iPXE
rsa.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <stdint.h>
27 #include <stdlib.h>
28 #include <stdarg.h>
29 #include <string.h>
30 #include <errno.h>
31 #include <ipxe/asn1.h>
32 #include <ipxe/crypto.h>
33 #include <ipxe/bigint.h>
34 #include <ipxe/random_nz.h>
35 #include <ipxe/rsa.h>
36 
37 /** @file
38  *
39  * RSA public-key cryptography
40  *
41  * RSA is documented in RFC 3447.
42  */
43 
44 /* Disambiguate the various error causes */
45 #define EACCES_VERIFY \
46  __einfo_error ( EINFO_EACCES_VERIFY )
47 #define EINFO_EACCES_VERIFY \
48  __einfo_uniqify ( EINFO_EACCES, 0x01, "RSA signature incorrect" )
49 
50 /** An RSA context */
51 struct rsa_context {
52  /** Allocated memory */
53  void *dynamic;
54  /** Modulus */
56  /** Modulus size */
57  unsigned int size;
58  /** Modulus length */
59  size_t max_len;
60  /** Exponent */
62  /** Exponent size */
63  unsigned int exponent_size;
64  /** Input buffer */
66  /** Output buffer */
68  /** Temporary working space for modular exponentiation */
69  void *tmp;
70 };
71 
72 /**
73  * Identify RSA prefix
74  *
75  * @v digest Digest algorithm
76  * @ret prefix RSA prefix, or NULL
77  */
78 static struct rsa_digestinfo_prefix *
81 
83  if ( prefix->digest == digest )
84  return prefix;
85  }
86  return NULL;
87 }
88 
89 /**
90  * Free RSA dynamic storage
91  *
92  * @v context RSA context
93  */
94 static inline void rsa_free ( struct rsa_context *context ) {
95 
96  free ( context->dynamic );
97 }
98 
99 /**
100  * Allocate RSA dynamic storage
101  *
102  * @v context RSA context
103  * @v modulus_len Modulus length
104  * @v exponent_len Exponent length
105  * @ret rc Return status code
106  */
107 static int rsa_alloc ( struct rsa_context *context, size_t modulus_len,
108  size_t exponent_len ) {
109  unsigned int size = bigint_required_size ( modulus_len );
110  unsigned int exponent_size = bigint_required_size ( exponent_len );
111  bigint_t ( size ) *modulus;
112  size_t tmp_len = bigint_mod_exp_tmp_len ( modulus );
113  struct {
114  bigint_t ( size ) modulus;
115  bigint_t ( exponent_size ) exponent;
116  bigint_t ( size ) input;
117  bigint_t ( size ) output;
118  uint8_t tmp[tmp_len];
119  } __attribute__ (( packed )) *dynamic;
120 
121  /* Allocate dynamic storage */
122  dynamic = malloc ( sizeof ( *dynamic ) );
123  if ( ! dynamic )
124  return -ENOMEM;
125 
126  /* Assign dynamic storage */
127  context->dynamic = dynamic;
128  context->modulus0 = &dynamic->modulus.element[0];
129  context->size = size;
130  context->max_len = modulus_len;
131  context->exponent0 = &dynamic->exponent.element[0];
132  context->exponent_size = exponent_size;
133  context->input0 = &dynamic->input.element[0];
134  context->output0 = &dynamic->output.element[0];
135  context->tmp = &dynamic->tmp;
136 
137  return 0;
138 }
139 
140 /**
141  * Parse RSA integer
142  *
143  * @v integer Integer to fill in
144  * @v raw ASN.1 cursor
145  * @ret rc Return status code
146  */
147 static int rsa_parse_integer ( struct asn1_cursor *integer,
148  const struct asn1_cursor *raw ) {
149 
150  /* Enter integer */
151  memcpy ( integer, raw, sizeof ( *integer ) );
152  asn1_enter ( integer, ASN1_INTEGER );
153 
154  /* Skip initial sign byte if applicable */
155  if ( ( integer->len > 1 ) &&
156  ( *( ( uint8_t * ) integer->data ) == 0x00 ) ) {
157  integer->data++;
158  integer->len--;
159  }
160 
161  /* Fail if cursor or integer are invalid */
162  if ( ! integer->len )
163  return -EINVAL;
164 
165  return 0;
166 }
167 
168 /**
169  * Parse RSA modulus and exponent
170  *
171  * @v modulus Modulus to fill in
172  * @v exponent Exponent to fill in
