iPXE
rsa.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2012 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <stdint.h>
27 #include <stdlib.h>
28 #include <stdarg.h>
29 #include <string.h>
30 #include <errno.h>
31 #include <ipxe/asn1.h>
32 #include <ipxe/crypto.h>
33 #include <ipxe/bigint.h>
34 #include <ipxe/random_nz.h>
35 #include <ipxe/rsa.h>
36 
37 /** @file
38  *
39  * RSA public-key cryptography
40  *
41  * RSA is documented in RFC 3447.
42  */
43 
44 /* Disambiguate the various error causes */
45 #define EACCES_VERIFY \
46  __einfo_error ( EINFO_EACCES_VERIFY )
47 #define EINFO_EACCES_VERIFY \
48  __einfo_uniqify ( EINFO_EACCES, 0x01, "RSA signature incorrect" )
49 
50 /** An RSA context */
51 struct rsa_context {
52  /** Allocated memory */
53  void *dynamic;
54  /** Modulus */
55  bigint_element_t *modulus0;
56  /** Modulus size */
57  unsigned int size;
58  /** Modulus length */
59  size_t max_len;
60  /** Exponent */
61  bigint_element_t *exponent0;
62  /** Exponent size */
63  unsigned int exponent_size;
64  /** Input buffer */
65  bigint_element_t *input0;
66  /** Output buffer */
67  bigint_element_t *output0;
68  /** Temporary working space for modular exponentiation */
69  void *tmp;
70 };
71 
72 /**
73  * Identify RSA prefix
74  *
75  * @v digest Digest algorithm
76  * @ret prefix RSA prefix, or NULL
77  */
78 static struct rsa_digestinfo_prefix *
79 rsa_find_prefix ( struct digest_algorithm *digest ) {
80  struct rsa_digestinfo_prefix *prefix;
81 
82  for_each_table_entry ( prefix, RSA_DIGESTINFO_PREFIXES ) {
83  if ( prefix->digest == digest )
84  return prefix;
85  }
86  return NULL;
87 }
88 
89 /**
90  * Free RSA dynamic storage
91  *
92  * @v context RSA context
93  */
94 static inline void rsa_free ( struct rsa_context *context ) {
95 
96  free ( context->dynamic );
97 }
98 
99 /**
100  * Allocate RSA dynamic storage
101  *
102  * @v context RSA context
103  * @v modulus_len Modulus length
104  * @v exponent_len Exponent length
105  * @ret rc Return status code
106  */
107 static int rsa_alloc ( struct rsa_context *context, size_t modulus_len,
108  size_t exponent_len ) {
109  unsigned int size = bigint_required_size ( modulus_len );
110  unsigned int exponent_size = bigint_required_size ( exponent_len );
111  bigint_t ( size ) *modulus;
112  size_t tmp_len = bigint_mod_exp_tmp_len ( modulus );
113  struct {
114  bigint_t ( size ) modulus;
115  bigint_t ( exponent_size ) exponent;
116  bigint_t ( size ) input;
117  bigint_t ( size ) output;
118  uint8_t tmp[tmp_len];
119  } __attribute__ (( packed )) *dynamic;
120 
121  /* Allocate dynamic storage */
122  dynamic = malloc ( sizeof ( *dynamic ) );
123  if ( ! dynamic )
124  return -ENOMEM;
125 
126  /* Assign dynamic storage */
127  context->dynamic = dynamic;
128  context->modulus0 = &dynamic->modulus.element[0];
129  context->size = size;
130  context->max_len = modulus_len;
131  context->exponent0 = &dynamic->exponent.element[0];
132  context->exponent_size = exponent_size;
133  context->input0 = &dynamic->input.element[0];
134  context->output0 = &dynamic->output.element[0];
135  context->tmp = &dynamic->tmp;
136 
137  return 0;
138 }
139 
140 /**
141  * Parse RSA integer
142  *
143  * @v integer Integer to fill in
144  * @v raw ASN.1 cursor
145  * @ret rc Return status code
146  */
147 static int rsa_parse_integer ( struct asn1_cursor *integer,
148  const struct asn1_cursor *raw ) {
149 
150  /* Enter integer */
151  memcpy ( integer, raw, sizeof ( *integer ) );
