EINVAL;
26 
27 	if (fips_enabled) {
28 		while (n_sz && !*ptr) {
29 			ptr++;
30 			n_sz--;
31 		}
32 
33 		/* In FIPS mode only allow key size 2K and higher */
34 		if (n_sz < 256) {
35 			pr_err("RSA: key size not allowed in FIPS mode\n");
36 			return -EINVAL;
37 		}
38 	}
39 
40 	key->n = value;
41 	key->n_sz = vlen;
42 
43 	return 0;
44 }
45 
rsa_get_e(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)46 int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
47 	      const void *value, size_t vlen)
48 {
49 	struct rsa_key *key = context;
50 
51 	/* invalid key provided */
52 	if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
53 		return -EINVAL;
54 
55 	key->e = value;
56 	key->e_sz = vlen;
57 
58 	return 0;
59 }
60 
rsa_get_d(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)61 int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
62 	      const void *value, size_t vlen)
63 {
64 	struct rsa_key *key = context;
65 
66 	/* invalid key provided */
67 	if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
68 		return -EINVAL;
69 
70 	key->d = value;
71 	key->d_sz = vlen;
72 
73 	return 0;
74 }
75 
rsa_get_p(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)76 int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
77 	      const void *value, size_t vlen)
78 {
79 	struct rsa_key *key = context;
80 
81 	/* invalid key provided */
82 	if (!value || !vlen || vlen > key->n_sz)
83 		return -EINVAL;
84 
85 	key->p = value;
86 	key->p_sz = vlen;
87 
88 	return 0;
89 }
90 
rsa_get_q(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)91 int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
92 	      const void *value, size_t vlen)
93 {
94 	struct rsa_key *key = context;
95 
96 	/* invalid key provided */
97 	if (!value || !vlen || vlen > key->n_sz)
98 		return -EINVAL;
99 
100 	key->q = value;
101 	key->q_sz = vlen;
102 
103 	return 0;
104 }
105 
rsa_get_dp(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)106 int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
107 	       const void *value, size_t vlen)
108 {
109 	struct rsa_key *key = context;
110 
111 	/* invalid key provided */
112 	if (!value || !vlen || vlen > key->n_sz)
113 		return -EINVAL;
114 
115 	key->dp = value;
116 	key->dp_sz = vlen;
117 
118 	return 0;
119 }
120 
rsa_get_dq(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)121 int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
122 	       const void *value, size_t vlen)
123 {
124 	struct rsa_key *key = context;
125 
126 	/* invalid key provided */
127 	if (!value || !vlen || vlen > key->n_sz)
128 		return -EINVAL;
129 
130 	key->dq = value;
131 	key->dq_sz = vlen;
132 
133 	return 0;
134 }
135 
rsa_get_qinv(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)136 int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
137 		 const void *value, size_t vlen)
138 {
139 	struct rsa_key *key = context;
140 
141 	/* invalid key provided */
142 	if (!value || !vlen || vlen > key->n_sz)
143 		return -EINVAL;
144 
145 	key->qinv = value;
146 	key->qinv_sz = vlen;
147 
148 	return 0;
149 }
150 
151 /**
152  * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
153  *                       provided struct rsa_key, pointers to the raw key as is,
154  *                       so that the caller can copy it or MPI parse it, etc.
155  *
156  * @rsa_key:	struct rsa_key key representation
157  * @key:	key in BER format
158  * @key_len:	length of key
159  *
160  * Return:	0 on success or error code in case of error
161  */
rsa_parse_pub_key(struct rsa_key * rsa_key,const void * key,unsigned int key_len)162 int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
163 		      unsigned int key_len)
164 {
165 	return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
166 }
167 EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
168 
169 /**
170  * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
171  *                        provided struct rsa_key, pointers to the raw key
172  *                        as is, so that the caller can copy it or MPI parse it,
173  *                        etc.
174  *
175  * @rsa_key:	struct rsa_key key representation
176  * @key:	key in BER format
177  * @key_len:	length of key
178  *
179  * Return:	0 on success or error code in case of error
180  */
rsa_parse_priv_key(struct rsa_key * rsa_key,const void * key,unsigned int key_len)181 int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
182 		       unsigned int key_len)
183 {
184 	return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
185 }
186 EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
187