int keystore_rsa_priv_enc(int flen, const unsigned char* from, unsigned char* to, RSA* rsa,
int padding) {
ALOGV("keystore_rsa_sign(%d, %p, %p, %p, %d)", flen, from, to, rsa, padding);
int num = RSA_size(rsa);
UniquePtr<uint8_t> padded(new uint8_t[num]);
if (padded.get() == NULL) {
ALOGE("could not allocate padded signature");
return 0;
}
switch (padding) {
case RSA_PKCS1_PADDING:
if (!RSA_padding_add_PKCS1_type_1(padded.get(), num, from, flen)) {
return 0;
}
break;
case RSA_X931_PADDING:
if (!RSA_padding_add_X931(padded.get(), num, from, flen)) {
return 0;
}
break;
case RSA_NO_PADDING:
if (!RSA_padding_add_none(padded.get(), num, from, flen)) {
return 0;
}
break;
default:
ALOGE("Unknown padding type: %d", padding);
return 0;
}
uint8_t* key_id = reinterpret_cast<uint8_t*>(RSA_get_ex_data(rsa, rsa_key_handle));
if (key_id == NULL) {
ALOGE("key had no key_id!");
return 0;
}
Keystore_Reply reply;
if (keystore_cmd(CommandCodes[SIGN], &reply, 2, strlen(reinterpret_cast<const char*>(key_id)),
key_id, static_cast<size_t>(num), reinterpret_cast<const uint8_t*>(padded.get()))
!= NO_ERROR) {
ALOGE("There was an error during rsa_mod_exp");
return 0;
}
const size_t replyLen = reply.length();
if (replyLen <= 0) {
ALOGW("No valid signature returned");
return 0;
}
memcpy(to, reply.get(), replyLen);
ALOGV("rsa=%p keystore_rsa_sign => returning %p len %llu", rsa, to,
(unsigned long long) replyLen);
return static_cast<int>(replyLen);
}
/* signing */
int rsa_default_sign_raw(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in, size_t in_len,
int padding) {
const unsigned rsa_size = RSA_size(rsa);
uint8_t *buf = NULL;
int i, ret = 0;
if (max_out < rsa_size) {
OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
buf = OPENSSL_malloc(rsa_size);
if (buf == NULL) {
OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
goto err;
}
switch (padding) {
case RSA_PKCS1_PADDING:
i = RSA_padding_add_PKCS1_type_1(buf, rsa_size, in, in_len);
break;
case RSA_NO_PADDING:
i = RSA_padding_add_none(buf, rsa_size, in, in_len);
break;
default:
OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0) {
goto err;
}
if (!RSA_private_transform(rsa, out, buf, rsa_size)) {
goto err;
}
*out_len = rsa_size;
ret = 1;
err:
if (buf != NULL) {
OPENSSL_cleanse(buf, rsa_size);
OPENSSL_free(buf);
}
return ret;
}
int main(int argc, char **argv)
{
char c_manfid[9], c_serial[11], c_unlock[SIGNATURE_SIZE], c_unlock_maximum[SIGNATURE_SIZE];
int fd;
unsigned long ul_manfid, ul_serial;
fd = open("/sys/block/mmcblk0/device/manfid", O_RDONLY);
read(fd, c_manfid, sizeof(c_manfid));
close(fd);
fd = open("/sys/block/mmcblk0/device/serial", O_RDONLY);
read(fd, c_serial, sizeof(c_serial));
close(fd);
ul_manfid = strtoul(c_manfid, NULL, 16);
ul_serial = strtoul(c_serial, NULL, 16);
snprintf(c_unlock, sizeof(c_unlock), "0x%02lx%08lx", ul_manfid, ul_serial);
// Calculate a maximum BIGNUM with FF trailing padding
memset(c_unlock + UNLOCK_SIZE, 0xFF, SIGNATURE_SIZE - UNLOCK_SIZE);
RSA_padding_add_PKCS1_type_1(c_unlock_maximum, SIGNATURE_SIZE,
c_unlock, SIGNATURE_SIZE - RSA_PKCS1_PADDING_SIZE);
BIGNUM *maxnum = BN_bin2bn(c_unlock_maximum, SIGNATURE_SIZE, NULL);
// Find the nearest cube root for the maximum
BIGNUM *cuberoot = nearest_cuberoot(maxnum);
unsigned char unlock_code[SIGNATURE_SIZE] = { 0 };
/* Turn cuberoot into a bin and place it at the correct location in unlock_code.
