WolfSSL
/
wolfTPM
mirror of https://github.com/wolfSSL/wolfTPM.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve the ECC key import scheme for signing.

pull/311/head
David Garske 2023-11-16 15:20:33 -08:00
parent 249f9d4942
commit a48b074e5f
2 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/tpm2.c
View File

@ -2952,7 +2952,9 @@ TPM_RC TPM2_Sign(Sign_In* in, Sign_Out* out)
TPM2_Packet_AppendBytes(&packet, in->digest.buffer, in->digest.size);
TPM2_Packet_AppendU16(&packet, in->inScheme.scheme);
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
if (in->inScheme.scheme != TPM_ALG_NULL) {
TPM2_Packet_AppendU16(&packet, in->inScheme.details.any.hashAlg);
}
TPM2_Packet_AppendU16(&packet, in->validation.tag);
TPM2_Packet_AppendU32(&packet, in->validation.hierarchy);

27
src/tpm2_wrap.c
View File

@ -2380,7 +2380,11 @@ int wolfTPM2_ImportEccPrivateKeySeed(WOLFTPM2_DEV* dev, const WOLFTPM2_KEY* pare
pub.publicArea.nameAlg = WOLFTPM2_WRAP_DIGEST;
pub.publicArea.objectAttributes = attributes;
pub.publicArea.parameters.eccDetail.symmetric.algorithm = TPM_ALG_NULL;
pub.publicArea.parameters.eccDetail.scheme.scheme = TPM_ALG_NULL;
/* if both sign and decrypt are set then must use NULL algorithm */
pub.publicArea.parameters.eccDetail.scheme.scheme =
((attributes & TPMA_OBJECT_sign) &&
(attributes & TPMA_OBJECT_decrypt)) ?
TPM_ALG_NULL : TPM_ALG_ECDSA;
pub.publicArea.parameters.eccDetail.scheme.details.ecdsa.hashAlg =
WOLFTPM2_WRAP_DIGEST;
pub.publicArea.parameters.eccDetail.curveID = curveId;
@ -3494,7 +3498,9 @@ int wolfTPM2_SignHash(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
if (key->pub.publicArea.type == TPM_ALG_ECC) {
sigAlg = key->pub.publicArea.parameters.eccDetail.scheme.scheme;
hashAlg = key->pub.publicArea.parameters.eccDetail.scheme.details.any.hashAlg;
if (sigAlg == TPM_ALG_NULL) {
sigAlg = TPM_ALG_ECDSA;
}
}
else if (key->pub.publicArea.type == TPM_ALG_RSA) {
sigAlg = key->pub.publicArea.parameters.rsaDetail.scheme.scheme;
@ -6001,18 +6007,14 @@ static void wolfTPM2_CopyPubT(TPMT_PUBLIC* out, const TPMT_PUBLIC* in)
&in->parameters.eccDetail.symmetric);
out->parameters.eccDetail.scheme.scheme =
in->parameters.eccDetail.scheme.scheme;
if (out->parameters.eccDetail.scheme.scheme != TPM_ALG_NULL) {
out->parameters.eccDetail.scheme.details.any.hashAlg =
in->parameters.eccDetail.scheme.details.any.hashAlg;
}
out->parameters.eccDetail.scheme.details.any.hashAlg =
in->parameters.eccDetail.scheme.details.any.hashAlg;
out->parameters.eccDetail.curveID =
in->parameters.eccDetail.curveID;
out->parameters.eccDetail.kdf.scheme =
in->parameters.eccDetail.kdf.scheme;
if (out->parameters.eccDetail.kdf.scheme != TPM_ALG_NULL) {
out->parameters.eccDetail.kdf.details.any.hashAlg =
in->parameters.eccDetail.kdf.details.any.hashAlg;
}
out->parameters.eccDetail.kdf.details.any.hashAlg =
in->parameters.eccDetail.kdf.details.any.hashAlg;
wolfTPM2_CopyEccParam(&out->unique.ecc.x,
&in->unique.ecc.x);
wolfTPM2_CopyEccParam(&out->unique.ecc.y,
@ -6023,9 +6025,8 @@ static void wolfTPM2_CopyPubT(TPMT_PUBLIC* out, const TPMT_PUBLIC* in)
&in->parameters.asymDetail.symmetric);
out->parameters.asymDetail.scheme.scheme =
in->parameters.asymDetail.scheme.scheme;
if (out->parameters.asymDetail.scheme.scheme != TPM_ALG_NULL)
out->parameters.asymDetail.scheme.details.anySig.hashAlg =
in->parameters.asymDetail.scheme.details.anySig.hashAlg;
out->parameters.asymDetail.scheme.details.anySig.hashAlg =
in->parameters.asymDetail.scheme.details.anySig.hashAlg;
break;
}
}