Cumulative update

- description typo correction
- aes key size construction update
- dynamic ECDH key size
- dynamic RSA exponent size

Signed-off-by: David Dudas <david.dudas03@e-uvt.ro>

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 9d0fd3bfcca22e398ed9dabbf9662f5691acf7e3..076fe2ebd087a380fe2b3c9883ee5c362d0698a7 100644 (file)
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -150,9 +150,9 @@ extern "C" {
  * @GNUTLS_CIPHER_AES_192_GCM: AES in GCM mode with 192-bit keys (AEAD).
  * @GNUTLS_CIPHER_AES_128_SIV_GCM: AES in SIV-GCM mode with 128-bit key.
  * @GNUTLS_CIPHER_AES_256_SIV_GCM: AES in SIV-GCM mode with 256-bit key.
- * @GNUTLS_CIPHER_AES_128_CFB8: AES in CFB mode with 128-bit keys.
- * @GNUTLS_CIPHER_AES_192_CFB8: AES in CFB mode with 192-bit keys.
- * @GNUTLS_CIPHER_AES_256_CFB8: AES in CFB mode with 256-bit keys.
+ * @GNUTLS_CIPHER_AES_128_CFB: AES in CFB mode with 128-bit keys.
+ * @GNUTLS_CIPHER_AES_192_CFB: AES in CFB mode with 192-bit keys.
+ * @GNUTLS_CIPHER_AES_256_CFB: AES in CFB mode with 256-bit keys.
  *
  * Enumeration of different symmetric encryption algorithms.
  */

diff --git a/lib/tpm2/callbacks/aes/aes_callbacks.c b/lib/tpm2/callbacks/aes/aes_callbacks.c
index dc2fd3ef981c9272aadffb4482ee9a92f39ce131..92582774867bc2b6e246cd35d3b26b62061e2b95 100644 (file)
--- a/lib/tpm2/callbacks/aes/aes_callbacks.c
+++ b/lib/tpm2/callbacks/aes/aes_callbacks.c
@@ -60,7 +60,7 @@ static TSS2_RC _gnutls_aes_encrypt(uint8_t *key, TPM2_ALG_ID tpm_sym_alg,
        if (cipher == GNUTLS_CIPHER_UNKNOWN)
                return TSS2_ESYS_RC_NOT_IMPLEMENTED;
 
-       gnutls_datum_t key_datum = { key, key_bits / 8 };
+       gnutls_datum_t key_datum = { key, (key_bits + 7) / 8 };
        gnutls_datum_t iv_datum = { iv, tpm2_aes_iv_size };
 
        if (gnutls_cipher_init(&handle, cipher, &key_datum, &iv_datum) < 0)

diff --git a/lib/tpm2/callbacks/ecdh/ecdh_callbacks.c b/lib/tpm2/callbacks/ecdh/ecdh_callbacks.c
index ef0069d335f74b9e0d14006248cef105e7ee2d6d..7ebd23f14912ab83895f7090e6bfefc1b8862473 100644 (file)
--- a/lib/tpm2/callbacks/ecdh/ecdh_callbacks.c
+++ b/lib/tpm2/callbacks/ecdh/ecdh_callbacks.c
@@ -77,7 +77,8 @@ static TSS2_RC _gnutls_get_ecdh_point(TPM2B_PUBLIC *tpm_key,
        if (ret < 0)
                return TSS2_ESYS_RC_GENERAL_FAILURE;
 
-       ret = gnutls_privkey_generate(privkey, GNUTLS_PK_EC, 256, 0);
+       ret = gnutls_privkey_generate(privkey, GNUTLS_PK_EC,
+                                     GNUTLS_CURVE_TO_BITS(curve), 0);
        if (ret < 0)
                goto fail;
 

diff --git a/lib/tpm2/callbacks/rsa/rsa_callbacks.c b/lib/tpm2/callbacks/rsa/rsa_callbacks.c
index 5c7ff28aec1cd910209bf7e84def88d4a5bb1d0b..06e7d120464f6523343283448e13b9ac3edcb0da 100644 (file)
--- a/lib/tpm2/callbacks/rsa/rsa_callbacks.c
+++ b/lib/tpm2/callbacks/rsa/rsa_callbacks.c
@@ -48,13 +48,26 @@ static TSS2_RC _gnutls_rsa_pk_encrypt(TPM2B_PUBLIC *pub_tpm_key, size_t in_size,
        if (pub_tpm_key->publicArea.parameters.rsaDetail.exponent != 0) {
                uint32_t exp =
                        pub_tpm_key->publicArea.parameters.rsaDetail.exponent;
-               exponent.size = 3;
-               exponent.data = gnutls_malloc(3);
-               exponent.data[0] = (exp >> 16) & 0xFF;
-               exponent.data[1] = (exp >> 8) & 0xFF;
-               exponent.data[2] = exp & 0xFF;
+
+               size_t exp_size = 0;
+               if (exp < 256) {
+                       exp_size = 1;
+               } else if (exp < 65536) {
+                       exp_size = 2;
+               } else {
+                       exp_size = 3;
+               }
+
+               exponent.size = exp_size;
+               exponent.data = gnutls_malloc(exp_size);
+               if (!exponent.data)
+                       return TSS2_ESYS_RC_GENERAL_FAILURE;
+
+               for (size_t i = 0; i < exp_size; i++) {
+                       exponent.data[exp_size - 1 - i] = (exp >> (8 * i)) &
+                                                         0xFF;
+               }
        } else {
-               // Default exponent is 65537
                static uint8_t default_exp[] = { 0x01, 0x00, 0x01 };
                exponent.data = default_exp;
                exponent.size = sizeof(default_exp);