173  * @v raw ASN.1 cursor
174  * @ret rc Return status code
175  */
176 static int rsa_parse_mod_exp ( struct asn1_cursor *modulus,
177  struct asn1_cursor *exponent,
178  const struct asn1_cursor *raw ) {
179  struct asn1_bit_string bits;
180  struct asn1_cursor cursor;
181  int is_private;
182  int rc;
183 
184  /* Enter subjectPublicKeyInfo/privateKeyInfo/RSAPrivateKey */
185  memcpy ( &cursor, raw, sizeof ( cursor ) );
186  asn1_enter ( &cursor, ASN1_SEQUENCE );
187 
188  /* Determine key format */
189  if ( asn1_type ( &cursor ) == ASN1_INTEGER ) {
190 
191  /* Private key */
192  is_private = 1;
193 
194  /* Skip version */
195  asn1_skip_any ( &cursor );
196 
197  /* Enter privateKey, if present */
198  if ( asn1_check_algorithm ( &cursor,
199  &rsa_encryption_algorithm ) == 0 ) {
200 
201  /* Skip privateKeyAlgorithm */
202  asn1_skip_any ( &cursor );
203 
204  /* Enter privateKey */
205  asn1_enter ( &cursor, ASN1_OCTET_STRING );
206 
207  /* Enter RSAPrivateKey */
208  asn1_enter ( &cursor, ASN1_SEQUENCE );
209 
210  /* Skip version */
211  asn1_skip ( &cursor, ASN1_INTEGER );
212  }
213 
214  } else {
215 
216  /* Public key */
217  is_private = 0;
218 
219  /* Skip algorithm */
220  asn1_skip ( &cursor, ASN1_SEQUENCE );
221 
222  /* Enter subjectPublicKey */
223  if ( ( rc = asn1_integral_bit_string ( &cursor, &bits ) ) != 0 )
224  return rc;
225  cursor.data = bits.data;
226  cursor.len = bits.len;
227 
228  /* Enter RSAPublicKey */
229  asn1_enter ( &cursor, ASN1_SEQUENCE );
230  }
231 
232  /* Extract modulus */
233  if ( ( rc = rsa_parse_integer ( modulus, &cursor ) ) != 0 )
234  return rc;
235  asn1_skip_any ( &cursor );
236 
237  /* Skip public exponent, if applicable */
238  if ( is_private )
239  asn1_skip ( &cursor, ASN1_INTEGER );
240 
241  /* Extract publicExponent/privateExponent */
242  if ( ( rc = rsa_parse_integer ( exponent, &cursor ) ) != 0 )
243  return rc;
244 
245  return 0;
246 }
247 
248 /**
249  * Initialise RSA cipher
250  *
251  * @v context RSA context
252  * @v key Key
253  * @ret rc Return status code
254  */
255 static int rsa_init ( struct rsa_context *context,
256  const struct asn1_cursor *key ) {
257  struct asn1_cursor modulus;
258  struct asn1_cursor exponent;
259  int rc;
260 
261  /* Initialise context */
262  memset ( context, 0, sizeof ( *context ) );
263 
264  /* Parse modulus and exponent */
265  if ( ( rc = rsa_parse_mod_exp ( &modulus, &exponent, key ) ) != 0 ){
266  DBGC ( context, "RSA %p invalid modulus/exponent:\n", context );
267  DBGC_HDA ( context, 0, key->data, key->len );
268  goto err_parse;
269  }
270 
271  DBGC ( context, "RSA %p modulus:\n", context );
272  DBGC_HDA ( context, 0, modulus.data, modulus.len );
273  DBGC ( context, "RSA %p exponent:\n", context );
274  DBGC_HDA ( context, 0, exponent.data, exponent.len );
275 
276  /* Allocate dynamic storage */
277  if ( ( rc = rsa_alloc ( context, modulus.len, exponent.len ) ) != 0 )
278  goto err_alloc;
279 
280  /* Construct big integers */
281  bigint_init ( ( ( bigint_t ( context->size ) * ) context->modulus0 ),
282  modulus.data, modulus.len );
283  bigint_init ( ( ( bigint_t ( context->exponent_size ) * )
284  context->exponent0 ), exponent.data, exponent.len );
285 
286  return 0;
287 
288  rsa_free ( context );
289  err_alloc:
290  err_parse:
291  return rc;
292 }
293 
294 /**
295  * Calculate RSA maximum output length
296  *
297  * @v key Key
298  * @ret max_len Maximum output length
299  */
300 static size_t rsa_max_len ( const struct asn1_cursor *key ) {
301  struct asn1_cursor modulus;
302  struct asn1_cursor exponent;
303  int rc;
304 
305  /* Parse moduli and exponents */
