From: AKASHI Takahiro <takahiro.akashi@linaro.org>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v3 13/16] lib: crypto: add rsa public key parser
Date: Wed, 13 Nov 2019 09:44:59 +0900 [thread overview]
Message-ID: <20191113004502.29986-14-takahiro.akashi@linaro.org> (raw)
In-Reply-To: <20191113004502.29986-1-takahiro.akashi@linaro.org>
Imported from linux kernel v5.3:
rsapubkey.asn1 without changes
rsa.h without changes
rsa_helper.c with changes marked as __UBOOT__
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org>
---
include/crypto/internal/rsa.h | 57 ++++++++++
lib/crypto/Kconfig | 11 ++
lib/crypto/Makefile | 11 ++
lib/crypto/rsa_helper.c | 198 ++++++++++++++++++++++++++++++++++
lib/crypto/rsapubkey.asn1 | 4 +
5 files changed, 281 insertions(+)
create mode 100644 include/crypto/internal/rsa.h
create mode 100644 lib/crypto/rsa_helper.c
create mode 100644 lib/crypto/rsapubkey.asn1
diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
new file mode 100644
index 000000000000..e870133f4b77
--- /dev/null
+++ b/include/crypto/internal/rsa.h
@@ -0,0 +1,57 @@
+/* SPDX-License-Identifier: GPL-2.0-or-later */
+/*
+ * RSA internal helpers
+ *
+ * Copyright (c) 2015, Intel Corporation
+ * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
+ */
+#ifndef _RSA_HELPER_
+#define _RSA_HELPER_
+#include <linux/types.h>
+
+/**
+ * rsa_key - RSA key structure
+ * @n : RSA modulus raw byte stream
+ * @e : RSA public exponent raw byte stream
+ * @d : RSA private exponent raw byte stream
+ * @p : RSA prime factor p of n raw byte stream
+ * @q : RSA prime factor q of n raw byte stream
+ * @dp : RSA exponent d mod (p - 1) raw byte stream
+ * @dq : RSA exponent d mod (q - 1) raw byte stream
+ * @qinv : RSA CRT coefficient q^(-1) mod p raw byte stream
+ * @n_sz : length in bytes of RSA modulus n
+ * @e_sz : length in bytes of RSA public exponent
+ * @d_sz : length in bytes of RSA private exponent
+ * @p_sz : length in bytes of p field
+ * @q_sz : length in bytes of q field
+ * @dp_sz : length in bytes of dp field
+ * @dq_sz : length in bytes of dq field
+ * @qinv_sz : length in bytes of qinv field
+ */
+struct rsa_key {
+ const u8 *n;
+ const u8 *e;
+ const u8 *d;
+ const u8 *p;
+ const u8 *q;
+ const u8 *dp;
+ const u8 *dq;
+ const u8 *qinv;
+ size_t n_sz;
+ size_t e_sz;
+ size_t d_sz;
+ size_t p_sz;
+ size_t q_sz;
+ size_t dp_sz;
+ size_t dq_sz;
+ size_t qinv_sz;
+};
+
+int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
+ unsigned int key_len);
+
+int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
+ unsigned int key_len);
+
+extern struct crypto_template rsa_pkcs1pad_tmpl;
+#endif
diff --git a/lib/crypto/Kconfig b/lib/crypto/Kconfig
index b8e8288d2f80..9572ea8c87f3 100644
--- a/lib/crypto/Kconfig
+++ b/lib/crypto/Kconfig
@@ -16,4 +16,15 @@ config ASYMMETRIC_PUBLIC_KEY_SUBTYPE
appropriate hash algorithms (such as SHA-1) must be available.
ENOPKG will be reported if the requisite algorithm is unavailable.
+config RSA_PUBLIC_KEY_PARSER
+ bool "RSA public key parser"
+ depends on ASYMMETRIC_PUBLIC_KEY_SUBTYPE
+ select ASN1_DECODER
+ select ASN1_COMPILER
+ select OID_REGISTRY
+ help
+ This option provides support for parsing a blob containing RSA
+ public key data and provides the ability to instantiate a public
+ key.
