WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Fix for loading public ECC key to make sure it can perform an ECC verify. Fix for cryptodev ECC callback to use R and S for the signature verify. Added ECC verify using public key and NIST test vectors.

pull/39/head
David Garske 2018-09-28 11:21:29 -07:00
parent a89fed1e7b
commit 5d2c080e15
2 changed files with 44 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
examples/wrap/wrap_test.c
View File

@ -102,6 +102,7 @@ int TPM2_Wrapper_Test(void* userCtx)
WOLFTPM2_KEY storageKey;
WOLFTPM2_KEY rsaKey;
WOLFTPM2_KEY eccKey;
WOLFTPM2_KEY publicKey;
WOLFTPM2_BUFFER message;
WOLFTPM2_BUFFER cipher;
WOLFTPM2_BUFFER plain;
@ -113,7 +114,6 @@ int TPM2_Wrapper_Test(void* userCtx)
#endif
#ifndef WOLFTPM2_NO_WOLFCRYPT
WOLFTPM2_KEY publicKey;
int tpmDevId = INVALID_DEVID;
#ifndef NO_RSA
word32 idx = 0;
@ -356,6 +356,45 @@ int TPM2_Wrapper_Test(void* userCtx)
rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
if (rc != 0) goto exit;
/* ECC Public Key Signature Verify Test/Example */
{
/* [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
const byte msg[] = {
/* Test messsage */
0xa3, 0xf9, 0x1a, 0xe2, 0x1b, 0xa6, 0xb3, 0x03, 0x98, 0x64, 0x47,
0x2f, 0x18, 0x41, 0x44, 0xc6, 0xaf, 0x62, 0xcd, 0x0e};
const byte pubQX[] = {
/* Public ECC Key X */
0xFA, 0x27, 0x37, 0xFB, 0x93, 0x48, 0x8D, 0x19, 0xCA, 0xEF, 0x11,
0xAE, 0x7F, 0xAF, 0x6B, 0x7F, 0x4B, 0xCD, 0x67, 0xB2, 0x86, 0xE3,
0xFC, 0x54, 0xE8, 0xA6, 0x5C, 0x2B, 0x74, 0xAE, 0xCC, 0xB0};
const byte pubQY[] = {
/* Public ECC Key Y */
0xD4, 0xCC, 0xD6, 0xDA, 0xE6, 0x98, 0x20, 0x8A, 0xA8, 0xC3, 0xA6,
0xF3, 0x9E, 0x45, 0x51, 0x0D, 0x03, 0xBE, 0x09, 0xB2, 0xF1, 0x24,
0xBF, 0xC0, 0x67, 0x85, 0x6C, 0x32, 0x4F, 0x9B, 0x4D, 0x09};
const byte sigRS[] = {
/* Signature R */
0x2B, 0x82, 0x6F, 0x5D, 0x44, 0xE2, 0xD0, 0xB6, 0xDE, 0x53, 0x1A,
0xD9, 0x6B, 0x51, 0xE8, 0xF0, 0xC5, 0x6F, 0xDF, 0xEA, 0xD3, 0xC2,
0x36, 0x89, 0x2E, 0x4D, 0x84, 0xEA, 0xCF, 0xC3, 0xB7, 0x5C,
/* Signature S */
0xA2, 0x24, 0x8B, 0x62, 0xC0, 0x3D, 0xB3, 0x5A, 0x7C, 0xD6, 0x3E,
0x8A, 0x12, 0x0A, 0x35, 0x21, 0xA8, 0x9D, 0x3D, 0x2F, 0x61, 0xFF,
0x99, 0x03, 0x5A, 0x21, 0x48, 0xAE, 0x32, 0xE3, 0xA2, 0x48
};
rc = wolfTPM2_LoadEccPublicKey(&dev, &publicKey, TPM_ECC_NIST_P256,
pubQX, sizeof(pubQX), pubQY, sizeof(pubQY));
if (rc != 0) goto exit;
rc = wolfTPM2_VerifyHash(&dev, &publicKey, sigRS, sizeof(sigRS),
msg, sizeof(msg));
if (rc != 0) goto exit;
rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle);
if (rc != 0) goto exit;
}
/* NV Tests */
rc = wolfTPM2_GetNvAttributesTemplate(TPM_RH_OWNER, &nvAttributes);
@ -411,6 +450,7 @@ exit:
#endif
#endif /* !WOLFTPM2_NO_WOLFCRYPT */
wolfTPM2_UnloadHandle(&dev, &publicKey.handle);
wolfTPM2_UnloadHandle(&dev, &rsaKey.handle);
wolfTPM2_UnloadHandle(&dev, &eccKey.handle);
wolfTPM2_UnloadHandle(&dev, &ekKey.handle);

6
src/tpm2_wrap.c
View File

@ -400,9 +400,9 @@ int wolfTPM2_LoadEccPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, int curveId,
XMEMSET(&pub, 0, sizeof(pub));
pub.publicArea.type = TPM_ALG_ECC;
pub.publicArea.nameAlg = TPM_ALG_NULL;
pub.publicArea.objectAttributes = 0;
pub.publicArea.objectAttributes = TPMA_OBJECT_sign;
pub.publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL;
pub.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
pub.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA;
pub.publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg =
WOLFTPM2_WRAP_DIGEST;
pub.publicArea.parameters.eccDetail.curveID = curveId;
@ -1620,7 +1620,7 @@ int wolfTPM2_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
info->pk.eccverify.key, &eccPub);
if (rc == 0) {
rc = wolfTPM2_VerifyHash(tlsCtx->dev, &eccPub,
info->pk.eccverify.sig, info->pk.eccverify.siglen,
sigRS, rLen + sLen,
info->pk.eccverify.hash, info->pk.eccverify.hashlen);
wolfTPM2_UnloadHandle(tlsCtx->dev, &eccPub.handle);