blob: c941d40fd7a8272f35560b149f99db676d7beea3 [file] [log] [blame]
AKASHI Takahiro42142842019-11-13 09:44:59 +09001// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * RSA key extract helper
4 *
5 * Copyright (c) 2015, Intel Corporation
6 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
7 */
8#ifndef __UBOOT__
Simon Glass9bc15642020-02-03 07:36:16 -07009#include <linux/compat.h>
AKASHI Takahiro42142842019-11-13 09:44:59 +090010#include <linux/kernel.h>
11#include <linux/export.h>
12#endif
13#include <linux/err.h>
14#ifndef __UBOOT__
15#include <linux/fips.h>
16#endif
17#include <crypto/internal/rsa.h>
Simon Glassbdd5f812023-09-14 18:21:46 -060018#include <linux/printk.h>
AKASHI Takahiro42142842019-11-13 09:44:59 +090019#include "rsapubkey.asn1.h"
20#ifndef __UBOOT__
21#include "rsaprivkey.asn1.h"
22#endif
23
24int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
25 const void *value, size_t vlen)
26{
27 struct rsa_key *key = context;
28#ifndef __UBOOT__
29 const u8 *ptr = value;
30 size_t n_sz = vlen;
31#endif
32
33 /* invalid key provided */
34 if (!value || !vlen)
35 return -EINVAL;
36
37#ifndef __UBOOT__
38 if (fips_enabled) {
39 while (n_sz && !*ptr) {
40 ptr++;
41 n_sz--;
42 }
43
44 /* In FIPS mode only allow key size 2K and higher */
45 if (n_sz < 256) {
46 pr_err("RSA: key size not allowed in FIPS mode\n");
47 return -EINVAL;
48 }
49 }
50#endif
51
52 key->n = value;
53 key->n_sz = vlen;
54
55 return 0;
56}
57
58int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
59 const void *value, size_t vlen)
60{
61 struct rsa_key *key = context;
62
63 /* invalid key provided */
64 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
65 return -EINVAL;
66
67 key->e = value;
68 key->e_sz = vlen;
69
70 return 0;
71}
72
73int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
74 const void *value, size_t vlen)
75{
76 struct rsa_key *key = context;
77
78 /* invalid key provided */
79 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
80 return -EINVAL;
81
82 key->d = value;
83 key->d_sz = vlen;
84
85 return 0;
86}
87
88int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
89 const void *value, size_t vlen)
90{
91 struct rsa_key *key = context;
92
93 /* invalid key provided */
94 if (!value || !vlen || vlen > key->n_sz)
95 return -EINVAL;
96
97 key->p = value;
98 key->p_sz = vlen;
99
100 return 0;
101}
102
103int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
104 const void *value, size_t vlen)
105{
106 struct rsa_key *key = context;
107
108 /* invalid key provided */
109 if (!value || !vlen || vlen > key->n_sz)
110 return -EINVAL;
111
112 key->q = value;
113 key->q_sz = vlen;
114
115 return 0;
116}
117
118int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
119 const void *value, size_t vlen)
120{
121 struct rsa_key *key = context;
122
123 /* invalid key provided */
124 if (!value || !vlen || vlen > key->n_sz)
125 return -EINVAL;
126
127 key->dp = value;
128 key->dp_sz = vlen;
129
130 return 0;
131}
132
133int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
134 const void *value, size_t vlen)
135{
136 struct rsa_key *key = context;
137
138 /* invalid key provided */
139 if (!value || !vlen || vlen > key->n_sz)
140 return -EINVAL;
141
142 key->dq = value;
143 key->dq_sz = vlen;
144
145 return 0;
146}
147
148int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
149 const void *value, size_t vlen)
150{
151 struct rsa_key *key = context;
152
153 /* invalid key provided */
154 if (!value || !vlen || vlen > key->n_sz)
155 return -EINVAL;
156
157 key->qinv = value;
158 key->qinv_sz = vlen;
159
160 return 0;
161}
162
163/**
164 * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
165 * provided struct rsa_key, pointers to the raw key as is,
166 * so that the caller can copy it or MPI parse it, etc.
167 *
168 * @rsa_key: struct rsa_key key representation
169 * @key: key in BER format
170 * @key_len: length of key
171 *
172 * Return: 0 on success or error code in case of error
173 */
174int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
175 unsigned int key_len)
176{
177 return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
178}
179EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
180
181#ifndef __UBOOT__
182/**
183 * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
184 * provided struct rsa_key, pointers to the raw key
185 * as is, so that the caller can copy it or MPI parse it,
186 * etc.
187 *
188 * @rsa_key: struct rsa_key key representation
189 * @key: key in BER format
190 * @key_len: length of key
191 *
192 * Return: 0 on success or error code in case of error
193 */
194int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
195 unsigned int key_len)
196{
197 return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
198}
199EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
200#endif