ACC: add judgement of rsa-crt or N-CRT

driver inclusion category: bugfix bugzilla: NA CVE: NA for "PKCS#1 RSA" before the kernel of 4.17, when it is N-crt mode, parameters of p,q,dp,dq,qinv are 0x30, which are different from 4.17 or newer version(they are 0x00), so we should judge it is CRT or NCRT, may u have better idea. Signed-off-by: N yumeng <yumeng18@huawei.com> Reviewed-by: N huangdaode <huangdaode@hisilicon.com> Signed-off-by: N lingmingqiang <lingmingqiang@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

ACC: add judgement of rsa-crt or N-CRT
driver inclusion category: bugfix bugzilla: NA CVE: NA for "PKCS#1 RSA" before the kernel of 4.17, when it is N-crt mode, parameters of p,q,dp,dq,qinv are 0x30, which are different from 4.17 or newer version(they are 0x00), so we should judge it is CRT or NCRT, may u have better idea. Signed-off-by: N yumeng <yumeng18@huawei.com> Reviewed-by: N huangdaode <huangdaode@hisilicon.com> Signed-off-by: N lingmingqiang <lingmingqiang@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
41762830 · yumeng · Xie XiuQi · d067e0bf · 41762830
显示空白变更内容
内联并排

Showing with 29 addition and 1 deletion

drivers/crypto/hisilicon/hpre/hpre_crypto.c drivers/crypto/hisilicon/hpre/hpre_crypto.c +29 -1

未找到文件。
--- a/drivers/crypto/hisilicon/hpre/hpre_crypto.c
+++ b/drivers/crypto/hisilicon/hpre/hpre_crypto.c
@@ -421,6 +421,7 @@ static int hpre_msg_comm_set(struct hpre_ctx *ctx, void *req, int is_rsa)
 	return 0;
 }
+#ifdef CONFIG_CRYPTO_DH
 static int hpre_dh_compute_value(struct kpp_request *req)
 {
 	struct crypto_kpp *tfm = crypto_kpp_reqtfm(req);
@@ -574,6 +575,7 @@ static void hpre_dh_exit_tfm(struct crypto_kpp *tfm)
 	hpre_dh_clear_ctx(ctx, 1);
 }
+#endif
 static void _rsa_cb(struct hpre_ctx *ctx, void *resp)
 {
@@ -886,6 +888,23 @@ static void hpre_rsa_clear_ctx(struct hpre_ctx *ctx, int is_exit)
 	_ctx_clear(ctx, is_exit);
 }
+/**
+ * the kernel before or after 4.17,
+ * the sample of pkcs1pad_rsa_tv_template is deferent,
+ * we should judge it is CRT or not,
+ * regardless of the kernel version,
+ * CRT: return true,  N-CRT: return false .
+ */
+static bool hpre_is_crt_key(struct rsa_key *key)
+{
+	u16 len = key->p_sz + key->q_sz + key->dp_sz + key->dq_sz +
+		  key->qinv_sz;
+#define LEN_OF_NCRT_PARA	5
+	if (len <= LEN_OF_NCRT_PARA)
+		return false;
+	else
+		return true;
+}
 static int hpre_rsa_setkey(struct hpre_ctx *ctx, const void *key,
 			   unsigned int keylen, bool private)
@@ -910,6 +929,7 @@ static int hpre_rsa_setkey(struct hpre_ctx *ctx, const void *key,
 		ret = hpre_rsa_set_d(ctx, rsa_key.d, rsa_key.d_sz);
 		if (ret < 0)
 			goto free;
+		if (hpre_is_crt_key(&rsa_key))
 			hpre_rsa_setkey_crt(ctx, &rsa_key);
 	}
 	ret = hpre_rsa_set_e(ctx, rsa_key.e, rsa_key.e_sz);
@@ -1010,6 +1030,7 @@ static struct akcipher_alg rsa = {
 	},
 };
+#ifdef CONFIG_CRYPTO_DH
 static struct kpp_alg dh = {
 	.set_secret = hpre_dh_set_secret,
 	.generate_public_key = hpre_dh_compute_value,
@@ -1026,6 +1047,7 @@ static struct kpp_alg dh = {
 		.cra_ctxsize = sizeof(struct hpre_ctx),
 	},
 };
+#endif
 int hpre_algs_register(void)
 {
@@ -1036,11 +1058,17 @@ int hpre_algs_register(void)
 	if (ret)
 		return ret;
+#ifdef CONFIG_CRYPTO_DH
 	return crypto_register_kpp(&dh);
+#else
+	return ret;
+#endif
 }
 void hpre_algs_unregister(void)
 {
 	crypto_unregister_akcipher(&rsa);
+#ifdef CONFIG_CRYPTO_DH
 	crypto_unregister_kpp(&dh);
+#endif
 }