|
|
5975ab |
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
|
5975ab |
From: Daniel Axtens <dja@axtens.net>
|
|
|
5975ab |
Date: Thu, 1 Oct 2020 20:23:48 +1000
|
|
|
5975ab |
Subject: [PATCH] pgp: factor out rsa_pad
|
|
|
5975ab |
|
|
|
5975ab |
rsa_pad does the PKCS#1 v1.5 padding for the RSA signature scheme.
|
|
|
5975ab |
We want to use it in other RSA signature verification applications.
|
|
|
5975ab |
|
|
|
5975ab |
I considered and rejected putting it in lib/crypto.c. That file doesn't
|
|
|
5975ab |
currently require any MPI functions, but rsa_pad does. That's not so
|
|
|
5975ab |
much of a problem for the grub kernel and modules, but crypto.c also
|
|
|
5975ab |
gets built into all the grub utilities. So - despite the utils not
|
|
|
5975ab |
using any asymmetric ciphers - we would need to built the entire MPI
|
|
|
5975ab |
infrastructure in to them.
|
|
|
5975ab |
|
|
|
5975ab |
A better and simpler solution is just to spin rsa_pad out into its own
|
|
|
5975ab |
PKCS#1 v1.5 module.
|
|
|
5975ab |
|
|
|
5975ab |
Signed-off-by: Daniel Axtens <dja@axtens.net>
|
|
|
5975ab |
---
|
|
|
5975ab |
grub-core/Makefile.core.def | 8 ++++++
|
|
|
5975ab |
grub-core/commands/pgp.c | 28 ++-------------------
|
|
|
5975ab |
grub-core/lib/pkcs1_v15.c | 59 +++++++++++++++++++++++++++++++++++++++++++++
|
|
|
5975ab |
include/grub/pkcs1_v15.h | 27 +++++++++++++++++++++
|
|
|
5975ab |
4 files changed, 96 insertions(+), 26 deletions(-)
|
|
|
5975ab |
create mode 100644 grub-core/lib/pkcs1_v15.c
|
|
|
5975ab |
create mode 100644 include/grub/pkcs1_v15.h
|
|
|
5975ab |
|
|
|
5975ab |
diff --git a/grub-core/Makefile.core.def b/grub-core/Makefile.core.def
|
|
|
f6e916 |
index 809f11fea..99615c07b 100644
|
|
|
5975ab |
--- a/grub-core/Makefile.core.def
|
|
|
5975ab |
+++ b/grub-core/Makefile.core.def
|
|
|
5975ab |
@@ -2387,6 +2387,14 @@ module = {
|
|
|
5975ab |
cppflags = '$(CPPFLAGS_GCRY)';
|
|
|
5975ab |
};
|
|
|
5975ab |
|
|
|
5975ab |
+module = {
|
|
|
5975ab |
+ name = pkcs1_v15;
|
|
|
5975ab |
+ common = lib/pkcs1_v15.c;
|
|
|
5975ab |
+
|
|
|
5975ab |
+ cflags = '$(CFLAGS_GCRY) -Wno-redundant-decls -Wno-sign-compare';
|
|
|
5975ab |
+ cppflags = '$(CPPFLAGS_GCRY)';
|
|
|
5975ab |
+};
|
|
|
5975ab |
+
|
|
|
5975ab |
module = {
|
|
|
5975ab |
name = all_video;
|
|
|
5975ab |
common = lib/fake_module.c;
|
|
|
5975ab |
diff --git a/grub-core/commands/pgp.c b/grub-core/commands/pgp.c
|
|
|
f6e916 |
index d39846d8c..bb6543819 100644
|
|
|
5975ab |
--- a/grub-core/commands/pgp.c
|
|
|
5975ab |
+++ b/grub-core/commands/pgp.c
|
|
|
5975ab |
@@ -24,6 +24,7 @@
|
|
|
5975ab |
#include <grub/file.h>
|
|
|
5975ab |
#include <grub/command.h>
|
|
|
5975ab |
#include <grub/crypto.h>
|
|
|
5975ab |
+#include <grub/pkcs1_v15.h>
|
|
|
5975ab |
#include <grub/i18n.h>
|
|
|
5975ab |
#include <grub/gcrypt/gcrypt.h>
|
|
|
5975ab |
#include <grub/pubkey.h>
|
|
|
5975ab |
@@ -411,32 +412,7 @@ static int
|
|
|
5975ab |
rsa_pad (gcry_mpi_t *hmpi, grub_uint8_t *hval,
|
|
|
5975ab |
const gcry_md_spec_t *hash, struct grub_public_subkey *sk)
|
|
|
5975ab |
{
|
|
|
5975ab |
- grub_size_t tlen, emlen, fflen;
|
|
|
5975ab |
- grub_uint8_t *em, *emptr;
|
|
|
5975ab |
- unsigned nbits = gcry_mpi_get_nbits (sk->mpis[0]);
|
|
|
5975ab |
- int ret;
|
|
|
5975ab |
- tlen = hash->mdlen + hash->asnlen;
|
|
|
5975ab |
- emlen = (nbits + 7) / 8;
|
|
|
5975ab |
- if (emlen < tlen + 11)
|
|
|
5975ab |
- return 1;
|
|
|
5975ab |
-
|
|
|
5975ab |
- em = grub_malloc (emlen);
|
|
|
5975ab |
- if (!em)
|
|
|
5975ab |
- return 1;
|
|
|
5975ab |
-
|
|
|
5975ab |
- em[0] = 0x00;
|
|
|
5975ab |
- em[1] = 0x01;
|
|
|
5975ab |
- fflen = emlen - tlen - 3;
|
|
|
5975ab |
- for (emptr = em + 2; emptr < em + 2 + fflen; emptr++)
|
|
|
5975ab |
- *emptr = 0xff;
|
|
|
5975ab |
- *emptr++ = 0x00;
|
|
|
5975ab |
- grub_memcpy (emptr, hash->asnoid, hash->asnlen);
|
|
|
5975ab |
- emptr += hash->asnlen;
|
|
|
5975ab |
- grub_memcpy (emptr, hval, hash->mdlen);
|
|
|
5975ab |
-
|
|
|
5975ab |
- ret = gcry_mpi_scan (hmpi, GCRYMPI_FMT_USG, em, emlen, 0);
|
|
|
5975ab |
- grub_free (em);
|
|
|
5975ab |
- return ret;
|
|
|
5975ab |
+ return grub_crypto_rsa_pad(hmpi, hval, hash, sk->mpis[0]);
|
|
|
5975ab |
}
|
|
|
5975ab |
|
|
|
5975ab |
struct grub_pubkey_context
|
|
|
5975ab |
diff --git a/grub-core/lib/pkcs1_v15.c b/grub-core/lib/pkcs1_v15.c
|
|
|
5975ab |
new file mode 100644
|
|
|
f6e916 |
index 000000000..dbacd563d
|
|
|
5975ab |
--- /dev/null
|
|
|
5975ab |
+++ b/grub-core/lib/pkcs1_v15.c
|
|
|
5975ab |
@@ -0,0 +1,59 @@
|
|
|
5975ab |
+/*
|
|
|
5975ab |
+ * GRUB -- GRand Unified Bootloader
|
|
|
5975ab |
+ * Copyright (C) 2013 Free Software Foundation, Inc.
|
|
|
5975ab |
+ *
|
|
|
5975ab |
+ * GRUB is free software: you can redistribute it and/or modify
|
|
|
5975ab |
+ * it under the terms of the GNU General Public License as published by
|
|
|
5975ab |
+ * the Free Software Foundation, either version 3 of the License, or
|
|
|
5975ab |
+ * (at your option) any later version.
|
|
|
5975ab |
+ *
|
|
|
5975ab |
+ * GRUB is distributed in the hope that it will be useful,
|
|
|
5975ab |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
5975ab |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
5975ab |
+ * GNU General Public License for more details.
|
|
|
5975ab |
+ *
|
|
|
5975ab |
+ * You should have received a copy of the GNU General Public License
|
|
|
5975ab |
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
|
5975ab |
+ */
|
|
|
5975ab |
+
|
|
|
5975ab |
+#include <grub/dl.h>
|
|
|
5975ab |
+#include <grub/gcrypt/gcrypt.h>
|
|
|
5975ab |
+
|
|
|
5975ab |
+GRUB_MOD_LICENSE ("GPLv3+");
|
|
|
5975ab |
+
|
|
|
5975ab |
+/*
|
|
|
5975ab |
+ * Given a hash value 'hval', of hash specification 'hash', perform
|
|
|
5975ab |
+ * the EMSA-PKCS1-v1_5 padding suitable for a key with modulus 'mod'
|
|
|
5975ab |
+ * (see RFC 8017 s 9.2) and place the result in 'hmpi'.
|
|
|
5975ab |
+ */
|
|
|
5975ab |
+gcry_err_code_t
|
|
|
5975ab |
+grub_crypto_rsa_pad (gcry_mpi_t * hmpi, grub_uint8_t * hval,
|
|
|
5975ab |
+ const gcry_md_spec_t * hash, gcry_mpi_t mod)
|
|
|
5975ab |
+{
|
|
|
5975ab |
+ grub_size_t tlen, emlen, fflen;
|
|
|
5975ab |
+ grub_uint8_t *em, *emptr;
|
|
|
5975ab |
+ unsigned nbits = gcry_mpi_get_nbits (mod);
|
|
|
5975ab |
+ int ret;
|
|
|
5975ab |
+ tlen = hash->mdlen + hash->asnlen;
|
|
|
5975ab |
+ emlen = (nbits + 7) / 8;
|
|
|
5975ab |
+ if (emlen < tlen + 11)
|
|
|
5975ab |
+ return GPG_ERR_TOO_SHORT;
|
|
|
5975ab |
+
|
|
|
5975ab |
+ em = grub_malloc (emlen);
|
|
|
5975ab |
+ if (!em)
|
|
|
5975ab |
+ return 1;
|
|
|
5975ab |
+
|
|
|
5975ab |
+ em[0] = 0x00;
|
|
|
5975ab |
+ em[1] = 0x01;
|
|
|
5975ab |
+ fflen = emlen - tlen - 3;
|
|
|
5975ab |
+ for (emptr = em + 2; emptr < em + 2 + fflen; emptr++)
|
|
|
5975ab |
+ *emptr = 0xff;
|
|
|
5975ab |
+ *emptr++ = 0x00;
|
|
|
5975ab |
+ grub_memcpy (emptr, hash->asnoid, hash->asnlen);
|
|
|
5975ab |
+ emptr += hash->asnlen;
|
|
|
5975ab |
+ grub_memcpy (emptr, hval, hash->mdlen);
|
|
|
5975ab |
+
|
|
|
5975ab |
+ ret = gcry_mpi_scan (hmpi, GCRYMPI_FMT_USG, em, emlen, 0);
|
|
|
5975ab |
+ grub_free (em);
|
|
|
5975ab |
+ return ret;
|
|
|
5975ab |
+}
|
|
|
5975ab |
diff --git a/include/grub/pkcs1_v15.h b/include/grub/pkcs1_v15.h
|
|
|
5975ab |
new file mode 100644
|
|
|
f6e916 |
index 000000000..5c338c84a
|
|
|
5975ab |
--- /dev/null
|
|
|
5975ab |
+++ b/include/grub/pkcs1_v15.h
|
|
|
5975ab |
@@ -0,0 +1,27 @@
|
|
|
5975ab |
+/*
|
|
|
5975ab |
+ * GRUB -- GRand Unified Bootloader
|
|
|
5975ab |
+ * Copyright (C) 2013 Free Software Foundation, Inc.
|
|
|
5975ab |
+ *
|
|
|
5975ab |
+ * GRUB is free software: you can redistribute it and/or modify
|
|
|
5975ab |
+ * it under the terms of the GNU General Public License as published by
|
|
|
5975ab |
+ * the Free Software Foundation, either version 3 of the License, or
|
|
|
5975ab |
+ * (at your option) any later version.
|
|
|
5975ab |
+ *
|
|
|
5975ab |
+ * GRUB is distributed in the hope that it will be useful,
|
|
|
5975ab |
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
5975ab |
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
5975ab |
+ * GNU General Public License for more details.
|
|
|
5975ab |
+ *
|
|
|
5975ab |
+ * You should have received a copy of the GNU General Public License
|
|
|
5975ab |
+ * along with GRUB. If not, see <http://www.gnu.org/licenses/>.
|
|
|
5975ab |
+ */
|
|
|
5975ab |
+
|
|
|
5975ab |
+/*
|
|
|
5975ab |
+ * Given a hash value 'hval', of hash specification 'hash', perform
|
|
|
5975ab |
+ * the EMSA-PKCS1-v1_5 padding suitable for a key with modulus 'mod'
|
|
|
5975ab |
+ * (See RFC 8017 s 9.2)
|
|
|
5975ab |
+ */
|
|
|
5975ab |
+gcry_err_code_t
|
|
|
5975ab |
+grub_crypto_rsa_pad (gcry_mpi_t * hmpi, grub_uint8_t * hval,
|
|
|
5975ab |
+ const gcry_md_spec_t * hash, gcry_mpi_t mod);
|
|
|
5975ab |
+
|