From: Jakub Wlostowski Date: Tue, 17 Sep 2024 08:53:53 +0000 (+0200) Subject: Limit public exponent length for RSA4096 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2345a25a14545e231559900ce8c5af109065df4c;p=platform%2Fcore%2Fsecurity%2Ftef-simulator.git Limit public exponent length for RSA4096 Change-Id: I6637fb95adc3d3dd8b808de05630e3a03a8b9adb --- diff --git a/ssflib/dep/cryptocore/source/middle/cc_rsa.c b/ssflib/dep/cryptocore/source/middle/cc_rsa.c index 9f24538..29fdfb7 100644 --- a/ssflib/dep/cryptocore/source/middle/cc_rsa.c +++ b/ssflib/dep/cryptocore/source/middle/cc_rsa.c @@ -249,6 +249,7 @@ int SDRM_RSA_GenerateKey(CryptoCoreContainer *crt, cc_u32 PaddingMethod, cc_u32 Seed[4]; SDRM_BIG_NUM *p, *q, *pi, *e, *temp1, *temp2; cc_u32 RSA_KeyByteLen = 0; + cc_u32 e_ByteLen = 0; int i, sp, t1; cc_u8 *pbBuf = NULL; @@ -256,6 +257,7 @@ int SDRM_RSA_GenerateKey(CryptoCoreContainer *crt, cc_u32 PaddingMethod, return CRYPTO_NULL_POINTER; RSA_KeyByteLen = crt->ctx->rsactx->k; + e_ByteLen = crt->ctx->rsactx->k; t1 = (RSA_KeyByteLen * 4 - 1) % 32; pbBuf = (cc_u8 *)malloc(SDRM_RSA_ALLOC_SIZE * 5); @@ -321,12 +323,18 @@ GEN_RND: SDRM_BN_Mul(crt->ctx->rsactx->n, p, q); SDRM_BN_Mul(pi, temp1, temp2); + //For RSA 4096 keys generation we need to limit public exponent length as + //openssl has certain constraints, max e length for RSA 4096 is 64 bits + if (RSA_KeyByteLen == 512) { + e_ByteLen = 8; + } + //generate e - e->Length = (RSA_KeyByteLen + 3) / 4; + e->Length = (e_ByteLen + 3) / 4; do { do { - SDRM_RNG_X931((cc_u8 *)Seed, RSA_KeyByteLen * 8 - 8, (cc_u8 *)e->pData); + SDRM_RNG_X931((cc_u8 *)Seed, e_ByteLen * 8 - 8, (cc_u8 *)e->pData); e->pData[0] |= 0x01; } while (SDRM_BN_CheckRelativelyPrime(e, pi) != CRYPTO_ISPRIME); } while (SDRM_BN_Cmp(e, pi) >= 0); @@ -343,10 +351,10 @@ GEN_RND: *RSA_N_Len = RSA_KeyByteLen; if (RSA_E_Data != NULL) - SDRM_I2OSP(crt->ctx->rsactx->e, RSA_KeyByteLen, RSA_E_Data); + SDRM_I2OSP(crt->ctx->rsactx->e, e_ByteLen, RSA_E_Data); if (RSA_E_Len != NULL) - *RSA_E_Len = RSA_KeyByteLen; + *RSA_E_Len = e_ByteLen; if (RSA_D_Data != NULL) SDRM_I2OSP(crt->ctx->rsactx->d, RSA_KeyByteLen, RSA_D_Data); @@ -1392,7 +1400,6 @@ int SDRM_RSA_sign(CryptoCoreContainer *crt, cc_u8 *hash, cc_u32 hashLen, return retVal; } - SDRM_OS2BN(pbBuf, RSA_KeyByteLen, BN_pMsg); //RSA Signature by modular exponent diff --git a/ssflib/inc/ssf_storage.h b/ssflib/inc/ssf_storage.h index fa5a1d5..470bc2e 100644 --- a/ssflib/inc/ssf_storage.h +++ b/ssflib/inc/ssf_storage.h @@ -54,6 +54,7 @@ extern "C" { #define PO_FILE_KEY_SIZE 16 #define PO_FILE_HASH_SIZE 20 #define BLOCK_SIZE 16 +#define RSA4096_MAX_E_LEN_BITS 64 /*----------------------------------------------------------------------------- * Definitions diff --git a/ssflib/src/ssf_storage.cpp b/ssflib/src/ssf_storage.cpp index 58c29ab..ef43025 100644 --- a/ssflib/src/ssf_storage.cpp +++ b/ssflib/src/ssf_storage.cpp @@ -1693,19 +1693,11 @@ TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, TEE_PopulateTransientObject(object, attrs, 1); break; case TEE_TYPE_RSA_KEYPAIR: { - uci_key_s uci_key; - int key_size = (keySize + 7) / 8; - uci_key.ucik_rsa_n = (unsigned char*)OsaMalloc(key_size); - uci_key.ucik_rsa_n_len = key_size; - uci_key.ucik_rsa_e = (unsigned char*)OsaMalloc(key_size); - uci_key.ucik_rsa_e_len = key_size; - uci_key.ucik_rsa_d = (unsigned char*)OsaMalloc(key_size); - uci_key.ucik_rsa_d_len = key_size; - uci_param_s up; - up.ucip_rsa_flag = RSA_GENKEYWITHNON; - up.ucip_rsa_padding = ID_UCI_RSAES_PKCS15; //alg int alg = ID_UCI_RSA; + uci_key_s uci_key; + int key_size = (keySize + 7) / 8; + int e_size = (keySize + 7) / 8; if (512 == keySize) { alg = ID_UCI_RSA512; } else if (1024 == keySize) { @@ -1716,7 +1708,19 @@ TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, alg = ID_UCI_RSA3072; } else if (4096 == keySize) { alg = ID_UCI_RSA4096; + //For RSA 4096 keys generation we need to limit public exponent length as + //openssl has certain constraints, max e length for RSA 4096 is 64 bits + e_size = (RSA4096_MAX_E_LEN_BITS + 7) / 8; } + uci_key.ucik_rsa_n = (unsigned char*)OsaMalloc(key_size); + uci_key.ucik_rsa_n_len = key_size; + uci_key.ucik_rsa_e = (unsigned char*)OsaMalloc(e_size); + uci_key.ucik_rsa_e_len = e_size; + uci_key.ucik_rsa_d = (unsigned char*)OsaMalloc(key_size); + uci_key.ucik_rsa_d_len = key_size; + uci_param_s up; + up.ucip_rsa_flag = RSA_GENKEYWITHNON; + up.ucip_rsa_padding = ID_UCI_RSAES_PKCS15; UCI_HANDLE uh = NULL; int ret = uci_context_alloc(alg, UCI_SW, &uh); if (ret != UCI_SUCCESS) { @@ -1729,7 +1733,7 @@ TEE_Result TEE_GenerateKey(TEE_ObjectHandle object, uint32_t keySize, TEE_InitRefAttribute(&attrs[0], TEE_ATTR_RSA_MODULUS, uci_key.ucik_rsa_n, (keySize + 7) / 8); TEE_InitRefAttribute(&attrs[1], TEE_ATTR_RSA_PUBLIC_EXPONENT, - uci_key.ucik_rsa_e, (keySize + 7) / 8); + uci_key.ucik_rsa_e, e_size); TEE_InitRefAttribute(&attrs[2], TEE_ATTR_RSA_PRIVATE_EXPONENT, uci_key.ucik_rsa_d, (keySize + 7) / 8); TEE_PopulateTransientObject(object, attrs, 3);