Back to home page

LXR

 
 

    


0001 /*
0002  * RSA padding templates.
0003  *
0004  * Copyright (c) 2015  Intel Corporation
0005  *
0006  * This program is free software; you can redistribute it and/or modify it
0007  * under the terms of the GNU General Public License as published by the Free
0008  * Software Foundation; either version 2 of the License, or (at your option)
0009  * any later version.
0010  */
0011 
0012 #include <crypto/algapi.h>
0013 #include <crypto/akcipher.h>
0014 #include <crypto/internal/akcipher.h>
0015 #include <linux/err.h>
0016 #include <linux/init.h>
0017 #include <linux/kernel.h>
0018 #include <linux/module.h>
0019 #include <linux/random.h>
0020 
0021 /*
0022  * Hash algorithm OIDs plus ASN.1 DER wrappings [RFC4880 sec 5.2.2].
0023  */
0024 static const u8 rsa_digest_info_md5[] = {
0025     0x30, 0x20, 0x30, 0x0c, 0x06, 0x08,
0026     0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x05, /* OID */
0027     0x05, 0x00, 0x04, 0x10
0028 };
0029 
0030 static const u8 rsa_digest_info_sha1[] = {
0031     0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0032     0x2b, 0x0e, 0x03, 0x02, 0x1a,
0033     0x05, 0x00, 0x04, 0x14
0034 };
0035 
0036 static const u8 rsa_digest_info_rmd160[] = {
0037     0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0038     0x2b, 0x24, 0x03, 0x02, 0x01,
0039     0x05, 0x00, 0x04, 0x14
0040 };
0041 
0042 static const u8 rsa_digest_info_sha224[] = {
0043     0x30, 0x2d, 0x30, 0x0d, 0x06, 0x09,
0044     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x04,
0045     0x05, 0x00, 0x04, 0x1c
0046 };
0047 
0048 static const u8 rsa_digest_info_sha256[] = {
0049     0x30, 0x31, 0x30, 0x0d, 0x06, 0x09,
0050     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
0051     0x05, 0x00, 0x04, 0x20
0052 };
0053 
0054 static const u8 rsa_digest_info_sha384[] = {
0055     0x30, 0x41, 0x30, 0x0d, 0x06, 0x09,
0056     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
0057     0x05, 0x00, 0x04, 0x30
0058 };
0059 
0060 static const u8 rsa_digest_info_sha512[] = {
0061     0x30, 0x51, 0x30, 0x0d, 0x06, 0x09,
0062     0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
0063     0x05, 0x00, 0x04, 0x40
0064 };
0065 
0066 static const struct rsa_asn1_template {
0067     const char  *name;
0068     const u8    *data;
0069     size_t      size;
0070 } rsa_asn1_templates[] = {
0071 #define _(X) { #X, rsa_digest_info_##X, sizeof(rsa_digest_info_##X) }
0072     _(md5),
0073     _(sha1),
0074     _(rmd160),
0075     _(sha256),
0076     _(sha384),
0077     _(sha512),
0078     _(sha224),
0079     { NULL }
0080 #undef _
0081 };
0082 
0083 static const struct rsa_asn1_template *rsa_lookup_asn1(const char *name)
0084 {
0085     const struct rsa_asn1_template *p;
0086 
0087     for (p = rsa_asn1_templates; p->name; p++)
0088         if (strcmp(name, p->name) == 0)
0089             return p;
0090     return NULL;
0091 }
0092 
0093 struct pkcs1pad_ctx {
0094     struct crypto_akcipher *child;
0095     unsigned int key_size;
0096 };
0097 
0098 struct pkcs1pad_inst_ctx {
0099     struct crypto_akcipher_spawn spawn;
0100     const struct rsa_asn1_template *digest_info;
0101 };
0102 
0103 struct pkcs1pad_request {
0104     struct scatterlist in_sg[2], out_sg[1];
0105     uint8_t *in_buf, *out_buf;
0106     struct akcipher_request child_req;
0107 };
0108 
0109 static int pkcs1pad_set_pub_key(struct crypto_akcipher *tfm, const void *key,
0110         unsigned int keylen)
0111 {
0112     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0113     int err;
0114 
0115     ctx->key_size = 0;
0116 
0117     err = crypto_akcipher_set_pub_key(ctx->child, key, keylen);
0118     if (err)
0119         return err;
0120 
0121     /* Find out new modulus size from rsa implementation */
0122     err = crypto_akcipher_maxsize(ctx->child);
0123     if (err < 0)
0124         return err;
0125 