152  asn1_enter ( integer, ASN1_INTEGER );
153 
154  /* Skip initial sign byte if applicable */
155  if ( ( integer->len > 1 ) &&
156  ( *( ( uint8_t * ) integer->data ) == 0x00 ) ) {
157  integer->data++;
158  integer->len--;
159  }
160 
161  /* Fail if cursor or integer are invalid */
162  if ( ! integer->len )
163  return -EINVAL;
164 
165  return 0;
166 }
167 
168 /**
169  * Parse RSA modulus and exponent
170  *
171  * @v modulus Modulus to fill in
172  * @v exponent Exponent to fill in
173  * @v raw ASN.1 cursor
174  * @ret rc Return status code
175  */
176 static int rsa_parse_mod_exp ( struct asn1_cursor *modulus,
177  struct asn1_cursor *exponent,
178  const struct asn1_cursor *raw ) {
179  struct asn1_cursor cursor;
180  int is_private;
181  int rc;
182 
183  /* Enter subjectPublicKeyInfo/privateKeyInfo/RSAPrivateKey */
184  memcpy ( &cursor, raw, sizeof ( cursor ) );
185  asn1_enter ( &cursor, ASN1_SEQUENCE );
186 
187  /* Determine key format */
188  if ( asn1_type ( &cursor ) == ASN1_INTEGER ) {
189 
190  /* Private key */
191  is_private = 1;
192 
193  /* Skip version */
194  asn1_skip_any ( &cursor );
195 
196  /* Enter privateKey, if present */
197  if ( asn1_check_algorithm ( &cursor, &rsa_encryption_algorithm,
198  NULL ) == 0 ) {
199 
200  /* Skip privateKeyAlgorithm */
201  asn1_skip_any ( &cursor );
202 
203  /* Enter privateKey */
204  asn1_enter ( &cursor, ASN1_OCTET_STRING );
205 
206  /* Enter RSAPrivateKey */
207  asn1_enter ( &cursor, ASN1_SEQUENCE );
208 
209  /* Skip version */
210  asn1_skip ( &cursor, ASN1_INTEGER );
211  }
212 
213  } else {
214 
215  /* Public key */
216  is_private = 0;
217 
218  /* Skip algorithm */
219  asn1_skip ( &cursor, ASN1_SEQUENCE );
220 
221  /* Enter subjectPublicKey */
222  asn1_enter_bits ( &cursor, NULL );
223 
224  /* Enter RSAPublicKey */
225  asn1_enter ( &cursor, ASN1_SEQUENCE );
226  }
227 
228  /* Extract modulus */
229  if ( ( rc = rsa_parse_integer ( modulus, &cursor ) ) != 0 )
230  return rc;
231  asn1_skip_any ( &cursor );
232 
233  /* Skip public exponent, if applicable */
234  if ( is_private )
235  asn1_skip ( &cursor, ASN1_INTEGER );
236 
237  /* Extract publicExponent/privateExponent */
238  if ( ( rc = rsa_parse_integer ( exponent, &cursor ) ) != 0 )
239  return rc;
240 
241  return 0;
242 }
243 
244 /**
245  * Initialise RSA cipher
246  *
247  * @v context RSA context
248  * @v key Key
249  * @ret rc Return status code
250  */
251 static int rsa_init ( struct rsa_context *context,
252  const struct asn1_cursor *key ) {
253  struct asn1_cursor modulus;
254  struct asn1_cursor exponent;
255  int rc;
256 
257  /* Initialise context */
258  memset ( context, 0, sizeof ( *context ) );
259 
260  /* Parse modulus and exponent */
261  if ( ( rc = rsa_parse_mod_exp ( &modulus, &exponent, key ) ) != 0 ){
262  DBGC ( context, "RSA %p invalid modulus/exponent:\n", context );
263  DBGC_HDA ( context, 0, key->data, key->len );
264  goto err_parse;
265  }
266 
267  DBGC ( context, "RSA %p modulus:\n", context );
268  DBGC_HDA ( context, 0, modulus.data, modulus.len );
269  DBGC ( context, "RSA %p exponent:\n", context );
270  DBGC_HDA ( context, 0, exponent.data, exponent.len );
271 
272  /* Allocate dynamic storage */
273  if ( ( rc = rsa_alloc ( context, modulus.len, exponent.len ) ) != 0 )
274  goto err_alloc;
275 
276  /* Construct big integers */
277  bigint_init ( ( ( bigint_t ( context->size ) * ) context->modulus0 ),
278  modulus.data, modulus.len );
279  bigint_init ( ( ( bigint_t ( context->exponent_size ) * )
