Version:  2.0.40 2.2.26 2.4.37 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10

Linux/crypto/rsa-pkcs1pad.c

  1 /*
  2  * RSA padding templates.
  3  *
  4  * Copyright (c) 2015  Intel Corporation
  5  *
  6  * This program is free software; you can redistribute it and/or modify it
  7  * under the terms of the GNU General Public License as published by the Free
  8  * Software Foundation; either version 2 of the License, or (at your option)
  9  * any later version.
 10  */
 11 
 12 #include <crypto/algapi.h>
 13 #include <crypto/akcipher.h>
 14 #include <crypto/internal/akcipher.h>
 15 #include <linux/err.h>
 16 #include <linux/init.h>
 17 #include <linux/kernel.h>
 18 #include <linux/module.h>
 19 #include <linux/random.h>
 20 
 21 /*
 22  * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2].
 23  */
 24 static const u8 rsa_digest_info_md5[] = {
 25         0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
 26         0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, /* OID */
 27         0x05, 0x00, 0x04, 0x10
 28 };
 29 
 30 static const u8 rsa_digest_info_sha1[] = {
 31         0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
 32         0x2b, 0x0e, 0x03, 0x02, 0x1a,
 33         0x05, 0x00, 0x04, 0x14
 34 };
 35 
 36 static const u8 rsa_digest_info_rmd160[] = {
 37         0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
 38         0x2b, 0x24, 0x03, 0x02, 0x01,
 39         0x05, 0x00, 0x04, 0x14
 40 };
 41 
 42 static const u8 rsa_digest_info_sha224[] = {
 43         0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
 44         0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
 45         0x05, 0x00, 0x04, 0x1c
 46 };
 47 
 48 static const u8 rsa_digest_info_sha256[] = {
 49         0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
 50         0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
 51         0x05, 0x00, 0x04, 0x20
 52 };
 53 
 54 static const u8 rsa_digest_info_sha384[] = {
 55         0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
 56         0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
 57         0x05, 0x00, 0x04, 0x30
 58 };
 59 
 60 static const u8 rsa_digest_info_sha512[] = {
 61         0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
 62         0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
 63         0x05, 0x00, 0x04, 0x40
 64 };
 65 
 66 static const struct rsa_asn1_template {
 67         const char      *name;
 68         const u8        *data;
 69         size_t          size;
 70 } rsa_asn1_templates[] = {
 71 #define _(X) { #X, rsa_digest_info_##X, sizeof(rsa_digest_info_##X) }
 72         _(md5),
 73         _(sha1),
 74         _(rmd160),
 75         _(sha256),
 76         _(sha384),
 77         _(sha512),
 78         _(sha224),
 79         { NULL }
 80 #undef _
 81 };
 82 
 83 static const struct rsa_asn1_template *rsa_lookup_asn1(const char *name)
 84 {
 85         const struct rsa_asn1_template *p;
 86 
 87         for (p = rsa_asn1_templates; p->name; p++)
 88                 if (strcmp(name, p->name) == 0)
 89                         return p;
 90         return NULL;
 91 }
 92 
 93 struct pkcs1pad_ctx {
 94         struct crypto_akcipher *child;
 95         unsigned int key_size;
 96 };
 97 
 98 struct pkcs1pad_inst_ctx {
 99         struct crypto_akcipher_spawn spawn;
100         const struct rsa_asn1_template *digest_info;
101 };
102 
103 struct pkcs1pad_request {
104         struct scatterlist in_sg[2], out_sg[1];
105         uint8_t *in_buf, *out_buf;
106         struct akcipher_request child_req;
107 };
108 
109 static int pkcs1pad_set_pub_key(struct crypto_akcipher *tfm, const void *key,
110                 unsigned int keylen)
111 {
112         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
113         int err;
114 
115         ctx->key_size = 0;
116 
117         err = crypto_akcipher_set_pub_key(ctx->child, key, keylen);
118         if (err)
119                 return err;
120 
121         /* Find out new modulus size from rsa implementation */
122         err = crypto_akcipher_maxsize(ctx->child);
123         if (err < 0)
124                 return err;
125 
126         if (err > PAGE_SIZE)
127                 return -ENOTSUPP;
128 
129         ctx->key_size = err;
130         return 0;
131 }
132 
133 static int pkcs1pad_set_priv_key(struct crypto_akcipher *tfm, const void *key,
134                 unsigned int keylen)
135 {
136         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
137         int err;
138 
139         ctx->key_size = 0;
140 
141         err = crypto_akcipher_set_priv_key(ctx->child, key, keylen);
142         if (err)
143                 return err;
144 
145         /* Find out new modulus size from rsa implementation */
146         err = crypto_akcipher_maxsize(ctx->child);
147         if (err < 0)
148                 return err;
149 
150         if (err > PAGE_SIZE)
151                 return -ENOTSUPP;
152 
153         ctx->key_size = err;
154         return 0;
155 }
156 
157 static int pkcs1pad_get_max_size(struct crypto_akcipher *tfm)
158 {
159         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
160 
161         /*
162          * The maximum destination buffer size for the encrypt/sign operations
163          * will be the same as for RSA, even though it's smaller for
164          * decrypt/verify.
