From mboxrd@z Thu Jan 1 00:00:00 1970 From: AKASHI Takahiro Date: Fri, 11 Oct 2019 16:42:00 +0900 Subject: [U-Boot] [PATCH v1 11/11] lib: crypto: add rsa public key parser In-Reply-To: <20191011074200.30269-1-takahiro.akashi@linaro.org> References: <20191011074200.30269-1-takahiro.akashi@linaro.org> Message-ID: <20191011074200.30269-12-takahiro.akashi@linaro.org> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: u-boot@lists.denx.de Imported from linux kernel v5.3. Signed-off-by: AKASHI Takahiro --- include/crypto/internal/rsa.h | 57 ++++++++++ lib/crypto/Makefile | 10 +- lib/crypto/rsa_helper.c | 198 ++++++++++++++++++++++++++++++++++ lib/crypto/rsapubkey.asn1 | 4 + 4 files changed, 268 insertions(+), 1 deletion(-) create mode 100644 include/crypto/internal/rsa.h create mode 100644 lib/crypto/rsa_helper.c create mode 100644 lib/crypto/rsapubkey.asn1 diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h new file mode 100644 index 000000000000..e870133f4b77 --- /dev/null +++ b/include/crypto/internal/rsa.h @@ -0,0 +1,57 @@ +/* SPDX-License-Identifier: GPL-2.0-or-later */ +/* + * RSA internal helpers + * + * Copyright (c) 2015, Intel Corporation + * Authors: Tadeusz Struk + */ +#ifndef _RSA_HELPER_ +#define _RSA_HELPER_ +#include + +/** + * rsa_key - RSA key structure + * @n : RSA modulus raw byte stream + * @e : RSA public exponent raw byte stream + * @d : RSA private exponent raw byte stream + * @p : RSA prime factor p of n raw byte stream + * @q : RSA prime factor q of n raw byte stream + * @dp : RSA exponent d mod (p - 1) raw byte stream + * @dq : RSA exponent d mod (q - 1) raw byte stream + * @qinv : RSA CRT coefficient q^(-1) mod p raw byte stream + * @n_sz : length in bytes of RSA modulus n + * @e_sz : length in bytes of RSA public exponent + * @d_sz : length in bytes of RSA private exponent + * @p_sz : length in bytes of p field + * @q_sz : length in bytes of q field + * @dp_sz : length in bytes of dp field + * @dq_sz : length in bytes of dq field + * @qinv_sz : length in bytes of qinv field + */ +struct rsa_key { + const u8 *n; + const u8 *e; + const u8 *d; + const u8 *p; + const u8 *q; + const u8 *dp; + const u8 *dq; + const u8 *qinv; + size_t n_sz; + size_t e_sz; + size_t d_sz; + size_t p_sz; + size_t q_sz; + size_t dp_sz; + size_t dq_sz; + size_t qinv_sz; +}; + +int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key, + unsigned int key_len); + +int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key, + unsigned int key_len); + +extern struct crypto_template rsa_pkcs1pad_tmpl; +#endif diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index a02ad51e698c..ac0ca05298e2 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -17,7 +17,9 @@ x509_key_parser-y := \ x509.asn1.o \ x509_akid.asn1.o \ x509_cert_parser.o \ - x509_public_key.o + x509_public_key.o \ + rsapubkey.asn1.o \ + rsa_helper.o $(obj)/x509_cert_parser.o: \ $(obj)/x509.asn1.h \ @@ -36,3 +38,9 @@ pkcs7_message-y := \ $(obj)/pkcs7_parser.o: $(obj)/pkcs7.asn1.h $(obj)/pkcs7.asn1.o: $(obj)/pkcs7.asn1.c $(obj)/pkcs7.asn1.h + +# +# RSA public key parser +# +$(obj)/rsapubkey.asn1.o: $(obj)/rsapubkey.asn1.c $(obj)/rsapubkey.asn1.h +$(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h diff --git a/lib/crypto/rsa_helper.c b/lib/crypto/rsa_helper.c new file mode 100644 index 000000000000..aca627a4a619 --- /dev/null +++ b/lib/crypto/rsa_helper.c @@ -0,0 +1,198 @@ +// SPDX-License-Identifier: GPL-2.0-or-later +/* + * RSA key extract helper + * + * Copyright (c) 2015, Intel Corporation + * Authors: Tadeusz Struk + */ +#ifndef __UBOOT__ +#include +#include +#endif +#include +#ifndef __UBOOT__ +#include +#endif +#include +#include "rsapubkey.asn1.h" +#ifndef __UBOOT__ +#include "rsaprivkey.asn1.h" +#endif + +int rsa_get_n(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct rsa_key *key = context; +#ifndef __UBOOT__ + const u8 *ptr = value; + size_t n_sz = vlen; +#endif + + /* invalid key provided */ + if (!value || !vlen) + return -EINVAL; + +#ifndef __UBOOT__ + if (fips_enabled) { + while (n_sz && !