~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/crypto/rsa-pkcs1pad.c

Version: ~ [ linux-5.4-rc7 ] ~ [ linux-5.3.10 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.83 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.153 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.200 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.200 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.76 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /*
  2  * RSA padding templates.
  3  *
  4  * Copyright (c) 2015  Intel Corporation
  5  *
  6  * This program is free software; you can redistribute it and/or modify it
  7  * under the terms of the GNU General Public License as published by the Free
  8  * Software Foundation; either version 2 of the License, or (at your option)
  9  * any later version.
 10  */
 11 
 12 #include <crypto/algapi.h>
 13 #include <crypto/akcipher.h>
 14 #include <crypto/internal/akcipher.h>
 15 #include <linux/err.h>
 16 #include <linux/init.h>
 17 #include <linux/kernel.h>
 18 #include <linux/module.h>
 19 #include <linux/random.h>
 20 
 21 /*
 22  * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2].
 23  */
 24 static const u8 rsa_digest_info_md5[] = {
 25         0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
 26         0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, /* OID */
 27         0x05, 0x00, 0x04, 0x10
 28 };
 29 
 30 static const u8 rsa_digest_info_sha1[] = {
 31         0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
 32         0x2b, 0x0e, 0x03, 0x02, 0x1a,
 33         0x05, 0x00, 0x04, 0x14
 34 };
 35 
 36 static const u8 rsa_digest_info_rmd160[] = {
 37         0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
 38         0x2b, 0x24, 0x03, 0x02, 0x01,
 39         0x05, 0x00, 0x04, 0x14
 40 };
 41 
 42 static const u8 rsa_digest_info_sha224[] = {
 43         0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
 44         0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
 45         0x05, 0x00, 0x04, 0x1c
 46 };
 47 
 48 static const u8 rsa_digest_info_sha256[] = {
 49         0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
 50         0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
 51         0x05, 0x00, 0x04, 0x20
 52 };
 53 
 54 static const u8 rsa_digest_info_sha384[] = {
 55         0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
 56         0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
 57         0x05, 0x00, 0x04, 0x30
 58 };
 59 
 60 static const u8 rsa_digest_info_sha512[] = {
 61         0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
 62         0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
 63         0x05, 0x00, 0x04, 0x40
 64 };
 65 
 66 static const struct rsa_asn1_template {
 67         const char      *name;
 68         const u8        *data;
 69         size_t          size;
 70 } rsa_asn1_templates[] = {
 71 #define _(X) { #X, rsa_digest_info_##X, sizeof(rsa_digest_info_##X) }
 72         _(md5),
 73         _(sha1),
 74         _(rmd160),
 75         _(sha256),
 76         _(sha384),
 77         _(sha512),
 78         _(sha224),
 79         { NULL }
 80 #undef _
 81 };
 82 
 83 static const struct rsa_asn1_template *rsa_lookup_asn1(const char *name)
 84 {
 85         const struct rsa_asn1_template *p;
 86 
 87         for (p = rsa_asn1_templates; p->name; p++)
 88                 if (strcmp(name, p->name) == 0)
 89                         return p;
 90         return NULL;
 91 }
 92 
 93 struct pkcs1pad_ctx {
 94         struct crypto_akcipher *child;
 95         unsigned int key_size;
 96 };
 97 
 98 struct pkcs1pad_inst_ctx {
 99         struct crypto_akcipher_spawn spawn;
100         const struct rsa_asn1_template *digest_info;
101 };
102 
103 struct pkcs1pad_request {
104         struct scatterlist in_sg[2], out_sg[1];
105         uint8_t *in_buf, *out_buf;
106         struct akcipher_request child_req;
107 };
108 
109 static int pkcs1pad_set_pub_key(struct crypto_akcipher *tfm, const void *key,
110                 unsigned int keylen)
111 {
112         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
113         int err;
114 
115         ctx->key_size = 0;
116 
117         err = crypto_akcipher_set_pub_key(ctx->child, key, keylen);
118         if (err)
119                 return err;
120 
121         /* Find out new modulus size from rsa implementation */
122         err = crypto_akcipher_maxsize(ctx->child);
123         if (err > PAGE_SIZE)
124                 return -ENOTSUPP;
125 
126         ctx->key_size = err;
127         return 0;
128 }
129 
130 static int pkcs1pad_set_priv_key(struct crypto_akcipher *tfm, const void *key,
131                 unsigned int keylen)
132 {
133         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
134         int err;
135 
136         ctx->key_size = 0;
137 
138         err = crypto_akcipher_set_priv_key(ctx->child, key, keylen);
139         if (err)
140                 return err;
141 
142         /* Find out new modulus size from rsa implementation */
143         err = crypto_akcipher_maxsize(ctx->child);
144         if (err > PAGE_SIZE)
145                 return -ENOTSUPP;
146 
147         ctx->key_size = err;
148         return 0;
149 }
150 
151 static unsigned int pkcs1pad_get_max_size(struct crypto_akcipher *tfm)
152 {
153         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
154 
155         /*
156          * The maximum destination buffer size for the encrypt/sign operations
157          * will be the same as for RSA, even though it's smaller for
158          * decrypt/verify.
