From 2fc551ffbc4f54e39dfaafe3c596491d34731603 Mon Sep 17 00:00:00 2001
From: Stefan Berger <stefanb@linux.ibm.com>
Date: Tue, 18 Jul 2023 17:33:29 -0400
Subject: [PATCH] tpm2: Prevent SHA1 signature generation using new flag:
 no-sha1-signing

Prevent SHA1 signature generation like FIPS mode on the host does
for RSA and all ECC (ecdsa, ecdaa, ecschnorr, sm2) signing algorithms
by implementing attribute no-sha1-signing.
Since CryptRSASign and CryptEccSign are called from CryptSign the
check for SHA1 can be done there. The other call locations are
from the algorithm test functions where the default hash is SHA512.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
---
 man/man3/TPMLIB_SetProfile.pod  |  9 +++++++++
 src/tpm2/CryptUtil.c            | 11 +++++++++++
 src/tpm2/RuntimeAttributes.c    |  2 ++
 src/tpm2/RuntimeAttributes_fp.h |  3 ++-
 src/tpm2/RuntimeProfile.c       |  1 +
 tests/tpm2_setprofile.c         |  4 ++--
 6 files changed, 27 insertions(+), 3 deletions(-)

diff --git a/man/man3/TPMLIB_SetProfile.pod b/man/man3/TPMLIB_SetProfile.pod
index bc60c3ee..baea657d 100644
--- a/man/man3/TPMLIB_SetProfile.pod
+++ b/man/man3/TPMLIB_SetProfile.pod
@@ -193,6 +193,15 @@ I<Commands>. The following is a list of supported verbs:
 
 =back
 
+=item B<no-sha1-signing>: (since v0.10)
+
+=over 2
+
+=item * Prevents signature generation with a SHA1 with RSA and ECC
+algorithms
+
+=back
+
 =back
 
 =head1 ERRORS
diff --git a/src/tpm2/CryptUtil.c b/src/tpm2/CryptUtil.c
index d807a48c..2a560c61 100644
--- a/src/tpm2/CryptUtil.c
+++ b/src/tpm2/CryptUtil.c
@@ -1529,6 +1529,17 @@ CryptSign(OBJECT*          signKey,     // IN: signing key
     // doesn't have a hashAlg member.
     signature->signature.any.hashAlg = signScheme->details.any.hashAlg;
 
+    switch(signKey->publicArea.type)				// libtpms added begin
+	{
+	  case TPM_ALG_RSA:
+	  case TPM_ALG_ECC:
+	    if (signScheme->details.any.hashAlg == TPM_ALG_SHA1 &&
+	        RuntimeProfileRequiresAttributeFlags(&g_RuntimeProfile,
+						     RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING))
+		return TPM_RC_HASH;
+	  break;
+	}							// libtpms added end
+
     // perform sign operation based on different key type
     switch(signKey->publicArea.type)
 	{
diff --git a/src/tpm2/RuntimeAttributes.c b/src/tpm2/RuntimeAttributes.c
index 71ff68e1..ad17c593 100644
--- a/src/tpm2/RuntimeAttributes.c
+++ b/src/tpm2/RuntimeAttributes.c
@@ -58,6 +58,8 @@ static const struct {
     { .name = NAME, .attributeFlags = FLAGS, .stateFormatLevel = SFL }
     ATTRIBUTE("no-unpadded-encryption", RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION,
 	      7),
+    ATTRIBUTE("no-sha1-signing", RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING,
+	      7),
 };
 
 LIB_EXPORT void
diff --git a/src/tpm2/RuntimeAttributes_fp.h b/src/tpm2/RuntimeAttributes_fp.h
index 059a54c4..d84b93f1 100644
--- a/src/tpm2/RuntimeAttributes_fp.h
+++ b/src/tpm2/RuntimeAttributes_fp.h
@@ -42,9 +42,10 @@
 #ifndef RUNTIME_ATTRIBUTES_H
 #define RUNTIME_ATTRIBUTES_H
 
-#define NUM_ENTRIES_ATTRIBUTE_PROPERTIES          1
+#define NUM_ENTRIES_ATTRIBUTE_PROPERTIES          2
 
 #define RUNTIME_ATTRIBUTE_NO_UNPADDED_ENCRYPTION  (1 << 0)
+#define RUNTIME_ATTRIBUTE_NO_SHA1_SIGNING         (1 << 1)
 
 struct RuntimeAttributes {
     /* */
diff --git a/src/tpm2/RuntimeProfile.c b/src/tpm2/RuntimeProfile.c
index d5183edf..2792467d 100644
--- a/src/tpm2/RuntimeProfile.c
+++ b/src/tpm2/RuntimeProfile.c
@@ -93,6 +93,7 @@ static const struct RuntimeProfileDesc {
  *      marshalled now
  *  7 : Attribute support was added:
  *      - no-unpadded-encryption
+ *      - no-sha1-signing
  */
     const char *description;
 #define DESCRIPTION_MAX_SIZE        250
diff --git a/tests/tpm2_setprofile.c b/tests/tpm2_setprofile.c
index 4c710932..bdc6cc5a 100644
--- a/tests/tpm2_setprofile.c
+++ b/tests/tpm2_setprofile.c
@@ -328,7 +328,7 @@ static const struct {
                     "\"Commands\":\"0x11f-0x122,0x124-0x12e,0x130-0x140,0x142-0x159,"
                                    "0x15b-0x15e,0x160-0x165,0x167-0x174,0x176-0x178,"
                                    "0x17a-0x193,0x197\","
-                    "\"Attributes\":\"no-unpadded-encryption\","
+                    "\"Attributes\":\"no-unpadded-encryption,no-sha1-signing\","
                     "\"Description\":\"test\""
                    "}",
         .exp_fail = false,
@@ -346,7 +346,7 @@ static const struct {
                              "kdf1-sp800-56a,kdf2,kdf1-sp800-108,ecc,ecc-min-size=192,"
                              "ecc-nist,ecc-bn,ecc-sm2-p256,symcipher,camellia,"
                              "camellia-min-size=128,cmac,ctr,ofb,cbc,cfb,ecb\","
-            "\"Attributes\":\"no-unpadded-encryption\","
+            "\"Attributes\":\"no-unpadded-encryption,no-sha1-signing\","
             "\"Description\":\"test\""
           "}}",
     }, {