CR50: add support for 4k RSA verify

Add support for verifying messages signed with 4096-bit RSA keys. Such messages may be generated by host side applications. Also update tpmtest.py to test 4k verification. BRANCH=none BUG=none TEST=added new tests to tpmtest.py; TCG tests pass Change-Id: I7450bd710c154c68c030ce176bfe7becbfbcb729 Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/428220 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Marius Schilder <mschilder@chromium.org> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Marius Schilder <mschilder@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2026-01-10 01:21:49 +00:00 · 2017-01-13 12:36:27 -08:00
parent 39a41bd665
commit 25d3f259db
9 changed files with 309 additions and 51 deletions
--- a/test/tpm_test/rsa1024.pem
+++ b/test/tpm_test/rsa1024.pem
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDfTq9zRZSYNDB+Jq1Ag/kXIbBOGw1qRM5OPi5yTJffiYo5ECWu
+IEzyOyCypRDdsmtiTqafkkrZhpfMcCA7ajJjyn9Z+1e2qZnp0C4PHNR9i6C9D9LV
+Ox8RtGqUz08KK0Tn+mskkbSCH/Z1tpHFoPYv1f8Qc5s09nqII6lCPKgkkQIDAQAB
+AoGBAJpthfQHqG1hmi+De8jj+3y9tXkuSCa3kpyVb/VndpgGO+qeehBjEhNqRICG
+mpVWb+C6V4x+1Ph9lbixyfiMxm7le6CvoE5OhNeXuVrdMuUr5YCzsr9W/wHc5qZs
+SoEdj+pL7SQI9GevDfL9Nz8xJfruNbDbZhH/SeHl/xvMww4JAkEA+V55ZUNwQINQ
+Crths4d7JI8qA1u1S5SUZ6qY1hRAkDykDW1YMcVC8S0VDufN5j7K2JQ3qkzW8yEu
+pP4deUTXswJBAOU+zUuXxZY5cJc6EKnDNQrWK/USjbLACxxfoAuGg6eQ6fgWkp/O
+E0wU6J5MJO//WCIG+c/9Gbcj+eOz43qbsKsCQFYw7Uyu7pGd0YCkG7Tt0wZj5WWb
+wSIKjPD36jO0dExmaV2quZ0aTXUG3Ax22pgGhB4vvL3EKVeH1JN6sb1EqjkCQC8X
+yqanxABLRnTaicfGASR7wMX0jMVWrDGk90TG2k7W9yluwaowdEhh1zOFouTmiJ1c
+3365mMnFizUapDVwvEcCQGqkxcod+m/s4Zq2a9DAyfN3FD2AtJ7QasveLXvR16Od
+MRa0hOWA8d3hh+eHU8DsJ+csEuKeDui3tV4kY0UTF0Y=
+-----END RSA PRIVATE KEY-----
--- a/test/tpm_test/rsa2048.pem
+++ b/test/tpm_test/rsa2048.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAnNdhLkOOFb7Nc5+39YZL45WQXIUZTB0uLO9uH+11Mg8KwXKf
+DHhQopmCU5C+ZCNJdXsM6y1ol9avsaoq3l6b4wYN8qzZ1x9Qbsld67TwwJgjBDBG