*ptr) { + ptr++; + n_sz--; + } + + /* In FIPS mode only allow key size 2K and higher */ + if (n_sz < 256) { + pr_err("RSA: key size not allowed in FIPS mode\n"); + return -EINVAL; + } + } +#endif + + key->n = value; + key->n_sz = vlen; + + return 0; +} + +int rsa_get_e(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct rsa_key *key = context; + + /* invalid key provided */ + if (!value || !key->n_sz || !vlen || vlen > key->n_sz) + return -EINVAL; + + key->e = value; + key->e_sz = vlen; + + return 0; +} + +int rsa_get_d(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct rsa_key *key = context; + + /* invalid key provided */ + if (!value || !key->n_sz || !vlen || vlen > key->n_sz) + return -EINVAL; + + key->d = value; + key->d_sz = vlen; + + return 0; +} + +int rsa_get_p(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct rsa_key *key = context; + + /* invalid key provided */ + if (!value || !vlen || vlen > key->n_sz) + return -EINVAL; + + key->p = value; + key->p_sz = vlen; + + return 0; +} + +int rsa_get_q(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct rsa_key *key = context; + + /* invalid key provided */ + if (!value || !vlen || vlen > key->n_sz) + return -EINVAL; + + key->q = value; + key->q_sz = vlen; + + return 0; +} + +int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct rsa_key *key = context; + + /* invalid key provided */ + if (!value || !vlen || vlen > key->n_sz) + return -EINVAL; + + key->dp = value; + key->dp_sz = vlen; + + return 0; +} + +int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct rsa_key *key = context; + + /* invalid key provided */ + if (!value || !vlen || vlen > key->n_sz) + return -EINVAL; + + key->dq = value; + key->dq_sz = vlen; + + return 0; +} + +int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag, + const void *value, size_t vlen) +{ + struct rsa_key *key = context; + + /* invalid key provided */ + if (!value || !vlen || vlen > key->n_sz) + return -EINVAL; + + key->qinv = value; + key->qinv_sz = vlen; + + return 0; +} + +/** + * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the + * provided struct rsa_key, pointers to the raw key as is, + * so that the caller can copy it or MPI parse it, etc. + * + * @rsa_key: struct rsa_key key representation + * @key: key in BER format + * @key_len: length of key + * + * Return: 0 on success or error code in case of error + */ +int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key, + unsigned int key_len) +{ + return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len); +} +EXPORT_SYMBOL_GPL(rsa_parse_pub_key); + +#ifndef __UBOOT__ +/** + * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the + * provided struct rsa_key, pointers to the raw key + * as is, so that the caller can copy it or MPI parse it, + * etc. + * + * @rsa_key: struct rsa_key key representation + * @key: key in BER format + * @key_len: length of key + * + * Return: 0 on success or error code in case of error + */ +int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key, + unsigned int key_len) +{ + return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len); +} +EXPORT_SYMBOL_GPL(rsa_parse_priv_key); +#endif diff --git a/lib/crypto/rsapubkey.asn1 b/lib/crypto/rsapubkey.asn1 new file mode 100644 index 000000000000..725498e461d2 --- /dev/null +++ b/lib/crypto/rsapubkey.asn1 @@ -0,0 +1,4 @@ +RsaPubKey ::= SEQUENCE { + n INTEGER ({ rsa_get_n }), + e INTEGER ({ rsa_get_e }) +} -- 2.21.0