165          */
166 
167         return ctx->key_size ?: -EINVAL;
168 }
169 
170 static void pkcs1pad_sg_set_buf(struct scatterlist *sg, void *buf, size_t len,
171                 struct scatterlist *next)
172 {
173         int nsegs = next ? 2 : 1;
174 
175         sg_init_table(sg, nsegs);
176         sg_set_buf(sg, buf, len);
177 
178         if (next)
179                 sg_chain(sg, nsegs, next);
180 }
181 
182 static int pkcs1pad_encrypt_sign_complete(struct akcipher_request *req, int err)
183 {
184         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
185         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
186         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
187         unsigned int pad_len;
188         unsigned int len;
189         u8 *out_buf;
190 
191         if (err)
192                 goto out;
193 
194         len = req_ctx->child_req.dst_len;
195         pad_len = ctx->key_size - len;
196 
197         /* Four billion to one */
198         if (likely(!pad_len))
199                 goto out;
200 
201         out_buf = kzalloc(ctx->key_size, GFP_ATOMIC);
202         err = -ENOMEM;
203         if (!out_buf)
204                 goto out;
205 
206         sg_copy_to_buffer(req->dst, sg_nents_for_len(req->dst, len),
207                           out_buf + pad_len, len);
208         sg_copy_from_buffer(req->dst,
209                             sg_nents_for_len(req->dst, ctx->key_size),
210                             out_buf, ctx->key_size);
211         kzfree(out_buf);
212 
213 out:
214         req->dst_len = ctx->key_size;
215 
216         kfree(req_ctx->in_buf);
217 
218         return err;
219 }
220 
221 static void pkcs1pad_encrypt_sign_complete_cb(
222                 struct crypto_async_request *child_async_req, int err)
223 {
224         struct akcipher_request *req = child_async_req->data;
225         struct crypto_async_request async_req;
226 
227         if (err == -EINPROGRESS)
228                 return;
229 
230         async_req.data = req->base.data;
231         async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
232         async_req.flags = child_async_req->flags;
233         req->base.complete(&async_req,
234                         pkcs1pad_encrypt_sign_complete(req, err));
235 }
236 
237 static int pkcs1pad_encrypt(struct akcipher_request *req)
238 {
239         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
240         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
241         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
242         int err;
243         unsigned int i, ps_end;
244 
245         if (!ctx->key_size)
246                 return -EINVAL;
247 
248         if (req->src_len > ctx->key_size - 11)
249                 return -EOVERFLOW;
250 
251         if (req->dst_len < ctx->key_size) {
252                 req->dst_len = ctx->key_size;
253                 return -EOVERFLOW;
254         }
255 
256         req_ctx->in_buf = kmalloc(ctx->key_size - 1 - req->src_len,
257                                   GFP_KERNEL);
258         if (!req_ctx->in_buf)
259                 return -ENOMEM;
260 
261         ps_end = ctx->key_size - req->src_len - 2;
262         req_ctx->in_buf[0] = 0x02;
263         for (i = 1; i < ps_end; i++)
264                 req_ctx->in_buf[i] = 1 + prandom_u32_max(255);
265         req_ctx->in_buf[ps_end] = 0x00;
266 
267         pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
268                         ctx->key_size - 1 - req->src_len, req->src);
269 
270         req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
271         if (!req_ctx->out_buf) {
272                 kfree(req_ctx->in_buf);
273                 return -ENOMEM;
274         }
275 
276         pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
277                         ctx->key_size, NULL);
278 
279         akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
280         akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
281                         pkcs1pad_encrypt_sign_complete_cb, req);
282 
283         /* Reuse output buffer */
284         akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
285                                    req->dst, ctx->key_size - 1, req->dst_len);
286 
287         err = crypto_akcipher_encrypt(&req_ctx->child_req);
288         if (err != -EINPROGRESS &&
289                         (err != -EBUSY ||
290                          !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
291                 return pkcs1pad_encrypt_sign_complete(req, err);
292 
293         return err;
294 }
295 
296 static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
297 {
298         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
299         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
300         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
301         unsigned int dst_len;
302         unsigned int pos;
303         u8 *out_buf;
