blob: aca627a4a61916c6d52c95e5e3bc225115ec5954 [file] [log] [blame]
AKASHI Takahiro9b933bf2019-11-13 09:44:59 +09001// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * RSA key extract helper
4 *
5 * Copyright (c) 2015, Intel Corporation
6 * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
7 */
8#ifndef __UBOOT__
9#include <linux/kernel.h>
10#include <linux/export.h>
11#endif
12#include <linux/err.h>
13#ifndef __UBOOT__
14#include <linux/fips.h>
15#endif
16#include <crypto/internal/rsa.h>
17#include "rsapubkey.asn1.h"
18#ifndef __UBOOT__
19#include "rsaprivkey.asn1.h"
20#endif
21
22int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
23 const void *value, size_t vlen)
24{
25 struct rsa_key *key = context;
26#ifndef __UBOOT__
27 const u8 *ptr = value;
28 size_t n_sz = vlen;
29#endif
30
31 /* invalid key provided */
32 if (!value || !vlen)
33 return -EINVAL;
34
35#ifndef __UBOOT__
36 if (fips_enabled) {
37 while (n_sz && !*ptr) {
38 ptr++;
39 n_sz--;
40 }
41
42 /* In FIPS mode only allow key size 2K and higher */
43 if (n_sz < 256) {
44 pr_err("RSA: key size not allowed in FIPS mode\n");
45 return -EINVAL;
46 }
47 }
48#endif
49
50 key->n = value;
51 key->n_sz = vlen;
52
53 return 0;
54}
55
56int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
57 const void *value, size_t vlen)
58{
59 struct rsa_key *key = context;
60
61 /* invalid key provided */
62 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
63 return -EINVAL;
64
65 key->e = value;
66 key->e_sz = vlen;
67
68 return 0;
69}
70
71int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
72 const void *value, size_t vlen)
73{
74 struct rsa_key *key = context;
75
76 /* invalid key provided */
77 if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
78 return -EINVAL;
79
80 key->d = value;
81 key->d_sz = vlen;
82
83 return 0;
84}
85
86int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
87 const void *value, size_t vlen)
88{
89 struct rsa_key *key = context;
90
91 /* invalid key provided */
92 if (!value || !vlen || vlen > key->n_sz)
93 return -EINVAL;
94
95 key->p = value;
96 key->p_sz = vlen;
97
98 return 0;
99}
100
101int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
102 const void *value, size_t vlen)
103{
104 struct rsa_key *key = context;
105
106 /* invalid key provided */
107 if (!value || !vlen || vlen > key->n_sz)
108 return -EINVAL;
109
110 key->q = value;
111 key->q_sz = vlen;
112
113 return 0;
114}
115
116int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
117 const void *value, size_t vlen)
118{
119 struct rsa_key *key = context;
120
121 /* invalid key provided */
122 if (!value || !vlen || vlen > key->n_sz)
123 return -EINVAL;
124
125 key->dp = value;
126 key->dp_sz = vlen;
127
128 return 0;
129}
130
131int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
132 const void *value, size_t vlen)
133{
134 struct rsa_key *key = context;
135
136 /* invalid key provided */
137 if (!value || !vlen || vlen > key->n_sz)
138 return -EINVAL;
139
140 key->dq = value;
141 key->dq_sz = vlen;
142
143 return 0;
144}
145
146int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
147 const void *value, size_t vlen)
148{
149 struct rsa_key *key = context;
150
151 /* invalid key provided */
152 if (!value || !vlen || vlen > key->n_sz)
153 return -EINVAL;
154
155 key->qinv = value;
156 key->qinv_sz = vlen;
157
158 return 0;
159}
160
161/**
162 * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
163 * provided struct rsa_key, pointers to the raw key as is,
164 * so that the caller can copy it or MPI parse it, etc.
165 *
166 * @rsa_key: struct rsa_key key representation
167 * @key: key in BER format
168 * @key_len: length of key
169 *
170 * Return: 0 on success or error code in case of error
171 */
172int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
173 unsigned int key_len)
174{
175 return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
176}
177EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
178
179#ifndef __UBOOT__
180/**
181 * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
182 * provided struct rsa_key, pointers to the raw key
183 * as is, so that the caller can copy it or MPI parse it,
184 * etc.
185 *
186 * @rsa_key: struct rsa_key key representation
187 * @key: key in BER format
188 * @key_len: length of key
189 *
190 * Return: 0 on success or error code in case of error
191 */
192int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
193 unsigned int key_len)
194{
195 return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
196}
197EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
198#endif