tpm2: Prevent SHA1 signature generation using new flag: no-sha1-signing

Prevent SHA1 signature generation like FIPS mode on the host does for RSA and all ECC (ecdsa, ecdaa, ecschnorr, sm2) signing algorithms by implementing attribute no-sha1-signing. Since CryptRSASign and CryptEccSign are called from CryptSign the check for SHA1 can be done there. The other call locations are from the algorithm test functions where the default hash is SHA512. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
2025-12-29 08:42:22 +00:00 · 2023-07-18 17:33:29 -04:00 · 2023-07-18 17:33:29 -04:00 · 2fc551ffbc
commit 2fc551ffbc
parent 2db51d0f88
6 changed files with 27 additions and 3 deletions
--- a/man/man3/TPMLIB_SetProfile.pod
+++ b/man/man3/TPMLIB_SetProfile.pod
@ -193,6 +193,15 @@ I<Commands>. The following is a list of supported verbs:

 =back

+=item B<no-sha1-signing>: (since v0.10)
+
+=over 2
+
+=item * Prevents signature generation with a SHA1 with RSA and ECC
+algorithms
+
+=back
+
 =back

 =head1 ERRORS
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@ -1529,6 +1529,17 @@ CryptSign(OBJECT*          signKey,     // IN: signing key
    // doesn't have a hashAlg member.
    signature->signature.any.hashAlg = signScheme->details.any.hashAlg;

+    switch(signKey->publicArea.type)				// libtpms added begin
+	{
+	  case TPM_ALG_RSA:
+	  case TPM_ALG_ECC:
+	    if (signScheme->details.any.hashAlg == TPM_ALG_SHA1 &&
+	        RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile,
+						     RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING))
+		return TPM_RC_HASH;
+	  break;
+	}							// libtpms added end
+
    // perform sign operation based on different key type
    switch(signKey->publicArea.type)
 	{
--- a/src/tpm2/RuntimeAttributes.c
+++ b/src/tpm2/RuntimeAttributes.c
@ -58,6 +58,8 @@ static const struct {
    { .name = NAME, .attributeFlags = FLAGS, .stateFormatLevel = SFL }
    ATTRIBUTE("no-unpadded-encryption", RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION,
 	      7),
+    ATTRIBUTE("no-sha1-signing", RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING,
+	      7),
 };

 LIB_EXPORT void
--- a/src/tpm2/RuntimeAttributes_fp.h
+++ b/src/tpm2/RuntimeAttributes_fp.h
@ -42,9 +42,10 @@
 #ifndef RUNTIME_ATTRIBUTES_H
 #define RUNTIME_ATTRIBUTES_H

-#define NUM_ENTRIES_ATTRIBUTE_PROPERTIES          1
+#define NUM_ENTRIES_ATTRIBUTE_PROPERTIES          2

 #define RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION  (1 << 0)
+#define RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING         (1 << 1)

 struct RuntimeAttributes {
    /* */
--- a/src/tpm2/RuntimeProfile.c
+++ b/src/tpm2/RuntimeProfile.c
@ -93,6 +93,7 @@ static const struct RuntimeProfileDesc {
 *      marshalled now
 *  7 : Attribute support was added:
 *      - no-unpadded-encryption
+ *      - no-sha1-signing
 */
    const char *description;
 #define DESCRIPTION_MAX_SIZE        250
--- a/tests/tpm2_setprofile.c
+++ b/tests/tpm2_setprofile.c
@ -328,7 +328,7 @@ static const struct {
                    "\"Commands\":\"0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,"
                                   "0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,"
                                   "0x17a-0x193,0x197\","
-                    "\"Attributes\":\"no-unpadded-encryption\","
+                    "\"Attributes\":\"no-unpadded-encryption,no-sha1-signing\","
                    "\"Description\":\"test\""
                   "}",
        .exp_fail = false,
@ -346,7 +346,7 @@ static const struct {
                             "kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,"
                             "ecc-nist,ecc-bn,ecc-sm2-p256,symcipher,camellia,"
                             "camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb\","
-            "\"Attributes\":\"no-unpadded-encryption\","
+            "\"Attributes\":\"no-unpadded-encryption,no-sha1-signing\","
            "\"Description\":\"test\""
          "}}",
    }, {