From 5bf5d6c22b9461321cec9ddeaae5795a5465bb03 Mon Sep 17 00:00:00 2001
From: Nicolas Iooss <nicolas.iooss@ledger.fr>
Date: Thu, 23 Sep 2021 21:34:03 +0200
Subject: [PATCH 4/6] tpm2_ptool: do not re-encode the signed data when
 importing a certificate

When using `tpm2_ptool addcert`, several users experienced issues
because the signed data of the certificate was re-encoded when being
added to the database. More precisely, the encoded certificate data is
encoded using a BER encoder which encodes booleans using 1 of True (cf.
https://github.com/etingof/pyasn1/blob/v0.4.8/pyasn1/codec/ber/encoder.py#L164
). But in DER, the encoding of "True" is 0xff, and changing the signed
data made the signature of the certificate no longer valid.

To fix this issue:

- Directly use the result of `pem.readPemFromFile(f)` in attribute
  `CKA_VALUE`: this is directly the encoded form of the certificate.
- Remove `pyasn1.codec.ber`, as this encoder is no longer used.
- Rename the DER decoder from `decoder` to `derdecoder` and the encoder
  from `derenc` to `derencoder`, to make the code easier to read.

While at it:

- Reindent the code to 4-space indentation
- Use `hashlib.sha1(bercert).digest()` directly to compute a SHA1
  digest, instead of using `m.update()`.

Fixes: https://github.com/tpm2-software/tpm2-pkcs11/issues/700
Signed-off-by: Nicolas Iooss <nicolas.iooss@ledger.fr>
---
 tools/tpm2_pkcs11/utils.py | 126 ++++++++++++++++++-------------------
 1 file changed, 60 insertions(+), 66 deletions(-)

diff --git a/tools/tpm2_pkcs11/utils.py b/tools/tpm2_pkcs11/utils.py
index b803f4c..91eab9a 100644
--- a/tools/tpm2_pkcs11/utils.py
+++ b/tools/tpm2_pkcs11/utils.py
@@ -15,9 +15,7 @@ from cryptography.hazmat.primitives.asymmetric import (rsa, padding)
 from cryptography.hazmat.primitives import hashes
 
 from pyasn1_modules import pem, rfc2459
-from pyasn1.codec.der import decoder
-from pyasn1.codec.ber import encoder as berenc
-from pyasn1.codec.der import encoder as derenc
+from pyasn1.codec.der import decoder as derdecoder, encoder as derencoder
 from pyasn1.type import namedtype, tag, univ
 
 from .pkcs11t import *  # noqa
@@ -247,68 +245,64 @@ def asn1_format_ec_point_uncompressed(x, y):
     return s
 
