From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Roberto Sassu" <roberto.sassu@huaweicloud.com>,
<dhowells@redhat.com>, <dwmw2@infradead.org>,
<herbert@gondor.apana.org.au>, <davem@davemloft.net>
Cc: <linux-kernel@vger.kernel.org>, <keyrings@vger.kernel.org>,
<linux-crypto@vger.kernel.org>, <zohar@linux.ibm.com>,
<linux-integrity@vger.kernel.org>,
<torvalds@linux-foundation.org>,
"Roberto Sassu" <roberto.sassu@huawei.com>
Subject: Re: [PATCH v3 02/14] rsa: add parser of raw format
Date: Thu, 12 Sep 2024 16:33:25 +0300 [thread overview]
Message-ID: <D44CEEGVNROC.2X84S94NHI7K3@kernel.org> (raw)
In-Reply-To: <20240911122911.1381864-3-roberto.sassu@huaweicloud.com>
On Wed Sep 11, 2024 at 3:28 PM EEST, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@huawei.com>
>
> Parse the RSA key with RAW format if the ASN.1 parser returns an error, to
> avoid passing somehow the key format as parameter.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> Signed-off-by: David Howells <dhowells@redhat.com>
> ---
> crypto/rsa.c | 14 ++++--
> crypto/rsa_helper.c | 83 ++++++++++++++++++++++++++++++++++-
> include/crypto/internal/rsa.h | 6 +++
> 3 files changed, 97 insertions(+), 6 deletions(-)
>
> diff --git a/crypto/rsa.c b/crypto/rsa.c
> index d9be9e86097e..66d42974d47d 100644
> --- a/crypto/rsa.c
> +++ b/crypto/rsa.c
> @@ -272,8 +272,11 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
> rsa_free_mpi_key(mpi_key);
>
> ret = rsa_parse_pub_key(&raw_key, key, keylen);
> - if (ret)
> - return ret;
> + if (ret) {
> + ret = rsa_parse_pub_key_raw(&raw_key, key, keylen);
> + if (ret)
> + return ret;
> + }
>
> mpi_key->e = mpi_read_raw_data(raw_key.e, raw_key.e_sz);
> if (!mpi_key->e)
> @@ -311,8 +314,11 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
> rsa_free_mpi_key(mpi_key);
>
> ret = rsa_parse_priv_key(&raw_key, key, keylen);
> - if (ret)
> - return ret;
> + if (ret) {
> + ret = rsa_parse_priv_key_raw(&raw_key, key, keylen);
> + if (ret)
> + return ret;
> + }
>
> mpi_key->d = mpi_read_raw_data(raw_key.d, raw_key.d_sz);
> if (!mpi_key->d)
> diff --git a/crypto/rsa_helper.c b/crypto/rsa_helper.c
> index 94266f29049c..40a17ebc972f 100644
> --- a/crypto/rsa_helper.c
> +++ b/crypto/rsa_helper.c
> @@ -9,6 +9,7 @@
> #include <linux/export.h>
> #include <linux/err.h>
> #include <linux/fips.h>
> +#include <linux/mpi.h>
> #include <crypto/internal/rsa.h>
> #include "rsapubkey.asn1.h"
> #include "rsaprivkey.asn1.h"
> @@ -148,6 +149,42 @@ int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
> return 0;
> }
>
/*
* Please, document me.