+ENzUa1fHMMMG3a9RbkBB+BDeSRhSsxjKSVCoOs22lHvb8S0FzlcLvjhIu8mxdja4
+qMziB1zIe8/P8Pqjxdc6XrL0v+rC7VEWopKcNqaGDiSlZhXnlyJQBP/JTbC8JwVe
+LPfv3F1YoTtgg7eMt9A2bVUuBSNjdEqXN6d4QO8+Zv26brNySiGCHzOtYgzyGtJq
+tafyUWkfOKVXmsWIZ+MRplNPsekHQd7o35OpmQIDAQABAoIBAE6dAh/fSouJvI8U
+4m8VZlpncBl/uUNWaPuq8ybbrd9ufLSj0Ca+86Pcj9908IleyoYxLDOA6ikZOa0y
+nxQglcBAG6OkkffqwTUWh5YKdpYCa6LA043GMk6vi67cQkfBhW5elPJS+ifnIiSU
+62e+HuSCkd5xCrgjGgLnzIIG0iYVVJdSzfU/bca5cDC+xYimsGUWnEyE4npu6ce9
+z0Un/BnGIx0riKJnH8LW06B5+7/qOKjfT7ybju4Et3wA15UaA4J66EG4sa9/8TCJ
+Vm0HEVV53WgPgghczCRHVGiG8fA/UhCt5BYzFgIhYuMvXesiW2S0KSJ0JCmpTGaE
+McqZlfUCgYEAyIBv9i/7SYt3OeI9PR9N+btUBg1xv1SxHqIgft3PIRbpwLqUAtKk
+Lng8+2Sg5+knZCkZdMV3u+FttIMdQ1qAcuw8MsMgLM73uvbGDPRW/d8hVfPiViWm
+s5aknLj9nOyH+toupPYPFOaBIoTnwB3RP+2wutjk6dQYM64pUXl50Q8CgYEAyEEq
+QvFqgawGq9C3wLvGE939Xjx3/sEudvCUwF0kizAN+CrHJngbgVpClq33DqQbLI84
+BgWNmG43ZbQsgOI41XnS6mLyMqx7iJDDTp5T5X7vE7Hj1UHRqRUEPGF0XhoAXIqL
+F9V4rV7gzzVjCpUecL6X8tN4BoqImyfIsrE9itcCgYA0NHzydPvQ4mdgwu9/Aq+i
+3ou6J7X+Q2b6uuwLHGXaD8U9UVdIhOAK2XPHYSQkPijrg2gFZ4UNfly6K4lrCB15
+zti9vuCZyinmnGpk5RnhcD+VybKdC6CkEg06YVBnk460Wira+NZkcsAc5M4Sz7C0
+HIdvnxm7aGYEzswjUqXNMQKBgEA49e7GMdwoaXNM2sGK9vmEJi/EwM8I8XffrDUN
+Kh0hajl+rqPdvSR86AIfBK7DXpupytPTkBeksUuCvwsOgh+klEnrNbWer3eaxag/
+CrT9QntUf7bzBuRtAxDCSGmteRQ0smsQYUVoujx56KuKK1sJJP4RZ9rhLvJjjfAQ
+6W9AoGBAL0hOd3kCVY8kxDQry9M30lPZcftJga2IxTErBex60rA9ifmHLm4iFXt
+/e52/1OZVE4Cf7QFEFeSLiBA+U8I0FdV4VMyrfTpjKNVBIDB7JmskdhQbIPXOZzY
+fC2yxCmVsD6PjMDDlT//ck5AQVrktdDpwBj3OX7JSc31KOMBb8FU
+-----END RSA PRIVATE KEY-----
--- a/test/tpm_test/rsa4096.pem
+++ b/test/tpm_test/rsa4096.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJJwIBAAKCAgEAtNKrnPpCmjdwKuQth2d/FbYxBgbVWumOqdRta5K5Yzd9nPDK
+CkQZ8HGnTOCQnL5pSpxVGLNCQ9lsZf3RzyAMkjQnRkhYCxPN8WdwAn7nTKnY/UgX
+gPYBDmGwvu+HK3EOZYHBUM64ZdLX+nbEtxPZ7drWn54QslD0/fT57NgzVu/0ItPC
+uknVqQuwGKPZJs0ndmpyGzGsPULo2SbTkLs5ZLvqiQt6tIg56unKGYxC+2kiyo69