280  context->exponent0 ), exponent.data, exponent.len );
281 
282  return 0;
283 
284  rsa_free ( context );
285  err_alloc:
286  err_parse:
287  return rc;
288 }
289 
290 /**
291  * Perform RSA cipher operation
292  *
293  * @v context RSA context
294  * @v in Input buffer
295  * @v out Output buffer
296  */
297 static void rsa_cipher ( struct rsa_context *context,
298  const void *in, void *out ) {
299  bigint_t ( context->size ) *input = ( ( void * ) context->input0 );
300  bigint_t ( context->size ) *output = ( ( void * ) context->output0 );
301  bigint_t ( context->size ) *modulus = ( ( void * ) context->modulus0 );
302  bigint_t ( context->exponent_size ) *exponent =
303  ( ( void * ) context->exponent0 );
304 
305  /* Initialise big integer */
306  bigint_init ( input, in, context->max_len );
307 
308  /* Perform modular exponentiation */
309  bigint_mod_exp ( input, modulus, exponent, output, context->tmp );
310 
311  /* Copy out result */
312  bigint_done ( output, out, context->max_len );
313 }
314 
315 /**
316  * Encrypt using RSA
317  *
318  * @v key Key
319  * @v plaintext Plaintext
320  * @v ciphertext Ciphertext
321  * @ret ciphertext_len Length of ciphertext, or negative error
322  */
323 static int rsa_encrypt ( const struct asn1_cursor *key,
324  const struct asn1_cursor *plaintext,
325  struct asn1_builder *ciphertext ) {
326  struct rsa_context context;
327  void *temp;
328  uint8_t *encoded;
329  size_t max_len;
330  size_t random_nz_len;
331  int rc;
332 
333  DBGC ( &context, "RSA %p encrypting:\n", &context );
334  DBGC_HDA ( &context, 0, plaintext->data, plaintext->len );
335 
336  /* Initialise context */
337  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
338  goto err_init;
339 
340  /* Calculate lengths */
341  max_len = ( context.max_len - 11 );
342  random_nz_len = ( max_len - plaintext->len + 8 );
343 
344  /* Sanity check */
345  if ( plaintext->len > max_len ) {
346  DBGC ( &context, "RSA %p plaintext too long (%zd bytes, max "
347  "%zd)\n", &context, plaintext->len, max_len );
348  rc = -ERANGE;
349  goto err_sanity;
350  }
351 
352  /* Construct encoded message (using the big integer output
353  * buffer as temporary storage)
354  */
355  temp = context.output0;
356  encoded = temp;
357  encoded[0] = 0x00;
358  encoded[1] = 0x02;
359  if ( ( rc = get_random_nz ( &encoded[2], random_nz_len ) ) != 0 ) {
360  DBGC ( &context, "RSA %p could not generate random data: %s\n",
361  &context, strerror ( rc ) );
362  goto err_random;
363  }
364  encoded[ 2 + random_nz_len ] = 0x00;
365  memcpy ( &encoded[ context.max_len - plaintext->len ],
366  plaintext->data, plaintext->len );
367 
368  /* Create space for ciphertext */
369  if ( ( rc = asn1_grow ( ciphertext, context.max_len ) ) != 0 )
370  goto err_grow;
371 
372  /* Encipher the encoded message */
373  rsa_cipher ( &context, encoded, ciphertext->data );
374  DBGC ( &context, "RSA %p encrypted:\n", &context );
375  DBGC_HDA ( &context, 0, ciphertext->data, context.max_len );
376 
377  /* Free context */
378  rsa_free ( &context );
379 
380  return 0;
381 
382  err_grow:
383  err_random:
384  err_sanity:
385  rsa_free ( &context );
386  err_init:
387  return rc;
388 }
389 
390 /**
391  * Decrypt using RSA
392  *
393  * @v key Key
394  * @v ciphertext Ciphertext
395  * @v plaintext Plaintext
396  * @ret rc Return status code
397  */
398 static int rsa_decrypt ( const struct asn1_cursor *key,
399  const struct asn1_cursor *ciphertext,
