linux/crypto/rsa-pkcs1pad.c
<<
>>
Prefs
   1/*
   2 * RSA padding templates.
   3 *
   4 * Copyright (c) 2015  Intel Corporation
   5 *
   6 * This program is free software; you can redistribute it and/or modify it
   7 * under the terms of the GNU General Public License as published by the Free
   8 * Software Foundation; either version 2 of the License, or (at your option)
   9 * any later version.
  10 */
  11
  12#include <crypto/algapi.h>
  13#include <crypto/akcipher.h>
  14#include <crypto/internal/akcipher.h>
  15#include <linux/err.h>
  16#include <linux/init.h>
  17#include <linux/kernel.h>
  18#include <linux/module.h>
  19#include <linux/random.h>
  20
  21/*
  22 * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2].
  23 */
  24static const u8 rsa_digest_info_md5[] = {
  25        0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
  26        0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, /* OID */
  27        0x05, 0x00, 0x04, 0x10
  28};
  29
  30static const u8 rsa_digest_info_sha1[] = {
  31        0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
  32        0x2b, 0x0e, 0x03, 0x02, 0x1a,
  33        0x05, 0x00, 0x04, 0x14
  34};
  35
  36static const u8 rsa_digest_info_rmd160[] = {
  37        0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
  38        0x2b, 0x24, 0x03, 0x02, 0x01,
  39        0x05, 0x00, 0x04, 0x14
  40};
  41
  42static const u8 rsa_digest_info_sha224[] = {
  43        0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
  44        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
  45        0x05, 0x00, 0x04, 0x1c
  46};
  47
  48static const u8 rsa_digest_info_sha256[] = {
  49        0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
  50        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
  51        0x05, 0x00, 0x04, 0x20
  52};
  53
  54static const u8 rsa_digest_info_sha384[] = {
  55        0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
  56        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
  57        0x05, 0x00, 0x04, 0x30
  58};
  59
  60static const u8 rsa_digest_info_sha512[] = {
  61        0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
  62        0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
  63        0x05, 0x00, 0x04, 0x40
  64};
  65
  66static const struct rsa_asn1_template {
  67        const char      *name;
  68        const u8        *data;
  69        size_t          size;
  70} rsa_asn1_templates[] = {
  71#define _(X) { #X, rsa_digest_info_##X, sizeof(rsa_digest_info_##X) }
  72        _(md5),
  73        _(sha1),
  74        _(rmd160),
  75        _(sha256),
  76        _(sha384),
  77        _(sha512),
  78        _(sha224),
  79        { NULL }
  80#undef _
  81};
  82
  83static const struct rsa_asn1_template *rsa_lookup_asn1(const char *name)
  84{
  85        const struct rsa_asn1_template *p;
  86
  87        for (p = rsa_asn1_templates; p->name; p++)
  88                if (strcmp(name, p->name) == 0)
  89                        return p;
  90        return NULL;
  91}
  92
  93struct pkcs1pad_ctx {
  94        struct crypto_akcipher *child;
  95        unsigned int key_size;
  96};
  97
  98struct pkcs1pad_inst_ctx {
  99        struct crypto_akcipher_spawn spawn;
 100        const struct rsa_asn1_template *digest_info;
 101};
 102
 103struct pkcs1pad_request {
 104        struct scatterlist in_sg[2], out_sg[1];
 105        uint8_t *in_buf, *out_buf;
 106        struct akcipher_request child_req;
 107};
 108
 109static int pkcs1pad_set_pub_key(struct crypto_akcipher *tfm, const void *key,
 110                unsigned int keylen)
 111{
 112        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 113        int err;
 114
 115        ctx->key_size = 0;
 116
 117        err = crypto_akcipher_set_pub_key(ctx->child, key, keylen);
 118        if (err)
 119                return err;
 120
 121        /* Find out new modulus size from rsa implementation */
 122        err = crypto_akcipher_maxsize(ctx->child);
 123        if (err < 0)
 124                return err;
 125
 126        if (err > PAGE_SIZE)
 127                return -ENOTSUPP;
 128