+
endif # ASYMMETRIC_KEY_TYPE
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
index a284de9e0411..69330a9ebd27 100644
--- a/lib/crypto/Makefile
+++ b/lib/crypto/Makefile
@@ -8,3 +8,14 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
asymmetric_keys-y := asymmetric_type.o
obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+
+#
+# RSA public key parser
+#
+obj-$(CONFIG_RSA_PUBLIC_KEY_PARSER) += rsa_public_key.o
+rsa_public_key-y := \
+ rsapubkey.asn1.o \
+ rsa_helper.o
+
+$(obj)/rsapubkey.asn1.o: $(obj)/rsapubkey.asn1.c $(obj)/rsapubkey.asn1.h
+$(obj)/rsa_helper.o: $(obj)/rsapubkey.asn1.h
diff --git a/lib/crypto/rsa_helper.c b/lib/crypto/rsa_helper.c
new file mode 100644
index 000000000000..aca627a4a619
--- /dev/null
+++ b/lib/crypto/rsa_helper.c
@@ -0,0 +1,198 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+/*
+ * RSA key extract helper
+ *
+ * Copyright (c) 2015, Intel Corporation
+ * Authors: Tadeusz Struk <tadeusz.struk@intel.com>
+ */
+#ifndef __UBOOT__
+#include <linux/kernel.h>
+#include <linux/export.h>
+#endif
+#include <linux/err.h>
+#ifndef __UBOOT__
+#include <linux/fips.h>
+#endif
+#include <crypto/internal/rsa.h>
+#include "rsapubkey.asn1.h"
+#ifndef __UBOOT__
+#include "rsaprivkey.asn1.h"
+#endif
+
+int rsa_get_n(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_key *key = context;
+#ifndef __UBOOT__
+ const u8 *ptr = value;
+ size_t n_sz = vlen;
+#endif
+
+ /* invalid key provided */
+ if (!value || !vlen)
+ return -EINVAL;
+
+#ifndef __UBOOT__
+ if (fips_enabled) {
+ while (n_sz && !*ptr) {
+ ptr++;
+ n_sz--;
+ }
+
+ /* In FIPS mode only allow key size 2K and higher */
+ if (n_sz < 256) {
+ pr_err("RSA: key size not allowed in FIPS mode\n");
+ return -EINVAL;
+ }
+ }
+#endif
+
+ key->n = value;
+ key->n_sz = vlen;
+
+ return 0;
+}
+
+int rsa_get_e(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_key *key = context;
+
+ /* invalid key provided */
+ if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
+ return -EINVAL;
+
+ key->e = value;
+ key->e_sz = vlen;
+
+ return 0;
+}
+
+int rsa_get_d(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_key *key = context;
+
+ /* invalid key provided */
+ if (!value || !key->n_sz || !vlen || vlen > key->n_sz)
+ return -EINVAL;
+
+ key->d = value;
+ key->d_sz = vlen;
+
+ return 0;
+}
+
+int rsa_get_p(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_key *key = context;
+
+ /* invalid key provided */
+ if (!value || !vlen || vlen > key->n_sz)
+ return -EINVAL;
+
+ key->p = value;
+ key->p_sz = vlen;
+
+ return 0;
+}
+
+int rsa_get_q(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_key *key = context;
+
+ /* invalid key provided */
+ if (!value || !vlen || vlen > key->n_sz)
+ return -EINVAL;
+
+ key->q = value;
+ key->q_sz = vlen;
+
+ return 0;
+}
+
+int rsa_get_dp(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_key *key = context;
+
+ /* invalid key provided */
+ if (!value || !vlen || vlen > key->n_sz)
+ return -EINVAL;
+
+ key->dp = value;
+ key->dp_sz = vlen;
+
+ return 0;
+}
+
+int rsa_get_dq(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_key *key = context;
+
+ /* invalid key provided */
+ if (!value || !vlen || vlen > key->n_sz)
+ return -EINVAL;
+
+ key->dq = value;
+ key->dq_sz = vlen;
+
+ return 0;
+}
+
+int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
+ const void *value, size_t vlen)
+{
+ struct rsa_key *key = context;
+
+ /* invalid key provided */
+ if (!value || !vlen || vlen > key->n_sz)
+ return -EINVAL;
+
+ key->qinv = value;
+ key->qinv_sz = vlen;
+
+ return 0;
+}
+
+/**
+ * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
+ * provided struct rsa_key, pointers to the raw key as is,
+ * so that the caller can copy it or MPI parse it, etc.