400  struct asn1_builder *plaintext ) {
401  struct rsa_context context;
402  void *temp;
403  uint8_t *encoded;
404  uint8_t *end;
405  uint8_t *zero;
406  uint8_t *start;
407  size_t len;
408  int rc;
409 
410  DBGC ( &context, "RSA %p decrypting:\n", &context );
411  DBGC_HDA ( &context, 0, ciphertext->data, ciphertext->len );
412 
413  /* Initialise context */
414  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
415  goto err_init;
416 
417  /* Sanity check */
418  if ( ciphertext->len != context.max_len ) {
419  DBGC ( &context, "RSA %p ciphertext incorrect length (%zd "
420  "bytes, should be %zd)\n",
421  &context, ciphertext->len, context.max_len );
422  rc = -ERANGE;
423  goto err_sanity;
424  }
425 
426  /* Decipher the message (using the big integer input buffer as
427  * temporary storage)
428  */
429  temp = context.input0;
430  encoded = temp;
431  rsa_cipher ( &context, ciphertext->data, encoded );
432 
433  /* Parse the message */
434  end = ( encoded + context.max_len );
435  if ( ( encoded[0] != 0x00 ) || ( encoded[1] != 0x02 ) ) {
436  rc = -EINVAL;
437  goto err_invalid;
438  }
439  zero = memchr ( &encoded[2], 0, ( end - &encoded[2] ) );
440  if ( ! zero ) {
441  DBGC ( &context, "RSA %p invalid decrypted message:\n",
442  &context );
443  DBGC_HDA ( &context, 0, encoded, context.max_len );
444  rc = -EINVAL;
445  goto err_invalid;
446  }
447  start = ( zero + 1 );
448  len = ( end - start );
449 
450  /* Create space for plaintext */
451  if ( ( rc = asn1_grow ( plaintext, len ) ) != 0 )
452  goto err_grow;
453 
454  /* Copy out message */
455  memcpy ( plaintext->data, start, len );
456  DBGC ( &context, "RSA %p decrypted:\n", &context );
457  DBGC_HDA ( &context, 0, plaintext->data, len );
458 
459  /* Free context */
460  rsa_free ( &context );
461 
462  return 0;
463 
464  err_grow:
465  err_invalid:
466  err_sanity:
467  rsa_free ( &context );
468  err_init:
469  return rc;
470 }
471 
472 /**
473  * Encode RSA digest
474  *
475  * @v context RSA context
476  * @v digest Digest algorithm
477  * @v value Digest value
478  * @v encoded Encoded digest
479  * @ret rc Return status code
480  */
481 static int rsa_encode_digest ( struct rsa_context *context,
482  struct digest_algorithm *digest,
483  const void *value, void *encoded ) {
484  struct rsa_digestinfo_prefix *prefix;
485  size_t digest_len = digest->digestsize;
486  uint8_t *temp = encoded;
487  size_t digestinfo_len;
488  size_t max_len;
489  size_t pad_len;
490 
491  /* Identify prefix */
492  prefix = rsa_find_prefix ( digest );
493  if ( ! prefix ) {
494  DBGC ( context, "RSA %p has no prefix for %s\n",
495  context, digest->name );
496  return -ENOTSUP;
497  }
498  digestinfo_len = ( prefix->len + digest_len );
499 
500  /* Sanity check */
501  max_len = ( context->max_len - 11 );
502  if ( digestinfo_len > max_len ) {
503  DBGC ( context, "RSA %p %s digestInfo too long (%zd bytes, "
504  "max %zd)\n", context, digest->name, digestinfo_len,
505  max_len );
506  return -ERANGE;
507  }
508  DBGC ( context, "RSA %p encoding %s digest:\n",
509  context, digest->name );
510  DBGC_HDA ( context, 0, value, digest_len );
511 
512  /* Construct encoded message */
513  *(temp++) = 0x00;
514  *(temp++) = 0x01;
515  pad_len = ( max_len - digestinfo_len + 8 );
516  memset ( temp, 0xff, pad_len );
517  temp += pad_len;
518  *(temp++) = 0x00;
519  memcpy ( temp, prefix->data, prefix->len );
520  temp += prefix->len;
521  memcpy ( temp, value, digest_len );
522  temp += digest_len;