+bHO3iKChGaj6lFUgb4C612kSH3SC7K/uKK/N2q0bW1TkK+8MTdGr1wPEpJmgvH6d
+PC80O9Xdau2mGZODvuLUb5L/Vaf3Z+vjRtPnbcAplSu/3bSTu0UB/FMhzp+LkIAJ
+uhpuCIcVtHSj3LvbRfI4IIXDnkpFHnUYBUKGrUfmqu2Imp83o7jHmTXiqI6dLrzy
+ZEjDY08c0EXDQaG+5cKkXUXwA4PJgExo8NHa8VGB1f7E6IrWMpU42Dva94xcawH0
+bhK1tjbj0apJRGrz5nsZffg1yy24YlTPLWazf+A3ZRmC1ogkwjF+H27aSyivXivo
+NLLcx9GVDJTnCaDtqpEvkW/wAN8NRu/SWXtlzqLtiuIe0OGTcn8YeRg188rbAV8J
+SCFF/olE7Qd5aDLY1ougxtz5VolbzjUF6cFKHiQLyHMYGWvt+T6SkvILdSUCAwEA
+AQKCAgBWbFY/edE5WgPPTC2CiPHRk7mMktmIURaxjukZQBBBHnV3/BHkpDXtmLSI
+ZtBXSh6S3XNCkfK68QEBIjYUE9JOUoTu74a9DKMinPiJCNRN7OPb8ofhSDKrB//s
+0hi9p5Rk6YZWs+aoLAS0He3ZPrCrISvxMB/0ygK+GkcVbyPiil8aAjIQzVdEK2Tn
+8e/Ivsb8rtWIr84NnZwipY76nrFItxPamlT0UiO0ZjcEzOf6t348Z8qbOhdfQr6c
+wAm7uY/+Gv2yFPLne81TiKaAZb4ypQftN/6yDNfJncvOwWtL7G1Jig5mhH0nmAjy
+oVEA6mNOaaV1CkHlU5lI3xJKeN8j5DWPVu8+12gCjQgasBwo9aEMgNZgu+GYJEt5
+YnNZNz0aYcwajRGrOnrGQBMdlj97ZGgJQableFqWxjxx2TnUuhr6jj62fyMB5FBh
+zVeFesLIvoobRXxYC7vpe1oyfy+hJjTrmDlhQiBLpX4zoAJG3qgqtuQPWrM3dkjT
+yESNSMoLIL2WA2XclWWlH/nQDYGB3HzJtJeg+M6+EDRxTL+pgTgsWxDIkizSiI1c
+Ums7slNfSrNlPPt8hCqyI+Hm+CjgSSXM8//mZjgWI0Req3Pj6aiYeCMJbSyNTJK1
+J4S4MNcLmG0c4rxd1SH9b3S9cIesKLibkl9X23pF8jW7xXxDZQKCAQEA596OJByw
+BAqoj/Vor3SOdnpTmXLpqNAT4YsmA4futyySPGuVaP4dypGrZhu6OTrnuQaUxcad
+3bbnpZeM6UQKoEbN7egCruWSx6h9wi3qzdXjm1OiLnTsPzKGm5U3nvp1CIZCUoay
+ceNWWeDcNTmZupnjKkG8RUpdqAy5pytji81L2y8eT38EbHLPVN5QpaJ9NS1TzuFF
+qZeOD3CbkxfNp1fy39dVq5Zx3n8Eg3vi6LvHWTYY6i4eG5HP5adb/CnT2MO7T//P
+qRb0ERIBmR+R+BTkBXQFUc65mTuV4XCxmvA4Nz8ydk5+4Gh6s5PZwiazeDH87Eup
+awv2b/pZsxr8twKCAQEAx6Qj7vE5MRSFA193+OnLgp4pikCosEzv+xcXmaYeuVmi
+H3RSexwM9QwtPy2cd9vIAsnG+o1aUTkU7I+MO4ZFLHp7DNVuXDS3hHPjYYx5GC87
+7NsTP3+fXNCJDsb5lO812BkTEijNcokazim9vyJxNL/2GDmYNPL1KcN0KTMhskdi
+3vBscyQ+lYMcqL6fi25mNL1F+JKIA7dT7yoEnvx9xqJPmvlktogILmfoowfdpi5k
+h6FVq40XyLpBQ/M2GiDmL4PNSLSAFnVhab8mh2ULGrMSGy/a6BEHz7qa18mjGseO
+NXL4FlVyfdsv3CWlitQqoiKUnwHnHeuNr28W6vh5AwKCAQAr4be+59r7+NRr4kL8
+qa9ohsAZk2DbPP32OnJoSqqH6hyG6MlvBGC4/JaWjXrR5+8A2lj/kRZBZqMyeJsH
