scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-12-29 18:11:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

CR50: add support for 4k RSA verify

Browse Source 
Add support for verifying messages signed
with 4096-bit RSA keys.  Such messages may
be generated by host side applications.

Also update tpmtest.py to test 4k verification.

BRANCH=none
BUG=none
TEST=added new tests to tpmtest.py; TCG tests pass

Change-Id: I7450bd710c154c68c030ce176bfe7becbfbcb729
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/428220
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
This commit is contained in:
nagendra modadugu
2017-01-13 12:36:27 -08:00
committed by chrome-bot
parent 39a41bd665
commit 25d3f259db
9 changed files with 309 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
board/cr50/tpm2/rsa.c
View File

@@ -472,7 +472,14 @@ enum {
TEST_X509_VERIFY = 7,
};
static const TPM2B_PUBLIC_KEY_RSA RSA_768_N = {
/* Test support for RSA 2k (signing / encryption) and RSA 4k
* (verification) without changing the default value for
* MAX_RSA_KEY_BYTES (which corresponds to RSA 2k) in
* tpm2/tpm_types.h.
*/
TPM2B_BYTE_VALUE(512);
static const TPM2B_512_BYTE_VALUE RSA_768_N = {
.t = {96, {
0xb0, 0xdb, 0xed, 0x46, 0xd9, 0x32, 0xf0, 0x7c,
0xd4, 0x20, 0x23, 0xd2, 0x35, 0x5a, 0x86, 0x17,
@@ -490,7 +497,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_768_N = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_768_D = {
static const TPM2B_512_BYTE_VALUE RSA_768_D = {
.t = {96, {
0xae, 0xad, 0xb9, 0x50, 0x25, 0x8c, 0x1b, 0x5c,
0x9f, 0x42, 0xd3, 0x3e, 0x76, 0x75, 0xdf, 0x45,
@@ -508,7 +515,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_768_D = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_768_P = {
static const TPM2B_512_BYTE_VALUE RSA_768_P = {
.t = {48, {
0xd6, 0x09, 0x64, 0xc8, 0xf3, 0x5c, 0x02, 0xc7,
0xc6, 0x47, 0x4e, 0x7f, 0x43, 0x9d, 0x31, 0x46,
@@ -520,7 +527,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_768_P = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_768_Q = {
static const TPM2B_512_BYTE_VALUE RSA_768_Q = {
.t = {48, {
0xd3, 0x88, 0x92, 0x2d, 0xd5, 0xc6, 0x29, 0xf4,
0xf0, 0x2e, 0x61, 0xf0, 0x60, 0xad, 0xa9, 0x46,
@@ -532,7 +539,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_768_Q = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_1024_N = {
static const TPM2B_512_BYTE_VALUE RSA_1024_N = {
.t = {128, {
0xdf, 0x4e, 0xaf, 0x73, 0x45, 0x94, 0x98, 0x34,
0x30, 0x7e, 0x26, 0xad, 0x40, 0x83, 0xf9, 0x17,
@@ -554,7 +561,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_1024_N = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_1024_D = {
static const TPM2B_512_BYTE_VALUE RSA_1024_D = {
.t = {128, {
0x9a, 0x6d, 0x85, 0xf4, 0x07, 0xa8, 0x6d, 0x61,
0x9a, 0x2f, 0x83, 0x7b, 0xc8, 0xe3, 0xfb, 0x7c,
@@ -576,7 +583,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_1024_D = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_1024_P = {