0126     if (err > PAGE_SIZE)
0127         return -ENOTSUPP;
0128 
0129     ctx->key_size = err;
0130     return 0;
0131 }
0132 
0133 static int pkcs1pad_set_priv_key(struct crypto_akcipher *tfm, const void *key,
0134         unsigned int keylen)
0135 {
0136     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0137     int err;
0138 
0139     ctx->key_size = 0;
0140 
0141     err = crypto_akcipher_set_priv_key(ctx->child, key, keylen);
0142     if (err)
0143         return err;
0144 
0145     /* Find out new modulus size from rsa implementation */
0146     err = crypto_akcipher_maxsize(ctx->child);
0147     if (err < 0)
0148         return err;
0149 
0150     if (err > PAGE_SIZE)
0151         return -ENOTSUPP;
0152 
0153     ctx->key_size = err;
0154     return 0;
0155 }
0156 
0157 static int pkcs1pad_get_max_size(struct crypto_akcipher *tfm)
0158 {
0159     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0160 
0161     /*
0162      * The maximum destination buffer size for the encrypt/sign operations
0163      * will be the same as for RSA, even though it's smaller for
0164      * decrypt/verify.
0165      */
0166 
0167     return ctx->key_size ?: -EINVAL;
0168 }
0169 
0170 static void pkcs1pad_sg_set_buf(struct scatterlist *sg, void *buf, size_t len,
0171         struct scatterlist *next)
0172 {
0173     int nsegs = next ? 2 : 1;
0174 
0175     sg_init_table(sg, nsegs);
0176     sg_set_buf(sg, buf, len);
0177 
0178     if (next)
0179         sg_chain(sg, nsegs, next);
0180 }
0181 
0182 static int pkcs1pad_encrypt_sign_complete(struct akcipher_request *req, int err)
0183 {
0184     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0185     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0186     struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
0187     unsigned int pad_len;
0188     unsigned int len;
0189     u8 *out_buf;
0190 
0191     if (err)
0192         goto out;
0193 
0194     len = req_ctx->child_req.dst_len;
0195     pad_len = ctx->key_size - len;
0196 
0197     /* Four billion to one */
0198     if (likely(!pad_len))
0199         goto out;
0200 
0201     out_buf = kzalloc(ctx->key_size, GFP_ATOMIC);
0202     err = -ENOMEM;
0203     if (!out_buf)
0204         goto out;
0205 
0206     sg_copy_to_buffer(req->dst, sg_nents_for_len(req->dst, len),
0207               out_buf + pad_len, len);
0208     sg_copy_from_buffer(req->dst,
0209                 sg_nents_for_len(req->dst, ctx->key_size),
0210                 out_buf, ctx->key_size);
0211     kzfree(out_buf);
0212 
0213 out:
0214     req->dst_len = ctx->key_size;
0215 
0216     kfree(req_ctx->in_buf);
0217 
0218     return err;
0219 }
0220 
0221 static void pkcs1pad_encrypt_sign_complete_cb(
0222         struct crypto_async_request *child_async_req, int err)
0223 {
0224     struct akcipher_request *req = child_async_req->data;
0225     struct crypto_async_request async_req;
0226 
0227     if (err == -EINPROGRESS)
0228         return;
0229 
0230     async_req.data = req->base.data;
0231     async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
0232     async_req.flags = child_async_req->flags;
0233     req->base.complete(&async_req,
0234             pkcs1pad_encrypt_sign_complete(req, err));
0235 }
0236 
0237 static int pkcs1pad_encrypt(struct akcipher_request *req)
0238 {
0239     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0240     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0241     struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
0242     int err;
0243     unsigned int i, ps_end;
0244 
0245     if (!ctx->key_size)
0246         return -EINVAL;
0247 
0248     if (req->src_len > ctx->key_size - 11)
0249         return -EOVERFLOW;
0250 
0251     if (req->dst_len < ctx->key_size) {
0252         req->dst_len = ctx->key_size;
0253         return -EOVERFLOW;
0254     }
0255 
0256     req_ctx->in_buf = kmalloc(ctx->key_size - 1 - req->src_len,