523  assert ( temp == ( encoded + context->max_len ) );
524  DBGC ( context, "RSA %p encoded %s digest:\n", context, digest->name );
525  DBGC_HDA ( context, 0, encoded, context->max_len );
526 
527  return 0;
528 }
529 
530 /**
531  * Sign digest value using RSA
532  *
533  * @v key Key
534  * @v digest Digest algorithm
535  * @v value Digest value
536  * @v signature Signature
537  * @ret rc Return status code
538  */
539 static int rsa_sign ( const struct asn1_cursor *key,
540  struct digest_algorithm *digest, const void *value,
541  struct asn1_builder *signature ) {
542  struct rsa_context context;
543  int rc;
544 
545  DBGC ( &context, "RSA %p signing %s digest:\n",
546  &context, digest->name );
547  DBGC_HDA ( &context, 0, value, digest->digestsize );
548 
549  /* Initialise context */
550  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
551  goto err_init;
552 
553  /* Create space for encoded digest and signature */
554  if ( ( rc = asn1_grow ( signature, context.max_len ) ) != 0 )
555  goto err_grow;
556 
557  /* Encode digest */
558  if ( ( rc = rsa_encode_digest ( &context, digest, value,
559  signature->data ) ) != 0 )
560  goto err_encode;
561 
562  /* Encipher the encoded digest */
563  rsa_cipher ( &context, signature->data, signature->data );
564  DBGC ( &context, "RSA %p signed %s digest:\n", &context, digest->name );
565  DBGC_HDA ( &context, 0, signature->data, signature->len );
566 
567  /* Free context */
568  rsa_free ( &context );
569 
570  return 0;
571 
572  err_encode:
573  err_grow:
574  rsa_free ( &context );
575  err_init:
576  return rc;
577 }
578 
579 /**
580  * Verify signed digest value using RSA
581  *
582  * @v key Key
583  * @v digest Digest algorithm
584  * @v value Digest value
585  * @v signature Signature
586  * @ret rc Return status code
587  */
588 static int rsa_verify ( const struct asn1_cursor *key,
589  struct digest_algorithm *digest, const void *value,
590  const struct asn1_cursor *signature ) {
591  struct rsa_context context;
592  void *temp;
593  void *expected;
594  void *actual;
595  int rc;
596 
597  DBGC ( &context, "RSA %p verifying %s digest:\n",
598  &context, digest->name );
599  DBGC_HDA ( &context, 0, value, digest->digestsize );
600  DBGC_HDA ( &context, 0, signature->data, signature->len );
601 
602  /* Initialise context */
603  if ( ( rc = rsa_init ( &context, key ) ) != 0 )
604  goto err_init;
605 
606  /* Sanity check */
607  if ( signature->len != context.max_len ) {
608  DBGC ( &context, "RSA %p signature incorrect length (%zd "
609  "bytes, should be %zd)\n",
610  &context, signature->len, context.max_len );
611  rc = -ERANGE;
612  goto err_sanity;
613  }
614 
615  /* Decipher the signature (using the big integer input buffer
616  * as temporary storage)
617  */
618  temp = context.input0;
619  expected = temp;
620  rsa_cipher ( &context, signature->data, expected );
621  DBGC ( &context, "RSA %p deciphered signature:\n", &context );
622  DBGC_HDA ( &context, 0, expected, context.max_len );
623 
624  /* Encode digest (using the big integer output buffer as
625  * temporary storage)
626  */
627  temp = context.output0;
628  actual = temp;
629  if ( ( rc = rsa_encode_digest ( &context, digest, value,
630  actual ) ) != 0 )
631  goto err_encode;
632 
633  /* Verify the signature */
634  if ( memcmp ( actual, expected, context.max_len ) != 0 ) {
635  DBGC ( &context, "RSA %p signature verification failed\n",
636  &context );
637  rc = -EACCES_VERIFY;
638  goto err_verify;