306  if ( ( rc = rsa_parse_mod_exp ( &modulus, &exponent, key ) ) != 0 ) {
307  /* Return a zero maximum length on error */
308  return 0;
309  }
310 
311  /* Output length can never exceed modulus length */
312  return modulus.len;
313 }
314 
315 /**
316  * Perform RSA cipher operation
317  *
318  * @v context RSA context
319  * @v in Input buffer
320  * @v out Output buffer
321  */
322 static void rsa_cipher ( struct rsa_context *context,
323  const void *in, void *out ) {
324  bigint_t ( context->size ) *input = ( ( void * ) context->input0 );
325  bigint_t ( context->size ) *output = ( ( void * ) context->output0 );
326  bigint_t ( context->size ) *modulus = ( ( void * ) context->modulus0 );
327  bigint_t ( context->exponent_size ) *exponent =
328  ( ( void * ) context->exponent0 );
329 
330  /* Initialise big integer */
331  bigint_init ( input, in, context->max_len );
332 
333  /* Perform modular exponentiation */
334  bigint_mod_exp ( input, modulus, exponent, output, context->tmp );
335 
336  /* Copy out result */
337  bigint_done ( output, out, context->max_len );
338 }
339 
340 /**
341  * Encrypt using RSA
342  *
343  * @v key Key
344  * @v plaintext Plaintext
345  * @v plaintext_len Length of plaintext
346  * @v ciphertext Ciphertext
347  * @ret ciphertext_len Length of ciphertext, or negative error
348  */
349 static int rsa_encrypt ( const struct asn1_cursor *key, const void *plaintext,
350  size_t plaintext_len, void *ciphertext ) {
351  struct rsa_context context;
352  void *temp;
353  uint8_t *encoded;
354  size_t max_len;
355  size_t random_nz_len;
356  int rc;
357 
358  DBGC ( &context, "RSA %p encrypting:\n", &context );
359  DBGC_HDA ( &context, 0, plaintext, plaintext_len );
360 
361  /* Initialise context */
362  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
363  goto err_init;
364 
365  /* Calculate lengths */
366  max_len = ( context.max_len - 11 );
367  random_nz_len = ( max_len - plaintext_len + 8 );
368 
369  /* Sanity check */
370  if ( plaintext_len > max_len ) {
371  DBGC ( &context, "RSA %p plaintext too long (%zd bytes, max "
372  "%zd)\n", &context, plaintext_len, max_len );
373  rc = -ERANGE;
374  goto err_sanity;
375  }
376 
377  /* Construct encoded message (using the big integer output
378  * buffer as temporary storage)
379  */
380  temp = context.output0;
381  encoded = temp;
382  encoded[0] = 0x00;
383  encoded[1] = 0x02;
384  if ( ( rc = get_random_nz ( &encoded[2], random_nz_len ) ) != 0 ) {
385  DBGC ( &context, "RSA %p could not generate random data: %s\n",
386  &context, strerror ( rc ) );
387  goto err_random;
388  }
389  encoded[ 2 + random_nz_len ] = 0x00;
390  memcpy ( &encoded[ context.max_len - plaintext_len ],
391  plaintext, plaintext_len );
392 
393  /* Encipher the encoded message */
394  rsa_cipher ( &context, encoded, ciphertext );
395  DBGC ( &context, "RSA %p encrypted:\n", &context );
396  DBGC_HDA ( &context, 0, ciphertext, context.max_len );
397 
398  /* Free context */
399  rsa_free ( &context );
400 
401  return context.max_len;
402 
403  err_random:
404  err_sanity:
405  rsa_free ( &context );
406  err_init:
407  return rc;
408 }
409 
410 /**
411  * Decrypt using RSA
412  *
413  * @v key Key
414  * @v ciphertext Ciphertext
415  * @v ciphertext_len Ciphertext length
416  * @v plaintext Plaintext
417  * @ret plaintext_len Plaintext length, or negative error
418  */
419 static int rsa_decrypt ( const struct asn1_cursor *key, const void *ciphertext,
420  size_t ciphertext_len, void *plaintext ) {
421  struct rsa_context context;
422  void *temp;
423  uint8_t *encoded;
424  uint8_t *end;
425  uint8_t *zero;
426  uint8_t *start;