0257                   GFP_KERNEL);
0258     if (!req_ctx->in_buf)
0259         return -ENOMEM;
0260 
0261     ps_end = ctx->key_size - req->src_len - 2;
0262     req_ctx->in_buf[0] = 0x02;
0263     for (i = 1; i < ps_end; i++)
0264         req_ctx->in_buf[i] = 1 + prandom_u32_max(255);
0265     req_ctx->in_buf[ps_end] = 0x00;
0266 
0267     pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
0268             ctx->key_size - 1 - req->src_len, req->src);
0269 
0270     req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
0271     if (!req_ctx->out_buf) {
0272         kfree(req_ctx->in_buf);
0273         return -ENOMEM;
0274     }
0275 
0276     pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
0277             ctx->key_size, NULL);
0278 
0279     akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
0280     akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
0281             pkcs1pad_encrypt_sign_complete_cb, req);
0282 
0283     /* Reuse output buffer */
0284     akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
0285                    req->dst, ctx->key_size - 1, req->dst_len);
0286 
0287     err = crypto_akcipher_encrypt(&req_ctx->child_req);
0288     if (err != -EINPROGRESS &&
0289             (err != -EBUSY ||
0290              !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
0291         return pkcs1pad_encrypt_sign_complete(req, err);
0292 
0293     return err;
0294 }
0295 
0296 static int pkcs1pad_decrypt_complete(struct akcipher_request *req, int err)
0297 {
0298     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0299     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0300     struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
0301     unsigned int dst_len;
0302     unsigned int pos;
0303     u8 *out_buf;
0304 
0305     if (err)
0306         goto done;
0307 
0308     err = -EINVAL;
0309     dst_len = req_ctx->child_req.dst_len;
0310     if (dst_len < ctx->key_size - 1)
0311         goto done;
0312 
0313     out_buf = req_ctx->out_buf;
0314     if (dst_len == ctx->key_size) {
0315         if (out_buf[0] != 0x00)
0316             /* Decrypted value had no leading 0 byte */
0317             goto done;
0318 
0319         dst_len--;
0320         out_buf++;
0321     }
0322 
0323     if (out_buf[0] != 0x02)
0324         goto done;
0325 
0326     for (pos = 1; pos < dst_len; pos++)
0327         if (out_buf[pos] == 0x00)
0328             break;
0329     if (pos < 9 || pos == dst_len)
0330         goto done;
0331     pos++;
0332 
0333     err = 0;
0334 
0335     if (req->dst_len < dst_len - pos)
0336         err = -EOVERFLOW;
0337     req->dst_len = dst_len - pos;
0338 
0339     if (!err)
0340         sg_copy_from_buffer(req->dst,
0341                 sg_nents_for_len(req->dst, req->dst_len),
0342                 out_buf + pos, req->dst_len);
0343 
0344 done:
0345     kzfree(req_ctx->out_buf);
0346 
0347     return err;
0348 }
0349 
0350 static void pkcs1pad_decrypt_complete_cb(
0351         struct crypto_async_request *child_async_req, int err)
0352 {
0353     struct akcipher_request *req = child_async_req->data;
0354     struct crypto_async_request async_req;
0355 
0356     if (err == -EINPROGRESS)
0357         return;
0358 
0359     async_req.data = req->base.data;
0360     async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
0361     async_req.flags = child_async_req->flags;
0362     req->base.complete(&async_req, pkcs1pad_decrypt_complete(req, err));
0363 }
0364 
0365 static int pkcs1pad_decrypt(struct akcipher_request *req)
0366 {
0367     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0368     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0369     struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
0370     int err;
0371 
0372     if (!ctx->key_size || req->src_len != ctx->key_size)
0373         return -EINVAL;
0374 