static const TPM2B_512_BYTE_VALUE RSA_1024_P = {
.t = {64, {
0xf9, 0x5e, 0x79, 0x65, 0x43, 0x70, 0x40, 0x83,
0x50, 0x0a, 0xbb, 0x61, 0xb3, 0x87, 0x7b, 0x24,
@@ -590,7 +597,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_1024_P = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_1024_Q = {
static const TPM2B_512_BYTE_VALUE RSA_1024_Q = {
.t = {64, {
0xe5, 0x3e, 0xcd, 0x4b, 0x97, 0xc5, 0x96, 0x39,
0x70, 0x97, 0x3a, 0x10, 0xa9, 0xc3, 0x35, 0x0a,
@@ -604,7 +611,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_1024_Q = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_2048_N = {
static const TPM2B_512_BYTE_VALUE RSA_2048_N = {
.t = {256, {
0x9c, 0xd7, 0x61, 0x2e, 0x43, 0x8e, 0x15, 0xbe,
0xcd, 0x73, 0x9f, 0xb7, 0xf5, 0x86, 0x4b, 0xe3,
@@ -754,7 +761,7 @@ static const uint8_t RSA_2048_CERT[] = {
0x57
};
static const TPM2B_PUBLIC_KEY_RSA RSA_2048_D = {
static const TPM2B_512_BYTE_VALUE RSA_2048_D = {
.t = {256, {
0x4e, 0x9d, 0x02, 0x1f, 0xdf, 0x4a, 0x8b, 0x89,
0xbc, 0x8f, 0x14, 0xe2, 0x6f, 0x15, 0x66, 0x5a,
@@ -792,7 +799,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_2048_D = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_2048_P = {
static const TPM2B_512_BYTE_VALUE RSA_2048_P = {
.t = {128, {
0xc8, 0x80, 0x6f, 0xf6, 0x2f, 0xfb, 0x49, 0x8b,
0x77, 0x39, 0xe2, 0x3d, 0x3d, 0x1f, 0x4d, 0xf9,
@@ -814,7 +821,7 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_2048_P = {
}
};
static const TPM2B_PUBLIC_KEY_RSA RSA_2048_Q = {
static const TPM2B_512_BYTE_VALUE RSA_2048_Q = {
.t = {128, {
0xc8, 0x41, 0x2a, 0x42, 0xf1, 0x6a, 0x81, 0xac,
0x06, 0xab, 0xd0, 0xb7, 0xc0, 0xbb, 0xc6, 0x13,
@@ -836,7 +843,77 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_2048_Q = {
}
};
#define MAX_MSG_BYTES RSA_MAX_BYTES
static const TPM2B_512_BYTE_VALUE RSA_4096_N = {
.t = {512, {
0xB4, 0xD2, 0xAB, 0x9C, 0xFA, 0x42, 0x9A, 0x37,
0x70, 0x2A, 0xE4, 0x2D, 0x87, 0x67, 0x7F, 0x15,
0xB6, 0x31, 0x06, 0x06, 0xD5, 0x5A, 0xE9, 0x8E,
0xA9, 0xD4, 0x6D, 0x6B, 0x92, 0xB9, 0x63, 0x37,
0x7D, 0x9C, 0xF0, 0xCA, 0x0A, 0x44, 0x19, 0xF0,
0x71, 0xA7, 0x4C, 0xE0, 0x90, 0x9C, 0xBE, 0x69,
0x4A, 0x9C, 0x55, 0x18, 0xB3, 0x42, 0x43, 0xD9,
0x6C, 0x65, 0xFD, 0xD1, 0xCF, 0x20, 0x0C, 0x92,
0x34, 0x27, 0x46, 0x48, 0x58, 0x0B, 0x13, 0xCD,
0xF1, 0x67, 0x70, 0x02, 0x7E, 0xE7, 0x4C, 0xA9,
0xD8, 0xFD, 0x48, 0x17, 0x80, 0xF6, 0x01, 0x0E,
0x61, 0xB0, 0xBE, 0xEF, 0x87, 0x2B, 0x71, 0x0E,
0x65, 0x81, 0xC1, 0x50, 0xCE, 0xB8, 0x65, 0xD2,
0xD7, 0xFA, 0x76, 0xC4, 0xB7, 0x13, 0xD9, 0xED,
0xDA, 0xD6, 0x9F, 0x9E, 0x10, 0xB2, 0x50, 0xF4,
0xFD, 0xF4, 0xF9, 0xEC, 0xD8, 0x33, 0x56, 0xEF,
0xF4, 0x22, 0xD3, 0xC2, 0xBA, 0x49, 0xD5, 0xA9,
0x0B, 0xB0, 0x18, 0xA3, 0xD9, 0x26, 0xCD, 0x27,
0x76, 0x6A, 0x72, 0x1B, 0x31, 0xAC, 0x3D, 0x42,
0xE8, 0xD9, 0x26, 0xD3, 0x90, 0xBB, 0x39, 0x64,
0xBB, 0xEA, 0x89, 0x0B, 0x7A, 0xB4, 0x88, 0x39,
