Skip to content

Commit

Permalink
Fix for ECC sign with key that is marked for sign and decrypt detect …
Browse files Browse the repository at this point in the history
…the ECDSA hash algorithm.
  • Loading branch information
dgarske committed Dec 8, 2023
1 parent 20081b6 commit 3ab4e5e
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion src/tpm2_wrap.c
Original file line number Diff line number Diff line change
Expand Up @@ -3497,11 +3497,21 @@ int wolfTPM2_SignHash(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key,
}

if (key->pub.publicArea.type == TPM_ALG_ECC) {
/* Keys that are created with sign and decrypt require scheme to be NULL,
* but we must supply ECDSA and Hash Algorithm for signing */
sigAlg = key->pub.publicArea.parameters.eccDetail.scheme.scheme;
hashAlg = key->pub.publicArea.parameters.eccDetail.scheme.details.any.hashAlg;
if (sigAlg == TPM_ALG_NULL) {
if (sigAlg == 0 || sigAlg == TPM_ALG_NULL) {
sigAlg = TPM_ALG_ECDSA;
}
if (hashAlg == 0 || digestSz == TPM_ALG_NULL) {
if (digestSz == 64)
hashAlg = TPM_ALG_SHA512;
else if (digestSz == 48)
hashAlg = TPM_ALG_SHA384;
else if (digestSz == 32)
hashAlg = TPM_ALG_SHA256;
}
}
else if (key->pub.publicArea.type == TPM_ALG_RSA) {
sigAlg = key->pub.publicArea.parameters.rsaDetail.scheme.scheme;
Expand Down

0 comments on commit 3ab4e5e

Please sign in to comment.