tpm2: add support for padding-only RSASSA

Perform PKCS1-padding-only signing for RSASSA if hashing algorithm is TPM_ALG_NULL in TPM2_Sign parameters and in the key public area. This feature is guarded by SUPPORT_PADDING_ONLY_RSASSA macro. BUG=chrome-os-partner:60967 BRANCH=none TEST=On a unowned machine with TPM2: corp enroll, login, install a network certificate (gECC or GMC), then: a) retrieve the public key from the installed certificate LIBCHAPS=`ls /usr/lib**/libchaps.so` CERTID=`pkcs11-tool --module=$LIBCHAPS --slot=1 --type=cert \ -O | grep "ID:" | awk '{print $2}'` pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID \ --type=cert -r > /tmp/cert openssl x509 -inform der -pubkey -noout -in /tmp/cert > /tmp/pub.key b) sign a sample text using the private key for the certificate and MD5-RSA-PKCS mechanism, not supported by TPM2_Sign command: echo "ABCDEF" > /tmp/1.txt pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID --sign \ -i /tmp/1.txt -o /tmp/1.sig -m MD5-RSA-PKCS c) verify signature: openssl dgst -md5 -verify /tmp/pub.key -signature /tmp/1.sig /tmp/1.txt Step (b) should succeed and step (c) should return "Verified OK". Change-Id: Iefc85d163089d6f7e09b3e7a41e1df33ba88fa3b Signed-off-by: Andrey Pronin <apronin@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/420811 Reviewed-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org>
author: Andrey Pronin <apronin@chromium.org> 2016-12-15 14:19:49 -0800
committer: chrome-bot <chrome-bot@chromium.org> 2016-12-21 10:09:52 -0800
commit: 569c3c58dc69d5c8628f3c329937c136be38df3f (patch)
tree: 93226a82bcfe5b7049d981c0546add74e51de5b3
parent: 1d3ac310707d4c587b275b2683c26eb5cde32123 (diff)
download: tpm2-569c3c58dc69d5c8628f3c329937c136be38df3f.tar.gz
4 files changed, 20 insertions, 3 deletions
diff --git a/CpriRSA.c b/CpriRSA.c
index a436716..c3f5d62 100644
--- a/CpriRSA.c
+++ b/CpriRSA.c
@@ -805,11 +805,19 @@ RSASSA_Encode(
    INT32               fillSize;
    pAssert(eOut != NULL && hIn != NULL);
    // Can't use this scheme if the algorithm doesn't have a DER string defined.
-   if(derSize == 0 )
+   if(
+#if defined(SUPPORT_PADDING_ONLY_RSASSA) && SUPPORT_PADDING_ONLY_RSASSA == YES
+       hashAlg != TPM_ALG_NULL &&
+#endif
+       derSize == 0)
        return CRYPT_SCHEME;
    // If the digest size of 'hashAl' doesn't match the input digest size, then
    // the DER will misidentify the digest so return an error
-   if((unsigned)_cpri__GetDigestSize(hashAlg) != hInSize)
+   if(
+#if defined(SUPPORT_PADDING_ONLY_RSASSA) && SUPPORT_PADDING_ONLY_RSASSA == YES
+       hashAlg != TPM_ALG_NULL &&
+#endif
+       (unsigned)_cpri__GetDigestSize(hashAlg) != hInSize)
        return CRYPT_PARAMETER;
    fillSize = eOutSize - derSize - hInSize - 3;
    // Make sure that this combination will fit in the provided space
diff --git a/Implementation.h b/Implementation.h
index f67d513..a503d2a 100644
--- a/Implementation.h
+++ b/Implementation.h
@@ -357,6 +357,7 @@ typedef UINT16              TPM_ALG_ID;
 #define ALG_SM4_VALUE                0x0013
 #if defined ALG_RSASSA && ALG_RSASSA == YES
 #define TPM_ALG_RSASSA               (TPM_ALG_ID)(0x0014)
+#define SUPPORT_PADDING_ONLY_RSASSA  YES
 #endif
 #define ALG_RSASSA_VALUE             0x0014
 #if defined ALG_RSAES && ALG_RSAES == YES
diff --git a/Sign.c b/Sign.c
index f0e29f9..10b673b 100644
--- a/Sign.c
+++ b/Sign.c
@@ -63,7 +63,11 @@ TPM2_Sign(
    // NOTE: this does not guarantee that the 'digest' is actually produced using
    // the indicated hash algorithm, but at least it might be.
    {
-       if(       in->digest.t.size
+       if(
+#if defined(SUPPORT_PADDING_ONLY_RSASSA) && SUPPORT_PADDING_ONLY_RSASSA == YES
+           in->inScheme.details.any.hashAlg != TPM_ALG_NULL &&
+#endif
+           in->digest.t.size
              != CryptGetHashDigestSize(in->inScheme.details.any.hashAlg))
              return TPM_RC_SIZE + RC_Sign_digest;
    }
diff --git a/tpm_generated.c b/tpm_generated.c
index b471be1..e3c72ab 100644
--- a/tpm_generated.c
+++ b/tpm_generated.c
@@ -2349,7 +2349,11 @@ UINT16 TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA* source,
 TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA* target,
                                         BYTE** buffer,
                                         INT32* size) {
+#if defined(SUPPORT_PADDING_ONLY_RSASSA) && SUPPORT_PADDING_ONLY_RSASSA == YES
+  return TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, TRUE);
+#else
   return TPMS_SCHEME_HASH_Unmarshal(target, buffer, size);
+#endif
 }
 
 UINT16 TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP* source,
author	Andrey Pronin <apronin@chromium.org>	2016-12-15 14:19:49 -0800
committer	chrome-bot <chrome-bot@chromium.org>	2016-12-21 10:09:52 -0800
commit	569c3c58dc69d5c8628f3c329937c136be38df3f (patch)
tree	93226a82bcfe5b7049d981c0546add74e51de5b3
parent	1d3ac310707d4c587b275b2683c26eb5cde32123 (diff)
download	tpm2-569c3c58dc69d5c8628f3c329937c136be38df3f.tar.gz