427  size_t plaintext_len;
428  int rc;
429 
430  DBGC ( &context, "RSA %p decrypting:\n", &context );
431  DBGC_HDA ( &context, 0, ciphertext, ciphertext_len );
432 
433  /* Initialise context */
434  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
435  goto err_init;
436 
437  /* Sanity check */
438  if ( ciphertext_len != context.max_len ) {
439  DBGC ( &context, "RSA %p ciphertext incorrect length (%zd "
440  "bytes, should be %zd)\n",
441  &context, ciphertext_len, context.max_len );
442  rc = -ERANGE;
443  goto err_sanity;
444  }
445 
446  /* Decipher the message (using the big integer input buffer as
447  * temporary storage)
448  */
449  temp = context.input0;
450  encoded = temp;
451  rsa_cipher ( &context, ciphertext, encoded );
452 
453  /* Parse the message */
454  end = ( encoded + context.max_len );
455  if ( ( encoded[0] != 0x00 ) || ( encoded[1] != 0x02 ) ) {
456  rc = -EINVAL;
457  goto err_invalid;
458  }
459  zero = memchr ( &encoded[2], 0, ( end - &encoded[2] ) );
460  if ( ! zero ) {
461  rc = -EINVAL;
462  goto err_invalid;
463  }
464  start = ( zero + 1 );
465  plaintext_len = ( end - start );
466 
467  /* Copy out message */
468  memcpy ( plaintext, start, plaintext_len );
469  DBGC ( &context, "RSA %p decrypted:\n", &context );
470  DBGC_HDA ( &context, 0, plaintext, plaintext_len );
471 
472  /* Free context */
473  rsa_free ( &context );
474 
475  return plaintext_len;
476 
477  err_invalid:
478  DBGC ( &context, "RSA %p invalid decrypted message:\n", &context );
479  DBGC_HDA ( &context, 0, encoded, context.max_len );
480  err_sanity:
481  rsa_free ( &context );
482  err_init:
483  return rc;
484 }
485 
486 /**
487  * Encode RSA digest
488  *
489  * @v context RSA context
490  * @v digest Digest algorithm
491  * @v value Digest value
492  * @v encoded Encoded digest
493  * @ret rc Return status code
494  */
495 static int rsa_encode_digest ( struct rsa_context *context,
496  struct digest_algorithm *digest,
497  const void *value, void *encoded ) {
499  size_t digest_len = digest->digestsize;
500  uint8_t *temp = encoded;
501  size_t digestinfo_len;
502  size_t max_len;
503  size_t pad_len;
504 
505  /* Identify prefix */
507  if ( ! prefix ) {
508  DBGC ( context, "RSA %p has no prefix for %s\n",
509  context, digest->name );
510  return -ENOTSUP;
511  }
512  digestinfo_len = ( prefix->len + digest_len );
513 
514  /* Sanity check */
515  max_len = ( context->max_len - 11 );
516  if ( digestinfo_len > max_len ) {
517  DBGC ( context, "RSA %p %s digestInfo too long (%zd bytes, "
518  "max %zd)\n", context, digest->name, digestinfo_len,
519  max_len );
520  return -ERANGE;
521  }
522  DBGC ( context, "RSA %p encoding %s digest:\n",
523  context, digest->name );
524  DBGC_HDA ( context, 0, value, digest_len );
525 
526  /* Construct encoded message */
527  *(temp++) = 0x00;
528  *(temp++) = 0x01;
529  pad_len = ( max_len - digestinfo_len + 8 );
530  memset ( temp, 0xff, pad_len );
531  temp += pad_len;
532  *(temp++) = 0x00;
533  memcpy ( temp, prefix->data, prefix->len );
534  temp += prefix->len;
535  memcpy ( temp, value, digest_len );
536  temp += digest_len;
537  assert ( temp == ( encoded + context->max_len ) );
538  DBGC ( context, "RSA %p encoded %s digest:\n", context, digest->name );
539  DBGC_HDA ( context, 0, encoded, context->max_len );
540 
541  return 0;
542 }
543 
544 /**
545  * Sign digest value using RSA
546  *
547  * @v key Key
548  * @v digest Digest algorithm
549  * @v value Digest value
550  * @v signature Signature
551  * @ret signature_len Signature length, or negative error
552  */
553 static int rsa_sign ( const struct asn1_cursor *key,
