diff options
author | Andrey Pronin <apronin@chromium.org> | 2016-12-15 14:19:49 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-12-21 10:09:52 -0800 |
commit | 569c3c58dc69d5c8628f3c329937c136be38df3f (patch) | |
tree | 93226a82bcfe5b7049d981c0546add74e51de5b3 | |
parent | 1d3ac310707d4c587b275b2683c26eb5cde32123 (diff) | |
download | tpm2-569c3c58dc69d5c8628f3c329937c136be38df3f.tar.gz |
tpm2: add support for padding-only RSASSA
Perform PKCS1-padding-only signing for RSASSA if hashing algorithm is
TPM_ALG_NULL in TPM2_Sign parameters and in the key public area.
This feature is guarded by SUPPORT_PADDING_ONLY_RSASSA macro.
BUG=chrome-os-partner:60967
BRANCH=none
TEST=On a unowned machine with TPM2: corp enroll, login, install
a network certificate (gECC or GMC), then:
a) retrieve the public key from the installed certificate
LIBCHAPS=`ls /usr/lib**/libchaps.so`
CERTID=`pkcs11-tool --module=$LIBCHAPS --slot=1 --type=cert \
-O | grep "ID:" | awk '{print $2}'`
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID \
--type=cert -r > /tmp/cert
openssl x509 -inform der -pubkey -noout -in /tmp/cert > /tmp/pub.key
b) sign a sample text using the private key for the certificate and
MD5-RSA-PKCS mechanism, not supported by TPM2_Sign command:
echo "ABCDEF" > /tmp/1.txt
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID --sign \
-i /tmp/1.txt -o /tmp/1.sig -m MD5-RSA-PKCS
c) verify signature:
openssl dgst -md5 -verify /tmp/pub.key -signature /tmp/1.sig /tmp/1.txt
Step (b) should succeed and step (c) should return "Verified OK".
Change-Id: Iefc85d163089d6f7e09b3e7a41e1df33ba88fa3b
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/420811
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
-rw-r--r-- | CpriRSA.c | 12 | ||||
-rw-r--r-- | Implementation.h | 1 | ||||
-rw-r--r-- | Sign.c | 6 | ||||
-rw-r--r-- | tpm_generated.c | 4 |
4 files changed, 20 insertions, 3 deletions
@@ -805,11 +805,19 @@ RSASSA_Encode( INT32 fillSize; pAssert(eOut != NULL && hIn != NULL); // Can't use this scheme if the algorithm doesn't have a DER string defined. - if(derSize == 0 ) + if( +#if defined(SUPPORT_PADDING_ONLY_RSASSA) && SUPPORT_PADDING_ONLY_RSASSA == YES + hashAlg != TPM_ALG_NULL && +#endif + derSize == 0) return CRYPT_SCHEME; // If the digest size of 'hashAl' doesn't match the input digest size, then // the DER will misidentify the digest so return an error - if((unsigned)_cpri__GetDigestSize(hashAlg) != hInSize) + if( +#if defined(SUPPORT_PADDING_ONLY_RSASSA) && SUPPORT_PADDING_ONLY_RSASSA == YES + hashAlg != TPM_ALG_NULL && +#endif + (unsigned)_cpri__GetDigestSize(hashAlg) != hInSize) return CRYPT_PARAMETER; fillSize = eOutSize - derSize - hInSize - 3; // Make sure that this combination will fit in the provided space diff --git a/Implementation.h b/Implementation.h index f67d513..a503d2a 100644 --- a/Implementation.h +++ b/Implementation.h @@ -357,6 +357,7 @@ typedef UINT16 TPM_ALG_ID; #define ALG_SM4_VALUE 0x0013 #if defined ALG_RSASSA && ALG_RSASSA == YES #define TPM_ALG_RSASSA (TPM_ALG_ID)(0x0014) +#define SUPPORT_PADDING_ONLY_RSASSA YES #endif #define ALG_RSASSA_VALUE 0x0014 #if defined ALG_RSAES && ALG_RSAES == YES @@ -63,7 +63,11 @@ TPM2_Sign( // NOTE: this does not guarantee that the 'digest' is actually produced using // the indicated hash algorithm, but at least it might be. { - if( in->digest.t.size + if( +#if defined(SUPPORT_PADDING_ONLY_RSASSA) && SUPPORT_PADDING_ONLY_RSASSA == YES + in->inScheme.details.any.hashAlg != TPM_ALG_NULL && +#endif + in->digest.t.size != CryptGetHashDigestSize(in->inScheme.details.any.hashAlg)) return TPM_RC_SIZE + RC_Sign_digest; } diff --git a/tpm_generated.c b/tpm_generated.c index b471be1..e3c72ab 100644 --- a/tpm_generated.c +++ b/tpm_generated.c @@ -2349,7 +2349,11 @@ UINT16 TPMS_SIG_SCHEME_RSASSA_Marshal(TPMS_SIG_SCHEME_RSASSA* source, TPM_RC TPMS_SIG_SCHEME_RSASSA_Unmarshal(TPMS_SIG_SCHEME_RSASSA* target, BYTE** buffer, INT32* size) { +#if defined(SUPPORT_PADDING_ONLY_RSASSA) && SUPPORT_PADDING_ONLY_RSASSA == YES + return TPMI_ALG_HASH_Unmarshal(&target->hashAlg, buffer, size, TRUE); +#else return TPMS_SCHEME_HASH_Unmarshal(target, buffer, size); +#endif } UINT16 TPMS_ENC_SCHEME_OAEP_Marshal(TPMS_ENC_SCHEME_OAEP* source, |