+boQgTyYb90PCu9nqhV2/iRcd+3PG6q4P4rrvPu2wti2/naDWiyo0Gh/dY+vsuJyU
+SiFo6kTOs4AhEPDmo/nixFhjlefcRG+VFfHNYHESm7xhjH3ruXdZ+NJJRVByZZpb
+3S5jlEZ3zHX/Mkq8lAdTpveLmjYhERboAvBZwV+6E9FZyMS6ClkBy+UOGDT6ohDB
+XPMwIywASDPVhq0jbd5wuvYx33KUKhavwy1J5RwLrliQ4OgoQDWgtrUKeEocaSHe
+vqXDAoIBAEYG4UPTAUih9fY06pQ5DdWHPPLtsz4D/rmIZBLVHjnNovx9hOEB+dmK
+p+RdT2ELiqDPvifspR2QdDJ2N645btInNDpQMyHMrAKd08hHycId71spjRrc3T1l
+OG4ihTEkpzJhuTrJbScbyHdAVPpSTns+Skg9C5KnFi/MC1bYRJ2QRLIGi0PoFrvC
+/a6DDtuNofQl4AFNBMCo8ZwWlQBfeI7QKDQn/pe4J4Z/lC57d9futfyNLsu59fnG
+u1XmXbfUimloRf2Wssct7Tl2f0FGxBpdbaBzrMlyD9dhkSbX54phLRS6eyL6Xeqf
+k64Y1nRX74xnrNIJjNQF5/D9eoB5H5kCggEADkSUsvqv/hpMMNRIyXsIKIko4EW3
+L0ceh7Unl1vvekku7aLMrHqzu6tu6QoUXc9jMxhS9et41a7NqeLH4MFEqENoxQ6G
+tJTCuklNgKWiooQIN/Wm0t82a3M3kvcqIbCCG5EGDL/7Uh48DQGpSOGehEn6TYnG
+W42bU/Beq38LQzN4eQPhsiqmOwNJ4dYc4NqpOIkXi6UTCe9hDcpX2p7hG55zkpOA
+2rxpIOeOVSRHHOE8RsfIr8FzO/823P1mOQe5xMSCf1GSj6I+bopT0chL9JsiHLZa
+1VPn744OJjXt14LAt4byOVvgdSoQAgxWEC0LhmHYNXt8/YRMJiZ01bc1dA==
+-----END RSA PRIVATE KEY-----
--- a/test/tpm_test/rsa768.pem
+++ b/test/tpm_test/rsa768.pem
@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBywIBAAJhALDb7UbZMvB81CAj0jVahhfbJHI2MzvCZIukSW50/vrSggzEEjpI
+Z+EVzJTfRBtOwBi6RhtRLOIPwDJ37V+L5aMA5jwtpxCJU6grM3Q49zYA/d1bvXvB
+fOF1kCt4LTmFaQIDAQABAmEArq25UCWMG1yfQtM+dnXfRUarW6bOuXJJTmbIJDGn
+WHbEvLBMhF7kCOwuUU/Bl2i1zUP3fwD342Ra4P5We5nHhognov49uKy9SlxTCJU
+z36XvHAk3W1S/hfZ1kF7dkABAjEA1glkyPNcAsfGR05/Q50xRnozhaCkFuoie81k
+m1Dspy9+z+tpKTSOt7Wzun+bAX1pAjEA04iSLdXGKfTwLmHwYK2pRhGpDGkUMQk2
+i3AbEZsmOTQ0/fGaiVFjCsZgC7oYjsgBAjA8oMSPt3+kufoMUMvz1x8SG6NkgrB4
+XTIPZ4rMBAxE/0sokkJjjaOvniSe+25o6aECMQCG3oedM7SSIbpVSFqTuYW4yB/J
+auHV1fLx+ns3wX0gcdnro3SNYtfMEelA8NkhiAECMGVIqAN9qpGW5qAyikDrmzod
+7+wMrWHefpWKsih4+MIvAo7WOOoM+1UasRwVGhMxFQ==
+-----END RSA PRIVATE KEY-----
--- a/test/tpm_test/rsa_test.py
+++ b/test/tpm_test/rsa_test.py
@@ -6,13 +6,23 @@
 """Module for testing rsa functions using extended commands."""