*/
> +typedef int (*rsa_get_func)(void *, size_t, unsigned char,
> + const void *, size_t);
> +
> +static int rsa_parse_key_raw(struct rsa_key *rsa_key,
> + const void *key, unsigned int key_len,
> + rsa_get_func *func, int n_func)
> +{
> + unsigned int nbytes, len = key_len;
> + const void *key_ptr = key;
> + int ret, i;
> +
> + for (i = 0; i < n_func; i++) {
> + if (key_len < 2)
> + return -EINVAL;
> +
> + ret = mpi_key_length(key_ptr, len, NULL, &nbytes);
> + if (ret < 0)
> + return ret;
> +
> + key_ptr += 2;
> + key_len -= 2;
> +
> + if (key_len < nbytes)
> + return -EINVAL;
> +
> + ret = func[i](rsa_key, 0, 0, key_ptr, nbytes);
> + if (ret < 0)
> + return ret;
> +
> + key_ptr += nbytes;
> + key_len -= nbytes;
> + }
> +
> + return 0;
> +}
> +
> /**
> * rsa_parse_pub_key() - decodes the BER encoded buffer and stores in the
> * provided struct rsa_key, pointers to the raw key as is,
> @@ -157,7 +194,7 @@ int rsa_get_qinv(void *context, size_t hdrlen, unsigned char tag,
> * @key: key in BER format
> * @key_len: length of key
> *
> - * Return: 0 on success or error code in case of error
> + * Return: 0 on success or error code in case of error.
> */
> int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
> unsigned int key_len)
> @@ -166,6 +203,27 @@ int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
> }
> EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
>
> +/**
> + * rsa_parse_pub_key_raw() - parse the RAW key and store in the provided struct
> + * rsa_key, pointers to the raw key as is, so that
> + * the caller can copy it or MPI parse it, etc.
> + *
> + * @rsa_key: struct rsa_key key representation
> + * @key: key in RAW format
> + * @key_len: length of key
> + *
> + * Return: 0 on success or error code in case of error.
> + */
> +int rsa_parse_pub_key_raw(struct rsa_key *rsa_key, const void *key,
> + unsigned int key_len)
> +{
> + rsa_get_func pub_func[] = {rsa_get_n, rsa_get_e};
> +
> + return rsa_parse_key_raw(rsa_key, key, key_len,
> + pub_func, ARRAY_SIZE(pub_func));
> +}
> +EXPORT_SYMBOL_GPL(rsa_parse_pub_key_raw);
> +
> /**
> * rsa_parse_priv_key() - decodes the BER encoded buffer and stores in the
> * provided struct rsa_key, pointers to the raw key
> @@ -176,7 +234,7 @@ EXPORT_SYMBOL_GPL(rsa_parse_pub_key);
> * @key: key in BER format
> * @key_len: length of key
> *
> - * Return: 0 on success or error code in case of error
> + * Return: 0 on success or error code in case of error.
> */
> int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
> unsigned int key_len)
> @@ -184,3 +242,24 @@ int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
> return asn1_ber_decoder(&rsaprivkey_decoder, rsa_key, key, key_len);
> }
> EXPORT_SYMBOL_GPL(rsa_parse_priv_key);
> +
> +/**
> + * rsa_parse_priv_key_raw() - parse the RAW key and store in the provided struct
> + * rsa_key, pointers to the raw key as is, so that
> + * the caller can copy it or MPI parse it, etc.
This belongs after the parameters, here a one-liner would be a better
choice:
https://www.kernel.org/doc/Documentation/kernel-doc-nano-HOWTO.txt
Try to avoid "etc" in documentation because then I have no choice than
stop reading your documentation and read source code instead.
Just enumerate everything that makes sense, no aim for perfection but
it is like a stamp that I tried my best, and then we will refine the
description.
"etc" in the documentation encompasses also all the future changes,
which does not encourage accuracy :-) Imcompleteness is less of a
devil than entropy, or at least that is how I weight these matters.
> + *
> + * @rsa_key: struct rsa_key key representation
> + * @key: key in RAW format
> + * @key_len: length of key
> + *
> + * Return: 0 on success or error code in case of error.
