qemu/crypto/rsakey-builtin.c.inc
Lei He 4c5e512ee0 crypto: Implement RSA algorithm by hogweed
Implement RSA algorithm by hogweed from nettle. Thus QEMU supports
a 'real' RSA backend to handle request from guest side. It's
important to test RSA offload case without OS & hardware requirement.

Signed-off-by: lei he <helei.sig11@bytedance.com>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2022-05-26 11:41:51 +01:00

201 lines
6.0 KiB
C++

/*
* QEMU Crypto akcipher algorithms
*
* Copyright (c) 2022 Bytedance
* Author: lei he <helei.sig11@bytedance.com>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
*
*/
#include "der.h"
#include "rsakey.h"
static int extract_mpi(void *ctx, const uint8_t *value,
size_t vlen, Error **errp)
{
QCryptoAkCipherMPI *mpi = (QCryptoAkCipherMPI *)ctx;
if (vlen == 0) {
error_setg(errp, "Empty mpi field");
return -1;
}
mpi->data = g_memdup2(value, vlen);
mpi->len = vlen;
return 0;
}
static int extract_version(void *ctx, const uint8_t *value,
size_t vlen, Error **errp)
{
uint8_t *version = (uint8_t *)ctx;
if (vlen != 1 || *value > 1) {
error_setg(errp, "Invalid rsakey version");
return -1;
}
*version = *value;
return 0;
}
static int extract_seq_content(void *ctx, const uint8_t *value,
size_t vlen, Error **errp)
{
const uint8_t **content = (const uint8_t **)ctx;
if (vlen == 0) {
error_setg(errp, "Empty sequence");
return -1;
}
*content = value;
return 0;
}
/**
*
* RsaPubKey ::= SEQUENCE {
* n INTEGER
* e INTEGER
* }
*/
static QCryptoAkCipherRSAKey *qcrypto_builtin_rsa_public_key_parse(
const uint8_t *key, size_t keylen, Error **errp)
{
QCryptoAkCipherRSAKey *rsa = g_new0(QCryptoAkCipherRSAKey, 1);
const uint8_t *seq;
size_t seq_length;
int decode_ret;
decode_ret = qcrypto_der_decode_seq(&key, &keylen,
extract_seq_content, &seq, errp);
if (decode_ret < 0 || keylen != 0) {
goto error;
}
seq_length = decode_ret;
if (qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
&rsa->n, errp) < 0 ||
qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
&rsa->e, errp) < 0) {
goto error;
}
if (seq_length != 0) {
goto error;
}
return rsa;
error:
if (errp && !*errp) {
error_setg(errp, "Invalid RSA public key");
}
qcrypto_akcipher_rsakey_free(rsa);
return NULL;
}
/**
* RsaPrivKey ::= SEQUENCE {
* version INTEGER
* n INTEGER
* e INTEGER
* d INTEGER
* p INTEGER
* q INTEGER
* dp INTEGER
* dq INTEGER
* u INTEGER
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
static QCryptoAkCipherRSAKey *qcrypto_builtin_rsa_private_key_parse(
const uint8_t *key, size_t keylen, Error **errp)
{
QCryptoAkCipherRSAKey *rsa = g_new0(QCryptoAkCipherRSAKey, 1);
uint8_t version;
const uint8_t *seq;
int decode_ret;
size_t seq_length;
decode_ret = qcrypto_der_decode_seq(&key, &keylen, extract_seq_content,
&seq, errp);
if (decode_ret < 0 || keylen != 0) {
goto error;
}
seq_length = decode_ret;
decode_ret = qcrypto_der_decode_int(&seq, &seq_length, extract_version,
&version, errp);
if (qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
&rsa->n, errp) < 0 ||
qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
&rsa->e, errp) < 0 ||
qcrypto_der_decode_int(&seq, &seq_length, extract_mpi,
&rsa->d, errp) < 0 ||
qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->p,
errp) < 0 ||
qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->q,
errp) < 0 ||
qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->dp,
errp) < 0 ||
qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->dq,
errp) < 0 ||
qcrypto_der_decode_int(&seq, &seq_length, extract_mpi, &rsa->u,
errp) < 0) {
goto error;
}
/**
* According to the standard, otherPrimeInfos must be present for version 1.
* There is no strict verification here, this is to be compatible with
* the unit test of the kernel. TODO: remove this until linux kernel's
* unit-test is fixed.
*/
if (version == 1 && seq_length != 0) {
if (qcrypto_der_decode_seq(&seq, &seq_length, NULL, NULL, errp) < 0) {
goto error;
}
if (seq_length != 0) {
goto error;
}
return rsa;
}
if (seq_length != 0) {
goto error;
}
return rsa;
error:
if (errp && !*errp) {
error_setg(errp, "Invalid RSA private key");
}
qcrypto_akcipher_rsakey_free(rsa);
return NULL;
}
QCryptoAkCipherRSAKey *qcrypto_akcipher_rsakey_parse(
QCryptoAkCipherKeyType type, const uint8_t *key,
size_t keylen, Error **errp)
{
switch (type) {
case QCRYPTO_AKCIPHER_KEY_TYPE_PRIVATE:
return qcrypto_builtin_rsa_private_key_parse(key, keylen, errp);
case QCRYPTO_AKCIPHER_KEY_TYPE_PUBLIC:
return qcrypto_builtin_rsa_public_key_parse(key, keylen, errp);
default:
error_setg(errp, "Unknown key type: %d", type);
return NULL;
}
}