0xEA, 0xE9, 0xCA, 0x19, 0x8C, 0x42, 0xFB, 0x69,
0x22, 0xCA, 0x8E, 0xBD, 0x6C, 0x73, 0xB7, 0x88,
0xA0, 0xA1, 0x19, 0xA8, 0xFA, 0x94, 0x55, 0x20,
0x6F, 0x80, 0xBA, 0xD7, 0x69, 0x12, 0x1F, 0x74,
0x82, 0xEC, 0xAF, 0xEE, 0x28, 0xAF, 0xCD, 0xDA,
0xAD, 0x1B, 0x5B, 0x54, 0xE4, 0x2B, 0xEF, 0x0C,
0x4D, 0xD1, 0xAB, 0xD7, 0x03, 0xC4, 0xA4, 0x99,
0xA0, 0xBC, 0x7E, 0x9D, 0x3C, 0x2F, 0x34, 0x3B,
0xD5, 0xDD, 0x6A, 0xED, 0xA6, 0x19, 0x93, 0x83,
0xBE, 0xE2, 0xD4, 0x6F, 0x92, 0xFF, 0x55, 0xA7,
0xF7, 0x67, 0xEB, 0xE3, 0x46, 0xD3, 0xE7, 0x6D,
0xC0, 0x29, 0x95, 0x2B, 0xBF, 0xDD, 0xB4, 0x93,
0xBB, 0x45, 0x01, 0xFC, 0x53, 0x21, 0xCE, 0x9F,
0x8B, 0x90, 0x80, 0x09, 0xBA, 0x1A, 0x6E, 0x08,
0x87, 0x15, 0xB4, 0x74, 0xA3, 0xDC, 0xBB, 0xDB,
0x45, 0xF2, 0x38, 0x20, 0x85, 0xC3, 0x9E, 0x4A,
0x45, 0x1E, 0x75, 0x18, 0x05, 0x42, 0x86, 0xAD,
0x47, 0xE6, 0xAA, 0xED, 0x88, 0x9A, 0x9F, 0x37,
0xA3, 0xB8, 0xC7, 0x99, 0x35, 0xE2, 0xA8, 0x8E,
0x9D, 0x2E, 0xBC, 0xF2, 0x64, 0x48, 0xC3, 0x63,
0x4F, 0x1C, 0xD0, 0x45, 0xC3, 0x41, 0xA1, 0xBE,
0xE5, 0xC2, 0xA4, 0x5D, 0x45, 0xF0, 0x03, 0x83,
0xC9, 0x80, 0x4C, 0x68, 0xF0, 0xD1, 0xDA, 0xF1,
0x51, 0x81, 0xD5, 0xFE, 0xC4, 0xE8, 0x8A, 0xD6,
0x32, 0x95, 0x38, 0xD8, 0x3B, 0xDA, 0xF7, 0x8C,
0x5C, 0x6B, 0x01, 0xF4, 0x6E, 0x12, 0xB5, 0xB6,
0x36, 0xE3, 0xD1, 0xAA, 0x49, 0x44, 0x6A, 0xF3,
0xE6, 0x7B, 0x19, 0x7D, 0xF8, 0x35, 0xCB, 0x2D,
0xB8, 0x62, 0x54, 0xCF, 0x2D, 0x66, 0xB3, 0x7F,
0xE0, 0x37, 0x65, 0x19, 0x82, 0xD6, 0x88, 0x24,
0xC2, 0x31, 0x7E, 0x1F, 0x6E, 0xDA, 0x4B, 0x28,
0xAF, 0x5E, 0x2B, 0xE8, 0x34, 0xB2, 0xDC, 0xC7,
0xD1, 0x95, 0x0C, 0x94, 0xE7, 0x09, 0xA0, 0xED,
0xAA, 0x91, 0x2F, 0x91, 0x6F, 0xF0, 0x00, 0xDF,
0x0D, 0x46, 0xEF, 0xD2, 0x59, 0x7B, 0x65, 0xCE,
0xA2, 0xED, 0x8A, 0xE2, 0x1E, 0xD0, 0xE1, 0x93,
0x72, 0x7F, 0x18, 0x79, 0x18, 0x35, 0xF3, 0xCA,
0xDB, 0x01, 0x5F, 0x09, 0x48, 0x21, 0x45, 0xFE,
0x89, 0x44, 0xED, 0x07, 0x79, 0x68, 0x32, 0xD8,
0xD6, 0x8B, 0xA0, 0xC6, 0xDC, 0xF9, 0x56, 0x89,
0x5B, 0xCE, 0x35, 0x05, 0xE9, 0xC1, 0x4A, 0x1E,
0x24, 0x0B, 0xC8, 0x73, 0x18, 0x19, 0x6B, 0xED,
0xF9, 0x3E, 0x92, 0x92, 0xF2, 0x0B, 0x75, 0x25,
}
}
};
#define MAX_MSG_BYTES 512
#define MAX_LABEL_LEN 32
/* 128-byte buffer to hold entropy for generating a
@@ -858,10 +935,10 @@ static void rsa_command_handler(void *cmd_body,
uint16_t digest_len;
uint8_t digest[SHA_DIGEST_MAX_BYTES];
uint8_t *out = (uint8_t *) cmd_body;
TPM2B_PUBLIC_KEY_RSA N;
TPM2B_PUBLIC_KEY_RSA d;
TPM2B_PUBLIC_KEY_RSA p;
TPM2B_PUBLIC_KEY_RSA q;
TPM2B_512_BYTE_VALUE N;
TPM2B_512_BYTE_VALUE d;
TPM2B_512_BYTE_VALUE p;
TPM2B_512_BYTE_VALUE q;
RSA_KEY key;
uint32_t *response_size = (uint32_t *) response_size_out;
TPM2B_PUBLIC_KEY_RSA rsa_d;
@@ -942,6 +1019,10 @@ static void rsa_command_handler(void *cmd_body,
rsa_n.b.size = RSA_2048_N.b.size;
rsa_d.b.size = RSA_2048_D.b.size;
break;
case 4096:
N = RSA_4096_N;
rsa_n.b.size = RSA_4096_N.b.size;
break;
default:
*response_size = 0;
return;

11
chip/g/dcrypto/bn_hw.c
View File

@@ -2,6 +2,7 @@
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include "dcrypto.h"
#include "internal.h"
#include "registers.h"
#include "trng.h"
@@ -1017,12 +1018,12 @@ struct DMEM_montmul {
struct DMEM_montmul_ptrs sqr_ptrs;
struct DMEM_montmul_ptrs mul_ptrs;
struct DMEM_montmul_ptrs out_ptrs;
uint32_t mod[64];
uint32_t mod[RSA_WORDS_4K];
uint32_t dInv[8];
uint32_t RR[64];
uint32_t in[64];
uint32_t exp[64];
uint32_t out[64];
uint32_t RR[RSA_WORDS_4K];
uint32_t in[RSA_WORDS_4K];
uint32_t exp[RSA_WORDS_4K];
uint32_t out[RSA_WORDS_4K];
};
#define DMEM_CELL_SIZE 32

13
chip/g/dcrypto/dcrypto.h
View File

@@ -134,8 +134,17 @@ void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len);
* RSA.
*/
/* Largest supported key size, 2048-bits. */
#define RSA_MAX_BYTES 256
/* Largest supported key size for signing / encryption: 2048-bits.
* Verification is a special case and supports 4096-bits (signing /
* decryption could also support 4k-RSA, but is disabled since support
* is not required, and enabling support would result in increased
* stack usage for all key sizes.)
*/
#define RSA_BYTES_2K 256
#define RSA_BYTES_4K 512
#define RSA_WORDS_2K (RSA_BYTES_2K / sizeof(uint32_t))
#define RSA_WORDS_4K (RSA_BYTES_4K / sizeof(uint32_t))
#define RSA_MAX_BYTES RSA_BYTES_2K
#define RSA_MAX_WORDS (RSA_MAX_BYTES / sizeof(uint32_t))
#define RSA_F4 65537

21
chip/g/dcrypto/rsa.c
View File

@@ -452,9 +452,10 @@ static int check_pkcs1_pss_pad(const uint8_t *in, uint32_t in_len,
return !bad;
}
static int check_modulus_params(const struct LITE_BIGNUM *N, uint32_t *out_len)
static int check_modulus_params(
const struct LITE_BIGNUM *N, size_t rsa_max_bytes, uint32_t *out_len)
{
if (bn_size(N) > RSA_MAX_BYTES)
if (bn_size(N) > rsa_max_bytes)
return 0; /* Unsupported key size. */
if (!bn_check_topbit(N)) /* Check that top bit is set. */
return 0;
@@ -476,7 +477,7 @@ int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
struct LITE_BIGNUM e;
struct LITE_BIGNUM encrypted;
if (!check_modulus_params(&rsa->N, out_len))
if (!check_modulus_params(&rsa->N, sizeof(padded_buf), out_len))
return 0;
bn_init(&padded, padded_buf, bn_size(&rsa->N));
@@ -536,7 +537,7 @@ int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
struct LITE_BIGNUM padded;
int ret = 1;
if (!check_modulus_params(&rsa->N, NULL))
if (!check_modulus_params(&rsa->N, sizeof(padded_buf), NULL))
return 0;
if (in_len != bn_size(&rsa->N))
return 0; /* Invalid input length. */
@@ -592,7 +593,7 @@ int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len,
struct LITE_BIGNUM padded;
struct LITE_BIGNUM signature;
if (!check_modulus_params(&rsa->N, out_len))
if (!check_modulus_params(&rsa->N, sizeof(padded_buf), out_len))
return 0;
bn_init(&padded, padded_buf, bn_size(&rsa->N));
@@ -629,8 +630,8 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
const uint32_t sig_len, enum padding_mode padding,
enum hashing_mode hashing)
{
uint32_t padded_buf[RSA_MAX_WORDS];
uint32_t signature_buf[RSA_MAX_WORDS];
uint32_t padded_buf[RSA_WORDS_4K];
uint32_t signature_buf[RSA_WORDS_4K];
uint32_t e_buf[LITE_BN_BYTES / sizeof(uint32_t)];
struct LITE_BIGNUM padded;
@@ -638,7 +639,7 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
struct LITE_BIGNUM e;
int ret = 1;
if (!check_modulus_params(&rsa->N, NULL))
if (!check_modulus_params(&rsa->N, sizeof(padded_buf), NULL))
return 0;
if (sig_len != bn_size(&rsa->N))
return 0; /* Invalid input length. */
@@ -650,10 +651,10 @@ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest,
BN_DIGIT(&e, 0) = rsa->e;
/* Reverse from big-endian to little-endian notation. */
reverse((uint8_t *) signature.d, signature.dmax * LITE_BN_BYTES);
reverse((uint8_t *) signature.d, bn_size(&signature));
bn_mont_modexp(&padded, &signature, &e, &rsa->N);
/* Back to big-endian notation. */
reverse((uint8_t *) padded.d, padded.dmax * LITE_BN_BYTES);
reverse((uint8_t *) padded.d, bn_size(&padded));
switch (padding) {
case PADDING_MODE_PKCS1:

15
test/tpm_test/rsa1024.pem Normal file
View File

@@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQDfTq9zRZSYNDB+Jq1Ag/kXIbBOGw1qRM5OPi5yTJffiYo5ECWu
IEzyOyCypRDdsmtiTqafkkrZhpfMcCA7ajJjyn9Z+1e2qZnp0C4PHNR9i6C9D9LV
Ox8RtGqUz08KK0Tn+mskkbSCH/Z1tpHFoPYv1f8Qc5s09nqII6lCPKgkkQIDAQAB
AoGBAJpthfQHqG1hmi+De8jj+3y9tXkuSCa3kpyVb/VndpgGO+qeehBjEhNqRICG
mpVWb+C6V4x+1Ph9lbixyfiMxm7le6CvoE5OhNeXuVrdMuUr5YCzsr9W/wHc5qZs
SoEdj+pL7SQI9GevDfL9Nz8xJfruNbDbZhH/SeHl/xvMww4JAkEA+V55ZUNwQINQ
Crths4d7JI8qA1u1S5SUZ6qY1hRAkDykDW1YMcVC8S0VDufN5j7K2JQ3qkzW8yEu
pP4deUTXswJBAOU+zUuXxZY5cJc6EKnDNQrWK/USjbLACxxfoAuGg6eQ6fgWkp/O
E0wU6J5MJO//WCIG+c/9Gbcj+eOz43qbsKsCQFYw7Uyu7pGd0YCkG7Tt0wZj5WWb
wSIKjPD36jO0dExmaV2quZ0aTXUG3Ax22pgGhB4vvL3EKVeH1JN6sb1EqjkCQC8X
yqanxABLRnTaicfGASR7wMX0jMVWrDGk90TG2k7W9yluwaowdEhh1zOFouTmiJ1c
3365mMnFizUapDVwvEcCQGqkxcod+m/s4Zq2a9DAyfN3FD2AtJ7QasveLXvR16Od
MRa0hOWA8d3hh+eHU8DsJ+csEuKeDui3tV4kY0UTF0Y=
-----END RSA PRIVATE KEY-----

27
test/tpm_test/rsa2048.pem Normal file
View File

@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAnNdhLkOOFb7Nc5+39YZL45WQXIUZTB0uLO9uH+11Mg8KwXKf
DHhQopmCU5C+ZCNJdXsM6y1ol9avsaoq3l6b4wYN8qzZ1x9Qbsld67TwwJgjBDBG
ENzUa1fHMMMG3a9RbkBB+BDeSRhSsxjKSVCoOs22lHvb8S0FzlcLvjhIu8mxdja4
qMziB1zIe8/P8Pqjxdc6XrL0v+rC7VEWopKcNqaGDiSlZhXnlyJQBP/JTbC8JwVe
LPfv3F1YoTtgg7eMt9A2bVUuBSNjdEqXN6d4QO8+Zv26brNySiGCHzOtYgzyGtJq
tafyUWkfOKVXmsWIZ+MRplNPsekHQd7o35OpmQIDAQABAoIBAE6dAh/fSouJvI8U
4m8VZlpncBl/uUNWaPuq8ybbrd9ufLSj0Ca+86Pcj9908IleyoYxLDOA6ikZOa0y
nxQglcBAG6OkkffqwTUWh5YKdpYCa6LA043GMk6vi67cQkfBhW5elPJS+ifnIiSU
62e+HuSCkd5xCrgjGgLnzIIG0iYVVJdSzfU/bca5cDC+xYimsGUWnEyE4npu6ce9
z0Un/BnGIx0riKJnH8LW06B5+7/qOKjfT7ybju4Et3wA15UaA4J66EG4sa9/8TCJ
Vm0HEVV53WgPgghczCRHVGiG8fA/UhCt5BYzFgIhYuMvXesiW2S0KSJ0JCmpTGaE
McqZlfUCgYEAyIBv9i/7SYt3OeI9PR9N+btUBg1xv1SxHqIgft3PIRbpwLqUAtKk
Lng8+2Sg5+knZCkZdMV3u+FttIMdQ1qAcuw8MsMgLM73uvbGDPRW/d8hVfPiViWm
s5aknLj9nOyH+toupPYPFOaBIoTnwB3RP+2wutjk6dQYM64pUXl50Q8CgYEAyEEq
QvFqgawGq9C3wLvGE939Xjx3/sEudvCUwF0kizAN+CrHJngbgVpClq33DqQbLI84
BgWNmG43ZbQsgOI41XnS6mLyMqx7iJDDTp5T5X7vE7Hj1UHRqRUEPGF0XhoAXIqL
F9V4rV7gzzVjCpUecL6X8tN4BoqImyfIsrE9itcCgYA0NHzydPvQ4mdgwu9/Aq+i
3ou6J7X+Q2b6uuwLHGXaD8U9UVdIhOAK2XPHYSQkPijrg2gFZ4UNfly6K4lrCB15
zti9vuCZyinmnGpk5RnhcD+VybKdC6CkEg06YVBnk460Wira+NZkcsAc5M4Sz7C0
HIdvnxm7aGYEzswjUqXNMQKBgEA49e7GMdwoaXNM2sGK9vmEJi/EwM8I8XffrDUN
Kh0hajl+rqPdvSR86AIfBK7DXpupytPTkBeksUuCvwsOgh+klEnrNbWer3eaxag/
CrT9QntUf7bzBuRtAxDCSGmteRQ0smsQYUVoujx56KuKK1sJJP4RZ9rhLvJjjfAQ
+6W9AoGBAL0hOd3kCVY8kxDQry9M30lPZcftJga2IxTErBex60rA9ifmHLm4iFXt
/e52/1OZVE4Cf7QFEFeSLiBA+U8I0FdV4VMyrfTpjKNVBIDB7JmskdhQbIPXOZzY
fC2yxCmVsD6PjMDDlT//ck5AQVrktdDpwBj3OX7JSc31KOMBb8FU
-----END RSA PRIVATE KEY-----

51
test/tpm_test/rsa4096.pem Normal file
View File

@@ -0,0 +1,51 @@
-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEAtNKrnPpCmjdwKuQth2d/FbYxBgbVWumOqdRta5K5Yzd9nPDK
CkQZ8HGnTOCQnL5pSpxVGLNCQ9lsZf3RzyAMkjQnRkhYCxPN8WdwAn7nTKnY/UgX
gPYBDmGwvu+HK3EOZYHBUM64ZdLX+nbEtxPZ7drWn54QslD0/fT57NgzVu/0ItPC
uknVqQuwGKPZJs0ndmpyGzGsPULo2SbTkLs5ZLvqiQt6tIg56unKGYxC+2kiyo69
bHO3iKChGaj6lFUgb4C612kSH3SC7K/uKK/N2q0bW1TkK+8MTdGr1wPEpJmgvH6d
PC80O9Xdau2mGZODvuLUb5L/Vaf3Z+vjRtPnbcAplSu/3bSTu0UB/FMhzp+LkIAJ
uhpuCIcVtHSj3LvbRfI4IIXDnkpFHnUYBUKGrUfmqu2Imp83o7jHmTXiqI6dLrzy
ZEjDY08c0EXDQaG+5cKkXUXwA4PJgExo8NHa8VGB1f7E6IrWMpU42Dva94xcawH0
bhK1tjbj0apJRGrz5nsZffg1yy24YlTPLWazf+A3ZRmC1ogkwjF+H27aSyivXivo
NLLcx9GVDJTnCaDtqpEvkW/wAN8NRu/SWXtlzqLtiuIe0OGTcn8YeRg188rbAV8J
SCFF/olE7Qd5aDLY1ougxtz5VolbzjUF6cFKHiQLyHMYGWvt+T6SkvILdSUCAwEA
AQKCAgBWbFY/edE5WgPPTC2CiPHRk7mMktmIURaxjukZQBBBHnV3/BHkpDXtmLSI
ZtBXSh6S3XNCkfK68QEBIjYUE9JOUoTu74a9DKMinPiJCNRN7OPb8ofhSDKrB//s
0hi9p5Rk6YZWs+aoLAS0He3ZPrCrISvxMB/0ygK+GkcVbyPiil8aAjIQzVdEK2Tn
8e/Ivsb8rtWIr84NnZwipY76nrFItxPamlT0UiO0ZjcEzOf6t348Z8qbOhdfQr6c
wAm7uY/+Gv2yFPLne81TiKaAZb4ypQftN/6yDNfJncvOwWtL7G1Jig5mhH0nmAjy
oVEA6mNOaaV1CkHlU5lI3xJKeN8j5DWPVu8+12gCjQgasBwo9aEMgNZgu+GYJEt5
YnNZNz0aYcwajRGrOnrGQBMdlj97ZGgJQableFqWxjxx2TnUuhr6jj62fyMB5FBh
zVeFesLIvoobRXxYC7vpe1oyfy+hJjTrmDlhQiBLpX4zoAJG3qgqtuQPWrM3dkjT
yESNSMoLIL2WA2XclWWlH/nQDYGB3HzJtJeg+M6+EDRxTL+pgTgsWxDIkizSiI1c
Ums7slNfSrNlPPt8hCqyI+Hm+CjgSSXM8//mZjgWI0Req3Pj6aiYeCMJbSyNTJK1
J4S4MNcLmG0c4rxd1SH9b3S9cIesKLibkl9X23pF8jW7xXxDZQKCAQEA596OJByw
BAqoj/Vor3SOdnpTmXLpqNAT4YsmA4futyySPGuVaP4dypGrZhu6OTrnuQaUxcad
3bbnpZeM6UQKoEbN7egCruWSx6h9wi3qzdXjm1OiLnTsPzKGm5U3nvp1CIZCUoay
ceNWWeDcNTmZupnjKkG8RUpdqAy5pytji81L2y8eT38EbHLPVN5QpaJ9NS1TzuFF
qZeOD3CbkxfNp1fy39dVq5Zx3n8Eg3vi6LvHWTYY6i4eG5HP5adb/CnT2MO7T//P
qRb0ERIBmR+R+BTkBXQFUc65mTuV4XCxmvA4Nz8ydk5+4Gh6s5PZwiazeDH87Eup
awv2b/pZsxr8twKCAQEAx6Qj7vE5MRSFA193+OnLgp4pikCosEzv+xcXmaYeuVmi
H3RSexwM9QwtPy2cd9vIAsnG+o1aUTkU7I+MO4ZFLHp7DNVuXDS3hHPjYYx5GC87
7NsTP3+fXNCJDsb5lO812BkTEijNcokazim9vyJxNL/2GDmYNPL1KcN0KTMhskdi
3vBscyQ+lYMcqL6fi25mNL1F+JKIA7dT7yoEnvx9xqJPmvlktogILmfoowfdpi5k
h6FVq40XyLpBQ/M2GiDmL4PNSLSAFnVhab8mh2ULGrMSGy/a6BEHz7qa18mjGseO
NXL4FlVyfdsv3CWlitQqoiKUnwHnHeuNr28W6vh5AwKCAQAr4be+59r7+NRr4kL8
qa9ohsAZk2DbPP32OnJoSqqH6hyG6MlvBGC4/JaWjXrR5+8A2lj/kRZBZqMyeJsH
boQgTyYb90PCu9nqhV2/iRcd+3PG6q4P4rrvPu2wti2/naDWiyo0Gh/dY+vsuJyU
SiFo6kTOs4AhEPDmo/nixFhjlefcRG+VFfHNYHESm7xhjH3ruXdZ+NJJRVByZZpb
3S5jlEZ3zHX/Mkq8lAdTpveLmjYhERboAvBZwV+6E9FZyMS6ClkBy+UOGDT6ohDB
XPMwIywASDPVhq0jbd5wuvYx33KUKhavwy1J5RwLrliQ4OgoQDWgtrUKeEocaSHe
vqXDAoIBAEYG4UPTAUih9fY06pQ5DdWHPPLtsz4D/rmIZBLVHjnNovx9hOEB+dmK
p+RdT2ELiqDPvifspR2QdDJ2N645btInNDpQMyHMrAKd08hHycId71spjRrc3T1l
OG4ihTEkpzJhuTrJbScbyHdAVPpSTns+Skg9C5KnFi/MC1bYRJ2QRLIGi0PoFrvC
/a6DDtuNofQl4AFNBMCo8ZwWlQBfeI7QKDQn/pe4J4Z/lC57d9futfyNLsu59fnG
u1XmXbfUimloRf2Wssct7Tl2f0FGxBpdbaBzrMlyD9dhkSbX54phLRS6eyL6Xeqf
k64Y1nRX74xnrNIJjNQF5/D9eoB5H5kCggEADkSUsvqv/hpMMNRIyXsIKIko4EW3
L0ceh7Unl1vvekku7aLMrHqzu6tu6QoUXc9jMxhS9et41a7NqeLH4MFEqENoxQ6G
tJTCuklNgKWiooQIN/Wm0t82a3M3kvcqIbCCG5EGDL/7Uh48DQGpSOGehEn6TYnG
W42bU/Beq38LQzN4eQPhsiqmOwNJ4dYc4NqpOIkXi6UTCe9hDcpX2p7hG55zkpOA
2rxpIOeOVSRHHOE8RsfIr8FzO/823P1mOQe5xMSCf1GSj6I+bopT0chL9JsiHLZa
1VPn744OJjXt14LAt4byOVvgdSoQAgxWEC0LhmHYNXt8/YRMJiZ01bc1dA==
-----END RSA PRIVATE KEY-----

12
test/tpm_test/rsa768.pem Normal file
View File

@@ -0,0 +1,12 @@
-----BEGIN RSA PRIVATE KEY-----
MIIBywIBAAJhALDb7UbZMvB81CAj0jVahhfbJHI2MzvCZIukSW50/vrSggzEEjpI
Z+EVzJTfRBtOwBi6RhtRLOIPwDJ37V+L5aMA5jwtpxCJU6grM3Q49zYA/d1bvXvB
fOF1kCt4LTmFaQIDAQABAmEArq25UCWMG1yfQtM+dnXfRUarW6bOuXJJTmbIJDGn
+WHbEvLBMhF7kCOwuUU/Bl2i1zUP3fwD342Ra4P5We5nHhognov49uKy9SlxTCJU
z36XvHAk3W1S/hfZ1kF7dkABAjEA1glkyPNcAsfGR05/Q50xRnozhaCkFuoie81k
m1Dspy9+z+tpKTSOt7Wzun+bAX1pAjEA04iSLdXGKfTwLmHwYK2pRhGpDGkUMQk2
i3AbEZsmOTQ0/fGaiVFjCsZgC7oYjsgBAjA8oMSPt3+kufoMUMvz1x8SG6NkgrB4
XTIPZ4rMBAxE/0sokkJjjaOvniSe+25o6aECMQCG3oedM7SSIbpVSFqTuYW4yB/J
auHV1fLx+ns3wX0gcdnro3SNYtfMEelA8NkhiAECMGVIqAN9qpGW5qAyikDrmzod
7+wMrWHefpWKsih4+MIvAo7WOOoM+1UasRwVGhMxFQ==
-----END RSA PRIVATE KEY-----

95
test/tpm_test/rsa_test.py
View File

@@ -6,13 +6,23 @@
"""Module for testing rsa functions using extended commands."""
import binascii
import Crypto
import Crypto.Hash.SHA
import Crypto.Hash.SHA256
import Crypto.Hash.SHA384
import Crypto.Hash.SHA512
from Crypto.PublicKey import RSA
import Crypto.Signature.PKCS1_PSS
import Crypto.Signature.PKCS1_v1_5
import hashlib
import os
import rsa
import struct
import subcmd
import utils
_MODULE_DIR = os.path.dirname(os.path.abspath(__file__))
_RSA_OPCODES = {
'ENCRYPT': 0x00,
@@ -41,9 +51,29 @@ _RSA_PADDING = {
_HASH = {
'NONE': 0x00,
'SHA1': 0x04,
'SHA256': 0x0B
'SHA256': 0x0B,
'SHA384': 0x0C,
'SHA512': 0x0D,
}
_SIGNER = {
'PKCS1-SSA': Crypto.Signature.PKCS1_v1_5,
'PKCS1-PSS': Crypto.Signature.PKCS1_PSS,
}
_HASHER = {
'SHA1': Crypto.Hash.SHA,
'SHA256': Crypto.Hash.SHA256,
'SHA384': Crypto.Hash.SHA384,
'SHA512': Crypto.Hash.SHA512,
}
_KEYS = {
768: RSA.importKey(open(os.path.join(_MODULE_DIR, 'rsa768.pem')).read()),
1024: RSA.importKey(open(os.path.join(_MODULE_DIR, 'rsa1024.pem')).read()),
2048: RSA.importKey(open(os.path.join(_MODULE_DIR, 'rsa2048.pem')).read()),
4096: RSA.importKey(open(os.path.join(_MODULE_DIR, 'rsa4096.pem')).read()),
}
# Command format.
#
@@ -80,13 +110,8 @@ def _encrypt_cmd(padding, hashing, key_len, msg):
dl='', dig='')
def _sign_cmd(padding, hashing, key_len, msg):
def _sign_cmd(padding, hashing, key_len, digest):
op = _RSA_OPCODES['SIGN']
digest = ''
if hashing == _HASH['SHA1']:
digest = hashlib.sha1(msg).digest()
elif hashing == _HASH['SHA256']:
digest = hashlib.sha256(msg).digest()
digest_len = len(digest)
return _RSA_CMD_FORMAT.format(o=op, p=padding, h=hashing,
kl=struct.pack('>H', key_len),
@@ -94,14 +119,9 @@ def _sign_cmd(padding, hashing, key_len, msg):
dl='', dig='')
def _verify_cmd(padding, hashing, key_len, sig, msg):
def _verify_cmd(padding, hashing, key_len, sig, digest):
op = _RSA_OPCODES['VERIFY']
sig_len = len(sig)
digest = ''
if hashing == _HASH['SHA1']:
digest = hashlib.sha1(msg).digest()
elif hashing == _HASH['SHA256']:
digest = hashlib.sha256(msg).digest()
digest_len = len(digest)
return _RSA_CMD_FORMAT.format(o=op, p=padding, h=hashing,
kl=struct.pack('>H', key_len),
@@ -585,11 +605,25 @@ _SIGN_INPUTS = (
('PKCS1-SSA', 'SHA1', 768),
('PKCS1-SSA', 'SHA256', 768),
('PKCS1-SSA', 'SHA256', 1024),
('PKCS1-SSA', 'SHA384', 2048),
('PKCS1-SSA', 'SHA512', 2048),
('PKCS1-PSS', 'SHA1', 768),
('PKCS1-PSS', 'SHA256', 768),
('PKCS1-PSS', 'SHA256', 2048),
)
_VERIFY_INPUTS = (
('PKCS1-SSA', 'SHA1', 768),
('PKCS1-SSA', 'SHA256', 768),
('PKCS1-SSA', 'SHA256', 1024),
('PKCS1-SSA', 'SHA384', 2048),
('PKCS1-SSA', 'SHA512', 4096),
('PKCS1-PSS', 'SHA1', 768),
('PKCS1-PSS', 'SHA256', 768),
('PKCS1-PSS', 'SHA256', 2048),
('PKCS1-PSS', 'SHA256', 4096),
)
_KEYTEST_INPUTS = (
(768,),
(1024,),
@@ -644,17 +678,43 @@ def _encrypt_tests(tpm):
def _sign_tests(tpm):
msg = 'Hello CR50!'
for data in _SIGN_INPUTS:
msg = rsa.randnum.read_random_bits(256)
padding, hashing, key_len = data
test_name = 'RSA-SIGN:%s:%s:%d' % data
cmd = _sign_cmd(_RSA_PADDING[padding], _HASH[hashing], key_len, msg)
key = _KEYS[key_len]
verifier = _SIGNER[padding].new(key)
h = _HASHER[hashing].new()
h.update(msg)
cmd = _sign_cmd(_RSA_PADDING[padding], _HASH[hashing], key_len, h.digest())
wrapped_response = tpm.command(tpm.wrap_ext_command(subcmd.RSA, cmd))
signature = tpm.unwrap_ext_response(subcmd.RSA, wrapped_response)
signer = _SIGNER[padding].new(key)
expected_signature = signer.sign(h)
if not verifier.verify(h, signature):
raise subcmd.TpmTestError('%s error' % (
test_name,))
print('%sSUCCESS: %s' % (utils.cursor_back(), test_name))
def _verify_tests(tpm):
for data in _VERIFY_INPUTS:
msg = rsa.randnum.read_random_bits(256)
padding, hashing, key_len = data
test_name = 'RSA-VERIFY:%s:%s:%d' % data
key = _KEYS[key_len]
signer = _SIGNER[padding].new(key)
h = _HASHER[hashing].new()
h.update(msg)
signature = signer.sign(h)
cmd = _verify_cmd(_RSA_PADDING[padding], _HASH[hashing],
key_len, signature, msg)
key_len, signature, h.digest())
wrapped_response = tpm.command(tpm.wrap_ext_command(subcmd.RSA, cmd))
verified = tpm.unwrap_ext_response(subcmd.RSA, wrapped_response)
expected = '\x01'
@@ -751,6 +811,7 @@ def _x509_verify_tests(tpm):
def rsa_test(tpm):
_encrypt_tests(tpm)
_sign_tests(tpm)
_verify_tests(tpm)
_keytest_tests(tpm)
_keygen_tests(tpm)
_primegen_tests(tpm)