1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * RSA key extract helper
4 *
5 * Copyright (c) 2015, Intel Corporation
6 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
7 */
8 #ifndef __UBOOT__
9 #include <linux/kernel.h>
10 #include <linux/export.h>
11 #endif
12 #include <linux/err.h>
13 #ifndef __UBOOT__
14 #include <linux/fips.h>
15 #endif
16 #include <crypto/internal/rsa.h>
17 #include "rsapubkey.asn1.h"
18 #ifndef __UBOOT__
19 #include "rsaprivkey.asn1.h"
20 #endif
21
rsa_get_n(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)22 int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
23 const void *value, size_t vlen)
24 {
25 struct rsa_key *key = context;
26 #ifndef __UBOOT__
27 const u8 *ptr = value;
28 size_t n_sz = vlen;
29 #endif
30
31 /* invalid key provided */
32 if (!value || !vlen)
33 return -EINVAL;
34
35 #ifndef __UBOOT__
36 if (fips_enabled) {
37 while (n_sz && !*ptr) {
38 ptr++;
39 n_sz--;
40 }
41
42 /* In FIPS mode only allow key size 2K and higher */
43 if (n_sz < 256) {
44 pr_err("RSA: key size not allowed in FIPS mode\n");
45 return -EINVAL;
46 }
47 }
48 #endif
49
50 key->n = value;
51 key->n_sz = vlen;
52
53 return 0;
54 }
55
rsa_get_e(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)56 int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
57 const void *value, size_t vlen)
58 {
59 struct rsa_key *key = context;
60
61 /* invalid key provided */
62 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
63 return -EINVAL;
64
65 key->e = value;
66 key->e_sz = vlen;
67
68 return 0;
69 }
70
rsa_get_d(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)71 int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
72 const void *value, size_t vlen)
73 {
74 struct rsa_key *key = context;
75
76 /* invalid key provided */
77 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
78 return -EINVAL;
79
80 key->d = value;
81 key->d_sz = vlen;
82
83 return 0;
84 }
85
rsa_get_p(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)86 int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
87 const void *value, size_t vlen)
88 {
89 struct rsa_key *key = context;
90
91 /* invalid key provided */
92 if (!value || !vlen || vlen > key->n_sz)
93 return -EINVAL;
94
95 key->p = value;
96 key->p_sz = vlen;
97
98 return 0;
99 }
100
rsa_get_q(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)101 int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
102 const void *value, size_t vlen)
103 {
104 struct rsa_key *key = context;
105
106 /* invalid key provided */
107 if (!value || !vlen || vlen > key->n_sz)
108 return -EINVAL;
109
110 key->q = value;
111 key->q_sz = vlen;
112
113 return 0;
114 }
115
rsa_get_dp(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)116 int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
117 const void *value, size_t vlen)
118 {
119 struct rsa_key *key = context;
120
121 /* invalid key provided */
122 if (!value || !vlen || vlen > key->n_sz)
123 return -EINVAL;
124
125 key->dp = value;
126 key->dp_sz = vlen;
127
128 return 0;
129 }
130
rsa_get_dq(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)131 int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
132 const void *value, size_t vlen)
133 {
134 struct rsa_key *key = context;
135
136 /* invalid key provided */
137 if (!value || !vlen || vlen > key->n_sz)
138 return -EINVAL;
139
140 key->dq = value;
141 key->dq_sz = vlen;
142
143 return 0;
144 }
145
rsa_get_qinv(void * context,size_t hdrlen,unsigned char tag,const void * value,size_t vlen)146 int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
147 const void *value, size_t vlen)
148 {
149 struct rsa_key *key = context;
150
151 /* invalid key provided */
152 if (!value || !vlen || vlen > key->n_sz)
153 return -EINVAL;
154
155 key->qinv = value;
156 key->qinv_sz = vlen;
157
158 return 0;
159 }
160
161 /**
162 * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
163 * provided struct rsa_key, pointers to the raw key as is,
164 * so that the caller can copy it or MPI parse it, etc.
165 *
166 * @rsa_key: struct rsa_key key representation
167 * @key: key in BER format
168 * @key_len: length of key
169 *
170 * Return: 0 on success or error code in case of error
171 */
rsa_parse_pub_key(struct rsa_key * rsa_key,const void * key,unsigned int key_len)172 int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
173 unsigned int key_len)
174 {
175 return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
176 }
177 EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
178
179 #ifndef __UBOOT__
180 /**
181 * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
182 * provided struct rsa_key, pointers to the raw key
183 * as is, so that the caller can copy it or MPI parse it,
184 * etc.
185 *
186 * @rsa_key: struct rsa_key key representation
187 * @key: key in BER format
188 * @key_len: length of key
189 *
190 * Return: 0 on success or error code in case of error
191 */
rsa_parse_priv_key(struct rsa_key * rsa_key,const void * key,unsigned int key_len)192 int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
193 unsigned int key_len)
194 {
195 return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
196 }
197 EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
198 #endif
199