crypto: rsa - unimplement sign/verify for raw RSA backends

In preparation for new akcipher verify call remove sign/verify callbacks from RSA backends and make PKCS1 driver call encrypt/decrypt instead. This also complies with the well-known idea that raw RSA should never be used for sign/verify. It only should be used with proper padding scheme such as PKCS1 driver provides. Cc: Giovanni Cabiddu <giovanni.cabiddu@intel.com> Cc: qat-linux@intel.com Cc: Tom Lendacky <thomas.lendacky@amd.com> Cc: Gary Hook <gary.hook@amd.com> Cc: Horia Geantă <horia.geanta@nxp.com> Cc: Aymen Sghaier <aymen.sghaier@nxp.com> Signed-off-by: Vitaly Chikunov <vt@altlinux.org> Reviewed-by: Horia Geantă <horia.geanta@nxp.com> Acked-by: Gary R Hook <gary.hook@amd.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
author: Vitaly Chikunov <vt@altlinux.org> 2019-04-11 11:51:14 -0400
committer: Herbert Xu <herbert@gondor.apana.org.au> 2019-04-18 10:15:02 -0400
commit: 3ecc97259934489e7e03cbeb1d70f6a23cccb3ae (patch)
tree: 8456773371fd5ec9fb048f91a42bc02fd7887ed5
parent: 78a0324f4a5328088fea9426cfe1d1851276c475 (diff)
5 files changed, 2 insertions, 117 deletions
diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c
index 0a6680ca8cb6..94382fa2c6ac 100644
--- a/crypto/rsa-pkcs1pad.c
+++ b/crypto/rsa-pkcs1pad.c
@@ -429,7 +429,7 @@ static int pkcs1pad_sign(struct akcipher_request *req)
        akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
                                   req->dst, ctx->key_size - 1, req->dst_len);
-        err = crypto_akcipher_sign(&req_ctx->child_req);
+        err = crypto_akcipher_decrypt(&req_ctx->child_req);
        if (err != -EINPROGRESS && err != -EBUSY)
                return pkcs1pad_encrypt_sign_complete(req, err);
@@ -551,7 +551,7 @@ static int pkcs1pad_verify(struct akcipher_request *req)
                                   req_ctx->out_sg, req->src_len,
                                   ctx->key_size);
-        err = crypto_akcipher_verify(&req_ctx->child_req);
+        err = crypto_akcipher_encrypt(&req_ctx->child_req);
        if (err != -EINPROGRESS && err != -EBUSY)
                return pkcs1pad_verify_complete(req, err);
diff --git a/crypto/rsa.c b/crypto/rsa.c
index 4167980c243d..5d427c1100d6 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -50,34 +50,6 @@ static int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c)
        return mpi_powm(m, c, key->d, key->n);
 }
-/*
- * RSASP1 function [RFC3447 sec 5.2.1]
- * s = m^d mod n
- */
-static int _rsa_sign(const struct rsa_mpi_key *key, MPI s, MPI m)
-{
-        /* (1) Validate 0 <= m < n */
-        if (mpi_cmp_ui(m, 0) < 0 || mpi_cmp(m, key->n) >= 0)
-                return -EINVAL;
-        /* (2) s = m^d mod n */
-        return mpi_powm(s, m, key->d, key->n);
-}
-/*
- * RSAVP1 function [RFC3447 sec 5.2.2]
- * m = s^e mod n;
- */
-static int _rsa_verify(const struct rsa_mpi_key *key, MPI m, MPI s)
-{
-        /* (1) Validate 0 <= s < n */