> + */
> +int rsa_parse_priv_key_raw(struct rsa_key *rsa_key, const void *key,
> + unsigned int key_len)
> +{
> + rsa_get_func priv_func[] = {rsa_get_n, rsa_get_e, rsa_get_d};
> +
> + return rsa_parse_key_raw(rsa_key, key, key_len,
> + priv_func, ARRAY_SIZE(priv_func));
> +}
> +EXPORT_SYMBOL_GPL(rsa_parse_priv_key_raw);
> diff --git a/include/crypto/internal/rsa.h b/include/crypto/internal/rsa.h
> index e870133f4b77..7141e806ceea 100644
> --- a/include/crypto/internal/rsa.h
> +++ b/include/crypto/internal/rsa.h
> @@ -50,8 +50,14 @@ struct rsa_key {
> int rsa_parse_pub_key(struct rsa_key *rsa_key, const void *key,
> unsigned int key_len);
>
> +int rsa_parse_pub_key_raw(struct rsa_key *rsa_key, const void *key,
> + unsigned int key_len);
> +
> int rsa_parse_priv_key(struct rsa_key *rsa_key, const void *key,
> unsigned int key_len);
>
> +int rsa_parse_priv_key_raw(struct rsa_key *rsa_key, const void *key,
> + unsigned int key_len);
> +
> extern struct crypto_template rsa_pkcs1pad_tmpl;
> #endif
BR, Jarkko
next prev parent reply other threads:[~2024-09-12 13:33 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-11 12:28 [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures Roberto Sassu
2024-09-11 12:28 ` [PATCH v3 01/14] mpi: Introduce mpi_key_length() Roberto Sassu
2024-09-12 13:26 ` Jarkko Sakkinen
2024-09-11 12:28 ` [PATCH v3 02/14] rsa: add parser of raw format Roberto Sassu
2024-09-12 13:33 ` Jarkko Sakkinen [this message]
2024-09-11 12:29 ` [PATCH v3 03/14] PGPLIB: PGP definitions (RFC 9580) Roberto Sassu
2024-09-12 13:54 ` Jarkko Sakkinen
2024-09-11 12:29 ` [PATCH v3 04/14] PGPLIB: Basic packet parser Roberto Sassu
2024-09-12 13:57 ` Jarkko Sakkinen
2024-09-11 12:29 ` [PATCH v3 05/14] PGPLIB: Signature parser Roberto Sassu
2024-09-12 13:58 ` Jarkko Sakkinen
2024-09-11 12:29 ` [PATCH v3 06/14] KEYS: PGP data parser Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 07/14] KEYS: Provide PGP key description autogeneration Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 08/14] KEYS: PGP-based public key signature verification Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 09/14] KEYS: Retry asym key search with partial ID in restrict_link_by_signature() Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 10/14] KEYS: Calculate key digest and get signature of the key Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 11/14] verification: introduce verify_pgp_signature() Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 12/14] PGP: Provide a key type for testing PGP signatures Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 13/14] KEYS: Provide a function to load keys from a PGP keyring blob Roberto Sassu
2024-09-11 12:29 ` [PATCH v3 14/14] KEYS: Introduce load_pgp_public_keyring() Roberto Sassu
2024-09-13 4:45 ` [PATCH v3 00/14] KEYS: Add support for PGP keys and signatures Herbert Xu
2024-09-13 8:30 ` Roberto Sassu
2024-09-13 9:00 ` Herbert Xu
2024-09-15 7:11 ` Linus Torvalds
2024-09-15 8:07 ` Herbert Xu
2024-09-15 8:40 ` Linus Torvalds
2024-09-15 9:15 ` Herbert Xu
2024-09-15 9:31 ` Herbert Xu
2024-09-15 17:52 ` Roberto Sassu
2024-09-17 11:27 ` Dr. Greg
2024-09-26 9:41 ` Roberto Sassu
2024-09-27 1:25 ` Dr. Greg
2024-10-04 10:42 ` Roberto Sassu
2024-09-15 10:51 ` Roberto Sassu
2024-09-13 9:32 ` David Howells
2024-09-13 10:46 ` Ard Biesheuvel
2024-09-14 11:29 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D44CEEGVNROC.2X84S94NHI7K3@kernel.org \
--to=jarkko@kernel.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=torvalds@linux-foundation.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.