 129        ctx->key_size = err;
 130        return 0;
 131}
 132
 133static int pkcs1pad_set_priv_key(struct crypto_akcipher *tfm, const void *key,
 134                unsigned int keylen)
 135{
 136        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 137        int err;
 138
 139        ctx->key_size = 0;
 140
 141        err = crypto_akcipher_set_priv_key(ctx->child, key, keylen);
 142        if (err)
 143                return err;
 144
 145        /* Find out new modulus size from rsa implementation */
 146        err = crypto_akcipher_maxsize(ctx->child);
 147        if (err < 0)
 148                return err;
 149
 150        if (err > PAGE_SIZE)
 151                return -ENOTSUPP;
 152
 153        ctx->key_size = err;
 154        return 0;
 155}
 156
 157static int pkcs1pad_get_max_size(struct crypto_akcipher *tfm)
 158{
 159        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 160
 161        /*
 162         * The maximum destination buffer size for the encrypt/sign operations
 163         * will be the same as for RSA, even though it's smaller for
 164         * decrypt/verify.
 165         */
 166
 167        return ctx->key_size ?: -EINVAL;
 168}
 169
 170static void pkcs1pad_sg_set_buf(struct scatterlist *sg, void *buf, size_t len,
 171                struct scatterlist *next)
 172{
 173        int nsegs = next ? 2 : 1;
 174
 175        sg_init_table(sg, nsegs);
 176        sg_set_buf(sg, buf, len);
 177
 178        if (next)
 179                sg_chain(sg, nsegs, next);
 180}
 181
 182static int pkcs1pad_encrypt_sign_complete(struct akcipher_request *req, int err)
 183{
 184        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 185        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 186        struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
 187        unsigned int pad_len;
 188        unsigned int len;
 189        u8 *out_buf;
 190
 191        if (err)
 192                goto out;
 193
 194        len = req_ctx->child_req.dst_len;
 195        pad_len = ctx->key_size - len;
 196
 197        /* Four billion to one */
 198        if (likely(!pad_len))
 199                goto out;
 200
 201        out_buf = kzalloc(ctx->key_size, GFP_ATOMIC);
 202        err = -ENOMEM;
 203        if (!out_buf)
 204                goto out;
 205
 206        sg_copy_to_buffer(req->dst, sg_nents_for_len(req->dst, len),
 207                          out_buf + pad_len, len);
 208        sg_copy_from_buffer(req->dst,
 209                            sg_nents_for_len(req->dst, ctx->key_size),
 210                            out_buf, ctx->key_size);
 211        kzfree(out_buf);
 212
 213out:
 214        req->dst_len = ctx->key_size;
 215
 216        kfree(req_ctx->in_buf);
 217
 218        return err;
 219}
 220
 221static void pkcs1pad_encrypt_sign_complete_cb(
 222                struct crypto_async_request *child_async_req, int err)
 223{
 224        struct akcipher_request *req = child_async_req->data;
 225        struct crypto_async_request async_req;
 226
 227        if (err == -EINPROGRESS)
 228                return;
 229
 230        async_req.data = req->base.data;
 231        async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
 232        async_req.flags = child_async_req->flags;
 233        req->base.complete(&async_req,
 234                        pkcs1pad_encrypt_sign_complete(req, err));
 235}
 236
 237static int pkcs1pad_encrypt(struct akcipher_request *req)
 238{
 239        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 240        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 241        struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
 242        int err;
 243        unsigned int i, ps_end;
 244
 245        if (!ctx->key_size)
 246                return -EINVAL;
 247
 248        if (req->src_len > ctx->key_size - 11)
 249                return -EOVERFLOW;
 250
 251        if (req->dst_len < ctx->key_size) {
 252                req->dst_len = ctx->key_size;
 253                return -EOVERFLOW;
 254        }
 255
 256        req_ctx->in_buf = kmalloc(ctx->key_size - 1 - req->src_len,
 257                                  GFP_KERNEL);
