int keystore_rsa_priv_enc(int flen, const unsigned char* from, unsigned char* to, RSA* rsa, int padding) { ALOGV("keystore_rsa_sign(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding); int num = RSA_size(rsa); UniquePtr<uint8_t> padded(new uint8_t[num]); if (padded.get() == NULL) { ALOGE("could not allocate padded signature"); return 0; } switch (padding) { case RSA_PKCS1_PADDING: if (!RSA_padding_add_PKCS1_type_1(padded.get(), num, from, flen)) { return 0; } break; case RSA_X931_PADDING: if (!RSA_padding_add_X931(padded.get(), num, from, flen)) { return 0; } break; case RSA_NO_PADDING: if (!RSA_padding_add_none(padded.get(), num, from, flen)) { return 0; } break; default: ALOGE("Unknown padding type: %d", padding); return 0; } uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle)); if (key_id == NULL) { ALOGE("key had no key_id!"); return 0; } Keystore_Reply reply; if (keystore_cmd(CommandCodes[SIGN], &reply, 2, strlen(reinterpret_cast<const char*>(key_id)), key_id, static_cast<size_t>(num), reinterpret_cast<const uint8_t*>(padded.get())) != NO_ERROR) { ALOGE("There was an error during rsa_mod_exp"); return 0; } const size_t replyLen = reply.length(); if (replyLen <= 0) { ALOGW("No valid signature returned"); return 0; } memcpy(to, reply.get(), replyLen); ALOGV("rsa=%p keystore_rsa_sign => returning %p len %llu", rsa, to, (unsigned long long) replyLen); return static_cast<int>(replyLen); }
/* signing */ int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out, size_t max_out, const uint8_t *in, size_t in_len, int padding) { const unsigned rsa_size = RSA_size(rsa); uint8_t *buf = NULL; int i, ret = 0; if (max_out < rsa_size) { OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL); return 0; } buf = OPENSSL_malloc(rsa_size); if (buf == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } switch (padding) { case RSA_PKCS1_PADDING: i = RSA_padding_add_PKCS1_type_1(buf, rsa_size, in, in_len); break; case RSA_NO_PADDING: i = RSA_padding_add_none(buf, rsa_size, in, in_len); break; default: OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE); goto err; } if (i <= 0) { goto err; } if (!RSA_private_transform(rsa, out, buf, rsa_size)) { goto err; } *out_len = rsa_size; ret = 1; err: if (buf != NULL) { OPENSSL_cleanse(buf, rsa_size); OPENSSL_free(buf); } return ret; }
int main(int argc, char **argv) { char c_manfid[9], c_serial[11], c_unlock[SIGNATURE_SIZE], c_unlock_maximum[SIGNATURE_SIZE]; int fd; unsigned long ul_manfid, ul_serial; fd = open("/sys/block/mmcblk0/device/manfid", O_RDONLY); read(fd, c_manfid, sizeof(c_manfid)); close(fd); fd = open("/sys/block/mmcblk0/device/serial", O_RDONLY); read(fd, c_serial, sizeof(c_serial)); close(fd); ul_manfid = strtoul(c_manfid, NULL, 16); ul_serial = strtoul(c_serial, NULL, 16); snprintf(c_unlock, sizeof(c_unlock), "0x%02lx%08lx", ul_manfid, ul_serial); // Calculate a maximum BIGNUM with FF trailing padding memset(c_unlock + UNLOCK_SIZE, 0xFF, SIGNATURE_SIZE - UNLOCK_SIZE); RSA_padding_add_PKCS1_type_1(c_unlock_maximum, SIGNATURE_SIZE, c_unlock, SIGNATURE_SIZE - RSA_PKCS1_PADDING_SIZE); BIGNUM *maxnum = BN_bin2bn(c_unlock_maximum, SIGNATURE_SIZE, NULL); // Find the nearest cube root for the maximum BIGNUM *cuberoot = nearest_cuberoot(maxnum); unsigned char unlock_code[SIGNATURE_SIZE] = { 0 }; /* Turn cuberoot into a bin and place it at the correct location in unlock_code. * It should be at the bottom so add SIGNATURE_SIZE to get to the end and * then subtract the number of bytes in the cube to back track. */ BN_bn2bin(cuberoot, unlock_code + SIGNATURE_SIZE - BN_num_bytes(cuberoot)); // Base64 encode the code BIO *b64 = BIO_new(BIO_f_base64()); BIO *bmem = BIO_new(BIO_s_mem()); b64 = BIO_push(b64, bmem); BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); BIO_write(b64, unlock_code, SIGNATURE_SIZE); BIO_flush(b64); BUF_MEM *bptr; BIO_get_mem_ptr(b64, &bptr); printf("Unlocking...\n"); char idme_cmd[512]; snprintf(idme_cmd, sizeof(idme_cmd), "idme unlock_code %s\n", bptr->data); system(idme_cmd); printf("Rebooting...\n"); system("reboot"); return 0; }
/* signing */ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; int local_blinding = 0; BN_BLINDING *blinding = NULL; BN_init(&f); BN_init(&ret); if ((ctx=BN_CTX_new()) == NULL) goto err; num=BN_num_bytes(rsa->n); if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); goto err; } switch (padding) { case RSA_PKCS1_PADDING: i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); break; case RSA_NO_PADDING: i=RSA_padding_add_none(buf,num,from,flen); break; case RSA_SSLV23_PADDING: default: RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); goto err; } if (i <= 0) goto err; if (BN_bin2bn(buf,num,&f) == NULL) goto err; if (BN_ucmp(&f, rsa->n) >= 0) { /* usually the padding functions would catch this */ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } BLINDING_HELPER(rsa, ctx, goto err;);
int badge_crypt(char * dst, const char * src, int len, char * seedbuf, int seedlen, const badge_entry * e) { const char * esrc; int i; EVP_PKEY * key; if (len <= seedlen) return 0; /** *** Always use type 1 padding since we do not want randomization. **/ RSA_padding_add_PKCS1_type_1((unsigned char *) seedbuf, e->keylen, (const unsigned char *) src, seedlen); src += seedlen; len -= seedlen; esrc = src + len; i = e->keylen; key = (EVP_PKEY *) e->key; while (src < esrc) { if (i >= e->keylen) { if (e->isprivate) i = RSA_private_encrypt(e->keylen, (unsigned char *) seedbuf, (unsigned char *) seedbuf, key->pkey.rsa, RSA_NO_PADDING); else i = RSA_public_encrypt(e->keylen, (unsigned char *) seedbuf, (unsigned char *) seedbuf, key->pkey.rsa, RSA_NO_PADDING); i = 0; } *dst++ = *src++ ^ seedbuf[i++]; } return len; }
static int sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa, int padding) { u_char *padded = NULL; int sw, len, status = -1; len = sw = 0; if (sc_fd < 0) { status = sc_init(); if (status < 0 ) goto err; } if (padding != RSA_PKCS1_PADDING) goto err; debug("sc_private_encrypt called"); len = BN_num_bytes(rsa->n); padded = xmalloc(len); if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) { error("RSA_padding_add_PKCS1_type_1 failed"); goto err; } sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw); if (sw == 0x6982) { if (try_AUT0() < 0) goto err; sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw); } if (!sectok_swOK(sw)) { error("sc_private_encrypt: INS_DECRYPT failed: %s", sectok_get_sw(sw)); goto err; } err: if (padded) xfree(padded); sc_close(); return (len >= 0 ? len : status); }
/* signing */ static int RSA_eay_private_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) { const RSA_METHOD *meth; BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; int local_blinding = 0; BN_BLINDING *blinding = NULL; meth = rsa->meth; BN_init(&f); BN_init(&ret); if ((ctx=BN_CTX_new()) == NULL) goto err; num=BN_num_bytes(rsa->n); if ((buf=(unsigned char *)rtlglue_malloc(num)) == NULL) goto err; switch (padding) { case RSA_PKCS1_PADDING: i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); break; case RSA_NO_PADDING: i=RSA_padding_add_none(buf,num,from,flen); break; case RSA_SSLV23_PADDING: default: goto err; } if (i <= 0) goto err; if (BN_bin2bn(buf,num,&f) == NULL) goto err; if (BN_ucmp(&f, rsa->n) >= 0) goto err; BLINDING_HELPER(rsa, ctx, goto err;);
/* signing */ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret, *br, *res; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; int local_blinding = 0; BN_BLINDING *blinding = NULL; if ((ctx=BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); br = BN_CTX_get(ctx); ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); if(!f || !ret || !buf) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); goto err; } switch (padding) { case RSA_PKCS1_PADDING: i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); break; case RSA_X931_PADDING: i=RSA_padding_add_X931(buf,num,from,flen); break; case RSA_NO_PADDING: i=RSA_padding_add_none(buf,num,from,flen); break; case RSA_SSLV23_PADDING: default: RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); goto err; } if (i <= 0) goto err; if (BN_bin2bn(buf,num,f) == NULL) goto err; if (BN_ucmp(f, rsa->n) >= 0) { /* usually the padding functions would catch this */ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx); if (blinding == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); goto err; } } if (blinding != NULL) if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) goto err; if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) ) { if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; } else { BIGNUM local_d; BIGNUM *d = NULL; if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) { BN_init(&local_d); d = &local_d; BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); } else d = rsa->d; MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; } if (blinding) if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) goto err; if (padding == RSA_X931_PADDING) { BN_sub(f, rsa->n, ret); if (BN_cmp(ret, f)) res = f; else res = ret; } else res = ret; /* put in leading 0 bytes if the number is less than the * length of the modulus */ j=BN_num_bytes(res); i=BN_bn2bin(res,&(to[num-j])); for (k=0; k<(num-i); k++) to[k]=0; r=num; err: if (ctx != NULL) { BN_CTX_end(ctx); BN_CTX_free(ctx); } if (buf != NULL) { OPENSSL_cleanse(buf,num); OPENSSL_free(buf); } return(r); }
/* signing */ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM *f, *ret, *res; int i, j, k, num = 0, r = -1; unsigned char *buf = NULL; BN_CTX *ctx = NULL; int local_blinding = 0; /* * Used only if the blinding structure is shared. A non-NULL unblind * instructs rsa_blinding_convert() and rsa_blinding_invert() to store * the unblinding factor outside the blinding structure. */ BIGNUM *unblind = NULL; BN_BLINDING *blinding = NULL; if ((ctx = BN_CTX_new()) == NULL) goto err; BN_CTX_start(ctx); f = BN_CTX_get(ctx); ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); if (ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } switch (padding) { case RSA_PKCS1_PADDING: i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen); break; case RSA_X931_PADDING: i = RSA_padding_add_X931(buf, num, from, flen); break; case RSA_NO_PADDING: i = RSA_padding_add_none(buf, num, from, flen); break; case RSA_SSLV23_PADDING: default: RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE); goto err; } if (i <= 0) goto err; if (BN_bin2bn(buf, num, f) == NULL) goto err; if (BN_ucmp(f, rsa->n) >= 0) { /* usually the padding functions would catch this */ RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS); goto err; } if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { blinding = rsa_get_blinding(rsa, &local_blinding, ctx); if (blinding == NULL) { RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); goto err; } } if (blinding != NULL) { if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } if (!rsa_blinding_convert(blinding, f, unblind, ctx)) goto err; } if ((rsa->flags & RSA_FLAG_EXT_PKEY) || (rsa->version == RSA_ASN1_VERSION_MULTI) || ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; } else { BIGNUM *d = BN_new(); if (d == NULL) { RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) { BN_free(d); goto err; } if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, rsa->_method_mod_n)) { BN_free(d); goto err; } /* We MUST free d before any further use of rsa->d */ BN_free(d); } if (blinding) if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) goto err; if (padding == RSA_X931_PADDING) { BN_sub(f, rsa->n, ret); if (BN_cmp(ret, f) > 0) res = f; else res = ret; } else { res = ret; } /* * put in leading 0 bytes if the number is less than the length of the * modulus */ j = BN_num_bytes(res); i = BN_bn2bin(res, &(to[num - j])); for (k = 0; k < (num - i); k++) to[k] = 0; r = num; err: if (ctx != NULL) BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); return r; }