0375     req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
0376     if (!req_ctx->out_buf)
0377         return -ENOMEM;
0378 
0379     pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
0380                 ctx->key_size, NULL);
0381 
0382     akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
0383     akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
0384             pkcs1pad_decrypt_complete_cb, req);
0385 
0386     /* Reuse input buffer, output to a new buffer */
0387     akcipher_request_set_crypt(&req_ctx->child_req, req->src,
0388                    req_ctx->out_sg, req->src_len,
0389                    ctx->key_size);
0390 
0391     err = crypto_akcipher_decrypt(&req_ctx->child_req);
0392     if (err != -EINPROGRESS &&
0393             (err != -EBUSY ||
0394              !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
0395         return pkcs1pad_decrypt_complete(req, err);
0396 
0397     return err;
0398 }
0399 
0400 static int pkcs1pad_sign(struct akcipher_request *req)
0401 {
0402     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0403     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0404     struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
0405     struct akcipher_instance *inst = akcipher_alg_instance(tfm);
0406     struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
0407     const struct rsa_asn1_template *digest_info = ictx->digest_info;
0408     int err;
0409     unsigned int ps_end, digest_size = 0;
0410 
0411     if (!ctx->key_size)
0412         return -EINVAL;
0413 
0414     digest_size = digest_info->size;
0415 
0416     if (req->src_len + digest_size > ctx->key_size - 11)
0417         return -EOVERFLOW;
0418 
0419     if (req->dst_len < ctx->key_size) {
0420         req->dst_len = ctx->key_size;
0421         return -EOVERFLOW;
0422     }
0423 
0424     req_ctx->in_buf = kmalloc(ctx->key_size - 1 - req->src_len,
0425                   GFP_KERNEL);
0426     if (!req_ctx->in_buf)
0427         return -ENOMEM;
0428 
0429     ps_end = ctx->key_size - digest_size - req->src_len - 2;
0430     req_ctx->in_buf[0] = 0x01;
0431     memset(req_ctx->in_buf + 1, 0xff, ps_end - 1);
0432     req_ctx->in_buf[ps_end] = 0x00;
0433 
0434     memcpy(req_ctx->in_buf + ps_end + 1, digest_info->data,
0435            digest_info->size);
0436 
0437     pkcs1pad_sg_set_buf(req_ctx->in_sg, req_ctx->in_buf,
0438             ctx->key_size - 1 - req->src_len, req->src);
0439 
0440     akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
0441     akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
0442             pkcs1pad_encrypt_sign_complete_cb, req);
0443 
0444     /* Reuse output buffer */
0445     akcipher_request_set_crypt(&req_ctx->child_req, req_ctx->in_sg,
0446                    req->dst, ctx->key_size - 1, req->dst_len);
0447 
0448     err = crypto_akcipher_sign(&req_ctx->child_req);
0449     if (err != -EINPROGRESS &&
0450             (err != -EBUSY ||
0451              !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
0452         return pkcs1pad_encrypt_sign_complete(req, err);
0453 
0454     return err;
0455 }
0456 
0457 static int pkcs1pad_verify_complete(struct akcipher_request *req, int err)
0458 {
0459     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0460     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0461     struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
0462     struct akcipher_instance *inst = akcipher_alg_instance(tfm);
0463     struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
0464     const struct rsa_asn1_template *digest_info = ictx->digest_info;
0465     unsigned int dst_len;
0466     unsigned int pos;
0467     u8 *out_buf;
0468 
0469     if (err)
0470         goto done;
0471 
0472     err = -EINVAL;
0473     dst_len = req_ctx->child_req.dst_len;
0474     if (dst_len < ctx->key_size - 1)
0475         goto done;