159          */
160 
161         return ctx->key_size;
162 }
163 
164 static void pkcs1pad_sg_set_buf(struct scatterlist *sg, void *buf, size_t len,
165                 struct scatterlist *next)
166 {
167         int nsegs = next ? 2 : 1;
168 
169         sg_init_table(sg, nsegs);
170         sg_set_buf(sg, buf, len);
171 
172         if (next)
173                 sg_chain(sg, nsegs, next);
174 }
175 
176 static int pkcs1pad_encrypt_sign_complete(struct akcipher_request *req, int err)
177 {
178         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
179         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
180         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
181         unsigned int pad_len;
182         unsigned int len;
183         u8 *out_buf;
184 
185         if (err)
186                 goto out;
187 
188         len = req_ctx->child_req.dst_len;
189         pad_len = ctx->key_size - len;
190 
191         /* Four billion to one */
192         if (likely(!pad_len))
193                 goto out;
194 
195         out_buf = kzalloc(ctx->key_size, GFP_KERNEL);
196         err = -ENOMEM;
197         if (!out_buf)
198                 goto out;
199 
200         sg_copy_to_buffer(req->dst, sg_nents_for_len(req->dst, len),
201                           out_buf + pad_len, len);
202         sg_copy_from_buffer(req->dst,
203                             sg_nents_for_len(req->dst, ctx->key_size),
204                             out_buf, ctx->key_size);
205         kzfree(out_buf);
206 
207 out:
208         req->dst_len = ctx->key_size;
209 
210         kfree(req_ctx->in_buf);
211 
212         return err;
213 }
214 
215 static void pkcs1pad_encrypt_sign_complete_cb(
216                 struct crypto_async_request *child_async_req, int err)
217 {
218         struct akcipher_request *req = child_async_req->data;
219         struct crypto_async_request async_req;
220 
221         if (err == -EINPROGRESS)
222                 return;
223 
224         async_req.data = req->base.data;
225         async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
226         async_req.flags = child_async_req->flags;
227         req->base.complete(&async_req,
228                         pkcs1pad_encrypt_sign_complete(req, err));
229 }
230 
231 static int pkcs1pad_encrypt(struct akcipher_request *req)
232 {
233         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
234         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
235         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
236         int err;
237         unsigned int i, ps_end;
238 
239         if (!ctx->key_size)
240                 return -EINVAL;
241 
242         if (req->src_len > ctx->key_size - 11)
243                 return -EOVERFLOW;
244 
245         if (req->dst_len < ctx->key_size) {
246                 req->dst_len = ctx->key_size;
247                 return -EOVERFLOW;
248         }
249 
250         req_ctx->in_buf = kmalloc(ctx->key_size - 1 - req->src_len,
251                                   GFP_KERNEL);
252         if (!req_ctx->in_buf)
253                 return -ENOMEM;
254 
255         ps_end = ctx->key_size - req->src_len - 2;
256         req_ctx->in_buf[0] = 0x02;
257         for (i = 1; i < ps_end; i++)
258                 req_ctx->in_buf[i] = 1 + prandom_u32_max(255);
259         req_ctx->in_buf[ps_end] = 0x00;
260 
261         pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
262                         ctx->key_size - 1 - req->src_len, req->src);
263 
264         akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
265         akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
266                         pkcs1pad_encrypt_sign_complete_cb, req);
267 
268         /* Reuse output buffer */
269         akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
270                                    req->dst, ctx->key_size - 1, req->dst_len);
271 
272         err = crypto_akcipher_encrypt(&req_ctx->child_req);
273         if (err != -EINPROGRESS && err != -EBUSY)
274                 return pkcs1pad_encrypt_sign_complete(req, err);
275 
276         return err;
277 }
278 
279 static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
280 {
281         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
282         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
283         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
284         unsigned int dst_len;
285         unsigned int pos;
286         u8 *out_buf;
287 
288         if (err)
289                 goto done;
290 
291         err = -EINVAL;
292         dst_len = req_ctx->child_req.dst_len;
293         if (dst_len < ctx->key_size - 1)
294                 goto done;
295 
296         out_buf = req_ctx->out_buf;
297         if (dst_len == ctx->key_size) {
298                 if (out_buf[0] != 0x00)
299                         /* Decrypted value had no leading 0 byte */
300                         goto done;
301 
302                 dst_len--;
303                 out_buf++;
