iPXE
Data Structures | Macros | Functions | Variables
rsa.c File Reference

RSA public-key cryptography. More...

#include <stdint.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <errno.h>
#include <ipxe/asn1.h>
#include <ipxe/crypto.h>
#include <ipxe/bigint.h>
#include <ipxe/random_nz.h>
#include <ipxe/rsa.h>

Go to the source code of this file.

Data Structures

struct  rsa_context
 An RSA context. More...
 

Macros

#define EACCES_VERIFY   __einfo_error ( EINFO_EACCES_VERIFY )
 
#define EINFO_EACCES_VERIFY   __einfo_uniqify ( EINFO_EACCES, 0x01, "RSA signature incorrect" )
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
static struct rsa_digestinfo_prefixrsa_find_prefix (struct digest_algorithm *digest)
 Identify RSA prefix. More...
 
static void rsa_free (struct rsa_context *context)
 Free RSA dynamic storage. More...
 
static int rsa_alloc (struct rsa_context *context, size_t modulus_len, size_t exponent_len)
 Allocate RSA dynamic storage. More...
 
static int rsa_parse_integer (struct asn1_cursor *integer, const struct asn1_cursor *raw)
 Parse RSA integer. More...
 
static int rsa_parse_mod_exp (struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
 Parse RSA modulus and exponent. More...
 
static int rsa_init (struct rsa_context *context, const struct asn1_cursor *key)
 Initialise RSA cipher. More...
 
static size_t rsa_max_len (const struct asn1_cursor *key)
 Calculate RSA maximum output length. More...
 
static void rsa_cipher (struct rsa_context *context, const void *in, void *out)
 Perform RSA cipher operation. More...
 
static int rsa_encrypt (const struct asn1_cursor *key, const void *plaintext, size_t plaintext_len, void *ciphertext)
 Encrypt using RSA. More...
 
static int rsa_decrypt (const struct asn1_cursor *key, const void *ciphertext, size_t ciphertext_len, void *plaintext)
 Decrypt using RSA. More...
 
static int rsa_encode_digest (struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
 Encode RSA digest. More...
 
static int rsa_sign (const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, void *signature)
 Sign digest value using RSA. More...
 
static int rsa_verify (const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
 Verify signed digest value using RSA. More...
 
static int rsa_match (const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
 Check for matching RSA public/private key pair. More...
 
 REQUIRING_SYMBOL (rsa_algorithm)
 
 REQUIRE_OBJECT (config_crypto)
 

Variables

struct pubkey_algorithm rsa_algorithm
 RSA public-key algorithm. More...
 

Detailed Description

RSA public-key cryptography.

RSA is documented in RFC 3447.

Definition in file rsa.c.

Macro Definition Documentation

◆ EACCES_VERIFY

#define EACCES_VERIFY   __einfo_error ( EINFO_EACCES_VERIFY )

Definition at line 45 of file rsa.c.

◆ EINFO_EACCES_VERIFY

#define EINFO_EACCES_VERIFY   __einfo_uniqify ( EINFO_EACCES, 0x01, "RSA signature incorrect" )

Definition at line 47 of file rsa.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ rsa_find_prefix()

static struct rsa_digestinfo_prefix* rsa_find_prefix ( struct digest_algorithm digest)
static

Identify RSA prefix.

Parameters
digestDigest algorithm
Return values
prefixRSA prefix, or NULL

Definition at line 79 of file rsa.c.

79  {
81 
83  if ( prefix->digest == digest )
84  return prefix;
85  }
86  return NULL;
87 }
char prefix[4]
Definition: vmconsole.c:53
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition: tables.h:385
An RSA digestInfo prefix.
Definition: rsa.h:42
struct digest_algorithm * digest
Digest algorithm.
Definition: rsa.h:44
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
#define RSA_DIGESTINFO_PREFIXES
RSA digestInfo prefix table.
Definition: rsa.h:52

References rsa_digestinfo_prefix::digest, for_each_table_entry, NULL, prefix, and RSA_DIGESTINFO_PREFIXES.

Referenced by rsa_encode_digest().

◆ rsa_free()

static void rsa_free ( struct rsa_context context)
inlinestatic

Free RSA dynamic storage.

Parameters
contextRSA context

Definition at line 94 of file rsa.c.

94  {
95 
96  free ( context->dynamic );
97 }
void * dynamic
Allocated memory.
Definition: rsa.c:53
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54

References rsa_context::dynamic, and free.

Referenced by rsa_decrypt(), rsa_encrypt(), rsa_init(), rsa_sign(), and rsa_verify().

◆ rsa_alloc()

static int rsa_alloc ( struct rsa_context context,
size_t  modulus_len,
size_t  exponent_len 
)
static

Allocate RSA dynamic storage.

Parameters
contextRSA context
modulus_lenModulus length
exponent_lenExponent length
Return values
rcReturn status code

Definition at line 107 of file rsa.c.