554  struct digest_algorithm *digest, const void *value,
555  void *signature ) {
556  struct rsa_context context;
557  void *temp;
558  int rc;
559 
560  DBGC ( &context, "RSA %p signing %s digest:\n",
561  &context, digest->name );
562  DBGC_HDA ( &context, 0, value, digest->digestsize );
563 
564  /* Initialise context */
565  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
566  goto err_init;
567 
568  /* Encode digest (using the big integer output buffer as
569  * temporary storage)
570  */
571  temp = context.output0;
572  if ( ( rc = rsa_encode_digest ( &context, digest, value, temp ) ) != 0 )
573  goto err_encode;
574 
575  /* Encipher the encoded digest */
576  rsa_cipher ( &context, temp, signature );
577  DBGC ( &context, "RSA %p signed %s digest:\n", &context, digest->name );
578  DBGC_HDA ( &context, 0, signature, context.max_len );
579 
580  /* Free context */
581  rsa_free ( &context );
582 
583  return context.max_len;
584 
585  err_encode:
586  rsa_free ( &context );
587  err_init:
588  return rc;
589 }
590 
591 /**
592  * Verify signed digest value using RSA
593  *
594  * @v key Key
595  * @v digest Digest algorithm
596  * @v value Digest value
597  * @v signature Signature
598  * @v signature_len Signature length
599  * @ret rc Return status code
600  */
601 static int rsa_verify ( const struct asn1_cursor *key,
602  struct digest_algorithm *digest, const void *value,
603  const void *signature, size_t signature_len ) {
604  struct rsa_context context;
605  void *temp;
606  void *expected;
607  void *actual;
608  int rc;
609 
610  DBGC ( &context, "RSA %p verifying %s digest:\n",
611  &context, digest->name );
612  DBGC_HDA ( &context, 0, value, digest->digestsize );
613  DBGC_HDA ( &context, 0, signature, signature_len );
614 
615  /* Initialise context */
616  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
617  goto err_init;
618 
619  /* Sanity check */
620  if ( signature_len != context.max_len ) {
621  DBGC ( &context, "RSA %p signature incorrect length (%zd "
622  "bytes, should be %zd)\n",
623  &context, signature_len, context.max_len );
624  rc = -ERANGE;
625  goto err_sanity;
626  }
627 
628  /* Decipher the signature (using the big integer input buffer
629  * as temporary storage)
630  */
631  temp = context.input0;
632  expected = temp;
633  rsa_cipher ( &context, signature, expected );
634  DBGC ( &context, "RSA %p deciphered signature:\n", &context );
635  DBGC_HDA ( &context, 0, expected, context.max_len );
636 
637  /* Encode digest (using the big integer output buffer as
638  * temporary storage)
639  */
640  temp = context.output0;
641  actual = temp;
642  if ( ( rc = rsa_encode_digest ( &context, digest, value,
643  actual ) ) != 0 )
644  goto err_encode;
645 
646  /* Verify the signature */
647  if ( memcmp ( actual, expected, context.max_len ) != 0 ) {
648  DBGC ( &context, "RSA %p signature verification failed\n",
649  &context );
650  rc = -EACCES_VERIFY;
651  goto err_verify;
652  }
653 
654  /* Free context */
655  rsa_free ( &context );
656 
657  DBGC ( &context, "RSA %p signature verified successfully\n", &context );
658  return 0;
659 
660  err_verify:
661  err_encode:
662  err_sanity:
663  rsa_free ( &context );
664  err_init:
665  return rc;
666 }
667 
668 /**
669  * Check for matching RSA public/private key pair
670  *
671  * @v private_key Private key
672  * @v public_key Public key
673  * @ret rc Return status code
674  */
675 static int rsa_match ( const struct asn1_cursor *private_key,
676  const struct asn1_cursor *public_key ) {
677  struct asn1_cursor private_modulus;
678  struct asn1_cursor private_exponent;