* It should be at the bottom so add SIGNATURE_SIZE to get to the end and
* then subtract the number of bytes in the cube to back track. */
BN_bn2bin(cuberoot, unlock_code + SIGNATURE_SIZE - BN_num_bytes(cuberoot));
// Base64 encode the code
BIO *b64 = BIO_new(BIO_f_base64());
BIO *bmem = BIO_new(BIO_s_mem());
b64 = BIO_push(b64, bmem);
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
BIO_write(b64, unlock_code, SIGNATURE_SIZE);
BIO_flush(b64);
BUF_MEM *bptr;
BIO_get_mem_ptr(b64, &bptr);
printf("Unlocking...\n");
char idme_cmd[512];
snprintf(idme_cmd, sizeof(idme_cmd), "idme unlock_code %s\n", bptr->data);
system(idme_cmd);
printf("Rebooting...\n");
system("reboot");
return 0;
}
/* signing */
static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
int local_blinding = 0;
BN_BLINDING *blinding = NULL;
BN_init(&f);
BN_init(&ret);
if ((ctx=BN_CTX_new()) == NULL) goto err;
num=BN_num_bytes(rsa->n);
if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
switch (padding)
{
case RSA_PKCS1_PADDING:
i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
break;
case RSA_NO_PADDING:
i=RSA_padding_add_none(buf,num,from,flen);
break;
case RSA_SSLV23_PADDING:
default:
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0) goto err;
if (BN_bin2bn(buf,num,&f) == NULL) goto err;
if (BN_ucmp(&f, rsa->n) >= 0)
{
/* usually the padding functions would catch this */
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
BLINDING_HELPER(rsa, ctx, goto err;);
int
badge_crypt(char * dst, const char * src, int len,
char * seedbuf, int seedlen, const badge_entry * e)
{
const char * esrc;
int i;
EVP_PKEY * key;
if (len <= seedlen)
return 0;
/**
*** Always use type 1 padding since we do not want randomization.
**/
RSA_padding_add_PKCS1_type_1((unsigned char *) seedbuf, e->keylen,
(const unsigned char *) src, seedlen);
src += seedlen;
len -= seedlen;
esrc = src + len;
i = e->keylen;
key = (EVP_PKEY *) e->key;
while (src < esrc) {
if (i >= e->keylen) {
if (e->isprivate)
i = RSA_private_encrypt(e->keylen,
(unsigned char *) seedbuf,
(unsigned char *) seedbuf,
key->pkey.rsa, RSA_NO_PADDING);
else
i = RSA_public_encrypt(e->keylen,
(unsigned char *) seedbuf,
(unsigned char *) seedbuf,
key->pkey.rsa, RSA_NO_PADDING);
i = 0;
}
*dst++ = *src++ ^ seedbuf[i++];
}
return len;
}
static int
sc_private_encrypt(int flen, u_char *from, u_char *to, RSA *rsa,
int padding)
{
u_char *padded = NULL;
int sw, len, status = -1;
len = sw = 0;
if (sc_fd < 0) {
status = sc_init();
if (status < 0 )
goto err;
}
if (padding != RSA_PKCS1_PADDING)
goto err;
debug("sc_private_encrypt called");
len = BN_num_bytes(rsa->n);
padded = xmalloc(len);
if (RSA_padding_add_PKCS1_type_1(padded, len, (u_char *)from, flen) <= 0) {
error("RSA_padding_add_PKCS1_type_1 failed");
goto err;
}
sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
if (sw == 0x6982) {
if (try_AUT0() < 0)
goto err;
sectok_apdu(sc_fd, CLA_SSH, INS_DECRYPT, 0, 0, len, padded, len, to, &sw);
}
if (!sectok_swOK(sw)) {
error("sc_private_encrypt: INS_DECRYPT failed: %s",
sectok_get_sw(sw));
goto err;
}
err:
if (padded)
xfree(padded);
sc_close();
return (len >= 0 ? len : status);
}
/* signing */
static int RSA_eay_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
const RSA_METHOD *meth;
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
int local_blinding = 0;
BN_BLINDING *blinding = NULL;
meth = rsa->meth;
BN_init(&f);
BN_init(&ret);
if ((ctx=BN_CTX_new()) == NULL) goto err;
num=BN_num_bytes(rsa->n);
if ((buf=(unsigned char *)rtlglue_malloc(num)) == NULL)
goto err;
switch (padding)
{
case RSA_PKCS1_PADDING:
i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
break;
case RSA_NO_PADDING:
i=RSA_padding_add_none(buf,num,from,flen);
break;
case RSA_SSLV23_PADDING:
default:
goto err;
}
if (i <= 0) goto err;
if (BN_bin2bn(buf,num,&f) == NULL) goto err;
if (BN_ucmp(&f, rsa->n) >= 0)
goto err;
BLINDING_HELPER(rsa, ctx, goto err;);
/* signing */
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret, *br, *res;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
int local_blinding = 0;
BN_BLINDING *blinding = NULL;
if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
br = BN_CTX_get(ctx);
ret = BN_CTX_get(ctx);
num = BN_num_bytes(rsa->n);
buf = OPENSSL_malloc(num);
if(!f || !ret || !buf)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
switch (padding)
{
case RSA_PKCS1_PADDING:
i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
break;
case RSA_X931_PADDING:
i=RSA_padding_add_X931(buf,num,from,flen);
break;
case RSA_NO_PADDING:
i=RSA_padding_add_none(buf,num,from,flen);
break;
case RSA_SSLV23_PADDING:
default:
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0) goto err;
if (BN_bin2bn(buf,num,f) == NULL) goto err;
if (BN_ucmp(f, rsa->n) >= 0)
{
/* usually the padding functions would catch this */
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
{
blinding = rsa_get_blinding(rsa, &br, &local_blinding, ctx);
if (blinding == NULL)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (blinding != NULL)
if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx))
goto err;
if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
((rsa->p != NULL) &&
(rsa->q != NULL) &&
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
{
if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
}
else
{
BIGNUM local_d;
BIGNUM *d = NULL;
if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
{
BN_init(&local_d);
d = &local_d;
BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
}
else
d = rsa->d;
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
}
if (blinding)
if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
goto err;
if (padding == RSA_X931_PADDING)
{
BN_sub(f, rsa->n, ret);
if (BN_cmp(ret, f))
res = f;
else
res = ret;
}
else
res = ret;
/* put in leading 0 bytes if the number is less than the
* length of the modulus */
j=BN_num_bytes(res);
i=BN_bn2bin(res,&(to[num-j]));
for (k=0; k<(num-i); k++)
to[k]=0;
r=num;
err:
if (ctx != NULL)
{
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (buf != NULL)
{
OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
}
/* signing */
static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret, *res;
int i, j, k, num = 0, r = -1;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
int local_blinding = 0;
/*
* Used only if the blinding structure is shared. A non-NULL unblind
* instructs rsa_blinding_convert() and rsa_blinding_invert() to store
* the unblinding factor outside the blinding structure.
