diff options
| author | Pascal Brand <pascal.brand@st.com> | 2014-12-17 07:48:00 +0100 |
|---|---|---|
| committer | Pascal Brand <pascal.brand@st.com> | 2015-01-07 08:46:43 +0100 |
| commit | 80439f3865207ea998d64fb66c80bd04188c8722 (patch) | |
| tree | 23b147499bf4f61ede01d2c38430e01acd9a0cb0 /core | |
| parent | 3bce5ba118caf537ed5788eb46500eaadbe795ba (diff) | |
Fix #6686: Support passing Public Exponent when generating RSA key pair
Global Platform Internal API 1.0 is not accurate when describing
RSA key pair generation. It only indicates
No parameter is required
This is why RSA key pair generation was always using 65537
as the public exponent.
Version 1.1 of the API is much more precise:
No parameter is required.
The TEE_ATTR_RSA_PUBLIC_EXPONENT attribute may be
specified; if omitted, the default value is 65537.
This patch implements this requirement.
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Tested-by: Pascal Brand <pascal.brand@linaro.org> (STM platform)
Reviewed-by: Laurent GERARD <laurent.gerard@st.com>
Reviewed-by: Jean-Michel DELORME <jean-michel.delorme@st.com>
Signed-off-by: Pascal Brand <pascal.brand@st.com>
Diffstat (limited to 'core')
| -rw-r--r-- | core/lib/libtomcrypt/src/tee_ltc_provider.c | 6 | ||||
| -rw-r--r-- | core/tee/tee_svc_cryp.c | 7 |
2 files changed, 11 insertions, 2 deletions
diff --git a/core/lib/libtomcrypt/src/tee_ltc_provider.c b/core/lib/libtomcrypt/src/tee_ltc_provider.c index 57675ad..c167897 100644 --- a/core/lib/libtomcrypt/src/tee_ltc_provider.c +++ b/core/lib/libtomcrypt/src/tee_ltc_provider.c @@ -533,9 +533,13 @@ static TEE_Result gen_rsa_key(struct rsa_keypair *key, size_t key_size) TEE_Result res; rsa_key ltc_tmp_key; int ltc_res; + long e; + + /* get the public exponent */ + e = mp_get_int(key->e); /* Generate a temporary RSA key */ - ltc_res = rsa_make_key(0, tee_ltc_get_rng_mpa(), key_size/8, 65537, + ltc_res = rsa_make_key(0, tee_ltc_get_rng_mpa(), key_size/8, e, <c_tmp_key); if (ltc_res != CRYPT_OK) { res = TEE_ERROR_BAD_PARAMETERS; diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c index da1f26b..c4ca8cc 100644 --- a/core/tee/tee_svc_cryp.c +++ b/core/tee/tee_svc_cryp.c @@ -1245,10 +1245,15 @@ static TEE_Result tee_svc_obj_generate_key_rsa( uint32_t key_size) { TEE_Result res; + struct rsa_keypair *key = o->data; + uint32_t e = TEE_U32_TO_BIG_ENDIAN(65537); TEE_ASSERT(sizeof(struct rsa_keypair) == o->data_size); - if (!crypto_ops.acipher.gen_rsa_key) + if (!crypto_ops.acipher.gen_rsa_key || !crypto_ops.bignum.bin2bn) return TEE_ERROR_NOT_IMPLEMENTED; + if (!GET_ATTRIBUTE(o, type_props, TEE_ATTR_RSA_PUBLIC_EXPONENT)) + crypto_ops.bignum.bin2bn((const uint8_t *)&e, sizeof(e), + key->e); res = crypto_ops.acipher.gen_rsa_key(o->data, key_size); if (res != TEE_SUCCESS) return res; |