679  struct asn1_cursor public_modulus;
680  struct asn1_cursor public_exponent;
681  int rc;
682 
683  /* Parse moduli and exponents */
684  if ( ( rc = rsa_parse_mod_exp ( &private_modulus, &private_exponent,
685  private_key ) ) != 0 )
686  return rc;
687  if ( ( rc = rsa_parse_mod_exp ( &public_modulus, &public_exponent,
688  public_key ) ) != 0 )
689  return rc;
690 
691  /* Compare moduli */
692  if ( asn1_compare ( &private_modulus, &public_modulus ) != 0 )
693  return -ENOTTY;
694 
695  return 0;
696 }
697 
698 /** RSA public-key algorithm */
700  .name = "rsa",
701  .max_len = rsa_max_len,
702  .encrypt = rsa_encrypt,
703  .decrypt = rsa_decrypt,
704  .sign = rsa_sign,
705  .verify = rsa_verify,
706  .match = rsa_match,
707 };
708 
709 /* Drag in objects via rsa_algorithm */
711 
712 /* Drag in crypto configuration */
713 REQUIRE_OBJECT ( config_crypto );
static int rsa_parse_mod_exp(struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
Parse RSA modulus and exponent.
Definition: rsa.c:176
#define __attribute__(x)
Definition: compiler.h:10
void * tmp
Temporary working space for modular exponentiation.
Definition: rsa.c:69
#define EINVAL
Invalid argument.
Definition: errno.h:428
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
bigint_element_t * output0
Output buffer.
Definition: rsa.c:67
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition: asn1.c:480
#define bigint_mod_exp(base, modulus, exponent, result, tmp)
Perform modular exponentiation of big integers.
Definition: bigint.h:293
__be32 in[4]
Definition: CIB_PRM.h:35
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
Definition: asn1.c:205
Error codes.
static int rsa_sign(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, void *signature)
Sign digest value using RSA.
Definition: rsa.c:553
uint8_t size
Entry size (in 32-bit words)
Definition: ena.h:16
static int rsa_encode_digest(struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
Encode RSA digest.
Definition: rsa.c:495
const void * data
Start of data.
Definition: asn1.h:22
#define DBGC(...)
Definition: compiler.h:505
unsigned int exponent_size
Exponent size.
Definition: rsa.c:63
int get_random_nz(void *data, size_t len)
Get random non-zero bytes.
Definition: random_nz.c:62
Definition: bnxt_hsi.h:68
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:322
#define bigint_init(value, data, len)
Initialise big integer.
Definition: bigint.h:50
char prefix[4]
Definition: vmconsole.c:53
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
Cryptographic API.
static unsigned int asn1_type(const struct asn1_cursor *cursor)
Extract ASN.1 type.
Definition: asn1.h:446
static struct rsa_digestinfo_prefix * rsa_find_prefix(struct digest_algorithm *digest)
Identify RSA prefix.
Definition: rsa.c:79
REQUIRING_SYMBOL(rsa_algorithm)
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
Definition: asn1.c:313
#define EACCES_VERIFY
Definition: rsa.c:45
Big integer support.
bigint_element_t * modulus0
Modulus.
Definition: rsa.c:55
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
void * memchr(const void *src, int character, size_t len)
Find character within a memory region.
Definition: string.c:135
size_t len
Length of data.
Definition: asn1.h:24
uint32_t start
Starting offset.
Definition: netvsc.h:12
unsigned long tmp
Definition: linux_pci.h:63
#define ENOMEM
Not enough space.
Definition: errno.h:534
HMAC_DRBG algorithm.
void * memcpy(void *dest, const void *src, size_t len) __nonnull
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
static int rsa_parse_integer(struct asn1_cursor *integer, const struct asn1_cursor *raw)
Parse RSA integer.
Definition: rsa.c:147
An RSA context.