-        if (mpi_cmp_ui(s, 0) < 0 || mpi_cmp(s, key->n) >= 0)
-                return -EINVAL;
-        /* (2) m = s^e mod n */
-        return mpi_powm(m, s, key->e, key->n);
-}
 static inline struct rsa_mpi_key *rsa_get_key(struct crypto_akcipher *tfm)
 {
        return akcipher_tfm_ctx(tfm);
@@ -160,85 +132,6 @@ err_free_m:
        return ret;
 }
-static int rsa_sign(struct akcipher_request *req)
-{
-        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
-        const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
-        MPI m, s = mpi_alloc(0);
-        int ret = 0;
-        int sign;
-        if (!s)
-                return -ENOMEM;
-        if (unlikely(!pkey->n || !pkey->d)) {
-                ret = -EINVAL;
-                goto err_free_s;
-        }
-        ret = -ENOMEM;
-        m = mpi_read_raw_from_sgl(req->src, req->src_len);
-        if (!m)
-                goto err_free_s;
-        ret = _rsa_sign(pkey, s, m);
-        if (ret)
-                goto err_free_m;
-        ret = mpi_write_to_sgl(s, req->dst, req->dst_len, &sign);
-        if (ret)
-                goto err_free_m;
-        if (sign < 0)
-                ret = -EBADMSG;
-err_free_m:
-        mpi_free(m);
-err_free_s:
-        mpi_free(s);
-        return ret;
-}
-static int rsa_verify(struct akcipher_request *req)
-{
-        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
-        const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
-        MPI s, m = mpi_alloc(0);
-        int ret = 0;
-        int sign;
-        if (!m)
-                return -ENOMEM;
-        if (unlikely(!pkey->n || !pkey->e)) {
-                ret = -EINVAL;
-                goto err_free_m;
-        }
-        s = mpi_read_raw_from_sgl(req->src, req->src_len);
-        if (!s) {
-                ret = -ENOMEM;
-                goto err_free_m;
-        }
-        ret = _rsa_verify(pkey, m, s);
-        if (ret)
-                goto err_free_s;
-        ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
-        if (ret)
-                goto err_free_s;
-        if (sign < 0)
-                ret = -EBADMSG;
-err_free_s:
-        mpi_free(s);
-err_free_m:
-        mpi_free(m);
-        return ret;
-}
 static void rsa_free_mpi_key(struct rsa_mpi_key *key)
 {
        mpi_free(key->d);
@@ -353,8 +246,6 @@ static void rsa_exit_tfm(struct crypto_akcipher *tfm)
 static struct akcipher_alg rsa = {
        .encrypt = rsa_enc,
        .decrypt = rsa_dec,
-        .sign = rsa_sign,
-        .verify = rsa_verify,
        .set_priv_key = rsa_set_priv_key,
        .set_pub_key = rsa_set_pub_key,
        .max_size = rsa_max_size,
diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c
index 58285642306e..fe24485274e1 100644
--- a/drivers/crypto/caam/caampkc.c
+++ b/drivers/crypto/caam/caampkc.c
@@ -994,8 +994,6 @@ static void caam_rsa_exit_tfm(struct crypto_akcipher *tfm)
 static struct akcipher_alg caam_rsa = {
        .encrypt = caam_rsa_enc,