639  }
640 
641  /* Free context */
642  rsa_free ( &context );
643 
644  DBGC ( &context, "RSA %p signature verified successfully\n", &context );
645  return 0;
646 
647  err_verify:
648  err_encode:
649  err_sanity:
650  rsa_free ( &context );
651  err_init:
652  return rc;
653 }
654 
655 /**
656  * Check for matching RSA public/private key pair
657  *
658  * @v private_key Private key
659  * @v public_key Public key
660  * @ret rc Return status code
661  */
662 static int rsa_match ( const struct asn1_cursor *private_key,
663  const struct asn1_cursor *public_key ) {
664  struct asn1_cursor private_modulus;
665  struct asn1_cursor private_exponent;
666  struct asn1_cursor public_modulus;
667  struct asn1_cursor public_exponent;
668  int rc;
669 
670  /* Parse moduli and exponents */
671  if ( ( rc = rsa_parse_mod_exp ( &private_modulus, &private_exponent,
672  private_key ) ) != 0 )
673  return rc;
674  if ( ( rc = rsa_parse_mod_exp ( &public_modulus, &public_exponent,
675  public_key ) ) != 0 )
676  return rc;
677 
678  /* Compare moduli */
679  if ( asn1_compare ( &private_modulus, &public_modulus ) != 0 )
680  return -ENOTTY;
681 
682  return 0;
683 }
684 
685 /** RSA public-key algorithm */
686 struct pubkey_algorithm rsa_algorithm = {
687  .name = "rsa",
688  .encrypt = rsa_encrypt,
689  .decrypt = rsa_decrypt,
690  .sign = rsa_sign,
691  .verify = rsa_verify,
692  .match = rsa_match,
693 };
694 
695 /* Drag in objects via rsa_algorithm */
696 REQUIRING_SYMBOL ( rsa_algorithm );
697 
698 /* Drag in crypto configuration */
699 REQUIRE_OBJECT ( config_crypto );
rsa_encrypt
static int rsa_encrypt(const struct asn1_cursor *key, const struct asn1_cursor *plaintext, struct asn1_builder *ciphertext)
Encrypt using RSA.
Definition: rsa.c:323
rsa_parse_mod_exp
static int rsa_parse_mod_exp(struct asn1_cursor *modulus, struct asn1_cursor *exponent, const struct asn1_cursor *raw)
Parse RSA modulus and exponent.
Definition: rsa.c:176
__attribute__
#define __attribute__(x)
Definition: compiler.h:10
rsa_context::tmp
void * tmp
Temporary working space for modular exponentiation.
Definition: rsa.c:69
EINVAL
#define EINVAL
Invalid argument.
Definition: errno.h:428
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
rsa_context::output0
bigint_element_t * output0
Output buffer.
Definition: rsa.c:67
rsa_verify
static int rsa_verify(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, const struct asn1_cursor *signature)
Verify signed digest value using RSA.
Definition: rsa.c:588
asn1_builder::data
void * data
Data.
Definition: asn1.h:35
asn1_compare
int asn1_compare(const struct asn1_cursor *cursor1, const struct asn1_cursor *cursor2)
Compare two ASN.1 objects.
Definition: asn1.c:447
bigint_mod_exp
#define bigint_mod_exp(base, modulus, exponent, result, tmp)
Perform modular exponentiation of big integers.
Definition: bigint.h:346
in
__be32 in[4]
Definition: CIB_PRM.h:35
asn1_enter
int asn1_enter(struct asn1_cursor *cursor, unsigned int type)
Enter ASN.1 object.
Definition: asn1.c:181
errno.h
Error codes.
asn1_enter_bits
int asn1_enter_bits(struct asn1_cursor *cursor, unsigned int *unused)
Enter ASN.1 bit string.
Definition: asn1.c:323
size
uint16_t size
Buffer size.
Definition: dwmac.h:14
rsa_encode_digest
static int rsa_encode_digest(struct rsa_context *context, struct digest_algorithm *digest, const void *value, void *encoded)
Encode RSA digest.
Definition: rsa.c:481
asn1_cursor::data
const void * data
Start of data.
Definition: asn1.h:22
DBGC
#define DBGC(...)