108  {
109  unsigned int size = bigint_required_size ( modulus_len );
110  unsigned int exponent_size = bigint_required_size ( exponent_len );
111  bigint_t ( size ) *modulus;
112  bigint_t ( exponent_size ) *exponent;
113  size_t tmp_len = bigint_mod_exp_tmp_len ( modulus, exponent );
114  struct {
115  bigint_t ( size ) modulus;
116  bigint_t ( exponent_size ) exponent;
117  bigint_t ( size ) input;
118  bigint_t ( size ) output;
119  uint8_t tmp[tmp_len];
120  } __attribute__ (( packed )) *dynamic;
121 
122  /* Allocate dynamic storage */
123  dynamic = malloc ( sizeof ( *dynamic ) );
124  if ( ! dynamic )
125  return -ENOMEM;
126 
127  /* Assign dynamic storage */
128  context->dynamic = dynamic;
129  context->modulus0 = &dynamic->modulus.element[0];
130  context->size = size;
131  context->max_len = modulus_len;
132  context->exponent0 = &dynamic->exponent.element[0];
133  context->exponent_size = exponent_size;
134  context->input0 = &dynamic->input.element[0];
135  context->output0 = &dynamic->output.element[0];
136  context->tmp = &dynamic->tmp;
137 
138  return 0;
139 }
#define __attribute__(x)
Definition: compiler.h:10
void * tmp
Temporary working space for modular exponentiation.
Definition: rsa.c:69
bigint_element_t * output0
Output buffer.
Definition: rsa.c:67
unsigned int exponent_size
Exponent size.
Definition: rsa.c:63
Definition: bnxt_hsi.h:68
bigint_element_t * modulus0
Modulus.
Definition: rsa.c:55
unsigned long tmp
Definition: linux_pci.h:63
#define ENOMEM
Not enough space.
Definition: errno.h:534
#define bigint_mod_exp_tmp_len(modulus, exponent)
Calculate temporary working space required for moduluar exponentiation.
Definition: bigint.h:329
unsigned int size
Modulus size.
Definition: rsa.c:57
size_t max_len
Modulus length.
Definition: rsa.c:59
void * dynamic
Allocated memory.
Definition: rsa.c:53
bigint_element_t * input0
Input buffer.
Definition: rsa.c:65
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
Definition: bigint.h:30
unsigned char uint8_t
Definition: stdint.h:10
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:583
bigint_element_t * exponent0
Exponent.
Definition: rsa.c:61
uint8_t size
Entry size (in 32-bit words)
Definition: ena.h:16
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.

References __attribute__, bigint_mod_exp_tmp_len, bigint_required_size, bigint_t(), rsa_context::dynamic, ENOMEM, rsa_context::exponent0, rsa_context::exponent_size, rsa_context::input0, malloc(), rsa_context::max_len, rsa_context::modulus0, rsa_context::output0, size, rsa_context::size, tmp, and rsa_context::tmp.

Referenced by rsa_init().

◆ rsa_parse_integer()

static int rsa_parse_integer ( struct asn1_cursor integer,
const struct asn1_cursor raw 
)
static

Parse RSA integer.

Parameters
integerInteger to fill in
rawASN.1 cursor
Return values
rcReturn status code

Definition at line 148 of file rsa.c.

149  {
150 
151  /* Enter integer */
152  memcpy ( integer, raw, sizeof ( *integer ) );
153  asn1_enter ( integer, ASN1_INTEGER );
154 
155  /* Skip initial sign byte if applicable */
156  if ( ( integer->len > 1 ) &&
157  ( *( ( uint8_t * ) integer->data ) == 0x00 ) ) {
158  integer->data++;
159  integer->len--;
160  }
161 
162  /* Fail if cursor or integer are invalid */
163  if ( ! integer->len )
164  return -EINVAL;
165 
166  return 0;
167 }
#define EINVAL
Invalid argument.
Definition: errno.h:428
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
Definition: asn1.c:205
const void * data
Start of data.
Definition: asn1.h:22
size_t len
Length of data.
Definition: asn1.h:24
void * memcpy(void *dest, const void *src, size_t len) __nonnull
unsigned char uint8_t
Definition: stdint.h:10
#define ASN1_INTEGER
ASN.1 integer.
Definition: asn1.h:62
__be32 raw[7]
Definition: CIB_PRM.h:28

References asn1_enter(), ASN1_INTEGER, asn1_cursor::data, EINVAL, asn1_cursor::len, memcpy(), and raw.

Referenced by rsa_parse_mod_exp().

◆ rsa_parse_mod_exp()

static int rsa_parse_mod_exp ( struct asn1_cursor modulus,
struct asn1_cursor exponent,
const struct asn1_cursor raw 
)
static

Parse RSA modulus and exponent.

Parameters
modulusModulus to fill in
exponentExponent to fill in
rawASN.1 cursor
Return values
rcReturn status code

Definition at line 177 of file rsa.c.