int main(int argc, char *argv[]) { int ret; struct stat sbuf; unsigned char databuff[65535]; /* data read work buffer */ unsigned char datahash[20]; /* hash of data file */ unsigned char digest[20]; SHA_CTX sha; FILE *datafile; const char *datafilename = NULL; FILE *sigfile; const char *sigfilename = NULL; FILE *keyfile; const char *kfilename = NULL; EVP_PKEY *pkey; RSA *rsa; uint16_t sigscheme = TPM_SS_RSASSAPKCS1v15_SHA1; int plain; unsigned char padded[4096]; unsigned char plainarray[4096]; TPM_SIGN_INFO tsi; STACK_TPM_BUFFER(tsi_ser); STACK_TPM_BUFFER(signature); int i; for (i=1 ; i<argc ; i++) { if (!strcmp(argv[i], "-ss")) { i++; if (i < argc) { if (!strcmp(argv[i], "info")) { sigscheme = TPM_SS_RSASSAPKCS1v15_INFO; } else if (!strcmp(argv[i], "der")) { sigscheme = TPM_SS_RSASSAPKCS1v15_DER; } else { printf("Bad parameter for -ss\n"); printUsage(); } } else { printf("Missing parameter for -ss\n"); printUsage(); } } else if (strcmp(argv[i],"-if") == 0) { i++; if (i < argc) { datafilename = argv[i]; } else { printf("-if option needs a value\n"); printUsage(); exit(2); } } else if (strcmp(argv[i],"-is") == 0) { i++; if (i < argc) { sigfilename = argv[i]; } else { printf("-is option needs a value\n"); printUsage(); } } else if (strcmp(argv[i],"-ik") == 0) { i++; if (i < argc) { kfilename = argv[i]; } else { printf("-ik option needs a value\n"); printUsage(); exit(2); } } else if (!strcmp(argv[i], "-h")) { printUsage(); } else if (!strcmp(argv[i], "-v")) { TPM_setlog(1); } else { printf("\n%s is not a valid option\n", argv[i]); printUsage(); } } if ((datafilename == NULL) || (sigfilename == NULL) || (kfilename == NULL)) { printf("Missing parameter\n"); printUsage(); } /* ** read and hash the data file */ datafile = fopen(datafilename,"rb"); if (datafile == NULL) { printf("Unable to open data file '%s'\n",datafilename); exit(2); } SHA1_Init(&sha); for (;;) { ret = fread(databuff,1,sizeof databuff,datafile); if (ret < 0) { printf("I/O Error while reading data file '%s'\n",datafilename); exit(3); } SHA1_Update(&sha,databuff,ret); if (ret < (int)sizeof(databuff)) break; } fclose(datafile); SHA1_Final(datahash,&sha); /* ** get size of signature file */ stat(sigfilename,&sbuf); signature.used = (int)sbuf.st_size; sigfile = fopen(sigfilename,"rb"); if (sigfile == NULL) { printf("Unable to open signature file '%s'\n",sigfilename); exit(4); } /* ** read the signature file */ ret = fread(signature.buffer,1,signature.used,sigfile); if (ret != (int)signature.used) { printf("I/O Error while reading signature file '%s'\n",sigfilename); exit(5); } fclose(sigfile); /* ** read the key file */ keyfile = fopen(kfilename,"rb"); if (keyfile == NULL) { printf("Unable to open public key file '%s'\n",kfilename); exit(6); } pkey = PEM_read_PUBKEY(keyfile,NULL,NULL,NULL); if (pkey == NULL) { printf("I/O Error while reading public key file '%s'\n",kfilename); exit(7); } rsa = EVP_PKEY_get1_RSA(pkey); if (rsa == NULL) { printf("Error while converting public key \n"); exit(8); } switch (sigscheme) { default: case TPM_SS_RSASSAPKCS1v15_SHA1: ret = RSA_verify(NID_sha1,datahash,20, signature.buffer,signature.used, rsa); if (ret != 1) { printf("Verification Failed\n"); exit(100); } break; case TPM_SS_RSASSAPKCS1v15_DER: plain = RSA_public_decrypt(signature.used, signature.buffer, plainarray, rsa, RSA_NO_PADDING); if (plain == -1) { printf("Verification (DER) had an error\n"); exit(100); } ret = RSA_padding_add_PKCS1_type_1(padded,plain,datahash,sizeof(datahash)); if (ret != 1) { printf("Could not add the padding.