| blob | 46cc7afe87f8fad6cf9b1069be0dd3ebf225771e |
1 /*
2 * QEMU Crypto akcipher algorithms
3 *
4 * Copyright (c) 2022 Bytedance
5 * Author: lei he <helei.sig11@bytedance.com>
6 *
7 * This library is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU Lesser General Public
9 * License as published by the Free Software Foundation; either
10 * version 2.1 of the License, or (at your option) any later version.
11 *
12 * This library is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15 * Lesser General Public License for more details.
16 *
17 * You should have received a copy of the GNU Lesser General Public
18 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19 *
20 */
22 #include "der.h"
23 #include "rsakey.h"
25 static int extract_mpi(void *ctx, const uint8_t *value,
26 size_t vlen, Error **errp)
27 {
28 QCryptoAkCipherMPI *mpi = (QCryptoAkCipherMPI *)ctx;
29 if (vlen == 0) {
30 error_setg(errp, "Empty mpi field");
31 return -1;
32 }
33 mpi->data = g_memdup2(value, vlen);
34 mpi->len = vlen;
35 return 0;
36 }
38 static int extract_version(void *ctx, const uint8_t *value,
39 size_t vlen, Error **errp)
40 {
41 uint8_t *version = (uint8_t *)ctx;
42 if (vlen != 1 || *value > 1) {
43 error_setg(errp, "Invalid rsakey version");
44 return -1;
45 }
46 *version = *value;
47 return 0;
48 }
50 static int extract_seq_content(void *ctx, const uint8_t *value,
51 size_t vlen, Error **errp)
52 {
53 const uint8_t **content = (const uint8_t **)ctx;
54 if (vlen == 0) {
55 error_setg(errp, "Empty sequence");
56 return -1;
57 }
58 *content = value;
59 return 0;
60 }
62 /**
63 *
64 * RsaPubKey ::= SEQUENCE {
65 * n INTEGER
66 * e INTEGER
67 * }
68 */
69 static QCryptoAkCipherRSAKey *qcrypto_builtin_rsa_public_key_parse(
70 const uint8_t *key, size_t keylen, Error **errp)
71 {
72 QCryptoAkCipherRSAKey *rsa = g_new0(QCryptoAkCipherRSAKey, 1);
73 const uint8_t *seq;
74 size_t seq_length;
75 int decode_ret;
77 decode_ret = qcrypto_der_decode_seq(&key, &keylen,
78 extract_seq_content, &seq, errp);
79 if (decode_ret < 0 || keylen != 0) {
80 goto error;
81 }
82 seq_length = decode_ret;
84 if (qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
85 &rsa->n, errp) < 0 ||
86 qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
87 &rsa->e, errp) < 0) {
88 goto error;
89 }
90 if (seq_length != 0) {
91 error_setg(errp, "Invalid RSA public key");
92 goto error;
93 }
95 return rsa;
97 error:
98 qcrypto_akcipher_rsakey_free(rsa);
99 return NULL;
100 }
102 /**
103 * RsaPrivKey ::= SEQUENCE {
104 * version INTEGER
105 * n INTEGER
106 * e INTEGER
107 * d INTEGER
108 * p INTEGER
109 * q INTEGER
110 * dp INTEGER
111 * dq INTEGER
112 * u INTEGER
113 * otherPrimeInfos OtherPrimeInfos OPTIONAL
114 * }
115 */
116 static QCryptoAkCipherRSAKey *qcrypto_builtin_rsa_private_key_parse(
117 const uint8_t *key, size_t keylen, Error **errp)
118 {
119 QCryptoAkCipherRSAKey *rsa = g_new0(QCryptoAkCipherRSAKey, 1);
120 uint8_t version;
121 const uint8_t *seq;
122 int decode_ret;
123 size_t seq_length;
125 decode_ret = qcrypto_der_decode_seq(&key, &keylen, extract_seq_content,
126 &seq, errp);
127 if (decode_ret < 0 || keylen != 0) {
128 goto error;
129 }
130 seq_length = decode_ret;
132 decode_ret = qcrypto_der_decode_int(&seq, &seq_length, extract_version,
133 &version, errp);
135 if (qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
136 &rsa->n, errp) < 0 ||
137 qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
138 &rsa->e, errp) < 0 ||
139 qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
140 &rsa->d, errp) < 0 ||
141 qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->p,
142 errp) < 0 ||
143 qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->q,
144 errp) < 0 ||
145 qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->dp,
146 errp) < 0 ||
147 qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->dq,
148 errp) < 0 ||
149 qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->u,
150 errp) < 0) {
151 goto error;
152 }
154 /**
155 * According to the standard, otherPrimeInfos must be present for version 1.
156 * There is no strict verification here, this is to be compatible with
157 * the unit test of the kernel. TODO: remove this until linux kernel's
158 * unit-test is fixed.
159 */
160 if (version == 1 && seq_length != 0) {
161 if (qcrypto_der_decode_seq(&seq, &seq_length, NULL, NULL, errp) < 0) {
162 goto error;
163 }
164 if (seq_length != 0) {
165 goto error;
166 }
167 return rsa;
168 }
169 if (seq_length != 0) {
170 error_setg(errp, "Invalid RSA private key");
171 goto error;
172 }
174 return rsa;
176 error:
177 qcrypto_akcipher_rsakey_free(rsa);
178 return NULL;
179 }
181 QCryptoAkCipherRSAKey *qcrypto_akcipher_rsakey_parse(
182 QCryptoAkCipherKeyType type, const uint8_t *key,
183 size_t keylen, Error **errp)
184 {
185 switch (type) {
186 case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE:
187 return qcrypto_builtin_rsa_private_key_parse(key, keylen, errp);
189 case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC:
190 return qcrypto_builtin_rsa_public_key_parse(key, keylen, errp);
192 default:
193 error_setg(errp, "Unknown key type: %d", type);
194 return NULL;
195 }
196 }