179  {
180  struct asn1_bit_string bits;
181  struct asn1_cursor cursor;
182  int is_private;
183  int rc;
184 
185  /* Enter subjectPublicKeyInfo/privateKeyInfo/RSAPrivateKey */
186  memcpy ( &cursor, raw, sizeof ( cursor ) );
187  asn1_enter ( &cursor, ASN1_SEQUENCE );
188 
189  /* Determine key format */
190  if ( asn1_type ( &cursor ) == ASN1_INTEGER ) {
191 
192  /* Private key */
193  is_private = 1;
194 
195  /* Skip version */
196  asn1_skip_any ( &cursor );
197 
198  /* Enter privateKey, if present */
199  if ( asn1_check_algorithm ( &cursor,
200  &rsa_encryption_algorithm ) == 0 ) {
201 
202  /* Skip privateKeyAlgorithm */
203  asn1_skip_any ( &cursor );
204 
205  /* Enter privateKey */
206  asn1_enter ( &cursor, ASN1_OCTET_STRING );
207 
208  /* Enter RSAPrivateKey */
209  asn1_enter ( &cursor, ASN1_SEQUENCE );
210 
211  /* Skip version */
212  asn1_skip ( &cursor, ASN1_INTEGER );
213  }
214 
215  } else {
216 
217  /* Public key */
218  is_private = 0;
219 
220  /* Skip algorithm */
221  asn1_skip ( &cursor, ASN1_SEQUENCE );
222 
223  /* Enter subjectPublicKey */
224  if ( ( rc = asn1_integral_bit_string ( &cursor, &bits ) ) != 0 )
225  return rc;
226  cursor.data = bits.data;
227  cursor.len = bits.len;
228 
229  /* Enter RSAPublicKey */
230  asn1_enter ( &cursor, ASN1_SEQUENCE );
231  }
232 
233  /* Extract modulus */
234  if ( ( rc = rsa_parse_integer ( modulus, &cursor ) ) != 0 )
235  return rc;
236  asn1_skip_any ( &cursor );
237 
238  /* Skip public exponent, if applicable */
239  if ( is_private )
240  asn1_skip ( &cursor, ASN1_INTEGER );
241 
242  /* Extract publicExponent/privateExponent */
243  if ( ( rc = rsa_parse_integer ( exponent, &cursor ) ) != 0 )
244  return rc;
245 
246  return 0;
247 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
Definition: asn1.c:205
static unsigned int asn1_type(const struct asn1_cursor *cursor)
Extract ASN.1 type.
Definition: asn1.h:446
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
Definition: asn1.c:313
void * memcpy(void *dest, const void *src, size_t len) __nonnull
static int rsa_parse_integer(struct asn1_cursor *integer, const struct asn1_cursor *raw)
Parse RSA integer.
Definition: rsa.c:148
int asn1_check_algorithm(const struct asn1_cursor *cursor, struct asn1_algorithm *expected)
Check ASN.1 OID-identified algorithm.
Definition: asn1.c:680
int asn1_integral_bit_string(const struct asn1_cursor *cursor, struct asn1_bit_string *bits)
Parse ASN.1 bit string that must be an integral number of bytes.
Definition: asn1.c:451
#define ASN1_SEQUENCE
ASN.1 sequence.
Definition: asn1.h:89
#define ASN1_INTEGER
ASN.1 integer.
Definition: asn1.h:62
static volatile void * bits
Definition: bitops.h:27
int asn1_skip(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object.
Definition: asn1.c:254
__be32 raw[7]
Definition: CIB_PRM.h:28
struct arbelprm_wqe_segment_data_ptr data[ARBEL_MAX_GATHER]
Definition: arbel.h:237
#define ASN1_OCTET_STRING
ASN.1 octet string.
Definition: asn1.h:68
An ASN.1 object cursor.
Definition: asn1.h:20
An ASN.1 bit string.
Definition: asn1.h:420

References asn1_check_algorithm(), asn1_enter(), ASN1_INTEGER, asn1_integral_bit_string(), ASN1_OCTET_STRING, ASN1_SEQUENCE, asn1_skip(), asn1_skip_any(), asn1_type(), bits, asn1_cursor::data, asn1_cursor::len, memcpy(), raw, rc, and rsa_parse_integer().

Referenced by rsa_init(), rsa_match(), and rsa_max_len().

◆ rsa_init()

static int rsa_init ( struct rsa_context context,
const struct asn1_cursor key 
)
static

Initialise RSA cipher.

Parameters
contextRSA context
keyKey
Return values
rcReturn status code

Definition at line 256 of file rsa.c.