\n"); exit(100); } if (memcmp(padded, plainarray, plain) != 0) { printf("Verfication (DER) failed.\n"); exit(100); } break; case TPM_SS_RSASSAPKCS1v15_INFO: // the nonce is the digest of the hashed data!! TSS_sha1(datahash, 20, digest); tsi.tag = TPM_TAG_SIGNINFO; memcpy(tsi.fixed,"SIGN",4); tsi.data.size = TPM_HASH_SIZE; tsi.data.buffer = datahash; memcpy(tsi.replay, digest, TPM_HASH_SIZE); /* need to calcualte the digest of the TPM_SIGN_INFO structure */ ret = TPM_WriteSignInfo(&tsi_ser, &tsi); if ((ret & ERR_MASK)) { printf("Could not serialize TPM_SIGN_INFO structure.\n"); exit(100); } ret = TPM_ValidateSignature(sigscheme, &tsi_ser, &signature, rsa); if (ret != 0) { printf("Verification (INFO) failed.\n"); exit(-1); } break; } RSA_free(rsa); EVP_PKEY_free(pkey); exit(0); }
static int RSA_eay_private_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa, int padding) { BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; BN_init(&f); BN_init(&ret); if ((ctx=BN_CTX_new()) == NULL) goto err; num=BN_num_bytes(rsa->n); if ((buf=(unsigned char *)Malloc(num)) == NULL) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); goto err; } switch (padding) { case RSA_PKCS1_PADDING: i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); break; case RSA_NO_PADDING: i=RSA_padding_add_none(buf,num,from,flen); break; case RSA_SSLV23_PADDING: default: RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); goto err; } if (i <= 0) goto err; if (BN_bin2bn(buf,num,&f) == NULL) goto err; if ((rsa->flags & RSA_FLAG_BLINDING) && (RSA_get_thread_blinding_ptr(rsa) == NULL)) RSA_blinding_on(rsa,ctx); if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,RSA_get_thread_blinding_ptr(rsa),ctx)) goto err; if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) ) { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; } if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_invert(&ret,RSA_get_thread_blinding_ptr(rsa),ctx)) goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ j=BN_num_bytes(&ret); i=BN_bn2bin(&ret,&(to[num-j])); for (k=0; k<(num-i); k++) to[k]=0; r=num; err: if (ctx != NULL) BN_CTX_free(ctx); BN_clear_free(&ret); BN_clear_free(&f); if (buf != NULL) { memset(buf,0,num); Free(buf); } return(r); }
uint32_t TPM_ValidateSignature(uint16_t sigscheme, struct tpm_buffer *data, struct tpm_buffer *signature, RSA *rsa) { STACK_TPM_BUFFER(tsi_ser); unsigned char sighash[TPM_HASH_SIZE]; /* hash of quote info structure */ uint32_t ret = 0; unsigned char padded[4096]; unsigned char plainarray[4096]; int plain, irc; switch (sigscheme) { case TPM_SS_RSASSAPKCS1v15_INFO: case TPM_SS_RSASSAPKCS1v15_SHA1: /* create the hash of the quoteinfo structure for signature verification */ TSS_sha1(data->buffer, data->used, sighash); /* ** perform an RSA verification on the signature returned by Quote */ ret = RSA_verify(NID_sha1, sighash, sizeof(sighash), signature->buffer, signature->used, rsa); if (ret != 1) { ret = ERR_SIGNATURE; } else { ret = 0; } break; case TPM_SS_RSASSAPKCS1v15_DER: #ifdef CONFIG_OPENSSL /* create the hash of the quoteinfo structure for signature verification */ TSS_sha1(data->buffer, data->used, sighash); plain = RSA_public_decrypt(signature->used, signature->buffer, plainarray, rsa, RSA_NO_PADDING); if (plain == -1) { ret = ERR_SIGNATURE; } if (ret == 0) { irc = RSA_padding_add_PKCS1_type_1(padded,plain,sighash,sizeof(sighash)); if (irc != 1) { ret = ERR_SIGNATURE; } } if (ret == 0) { if (memcmp(padded, plainarray, plain) != 0) { ret = ERR_SIGNATURE; } } #else fprintf(stderr, "%s:%s: Not supported\n", __FILE__, __LINE__); exit(-1); #endif break; default: ret = ERR_SIGNATURE; } return ret; }