304 
305         if (err)
306                 goto done;
307 
308         err = -EINVAL;
309         dst_len = req_ctx->child_req.dst_len;
310         if (dst_len < ctx->key_size - 1)
311                 goto done;
312 
313         out_buf = req_ctx->out_buf;
314         if (dst_len == ctx->key_size) {
315                 if (out_buf[0] != 0x00)
316                         /* Decrypted value had no leading 0 byte */
317                         goto done;
318 
319                 dst_len--;
320                 out_buf++;
321         }
322 
323         if (out_buf[0] != 0x02)
324                 goto done;
325 
326         for (pos = 1; pos < dst_len; pos++)
327                 if (out_buf[pos] == 0x00)
328                         break;
329         if (pos < 9 || pos == dst_len)
330                 goto done;
331         pos++;
332 
333         err = 0;
334 
335         if (req->dst_len < dst_len - pos)
336                 err = -EOVERFLOW;
337         req->dst_len = dst_len - pos;
338 
339         if (!err)
340                 sg_copy_from_buffer(req->dst,
341                                 sg_nents_for_len(req->dst, req->dst_len),
342                                 out_buf + pos, req->dst_len);
343 
344 done:
345         kzfree(req_ctx->out_buf);
346 
347         return err;
348 }
349 
350 static void pkcs1pad_decrypt_complete_cb(
351                 struct crypto_async_request *child_async_req, int err)
352 {
353         struct akcipher_request *req = child_async_req->data;
354         struct crypto_async_request async_req;
355 
356         if (err == -EINPROGRESS)
357                 return;
358 
359         async_req.data = req->base.data;
360         async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
361         async_req.flags = child_async_req->flags;
362         req->base.complete(&async_req, pkcs1pad_decrypt_complete(req, err));
363 }
364 
365 static int pkcs1pad_decrypt(struct akcipher_request *req)
366 {
367         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
368         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
369         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
370         int err;
371 
372         if (!ctx->key_size || req->src_len != ctx->key_size)
373                 return -EINVAL;
374 
375         req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
376         if (!req_ctx->out_buf)
377                 return -ENOMEM;
378 
379         pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
380                             ctx->key_size, NULL);
381 
382         akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
383         akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
384                         pkcs1pad_decrypt_complete_cb, req);
385 
386         /* Reuse input buffer, output to a new buffer */
387         akcipher_request_set_crypt(&req_ctx->child_req, req->src,
388                                    req_ctx->out_sg, req->src_len,
389                                    ctx->key_size);
390 
391         err = crypto_akcipher_decrypt(&req_ctx->child_req);
392         if (err != -EINPROGRESS &&
393                         (err != -EBUSY ||
394                          !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
395                 return pkcs1pad_decrypt_complete(req, err);
396 
397         return err;
398 }
399 
400 static int pkcs1pad_sign(struct akcipher_request *req)
401 {
402         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
403         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
404         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
405         struct akcipher_instance *inst = akcipher_alg_instance(tfm);
406         struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
407         const struct rsa_asn1_template *digest_info = ictx->digest_info;
408         int err;
409         unsigned int ps_end, digest_size = 0;
410 
411         if (!ctx->key_size)
412                 return -EINVAL;
413 
414         digest_size = digest_info->size;
415 
416         if (req->src_len + digest_size > ctx->key_size - 11)
417                 return -EOVERFLOW;
418 
419         if (req->dst_len < ctx->key_size) {
420                 req->dst_len = ctx->key_size;
421                 return -EOVERFLOW;
422         }
423 
424         req_ctx->in_buf = kmalloc(ctx->key_size - 1 - req->src_len,
425                                   GFP_KERNEL);
426         if (!req_ctx->in_buf)
427                 return -ENOMEM;
428 
429         ps_end = ctx->key_size - digest_size - req->src_len - 2;
430         req_ctx->in_buf[0] = 0x01;
431         memset(req_ctx->in_buf + 1, 0xff, ps_end - 1);
432         req_ctx->in_buf[ps_end] = 0x00;
433 
434         memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,
435                digest_info->size);
436 
437         pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
438                         ctx->key_size - 1 - req->src_len, req->src);
