diff options
author | Andrey Pronin <apronin@chromium.org> | 2016-12-15 14:26:34 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-12-22 18:27:49 -0800 |
commit | b45867806a2088f9f20966e14a2419d4fb27c1a4 (patch) | |
tree | 66a9b5adff2d85d1736f4fc6009148fa4a5e5150 /chip | |
parent | 88ab0a835363fecf103496c6481455e37d4f7ff2 (diff) | |
download | chrome-ec-b45867806a2088f9f20966e14a2419d4fb27c1a4.tar.gz |
cr50: add support for padding-only RSASSA
Perform PKCS1-padding-only signing for RSASSA if hashing algorithm is
TPM_ALG_NULL.
This feature is guarded by SUPPORT_PADDING_ONLY_RSASSA macro in
tpm2/Implementation.h.
BUG=chrome-os-partner:60967
BRANCH=none
TEST=On a unowned machine with TPM2: corp enroll, login, install
a network certificate (gECC or GMC), then:
a) retrieve the public key from the installed certificate
LIBCHAPS=`ls /usr/lib**/libchaps.so`
CERTID=`pkcs11-tool --module=$LIBCHAPS --slot=1 --type=cert \
-O | grep "ID:" | awk '{print $2}'`
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID \
--type=cert -r > /tmp/cert
openssl x509 -inform der -pubkey -noout -in /tmp/cert > /tmp/pub.key
b) sign a sample text using the private key for the certificate and
MD5-RSA-PKCS mechanism, not supported by TPM2_Sign command:
echo "ABCDEF" > /tmp/1.txt
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID --sign \
-i /tmp/1.txt -o /tmp/1.sig -m MD5-RSA-PKCS
c) verify signature:
openssl dgst -md5 -verify /tmp/pub.key \
-signature /tmp/1.sig /tmp/1.txt
Step (b) should succeed and step (c) should return "Verified OK".
Change-Id: I0d7a11c48cdb04e37748f7255b98e9e023481a96
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/420854
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
Diffstat (limited to 'chip')
-rw-r--r-- | chip/g/dcrypto/dcrypto.h | 3 | ||||
-rw-r--r-- | chip/g/dcrypto/rsa.c | 7 |
2 files changed, 8 insertions, 2 deletions
diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h index dfe04b2111..fbc4beb583 100644 --- a/chip/g/dcrypto/dcrypto.h +++ b/chip/g/dcrypto/dcrypto.h @@ -35,7 +35,8 @@ enum hashing_mode { HASH_SHA1 = 0, HASH_SHA256 = 1, HASH_SHA384 = 2, /* Only supported for PKCS#1 signing */ - HASH_SHA512 = 3 /* Only supported for PKCS#1 signing */ + HASH_SHA512 = 3, /* Only supported for PKCS#1 signing */ + HASH_NULL = 4 /* Only supported for PKCS#1 signing */ }; /* diff --git a/chip/g/dcrypto/rsa.c b/chip/g/dcrypto/rsa.c index 66cee22763..eb567582e4 100644 --- a/chip/g/dcrypto/rsa.c +++ b/chip/g/dcrypto/rsa.c @@ -273,6 +273,11 @@ static int pkcs1_get_der(enum hashing_mode hashing, const uint8_t **der, *der_size = sizeof(SHA512_DER); *hash_size = SHA512_DIGEST_SIZE; break; + case HASH_NULL: + *der = NULL; + *der_size = 0; + *hash_size = 0; /* any size allowed */ + break; default: return 0; } @@ -294,7 +299,7 @@ static int pkcs1_type1_pad(uint8_t *padded, uint32_t padded_len, return 0; if (padded_len < RSA_PKCS1_PADDING_SIZE + der_size) return 0; - if (in_len != hash_size) + if (!in_len || (hash_size && in_len != hash_size)) return 0; if (in_len > padded_len - RSA_PKCS1_PADDING_SIZE - der_size) return 0; |