summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorMahmoud Adam <mngyadam@amazon.com>2023-06-13 16:17:31 +0000
committerHerbert Xu <herbert@gondor.apana.org.au>2023-06-23 16:15:36 +0800
commit6637e11e4ad22ff03183da0dbd36d65c98b81cf7 (patch)
tree90bdebeb49e1658dfdacc3069fdc36c7fc99d931 /crypto
parentba51738fa78972fb446b49b6b9ddda4058a272e0 (diff)
downloadlinux-stable-6637e11e4ad22ff03183da0dbd36d65c98b81cf7.tar.gz
linux-stable-6637e11e4ad22ff03183da0dbd36d65c98b81cf7.tar.bz2
linux-stable-6637e11e4ad22ff03183da0dbd36d65c98b81cf7.zip
crypto: rsa - allow only odd e and restrict value in FIPS mode
check if rsa public exponent is odd and check its value is between 2^16 < e < 2^256. FIPS 186-5 DSS (page 35)[1] specify that: 1. The public exponent e shall be selected with the following constraints: (a) The public verification exponent e shall be selected prior to generating the primes, p and q, and the private signature exponent d. (b) The exponent e shall be an odd positive integer such that: 2^16 < e < 2^256. [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf Signed-off-by: Mahmoud Adam <mngyadam@amazon.com> Reviewed-by: Stephan Mueller <smueller@chronox.de> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to 'crypto')
-rw-r--r--crypto/rsa.c36
1 files changed, 36 insertions, 0 deletions
diff --git a/crypto/rsa.c b/crypto/rsa.c
index c50f2d2a4d06..c79613cdce6e 100644
--- a/crypto/rsa.c
+++ b/crypto/rsa.c
@@ -205,6 +205,32 @@ static int rsa_check_key_length(unsigned int len)
return -EINVAL;
}
+static int rsa_check_exponent_fips(MPI e)
+{
+ MPI e_max = NULL;
+
+ /* check if odd */
+ if (!mpi_test_bit(e, 0)) {
+ return -EINVAL;
+ }
+
+ /* check if 2^16 < e < 2^256. */
+ if (mpi_cmp_ui(e, 65536) <= 0) {
+ return -EINVAL;
+ }
+
+ e_max = mpi_alloc(0);
+ mpi_set_bit(e_max, 256);
+
+ if (mpi_cmp(e, e_max) >= 0) {
+ mpi_free(e_max);
+ return -EINVAL;
+ }
+
+ mpi_free(e_max);
+ return 0;
+}
+
static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
unsigned int keylen)
{
@@ -232,6 +258,11 @@ static int rsa_set_pub_key(struct crypto_akcipher *tfm, const void *key,
return -EINVAL;
}
+ if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) {
+ rsa_free_mpi_key(mpi_key);
+ return -EINVAL;
+ }
+
return 0;
err:
@@ -290,6 +321,11 @@ static int rsa_set_priv_key(struct crypto_akcipher *tfm, const void *key,
return -EINVAL;
}
+ if (fips_enabled && rsa_check_exponent_fips(mpi_key->e)) {
+ rsa_free_mpi_key(mpi_key);
+ return -EINVAL;
+ }
+
return 0;
err: