rpms/tpm2-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity
1ecbece6d0
tpm2-tools/SOURCES/0017-openssl-Reimplement-RSA-OAEP-encryption-using-EVP-fu.patch
CentOS Sources 1ecbece6d0 import tpm2-tools-5.0-10.el9
2021-12-09 15:37:11 +00:00

241 lines
7.6 KiB
Diff
Raw Blame History

From 317c1ea1d9893d6f4f837196648c53b7f7dd762f Mon Sep 17 00:00:00 2001
From: Petr Gotthard <petr.gotthard@centrum.cz>
Date: Sun, 15 Aug 2021 17:22:44 +0200
Subject: [PATCH 16/17] openssl: Reimplement RSA OAEP encryption using EVP
functions
The RSA_padding_add_PKCS1_OAEP_mgf1 is deprecated and the entire
semi-custom implementation of OAEP is unnecessary.
The Part 1, B.10.3 talks about a standard OAEP with a given label,
which can be easily implemented using the standard EVP functions.
Also, the public key retrieval can be replaced by invocation of
convert_pubkey_RSA from lib/tpm2_convert.c
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
---
lib/tpm2_identity_util.c | 162 +++++++++++----------------------------
1 file changed, 43 insertions(+), 119 deletions(-)
diff --git a/lib/tpm2_identity_util.c b/lib/tpm2_identity_util.c
index ba0c0e1c..b04a56d6 100644
--- a/lib/tpm2_identity_util.c
+++ b/lib/tpm2_identity_util.c
@@ -10,6 +10,7 @@
#include "log.h"
#include "tpm2_alg_util.h"
+#include "tpm2_convert.h"
#include "tpm2_identity_util.h"
#include "tpm2_kdfa.h"
#include "tpm2_kdfe.h"
@@ -17,73 +18,6 @@
// Identity-related functionality that the TPM normally does, but using OpenSSL
-#if defined(LIBRESSL_VERSION_NUMBER)
-static int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
- const unsigned char *from, int flen, const unsigned char *param, int plen,
- const EVP_MD *md, const EVP_MD *mgf1md) {
-
- int ret = 0;
- int i, emlen = tlen - 1;
- unsigned char *db, *seed;
- unsigned char *dbmask, seedmask[EVP_MAX_MD_SIZE];
- int mdlen;
-
- if (md == NULL)
- md = EVP_sha1();
- if (mgf1md == NULL)
- mgf1md = md;
-
- mdlen = EVP_MD_size(md);
-
- if (flen > emlen - 2 * mdlen - 1) {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
- return 0;
- }
-
- if (emlen < 2 * mdlen + 1) {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
- RSA_R_KEY_SIZE_TOO_SMALL);
- return 0;
- }
-
- to[0] = 0;
- seed = to + 1;
- db = to + mdlen + 1;
-
- if (!EVP_Digest((void *)param, plen, db, NULL, md, NULL))
- return 0;
- memset(db + mdlen, 0, emlen - flen - 2 * mdlen - 1);
- db[emlen - flen - mdlen - 1] = 0x01;
- memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
- if (RAND_bytes(seed, mdlen) <= 0)
- return 0;
-
- dbmask = OPENSSL_malloc(emlen - mdlen);
- if (dbmask == NULL) {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- if (PKCS1_MGF1(dbmask, emlen - mdlen, seed, mdlen, mgf1md) < 0)
- goto err;
- for (i = 0; i < emlen - mdlen; i++)
- db[i] ^= dbmask[i];
-
- if (PKCS1_MGF1(seedmask, mdlen, db, emlen - mdlen, mgf1md) < 0)
- goto err;
- for (i = 0; i < mdlen; i++)
- seed[i] ^= seedmask[i];
-
- ret = 1;
-
-err:
- OPENSSL_free(dbmask);
-
- return ret;
-}
-#endif
-
static TPM2_KEY_BITS get_pub_asym_key_bits(TPM2B_PUBLIC *public) {
TPMU_PUBLIC_PARMS *p = &public->publicArea.parameters;
@@ -102,19 +36,13 @@ static bool share_secret_with_tpm2_rsa_public_key(TPM2B_DIGEST *protection_seed,
TPM2B_PUBLIC *parent_pub, unsigned char *label, int label_len,
TPM2B_ENCRYPTED_SECRET *encrypted_protection_seed) {
bool rval = false;
- RSA *rsa = NULL;
-
- // Public modulus (RSA-only!)
