Commit 3ecc9725 authored by Vitaly Chikunov's avatar Vitaly Chikunov Committed by Herbert Xu

crypto: rsa - unimplement sign/verify for raw RSA backends

In preparation for new akcipher verify call remove sign/verify callbacks
from RSA backends and make PKCS1 driver call encrypt/decrypt instead.

This also complies with the well-known idea that raw RSA should never be
used for sign/verify. It only should be used with proper padding scheme
such as PKCS1 driver provides.

Cc: Giovanni Cabiddu <giovanni.cabiddu@intel.com>
Cc: qat-linux@intel.com
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Cc: Gary Hook <gary.hook@amd.com>
Cc: Horia Geantă <horia.geanta@nxp.com>
Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
Signed-off-by: default avatarVitaly Chikunov <vt@altlinux.org>
Reviewed-by: default avatarHoria Geantă <horia.geanta@nxp.com>
Acked-by: default avatarGary R Hook <gary.hook@amd.com>
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
parent 78a0324f
...@@ -429,7 +429,7 @@ static int pkcs1pad_sign(struct akcipher_request *req) ...@@ -429,7 +429,7 @@ static int pkcs1pad_sign(struct akcipher_request *req)
akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg, akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
req->dst, ctx->key_size - 1, req->dst_len); req->dst, ctx->key_size - 1, req->dst_len);
err = crypto_akcipher_sign(&req_ctx->child_req); err = crypto_akcipher_decrypt(&req_ctx->child_req);
if (err != -EINPROGRESS && err != -EBUSY) if (err != -EINPROGRESS && err != -EBUSY)
return pkcs1pad_encrypt_sign_complete(req, err); return pkcs1pad_encrypt_sign_complete(req, err);
...@@ -551,7 +551,7 @@ static int pkcs1pad_verify(struct akcipher_request *req) ...@@ -551,7 +551,7 @@ static int pkcs1pad_verify(struct akcipher_request *req)
req_ctx->out_sg, req->src_len, req_ctx->out_sg, req->src_len,
ctx->key_size); ctx->key_size);
err = crypto_akcipher_verify(&req_ctx->child_req); err = crypto_akcipher_encrypt(&req_ctx->child_req);
if (err != -EINPROGRESS && err != -EBUSY) if (err != -EINPROGRESS && err != -EBUSY)
return pkcs1pad_verify_complete(req, err); return pkcs1pad_verify_complete(req, err);
......
...@@ -50,34 +50,6 @@ static int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c) ...@@ -50,34 +50,6 @@ static int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c)
return mpi_powm(m, c, key->d, key->n); return mpi_powm(m, c, key->d, key->n);
} }
/*
* RSASP1 function [RFC3447 sec 5.2.1]
* s = m^d mod n
*/
static int _rsa_sign(const struct rsa_mpi_key *key, MPI s, MPI m)
{
/* (1) Validate 0 <= m < n */
if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
return -EINVAL;
/* (2) s = m^d mod n */
return mpi_powm(s, m, key->d, key->n);
}
/*
* RSAVP1 function [RFC3447 sec 5.2.2]
* m = s^e mod n;
*/
static int _rsa_verify(const struct rsa_mpi_key *key, MPI m, MPI s)
{
/* (1) Validate 0 <= s < n */
if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0)
return -EINVAL;
/* (2) m = s^e mod n */
return mpi_powm(m, s, key->e, key->n);
}
static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm) static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm)
{ {
return akcipher_tfm_ctx(tfm); return akcipher_tfm_ctx(tfm);
...@@ -160,85 +132,6 @@ static int rsa_dec(struct akcipher_request *req) ...@@ -160,85 +132,6 @@ static int rsa_dec(struct akcipher_request *req)
return ret; return ret;
} }
static int rsa_sign(struct akcipher_request *req)
{
struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
MPI m, s = mpi_alloc(0);
int ret = 0;
int sign;
if (!s)