 258        if (!req_ctx->in_buf)
 259                return -ENOMEM;
 260
 261        ps_end = ctx->key_size - req->src_len - 2;
 262        req_ctx->in_buf[0] = 0x02;
 263        for (i = 1; i < ps_end; i++)
 264                req_ctx->in_buf[i] = 1 + prandom_u32_max(255);
 265        req_ctx->in_buf[ps_end] = 0x00;
 266
 267        pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
 268                        ctx->key_size - 1 - req->src_len, req->src);
 269
 270        req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
 271        if (!req_ctx->out_buf) {
 272                kfree(req_ctx->in_buf);
 273                return -ENOMEM;
 274        }
 275
 276        pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
 277                        ctx->key_size, NULL);
 278
 279        akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
 280        akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
 281                        pkcs1pad_encrypt_sign_complete_cb, req);
 282
 283        /* Reuse output buffer */
 284        akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
 285                                   req->dst, ctx->key_size - 1, req->dst_len);
 286
 287        err = crypto_akcipher_encrypt(&req_ctx->child_req);
 288        if (err != -EINPROGRESS &&
 289                        (err != -EBUSY ||
 290                         !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
 291                return pkcs1pad_encrypt_sign_complete(req, err);
 292
 293        return err;
 294}
 295
 296static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
 297{
 298        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 299        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 300        struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
 301        unsigned int dst_len;
 302        unsigned int pos;
 303        u8 *out_buf;
 304
 305        if (err)
 306                goto done;
 307
 308        err = -EINVAL;
 309        dst_len = req_ctx->child_req.dst_len;
 310        if (dst_len < ctx->key_size - 1)
 311                goto done;
 312
 313        out_buf = req_ctx->out_buf;
 314        if (dst_len == ctx->key_size) {
 315                if (out_buf[0] != 0x00)
 316                        /* Decrypted value had no leading 0 byte */
 317                        goto done;
 318
 319                dst_len--;
 320                out_buf++;
 321        }
 322
 323        if (out_buf[0] != 0x02)
 324                goto done;
 325
 326        for (pos = 1; pos < dst_len; pos++)
 327                if (out_buf[pos] == 0x00)
 328                        break;
 329        if (pos < 9 || pos == dst_len)
 330                goto done;
 331        pos++;
 332
 333        err = 0;
 334
 335        if (req->dst_len < dst_len - pos)
 336                err = -EOVERFLOW;
 337        req->dst_len = dst_len - pos;
 338
 339        if (!err)
 340                sg_copy_from_buffer(req->dst,
 341                                sg_nents_for_len(req->dst, req->dst_len),
 342                                out_buf + pos, req->dst_len);
 343
 344done:
 345        kzfree(req_ctx->out_buf);
 346
 347        return err;
 348}
 349
 350static void pkcs1pad_decrypt_complete_cb(
 351                struct crypto_async_request *child_async_req, int err)
 352{
 353        struct akcipher_request *req = child_async_req->data;
 354        struct crypto_async_request async_req;
 355
 356        if (err == -EINPROGRESS)
 357                return;
 358
 359        async_req.data = req->base.data;
 360        async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
 361        async_req.flags = child_async_req->flags;
 362        req->base.complete(&async_req, pkcs1pad_decrypt_complete(req, err));
 363}
 364
 365static int pkcs1pad_decrypt(struct akcipher_request *req)
 366{
 367        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 368        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 369        struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
 370        int err;
 371
 372        if (!ctx->key_size || req->src_len != ctx->key_size)
 373                return -EINVAL;
 374