 import binascii
+import Crypto
+import Crypto.Hash.SHA
+import Crypto.Hash.SHA256
+import Crypto.Hash.SHA384
+import Crypto.Hash.SHA512
+from Crypto.PublicKey import RSA
+import Crypto.Signature.PKCS1_PSS
+import Crypto.Signature.PKCS1_v1_5
 import hashlib
+import os
 import rsa
 import struct

 import subcmd
 import utils

+_MODULE_DIR = os.path.dirname(os.path.abspath(__file__))

 _RSA_OPCODES = {
  'ENCRYPT': 0x00,
@@ -41,9 +51,29 @@ _RSA_PADDING = {
 _HASH = {
  'NONE': 0x00,
  'SHA1': 0x04,
-  'SHA256': 0x0B
+  'SHA256': 0x0B,
+  'SHA384': 0x0C,
+  'SHA512': 0x0D,
 }

+_SIGNER = {
+  'PKCS1-SSA': Crypto.Signature.PKCS1_v1_5,
+  'PKCS1-PSS': Crypto.Signature.PKCS1_PSS,
+}
+
+_HASHER = {
+  'SHA1':   Crypto.Hash.SHA,
+  'SHA256': Crypto.Hash.SHA256,
+  'SHA384': Crypto.Hash.SHA384,
+  'SHA512': Crypto.Hash.SHA512,
+}
+
+_KEYS = {
+  768:  RSA.importKey(open(os.path.join(_MODULE_DIR, 'rsa768.pem')).read()),
+  1024: RSA.importKey(open(os.path.join(_MODULE_DIR, 'rsa1024.pem')).read()),
+  2048: RSA.importKey(open(os.path.join(_MODULE_DIR, 'rsa2048.pem')).read()),
+  4096: RSA.importKey(open(os.path.join(_MODULE_DIR, 'rsa4096.pem')).read()),
+}

 # Command format.
 #
@@ -80,13 +110,8 @@ def _encrypt_cmd(padding, hashing, key_len, msg):
                                dl='', dig='')


-def _sign_cmd(padding, hashing, key_len, msg):
+def _sign_cmd(padding, hashing, key_len, digest):
  op = _RSA_OPCODES['SIGN']
-  digest = ''
-  if hashing == _HASH['SHA1']:
-      digest = hashlib.sha1(msg).digest()
-  elif hashing == _HASH['SHA256']:
-      digest = hashlib.sha256(msg).digest()
  digest_len = len(digest)
  return _RSA_CMD_FORMAT.format(o=op, p=padding, h=hashing,
                                kl=struct.pack('>H', key_len),
@@ -94,14 +119,9 @@ def _sign_cmd(padding, hashing, key_len, msg):
                                dl='', dig='')