return -ENOMEM;
if (unlikely(!pkey->n || !pkey->d)) {
ret = -EINVAL;
goto err_free_s;
}
ret = -ENOMEM;
m = mpi_read_raw_from_sgl(req->src, req->src_len);
if (!m)
goto err_free_s;
ret = _rsa_sign(pkey, s, m);
if (ret)
goto err_free_m;
ret = mpi_write_to_sgl(s, req->dst, req->dst_len, &sign);
if (ret)
goto err_free_m;
if (sign < 0)
ret = -EBADMSG;
err_free_m:
mpi_free(m);
err_free_s:
mpi_free(s);
return ret;
}
static int rsa_verify(struct akcipher_request *req)
{
struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
MPI s, m = mpi_alloc(0);
int ret = 0;
int sign;
if (!m)
return -ENOMEM;
if (unlikely(!pkey->n || !pkey->e)) {
ret = -EINVAL;
goto err_free_m;
}
s = mpi_read_raw_from_sgl(req->src, req->src_len);
if (!s) {
ret = -ENOMEM;
goto err_free_m;
}
ret = _rsa_verify(pkey, m, s);
if (ret)
goto err_free_s;
ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
if (ret)
goto err_free_s;
if (sign < 0)
ret = -EBADMSG;
err_free_s:
mpi_free(s);
err_free_m:
mpi_free(m);
return ret;
}
static void rsa_free_mpi_key(struct rsa_mpi_key *key) static void rsa_free_mpi_key(struct rsa_mpi_key *key)
{ {
mpi_free(key->d); mpi_free(key->d);
...@@ -353,8 +246,6 @@ static void rsa_exit_tfm(struct crypto_akcipher *tfm) ...@@ -353,8 +246,6 @@ static void rsa_exit_tfm(struct crypto_akcipher *tfm)
static struct akcipher_alg rsa = { static struct akcipher_alg rsa = {
.encrypt = rsa_enc, .encrypt = rsa_enc,
.decrypt = rsa_dec, .decrypt = rsa_dec,
.sign = rsa_sign,
.verify = rsa_verify,
.set_priv_key = rsa_set_priv_key, .set_priv_key = rsa_set_priv_key,
.set_pub_key = rsa_set_pub_key, .set_pub_key = rsa_set_pub_key,
.max_size = rsa_max_size, .max_size = rsa_max_size,
......
...@@ -994,8 +994,6 @@ static void caam_rsa_exit_tfm(struct crypto_akcipher *tfm) ...@@ -994,8 +994,6 @@ static void caam_rsa_exit_tfm(struct crypto_akcipher *tfm)
static struct akcipher_alg caam_rsa = { static struct akcipher_alg caam_rsa = {
.encrypt = caam_rsa_enc, .encrypt = caam_rsa_enc,
.decrypt = caam_rsa_dec, .decrypt = caam_rsa_dec,
.sign = caam_rsa_dec,
.verify = caam_rsa_enc,
.set_pub_key = caam_rsa_set_pub_key, .set_pub_key = caam_rsa_set_pub_key,
.set_priv_key = caam_rsa_set_priv_key, .set_priv_key = caam_rsa_set_priv_key,
.max_size = caam_rsa_max_size, .max_size = caam_rsa_max_size,
......
...@@ -213,8 +213,6 @@ static void ccp_rsa_exit_tfm(struct crypto_akcipher *tfm) ...@@ -213,8 +213,6 @@ static void ccp_rsa_exit_tfm(struct crypto_akcipher *tfm)
static struct akcipher_alg ccp_rsa_defaults = { static struct akcipher_alg ccp_rsa_defaults = {
.encrypt = ccp_rsa_encrypt, .encrypt = ccp_rsa_encrypt,
.decrypt = ccp_rsa_decrypt, .decrypt = ccp_rsa_decrypt,
.sign = ccp_rsa_decrypt,
.verify = ccp_rsa_encrypt,
.set_pub_key = ccp_rsa_setpubkey, .set_pub_key = ccp_rsa_setpubkey,
.set_priv_key = ccp_rsa_setprivkey, .set_priv_key = ccp_rsa_setprivkey,
.max_size = ccp_rsa_maxsize, .max_size = ccp_rsa_maxsize,
......
...@@ -1300,8 +1300,6 @@ static void qat_rsa_exit_tfm(struct crypto_akcipher *tfm) ...@@ -1300,8 +1300,6 @@ static void qat_rsa_exit_tfm(struct crypto_akcipher *tfm)
static struct akcipher_alg rsa = { static struct akcipher_alg rsa = {
.encrypt = qat_rsa_enc, .encrypt = qat_rsa_enc,
.decrypt = qat_rsa_dec, .decrypt = qat_rsa_dec,
.sign = qat_rsa_dec,
.verify = qat_rsa_enc,
.set_pub_key = qat_rsa_setpubkey, .set_pub_key = qat_rsa_setpubkey,
.set_priv_key = qat_rsa_setprivkey, .set_priv_key = qat_rsa_setprivkey,
.max_size = qat_rsa_max_size, .max_size = qat_rsa_max_size,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment