From 3ab4e5eacb6310054cfe616909be75032c957150 Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 7 Dec 2023 11:40:42 -0800 Subject: [PATCH] Fix for ECC sign with key that is marked for sign and decrypt detect the ECDSA hash algorithm. --- src/tpm2_wrap.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/tpm2_wrap.c b/src/tpm2_wrap.c index 95f00cef..69c7caee 100644 --- a/src/tpm2_wrap.c +++ b/src/tpm2_wrap.c @@ -3497,11 +3497,21 @@ int wolfTPM2_SignHash(WOLFTPM2_DEV* dev, WOLFTPM2_KEY* key, } if (key->pub.publicArea.type == TPM_ALG_ECC) { + /* Keys that are created with sign and decrypt require scheme to be NULL, + * but we must supply ECDSA and Hash Algorithm for signing */ sigAlg = key->pub.publicArea.parameters.eccDetail.scheme.scheme; hashAlg = key->pub.publicArea.parameters.eccDetail.scheme.details.any.hashAlg; - if (sigAlg == TPM_ALG_NULL) { + if (sigAlg == 0 || sigAlg == TPM_ALG_NULL) { sigAlg = TPM_ALG_ECDSA; } + if (hashAlg == 0 || digestSz == TPM_ALG_NULL) { + if (digestSz == 64) + hashAlg = TPM_ALG_SHA512; + else if (digestSz == 48) + hashAlg = TPM_ALG_SHA384; + else if (digestSz == 32) + hashAlg = TPM_ALG_SHA256; + } } else if (key->pub.publicArea.type == TPM_ALG_RSA) { sigAlg = key->pub.publicArea.parameters.rsaDetail.scheme.scheme;