Merge pull request #8646 from philljj/register_rsa

linuxkm: register rsa

configure.ac

@@ -9424,6 +9424,8 @@ then
         'ecdsa')    test "$ENABLED_ECC" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: ECDSA implementation not enabled.])
                     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDSA" ;;
         'ecdh')     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_ECDH" ;;
+        'rsa')      test "$ENABLED_RSA" != "no" || AC_MSG_ERROR([linuxkm-lkcapi-register ${lkcapi_alg}: RSA implementation not enabled.])
+                    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_REGISTER_RSA" ;;
         # disable options
         '-cbc(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCBC" ;;
         '-cfb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESCFB" ;;
@@ -9436,6 +9438,7 @@ then
         '-ecb(aes)') AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_AESECB" ;;
         '-ecdsa')    AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDSA" ;;
         '-ecdh')     AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_ECDH" ;;
+        '-rsa')      AM_CFLAGS="$AM_CFLAGS -DLINUXKM_LKCAPI_DONT_REGISTER_RSA" ;;
         *) AC_MSG_ERROR([Unsupported LKCAPI algorithm "$lkcapi_alg".])      ;;
         esac
     done

linuxkm/include.am

@@ -16,4 +16,5 @@ EXTRA_DIST += m4/ax_linuxkm.m4 \
 	      linuxkm/lkcapi_glue.c \
 	      linuxkm/lkcapi_ecdsa_glue.c \
 	      linuxkm/lkcapi_ecdh_glue.c \
+	      linuxkm/lkcapi_rsa_glue.c \
 	      linuxkm/x86_vector_register_glue.c

linuxkm/linuxkm_wc_port.h

@@ -294,14 +294,9 @@
         #include <crypto/scatterwalk.h>
         #include <crypto/internal/aead.h>
         #include <crypto/internal/skcipher.h>
+        #include <crypto/internal/akcipher.h>
         #include <crypto/internal/kpp.h>
 
-        #if defined(HAVE_ECC) && \
-            (defined(LINUXKM_LKCAPI_REGISTER_ALL) || \
-             defined(LINUXKM_LKCAPI_REGISTER_ECDSA))
-             #include <crypto/internal/akcipher.h>
-        #endif /* HAVE_ECC && (REGISTER_ALL || REGISTER_ECDSA) */
-
         /* the LKCAPI assumes that expanded encrypt and decrypt keys will stay
          * loaded simultaneously, and the Linux in-tree implementations have two
          * AES key structs in each context, one for each direction.  in

linuxkm/lkcapi_glue.c

@@ -4231,17 +4231,19 @@ static int linuxkm_test_aesecb(void) {
     #undef LINUXKM_LKCAPI_REGISTER_ECDH
 #endif /* HAVE_ECC */
 
-#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
+#if !defined(NO_RSA)
-    #if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
+    #if (defined(LINUXKM_LKCAPI_REGISTER_ALL) && !defined(LINUXKM_LKCAPI_DONT_REGISTER_RSA)) && \
-        /**
+        !defined(LINUXKM_LKCAPI_REGISTER_RSA)
-         * note: ecdsa supported with linux 6.12 and earlier for now, only.
+        #define LINUXKM_LKCAPI_REGISTER_RSA
-         * In linux 6.13, ecdsa changed from a struct akcipher_alg type to
+    #endif
-         * struct sig_alg type, and the sign/verify callbacks were removed
+#else
-         * from akcipher_alg.
+    #undef LINUXKM_LKCAPI_REGISTER_RSA
-         * */
+#endif /* !NO_RSA */
-        #undef LINUXKM_LKCAPI_REGISTER_ECDSA
-    #endif /* linux >= 6.13.0 */
 