439 
440         akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
441         akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
442                         pkcs1pad_encrypt_sign_complete_cb, req);
443 
444         /* Reuse output buffer */
445         akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
446                                    req->dst, ctx->key_size - 1, req->dst_len);
447 
448         err = crypto_akcipher_sign(&req_ctx->child_req);
449         if (err != -EINPROGRESS &&
450                         (err != -EBUSY ||
451                          !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
452                 return pkcs1pad_encrypt_sign_complete(req, err);
453 
454         return err;
455 }
456 
457 static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
458 {
459         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
460         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
461         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
462         struct akcipher_instance *inst = akcipher_alg_instance(tfm);
463         struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
464         const struct rsa_asn1_template *digest_info = ictx->digest_info;
465         unsigned int dst_len;
466         unsigned int pos;
467         u8 *out_buf;
468 
469         if (err)
470                 goto done;
471 
472         err = -EINVAL;
473         dst_len = req_ctx->child_req.dst_len;
474         if (dst_len < ctx->key_size - 1)
475                 goto done;
476 
477         out_buf = req_ctx->out_buf;
478         if (dst_len == ctx->key_size) {
479                 if (out_buf[0] != 0x00)
480                         /* Decrypted value had no leading 0 byte */
481                         goto done;
482 
483                 dst_len--;
484                 out_buf++;
485         }
486 
487         err = -EBADMSG;
488         if (out_buf[0] != 0x01)
489                 goto done;
490 
491         for (pos = 1; pos < dst_len; pos++)
492                 if (out_buf[pos] != 0xff)
493                         break;
494 
495         if (pos < 9 || pos == dst_len || out_buf[pos] != 0x00)
496                 goto done;
497         pos++;
498 
499         if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
500                 goto done;
501 
502         pos += digest_info->size;
503 
504         err = 0;
505 
506         if (req->dst_len < dst_len - pos)
507                 err = -EOVERFLOW;
508         req->dst_len = dst_len - pos;
509 
510         if (!err)
511                 sg_copy_from_buffer(req->dst,
512                                 sg_nents_for_len(req->dst, req->dst_len),
513                                 out_buf + pos, req->dst_len);
514 done:
515         kzfree(req_ctx->out_buf);
516 
517         return err;
518 }
519 
520 static void pkcs1pad_verify_complete_cb(
521                 struct crypto_async_request *child_async_req, int err)
522 {
523         struct akcipher_request *req = child_async_req->data;
524         struct crypto_async_request async_req;
525 
526         if (err == -EINPROGRESS)
527                 return;
528 
529         async_req.data = req->base.data;
530         async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
531         async_req.flags = child_async_req->flags;
532         req->base.complete(&async_req, pkcs1pad_verify_complete(req, err));
533 }
534 
535 /*
536  * The verify operation is here for completeness similar to the verification
537  * defined in RFC2313 section 10.2 except that block type 0 is not accepted,
538  * as in RFC2437.  RFC2437 section 9.2 doesn't define any operation to
539  * retrieve the DigestInfo from a signature, instead the user is expected
540  * to call the sign operation to generate the expected signature and compare
541  * signatures instead of the message-digests.
542  */
543 static int pkcs1pad_verify(struct akcipher_request *req)
544 {
545         struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
546         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
547         struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
548         int err;
549 
550         if (!ctx->key_size || req->src_len < ctx->key_size)
551                 return -EINVAL;
552 
553         req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
554         if (!req_ctx->out_buf)
555                 return -ENOMEM;
556 
557         pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
558                             ctx->key_size, NULL);
559 
560         akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
561         akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
562                         pkcs1pad_verify_complete_cb, req);
563 
564         /* Reuse input buffer, output to a new buffer */
565         akcipher_request_set_crypt(&req_ctx->child_req, req->src,
566                                    req_ctx->out_sg, req->src_len,