*/
BIGNUM *unblind = NULL;
BN_BLINDING *blinding = NULL;
if ((ctx = BN_CTX_new()) == NULL)
goto err;
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
ret = BN_CTX_get(ctx);
num = BN_num_bytes(rsa->n);
buf = OPENSSL_malloc(num);
if (ret == NULL || buf == NULL) {
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
switch (padding) {
case RSA_PKCS1_PADDING:
i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
break;
case RSA_X931_PADDING:
i = RSA_padding_add_X931(buf, num, from, flen);
break;
case RSA_NO_PADDING:
i = RSA_padding_add_none(buf, num, from, flen);
break;
case RSA_SSLV23_PADDING:
default:
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0)
goto err;
if (BN_bin2bn(buf, num, f) == NULL)
goto err;
if (BN_ucmp(f, rsa->n) >= 0) {
/* usually the padding functions would catch this */
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT,
RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL) {
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (blinding != NULL) {
if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!rsa_blinding_convert(blinding, f, unblind, ctx))
goto err;
}
if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
(rsa->version == RSA_ASN1_VERSION_MULTI) ||
((rsa->p != NULL) &&
(rsa->q != NULL) &&
(rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
goto err;
} else {
BIGNUM *d = BN_new();
if (d == NULL) {
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
(&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
BN_free(d);
goto err;
}
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
rsa->_method_mod_n)) {
BN_free(d);
goto err;
}
/* We MUST free d before any further use of rsa->d */
BN_free(d);
}
if (blinding)
if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
goto err;
if (padding == RSA_X931_PADDING) {
BN_sub(f, rsa->n, ret);
if (BN_cmp(ret, f) > 0)
res = f;
else
res = ret;
} else {
res = ret;
}
/*
* put in leading 0 bytes if the number is less than the length of the
* modulus
*/
j = BN_num_bytes(res);
i = BN_bn2bin(res, &(to[num - j]));
for (k = 0; k < (num - i); k++)
to[k] = 0;
r = num;
err:
if (ctx != NULL)
BN_CTX_end(ctx);
BN_CTX_free(ctx);
OPENSSL_clear_free(buf, num);
return r;
}
int main(int argc, char *argv[])
{
int ret;
struct stat sbuf;
unsigned char databuff[65535]; /* data read work buffer */
unsigned char datahash[20]; /* hash of data file */
unsigned char digest[20];
SHA_CTX sha;
FILE *datafile;
const char *datafilename = NULL;
FILE *sigfile;
const char *sigfilename = NULL;
FILE *keyfile;
const char *kfilename = NULL;
EVP_PKEY *pkey;
RSA *rsa;
uint16_t sigscheme = TPM_SS_RSASSAPKCS1v15_SHA1;
int plain;
unsigned char padded[4096];
unsigned char plainarray[4096];
TPM_SIGN_INFO tsi;
STACK_TPM_BUFFER(tsi_ser);
STACK_TPM_BUFFER(signature);
int i;
for (i=1 ; i<argc ; i++) {
if (!strcmp(argv[i], "-ss")) {
i++;
if (i < argc) {
if (!strcmp(argv[i], "info")) {
sigscheme = TPM_SS_RSASSAPKCS1v15_INFO;
}
else if (!strcmp(argv[i], "der")) {
