blob: cc0c0d6637bd3c877985baac59debf3708a154f5 [file] [log] [blame]
AKASHI Takahiro42142842019-11-13 09:44:59 +09001// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * RSA key extract helper
4 *
5 * Copyright (c) 2015, Intel Corporation
6 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
7 */
8#ifndef __UBOOT__
Simon Glass9bc15642020-02-03 07:36:16 -07009#include <linux/compat.h>
AKASHI Takahiro42142842019-11-13 09:44:59 +090010#include <linux/kernel.h>
11#include <linux/export.h>
12#endif
13#include <linux/err.h>
14#ifndef __UBOOT__
15#include <linux/fips.h>
16#endif
17#include <crypto/internal/rsa.h>
18#include "rsapubkey.asn1.h"
19#ifndef __UBOOT__
20#include "rsaprivkey.asn1.h"
21#endif
22
23int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
24 const void *value, size_t vlen)
25{
26 struct rsa_key *key = context;
27#ifndef __UBOOT__
28 const u8 *ptr = value;
29 size_t n_sz = vlen;
30#endif
31
32 /* invalid key provided */
33 if (!value || !vlen)
34 return -EINVAL;
35
36#ifndef __UBOOT__
37 if (fips_enabled) {
38 while (n_sz && !*ptr) {
39 ptr++;
40 n_sz--;
41 }
42
43 /* In FIPS mode only allow key size 2K and higher */
44 if (n_sz < 256) {
45 pr_err("RSA: key size not allowed in FIPS mode\n");
46 return -EINVAL;
47 }
48 }
49#endif
50
51 key->n = value;
52 key->n_sz = vlen;
53
54 return 0;
55}
56
57int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
58 const void *value, size_t vlen)
59{
60 struct rsa_key *key = context;
61
62 /* invalid key provided */
63 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
64 return -EINVAL;
65
66 key->e = value;
67 key->e_sz = vlen;
68
69 return 0;
70}
71
72int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
73 const void *value, size_t vlen)
74{
75 struct rsa_key *key = context;
76
77 /* invalid key provided */
78 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
79 return -EINVAL;
80
81 key->d = value;
82 key->d_sz = vlen;
83
84 return 0;
85}
86
87int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
88 const void *value, size_t vlen)
89{
90 struct rsa_key *key = context;
91
92 /* invalid key provided */
93 if (!value || !vlen || vlen > key->n_sz)
94 return -EINVAL;
95
96 key->p = value;
97 key->p_sz = vlen;
98
99 return 0;
100}
101
102int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
103 const void *value, size_t vlen)
104{
105 struct rsa_key *key = context;
106
107 /* invalid key provided */
108 if (!value || !vlen || vlen > key->n_sz)
109 return -EINVAL;
110
111 key->q = value;
112 key->q_sz = vlen;
113
114 return 0;
115}
116
117int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
118 const void *value, size_t vlen)
119{
120 struct rsa_key *key = context;
121
122 /* invalid key provided */
123 if (!value || !vlen || vlen > key->n_sz)
124 return -EINVAL;
125
126 key->dp = value;
127 key->dp_sz = vlen;
128
129 return 0;
130}
131
132int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
133 const void *value, size_t vlen)
134{
135 struct rsa_key *key = context;
136
137 /* invalid key provided */
138 if (!value || !vlen || vlen > key->n_sz)
139 return -EINVAL;
140
141 key->dq = value;
142 key->dq_sz = vlen;
143
144 return 0;
145}
146
147int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
148 const void *value, size_t vlen)
149{
150 struct rsa_key *key = context;
151
152 /* invalid key provided */
153 if (!value || !vlen || vlen > key->n_sz)
154 return -EINVAL;
155
156 key->qinv = value;
157 key->qinv_sz = vlen;
158
159 return 0;
160}
161
162/**
163 * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
164 * provided struct rsa_key, pointers to the raw key as is,
165 * so that the caller can copy it or MPI parse it, etc.
166 *
167 * @rsa_key: struct rsa_key key representation
168 * @key: key in BER format
169 * @key_len: length of key
170 *
171 * Return: 0 on success or error code in case of error
172 */
173int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
174 unsigned int key_len)
175{
176 return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
177}
178EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
179
180#ifndef __UBOOT__
181/**
182 * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
183 * provided struct rsa_key, pointers to the raw key
184 * as is, so that the caller can copy it or MPI parse it,
185 * etc.
186 *
187 * @rsa_key: struct rsa_key key representation
188 * @key: key in BER format
189 * @key_len: length of key
190 *
191 * Return: 0 on success or error code in case of error
192 */
193int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
194 unsigned int key_len)
195{
196 return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
197}
198EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
199#endif