-def _verify_cmd(padding, hashing, key_len, sig, msg):
+def _verify_cmd(padding, hashing, key_len, sig, digest):
  op = _RSA_OPCODES['VERIFY']
  sig_len = len(sig)
-  digest = ''
-  if hashing == _HASH['SHA1']:
-      digest = hashlib.sha1(msg).digest()
-  elif hashing == _HASH['SHA256']:
-      digest = hashlib.sha256(msg).digest()
  digest_len = len(digest)
  return _RSA_CMD_FORMAT.format(o=op, p=padding, h=hashing,
                                kl=struct.pack('>H', key_len),
@@ -585,11 +605,25 @@ _SIGN_INPUTS = (
  ('PKCS1-SSA', 'SHA1', 768),
  ('PKCS1-SSA', 'SHA256', 768),
  ('PKCS1-SSA', 'SHA256', 1024),
+  ('PKCS1-SSA', 'SHA384', 2048),
+  ('PKCS1-SSA', 'SHA512', 2048),
  ('PKCS1-PSS', 'SHA1', 768),
  ('PKCS1-PSS', 'SHA256', 768),
  ('PKCS1-PSS', 'SHA256', 2048),
 )

+_VERIFY_INPUTS = (
+  ('PKCS1-SSA', 'SHA1', 768),
+  ('PKCS1-SSA', 'SHA256', 768),
+  ('PKCS1-SSA', 'SHA256', 1024),
+  ('PKCS1-SSA', 'SHA384', 2048),
+  ('PKCS1-SSA', 'SHA512', 4096),
+  ('PKCS1-PSS', 'SHA1', 768),
+  ('PKCS1-PSS', 'SHA256', 768),
+  ('PKCS1-PSS', 'SHA256', 2048),
+  ('PKCS1-PSS', 'SHA256', 4096),
+)
+
 _KEYTEST_INPUTS = (
  (768,),
  (1024,),
@@ -644,17 +678,43 @@ def _encrypt_tests(tpm):


 def _sign_tests(tpm):
-  msg = 'Hello CR50!'
-
  for data in _SIGN_INPUTS:
+    msg = rsa.randnum.read_random_bits(256)
    padding, hashing, key_len = data
    test_name = 'RSA-SIGN:%s:%s:%d' % data
-    cmd = _sign_cmd(_RSA_PADDING[padding], _HASH[hashing], key_len, msg)
+
+    key = _KEYS[key_len]
+    verifier = _SIGNER[padding].new(key)
+    h = _HASHER[hashing].new()
+    h.update(msg)
+
+    cmd = _sign_cmd(_RSA_PADDING[padding], _HASH[hashing], key_len, h.digest())
    wrapped_response = tpm.command(tpm.wrap_ext_command(subcmd.RSA, cmd))
    signature = tpm.unwrap_ext_response(subcmd.RSA, wrapped_response)

+    signer = _SIGNER[padding].new(key)
+    expected_signature = signer.sign(h)
+
+    if not verifier.verify(h, signature):
+      raise subcmd.TpmTestError('%s error' % (
+          test_name,))
+    print('%sSUCCESS: %s' % (utils.cursor_back(), test_name))
+
+
+def _verify_tests(tpm):
+  for data in _VERIFY_INPUTS:
+    msg = rsa.randnum.read_random_bits(256)
+    padding, hashing, key_len = data
+    test_name = 'RSA-VERIFY:%s:%s:%d' % data
+
+    key = _KEYS[key_len]
+    signer = _SIGNER[padding].new(key)
+    h = _HASHER[hashing].new()
+    h.update(msg)
+    signature = signer.sign(h)
+
    cmd = _verify_cmd(_RSA_PADDING[padding], _HASH[hashing],
-                      key_len, signature, msg)
+                      key_len, signature, h.digest())
    wrapped_response = tpm.command(tpm.wrap_ext_command(subcmd.RSA, cmd))
    verified = tpm.unwrap_ext_response(subcmd.RSA, wrapped_response)
    expected = '\x01'
@@ -751,6 +811,7 @@ def _x509_verify_tests(tpm):
 def rsa_test(tpm):
  _encrypt_tests(tpm)
  _sign_tests(tpm)
+  _verify_tests(tpm)
  _keytest_tests(tpm)
  _keygen_tests(tpm)
  _primegen_tests(tpm)