Definition: compiler.h:505
rsa_context::exponent_size
unsigned int exponent_size
Exponent size.
Definition: rsa.c:63
get_random_nz
int get_random_nz(void *data, size_t len)
Get random non-zero bytes.
Definition: random_nz.c:62
input
Definition: bnxt_hsi.h:68
rsa_cipher
static void rsa_cipher(struct rsa_context *context, const void *in, void *out)
Perform RSA cipher operation.
Definition: rsa.c:297
bigint_init
#define bigint_init(value, data, len)
Initialise big integer.
Definition: bigint.h:61
prefix
char prefix[4]
Definition: vmconsole.c:53
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
crypto.h
Cryptographic API.
asn1_type
static unsigned int asn1_type(const struct asn1_cursor *cursor)
Extract ASN.1 type.
Definition: asn1.h:454
rsa_find_prefix
static struct rsa_digestinfo_prefix * rsa_find_prefix(struct digest_algorithm *digest)
Identify RSA prefix.
Definition: rsa.c:79
REQUIRING_SYMBOL
REQUIRING_SYMBOL(rsa_algorithm)
asn1_skip_any
int asn1_skip_any(struct asn1_cursor *cursor)
Skip ASN.1 object of any type.
Definition: asn1.c:302
out
__be32 out[4]
Definition: CIB_PRM.h:36
EACCES_VERIFY
#define EACCES_VERIFY
Definition: rsa.c:45
bigint.h
Big integer support.
rsa_context::modulus0
bigint_element_t * modulus0
Modulus.
Definition: rsa.c:55
ENOTSUP
#define ENOTSUP
Operation not supported.
Definition: errno.h:589
rsa_sign
static int rsa_sign(const struct asn1_cursor *key, struct digest_algorithm *digest, const void *value, struct asn1_builder *signature)
Sign digest value using RSA.
Definition: rsa.c:539
memchr
void * memchr(const void *src, int character, size_t len)
Find character within a memory region.
Definition: string.c:135
asn1_cursor::len
size_t len
Length of data.
Definition: asn1.h:24
start
uint32_t start
Starting offset.
Definition: netvsc.h:12
tmp
unsigned long tmp
Definition: linux_pci.h:64
ENOMEM
#define ENOMEM
Not enough space.
Definition: errno.h:534
random_nz.h
HMAC_DRBG algorithm.
memcpy
void * memcpy(void *dest, const void *src, size_t len) __nonnull
assert
assert((readw(&hdr->flags) &(GTF_reading|GTF_writing))==0)
rsa_parse_integer
static int rsa_parse_integer(struct asn1_cursor *integer, const struct asn1_cursor *raw)
Parse RSA integer.
Definition: rsa.c:147
rsa_context
An RSA context.
Definition: rsa.c:51
asn1.h
ASN.1 encoding.
rsa_match
static int rsa_match(const struct asn1_cursor *private_key, const struct asn1_cursor *public_key)
Check for matching RSA public/private key pair.
Definition: rsa.c:662
value
pseudo_bit_t value[0x00020]
Definition: arbel.h:13
DBGC_HDA
#define DBGC_HDA(...)
Definition: compiler.h:506
rsa_context::size
unsigned int size
Modulus size.
Definition: rsa.c:57
rsa_context::max_len
size_t max_len
Modulus length.
Definition: rsa.c:59
rsa_context::dynamic
void * dynamic
Allocated memory.
Definition: rsa.c:53
bigint_element_t
uint32_t bigint_element_t
Element of a big integer.
Definition: bigint.h:15
rsa_context::input0
bigint_element_t * input0
Input buffer.
Definition: rsa.c:65
len
ring len
Length.
Definition: dwmac.h:231
bigint_done
#define bigint_done(value, out, len)
Finalise big integer.
Definition: bigint.h:74
asn1_grow
int asn1_grow(struct asn1_builder *builder, size_t extra)
Grow ASN.1 builder.
Definition: asn1.c:903
rsa_free
static void rsa_free(struct rsa_context *context)
Free RSA dynamic storage.
Definition: rsa.c:94
ERANGE
#define ERANGE
Result too large.
Definition: errno.h:639
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
free
static void(* free)(struct refcnt *refcnt))
Definition: refcnt.h:54
bigint_required_size
#define bigint_required_size(len)
Determine number of elements required for a big-integer type.
Definition: bigint.h:30
asn1_builder
An ASN.1 object builder.
Definition: asn1.h:28
for_each_table_entry
#define for_each_table_entry(pointer, table)
Iterate through all entries within a linker table.
Definition: tables.h:385
rsa_digestinfo_prefix
An RSA digestInfo prefix.
Definition: rsa.h:42
uint8_t
unsigned char uint8_t
Definition: stdint.h:10
rsa_decrypt
static int rsa_decrypt(const struct asn1_cursor *key, const struct asn1_cursor *ciphertext, struct asn1_builder *plaintext)
Decrypt using RSA.
Definition: rsa.c:398
ASN1_SEQUENCE
#define ASN1_SEQUENCE
ASN.1 sequence.
Definition: asn1.h:89
malloc
void * malloc(size_t size)
Allocate memory.
Definition: malloc.c:620
ASN1_INTEGER
#define ASN1_INTEGER
ASN.1 integer.
Definition: asn1.h:62
rsa_context::exponent0
bigint_element_t * exponent0
Exponent.
Definition: rsa.c:61
pad_len
long pad_len
Definition: bigint.h:30
rsa.h
RSA public-key cryptography.
ENOTTY
#define ENOTTY
Inappropriate I/O control operation.
Definition: errno.h:594
digest_algorithm::digestsize
size_t digestsize
Digest size.
Definition: crypto.h:26
digest_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:20
asn1_skip
int asn1_skip(struct asn1_cursor *cursor, unsigned int type)
Skip ASN.1 object.
Definition: asn1.c:243
rsa_algorithm
struct pubkey_algorithm rsa_algorithm
RSA public-key algorithm.
Definition: rsa.c:686
asn1_check_algorithm
int asn1_check_algorithm(const struct asn1_cursor *cursor, struct asn1_algorithm *expected, struct asn1_cursor *params)
Check ASN.1 OID-identified algorithm.
Definition: asn1.c:692
digest_algorithm
A message digest algorithm.
Definition: crypto.h:18
end
uint32_t end
Ending offset.
Definition: netvsc.h:18
private_key
A private key.
Definition: privkey.h:16
rsa_digestinfo_prefix::digest
struct digest_algorithm * digest
Digest algorithm.
Definition: rsa.h:44
raw
__be32 raw[7]
Definition: CIB_PRM.h:28
REQUIRE_OBJECT
REQUIRE_OBJECT(config_crypto)
rsa_init
static int rsa_init(struct rsa_context *context, const struct asn1_cursor *key)
Initialise RSA cipher.
Definition: rsa.c:251
bigint_mod_exp_tmp_len
#define bigint_mod_exp_tmp_len(modulus)
Calculate temporary working space required for moduluar exponentiation.
Definition: bigint.h:360
ASN1_OCTET_STRING
#define ASN1_OCTET_STRING
ASN.1 octet string.
Definition: asn1.h:68
signature
u8 signature
CPU signature.
Definition: CIB_PRM.h:35
memcmp
int memcmp(const void *first, const void *second, size_t len)
Compare memory regions.
Definition: string.c:114
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
string.h
String functions.
asn1_cursor
An ASN.1 object cursor.
Definition: asn1.h:20
pubkey_algorithm
A public key algorithm.
Definition: crypto.h:121
rsa_alloc
static int rsa_alloc(struct rsa_context *context, size_t modulus_len, size_t exponent_len)
Allocate RSA dynamic storage.
Definition: rsa.c:107
key
union @391 key
Sense key.
Definition: scsi.h:17
pubkey_algorithm::name
const char * name
Algorithm name.
Definition: crypto.h:123
bigint_t
typedef bigint_t(X25519_SIZE) x25519_t
An X25519 unsigned big integer used in internal calculations.
memset
void * memset(void *dest, int character, size_t len) __nonnull
RSA_DIGESTINFO_PREFIXES
#define RSA_DIGESTINFO_PREFIXES
RSA digestInfo prefix table.
Definition: rsa.h:52
Generated by   doxygen 1.8.15