diff --git a/examples/wrap/wrap_test.c b/examples/wrap/wrap_test.c index ffdb209..6c82d0f 100644 --- a/examples/wrap/wrap_test.c +++ b/examples/wrap/wrap_test.c @@ -102,6 +102,7 @@ int TPM2_Wrapper_Test(void* userCtx) WOLFTPM2_KEY storageKey; WOLFTPM2_KEY rsaKey; WOLFTPM2_KEY eccKey; + WOLFTPM2_KEY publicKey; WOLFTPM2_BUFFER message; WOLFTPM2_BUFFER cipher; WOLFTPM2_BUFFER plain; @@ -113,7 +114,6 @@ int TPM2_Wrapper_Test(void* userCtx) #endif #ifndef WOLFTPM2_NO_WOLFCRYPT - WOLFTPM2_KEY publicKey; int tpmDevId = INVALID_DEVID; #ifndef NO_RSA word32 idx = 0; @@ -356,6 +356,45 @@ int TPM2_Wrapper_Test(void* userCtx) rc = wolfTPM2_UnloadHandle(&dev, &eccKey.handle); if (rc != 0) goto exit; + /* ECC Public Key Signature Verify Test/Example */ + { + /* [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */ + const byte msg[] = { + /* Test messsage */ + 0xa3, 0xf9, 0x1a, 0xe2, 0x1b, 0xa6, 0xb3, 0x03, 0x98, 0x64, 0x47, + 0x2f, 0x18, 0x41, 0x44, 0xc6, 0xaf, 0x62, 0xcd, 0x0e}; + const byte pubQX[] = { + /* Public ECC Key X */ + 0xFA, 0x27, 0x37, 0xFB, 0x93, 0x48, 0x8D, 0x19, 0xCA, 0xEF, 0x11, + 0xAE, 0x7F, 0xAF, 0x6B, 0x7F, 0x4B, 0xCD, 0x67, 0xB2, 0x86, 0xE3, + 0xFC, 0x54, 0xE8, 0xA6, 0x5C, 0x2B, 0x74, 0xAE, 0xCC, 0xB0}; + const byte pubQY[] = { + /* Public ECC Key Y */ + 0xD4, 0xCC, 0xD6, 0xDA, 0xE6, 0x98, 0x20, 0x8A, 0xA8, 0xC3, 0xA6, + 0xF3, 0x9E, 0x45, 0x51, 0x0D, 0x03, 0xBE, 0x09, 0xB2, 0xF1, 0x24, + 0xBF, 0xC0, 0x67, 0x85, 0x6C, 0x32, 0x4F, 0x9B, 0x4D, 0x09}; + const byte sigRS[] = { + /* Signature R */ + 0x2B, 0x82, 0x6F, 0x5D, 0x44, 0xE2, 0xD0, 0xB6, 0xDE, 0x53, 0x1A, + 0xD9, 0x6B, 0x51, 0xE8, 0xF0, 0xC5, 0x6F, 0xDF, 0xEA, 0xD3, 0xC2, + 0x36, 0x89, 0x2E, 0x4D, 0x84, 0xEA, 0xCF, 0xC3, 0xB7, 0x5C, + /* Signature S */ + 0xA2, 0x24, 0x8B, 0x62, 0xC0, 0x3D, 0xB3, 0x5A, 0x7C, 0xD6, 0x3E, + 0x8A, 0x12, 0x0A, 0x35, 0x21, 0xA8, 0x9D, 0x3D, 0x2F, 0x61, 0xFF, + 0x99, 0x03, 0x5A, 0x21, 0x48, 0xAE, 0x32, 0xE3, 0xA2, 0x48 + }; + + rc = wolfTPM2_LoadEccPublicKey(&dev, &publicKey, TPM_ECC_NIST_P256, + pubQX, sizeof(pubQX), pubQY, sizeof(pubQY)); + if (rc != 0) goto exit; + + rc = wolfTPM2_VerifyHash(&dev, &publicKey, sigRS, sizeof(sigRS), + msg, sizeof(msg)); + if (rc != 0) goto exit; + + rc = wolfTPM2_UnloadHandle(&dev, &publicKey.handle); + if (rc != 0) goto exit; + } /* NV Tests */ rc = wolfTPM2_GetNvAttributesTemplate(TPM_RH_OWNER, &nvAttributes); @@ -411,6 +450,7 @@ exit: #endif #endif /* !WOLFTPM2_NO_WOLFCRYPT */ + wolfTPM2_UnloadHandle(&dev, &publicKey.handle); wolfTPM2_UnloadHandle(&dev, &rsaKey.handle); wolfTPM2_UnloadHandle(&dev, &eccKey.handle); wolfTPM2_UnloadHandle(&dev, &ekKey.handle); diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 0682a16..1c920b9 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -400,9 +400,9 @@ int wolfTPM2_LoadEccPublicKey(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, int curveId, XMEMSET(&pub, 0, sizeof(pub)); pub.publicArea.type = TPM_ALG_ECC; pub.publicArea.nameAlg = TPM_ALG_NULL; - pub.publicArea.objectAttributes = 0; + pub.publicArea.objectAttributes = TPMA_OBJECT_sign; pub.publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL; - pub.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL; + pub.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_ECDSA; pub.publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg = WOLFTPM2_WRAP_DIGEST; pub.publicArea.parameters.eccDetail.curveID = curveId; @@ -1620,7 +1620,7 @@ int wolfTPM2_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) info->pk.eccverify.key, &eccPub); if (rc == 0) { rc = wolfTPM2_VerifyHash(tlsCtx->dev, &eccPub, - info->pk.eccverify.sig, info->pk.eccverify.siglen, + sigRS, rLen + sLen, info->pk.eccverify.hash, info->pk.eccverify.hashlen); wolfTPM2_UnloadHandle(tlsCtx->dev, &eccPub.handle);