257  {
258  struct asn1_cursor modulus;
259  struct asn1_cursor exponent;
260  int rc;
261 
262  /* Initialise context */
263  memset ( context, 0, sizeof ( *context ) );
264 
265  /* Parse modulus and exponent */
266  if ( ( rc = rsa_parse_mod_exp ( &modulus, &exponent, key ) ) != 0 ){
267  DBGC ( context, "RSA %p invalid modulus/exponent:\n", context );
268  DBGC_HDA ( context, 0, key->data, key->len );
269  goto err_parse;
270  }
271 
272  DBGC ( context, "RSA %p modulus:\n", context );
273  DBGC_HDA ( context, 0, modulus.data, modulus.len );
274  DBGC ( context, "RSA %p exponent:\n", context );
275  DBGC_HDA ( context, 0, exponent.data, exponent.len );
276 
277  /* Allocate dynamic storage */
278  if ( ( rc = rsa_alloc ( context, modulus.len, exponent.len ) ) != 0 )
279  goto err_alloc;
280 
281  /* Construct big integers */
282  bigint_init ( ( ( bigint_t ( context->size ) * ) context->modulus0 ),
283  modulus.data, modulus.len );
284  bigint_init ( ( ( bigint_t ( context->exponent_size ) * )
285  context->exponent0 ), exponent.data, exponent.len );
286 
287  return 0;
288 
289  rsa_free ( context );
290  err_alloc:
291  err_parse:
292  return rc;
293 }
static int rsa_parse_mod_exp(struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
Parse RSA modulus and exponent.
Definition: rsa.c:177
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
#define DBGC(...)
Definition: compiler.h:505
unsigned int exponent_size
Exponent size.
Definition: rsa.c:63
#define bigint_init(value, data, len)
Initialise big integer.
Definition: bigint.h:50
bigint_element_t * modulus0
Modulus.
Definition: rsa.c:55
#define DBGC_HDA(...)
Definition: compiler.h:506
unsigned int size
Modulus size.
Definition: rsa.c:57
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:94
bigint_element_t * exponent0
Exponent.
Definition: rsa.c:61
An ASN.1 object cursor.
Definition: asn1.h:20
static int rsa_alloc(struct rsa_context *context, size_t modulus_len, size_t exponent_len)
Allocate RSA dynamic storage.
Definition: rsa.c:107
union @383 key
Sense key.
Definition: scsi.h:18
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.
void * memset(void *dest, int character, size_t len) __nonnull

References bigint_init, bigint_t(), asn1_cursor::data, DBGC, DBGC_HDA, rsa_context::exponent0, rsa_context::exponent_size, key, asn1_cursor::len, memset(), rsa_context::modulus0, rc, rsa_alloc(), rsa_free(), rsa_parse_mod_exp(), and rsa_context::size.

Referenced by rsa_decrypt(), rsa_encrypt(), rsa_sign(), and rsa_verify().

◆ rsa_max_len()

static size_t rsa_max_len ( const struct asn1_cursor key)
static

Calculate RSA maximum output length.

Parameters
keyKey
Return values
max_lenMaximum output length

Definition at line 301 of file rsa.c.

301  {
302  struct asn1_cursor modulus;
303  struct asn1_cursor exponent;
304  int rc;
305 
306  /* Parse moduli and exponents */
307  if ( ( rc = rsa_parse_mod_exp ( &modulus, &exponent, key ) ) != 0 ) {
308  /* Return a zero maximum length on error */
309  return 0;
310  }
311 
312  /* Output length can never exceed modulus length */
313  return modulus.len;
314 }
static int rsa_parse_mod_exp(struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
Parse RSA modulus and exponent.
Definition: rsa.c:177
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
An ASN.1 object cursor.
Definition: asn1.h:20
union @383 key
Sense key.
Definition: scsi.h:18

References key, asn1_cursor::len, rc, and rsa_parse_mod_exp().

◆ rsa_cipher()

static void rsa_cipher ( struct rsa_context context,
const void *  in,
void *  out 
)
static

Perform RSA cipher operation.

Parameters
contextRSA context
inInput buffer
outOutput buffer

Definition at line 323 of file rsa.c.

324  {
325  bigint_t ( context->size ) *input = ( ( void * ) context->input0 );
326  bigint_t ( context->size ) *output = ( ( void * ) context->output0 );
327  bigint_t ( context->size ) *modulus = ( ( void * ) context->modulus0 );
328  bigint_t ( context->exponent_size ) *exponent =
329  ( ( void * ) context->exponent0 );
330 
331  /* Initialise big integer */
332  bigint_init ( input, in, context->max_len );
333 
334  /* Perform modular exponentiation */
335  bigint_mod_exp ( input, modulus, exponent, output, context->tmp );
336 
337  /* Copy out result */
338  bigint_done ( output, out, context->max_len );
339 }
void * tmp
Temporary working space for modular exponentiation.
Definition: rsa.c:69
bigint_element_t * output0
Output buffer.
Definition: rsa.c:67
#define bigint_mod_exp(base, modulus, exponent, result, tmp)
Perform modular exponentiation of big integers.
Definition: bigint.h:314
__be32 in[4]
Definition: CIB_PRM.h:35
unsigned int exponent_size
Exponent size.
Definition: rsa.c:63
Definition: bnxt_hsi.h:68
#define bigint_init(value, data, len)
Initialise big integer.
Definition: bigint.h:50
bigint_element_t * modulus0
Modulus.
Definition: rsa.c:55
unsigned int size
Modulus size.
Definition: rsa.c:57
size_t max_len
Modulus length.
Definition: rsa.c:59
bigint_element_t * input0
Input buffer.
Definition: rsa.c:65
__be32 out[4]
Definition: CIB_PRM.h:36
#define bigint_done(value, out, len)
Finalise big integer.
Definition: bigint.h:63
bigint_element_t * exponent0
Exponent.
Definition: rsa.c:61
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.

