From c9e16cb180cdd885938ee461bcf3f3462ea34ff1 Mon Sep 17 00:00:00 2001
From: Nikolaj Schlej <nschlej@apple.com>
Date: Sun, 23 Oct 2022 13:37:19 +0200
Subject: [PATCH] Add modulus+exponent KM hashes

---
 common/fitparser.cpp | 56 +++++++++++++++++++++++++++++++++++---------
 1 file changed, 45 insertions(+), 11 deletions(-)

diff --git a/common/fitparser.cpp b/common/fitparser.cpp
index 003f598..a659837 100644
--- a/common/fitparser.cpp
+++ b/common/fitparser.cpp
@@ -405,7 +405,7 @@ USTATUS FitParser::parseFitEntryAcm(const UByteArray & acm, const UINT32 localOf
         else {
             acmInfo += usprintf("ACM RSA Public Key Exponent: %Xh\n", INTEL_ACM_HARDCODED_RSA_EXPONENT);
         }
-        acmInfo += usprintf("ACM RSA Public Key: ");
+        acmInfo += usprintf("ACM RSA Public Key:");
         for (UINT32 i = 0; i < header->rsa_public_key().size(); i++) {
             if (i % 32 == 0) acmInfo += "\n";
             acmInfo += usprintf("%02X", (UINT8)header->rsa_public_key().at(i));
@@ -481,24 +481,41 @@ USTATUS FitParser::parseFitEntryBootGuardKeyManifest(const UByteArray & keyManif
                            
         // Add PubKey
         kmInfo += usprintf("Key Manifest Public Key Exponent: %Xh\n", key_signature->public_key()->exponent());
-        kmInfo += usprintf("Key Manifest Public Key: ");
+        kmInfo += usprintf("Key Manifest Public Key:");
         for (UINT16 i = 0; i < (UINT16)key_signature->public_key()->modulus().length(); i++) {
             if (i % 32 == 0) kmInfo += UString("\n");
             kmInfo += usprintf("%02X", (UINT8)key_signature->public_key()->modulus().at(i));
         }
         kmInfo += "\n";
         
-        // Calculate the hashes of public key modulus only
         // One of those hashes is what's getting written into Field Programmable Fuses
+        // Calculate the hashes of public key modulus only
         UINT8 hash[SHA384_HASH_SIZE] = {};
         sha256(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length(), hash);
-        kmInfo += usprintf("Key Manifest Public Key Hash (SHA256): ");
+        kmInfo += usprintf("Key Manifest Public Key Hash (Modulus Only, SHA256): ");
         for (UINT8 i = 0; i < SHA256_HASH_SIZE; i++) {
             kmInfo += usprintf("%02X", hash[i]);
         }
         kmInfo += "\n";
         sha384(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length(), hash);
-        kmInfo += usprintf("Key Manifest Public Key Hash (SHA384): ");
+        kmInfo += usprintf("Key Manifest Public Key Hash (Modulus Only, SHA384): ");
+        for (UINT8 i = 0; i < SHA384_HASH_SIZE; i++) {
+            kmInfo += usprintf("%02X", hash[i]);
+        }
+        kmInfo += "\n";
+        // Calculate the hashes of public key modulus + exponent
+        UByteArray dataToHash;
+        dataToHash.append(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length());
+        UINT32 exponent = key_signature->public_key()->exponent();
+        dataToHash.append((const char*)&exponent, sizeof(exponent));
+        sha256(dataToHash.constData(), dataToHash.size(), hash);
+        kmInfo += usprintf("Key Manifest Public Key Hash (Modulus+Exponent, SHA256): ");
+        for (UINT8 i = 0; i < SHA256_HASH_SIZE; i++) {
+            kmInfo += usprintf("%02X", hash[i]);
+        }
+        kmInfo += "\n";
+        sha384(dataToHash.constData(), dataToHash.size(), hash);
+        kmInfo += usprintf("Key Manifest Public Key Hash (Modulus+Exponent, SHA384): ");
         for (UINT8 i = 0; i < SHA384_HASH_SIZE; i++) {
             kmInfo += usprintf("%02X", hash[i]);
         }
@@ -590,24 +607,41 @@ USTATUS FitParser::parseFitEntryBootGuardKeyManifest(const UByteArray & keyManif
                            
         // Add PubKey
         kmInfo += usprintf("Key Manifest Public Key Exponent: %Xh\n", key_signature->public_key()->exponent());
-        kmInfo += usprintf("Key Manifest Public Key: ");
+        kmInfo += usprintf("Key Manifest Public Key:");
         for (UINT16 i = 0; i < (UINT16)key_signature->public_key()->modulus().length(); i++) {
             if (i % 32 == 0) kmInfo += UString("\n");
             kmInfo += usprintf("%02X", (UINT8)key_signature->public_key()->modulus().at(i));
         }
         kmInfo += "\n";
         
-        // Calculate the hashes of public key modulus only
         // One of those hashes is what's getting written into Field Programmable Fuses
+        // Calculate the hashes of public key modulus only
         UINT8 hash[SHA384_HASH_SIZE] = {};
         sha256(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length(), hash);
-        kmInfo += usprintf("Key Manifest Public Key Hash (SHA256): ");
+        kmInfo += usprintf("Key Manifest Public Key Hash (Modulus Only, SHA256): ");
         for (UINT8 i = 0; i < SHA256_HASH_SIZE; i++) {
             kmInfo += usprintf("%02X", hash[i]);
         }
         kmInfo += "\n";
         sha384(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length(), hash);
-        kmInfo += usprintf("Key Manifest Public Key Hash (SHA384): ");
+        kmInfo += usprintf("Key Manifest Public Key Hash (Modulus Only, SHA384): ");
+        for (UINT8 i = 0; i < SHA384_HASH_SIZE; i++) {
+            kmInfo += usprintf("%02X", hash[i]);
+        }
+        kmInfo += "\n";
+        // Calculate the hashes of public key modulus + exponent
+        UByteArray dataToHash;
+        dataToHash.append(key_signature->public_key()->modulus().data(), key_signature->public_key()->modulus().length());
+        UINT32 exponent = key_signature->public_key()->exponent();
+        dataToHash.append((const char*)&exponent, sizeof(exponent));
+        sha256(dataToHash.constData(), dataToHash.size(), hash);
+        kmInfo += usprintf("Key Manifest Public Key Hash (Modulus+Exponent, SHA256): ");
+        for (UINT8 i = 0; i < SHA256_HASH_SIZE; i++) {
+            kmInfo += usprintf("%02X", hash[i]);
+        }
+        kmInfo += "\n";
+        sha384(dataToHash.constData(), dataToHash.size(), hash);
+        kmInfo += usprintf("Key Manifest Public Key Hash (Modulus+Exponent, SHA384): ");
         for (UINT8 i = 0; i < SHA384_HASH_SIZE; i++) {
             kmInfo += usprintf("%02X", hash[i]);
         }
@@ -850,7 +884,7 @@ USTATUS FitParser::parseFitEntryBootGuardBootPolicy(const UByteArray & bootPolic
                                    
                 // Add PubKey
                 bpInfo += usprintf("Boot Policy Public Key Exponent: %Xh\n", key_signature->public_key()->exponent());
-                bpInfo += usprintf("Boot Policy Public Key: ");
+                bpInfo += usprintf("Boot Policy Public Key:");
                 for (UINT16 i = 0; i < (UINT16)key_signature->public_key()->modulus().length(); i++) {
                     if (i % 32 == 0) bpInfo += UString("\n");
                     bpInfo += usprintf("%02X", (UINT8)key_signature->public_key()->modulus().at(i));
@@ -1142,7 +1176,7 @@ USTATUS FitParser::parseFitEntryBootGuardBootPolicy(const UByteArray & bootPolic
                            
         // Add PubKey
         bpInfo += usprintf("Boot Policy Public Key Exponent: %Xh\n", key_signature->public_key()->exponent());
-        bpInfo += usprintf("Boot Policy Public Key: ");
+        bpInfo += usprintf("Boot Policy Public Key:");
         for (UINT16 i = 0; i < (UINT16)key_signature->public_key()->modulus().length(); i++) {
             if (i % 32 == 0) bpInfo += UString("\n");
             bpInfo += usprintf("%02X", (UINT8)key_signature->public_key()->modulus().at(i));