567                                    ctx->key_size);
568 
569         err = crypto_akcipher_verify(&req_ctx->child_req);
570         if (err != -EINPROGRESS &&
571                         (err != -EBUSY ||
572                          !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
573                 return pkcs1pad_verify_complete(req, err);
574 
575         return err;
576 }
577 
578 static int pkcs1pad_init_tfm(struct crypto_akcipher *tfm)
579 {
580         struct akcipher_instance *inst = akcipher_alg_instance(tfm);
581         struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
582         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
583         struct crypto_akcipher *child_tfm;
584 
585         child_tfm = crypto_spawn_akcipher(&ictx->spawn);
586         if (IS_ERR(child_tfm))
587                 return PTR_ERR(child_tfm);
588 
589         ctx->child = child_tfm;
590         return 0;
591 }
592 
593 static void pkcs1pad_exit_tfm(struct crypto_akcipher *tfm)
594 {
595         struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
596 
597         crypto_free_akcipher(ctx->child);
598 }
599 
600 static void pkcs1pad_free(struct akcipher_instance *inst)
601 {
602         struct pkcs1pad_inst_ctx *ctx = akcipher_instance_ctx(inst);
603         struct crypto_akcipher_spawn *spawn = &ctx->spawn;
604 
605         crypto_drop_akcipher(spawn);
606         kfree(inst);
607 }
608 
609 static int pkcs1pad_create(struct crypto_template *tmpl, struct rtattr **tb)
610 {
611         const struct rsa_asn1_template *digest_info;
612         struct crypto_attr_type *algt;
613         struct akcipher_instance *inst;
614         struct pkcs1pad_inst_ctx *ctx;
615         struct crypto_akcipher_spawn *spawn;
616         struct akcipher_alg *rsa_alg;
617         const char *rsa_alg_name;
618         const char *hash_name;
619         int err;
620 
621         algt = crypto_get_attr_type(tb);
622         if (IS_ERR(algt))
623                 return PTR_ERR(algt);
624 
625         if ((algt->type ^ CRYPTO_ALG_TYPE_AKCIPHER) & algt->mask)
626                 return -EINVAL;
627 
628         rsa_alg_name = crypto_attr_alg_name(tb[1]);
629         if (IS_ERR(rsa_alg_name))
630                 return PTR_ERR(rsa_alg_name);
631 
632         hash_name = crypto_attr_alg_name(tb[2]);
633         if (IS_ERR(hash_name))
634                 return PTR_ERR(hash_name);
635 
636         digest_info = rsa_lookup_asn1(hash_name);
637         if (!digest_info)
638                 return -EINVAL;
639 
640         inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
641         if (!inst)
642                 return -ENOMEM;
643 
644         ctx = akcipher_instance_ctx(inst);
645         spawn = &ctx->spawn;
646         ctx->digest_info = digest_info;
647 
648         crypto_set_spawn(&spawn->base, akcipher_crypto_instance(inst));
649         err = crypto_grab_akcipher(spawn, rsa_alg_name, 0,
650                         crypto_requires_sync(algt->type, algt->mask));
651         if (err)
652                 goto out_free_inst;
653 
654         rsa_alg = crypto_spawn_akcipher_alg(spawn);
655 
656         err = -ENAMETOOLONG;
657 
658         if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
659                      "pkcs1pad(%s,%s)", rsa_alg->base.cra_name, hash_name) >=
660             CRYPTO_MAX_ALG_NAME ||
661             snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
662                      "pkcs1pad(%s,%s)",
663                      rsa_alg->base.cra_driver_name, hash_name) >=
664             CRYPTO_MAX_ALG_NAME)
665                 goto out_drop_alg;
666 
667         inst->alg.base.cra_flags = rsa_alg->base.cra_flags & CRYPTO_ALG_ASYNC;
668         inst->alg.base.cra_priority = rsa_alg->base.cra_priority;
669         inst->alg.base.cra_ctxsize = sizeof(struct pkcs1pad_ctx);
670 
671         inst->alg.init = pkcs1pad_init_tfm;
672         inst->alg.exit = pkcs1pad_exit_tfm;
673 
674         inst->alg.encrypt = pkcs1pad_encrypt;
675         inst->alg.decrypt = pkcs1pad_decrypt;
676         inst->alg.sign = pkcs1pad_sign;
677         inst->alg.verify = pkcs1pad_verify;
678         inst->alg.set_pub_key = pkcs1pad_set_pub_key;
679         inst->alg.set_priv_key = pkcs1pad_set_priv_key;
680         inst->alg.max_size = pkcs1pad_get_max_size;
681         inst->alg.reqsize = sizeof(struct pkcs1pad_request) + rsa_alg->reqsize;
682 
683         inst->free = pkcs1pad_free;
684 
685         err = akcipher_register_instance(tmpl, inst);
686         if (err)
687                 goto out_drop_alg;
688 
689         return 0;
690 
691 out_drop_alg:
692         crypto_drop_akcipher(spawn);
693 out_free_inst:
694         kfree(inst);
695         return err;
696 }
697 
698 struct crypto_template rsa_pkcs1pad_tmpl = {
699         .name = "pkcs1pad",
700         .create = pkcs1pad_create,
701         .module = THIS_MODULE,
702 };
703 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us