References bigint_done, bigint_init, bigint_mod_exp, bigint_t(), rsa_context::exponent0, rsa_context::exponent_size, in, rsa_context::input0, rsa_context::max_len, rsa_context::modulus0, out, rsa_context::output0, rsa_context::size, and rsa_context::tmp.

Referenced by rsa_decrypt(), rsa_encrypt(), rsa_sign(), and rsa_verify().

◆ rsa_encrypt()

static int rsa_encrypt ( const struct asn1_cursor key,
const void *  plaintext,
size_t  plaintext_len,
void *  ciphertext 
)
static

Encrypt using RSA.

Parameters
keyKey
plaintextPlaintext
plaintext_lenLength of plaintext
ciphertextCiphertext
Return values
ciphertext_lenLength of ciphertext, or negative error

Definition at line 350 of file rsa.c.

351  {
352  struct rsa_context context;
353  void *temp;
354  uint8_t *encoded;
355  size_t max_len;
356  size_t random_nz_len;
357  int rc;
358 
359  DBGC ( &context, "RSA %p encrypting:\n", &context );
360  DBGC_HDA ( &context, 0, plaintext, plaintext_len );
361 
362  /* Initialise context */
363  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
364  goto err_init;
365 
366  /* Calculate lengths */
367  max_len = ( context.max_len - 11 );
368  random_nz_len = ( max_len - plaintext_len + 8 );
369 
370  /* Sanity check */
371  if ( plaintext_len > max_len ) {
372  DBGC ( &context, "RSA %p plaintext too long (%zd bytes, max "
373  "%zd)\n", &context, plaintext_len, max_len );
374  rc = -ERANGE;
375  goto err_sanity;
376  }
377 
378  /* Construct encoded message (using the big integer output
379  * buffer as temporary storage)
380  */
381  temp = context.output0;
382  encoded = temp;
383  encoded[0] = 0x00;
384  encoded[1] = 0x02;
385  if ( ( rc = get_random_nz ( &encoded[2], random_nz_len ) ) != 0 ) {
386  DBGC ( &context, "RSA %p could not generate random data: %s\n",
387  &context, strerror ( rc ) );
388  goto err_random;
389  }
390  encoded[ 2 + random_nz_len ] = 0x00;
391  memcpy ( &encoded[ context.max_len - plaintext_len ],
392  plaintext, plaintext_len );
393 
394  /* Encipher the encoded message */
395  rsa_cipher ( &context, encoded, ciphertext );
396  DBGC ( &context, "RSA %p encrypted:\n", &context );
397  DBGC_HDA ( &context, 0, ciphertext, context.max_len );
398 
399  /* Free context */
400  rsa_free ( &context );
401 
402  return context.max_len;
403 
404  err_random:
405  err_sanity:
406  rsa_free ( &context );
407  err_init:
408  return rc;
409 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
#define DBGC(...)
Definition: compiler.h:505
int get_random_nz(void *data, size_t len)
Get random non-zero bytes.
Definition: random_nz.c:62
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:323
void * memcpy(void *dest, const void *src, size_t len) __nonnull
An RSA context.
Definition: rsa.c:51
#define DBGC_HDA(...)
Definition: compiler.h:506
size_t max_len
Modulus length.
Definition: rsa.c:59
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:94
#define ERANGE
Result too large.
Definition: errno.h:639
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
unsigned char uint8_t
Definition: stdint.h:10
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
Definition: rsa.c:256
union @383 key
Sense key.
Definition: scsi.h:18

References DBGC, DBGC_HDA, ERANGE, get_random_nz(), key, rsa_context::max_len, memcpy(), rsa_context::output0, rc, rsa_cipher(), rsa_free(), rsa_init(), and strerror().

◆ rsa_decrypt()

static int rsa_decrypt ( const struct asn1_cursor key,
const void *  ciphertext,
size_t  ciphertext_len,
void *  plaintext 
)
static

Decrypt using RSA.

Parameters
keyKey
ciphertextCiphertext
ciphertext_lenCiphertext length
plaintextPlaintext
Return values
plaintext_lenPlaintext length, or negative error

Definition at line 420 of file rsa.c.