        .decrypt = caam_rsa_dec,
-        .sign = caam_rsa_dec,
-        .verify = caam_rsa_enc,
        .set_pub_key = caam_rsa_set_pub_key,
        .set_priv_key = caam_rsa_set_priv_key,
        .max_size = caam_rsa_max_size,
diff --git a/drivers/crypto/ccp/ccp-crypto-rsa.c b/drivers/crypto/ccp/ccp-crypto-rsa.c
index 841acdffbc3c..a2570c0c8cdc 100644
--- a/drivers/crypto/ccp/ccp-crypto-rsa.c
+++ b/drivers/crypto/ccp/ccp-crypto-rsa.c
@@ -213,8 +213,6 @@ static void ccp_rsa_exit_tfm(struct crypto_akcipher *tfm)
 static struct akcipher_alg ccp_rsa_defaults = {
        .encrypt = ccp_rsa_encrypt,
        .decrypt = ccp_rsa_decrypt,
-        .sign = ccp_rsa_decrypt,
-        .verify = ccp_rsa_encrypt,
        .set_pub_key = ccp_rsa_setpubkey,
        .set_priv_key = ccp_rsa_setprivkey,
        .max_size = ccp_rsa_maxsize,
diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c
index c9f324730d71..692a7aaee749 100644
--- a/drivers/crypto/qat/qat_common/qat_asym_algs.c
+++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -1300,8 +1300,6 @@ static void qat_rsa_exit_tfm(struct crypto_akcipher *tfm)
 static struct akcipher_alg rsa = {
        .encrypt = qat_rsa_enc,
        .decrypt = qat_rsa_dec,
-        .sign = qat_rsa_dec,
-        .verify = qat_rsa_enc,
        .set_pub_key = qat_rsa_setpubkey,
        .set_priv_key = qat_rsa_setprivkey,
        .max_size = qat_rsa_max_size,
author	Vitaly Chikunov <vt@altlinux.org>	2019-04-11 11:51:14 -0400
committer	Herbert Xu <herbert@gondor.apana.org.au>	2019-04-18 10:15:02 -0400
commit	3ecc97259934489e7e03cbeb1d70f6a23cccb3ae (patch)
tree	8456773371fd5ec9fb048f91a42bc02fd7887ed5
parent	78a0324f4a5328088fea9426cfe1d1851276c475 (diff)

diff --git a/crypto/rsa-pkcs1pad.c b/crypto/rsa-pkcs1pad.c index 0a6680ca8cb6..94382fa2c6ac 100644 --- a/crypto/rsa-pkcs1pad.c +++ b/crypto/rsa-pkcs1pad.c
@@ -429,7 +429,7 @@ static int pkcs1pad_sign(struct akcipher_request *req)
429	akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,	429	akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
430	req->dst, ctx->key_size - 1, req->dst_len);	430	req->dst, ctx->key_size - 1, req->dst_len);
431		431
432	err = crypto_akcipher_sign(&req_ctx->child_req);	432	err = crypto_akcipher_decrypt(&req_ctx->child_req);
433	if (err != -EINPROGRESS && err != -EBUSY)	433	if (err != -EINPROGRESS && err != -EBUSY)
434	return pkcs1pad_encrypt_sign_complete(req, err);	434	return pkcs1pad_encrypt_sign_complete(req, err);
435		435
@@ -551,7 +551,7 @@ static int pkcs1pad_verify(struct akcipher_request *req)
551	req_ctx->out_sg, req->src_len,	551	req_ctx->out_sg, req->src_len,
552	ctx->key_size);	552	ctx->key_size);
553		553
554	err = crypto_akcipher_verify(&req_ctx->child_req);	554	err = crypto_akcipher_encrypt(&req_ctx->child_req);
555	if (err != -EINPROGRESS && err != -EBUSY)	555	if (err != -EINPROGRESS && err != -EBUSY)
556	return pkcs1pad_verify_complete(req, err);	556	return pkcs1pad_verify_complete(req, err);