0476 
0477     out_buf = req_ctx->out_buf;
0478     if (dst_len == ctx->key_size) {
0479         if (out_buf[0] != 0x00)
0480             /* Decrypted value had no leading 0 byte */
0481             goto done;
0482 
0483         dst_len--;
0484         out_buf++;
0485     }
0486 
0487     err = -EBADMSG;
0488     if (out_buf[0] != 0x01)
0489         goto done;
0490 
0491     for (pos = 1; pos < dst_len; pos++)
0492         if (out_buf[pos] != 0xff)
0493             break;
0494 
0495     if (pos < 9 || pos == dst_len || out_buf[pos] != 0x00)
0496         goto done;
0497     pos++;
0498 
0499     if (memcmp(out_buf + pos, digest_info->data, digest_info->size))
0500         goto done;
0501 
0502     pos += digest_info->size;
0503 
0504     err = 0;
0505 
0506     if (req->dst_len < dst_len - pos)
0507         err = -EOVERFLOW;
0508     req->dst_len = dst_len - pos;
0509 
0510     if (!err)
0511         sg_copy_from_buffer(req->dst,
0512                 sg_nents_for_len(req->dst, req->dst_len),
0513                 out_buf + pos, req->dst_len);
0514 done:
0515     kzfree(req_ctx->out_buf);
0516 
0517     return err;
0518 }
0519 
0520 static void pkcs1pad_verify_complete_cb(
0521         struct crypto_async_request *child_async_req, int err)
0522 {
0523     struct akcipher_request *req = child_async_req->data;
0524     struct crypto_async_request async_req;
0525 
0526     if (err == -EINPROGRESS)
0527         return;
0528 
0529     async_req.data = req->base.data;
0530     async_req.tfm = crypto_akcipher_tfm(crypto_akcipher_reqtfm(req));
0531     async_req.flags = child_async_req->flags;
0532     req->base.complete(&async_req, pkcs1pad_verify_complete(req, err));
0533 }
0534 
0535 /*
0536  * The verify operation is here for completeness similar to the verification
0537  * defined in RFC2313 section 10.2 except that block type 0 is not accepted,
0538  * as in RFC2437.  RFC2437 section 9.2 doesn't define any operation to
0539  * retrieve the DigestInfo from a signature, instead the user is expected
0540  * to call the sign operation to generate the expected signature and compare
0541  * signatures instead of the message-digests.
0542  */
0543 static int pkcs1pad_verify(struct akcipher_request *req)
0544 {
0545     struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
0546     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0547     struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
0548     int err;
0549 
0550     if (!ctx->key_size || req->src_len < ctx->key_size)
0551         return -EINVAL;
0552 
0553     req_ctx->out_buf = kmalloc(ctx->key_size, GFP_KERNEL);
0554     if (!req_ctx->out_buf)
0555         return -ENOMEM;
0556 
0557     pkcs1pad_sg_set_buf(req_ctx->out_sg, req_ctx->out_buf,
0558                 ctx->key_size, NULL);
0559 
0560     akcipher_request_set_tfm(&req_ctx->child_req, ctx->child);
0561     akcipher_request_set_callback(&req_ctx->child_req, req->base.flags,
0562             pkcs1pad_verify_complete_cb, req);
0563 
0564     /* Reuse input buffer, output to a new buffer */
0565     akcipher_request_set_crypt(&req_ctx->child_req, req->src,
0566                    req_ctx->out_sg, req->src_len,
0567                    ctx->key_size);
0568 
0569     err = crypto_akcipher_verify(&req_ctx->child_req);
0570     if (err != -EINPROGRESS &&
0571             (err != -EBUSY ||
0572              !(req->base.flags & CRYPTO_TFM_REQ_MAY_BACKLOG)))
0573         return pkcs1pad_verify_complete(req, err);
0574 
0575     return err;
0576 }
0577 
0578 static int pkcs1pad_init_tfm(struct crypto_akcipher *tfm)
0579 {
0580     struct akcipher_instance *inst = akcipher_alg_instance(tfm);
0581     struct pkcs1pad_inst_ctx *ictx = akcipher_instance_ctx(inst);
0582     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0583     struct crypto_akcipher *child_tfm;
0584 
0585     child_tfm = crypto_spawn_akcipher(&ictx->spawn);
