From: Roberto Sassu <roberto.sassu@huawei.com>
To: <dhowells@redhat.com>, <dwmw2@infradead.org>,
<herbert@gondor.apana.org.au>, <davem@davemloft.net>
Cc: <keyrings@vger.kernel.org>, <linux-crypto@vger.kernel.org>,
<linux-integrity@vger.kernel.org>,
<linux-fscrypt@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
<zohar@linux.ibm.com>, <ebiggers@kernel.org>,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH 02/14] rsa: add parser of raw format
Date: Tue, 11 Jan 2022 19:03:06 +0100 [thread overview]
Message-ID: <20220111180318.591029-3-roberto.sassu@huawei.com> (raw)
In-Reply-To: <20220111180318.591029-1-roberto.sassu@huawei.com>
Parse the RSA key with RAW format if the ASN.1 parser returns an error.
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
crypto/rsa.c | 14 +++++--
crypto/rsa_helper.c | 69 +++++++++++++++++++++++++++++++++++
include/crypto/internal/rsa.h | 6 +++
3 files changed, 85 insertions(+), 4 deletions(-)
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 4cdbec95d077..ece7bafd6984 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -164,8 +164,11 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
rsa_free_mpi_key(mpi_key);
ret = rsa_parse_pub_key(&raw_key, key, keylen);
- if (ret)
- return ret;
+ if (ret) {
+ ret = rsa_parse_pub_key_raw(&raw_key, key, keylen);
+ if (ret)
+ return ret;
+ }
mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz);
if (!mpi_key->e)
@@ -198,8 +201,11 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
rsa_free_mpi_key(mpi_key);
ret = rsa_parse_priv_key(&raw_key, key, keylen);
- if (ret)
- return ret;
+ if (ret) {
+ ret = rsa_parse_priv_key_raw(&raw_key, key, keylen);
+ if (ret)
+ return ret;
+ }
mpi_key->d = mpi_read_raw_data(raw_key.d, raw_key.d_sz);
if (!mpi_key->d)
diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
index 94266f29049c..fb9443df8f0b 100644
--- a/crypto/rsa_helper.c
+++ b/crypto/rsa_helper.c
@@ -9,6 +9,7 @@
#include <linux/export.h>
#include <linux/err.h>
#include <linux/fips.h>
+#include <linux/mpi.h>
#include <crypto/internal/rsa.h>
#include "rsapubkey.asn1.h"
#include "rsaprivkey.asn1.h"
@@ -148,6 +149,32 @@ int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
return 0;
}
+typedef int (*rsa_get_func)(void *, size_t, unsigned char,
+ const void *, size_t);
+
+static int rsa_parse_key_raw(struct rsa_key *rsa_key,
+ const void *key, unsigned int key_len,
+ rsa_get_func *func, int n_func)
+{
+ unsigned int nbytes, len = key_len;
+ const void *key_ptr = key;
+ int ret, i;
+
+ for (i = 0; i < n_func; i++) {
+ ret = mpi_key_length(key_ptr, len, NULL, &nbytes);
+ if (ret < 0)
+ return ret;
+
+ ret = func[i](rsa_key, 0, 0, key_ptr + 2, nbytes);
+ if (ret < 0)
+ return ret;
+
+ key_ptr += nbytes + 2;
+ }
+
+ return (key_ptr == key + key_len) ? 0 : -EINVAL;
+}
+
/**
* rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
* provided struct rsa_key, pointers to the raw key as is,
@@ -166,6 +193,27 @@ int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
}
EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
+/**
+ * rsa_parse_pub_key_raw() - parse the RAW key and store in the provided struct
+ * rsa_key, pointers to the raw key as is, so that
+ * the caller can copy it or MPI parse it, etc.
+ *
+ * @rsa_key: struct rsa_key key representation
+ * @key: key in RAW format
+ * @key_len: length of key
+ *
+ * Return: 0 on success or error code in case of error
+ */
+int rsa_parse_pub_key_raw(struct rsa_key *rsa_key, const void *key,
+ unsigned int key_len)
+{
+ rsa_get_func pub_func[] = {rsa_get_n, rsa_get_e};
+
+ return rsa_parse_key_raw(rsa_key, key, key_len,
+ pub_func, ARRAY_SIZE(pub_func));
+}
+EXPORT_SYMBOL_GPL(rsa_parse_pub_key_raw);
+
/**
* rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
* provided struct rsa_key, pointers to the raw key
@@ -184,3 +232,24 @@ int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
}
EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
+
+/**
+ * rsa_parse_priv_key_raw() - parse the RAW key and store in the provided struct
+ * rsa_key, pointers to the raw key as is, so that
+ * the caller can copy it or MPI parse it, etc.
