12 #define pr_fmt(fmt) "RSA: "fmt
13 #include <linux/module.h>
14 #include <linux/kernel.h>
15 #include <linux/slab.h>
21 #define kenter(FMT, ...) \
22 pr_devel("==> %s("FMT")\n", __func__, ##__VA_ARGS__)
23 #define kleave(FMT, ...) \
24 pr_devel("<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
29 static const u8 RSA_digest_info_MD5[] = {
30 0x30, 0x20, 0x30, 0x0C, 0x06, 0x08,
31 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x05,
32 0x05, 0x00, 0x04, 0x10
35 static const u8 RSA_digest_info_SHA1[] = {
36 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
37 0x2B, 0x0E, 0x03, 0x02, 0x1A,
38 0x05, 0x00, 0x04, 0x14
41 static const u8 RSA_digest_info_RIPE_MD_160[] = {
42 0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
43 0x2B, 0x24, 0x03, 0x02, 0x01,
44 0x05, 0x00, 0x04, 0x14
47 static const u8 RSA_digest_info_SHA224[] = {
48 0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
49 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
50 0x05, 0x00, 0x04, 0x1C
53 static const u8 RSA_digest_info_SHA256[] = {
54 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
55 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
56 0x05, 0x00, 0x04, 0x20
59 static const u8 RSA_digest_info_SHA384[] = {
60 0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
61 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
62 0x05, 0x00, 0x04, 0x30
65 static const u8 RSA_digest_info_SHA512[] = {
66 0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
67 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
68 0x05, 0x00, 0x04, 0x40
75 #define _(X) { RSA_digest_info_##X, sizeof(RSA_digest_info_##X) }
96 kleave(
" = -EBADMSG [s < 0]");
100 kleave(
" = -EBADMSG [s >= n]");
122 static int RSA_I2OSP(
MPI x,
size_t xLen,
u8 **
_X)
124 unsigned X_size, x_size;
133 pr_devel(
"size(x)=%u xLen*8=%zu\n", x_size, xLen * 8);
134 if (x_size != xLen * 8 - 15)
144 if (X_size != xLen - 1) {
162 static int RSA_verify(
const u8 *
H,
const u8 *EM,
size_t k,
size_t hash_size,
163 const u8 *asn1_template,
size_t asn1_size)
165 unsigned PS_end, T_offset,
i;
167 kenter(
",,%zu,%zu,%zu", k, hash_size, asn1_size);
169 if (k < 2 + 1 + asn1_size + hash_size)
174 kleave(
" = -EBADMSG [EM[1] == %02u]", EM[1]);
178 T_offset = k - (asn1_size + hash_size);
179 PS_end = T_offset - 1;
180 if (EM[PS_end] != 0x00) {
181 kleave(
" = -EBADMSG [EM[T-1] == %02u]", EM[PS_end]);
185 for (i = 2; i < PS_end; i++) {
187 kleave(
" = -EBADMSG [EM[PS%x] == %02u]", i - 2, EM[i]);
192 if (
memcmp(asn1_template, EM + T_offset, asn1_size) != 0) {
193 kleave(
" = -EBADMSG [EM[T] ASN.1 mismatch]");
197 if (
memcmp(H, EM + T_offset + asn1_size, hash_size) != 0) {
198 kleave(
" = -EKEYREJECTED [EM[T] hash mismatch]");
209 static int RSA_verify_signature(
const struct public_key *key,
223 if (!RSA_ASN1_templates[sig->pkey_hash_algo].data)
235 pr_devel(
"step 1: k=%zu size(S)=%zu\n", k, tsize);
245 ret = RSAVP1(key, sig->
rsa.s, &m);
255 ret = RSA_I2OSP(m, k, &EM);
260 RSA_ASN1_templates[sig->pkey_hash_algo].data,
261 RSA_ASN1_templates[sig->pkey_hash_algo].size);
275 .verify_signature = RSA_verify_signature,