- TPMI_RSA_KEY_BITS mod_size_bits =
- parent_pub->publicArea.parameters.rsaDetail.keyBits;
- UINT16 mod_size = mod_size_bits / 8;
- TPM2B *pub_key_val = (TPM2B *) &parent_pub->publicArea.unique.rsa;
- unsigned char *pub_modulus = malloc(mod_size);
- if (pub_modulus == NULL) {
- LOG_ERR("Failed to allocate memory to store public key's modulus.");
+ EVP_PKEY_CTX *ctx = NULL;
+
+ EVP_PKEY *pkey = convert_pubkey_RSA(&parent_pub->publicArea);
+ if (pkey == NULL) {
+ LOG_ERR("Failed to retrieve public key");
return false;
}
- memcpy(pub_modulus, pub_key_val->buffer, mod_size);
TPMI_ALG_HASH parent_name_alg = parent_pub->publicArea.nameAlg;
@@ -122,70 +50,66 @@ static bool share_secret_with_tpm2_rsa_public_key(TPM2B_DIGEST *protection_seed,
* RSA Secret Sharing uses a randomly generated seed (Part 1, B.10.3).
*/
protection_seed->size = tpm2_alg_util_get_hash_size(parent_name_alg);
- int return_code = RAND_bytes(protection_seed->buffer, protection_seed->size);
- if (return_code != 1) {
+ int rc = RAND_bytes(protection_seed->buffer, protection_seed->size);
+ if (rc != 1) {
LOG_ERR("Failed to get random bytes");
goto error;
}
/*
- * This is the biggest buffer value, so it should always be sufficient.
+ * The seed value will be OAEP encrypted with a given L parameter.
*/
- unsigned char encoded[TPM2_MAX_DIGEST_BUFFER];
- return_code = RSA_padding_add_PKCS1_OAEP_mgf1(encoded, mod_size,
- protection_seed->buffer, protection_seed->size, label, label_len,
- tpm2_openssl_md_from_tpmhalg(parent_name_alg), NULL);
- if (return_code != 1) {
- LOG_ERR("Failed RSA_padding_add_PKCS1_OAEP_mgf1\n");
- goto error;
- }
- BIGNUM* bne = BN_new();
- if (!bne) {
- LOG_ERR("BN_new for bne failed\n");
+ ctx = EVP_PKEY_CTX_new(pkey, NULL);
+ if (!ctx) {
+ LOG_ERR("Failed EVP_PKEY_CTX_new");
goto error;
}
- return_code = BN_set_word(bne, RSA_F4);
- if (return_code != 1) {
- LOG_ERR("BN_set_word failed\n");
- BN_free(bne);
+
+ rc = EVP_PKEY_encrypt_init(ctx);
+ if (rc <= 0) {
+ LOG_ERR("Failed EVP_PKEY_encrypt_init");
goto error;
}
- rsa = RSA_new();
- if (!rsa) {
- LOG_ERR("RSA_new failed\n");
- BN_free(bne);
+
+ rc = EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING);
+ if (rc <= 0) {
+ LOG_ERR("Failed EVP_PKEY_CTX_set_rsa_padding");
goto error;
}
- return_code = RSA_generate_key_ex(rsa, mod_size_bits, bne, NULL);
- BN_free(bne);
- if (return_code != 1) {
- LOG_ERR("RSA_generate_key_ex failed\n");
+
+ rc = EVP_PKEY_CTX_set_rsa_oaep_md(ctx,
+ tpm2_openssl_md_from_tpmhalg(parent_name_alg));
+ if (rc <= 0) {
+ LOG_ERR("Failed EVP_PKEY_CTX_set_rsa_oaep_md");
goto error;
}
- BIGNUM *n = BN_bin2bn(pub_modulus, mod_size, NULL);
- if (n == NULL) {
- LOG_ERR("BN_bin2bn failed\n");
+
+ // the library will take ownership of the label
+ char *newlabel = strdup((const char *)label);
+ if (newlabel == NULL) {
+ LOG_ERR("Failed to allocate label");
goto error;
}
- if (!RSA_set0_key(rsa, n, NULL, NULL)) {
- LOG_ERR("RSA_set0_key failed\n");
- BN_free(n);
+
+ rc = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, newlabel, label_len);
+ if (rc <= 0) {
+ LOG_ERR("Failed EVP_PKEY_CTX_set0_rsa_oaep_label");
+ free(newlabel);
goto error;
}
- // Encrypting
- encrypted_protection_seed->size = mod_size;
- return_code = RSA_public_encrypt(mod_size, encoded,
- encrypted_protection_seed->secret, rsa, RSA_NO_PADDING);
- if (return_code < 0) {
- LOG_ERR("Failed RSA_public_encrypt\n");
+
+ size_t outlen = sizeof(TPMU_ENCRYPTED_SECRET);
+ if (EVP_PKEY_encrypt(ctx, encrypted_protection_seed->secret, &outlen,
+ protection_seed->buffer, protection_seed->size) <= 0) {
+ LOG_ERR("Failed EVP_PKEY_encrypt\n");
goto error;
}
-
+ encrypted_protection_seed->size = outlen;
rval = true;
error:
- free(pub_modulus);
- RSA_free(rsa);
+ EVP_PKEY_CTX_free(ctx);
+ EVP_PKEY_free(pkey);
return rval;
}
--
2.31.1
Reference in New Issue View Git Blame Copy Permalink