 375        req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
 376        if (!req_ctx->out_buf)
 377                return -ENOMEM;
 378
 379        pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
 380                            ctx->key_size, NULL);
 381
 382        akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
 383        akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
 384                        pkcs1pad_decrypt_complete_cb, req);
 385
 386        /* Reuse input buffer, output to a new buffer */
 387        akcipher_request_set_crypt(&req_ctx->child_req, req->src,
 388                                   req_ctx->out_sg, req->src_len,
 389                                   ctx->key_size);
 390
 391        err = crypto_akcipher_decrypt(&req_ctx->child_req);
 392        if (err != -EINPROGRESS &&
 393                        (err != -EBUSY ||
 394                         !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
 395                return pkcs1pad_decrypt_complete(req, err);
 396
 397        return err;
 398}
 399
 400static int pkcs1pad_sign(struct akcipher_request *req)
 401{
 402        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 403        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 404        struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
 405        struct akcipher_instance *inst = akcipher_alg_instance(tfm);
 406        struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
 407        const struct rsa_asn1_template *digest_info = ictx->digest_info;
 408        int err;
 409        unsigned int ps_end, digest_size = 0;
 410
 411        if (!ctx->key_size)
 412                return -EINVAL;
 413
 414        digest_size = digest_info->size;
 415
 416        if (req->src_len + digest_size > ctx->key_size - 11)
 417                return -EOVERFLOW;
 418
 419        if (req->dst_len < ctx->key_size) {
 420                req->dst_len = ctx->key_size;
 421                return -EOVERFLOW;
 422        }
 423
 424        req_ctx->in_buf = kmalloc(ctx->key_size - 1 - req->src_len,
 425                                  GFP_KERNEL);
 426        if (!req_ctx->in_buf)
 427                return -ENOMEM;
 428
 429        ps_end = ctx->key_size - digest_size - req->src_len - 2;
 430        req_ctx->in_buf[0] = 0x01;
 431        memset(req_ctx->in_buf + 1, 0xff, ps_end - 1);
 432        req_ctx->in_buf[ps_end] = 0x00;
 433
 434        memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,
 435               digest_info->size);
 436
 437        pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
 438                        ctx->key_size - 1 - req->src_len, req->src);
 439
 440        akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
 441        akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
 442                        pkcs1pad_encrypt_sign_complete_cb, req);
 443
 444        /* Reuse output buffer */
 445        akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
 446                                   req->dst, ctx->key_size - 1, req->dst_len);
 447
 448        err = crypto_akcipher_sign(&req_ctx->child_req);
 449        if (err != -EINPROGRESS &&
 450                        (err != -EBUSY ||
 451                         !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
 452                return pkcs1pad_encrypt_sign_complete(req, err);
 453
 454        return err;
 455}
 456
 457static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
 458{
 459        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 460        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 461        struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
 462        struct akcipher_instance *inst = akcipher_alg_instance(tfm);
 463        struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
 464        const struct rsa_asn1_template *digest_info = ictx->digest_info;
 465        unsigned int dst_len;
 466        unsigned int pos;
 467        u8 *out_buf;
 468
 469        if (err)
 470                goto done;
 471
 472        err = -EINVAL;
 473        dst_len = req_ctx->child_req.dst_len;
 474        if (dst_len < ctx->key_size - 1)