421  {
422  struct rsa_context context;
423  void *temp;
424  uint8_t *encoded;
425  uint8_t *end;
426  uint8_t *zero;
427  uint8_t *start;
428  size_t plaintext_len;
429  int rc;
430 
431  DBGC ( &context, "RSA %p decrypting:\n", &context );
432  DBGC_HDA ( &context, 0, ciphertext, ciphertext_len );
433 
434  /* Initialise context */
435  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
436  goto err_init;
437 
438  /* Sanity check */
439  if ( ciphertext_len != context.max_len ) {
440  DBGC ( &context, "RSA %p ciphertext incorrect length (%zd "
441  "bytes, should be %zd)\n",
442  &context, ciphertext_len, context.max_len );
443  rc = -ERANGE;
444  goto err_sanity;
445  }
446 
447  /* Decipher the message (using the big integer input buffer as
448  * temporary storage)
449  */
450  temp = context.input0;
451  encoded = temp;
452  rsa_cipher ( &context, ciphertext, encoded );
453 
454  /* Parse the message */
455  end = ( encoded + context.max_len );
456  if ( ( encoded[0] != 0x00 ) || ( encoded[1] != 0x02 ) ) {
457  rc = -EINVAL;
458  goto err_invalid;
459  }
460  zero = memchr ( &encoded[2], 0, ( end - &encoded[2] ) );
461  if ( ! zero ) {
462  rc = -EINVAL;
463  goto err_invalid;
464  }
465  start = ( zero + 1 );
466  plaintext_len = ( end - start );
467 
468  /* Copy out message */
469  memcpy ( plaintext, start, plaintext_len );
470  DBGC ( &context, "RSA %p decrypted:\n", &context );
471  DBGC_HDA ( &context, 0, plaintext, plaintext_len );
472 
473  /* Free context */
474  rsa_free ( &context );
475 
476  return plaintext_len;
477 
478  err_invalid:
479  DBGC ( &context, "RSA %p invalid decrypted message:\n", &context );
480  DBGC_HDA ( &context, 0, encoded, context.max_len );
481  err_sanity:
482  rsa_free ( &context );
483  err_init:
484  return rc;
485 }
#define EINVAL
Invalid argument.
Definition: errno.h:428
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
#define DBGC(...)
Definition: compiler.h:505
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:323
void * memchr(const void *src, int character, size_t len)
Find character within a memory region.
Definition: string.c:135
uint32_t start
Starting offset.
Definition: netvsc.h:12
void * memcpy(void *dest, const void *src, size_t len) __nonnull
An RSA context.
Definition: rsa.c:51
#define DBGC_HDA(...)
Definition: compiler.h:506
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:94
#define ERANGE
Result too large.
Definition: errno.h:639
unsigned char uint8_t
Definition: stdint.h:10
uint32_t end
Ending offset.
Definition: netvsc.h:18
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
Definition: rsa.c:256
union @383 key
Sense key.
Definition: scsi.h:18

References DBGC, DBGC_HDA, EINVAL, end, ERANGE, rsa_context::input0, key, rsa_context::max_len, memchr(), memcpy(), rc, rsa_cipher(), rsa_free(), rsa_init(), and start.

◆ rsa_encode_digest()

static int rsa_encode_digest ( struct rsa_context context,
struct digest_algorithm digest,
const void *  value,
void *  encoded 
)
static

Encode RSA digest.

Parameters
contextRSA context
digestDigest algorithm
valueDigest value
encodedEncoded digest
Return values
rcReturn status code

Definition at line 496 of file rsa.c.

498  {
500  size_t digest_len = digest->digestsize;
501  uint8_t *temp = encoded;
502  size_t digestinfo_len;
503  size_t max_len;
504  size_t pad_len;
505 
506  /* Identify prefix */
508  if ( ! prefix ) {
509  DBGC ( context, "RSA %p has no prefix for %s\n",
510  context, digest->name );
511  return -ENOTSUP;
512  }
513  digestinfo_len = ( prefix->len + digest_len );
514 
515  /* Sanity check */
516  max_len = ( context->max_len - 11 );
517  if ( digestinfo_len > max_len ) {
518  DBGC ( context, "RSA %p %s digestInfo too long (%zd bytes, "
519  "max %zd)\n", context, digest->name, digestinfo_len,
520  max_len );
521  return -ERANGE;
522  }
523  DBGC ( context, "RSA %p encoding %s digest:\n",
524  context, digest->name );
525  DBGC_HDA ( context, 0, value, digest_len );
526 
527  /* Construct encoded message */
528  *(temp++) = 0x00;
529  *(temp++) = 0x01;
530  pad_len = ( max_len - digestinfo_len + 8 );
531  memset ( temp, 0xff, pad_len );
532  temp += pad_len;
533  *(temp++) = 0x00;
534  memcpy ( temp, prefix->data, prefix->len );
535  temp += prefix->len;
536  memcpy ( temp, value, digest_len );
537  temp += digest_len;
538  assert ( temp == ( encoded + context->max_len ) );
539  DBGC ( context, "RSA %p encoded %s digest:\n", context, digest->name );
540  DBGC_HDA ( context, 0, encoded, context->max_len );
541 
542  return 0;
543 }
#define DBGC(...)
Definition: compiler.h:505
char prefix[4]
Definition: vmconsole.c:53
static struct rsa_digestinfo_prefix * rsa_find_prefix(struct digest_algorithm *digest)
Identify RSA prefix.
Definition: rsa.c:79
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
void * memcpy(void *dest, const void *src, size_t len) __nonnull
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
#define DBGC_HDA(...)
Definition: compiler.h:506
size_t max_len
Modulus length.
Definition: rsa.c:59
#define ERANGE
Result too large.
Definition: errno.h:639
An RSA digestInfo prefix.
Definition: rsa.h:42
unsigned char uint8_t
Definition: stdint.h:10
long pad_len
Definition: bigint.h:30
size_t digestsize
Digest size.
Definition: crypto.h:26
const char * name
Algorithm name.
Definition: crypto.h:20
struct digest_algorithm * digest
Digest algorithm.
Definition: rsa.h:44
void * memset(void *dest, int character, size_t len) __nonnull