sigscheme = TPM_SS_RSASSAPKCS1v15_DER;
}
else {
printf("Bad parameter for -ss\n");
printUsage();
}
}
else {
printf("Missing parameter for -ss\n");
printUsage();
}
}
else if (strcmp(argv[i],"-if") == 0) {
i++;
if (i < argc) {
datafilename = argv[i];
}
else {
printf("-if option needs a value\n");
printUsage();
exit(2);
}
}
else if (strcmp(argv[i],"-is") == 0) {
i++;
if (i < argc) {
sigfilename = argv[i];
}
else {
printf("-is option needs a value\n");
printUsage();
}
}
else if (strcmp(argv[i],"-ik") == 0) {
i++;
if (i < argc) {
kfilename = argv[i];
}
else {
printf("-ik option needs a value\n");
printUsage();
exit(2);
}
}
else if (!strcmp(argv[i], "-h")) {
printUsage();
}
else if (!strcmp(argv[i], "-v")) {
TPM_setlog(1);
}
else {
printf("\n%s is not a valid option\n", argv[i]);
printUsage();
}
}
if ((datafilename == NULL) ||
(sigfilename == NULL) ||
(kfilename == NULL)) {
printf("Missing parameter\n");
printUsage();
}
/*
** read and hash the data file
*/
datafile = fopen(datafilename,"rb");
if (datafile == NULL)
{
printf("Unable to open data file '%s'\n",datafilename);
exit(2);
}
SHA1_Init(&sha);
for (;;)
{
ret = fread(databuff,1,sizeof databuff,datafile);
if (ret < 0)
{
printf("I/O Error while reading data file '%s'\n",datafilename);
exit(3);
}
SHA1_Update(&sha,databuff,ret);
if (ret < (int)sizeof(databuff)) break;
}
fclose(datafile);
SHA1_Final(datahash,&sha);
/*
** get size of signature file
*/
stat(sigfilename,&sbuf);
signature.used = (int)sbuf.st_size;
sigfile = fopen(sigfilename,"rb");
if (sigfile == NULL)
{
printf("Unable to open signature file '%s'\n",sigfilename);
exit(4);
}
/*
** read the signature file
*/
ret = fread(signature.buffer,1,signature.used,sigfile);
if (ret != (int)signature.used)
{
printf("I/O Error while reading signature file '%s'\n",sigfilename);
exit(5);
}
fclose(sigfile);
/*
** read the key file
*/
keyfile = fopen(kfilename,"rb");
if (keyfile == NULL)
{
printf("Unable to open public key file '%s'\n",kfilename);
exit(6);
}
pkey = PEM_read_PUBKEY(keyfile,NULL,NULL,NULL);
if (pkey == NULL)
{
printf("I/O Error while reading public key file '%s'\n",kfilename);
exit(7);
}
rsa = EVP_PKEY_get1_RSA(pkey);
if (rsa == NULL)
{
printf("Error while converting public key \n");
exit(8);
}
switch (sigscheme) {
default:
case TPM_SS_RSASSAPKCS1v15_SHA1:
ret = RSA_verify(NID_sha1,datahash,20,
signature.buffer,signature.used,
rsa);
if (ret != 1) {
printf("Verification Failed\n");
exit(100);
}
break;
case TPM_SS_RSASSAPKCS1v15_DER:
plain = RSA_public_decrypt(signature.used, signature.buffer,
plainarray, rsa, RSA_NO_PADDING);
if (plain == -1) {
printf("Verification (DER) had an error\n");
exit(100);
}
ret = RSA_padding_add_PKCS1_type_1(padded,plain,datahash,sizeof(datahash));
if (ret != 1) {
printf("Could not add the padding.\n");
exit(100);
}
if (memcmp(padded, plainarray, plain) != 0) {
printf("Verfication (DER) failed.\n");
exit(100);
}
break;
case TPM_SS_RSASSAPKCS1v15_INFO:
// the nonce is the digest of the hashed data!!
TSS_sha1(datahash, 20, digest);
tsi.tag = TPM_TAG_SIGNINFO;
memcpy(tsi.fixed,"SIGN",4);
tsi.data.size = TPM_HASH_SIZE;
tsi.data.buffer = datahash;
memcpy(tsi.replay, digest, TPM_HASH_SIZE);
/* need to calcualte the digest of the TPM_SIGN_INFO structure */
ret = TPM_WriteSignInfo(&tsi_ser, &tsi);
if ((ret & ERR_MASK)) {
printf("Could not serialize TPM_SIGN_INFO structure.\n");
exit(100);
}
ret = TPM_ValidateSignature(sigscheme,
&tsi_ser,
&signature,
rsa);
if (ret != 0) {
printf("Verification (INFO) failed.\n");
exit(-1);
}
break;
}
RSA_free(rsa);
EVP_PKEY_free(pkey);
exit(0);
}
static int RSA_eay_private_encrypt(int flen, unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
BN_init(&f);
BN_init(&ret);
if ((ctx=BN_CTX_new()) == NULL) goto err;
num=BN_num_bytes(rsa->n);
if ((buf=(unsigned char *)Malloc(num)) == NULL)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
switch (padding)
{
case RSA_PKCS1_PADDING:
i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
break;
case RSA_NO_PADDING:
i=RSA_padding_add_none(buf,num,from,flen);
break;
case RSA_SSLV23_PADDING:
default:
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0) goto err;
if (BN_bin2bn(buf,num,&f) == NULL) goto err;
if ((rsa->flags & RSA_FLAG_BLINDING) && (RSA_get_thread_blinding_ptr(rsa) == NULL))
RSA_blinding_on(rsa,ctx);
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_convert(&f,RSA_get_thread_blinding_ptr(rsa),ctx)) goto err;
if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
((rsa->p != NULL) &&
(rsa->q != NULL) &&
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
}
if (rsa->flags & RSA_FLAG_BLINDING)
if (!BN_BLINDING_invert(&ret,RSA_get_thread_blinding_ptr(rsa),ctx)) goto err;
/* put in leading 0 bytes if the number is less than the
* length of the modulus */
j=BN_num_bytes(&ret);
i=BN_bn2bin(&ret,&(to[num-j]));
for (k=0; k<(num-i); k++)
to[k]=0;
r=num;
err:
if (ctx != NULL) BN_CTX_free(ctx);
BN_clear_free(&ret);
BN_clear_free(&f);
if (buf != NULL)
{
memset(buf,0,num);
Free(buf);
}
return(r);
}
uint32_t TPM_ValidateSignature(uint16_t sigscheme,
struct tpm_buffer *data,
struct tpm_buffer *signature,
RSA *rsa)
{
STACK_TPM_BUFFER(tsi_ser);
unsigned char sighash[TPM_HASH_SIZE]; /* hash of quote info structure */
uint32_t ret = 0;
unsigned char padded[4096];
unsigned char plainarray[4096];
int plain, irc;
switch (sigscheme) {
case TPM_SS_RSASSAPKCS1v15_INFO:
case TPM_SS_RSASSAPKCS1v15_SHA1:
/* create the hash of the quoteinfo structure for signature verification */
TSS_sha1(data->buffer, data->used, sighash);
/*
** perform an RSA verification on the signature returned by Quote
*/
ret = RSA_verify(NID_sha1, sighash, sizeof(sighash),
signature->buffer, signature->used,
rsa);
if (ret != 1) {
ret = ERR_SIGNATURE;
} else {
ret = 0;
}
break;
case TPM_SS_RSASSAPKCS1v15_DER:
#ifdef CONFIG_OPENSSL
/* create the hash of the quoteinfo structure for signature verification */
TSS_sha1(data->buffer, data->used, sighash);
plain = RSA_public_decrypt(signature->used,
signature->buffer,
plainarray,
rsa, RSA_NO_PADDING);
if (plain == -1) {
ret = ERR_SIGNATURE;
}
if (ret == 0) {
irc = RSA_padding_add_PKCS1_type_1(padded,plain,sighash,sizeof(sighash));
if (irc != 1) {
ret = ERR_SIGNATURE;
}
}
if (ret == 0) {
if (memcmp(padded, plainarray, plain) != 0) {
ret = ERR_SIGNATURE;
}
}
#else
fprintf(stderr, "%s:%s: Not supported\n", __FILE__, __LINE__);
exit(-1);
#endif
break;
default:
ret = ERR_SIGNATURE;
}
return ret;
}