 475                goto done;
 476
 477        out_buf = req_ctx->out_buf;
 478        if (dst_len == ctx->key_size) {
 479                if (out_buf[0] != 0x00)
 480                        /* Decrypted value had no leading 0 byte */
 481                        goto done;
 482
 483                dst_len--;
 484                out_buf++;
 485        }
 486
 487        err = -EBADMSG;
 488        if (out_buf[0] != 0x01)
 489                goto done;
 490
 491        for (pos = 1; pos < dst_len; pos++)
 492                if (out_buf[pos] != 0xff)
 493                        break;
 494
 495        if (pos < 9 || pos == dst_len || out_buf[pos] != 0x00)
 496                goto done;
 497        pos++;
 498
 499        if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
 500                goto done;
 501
 502        pos += digest_info->size;
 503
 504        err = 0;
 505
 506        if (req->dst_len < dst_len - pos)
 507                err = -EOVERFLOW;
 508        req->dst_len = dst_len - pos;
 509
 510        if (!err)
 511                sg_copy_from_buffer(req->dst,
 512                                sg_nents_for_len(req->dst, req->dst_len),
 513                                out_buf + pos, req->dst_len);
 514done:
 515        kzfree(req_ctx->out_buf);
 516
 517        return err;
 518}
 519
 520static void pkcs1pad_verify_complete_cb(
 521                struct crypto_async_request *child_async_req, int err)
 522{
 523        struct akcipher_request *req = child_async_req->data;
 524        struct crypto_async_request async_req;
 525
 526        if (err == -EINPROGRESS)
 527                return;
 528
 529        async_req.data = req->base.data;
 530        async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
 531        async_req.flags = child_async_req->flags;
 532        req->base.complete(&async_req, pkcs1pad_verify_complete(req, err));
 533}
 534
 535/*
 536 * The verify operation is here for completeness similar to the verification
 537 * defined in RFC2313 section 10.2 except that block type 0 is not accepted,
 538 * as in RFC2437.  RFC2437 section 9.2 doesn't define any operation to
 539 * retrieve the DigestInfo from a signature, instead the user is expected
 540 * to call the sign operation to generate the expected signature and compare
 541 * signatures instead of the message-digests.
 542 */
 543static int pkcs1pad_verify(struct akcipher_request *req)
 544{
 545        struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
 546        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 547        struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
 548        int err;
 549
 550        if (!ctx->key_size || req->src_len < ctx->key_size)
 551                return -EINVAL;
 552
 553        req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
 554        if (!req_ctx->out_buf)
 555                return -ENOMEM;
 556
 557        pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
 558                            ctx->key_size, NULL);
 559
 560        akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
 561        akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
 562                        pkcs1pad_verify_complete_cb, req);
 563
 564        /* Reuse input buffer, output to a new buffer */
 565        akcipher_request_set_crypt(&req_ctx->child_req, req->src,
 566                                   req_ctx->out_sg, req->src_len,
 567                                   ctx->key_size);
 568
 569        err = crypto_akcipher_verify(&req_ctx->child_req);
 570        if (err != -EINPROGRESS &&
 571                        (err != -EBUSY ||
 572                         !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
 573                return pkcs1pad_verify_complete(req, err);
 574
 575        return err;
 576}
 577
 578static int pkcs1pad_init_tfm(struct crypto_akcipher *tfm)
 579{
 580        struct akcipher_instance *inst = akcipher_alg_instance(tfm);
 581        struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
 582        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 583        struct crypto_akcipher *child_tfm;
 584