+ *
+ * @rsa_key: struct rsa_key key representation
+ * @key: key in BER format
+ * @key_len: length of key
+ *
+ * Return: 0 on success or error code in case of error
+ */
+int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
+ unsigned int key_len)
+{
+ return asn1_ber_decoder(&rsapubkey_decoder, rsa_key, key, key_len);
+}
+EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
+
+#ifndef __UBOOT__
+/**
+ * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
+ * provided struct rsa_key, pointers to the raw key
+ * as is, so that the caller can copy it or MPI parse it,
+ * etc.
+ *
+ * @rsa_key: struct rsa_key key representation
+ * @key: key in BER format
+ * @key_len: length of key
+ *
+ * Return: 0 on success or error code in case of error
+ */
+int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
+ unsigned int key_len)
+{
+ return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
+}
+EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
+#endif
diff --git a/lib/crypto/rsapubkey.asn1 b/lib/crypto/rsapubkey.asn1
new file mode 100644
index 000000000000..725498e461d2
--- /dev/null
+++ b/lib/crypto/rsapubkey.asn1
@@ -0,0 +1,4 @@
+RsaPubKey ::= SEQUENCE {
+ n INTEGER ({ rsa_get_n }),
+ e INTEGER ({ rsa_get_e })
+}
--
2.21.0
next prev parent reply other threads:[~2019-11-13 0:44 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-13 0:44 [U-Boot] [PATCH v3 00/16] import x509/pkcs7 parsers from linux AKASHI Takahiro
2019-11-13 0:44 ` [U-Boot] [PATCH v3 01/16] linux_compat: move kmemdup() from ubifs.c to linux_compat.c AKASHI Takahiro
2019-11-26 3:20 ` Heinrich Schuchardt
2019-12-06 21:48 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 02/16] rtc.h: add struct udevice declaration AKASHI Takahiro
2019-12-06 21:48 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 03/16] rtc: move date.c from drivers/rtc/ to lib/ AKASHI Takahiro
2019-12-06 21:48 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 04/16] lib: add mktime64() for linux compatibility AKASHI Takahiro
2019-12-06 21:49 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 05/16] include: kernel.h: include printk.h AKASHI Takahiro
2019-11-26 3:35 ` Heinrich Schuchardt
2019-11-27 1:02 ` AKASHI Takahiro
2019-12-06 21:49 ` Tom Rini
2019-12-09 1:21 ` AKASHI Takahiro
2019-11-13 0:44 ` [U-Boot] [PATCH v3 06/16] linux/time.h: include vsprintf.h AKASHI Takahiro
2019-11-26 3:56 ` Heinrich Schuchardt
2019-11-26 7:31 ` Heinrich Schuchardt
2019-11-27 1:27 ` AKASHI Takahiro
2019-12-06 21:49 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 07/16] cmd: add asn1_compiler AKASHI Takahiro
2019-12-06 21:49 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 08/16] Makefile: add build script for asn1 parsers AKASHI Takahiro
2019-12-06 21:49 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 09/16] lib: add asn1 decoder AKASHI Takahiro
2019-12-06 21:49 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 10/16] doc: add README for asn1 compiler and decoder AKASHI Takahiro
2019-12-06 21:49 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 11/16] lib: add oid registry utility AKASHI Takahiro
2019-12-06 21:49 ` Tom Rini
2019-11-13 0:44 ` [U-Boot] [PATCH v3 12/16] lib: crypto: add public key utility AKASHI Takahiro
2019-12-06 21:49 ` Tom Rini
2019-11-13 0:44 ` AKASHI Takahiro [this message]
2019-12-06 21:49 ` [U-Boot] [PATCH v3 13/16] lib: crypto: add rsa public key parser Tom Rini
2019-11-13 0:45 ` [U-Boot] [PATCH v3 14/16] lib: crypto: add x509 parser AKASHI Takahiro
2019-12-06 21:50 ` Tom Rini
2019-12-07 20:51 ` Heinrich Schuchardt
2019-12-07 22:34 ` Tom Rini
2019-12-09 0:59 ` AKASHI Takahiro
2019-11-13 0:45 ` [U-Boot] [PATCH v3 15/16] lib: crypto: add pkcs7 message parser AKASHI Takahiro
2019-12-06 21:50 ` Tom Rini
2019-11-13 0:45 ` [U-Boot] [PATCH v3 16/16] test: add asn1 unit test AKASHI Takahiro
2019-12-06 21:50 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191113004502.29986-14-takahiro.akashi@linaro.org \
--to=takahiro.akashi@linaro.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.