+/**
+ * extra checks on kernel version, and ecc sizes.
+ * */
+#if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
     #if LINUX_VERSION_CODE < KERNEL_VERSION(6, 3, 0) && \
         defined(CONFIG_CRYPTO_FIPS) && defined(CONFIG_CRYPTO_MANAGER)
         /**
@@ -4265,6 +4267,29 @@ static int linuxkm_test_aesecb(void) {
     #endif
 #endif
 
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(6, 13, 0)
+    /**
+     * notes:
+     *   - ecdsa supported with linux 6.12 and earlier for now, only.
+     *   - pkcs1pad rsa supported both before and after linux 6.13, but
+     *     without sign/verify after linux 6.13.
+     *
+     * In linux 6.13 the sign/verify callbacks were removed from
+     * akcipher_alg, and ecdsa changed from a struct akcipher_alg type to
+     * struct sig_alg type.
+     *
+     * pkcs1pad rsa remained a struct akcipher_alg, but without sign/verify
+     * functionality.
+     * */
+    #if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
+        #undef LINUXKM_LKCAPI_REGISTER_ECDSA
+    #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
+
+    #if defined (LINUXKM_LKCAPI_REGISTER_RSA)
+        #define LINUXKM_AKCIPHER_NO_SIGNVERIFY
+    #endif /* LINUXKM_LKCAPI_REGISTER_RSA */
+#endif /* linux >= 6.13.0 */
+
 #if defined (LINUXKM_LKCAPI_REGISTER_ECDSA)
     #include "linuxkm/lkcapi_ecdsa_glue.c"
 #endif /* LINUXKM_LKCAPI_REGISTER_ECDSA */
@@ -4273,6 +4298,10 @@ static int linuxkm_test_aesecb(void) {
     #include "linuxkm/lkcapi_ecdh_glue.c"
 #endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
 
+#if defined(LINUXKM_LKCAPI_REGISTER_RSA)
+    #include "linuxkm/lkcapi_rsa_glue.c"
+#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
+
 static int linuxkm_lkcapi_register(void)
 {
     int ret = 0;
@@ -4388,6 +4417,20 @@ static int linuxkm_lkcapi_register(void)
                  linuxkm_test_ecdh_nist_p384);
 #endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
 
+#ifdef LINUXKM_LKCAPI_REGISTER_RSA
+    #if defined(LINUXKM_DIRECT_RSA)
+    REGISTER_ALG(direct_rsa, crypto_register_akcipher, linuxkm_test_rsa);
+    #endif /* LINUXKM_DIRECT_RSA */
+    #ifndef NO_SHA256
+    REGISTER_ALG(pkcs1_sha256, crypto_register_akcipher,
+                 linuxkm_test_pkcs1_sha256);
+    #endif /* !NO_SHA256 */
+    #ifdef WOLFSSL_SHA512
+    REGISTER_ALG(pkcs1_sha512, crypto_register_akcipher,
+                 linuxkm_test_pkcs1_sha512);
+    #endif /* WOLFSSL_SHA512 */
+#endif
+
 #undef REGISTER_ALG
 
     out:
@@ -4458,5 +4501,17 @@ static void linuxkm_lkcapi_unregister(void)
     /* no ecdh p521 in kernel. */
 #endif /* LINUXKM_LKCAPI_REGISTER_ECDH */
 
+#ifdef LINUXKM_LKCAPI_REGISTER_RSA
+    #if defined(LINUXKM_DIRECT_RSA)
+    UNREGISTER_ALG(direct_rsa, crypto_unregister_akcipher);
+    #endif /* LINUXKM_DIRECT_RSA */
+    #ifndef NO_SHA256
+    UNREGISTER_ALG(pkcs1_sha256, crypto_unregister_akcipher);
+    #endif /* !NO_SHA256 */
+    #ifdef WOLFSSL_SHA512
+    UNREGISTER_ALG(pkcs1_sha512, crypto_unregister_akcipher);
+    #endif /* WOLFSSL_SHA512 */
+#endif /* LINUXKM_LKCAPI_REGISTER_RSA */
+
 #undef UNREGISTER_ALG
 }