 585        child_tfm = crypto_spawn_akcipher(&ictx->spawn);
 586        if (IS_ERR(child_tfm))
 587                return PTR_ERR(child_tfm);
 588
 589        ctx->child = child_tfm;
 590        return 0;
 591}
 592
 593static void pkcs1pad_exit_tfm(struct crypto_akcipher *tfm)
 594{
 595        struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
 596
 597        crypto_free_akcipher(ctx->child);
 598}
 599
 600static void pkcs1pad_free(struct akcipher_instance *inst)
 601{
 602        struct pkcs1pad_inst_ctx *ctx = akcipher_instance_ctx(inst);
 603        struct crypto_akcipher_spawn *spawn = &ctx->spawn;
 604
 605        crypto_drop_akcipher(spawn);
 606        kfree(inst);
 607}
 608
 609static int pkcs1pad_create(struct crypto_template *tmpl, struct rtattr **tb)
 610{
 611        const struct rsa_asn1_template *digest_info;
 612        struct crypto_attr_type *algt;
 613        struct akcipher_instance *inst;
 614        struct pkcs1pad_inst_ctx *ctx;
 615        struct crypto_akcipher_spawn *spawn;
 616        struct akcipher_alg *rsa_alg;
 617        const char *rsa_alg_name;
 618        const char *hash_name;
 619        int err;
 620
 621        algt = crypto_get_attr_type(tb);
 622        if (IS_ERR(algt))
 623                return PTR_ERR(algt);
 624
 625        if ((algt->type ^ CRYPTO_ALG_TYPE_AKCIPHER) & algt->mask)
 626                return -EINVAL;
 627
 628        rsa_alg_name = crypto_attr_alg_name(tb[1]);
 629        if (IS_ERR(rsa_alg_name))
 630                return PTR_ERR(rsa_alg_name);
 631
 632        hash_name = crypto_attr_alg_name(tb[2]);
 633        if (IS_ERR(hash_name))
 634                return PTR_ERR(hash_name);
 635
 636        digest_info = rsa_lookup_asn1(hash_name);
 637        if (!digest_info)
 638                return -EINVAL;
 639
 640        inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
 641        if (!inst)
 642                return -ENOMEM;
 643
 644        ctx = akcipher_instance_ctx(inst);
 645        spawn = &ctx->spawn;
 646        ctx->digest_info = digest_info;
 647
 648        crypto_set_spawn(&spawn->base, akcipher_crypto_instance(inst));
 649        err = crypto_grab_akcipher(spawn, rsa_alg_name, 0,
 650                        crypto_requires_sync(algt->type, algt->mask));
 651        if (err)
 652                goto out_free_inst;
 653
 654        rsa_alg = crypto_spawn_akcipher_alg(spawn);
 655
 656        err = -ENAMETOOLONG;
 657
 658        if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
 659                     "pkcs1pad(%s,%s)", rsa_alg->base.cra_name, hash_name) >=
 660            CRYPTO_MAX_ALG_NAME ||
 661            snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
 662                     "pkcs1pad(%s,%s)",
 663                     rsa_alg->base.cra_driver_name, hash_name) >=
 664            CRYPTO_MAX_ALG_NAME)
 665                goto out_drop_alg;
 666
 667        inst->alg.base.cra_flags = rsa_alg->base.cra_flags & CRYPTO_ALG_ASYNC;
 668        inst->alg.base.cra_priority = rsa_alg->base.cra_priority;
 669        inst->alg.base.cra_ctxsize = sizeof(struct pkcs1pad_ctx);
 670
 671        inst->alg.init = pkcs1pad_init_tfm;
 672        inst->alg.exit = pkcs1pad_exit_tfm;
 673
 674        inst->alg.encrypt = pkcs1pad_encrypt;
 675        inst->alg.decrypt = pkcs1pad_decrypt;
 676        inst->alg.sign = pkcs1pad_sign;
 677        inst->alg.verify = pkcs1pad_verify;
 678        inst->alg.set_pub_key = pkcs1pad_set_pub_key;
 679        inst->alg.set_priv_key = pkcs1pad_set_priv_key;
 680        inst->alg.max_size = pkcs1pad_get_max_size;
 681        inst->alg.reqsize = sizeof(struct pkcs1pad_request) + rsa_alg->reqsize;
 682
 683        inst->free = pkcs1pad_free;
 684
 685        err = akcipher_register_instance(tmpl, inst);
 686        if (err)
 687                goto out_drop_alg;
 688
 689        return 0;
 690
 691out_drop_alg:
 692        crypto_drop_akcipher(spawn);
 693out_free_inst:
 694        kfree(inst);
 695        return err;
 696}
 697
 698struct crypto_template rsa_pkcs1pad_tmpl = {
 699        .name = "pkcs1pad",
 700        .create = pkcs1pad_create,
 701        .module = THIS_MODULE,
 702};
 703