Definition: rsa.c:51
ASN.1 encoding.
static int rsa_match(const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Check for matching RSA public/private key pair.
Definition: rsa.c:675
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
#define DBGC_HDA(...)
Definition: compiler.h:506
unsigned int size
Modulus size.
Definition: rsa.c:57
size_t max_len
Modulus length.
Definition: rsa.c:59
void * dynamic
Allocated memory.
Definition: rsa.c:53
uint32_t bigint_element_t
Element of a big integer.
Definition: bigint.h:15
bigint_element_t * input0
Input buffer.
Definition: rsa.c:65
int asn1_check_algorithm(const struct asn1_cursor *cursor, struct asn1_algorithm *expected)
Check ASN.1 OID-identified algorithm.
Definition: asn1.c:680
__be32 out[4]
Definition: CIB_PRM.h:36
#define bigint_done(value, out, len)
Finalise big integer.
Definition: bigint.h:63
int asn1_integral_bit_string(const struct asn1_cursor *cursor, struct asn1_bit_string *bits)
Parse ASN.1 bit string that must be an integral number of bytes.
Definition: asn1.c:451
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:94
#define ERANGE
Result too large.
Definition: errno.h:639
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
Definition: bigint.h:30
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition: tables.h:385
An RSA digestInfo prefix.
Definition: rsa.h:42
unsigned char uint8_t
Definition: stdint.h:10
#define ASN1_SEQUENCE
ASN.1 sequence.
Definition: asn1.h:89
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:583
#define ASN1_INTEGER
ASN.1 integer.
Definition: asn1.h:62
bigint_element_t * exponent0
Exponent.
Definition: rsa.c:61
long pad_len
Definition: bigint.h:30
RSA public-key cryptography.
static volatile void * bits
Definition: bitops.h:27
#define ENOTTY
Inappropriate I/O control operation.
Definition: errno.h:594
size_t digestsize
Digest size.
Definition: crypto.h:26
const char * name
Algorithm name.
Definition: crypto.h:20
int asn1_skip(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object.
Definition: asn1.c:254
struct pubkey_algorithm rsa_algorithm
RSA public-key algorithm.
Definition: rsa.c:699
A message digest algorithm.
Definition: crypto.h:18
uint32_t end
Ending offset.
Definition: netvsc.h:18
static int rsa_decrypt(const struct asn1_cursor *key, const void *ciphertext, size_t ciphertext_len, void *plaintext)
Decrypt using RSA.
Definition: rsa.c:419
A private key.
Definition: privkey.h:16
struct digest_algorithm * digest
Digest algorithm.
Definition: rsa.h:44
__be32 raw[7]
Definition: CIB_PRM.h:28
static int rsa_verify(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const void *signature, size_t signature_len)
Verify signed digest value using RSA.
Definition: rsa.c:601
static size_t rsa_max_len(const struct asn1_cursor *key)
Calculate RSA maximum output length.
Definition: rsa.c:300
REQUIRE_OBJECT(config_crypto)
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
Definition: rsa.c:255
static int rsa_encrypt(const struct asn1_cursor *key, const void *plaintext, size_t plaintext_len, void *ciphertext)
Encrypt using RSA.
Definition: rsa.c:349
#define bigint_mod_exp_tmp_len(modulus)
Calculate temporary working space required for moduluar exponentiation.
Definition: bigint.h:307
#define ASN1_OCTET_STRING
ASN.1 octet string.
Definition: asn1.h:68
u8 signature
CPU signature.
Definition: CIB_PRM.h:35
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
Definition: string.c:114
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
String functions.
An ASN.1 object cursor.
Definition: asn1.h:20
A public key algorithm.
Definition: crypto.h:121
static int rsa_alloc(struct rsa_context *context, size_t modulus_len, size_t exponent_len)
Allocate RSA dynamic storage.
Definition: rsa.c:107
union @383 key
Sense key.
Definition: scsi.h:18
const char * name
Algorithm name.
Definition: crypto.h:123
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.
An ASN.1 bit string.
Definition: asn1.h:420
void * memset(void *dest, int character, size_t len) __nonnull
#define RSA_DIGESTINFO_PREFIXES
RSA digestInfo prefix table.
Definition: rsa.h:52