References assert(), DBGC, DBGC_HDA, rsa_digestinfo_prefix::digest, digest_algorithm::digestsize, ENOTSUP, ERANGE, rsa_context::max_len, memcpy(), memset(), digest_algorithm::name, pad_len, prefix, rsa_find_prefix(), and value.

Referenced by rsa_sign(), and rsa_verify().

◆ rsa_sign()

static int rsa_sign ( const struct asn1_cursor key,
struct digest_algorithm digest,
const void *  value,
void *  signature 
)
static

Sign digest value using RSA.

Parameters
keyKey
digestDigest algorithm
valueDigest value
signatureSignature
Return values
signature_lenSignature length, or negative error

Definition at line 554 of file rsa.c.

556  {
557  struct rsa_context context;
558  void *temp;
559  int rc;
560 
561  DBGC ( &context, "RSA %p signing %s digest:\n",
562  &context, digest->name );
563  DBGC_HDA ( &context, 0, value, digest->digestsize );
564 
565  /* Initialise context */
566  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
567  goto err_init;
568 
569  /* Encode digest (using the big integer output buffer as
570  * temporary storage)
571  */
572  temp = context.output0;
573  if ( ( rc = rsa_encode_digest ( &context, digest, value, temp ) ) != 0 )
574  goto err_encode;
575 
576  /* Encipher the encoded digest */
577  rsa_cipher ( &context, temp, signature );
578  DBGC ( &context, "RSA %p signed %s digest:\n", &context, digest->name );
579  DBGC_HDA ( &context, 0, signature, context.max_len );
580 
581  /* Free context */
582  rsa_free ( &context );
583 
584  return context.max_len;
585 
586  err_encode:
587  rsa_free ( &context );
588  err_init:
589  return rc;
590 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
static int rsa_encode_digest(struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
Encode RSA digest.
Definition: rsa.c:496
#define DBGC(...)
Definition: compiler.h:505
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:323
An RSA context.
Definition: rsa.c:51
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
#define DBGC_HDA(...)
Definition: compiler.h:506
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:94
size_t digestsize
Digest size.
Definition: crypto.h:26
const char * name
Algorithm name.
Definition: crypto.h:20
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
Definition: rsa.c:256
u8 signature
CPU signature.
Definition: CIB_PRM.h:35
union @383 key
Sense key.
Definition: scsi.h:18

References DBGC, DBGC_HDA, digest_algorithm::digestsize, key, rsa_context::max_len, digest_algorithm::name, rsa_context::output0, rc, rsa_cipher(), rsa_encode_digest(), rsa_free(), rsa_init(), signature, and value.

◆ rsa_verify()

static int rsa_verify ( const struct asn1_cursor key,
struct digest_algorithm digest,
const void *  value,
const void *  signature,
size_t  signature_len 
)
static

Verify signed digest value using RSA.

Parameters
keyKey
digestDigest algorithm
valueDigest value
signatureSignature
signature_lenSignature length
Return values
rcReturn status code

Definition at line 602 of file rsa.c.