557		557


diff --git a/crypto/rsa.c b/crypto/rsa.c index 4167980c243d..5d427c1100d6 100644 --- a/crypto/rsa.c +++ b/crypto/rsa.c
@@ -50,34 +50,6 @@ static int _rsa_dec(const struct rsa_mpi_key *key, MPI m, MPI c)
50	return mpi_powm(m, c, key->d, key->n);	50	return mpi_powm(m, c, key->d, key->n);
51	}	51	}
52		52
53	/*
54	* RSASP1 function [RFC3447 sec 5.2.1]
55	* s = m^d mod n
56	*/
57	static int _rsa_sign(const struct rsa_mpi_key *key, MPI s, MPI m)
58	{
59	/* (1) Validate 0 <= m < n */
60	if (mpi_cmp_ui(m, 0) < 0 \|\| mpi_cmp(m, key->n) >= 0)
61	return -EINVAL;
62
63	/* (2) s = m^d mod n */
64	return mpi_powm(s, m, key->d, key->n);
65	}
66
67	/*
68	* RSAVP1 function [RFC3447 sec 5.2.2]
69	* m = s^e mod n;
70	*/
71	static int _rsa_verify(const struct rsa_mpi_key *key, MPI m, MPI s)
72	{
73	/* (1) Validate 0 <= s < n */
74	if (mpi_cmp_ui(s, 0) < 0 \|\| mpi_cmp(s, key->n) >= 0)
75	return -EINVAL;
76
77	/* (2) m = s^e mod n */
78	return mpi_powm(m, s, key->e, key->n);
79	}
80
81	static inline struct rsa_mpi_key rsa_get_key(struct crypto_akcipher tfm)	53	static inline struct rsa_mpi_key rsa_get_key(struct crypto_akcipher tfm)
82	{	54	{
83	return akcipher_tfm_ctx(tfm);	55	return akcipher_tfm_ctx(tfm);
@@ -160,85 +132,6 @@ err_free_m:
160	return ret;	132	return ret;
161	}	133	}
162		134
163	static int rsa_sign(struct akcipher_request *req)
164	{
165	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
166	const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
167	MPI m, s = mpi_alloc(0);
168	int ret = 0;
169	int sign;
170
171	if (!s)
172	return -ENOMEM;
173
174	if (unlikely(!pkey->n \|\| !pkey->d)) {
175	ret = -EINVAL;
176	goto err_free_s;
177	}
178
179	ret = -ENOMEM;
180	m = mpi_read_raw_from_sgl(req->src, req->src_len);
181	if (!m)
182	goto err_free_s;
183
184	ret = _rsa_sign(pkey, s, m);
185	if (ret)
186	goto err_free_m;
187
188	ret = mpi_write_to_sgl(s, req->dst, req->dst_len, &sign);
189	if (ret)
190	goto err_free_m;
191
192	if (sign < 0)
193	ret = -EBADMSG;
194
195	err_free_m:
196	mpi_free(m);
197	err_free_s:
198	mpi_free(s);
199	return ret;
200	}
201
202	static int rsa_verify(struct akcipher_request *req)
203	{
204	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
205	const struct rsa_mpi_key *pkey = rsa_get_key(tfm);
206	MPI s, m = mpi_alloc(0);
207	int ret = 0;
208	int sign;
209
210	if (!m)
211	return -ENOMEM;
212
213	if (unlikely(!pkey->n \|\| !pkey->e)) {
214	ret = -EINVAL;
215	goto err_free_m;
216	}
217
218	s = mpi_read_raw_from_sgl(req->src, req->src_len);
219	if (!s) {
220	ret = -ENOMEM;
221	goto err_free_m;
222	}
223
224	ret = _rsa_verify(pkey, m, s);
225	if (ret)
226	goto err_free_s;
227
228	ret = mpi_write_to_sgl(m, req->dst, req->dst_len, &sign);
229	if (ret)
230	goto err_free_s;
231
232	if (sign < 0)
233	ret = -EBADMSG;
234
235	err_free_s:
236	mpi_free(s);
237	err_free_m:
238	mpi_free(m);
239	return ret;
240	}
241
242	static void rsa_free_mpi_key(struct rsa_mpi_key *key)	135	static void rsa_free_mpi_key(struct rsa_mpi_key *key)