304         }
305 
306         if (out_buf[0] != 0x02)
307                 goto done;
308 
309         for (pos = 1; pos < dst_len; pos++)
310                 if (out_buf[pos] == 0x00)
311                         break;
312         if (pos < 9 || pos == dst_len)
313                 goto done;
314         pos++;
315 
316         err = 0;
317 
318         if (req->dst_len < dst_len - pos)
319                 err = -EOVERFLOW;
320         req->dst_len = dst_len - pos;
321 
322         if (!err)
323                 sg_copy_from_buffer(req->dst,
324                                 sg_nents_for_len(req->dst, req->dst_len),
325                                 out_buf + pos, req->dst_len);
326 
327 done:
328         kzfree(req_ctx->out_buf);
329 
330         return err;
331 }
332 
333 static void pkcs1pad_decrypt_complete_cb(
334                 struct crypto_async_request *child_async_req, int err)
335 {
336         struct akcipher_request *req = child_async_req->data;
337         struct crypto_async_request async_req;
338 
339         if (err == -EINPROGRESS)
340                 return;
341 
342         async_req.data = req->base.data;
343         async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
344         async_req.flags = child_async_req->flags;
345         req->base.complete(&async_req, pkcs1pad_decrypt_complete(req, err));
346 }
347 
348 static int pkcs1pad_decrypt(struct akcipher_request *req)
349 {
350         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
351         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
352         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
353         int err;
354 
355         if (!ctx->key_size || req->src_len != ctx->key_size)
356                 return -EINVAL;
357 
358         req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
359         if (!req_ctx->out_buf)
360                 return -ENOMEM;
361 
362         pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
363                             ctx->key_size, NULL);
364 
365         akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
366         akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
367                         pkcs1pad_decrypt_complete_cb, req);
368 
369         /* Reuse input buffer, output to a new buffer */
370         akcipher_request_set_crypt(&req_ctx->child_req, req->src,
371                                    req_ctx->out_sg, req->src_len,
372                                    ctx->key_size);
373 
374         err = crypto_akcipher_decrypt(&req_ctx->child_req);
375         if (err != -EINPROGRESS && err != -EBUSY)
376                 return pkcs1pad_decrypt_complete(req, err);
377 
378         return err;
379 }
380 
381 static int pkcs1pad_sign(struct akcipher_request *req)
382 {
383         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
384         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
385         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
386         struct akcipher_instance *inst = akcipher_alg_instance(tfm);
387         struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
388         const struct rsa_asn1_template *digest_info = ictx->digest_info;
389         int err;
390         unsigned int ps_end, digest_size = 0;
391 
392         if (!ctx->key_size)
393                 return -EINVAL;
394 
395         if (digest_info)
396                 digest_size = digest_info->size;
397 
398         if (req->src_len + digest_size > ctx->key_size - 11)
399                 return -EOVERFLOW;
400 
401         if (req->dst_len < ctx->key_size) {
402                 req->dst_len = ctx->key_size;
403                 return -EOVERFLOW;
404         }
405 
406         req_ctx->in_buf = kmalloc(ctx->key_size - 1 - req->src_len,
407                                   GFP_KERNEL);
408         if (!req_ctx->in_buf)
409                 return -ENOMEM;
410 
411         ps_end = ctx->key_size - digest_size - req->src_len - 2;
412         req_ctx->in_buf[0] = 0x01;
413         memset(req_ctx->in_buf + 1, 0xff, ps_end - 1);
414         req_ctx->in_buf[ps_end] = 0x00;
415 
416         if (digest_info)
417                 memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,
418                        digest_info->size);
419 
420         pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
421                         ctx->key_size - 1 - req->src_len, req->src);
422 
423         akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
424         akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
425                         pkcs1pad_encrypt_sign_complete_cb, req);
426 
427         /* Reuse output buffer */
428         akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
429                                    req->dst, ctx->key_size - 1, req->dst_len);
430 
431         err = crypto_akcipher_sign(&req_ctx->child_req);
432         if (err != -EINPROGRESS && err != -EBUSY)
433                 return pkcs1pad_encrypt_sign_complete(req, err);
434 
435         return err;
436 }
437 
