1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * RSA key extract helper
4 *
5 * Copyright (c) 2015, Intel Corporation
6 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
7 */
8 #ifndef __UBOOT__
9 #include <linux/compat.h>
10 #include <linux/kernel.h>
11 #include <linux/export.h>
12 #endif
13 #include <linux/err.h>
14 #ifndef __UBOOT__
15 #include <linux/fips.h>
16 #endif
17 #include <crypto/internal/rsa.h>
18 #include "rsapubkey.asn1.h"
19 #ifndef __UBOOT__
20 #include "rsaprivkey.asn1.h"
21 #endif
22
rsa_get_n(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)23 int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
24 const void *value, size_t vlen)
25 {
26 struct rsa_key *key = context;
27 #ifndef __UBOOT__
28 const u8 *ptr = value;
29 size_t n_sz = vlen;
30 #endif
31
32 /* invalid key provided */
33 if (!value || !vlen)
34 return -EINVAL;
35
36 #ifndef __UBOOT__
37 if (fips_enabled) {
38 while (n_sz && !*ptr) {
39 ptr++;
40 n_sz--;
41 }
42
43 /* In FIPS mode only allow key size 2K and higher */
44 if (n_sz < 256) {
45 pr_err("RSA: key size not allowed in FIPS mode\n");
46 return -EINVAL;
47 }
48 }
49 #endif
50
51 key->n = value;
52 key->n_sz = vlen;
53
54 return 0;
55 }
56
rsa_get_e(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)57 int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
58 const void *value, size_t vlen)
59 {
60 struct rsa_key *key = context;
61
62 /* invalid key provided */
63 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
64 return -EINVAL;
65
66 key->e = value;
67 key->e_sz = vlen;
68
69 return 0;
70 }
71
rsa_get_d(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)72 int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
73 const void *value, size_t vlen)
74 {
75 struct rsa_key *key = context;
76
77 /* invalid key provided */
78 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
79 return -EINVAL;
80
81 key->d = value;
82 key->d_sz = vlen;
83
84 return 0;
85 }
86
rsa_get_p(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)87 int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
88 const void *value, size_t vlen)
89 {
90 struct rsa_key *key = context;
91
92 /* invalid key provided */
93 if (!value || !vlen || vlen > key->n_sz)
94 return -EINVAL;
95
96 key->p = value;
97 key->p_sz = vlen;
98
99 return 0;
100 }
101
rsa_get_q(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)102 int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
103 const void *value, size_t vlen)
104 {
105 struct rsa_key *key = context;
106
107 /* invalid key provided */
108 if (!value || !vlen || vlen > key->n_sz)
109 return -EINVAL;
110
111 key->q = value;
112 key->q_sz = vlen;
113
114 return 0;
115 }
116
rsa_get_dp(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)117 int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
118 const void *value, size_t vlen)
119 {
120 struct rsa_key *key = context;
121
122 /* invalid key provided */
123 if (!value || !vlen || vlen > key->n_sz)
124 return -EINVAL;
125
126 key->dp = value;
127 key->dp_sz = vlen;
128
129 return 0;
130 }
131
rsa_get_dq(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)132 int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
133 const void *value, size_t vlen)
134 {
135 struct rsa_key *key = context;
136
137 /* invalid key provided */
138 if (!value || !vlen || vlen > key->n_sz)
139 return -EINVAL;
140
141 key->dq = value;
142 key->dq_sz = vlen;
143
144 return 0;
145 }
146
rsa_get_qinv(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)147 int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
148 const void *value, size_t vlen)
149 {
150 struct rsa_key *key = context;
151
152 /* invalid key provided */
153 if (!value || !vlen || vlen > key->n_sz)
154 return -EINVAL;
155
156 key->qinv = value;
157 key->qinv_sz = vlen;
158
159 return 0;
160 }
161
162 /**
163 * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
164 * provided struct rsa_key, pointers to the raw key as is,
165 * so that the caller can copy it or MPI parse it, etc.
166 *
167 * @rsa_key: struct rsa_key key representation
168 * @key: key in BER format
169 * @key_len: length of key
170 *
171 * Return: 0 on success or error code in case of error
172 */
rsa_parse_pub_key(struct rsa_key * rsa_key,const void * key,unsigned int key_len)173 int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
174 unsigned int key_len)
175 {
176 return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
177 }
178 EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
179
180 #ifndef __UBOOT__
181 /**
182 * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
183 * provided struct rsa_key, pointers to the raw key
184 * as is, so that the caller can copy it or MPI parse it,
185 * etc.
186 *
187 * @rsa_key: struct rsa_key key representation
188 * @key: key in BER format
189 * @key_len: length of key
190 *
191 * Return: 0 on success or error code in case of error
192 */
rsa_parse_priv_key(struct rsa_key * rsa_key,const void * key,unsigned int key_len)193 int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
194 unsigned int key_len)
195 {
196 return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
197 }
198 EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
199 #endif
200