604  {
605  struct rsa_context context;
606  void *temp;
607  void *expected;
608  void *actual;
609  int rc;
610 
611  DBGC ( &context, "RSA %p verifying %s digest:\n",
612  &context, digest->name );
613  DBGC_HDA ( &context, 0, value, digest->digestsize );
614  DBGC_HDA ( &context, 0, signature, signature_len );
615 
616  /* Initialise context */
617  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
618  goto err_init;
619 
620  /* Sanity check */
621  if ( signature_len != context.max_len ) {
622  DBGC ( &context, "RSA %p signature incorrect length (%zd "
623  "bytes, should be %zd)\n",
624  &context, signature_len, context.max_len );
625  rc = -ERANGE;
626  goto err_sanity;
627  }
628 
629  /* Decipher the signature (using the big integer input buffer
630  * as temporary storage)
631  */
632  temp = context.input0;
633  expected = temp;
634  rsa_cipher ( &context, signature, expected );
635  DBGC ( &context, "RSA %p deciphered signature:\n", &context );
636  DBGC_HDA ( &context, 0, expected, context.max_len );
637 
638  /* Encode digest (using the big integer output buffer as
639  * temporary storage)
640  */
641  temp = context.output0;
642  actual = temp;
643  if ( ( rc = rsa_encode_digest ( &context, digest, value,
644  actual ) ) != 0 )
645  goto err_encode;
646 
647  /* Verify the signature */
648  if ( memcmp ( actual, expected, context.max_len ) != 0 ) {
649  DBGC ( &context, "RSA %p signature verification failed\n",
650  &context );
651  rc = -EACCES_VERIFY;
652  goto err_verify;
653  }
654 
655  /* Free context */
656  rsa_free ( &context );
657 
658  DBGC ( &context, "RSA %p signature verified successfully\n", &context );
659  return 0;
660 
661  err_verify:
662  err_encode:
663  err_sanity:
664  rsa_free ( &context );
665  err_init:
666  return rc;
667 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
static int rsa_encode_digest(struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
Encode RSA digest.
Definition: rsa.c:496
#define DBGC(...)
Definition: compiler.h:505
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:323
#define EACCES_VERIFY
Definition: rsa.c:45
An RSA context.
Definition: rsa.c:51
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
#define DBGC_HDA(...)
Definition: compiler.h:506
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:94
#define ERANGE
Result too large.
Definition: errno.h:639
size_t digestsize
Digest size.
Definition: crypto.h:26
const char * name
Algorithm name.
Definition: crypto.h:20
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
Definition: rsa.c:256
u8 signature
CPU signature.
Definition: CIB_PRM.h:35
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
Definition: string.c:114
union @383 key
Sense key.
Definition: scsi.h:18

References DBGC, DBGC_HDA, digest_algorithm::digestsize, EACCES_VERIFY, ERANGE, rsa_context::input0, key, rsa_context::max_len, memcmp(), digest_algorithm::name, rsa_context::output0, rc, rsa_cipher(), rsa_encode_digest(), rsa_free(), rsa_init(), signature, and value.

◆ rsa_match()

static int rsa_match ( const struct asn1_cursor private_key,
const struct asn1_cursor public_key 
)
static

Check for matching RSA public/private key pair.

Parameters
private_keyPrivate key
public_keyPublic key
Return values
rcReturn status code

Definition at line 676 of file rsa.c.

677  {
678  struct asn1_cursor private_modulus;
679  struct asn1_cursor private_exponent;
680  struct asn1_cursor public_modulus;
681  struct asn1_cursor public_exponent;
682  int rc;
683 
684  /* Parse moduli and exponents */
685  if ( ( rc = rsa_parse_mod_exp ( &private_modulus, &private_exponent,
686  private_key ) ) != 0 )
687  return rc;
688  if ( ( rc = rsa_parse_mod_exp ( &public_modulus, &public_exponent,
689  public_key ) ) != 0 )
690  return rc;
691 
692  /* Compare moduli */
693  if ( asn1_compare ( &private_modulus, &public_modulus ) != 0 )
694  return -ENOTTY;
695 
696  return 0;
697 }
static int rsa_parse_mod_exp(struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
Parse RSA modulus and exponent.
Definition: rsa.c:177
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition: asn1.c:480
#define ENOTTY
Inappropriate I/O control operation.
Definition: errno.h:594
A private key.
Definition: privkey.h:16
An ASN.1 object cursor.
Definition: asn1.h:20

References asn1_compare(), ENOTTY, rc, and rsa_parse_mod_exp().

◆ REQUIRING_SYMBOL()

REQUIRING_SYMBOL ( rsa_algorithm  )

◆ REQUIRE_OBJECT()

REQUIRE_OBJECT ( config_crypto  )

Variable Documentation

◆ rsa_algorithm

struct pubkey_algorithm rsa_algorithm
Initial value:
= {
.name = "rsa",
.max_len = rsa_max_len,
.encrypt = rsa_encrypt,
.decrypt = rsa_decrypt,
.sign = rsa_sign,
.verify = rsa_verify,
.match = rsa_match,
}
static int rsa_sign(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, void *signature)
Sign digest value using RSA.
Definition: rsa.c:554
static int rsa_match(const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Check for matching RSA public/private key pair.
Definition: rsa.c:676
static int rsa_decrypt(const struct asn1_cursor *key, const void *ciphertext, size_t ciphertext_len, void *plaintext)
Decrypt using RSA.
Definition: rsa.c:420
static int rsa_verify(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
Verify signed digest value using RSA.
Definition: rsa.c:602
static size_t rsa_max_len(const struct asn1_cursor *key)
Calculate RSA maximum output length.
Definition: rsa.c:301
static int rsa_encrypt(const struct asn1_cursor *key, const void *plaintext, size_t plaintext_len, void *ciphertext)
Encrypt using RSA.
Definition: rsa.c:350

RSA public-key algorithm.

Definition at line 700 of file rsa.c.

Referenced by icert_cert().