438 static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
439 {
440         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
441         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
442         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
443         struct akcipher_instance *inst = akcipher_alg_instance(tfm);
444         struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
445         const struct rsa_asn1_template *digest_info = ictx->digest_info;
446         unsigned int dst_len;
447         unsigned int pos;
448         u8 *out_buf;
449 
450         if (err)
451                 goto done;
452 
453         err = -EINVAL;
454         dst_len = req_ctx->child_req.dst_len;
455         if (dst_len < ctx->key_size - 1)
456                 goto done;
457 
458         out_buf = req_ctx->out_buf;
459         if (dst_len == ctx->key_size) {
460                 if (out_buf[0] != 0x00)
461                         /* Decrypted value had no leading 0 byte */
462                         goto done;
463 
464                 dst_len--;
465                 out_buf++;
466         }
467 
468         err = -EBADMSG;
469         if (out_buf[0] != 0x01)
470                 goto done;
471 
472         for (pos = 1; pos < dst_len; pos++)
473                 if (out_buf[pos] != 0xff)
474                         break;
475 
476         if (pos < 9 || pos == dst_len || out_buf[pos] != 0x00)
477                 goto done;
478         pos++;
479 
480         if (digest_info) {
481                 if (crypto_memneq(out_buf + pos, digest_info->data,
482                                   digest_info->size))
483                         goto done;
484 
485                 pos += digest_info->size;
486         }
487 
488         err = 0;
489 
490         if (req->dst_len < dst_len - pos)
491                 err = -EOVERFLOW;
492         req->dst_len = dst_len - pos;
493 
494         if (!err)
495                 sg_copy_from_buffer(req->dst,
496                                 sg_nents_for_len(req->dst, req->dst_len),
497                                 out_buf + pos, req->dst_len);
498 done:
499         kzfree(req_ctx->out_buf);
500 
501         return err;
502 }
503 
504 static void pkcs1pad_verify_complete_cb(
505                 struct crypto_async_request *child_async_req, int err)
506 {
507         struct akcipher_request *req = child_async_req->data;
508         struct crypto_async_request async_req;
509 
510         if (err == -EINPROGRESS)
511                 return;
512 
513         async_req.data = req->base.data;
514         async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
515         async_req.flags = child_async_req->flags;
516         req->base.complete(&async_req, pkcs1pad_verify_complete(req, err));
517 }
518 
519 /*
520  * The verify operation is here for completeness similar to the verification
521  * defined in RFC2313 section 10.2 except that block type 0 is not accepted,
522  * as in RFC2437.  RFC2437 section 9.2 doesn't define any operation to
523  * retrieve the DigestInfo from a signature, instead the user is expected
524  * to call the sign operation to generate the expected signature and compare
525  * signatures instead of the message-digests.
526  */
527 static int pkcs1pad_verify(struct akcipher_request *req)
528 {
529         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
530         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
531         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
532         int err;
533 
534         if (!ctx->key_size || req->src_len < ctx->key_size)
535                 return -EINVAL;
536 
537         req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
538         if (!req_ctx->out_buf)
539                 return -ENOMEM;
540 
541         pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
542                             ctx->key_size, NULL);
543 
544         akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
545         akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
546                         pkcs1pad_verify_complete_cb, req);
547 
548         /* Reuse input buffer, output to a new buffer */
549         akcipher_request_set_crypt(&req_ctx->child_req, req->src,
550                                    req_ctx->out_sg, req->src_len,
551                                    ctx->key_size);
552 
553         err = crypto_akcipher_verify(&req_ctx->child_req);
554         if (err != -EINPROGRESS && err != -EBUSY)
555                 return pkcs1pad_verify_complete(req, err);
556 
557         return err;
558 }
559 
560 static int pkcs1pad_init_tfm(struct crypto_akcipher *tfm)
561 {
562         struct akcipher_instance *inst = akcipher_alg_instance(tfm);
563         struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
564         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
565         struct crypto_akcipher *child_tfm;
566 
567         child_tfm = crypto_spawn_akcipher(&ictx->spawn);
568         if (IS_ERR(child_tfm))
