[AMD Official Use Only - General] Hello everyone, I am currently working on updating a signature verification function in C++ and I am a bit stuck. I am trying to replace the deprecated 1.1.1 functions to the appropriate 3.0 versions. The function takes in 2 certificate objects (parent
and cert), which are not x509 certificates, but certificates the company had previously defined. Using the contents from parent we create an RSA public key and using the contents from cert we create the digest and grab the signature to verify.
In the 1.1.1 version we were using the RSA Object and the rsa_set0_key function to create the RSA public key and then used RSA_public_decrypt to decrypt the signature and RSA_verify_PKCS1_PSS to verify it. This whole workflow is now deprecated.
//OPENSSL 1.1.1 Code SEV_ERROR_CODE AMDCert::amd_cert_validate_sig(const amd_cert *cert, const amd_cert *parent, ePSP_DEVICE_TYPE device_type) { SEV_ERROR_CODE cmd_ret = ERROR_INVALID_CERTIFICATE; hmac_sha_256 sha_digest_256; hmac_sha_512 sha_digest_384; SHA_TYPE algo = SHA_TYPE_256; uint8_t *sha_digest = NULL; size_t sha_length = 0; RSA *rsa_pub_key = NULL; BIGNUM *modulus = NULL; BIGNUM *pub_exp = NULL; EVP_MD_CTX* md_ctx = NULL; uint32_t sig_len = cert->modulus_size/8; uint32_t digest_len = 0; uint8_t decrypted[AMD_CERT_KEY_BYTES_4K] = {0}; // TODO wrong length uint8_t signature[AMD_CERT_KEY_BYTES_4K] = {0}; uint32_t fixed_offset = offsetof(amd_cert, pub_exp); // 64 bytes do { if (!cert || !parent) { cmd_ret = ERROR_INVALID_PARAM; break; } // Set SHA_TYPE to 256 bit or 384 bit depending on device_type if (device_type == PSP_DEVICE_TYPE_NAPLES) { algo = SHA_TYPE_256; sha_digest = sha_digest_256; sha_length = sizeof(hmac_sha_256); } else /*if (ROME/MILAN)*/ { algo = SHA_TYPE_384; sha_digest = sha_digest_384; sha_length = sizeof(hmac_sha_512); } // Memzero all the buffers memset(sha_digest, 0, sha_length); memset(decrypted, 0, sizeof(decrypted)); memset(signature, 0, sizeof(signature)); // New up the RSA key rsa_pub_key = RSA_new(); // Convert the parent to an RSA key to pass into RSA_verify modulus = BN_lebin2bn((uint8_t *)&parent->modulus, parent->modulus_size/8, NULL); // n // New's up BigNum pub_exp = BN_lebin2bn((uint8_t *)&parent->pub_exp, parent->pub_exp_size/8, NULL); // e if (RSA_set0_key(rsa_pub_key, modulus, pub_exp, NULL) != 1) break; // Create digest from certificate md_ctx = EVP_MD_CTX_create(); if (EVP_DigestInit(md_ctx, (algo == SHA_TYPE_256) ? EVP_sha256() : EVP_sha384()) <= 0) break; if (EVP_DigestUpdate(md_ctx, cert, fixed_offset) <= 0) // Calls SHA256_UPDATE break; if (EVP_DigestUpdate(md_ctx, &cert->pub_exp, cert->pub_exp_size/8) <= 0) break; if (EVP_DigestUpdate(md_ctx, &cert->modulus, cert->modulus_size/8) <= 0) break; EVP_DigestFinal(md_ctx, sha_digest, &digest_len); // Swap the bytes of the signature memcpy(signature, &cert->sig, parent->modulus_size/8); if (!sev::reverse_bytes(signature, parent->modulus_size/8)) break; // Now we will verify the signature. Start by a RAW decrypt of the signature if (RSA_public_decrypt(sig_len, signature, decrypted, rsa_pub_key, RSA_NO_PADDING) == -1) break; // Verify the data // SLen of -2 means salt length is recovered from the signature if (RSA_verify_PKCS1_PSS(rsa_pub_key, sha_digest, (algo == SHA_TYPE_256) ? EVP_sha256() : EVP_sha384(), decrypted, -2) != 1) { break; } cmd_ret = STATUS_SUCCESS; } while (0); // Free the keys and contexts if (rsa_pub_key) RSA_free(rsa_pub_key); if (md_ctx) EVP_MD_CTX_free(md_ctx); return cmd_ret; } My current attempt to do this update is first creating an EVP_PKEY object which will now store the public key and inputting the same data from parent by using the EVP_PKEY_fromdata generation function. I build my OSSL_PARAMETERS using OSSL_PARAM_BLD
to which I push the data from parent. Lastly for the verification I am using the EVP_DigestVerifyFinal procedure. I create the digest using EVP_DigestVerifyInit and EVP_DigestVerifyUpdate and passing in the same data from cert that we were using in the 1.1.1
version of the function. I have tried different approaches to both creating the key and the verification procedure, but I cannot seem to get it to work. // OPENSSL 3.0 code SEV_ERROR_CODE AMDCert::amd_cert_validate_sig(const amd_cert *cert, const amd_cert *parent, ePSP_DEVICE_TYPE device_type) { SEV_ERROR_CODE cmd_ret = ERROR_INVALID_CERTIFICATE; hmac_sha_256 sha_digest_256; hmac_sha_512 sha_digest_384; SHA_TYPE algo = SHA_TYPE_256; uint8_t *sha_digest = NULL; size_t sha_length = 0; EVP_PKEY *rsa_pub_key = EVP_PKEY_new(); RSA *old_rsa_pub_key = NULL; BIGNUM *modulus = NULL; BIGNUM *pub_exp = NULL; EVP_PKEY_CTX *key_gen_ctx = NULL; uint32_t sig_len = cert->modulus_size/8; EVP_MD_CTX* verify_md_ctx = NULL; uint32_t digest_len = 0; uint8_t signature[AMD_CERT_KEY_BYTES_4K] = {0}; uint32_t fixed_offset = offsetof(amd_cert, pub_exp); // 64 bytes do { if (!cert || !parent) { cmd_ret = ERROR_INVALID_PARAM; break; } // Set SHA_TYPE to 256 bit or 384 bit depending on device_type if (device_type == PSP_DEVICE_TYPE_NAPLES) { algo = SHA_TYPE_256; sha_digest = sha_digest_256; sha_length = sizeof(hmac_sha_256); } else /*if (ROME/MILAN)*/ { algo = SHA_TYPE_384; sha_digest = sha_digest_384; sha_length = sizeof(hmac_sha_512); } // Memzero all the buffers memset(sha_digest, 0, sha_length); memset(signature, 0, sizeof(signature)); //Convert the parent to an RSA key to pass into EVP_DigesetVerify modulus = BN_lebin2bn((uint8_t *)&parent->modulus, parent->modulus_size/8, NULL); // n // New's up BigNum pub_exp = BN_lebin2bn((uint8_t *)&parent->pub_exp, parent->pub_exp_size/8, NULL); // e // Creating parameter build OSSL_PARAM_BLD *params_build = OSSL_PARAM_BLD_new(); if ( params_build == NULL ) { cout << "Init fails " << endl; } // Push modulus if ( !OSSL_PARAM_BLD_push_BN(params_build, "n", modulus) ) { cout << "Error: failed to push modulus into param build." << endl; break; } // Push pub_exp if ( !OSSL_PARAM_BLD_push_BN(params_build, "e", pub_exp) ) { cout << "Error: failed to push exponent into param build." << endl; break; } // Build parameters OSSL_PARAM *params = OSSL_PARAM_BLD_to_param(params_build); if ( params == NULL ) { cout << "Error: building parameters." << endl; break; } // Free BLD struct OSSL_PARAM_BLD_free(params_build); // Create key_gen context key_gen_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); //EVP_PKEY_keygen_init(pctx); if(EVP_PKEY_fromdata_init(key_gen_ctx) != 1) { cout << "failed to initialize key creation." << endl; break; } // Generate rsa public key if(EVP_PKEY_fromdata(key_gen_ctx, &rsa_pub_key, EVP_PKEY_PUBLIC_KEY, params) != 1) { cout << "key generation breaks" << endl; break; } // Free PARAM structure OSSL_PARAM_free(params); // Swap the bytes of the signature memcpy(signature, &cert->sig, parent->modulus_size/8); if (!sev::reverse_bytes(signature, parent->modulus_size/8)) break; // Create digest context verify_md_ctx = EVP_MD_CTX_create(); if (!verify_md_ctx) { cout << "Error allocating pkey context " << endl;; break; } if (EVP_DigestVerifyInit(verify_md_ctx, NULL, (algo == SHA_TYPE_256) ? EVP_sha256() : EVP_sha384(), NULL, rsa_pub_key) <= 0) { cout << "Init fails " << endl; break; } if (EVP_DigestVerifyUpdate(verify_md_ctx, cert, fixed_offset) <= 0) // Calls SHA256_UPDATE break; if (EVP_DigestVerifyUpdate(verify_md_ctx, &cert->pub_exp, cert->pub_exp_size/8) <= 0) break; if (EVP_DigestVerifyUpdate(verify_md_ctx, &cert->modulus, cert->modulus_size/8) <= 0) break; // Get Verify return int ret = EVP_DigestVerifyFinal(verify_md_ctx,signature,sig_len); if (ret == 0) { cout << "Verify digest fails" << endl; break; } else if (ret < 0) { cout << "Verify error" << endl; break; } cmd_ret = STATUS_SUCCESS; } while (0); // Free the keys and contexts if (rsa_pub_key) EVP_PKEY_free(rsa_pub_key); if (key_gen_ctx) EVP_PKEY_CTX_free(key_gen_ctx); if (verify_md_ctx) EVP_MD_CTX_free(verify_md_ctx); return cmd_ret; } Is this the correct way of creating RSA keys now? Where is my logic failing? Can the same type of procedure even be done on 3.0? Any advice would be really appreciated. Thank you in advance, Diego Gonzalez Villalobos Software System Designer I |