From bc2a22c7cb28eec7050ef80cd13623ae36f560b3 Mon Sep 17 00:00:00 2001 From: Etienne Carriere Date: Wed, 11 Dec 2024 14:31:36 +0100 Subject: [PATCH] [review] xtest: add pkcs11_1031 for CKM_RSA_X_509 sign/verify Use a well known padding scheme (PKCS#1 v1.5) to ensure the generated signature has to expected size. With the previously implemented padding scheme I found seldom occurrences where the generated signature was 1 byte too short. Signed-off-by: Etienne Carriere --- host/xtest/pkcs11_1000.c | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/host/xtest/pkcs11_1000.c b/host/xtest/pkcs11_1000.c index 233840e7e..13c849b14 100644 --- a/host/xtest/pkcs11_1000.c +++ b/host/xtest/pkcs11_1000.c @@ -10124,6 +10124,7 @@ static int test_rsa_raw_operations(ADBG_Case_t *c, CK_ULONG in_data_size = 0; CK_BYTE signature[1024] = { 0 }; CK_ULONG signature_len = 0; + unsigned int n = 0; Do_ADBG_BeginSubCase(c, "Test CKM_RSA_X_509 %u - Sign/Verify", rsa_bits); @@ -10138,29 +10139,26 @@ static int test_rsa_raw_operations(ADBG_Case_t *c, if (!ADBG_EXPECT_CK_OK(c, rv)) goto err; + /* + * Size of the message to sign must be at most the size of the private + * key. If smaller, it is strongly recommended to inserrt padding + * bytes to reach to key size. Lets's use random data and use PKCS v1.5 + * padding scheme to ensure input data to be signed will generate well + * szied signature. + * + * in_data = { 0x00, 0x02, non-zero bytes, 0x00, message } + */ in_data_size = rsa_bits / 8; rv = C_GenerateRandom(session, in_data, in_data_size); if (!ADBG_EXPECT_CK_OK(c, rv)) goto err_destr_obj; - /* - * Ensure input data to be sign look like a not to bad padded message. - * Not be too strict to better reflect the padding that are sometimes - * used in the field. - * - * Reset first bit to 0 to ensure the message is not bigger than the - * key modulus. - * - * If first byte is zero and 2nd byte is low, ensure the 2 next byte - * are big (0xff). This will ensure the generated signature has the - * same size as the key modulus. - */ - in_data[0] &= 0x7f; - if (!in_data[0] & !(in_data[1] & 0xf0)) { - in_data[2] = 0xff; - in_data[3] = 0xff; - } + in_data[0] = 0; + in_data[1] = 2; + for (n = 2; n < 16; n++) + in_data[n] |= 0x80; + in_data[n] = 0; rv = C_GetAttributeValue(session, public_key, get_public_template, ARRAY_SIZE(get_public_template));