569                 return PTR_ERR(child_tfm);
570 
571         ctx->child = child_tfm;
572         return 0;
573 }
574 
575 static void pkcs1pad_exit_tfm(struct crypto_akcipher *tfm)
576 {
577         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
578 
579         crypto_free_akcipher(ctx->child);
580 }
581 
582 static void pkcs1pad_free(struct akcipher_instance *inst)
583 {
584         struct pkcs1pad_inst_ctx *ctx = akcipher_instance_ctx(inst);
585         struct crypto_akcipher_spawn *spawn = &ctx->spawn;
586 
587         crypto_drop_akcipher(spawn);
588         kfree(inst);
589 }
590 
591 static int pkcs1pad_create(struct crypto_template *tmpl, struct rtattr **tb)
592 {
593         const struct rsa_asn1_template *digest_info;
594         struct crypto_attr_type *algt;
595         struct akcipher_instance *inst;
596         struct pkcs1pad_inst_ctx *ctx;
597         struct crypto_akcipher_spawn *spawn;
598         struct akcipher_alg *rsa_alg;
599         const char *rsa_alg_name;
600         const char *hash_name;
601         int err;
602 
603         algt = crypto_get_attr_type(tb);
604         if (IS_ERR(algt))
605                 return PTR_ERR(algt);
606 
607         if ((algt->type ^ CRYPTO_ALG_TYPE_AKCIPHER) & algt->mask)
608                 return -EINVAL;
609 
610         rsa_alg_name = crypto_attr_alg_name(tb[1]);
611         if (IS_ERR(rsa_alg_name))
612                 return PTR_ERR(rsa_alg_name);
613 
614         hash_name = crypto_attr_alg_name(tb[2]);
615         if (IS_ERR(hash_name))
616                 hash_name = NULL;
617 
618         if (hash_name) {
619                 digest_info = rsa_lookup_asn1(hash_name);
620                 if (!digest_info)
621                         return -EINVAL;
622         } else
623                 digest_info = NULL;
624 
625         inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
626         if (!inst)
627                 return -ENOMEM;
628 
629         ctx = akcipher_instance_ctx(inst);
630         spawn = &ctx->spawn;
631         ctx->digest_info = digest_info;
632 
633         crypto_set_spawn(&spawn->base, akcipher_crypto_instance(inst));
634         err = crypto_grab_akcipher(spawn, rsa_alg_name, 0,
635                         crypto_requires_sync(algt->type, algt->mask));
636         if (err)
637                 goto out_free_inst;
638 
639         rsa_alg = crypto_spawn_akcipher_alg(spawn);
640 
641         err = -ENAMETOOLONG;
642 
643         if (!hash_name) {
644                 if (snprintf(inst->alg.base.cra_name,
645                              CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)",
646                              rsa_alg->base.cra_name) >= CRYPTO_MAX_ALG_NAME)
647                         goto out_drop_alg;
648 
649                 if (snprintf(inst->alg.base.cra_driver_name,
650                              CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s)",
651                              rsa_alg->base.cra_driver_name) >=
652                              CRYPTO_MAX_ALG_NAME)
653                         goto out_drop_alg;
654         } else {
655                 if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
656                              "pkcs1pad(%s,%s)", rsa_alg->base.cra_name,
657                              hash_name) >= CRYPTO_MAX_ALG_NAME)
658                         goto out_drop_alg;
659 
660                 if (snprintf(inst->alg.base.cra_driver_name,
661                              CRYPTO_MAX_ALG_NAME, "pkcs1pad(%s,%s)",
662                              rsa_alg->base.cra_driver_name,
663                              hash_name) >= CRYPTO_MAX_ALG_NAME)
664                         goto out_drop_alg;
665         }
666 
667         inst->alg.base.cra_flags = rsa_alg->base.cra_flags & CRYPTO_ALG_ASYNC;
668         inst->alg.base.cra_priority = rsa_alg->base.cra_priority;
669         inst->alg.base.cra_ctxsize = sizeof(struct pkcs1pad_ctx);
670 
671         inst->alg.init = pkcs1pad_init_tfm;
672         inst->alg.exit = pkcs1pad_exit_tfm;
673 
674         inst->alg.encrypt = pkcs1pad_encrypt;
675         inst->alg.decrypt = pkcs1pad_decrypt;
676         inst->alg.sign = pkcs1pad_sign;
677         inst->alg.verify = pkcs1pad_verify;
678         inst->alg.set_pub_key = pkcs1pad_set_pub_key;
679         inst->alg.set_priv_key = pkcs1pad_set_priv_key;
680         inst->alg.max_size = pkcs1pad_get_max_size;
681         inst->alg.reqsize = sizeof(struct pkcs1pad_request) + rsa_alg->reqsize;
682 
683         inst->free = pkcs1pad_free;
684 
685         err = akcipher_register_instance(tmpl, inst);
686         if (err)
687                 goto out_drop_alg;
688 
689         return 0;
690 
691 out_drop_alg:
692         crypto_drop_akcipher(spawn);
693 out_free_inst:
694         kfree(inst);
695         return err;
696 }
697 
698 struct crypto_template rsa_pkcs1pad_tmpl = {
699         .name = "pkcs1pad",
700         .create = pkcs1pad_create,
701         .module = THIS_MODULE,
702 };
703 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp