Fix libspdm_rsa_generate_key always using the default key

Fix the issue: #2336 Signed-off-by: Wenxing Hou <[email protected]>
DMTF · Sep 5, 2023 · c9dc075 · c9dc075
1 parent b8b48ae
commit c9dc075
Show file tree

Hide file tree

Showing 2 changed files with 105 additions and 13 deletions.
diff --git a/os_stub/cryptlib_mbedtls/pk/rsa_ext.c b/os_stub/cryptlib_mbedtls/pk/rsa_ext.c
@@ -162,33 +162,47 @@ bool libspdm_rsa_generate_key(void *rsa_context, size_t modulus_length,
 {
     int32_t ret = 0;
     mbedtls_rsa_context *rsa;
-    int32_t pe;
-    mbedtls_mpi e;
+    uint32_t e;
 
 
     /* Check input parameters.*/
-
     if (rsa_context == NULL || modulus_length > INT_MAX ||
         public_exponent_size > INT_MAX) {
         return false;
     }
 
     rsa = (mbedtls_rsa_context *)rsa_context;
 
-    mbedtls_mpi_init(&e);
-
     if (public_exponent == NULL) {
-        pe = 0x10001;
+        e = 0x10001;
     } else {
-        /* TBD*/
-        ret = mbedtls_mpi_read_binary(&e, public_exponent,
-                                      public_exponent_size);
-        pe = 0x10001;
+        if (public_exponent_size == 0) {
+            return false;
+        }
+
+        switch (public_exponent_size) {
+        case 1:
+            e = public_exponent[0];
+            break;
+        case 2:
+            e = public_exponent[0] << 8 | public_exponent[1];
+            break;
+        case 3:
+            e = public_exponent[0] << 16 | public_exponent[1] << 8 |
+                public_exponent[2];
+            break;
+        case 4:
+            e = public_exponent[0] << 24 | public_exponent[1] << 16 |
+                public_exponent[2] << 8 | public_exponent[3];
+            break;
+        default:
+            return false;
+        }
     }
 
     if (ret == 0) {
         ret = mbedtls_rsa_gen_key(rsa, libspdm_myrand, NULL,
-                                  (uint32_t)modulus_length, pe);
+                                  (uint32_t)modulus_length, e);
     }
 
     return ret == 0;

diff --git a/unit_test/test_crypt/rsa_verify.c b/unit_test/test_crypt/rsa_verify.c
@@ -103,6 +103,19 @@ uint8_t m_libspdm_rsa_pkcs1_signature[] = {
 /* Default public key 0x10001. */
 uint8_t m_libspdm_default_public_key[] = { 0x01, 0x00, 0x01 };
 
+/* input public key 0x03. */
+uint8_t m_libspdm_test_rsa_public_exponent1[] = { 0x03 };
+uint8_t m_libspdm_test_rsa_public_exponent2[] = { 0x02, 0x09 };
+uint8_t m_libspdm_test_rsa_public_exponent3[] = { 0x01, 0x00, 0x01};
+uint8_t m_libspdm_test_rsa_public_exponent4[] = { 0x01, 0x01, 0x01, 0x01 };
+
+uint8_t * m_libspdm_test_rsa_public_exponent[] = {
+    m_libspdm_test_rsa_public_exponent1,
+    m_libspdm_test_rsa_public_exponent2,
+    m_libspdm_test_rsa_public_exponent3,
+    m_libspdm_test_rsa_public_exponent4
+};
+
 /**
  * Validate Crypto RSA Interfaces.
  *
@@ -122,6 +135,7 @@ bool libspdm_validate_crypt_rsa(void)
     bool status;
     size_t key_size;
     uint8_t *KeyBuffer;
+    uint8_t index;
 
     libspdm_my_print("\nCrypto RSA Engine Testing: ");
 
@@ -249,8 +263,72 @@ bool libspdm_validate_crypt_rsa(void)
         return false;
     }
 
-    /* Generate RSA key Components*/
-    libspdm_my_print("Generate RSA key Components ... ");
+    /* Generate RSA key Components without default RSA public exponent*/
+    libspdm_my_print("Generate RSA key Components without default RSA public exponent... ");
+
+    for (index = 0; index < 4; index++) {
+        libspdm_rsa_free(rsa);
+        rsa = libspdm_rsa_new();
+        status = libspdm_rsa_generate_key(rsa, LIBSPDM_RSA_MODULUS_LENGTH,
+                                          m_libspdm_test_rsa_public_exponent[index],
+                                          (index + 1));
+        if (!status) {
+            libspdm_my_print("[Fail]");
+            libspdm_rsa_free(rsa);
+            return false;
+        }
+
+        key_size = LIBSPDM_RSA_MODULUS_LENGTH / 8;
+        KeyBuffer = allocate_pool(key_size);
+        if (KeyBuffer == NULL) {
+            libspdm_my_print("[Fail]");
+            libspdm_rsa_free(rsa);
+            return false;
+        }
+        status = libspdm_rsa_get_key(rsa, LIBSPDM_RSA_KEY_E, KeyBuffer, &key_size);
+        if (!status) {
+            libspdm_my_print("[Fail]");
+            free_pool(KeyBuffer);
+            libspdm_rsa_free(rsa);
+            return false;
+        }
+
+        if (key_size != (index + 1) ||
+            memcmp(KeyBuffer, m_libspdm_test_rsa_public_exponent[index],
+                (index + 1)) != 0) {
+            libspdm_my_print("[Fail]");
+            free_pool(KeyBuffer);
+            libspdm_rsa_free(rsa);
+            return false;
+        }
+
+        key_size = LIBSPDM_RSA_MODULUS_LENGTH / 8;
+        status = libspdm_rsa_get_key(rsa, LIBSPDM_RSA_KEY_N, KeyBuffer, &key_size);
+        if (!status) {
+            libspdm_my_print("[Fail]");
+            free_pool(KeyBuffer);
+            libspdm_rsa_free(rsa);
+            return false;
+        }
+
+        if (key_size != LIBSPDM_RSA_MODULUS_LENGTH / 8) {
+            libspdm_my_print("[Fail]");
+            free_pool(KeyBuffer);
+            libspdm_rsa_free(rsa);
+            return false;
+        }
+
+        if (!libspdm_rsa_check_key(rsa)) {
+            libspdm_my_print("[Fail]");
+            free_pool(KeyBuffer);
+            libspdm_rsa_free(rsa);
+            return false;
+        }
+        free_pool(KeyBuffer);
+    }
+
+    /* Generate RSA key Components with default RSA public exponent*/
+    libspdm_my_print("Generate RSA key Components with default RSA public exponent... ");
 
     status = libspdm_rsa_generate_key(rsa, LIBSPDM_RSA_MODULUS_LENGTH, NULL, 0);
     if (!status) {