CR50: increment prime generation counter

The counter used for prime generation should be incremented after each success / failure. Not doing so results in duplicate primes being picked when a label is explicitly specified. BRANCH=none BUG=chrome-os-partner:43025,chrome-os-partner:47524 TEST=all tests in test/tpm_test/tpmtest.py pass Change-Id: Ib2fd0e7fa6255b04946e6d2808e8c67a2199fb55 Signed-off-by: nagendra modadugu <ngm@google.com> Reviewed-on: https://chromium-review.googlesource.com/346056 Commit-Ready: Nagendra Modadugu <ngm@google.com> Tested-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
2026-01-09 00:51:29 +00:00 · 2016-05-19 15:42:36 -07:00
parent 798a50ca0e
commit 4c8359f4fa
2 changed files with 25 additions and 11 deletions
--- a/board/cr50/tpm2/rsa.c
+++ b/board/cr50/tpm2/rsa.c
@@ -265,15 +265,14 @@ static int generate_prime(struct BIGNUM *b, TPM_ALG_ID hashing, TPM2B *seed,
 			const char *label, TPM2B *extra, uint32_t *counter)
 {
 	TPM2B_4_BYTE_VALUE marshaled_counter = { .t = {4} };
-	uint32_t initial_counter;
+	uint32_t i;

-	initial_counter = *counter;
-	for (; *counter - initial_counter < MAX_GENERATE_ATTEMPTS;
-	     *counter += 1) {
+	for (i = 0; i < MAX_GENERATE_ATTEMPTS; i++) {
 		UINT32_TO_BYTE_ARRAY(*counter, marshaled_counter.t.buffer);
 		_cpri__KDFa(hashing, seed, label, extra, &marshaled_counter.b,
 			bn_bits(b), (uint8_t *) b->d, NULL, FALSE);

+		(*counter)++;           /* Mark as used. */
 		if (DCRYPTO_bn_generate_prime(b))
 			return 1;
 	}
@@ -556,6 +555,7 @@ static const RSA_KEY RSA_2048 = {
 };

 #define MAX_MSG_BYTES RSA_MAX_BYTES
+#define MAX_LABEL_LEN 32

 /* 128-byte buffer to hold entropy for generating a
 * 2048-bit RSA key (assuming ~112 bits of security strength,
@@ -588,6 +588,7 @@ static void rsa_command_handler(void *cmd_body,
 	TPM2B_128_BYTE_VALUE seed;
 	uint8_t bn_buf[RSA_MAX_BYTES];
 	struct BIGNUM bn;
+	char label[MAX_LABEL_LEN];

 	assert(sizeof(size_t) == sizeof(uint32_t));

@@ -717,13 +718,22 @@ static void rsa_command_handler(void *cmd_body,
 		*response_size = 1;
 		return;
 	case TEST_RSA_KEYGEN:
+		if (in_len > MAX_LABEL_LEN - 1) {
+			*response_size = 0;
+			return;
+		}
 		N.b.size = sizeof(N.t.buffer);
 		p.b.size = sizeof(p.t.buffer);
 		seed.b.size = sizeof(seed.t.buffer);
 		rand_bytes(seed.b.buffer, seed.b.size);
+		if (in_len > 0) {
+			memcpy(label, in, in_len);
+			label[in_len] = '\0';
+		}
 		if (_cpri__GenerateKeyRSA(
 				&N.b, &p.b, key_len, RSA_F4, TPM_ALG_SHA256,
-				&seed.b, NULL, NULL, NULL) != CRYPT_SUCCESS) {
+				&seed.b, in_len ? label : NULL, NULL, NULL)
+			!= CRYPT_SUCCESS) {
 			*response_size = 0;
 		} else {
 			memcpy(out, N.b.buffer, N.b.size);
--- a/test/tpm_test/rsa_test.py
+++ b/test/tpm_test/rsa_test.py
@@ -116,13 +116,13 @@ def _keytest_cmd(key_len):
                                dl='', dig='')


-def _keygen_cmd(key_len, e):
+def _keygen_cmd(key_len, e, label):
  op = _RSA_OPCODES['KEYGEN']
  padding = _RSA_PADDING['NONE']
  hashing = _HASH['NONE']
  return _RSA_CMD_FORMAT.format(o=op, p=padding, h=hashing,
                                kl=struct.pack('>H', key_len),
-                                ml=struct.pack('>H', 0), msg='',
+                                ml=struct.pack('>H', len(label)), msg=label,
                                dl=struct.pack('>H', 0), dig='')


@@ -582,7 +582,8 @@ _KEYTEST_INPUTS = (
 )

 _KEYGEN_INPUTS = (
-  (768, 65537),
+  (768, 65537, "rsa_test"),
+  (768, 65537, ''),
 )


@@ -659,9 +660,9 @@ def _keytest_tests(tpm):

 def _keygen_tests(tpm):
  for data in _KEYGEN_INPUTS:
-    key_len, e = data
-    test_name = 'RSA-KEYGEN:%d:%d' % data
-    cmd = _keygen_cmd(key_len, e)
+    key_len, e, label = data
+    test_name = 'RSA-KEYGEN:%d:%d:%s' % data
+    cmd = _keygen_cmd(key_len, e, label)

    wrapped_response = tpm.command(tpm.wrap_ext_command(subcmd.RSA, cmd))
    result = tpm.unwrap_ext_response(subcmd.RSA, wrapped_response)
@@ -679,6 +680,9 @@ def _keygen_tests(tpm):
    if not rsa.prime.is_prime(q):
      raise subcmd.TpmTestError('%s error:%s' % (
          test_name, utils.hex_dump(result)))
+    if p == q:
+      raise subcmd.TpmTestError('%s error:%s' % (
+          test_name, utils.hex_dump(result)))
    print('%sSUCCESS: %s' % (utils.cursor_back(), test_name))