From: Jarkko Sakkinen <jarkko@kernel.org>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
Andreas.Fuchs@infineon.com, James Prestwood <prestwoj@gmail.com>,
David Woodhouse <dwmw2@infradead.org>,
Eric Biggers <ebiggers@kernel.org>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Jarkko Sakkinen <jarkko@kernel.org>,
"David S. Miller" <davem@davemloft.net>,
linux-crypto@vger.kernel.org (open list:CRYPTO API),
linux-kernel@vger.kernel.org (open list),
Andrew Morton <akpm@linux-foundation.org>,
James Bottomley <James.Bottomley@HansenPartnership.com>,
Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
linux-security-module@vger.kernel.org (open list:SECURITY
SUBSYSTEM)
Subject: [PATCH v3 2/5] lib: Expand asn1_encode_integer() to variable size integers
Date: Tue, 21 May 2024 18:26:44 +0300 [thread overview]
Message-ID: <20240521152659.26438-3-jarkko@kernel.org> (raw)
In-Reply-To: <20240521152659.26438-1-jarkko@kernel.org>
Expand asn1_encode_integer() to variable size integers, meaning that it
will get a blob in big-endian format as integer and length of the blob as
parameters. This is required in order to encode RSA public key modulus.
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
v3:
* Fix off-by-one in indices when returning zero:
https://lore.kernel.org/linux-integrity/SN7PR18MB5314CFBD18B011F292809EBFE3EA2@SN7PR18MB5314.namprd18.prod.outlook.com/
---
include/linux/asn1_encoder.h | 3 +-
lib/asn1_encoder.c | 185 ++++++++++++----------
security/keys/trusted-keys/trusted_tpm2.c | 4 +-
3 files changed, 103 insertions(+), 89 deletions(-)
diff --git a/include/linux/asn1_encoder.h b/include/linux/asn1_encoder.h
index 08cd0c2ad34f..ad5fb18db9e2 100644
--- a/include/linux/asn1_encoder.h
+++ b/include/linux/asn1_encoder.h
@@ -9,9 +9,10 @@
#include <linux/bug.h>
#define asn1_oid_len(oid) (sizeof(oid)/sizeof(u32))
+
unsigned char *
asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
- s64 integer);
+ const u8 *integer, int integer_len);
unsigned char *
asn1_encode_oid(unsigned char *data, const unsigned char *end_data,
u32 oid[], int oid_len);
diff --git a/lib/asn1_encoder.c b/lib/asn1_encoder.c
index 0fd3c454a468..266e8042742e 100644
--- a/lib/asn1_encoder.c
+++ b/lib/asn1_encoder.c
@@ -9,12 +9,78 @@
#include <linux/bug.h>
#include <linux/string.h>
#include <linux/module.h>
+#include <linux/slab.h>
+
+/**
+ * asn1_encode_length() - encode a length to follow an ASN.1 tag
+ * @data: pointer to encode at
+ * @data_len: pointer to remaining length (adjusted by routine)
+ * @len: length to encode
+ *
+ * This routine can encode lengths up to 65535 using the ASN.1 rules.
+ * It will accept a negative length and place a zero length tag
+ * instead (to keep the ASN.1 valid). This convention allows other
+ * encoder primitives to accept negative lengths as singalling the
+ * sequence will be re-encoded when the length is known.
+ */
+static int asn1_encode_length(unsigned char **data, int *data_len, int len)
+{
+ if (*data_len < 1)
+ return -EINVAL;
+
+ if (len < 0) {
+ *((*data)++) = 0;
+ (*data_len)--;
+ return 0;
+ }
+
+ if (len <= 0x7f) {
+ *((*data)++) = len;
+ (*data_len)--;
+ return 0;
+ }
+
+ if (*data_len < 2)
+ return -EINVAL;
+
+ if (len <= 0xff) {
+ *((*data)++) = 0x81;
+ *((*data)++) = len & 0xff;
+ *data_len -= 2;
+ return 0;
+ }
+
+ if (*data_len < 3)
+ return -EINVAL;
+
+ if (len <= 0xffff) {
+ *((*data)++) = 0x82;
+ *((*data)++) = (len >> 8) & 0xff;
+ *((*data)++) = len & 0xff;
+ *data_len -= 3;
+ return 0;
+ }
+
+ if (WARN(len > 0xffffff, "ASN.1 length can't be > 0xffffff"))
+ return -EINVAL;
+
+ if (*data_len < 4)
+ return -EINVAL;
+ *((*data)++) = 0x83;
+ *((*data)++) = (len >> 16) & 0xff;
+ *((*data)++) = (len >> 8) & 0xff;
+ *((*data)++) = len & 0xff;
+ *data_len -= 4;
+
+ return 0;
+}
/**
* asn1_encode_integer() - encode positive integer to ASN.1
- * @data: pointer to the pointer to the data
- * @end_data: end of data pointer, points one beyond last usable byte in @data
- * @integer: integer to be encoded
+ * @data: pointer to the pointer to the data
+ * @end_data: end of data pointer, points one beyond last usable byte in @data
+ * @integer: integer to be encoded
+ * @integer_len: length in bytes of the integer blob
*
* This is a simplified encoder: it only currently does
* positive integers, but it should be simple enough to add the
@@ -22,15 +88,17 @@
*/
unsigned char *
asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
- s64 integer)
+ const u8 *integer, int integer_len)
{
int data_len = end_data - data;
- unsigned char *d = &data[2];
bool found = false;
+ unsigned char *d;
+ int encoded_len;
+ u8 *encoded;
+ int ret;
int i;
- if (WARN(integer < 0,
- "BUG: integer encode only supports positive integers"))
+ if (WARN(!integer, "BUG: integer is null"))
return ERR_PTR(-EINVAL);
if (IS_ERR(data))
@@ -40,17 +108,22 @@ asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
if (data_len < 3)
return ERR_PTR(-EINVAL);
- /* remaining length where at d (the start of the integer encoding) */
- data_len -= 2;
+ (*data++) = _tag(UNIV, PRIM, INT);
+ data_len--;
- data[0] = _tag(UNIV, PRIM, INT);
- if (integer == 0) {
- *d++ = 0;
- goto out;
+ if (!memchr_inv(integer, 0, integer_len)) {
+ data[0] = 1;
+ data[1] = 0;
+ return &data[2];
}
- for (i = sizeof(integer); i > 0 ; i--) {
- int byte = integer >> (8 * (i - 1));
+ encoded = kzalloc(integer_len, GFP_KERNEL);
+ if (!encoded)
+ return ERR_PTR(-ENOMEM);
+ d = encoded;
+
+ for (i = 0; i < integer_len; i++) {
+ int byte = integer[i];
if (!found && byte == 0)
continue;
@@ -67,21 +140,23 @@ asn1_encode_integer(unsigned char *data, const unsigned char *end_data,
* have len >= 1
*/
*d++ = 0;
- data_len--;
}
found = true;
- if (data_len == 0)
- return ERR_PTR(-EINVAL);
-
*d++ = byte;
- data_len--;
}
- out:
- data[1] = d - data - 2;
+ encoded_len = d - encoded;
- return d;
+ ret = asn1_encode_length(&data, &data_len, encoded_len);
+ if (ret) {
+ kfree(encoded);
+ return ERR_PTR(ret);
+ }
+
+ memcpy(data, encoded, encoded_len);
+ kfree(encoded);
+ return data + encoded_len;
}
EXPORT_SYMBOL_GPL(asn1_encode_integer);
@@ -176,70 +251,6 @@ asn1_encode_oid(unsigned char *data, const unsigned char *end_data,
}
EXPORT_SYMBOL_GPL(asn1_encode_oid);
-/**
- * asn1_encode_length() - encode a length to follow an ASN.1 tag
- * @data: pointer to encode at
- * @data_len: pointer to remaining length (adjusted by routine)
- * @len: length to encode
- *
- * This routine can encode lengths up to 65535 using the ASN.1 rules.
- * It will accept a negative length and place a zero length tag
- * instead (to keep the ASN.1 valid). This convention allows other
- * encoder primitives to accept negative lengths as singalling the
- * sequence will be re-encoded when the length is known.
- */
-static int asn1_encode_length(unsigned char **data, int *data_len, int len)
-{
- if (*data_len < 1)
- return -EINVAL;
-
- if (len < 0) {
- *((*data)++) = 0;
- (*data_len)--;
- return 0;
- }
-
- if (len <= 0x7f) {
- *((*data)++) = len;
- (*data_len)--;
- return 0;
- }
-
- if (*data_len < 2)
- return -EINVAL;
-
- if (len <= 0xff) {
- *((*data)++) = 0x81;
- *((*data)++) = len & 0xff;
- *data_len -= 2;
- return 0;
- }
-
- if (*data_len < 3)
- return -EINVAL;
-
- if (len <= 0xffff) {
- *((*data)++) = 0x82;
- *((*data)++) = (len >> 8) & 0xff;
- *((*data)++) = len & 0xff;
- *data_len -= 3;
- return 0;
- }
-
- if (WARN(len > 0xffffff, "ASN.1 length can't be > 0xffffff"))
- return -EINVAL;
-
- if (*data_len < 4)
- return -EINVAL;
- *((*data)++) = 0x83;
- *((*data)++) = (len >> 16) & 0xff;
- *((*data)++) = (len >> 8) & 0xff;
- *((*data)++) = len & 0xff;
- *data_len -= 4;
-
- return 0;
-}
-
/**
* asn1_encode_tag() - add a tag for optional or explicit value
* @data: pointer to place tag at
diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
index 8b7dd73d94c1..ec59f9389a2d 100644
--- a/security/keys/trusted-keys/trusted_tpm2.c
+++ b/security/keys/trusted-keys/trusted_tpm2.c
@@ -38,6 +38,7 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
u8 *end_work = scratch + SCRATCH_SIZE;
u8 *priv, *pub;
u16 priv_len, pub_len;
+ u32 key_handle;
int ret;
priv_len = get_unaligned_be16(src) + 2;
@@ -77,7 +78,8 @@ static int tpm2_key_encode(struct trusted_key_payload *payload,
goto err;
}
- work = asn1_encode_integer(work, end_work, options->keyhandle);
+ key_handle = cpu_to_be32(options->keyhandle);
+ work = asn1_encode_integer(work, end_work, (u8 *)&key_handle, 4);
work = asn1_encode_octet_string(work, end_work, pub, pub_len);
work = asn1_encode_octet_string(work, end_work, priv, priv_len);
--
2.45.1
next prev parent reply other threads:[~2024-05-21 15:27 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-21 15:26 [PATCH v3 0/5] KEYS: asymmetric: tpm2_key_rsa Jarkko Sakkinen
2024-05-21 15:26 ` [PATCH v3 1/5] crypto: rsa-pkcs1pad: export rsa1_asn_lookup() Jarkko Sakkinen
2024-05-21 15:26 ` Jarkko Sakkinen [this message]
2024-05-21 15:26 ` [PATCH v3 3/5] KEYS: trusted: Move tpm2_key_decode() to the TPM driver Jarkko Sakkinen
2024-05-21 15:26 ` [PATCH v3 4/5] tpm: tpm2_key: Extend parser to TPM_LoadableKey Jarkko Sakkinen
2024-05-21 15:26 ` [PATCH v3 5/5] keys: asymmetric: ASYMMETRIC_TPM2_KEY_RSA_SUBTYPE Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240521152659.26438-3-jarkko@kernel.org \
--to=jarkko@kernel.org \
--cc=Andreas.Fuchs@infineon.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dwmw2@infradead.org \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=prestwoj@gmail.com \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).