+ *
+ * @rsa_key: struct rsa_key key representation
+ * @key: key in RAW format
+ * @key_len: length of key
+ *
+ * Return: 0 on success or error code in case of error
+ */
+int rsa_parse_priv_key_raw(struct rsa_key *rsa_key, const void *key,
+ unsigned int key_len)
+{
+ rsa_get_func priv_func[] = {rsa_get_n, rsa_get_e, rsa_get_d};
+
+ return rsa_parse_key_raw(rsa_key, key, key_len,
+ priv_func, ARRAY_SIZE(priv_func));
+}
+EXPORT_SYMBOL_GPL(rsa_parse_priv_key_raw);
diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
index e870133f4b77..7141e806ceea 100644
--- a/include/crypto/internal/rsa.h
+++ b/include/crypto/internal/rsa.h
@@ -50,8 +50,14 @@ struct rsa_key {
int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
unsigned int key_len);
+int rsa_parse_pub_key_raw(struct rsa_key *rsa_key, const void *key,
+ unsigned int key_len);
+
int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
unsigned int key_len);
+int rsa_parse_priv_key_raw(struct rsa_key *rsa_key, const void *key,
+ unsigned int key_len);
+
extern struct crypto_template rsa_pkcs1pad_tmpl;
#endif
--
2.32.0
next prev parent reply other threads:[~2022-01-11 18:04 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-11 18:03 [PATCH 00/14] KEYS: Add support for PGP keys and signatures Roberto Sassu
2022-01-11 18:03 ` [PATCH 01/14] mpi: Introduce mpi_key_length() Roberto Sassu
2022-01-11 18:03 ` Roberto Sassu [this message]
2022-01-11 18:03 ` [PATCH 03/14] PGPLIB: PGP definitions (RFC 4880) Roberto Sassu
2022-01-11 18:03 ` [PATCH 04/14] PGPLIB: Basic packet parser Roberto Sassu
2022-01-11 18:03 ` [PATCH 05/14] PGPLIB: Signature parser Roberto Sassu
2022-01-11 18:03 ` [PATCH 06/14] KEYS: PGP data parser Roberto Sassu
2022-01-11 18:03 ` [PATCH 07/14] KEYS: Provide PGP key description autogeneration Roberto Sassu
2022-01-11 18:03 ` [PATCH 08/14] KEYS: PGP-based public key signature verification Roberto Sassu
2022-01-11 18:03 ` [PATCH 09/14] KEYS: Retry asym key search with partial ID in restrict_link_by_signature() Roberto Sassu
2022-01-11 18:03 ` [PATCH 10/14] KEYS: Calculate key digest and get signature of the key Roberto Sassu
2022-01-11 18:03 ` [PATCH 11/14] verification: introduce verify_pgp_signature() Roberto Sassu
2022-01-11 18:03 ` [PATCH 12/14] PGP: Provide a key type for testing PGP signatures Roberto Sassu
2022-01-11 18:03 ` [PATCH 13/14] KEYS: Provide a function to load keys from a PGP keyring blob Roberto Sassu
2022-01-11 18:03 ` [PATCH 14/14] KEYS: Introduce load_pgp_public_keyring() Roberto Sassu
2022-01-11 20:33 ` [PATCH 00/14] KEYS: Add support for PGP keys and signatures Maciej S. Szmigiero
2022-01-12 9:16 ` Roberto Sassu
2022-01-12 20:15 ` Maciej S. Szmigiero
2022-01-13 9:11 ` Roberto Sassu
2022-01-17 14:34 ` Jason A. Donenfeld
2022-01-17 15:02 ` James Bottomley
2022-01-18 20:50 ` Antony Vennard
2022-01-18 23:03 ` Eric Biggers
2022-01-19 13:25 ` Roberto Sassu
2022-01-21 16:50 ` Roberto Sassu
2022-01-23 21:00 ` Antony Vennard
2022-01-19 13:02 ` Roberto Sassu
2022-01-17 15:21 ` Roberto Sassu
2022-01-18 18:49 ` Jason A. Donenfeld
2022-01-17 16:59 ` Konstantin Ryabitsev
2022-01-17 17:04 ` Konstantin Ryabitsev
2022-01-17 20:59 ` Maciej S. Szmigiero
2022-01-17 21:54 ` Konstantin Ryabitsev
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220111180318.591029-3-roberto.sassu@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.