243	{	136	{
244	mpi_free(key->d);	137	mpi_free(key->d);
@@ -353,8 +246,6 @@ static void rsa_exit_tfm(struct crypto_akcipher *tfm)
353	static struct akcipher_alg rsa = {	246	static struct akcipher_alg rsa = {
354	.encrypt = rsa_enc,	247	.encrypt = rsa_enc,
355	.decrypt = rsa_dec,	248	.decrypt = rsa_dec,
356	.sign = rsa_sign,
357	.verify = rsa_verify,
358	.set_priv_key = rsa_set_priv_key,	249	.set_priv_key = rsa_set_priv_key,
359	.set_pub_key = rsa_set_pub_key,	250	.set_pub_key = rsa_set_pub_key,
360	.max_size = rsa_max_size,	251	.max_size = rsa_max_size,


diff --git a/drivers/crypto/caam/caampkc.c b/drivers/crypto/caam/caampkc.c index 58285642306e..fe24485274e1 100644 --- a/drivers/crypto/caam/caampkc.c +++ b/drivers/crypto/caam/caampkc.c
@@ -994,8 +994,6 @@ static void caam_rsa_exit_tfm(struct crypto_akcipher *tfm)
994	static struct akcipher_alg caam_rsa = {	994	static struct akcipher_alg caam_rsa = {
995	.encrypt = caam_rsa_enc,	995	.encrypt = caam_rsa_enc,
996	.decrypt = caam_rsa_dec,	996	.decrypt = caam_rsa_dec,
997	.sign = caam_rsa_dec,
998	.verify = caam_rsa_enc,
999	.set_pub_key = caam_rsa_set_pub_key,	997	.set_pub_key = caam_rsa_set_pub_key,
1000	.set_priv_key = caam_rsa_set_priv_key,	998	.set_priv_key = caam_rsa_set_priv_key,
1001	.max_size = caam_rsa_max_size,	999	.max_size = caam_rsa_max_size,


diff --git a/drivers/crypto/ccp/ccp-crypto-rsa.c b/drivers/crypto/ccp/ccp-crypto-rsa.c index 841acdffbc3c..a2570c0c8cdc 100644 --- a/drivers/crypto/ccp/ccp-crypto-rsa.c +++ b/drivers/crypto/ccp/ccp-crypto-rsa.c
@@ -213,8 +213,6 @@ static void ccp_rsa_exit_tfm(struct crypto_akcipher *tfm)
213	static struct akcipher_alg ccp_rsa_defaults = {	213	static struct akcipher_alg ccp_rsa_defaults = {
214	.encrypt = ccp_rsa_encrypt,	214	.encrypt = ccp_rsa_encrypt,
215	.decrypt = ccp_rsa_decrypt,	215	.decrypt = ccp_rsa_decrypt,
216	.sign = ccp_rsa_decrypt,
217	.verify = ccp_rsa_encrypt,
218	.set_pub_key = ccp_rsa_setpubkey,	216	.set_pub_key = ccp_rsa_setpubkey,
219	.set_priv_key = ccp_rsa_setprivkey,	217	.set_priv_key = ccp_rsa_setprivkey,
220	.max_size = ccp_rsa_maxsize,	218	.max_size = ccp_rsa_maxsize,


diff --git a/drivers/crypto/qat/qat_common/qat_asym_algs.c b/drivers/crypto/qat/qat_common/qat_asym_algs.c index c9f324730d71..692a7aaee749 100644 --- a/drivers/crypto/qat/qat_common/qat_asym_algs.c +++ b/drivers/crypto/qat/qat_common/qat_asym_algs.c
@@ -1300,8 +1300,6 @@ static void qat_rsa_exit_tfm(struct crypto_akcipher *tfm)
1300	static struct akcipher_alg rsa = {	1300	static struct akcipher_alg rsa = {
1301	.encrypt = qat_rsa_enc,	1301	.encrypt = qat_rsa_enc,
1302	.decrypt = qat_rsa_dec,	1302	.decrypt = qat_rsa_dec,
1303	.sign = qat_rsa_dec,
1304	.verify = qat_rsa_enc,
1305	.set_pub_key = qat_rsa_setpubkey,	1303	.set_pub_key = qat_rsa_setpubkey,
1306	.set_priv_key = qat_rsa_setprivkey,	1304	.set_priv_key = qat_rsa_setprivkey,
1307	.max_size = qat_rsa_max_size,	1305	.max_size = qat_rsa_max_size,