0586     if (IS_ERR(child_tfm))
0587         return PTR_ERR(child_tfm);
0588 
0589     ctx->child = child_tfm;
0590     return 0;
0591 }
0592 
0593 static void pkcs1pad_exit_tfm(struct crypto_akcipher *tfm)
0594 {
0595     struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
0596 
0597     crypto_free_akcipher(ctx->child);
0598 }
0599 
0600 static void pkcs1pad_free(struct akcipher_instance *inst)
0601 {
0602     struct pkcs1pad_inst_ctx *ctx = akcipher_instance_ctx(inst);
0603     struct crypto_akcipher_spawn *spawn = &ctx->spawn;
0604 
0605     crypto_drop_akcipher(spawn);
0606     kfree(inst);
0607 }
0608 
0609 static int pkcs1pad_create(struct crypto_template *tmpl, struct rtattr **tb)
0610 {
0611     const struct rsa_asn1_template *digest_info;
0612     struct crypto_attr_type *algt;
0613     struct akcipher_instance *inst;
0614     struct pkcs1pad_inst_ctx *ctx;
0615     struct crypto_akcipher_spawn *spawn;
0616     struct akcipher_alg *rsa_alg;
0617     const char *rsa_alg_name;
0618     const char *hash_name;
0619     int err;
0620 
0621     algt = crypto_get_attr_type(tb);
0622     if (IS_ERR(algt))
0623         return PTR_ERR(algt);
0624 
0625     if ((algt->type ^ CRYPTO_ALG_TYPE_AKCIPHER) & algt->mask)
0626         return -EINVAL;
0627 
0628     rsa_alg_name = crypto_attr_alg_name(tb[1]);
0629     if (IS_ERR(rsa_alg_name))
0630         return PTR_ERR(rsa_alg_name);
0631 
0632     hash_name = crypto_attr_alg_name(tb[2]);
0633     if (IS_ERR(hash_name))
0634         return PTR_ERR(hash_name);
0635 
0636     digest_info = rsa_lookup_asn1(hash_name);
0637     if (!digest_info)
0638         return -EINVAL;
0639 
0640     inst = kzalloc(sizeof(*inst) + sizeof(*ctx), GFP_KERNEL);
0641     if (!inst)
0642         return -ENOMEM;
0643 
0644     ctx = akcipher_instance_ctx(inst);
0645     spawn = &ctx->spawn;
0646     ctx->digest_info = digest_info;
0647 
0648     crypto_set_spawn(&spawn->base, akcipher_crypto_instance(inst));
0649     err = crypto_grab_akcipher(spawn, rsa_alg_name, 0,
0650             crypto_requires_sync(algt->type, algt->mask));
0651     if (err)
0652         goto out_free_inst;
0653 
0654     rsa_alg = crypto_spawn_akcipher_alg(spawn);
0655 
0656     err = -ENAMETOOLONG;
0657 
0658     if (snprintf(inst->alg.base.cra_name, CRYPTO_MAX_ALG_NAME,
0659              "pkcs1pad(%s,%s)", rsa_alg->base.cra_name, hash_name) >=
0660         CRYPTO_MAX_ALG_NAME ||
0661         snprintf(inst->alg.base.cra_driver_name, CRYPTO_MAX_ALG_NAME,
0662              "pkcs1pad(%s,%s)",
0663              rsa_alg->base.cra_driver_name, hash_name) >=
0664         CRYPTO_MAX_ALG_NAME)
0665         goto out_drop_alg;
0666 
0667     inst->alg.base.cra_flags = rsa_alg->base.cra_flags & CRYPTO_ALG_ASYNC;
0668     inst->alg.base.cra_priority = rsa_alg->base.cra_priority;
0669     inst->alg.base.cra_ctxsize = sizeof(struct pkcs1pad_ctx);
0670 
0671     inst->alg.init = pkcs1pad_init_tfm;
0672     inst->alg.exit = pkcs1pad_exit_tfm;
0673 
0674     inst->alg.encrypt = pkcs1pad_encrypt;
0675     inst->alg.decrypt = pkcs1pad_decrypt;
0676     inst->alg.sign = pkcs1pad_sign;
0677     inst->alg.verify = pkcs1pad_verify;
0678     inst->alg.set_pub_key = pkcs1pad_set_pub_key;
0679     inst->alg.set_priv_key = pkcs1pad_set_priv_key;
0680     inst->alg.max_size = pkcs1pad_get_max_size;
0681     inst->alg.reqsize = sizeof(struct pkcs1pad_request) + rsa_alg->reqsize;
0682 
0683     inst->free = pkcs1pad_free;
0684 
0685     err = akcipher_register_instance(tmpl, inst);
0686     if (err)
0687         goto out_drop_alg;
0688 
0689     return 0;
0690 
0691 out_drop_alg:
0692     crypto_drop_akcipher(spawn);
0693 out_free_inst:
0694     kfree(inst);
0695     return err;
0696 }
0697 
0698 struct crypto_template rsa_pkcs1pad_tmpl = {
0699     .name = "pkcs1pad",
0700     .create = pkcs1pad_create,
0701     .module = THIS_MODULE,
0702 };