 def pemcert_to_attrs(certpath):
-            # rather than use pycryptography x509 parser, which gives native type access to certificate
-        # fields use pyASN1 to get raw ASN1 encoded values for the fields as the spec requires them
-        with open(certpath, "r") as f:
-            substrate = pem.readPemFromFile(f)
-            cert = decoder.decode(substrate, asn1Spec=rfc2459.Certificate())[0]
-
-        c = cert['tbsCertificate']
-
-        # print(cert.prettyPrint())
-
-        h = binascii.hexlify
-        b = berenc.encode
-        d = derenc.encode
-
-        bercert = b(cert)
-        hexbercert = h(bercert).decode()
-
-        # the CKA_CHECKSUM attrs is the first 3 bytes of a sha1hash
-        m = hashlib.sha1()
-        m.update(bercert)
-        bercertchecksum = m.digest()[0:3]
-        hexbercertchecksum = h(bercertchecksum).decode()
-
-        subj = c['subject']
-        hexsubj = h(d(str2bytes(subj))).decode()
-
-        issuer = c['issuer']
-        hexissuer = h(d(str2bytes(issuer))).decode()
-
-        serial = c['serialNumber']
-        hexserial = h(d(str2bytes(serial))).decode()
-
-        return {
-            # The attrs of this attribute is derived by taking the first 3 bytes of the CKA_VALUE
-            # field.
-            CKA_CHECK_VALUE: hexbercertchecksum,
-            # Start date for the certificate (default empty)
-            CKA_START_DATE : "",
-            # End date for the certificate (default empty)
-            CKA_END_DATE : "",
-            # DER-encoding of the SubjectPublicKeyInfo for the public key
-            # contained in this certificate (default empty)
-            CKA_PUBLIC_KEY_INFO : "",
-            # DER encoded subject
-            CKA_SUBJECT : hexsubj,
-            # DER encoding of issuer
-            CKA_ISSUER : hexissuer,
-            # DER encoding of the cert serial
-            CKA_SERIAL_NUMBER : hexserial,
-            # BER encoding of the certificate
-            CKA_VALUE : hexbercert,
-            # RFC2279 string to URL where cert can be found, default empty
-            CKA_URL : '',
-            # hash of pub key subj, default empty
-            CKA_HASH_OF_SUBJECT_PUBLIC_KEY : '',
-            # Hash of pub key, default empty
-            CKA_HASH_OF_ISSUER_PUBLIC_KEY : '',
-            # Java security domain, default CK_SECURITY_DOMAIN_UNSPECIFIED
-            CKA_JAVA_MIDP_SECURITY_DOMAIN : CK_SECURITY_DOMAIN_UNSPECIFIED,
-            # Name hash algorithm, defaults to SHA1
-            CKA_NAME_HASH_ALGORITHM : CKM_SHA_1
-        }
+    # rather than using pycryptography x509 parser, which gives native type access to certificate
+    # fields use pyASN1 to get raw ASN1 encoded values for the fields as the spec requires them
+    with open(certpath, "r") as f:
+        bercert = pem.readPemFromFile(f)
+
+    cert = derdecoder.decode(bercert, asn1Spec=rfc2459.Certificate())[0]
+    c = cert['tbsCertificate']
+
+    # print(cert.prettyPrint())
+
+    h = binascii.hexlify
+    d = derencoder.encode
+
+    hexbercert = h(bercert).decode()
+
+    # the CKA_CHECKSUM attrs is the first 3 bytes of a sha1hash
+    bercertchecksum = hashlib.sha1(bercert).digest()[0:3]
+    hexbercertchecksum = h(bercertchecksum).decode()
+
+    subj = c['subject']
+    hexsubj = h(d(str2bytes(subj))).decode()
+
+    issuer = c['issuer']
+    hexissuer = h(d(str2bytes(issuer))).decode()
+
+    serial = c['serialNumber']
+    hexserial = h(d(str2bytes(serial))).decode()
+
+    return {
+        # The attrs of this attribute is derived by taking the first 3 bytes of the CKA_VALUE
+        # field.
+        CKA_CHECK_VALUE: hexbercertchecksum,
+        # Start date for the certificate (default empty)
+        CKA_START_DATE: "",
+        # End date for the certificate (default empty)
+        CKA_END_DATE: "",
+        # DER-encoding of the SubjectPublicKeyInfo for the public key
+        # contained in this certificate (default empty)
+        CKA_PUBLIC_KEY_INFO: "",
+        # DER encoded subject
+        CKA_SUBJECT: hexsubj,
+        # DER encoding of issuer
+        CKA_ISSUER: hexissuer,
+        # DER encoding of the cert serial
+        CKA_SERIAL_NUMBER: hexserial,
+        # BER encoding of the certificate
+        CKA_VALUE: hexbercert,
+        # RFC2279 string to URL where cert can be found, default empty
+        CKA_URL: '',
+        # hash of pub key subj, default empty
+        CKA_HASH_OF_SUBJECT_PUBLIC_KEY: '',
+        # Hash of pub key, default empty
+        CKA_HASH_OF_ISSUER_PUBLIC_KEY: '',
+        # Java security domain, default CK_SECURITY_DOMAIN_UNSPECIFIED
+        CKA_JAVA_MIDP_SECURITY_DOMAIN: CK_SECURITY_DOMAIN_UNSPECIFIED,
+        # Name hash algorithm, defaults to SHA1
+        CKA_NAME_HASH_ALGORITHM: CKM_SHA_1
+    }
 
 def _pkcs11_to_str(value, prefix):
 
@@ -407,7 +401,7 @@ def asn1parse_tss_key(keypath):
         if len(substrate) == 0:
             sys.exit('Did not find key in tss key file: {}'.format(keypath))
 
-        tss2_privkey, _ = decoder.decode(substrate, asn1Spec=TSSPrivKey())
+        tss2_privkey, _ = derdecoder.decode(substrate, asn1Spec=TSSPrivKey())
 
         return tss2_privkey
 
-- 
2.38.1