diff options
author | Andrey Pronin <apronin@chromium.org> | 2016-12-15 14:19:49 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-12-21 10:09:52 -0800 |
commit | 569c3c58dc69d5c8628f3c329937c136be38df3f (patch) | |
tree | 93226a82bcfe5b7049d981c0546add74e51de5b3 /Sign.c | |
parent | 1d3ac310707d4c587b275b2683c26eb5cde32123 (diff) | |
download | tpm2-569c3c58dc69d5c8628f3c329937c136be38df3f.tar.gz |
tpm2: add support for padding-only RSASSA
Perform PKCS1-padding-only signing for RSASSA if hashing algorithm is
TPM_ALG_NULL in TPM2_Sign parameters and in the key public area.
This feature is guarded by SUPPORT_PADDING_ONLY_RSASSA macro.
BUG=chrome-os-partner:60967
BRANCH=none
TEST=On a unowned machine with TPM2: corp enroll, login, install
a network certificate (gECC or GMC), then:
a) retrieve the public key from the installed certificate
LIBCHAPS=`ls /usr/lib**/libchaps.so`
CERTID=`pkcs11-tool --module=$LIBCHAPS --slot=1 --type=cert \
-O | grep "ID:" | awk '{print $2}'`
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID \
--type=cert -r > /tmp/cert
openssl x509 -inform der -pubkey -noout -in /tmp/cert > /tmp/pub.key
b) sign a sample text using the private key for the certificate and
MD5-RSA-PKCS mechanism, not supported by TPM2_Sign command:
echo "ABCDEF" > /tmp/1.txt
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID --sign \
-i /tmp/1.txt -o /tmp/1.sig -m MD5-RSA-PKCS
c) verify signature:
openssl dgst -md5 -verify /tmp/pub.key -signature /tmp/1.sig /tmp/1.txt
Step (b) should succeed and step (c) should return "Verified OK".
Change-Id: Iefc85d163089d6f7e09b3e7a41e1df33ba88fa3b
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/420811
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Diffstat (limited to 'Sign.c')
-rw-r--r-- | Sign.c | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -63,7 +63,11 @@ TPM2_Sign( // NOTE: this does not guarantee that the 'digest' is actually produced using // the indicated hash algorithm, but at least it might be. { - if( in->digest.t.size + if( +#if defined(SUPPORT_PADDING_ONLY_RSASSA) && SUPPORT_PADDING_ONLY_RSASSA == YES + in->inScheme.details.any.hashAlg != TPM_ALG_NULL && +#endif + in->digest.t.size != CryptGetHashDigestSize(in->inScheme.details.any.hashAlg)) return TPM_RC_SIZE + RC_Sign_digest; } |