diff options
author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-01-30 16:11:42 -0500 |
---|---|---|
committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2023-01-30 16:11:42 -0500 |
commit | 062e14c19ab156053ab9d3f8114e6d00f2b9657b (patch) | |
tree | 61688f105109dccb842286d81046cc9225d9c5b1 | |
parent | 04f524d7f58b335b61237e9e8c21871674deb51b (diff) | |
download | openssl_tpm2_engine-062e14c19ab156053ab9d3f8114e6d00f2b9657b.tar.gz |
Pad elliptic curve points
Some tests with EC keys occasionally fail with TPM_RC_KEY. This has
been traced to the x or y points of the public key being representable
in fewer bytes than the order of the curve. Apparently the MS TPM
emulator contains a check that the size of the points is always the
order of the curve. Fix this by always padding EC points up to the
curve order.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-rw-r--r-- | tpm2-common.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/tpm2-common.c b/tpm2-common.c index eebde89..1184d5a 100644 --- a/tpm2-common.c +++ b/tpm2-common.c @@ -1171,6 +1171,17 @@ int tpm2_curve_name_to_nid(TPMI_ECC_CURVE curve) return 0; } +int tpm2_curve_to_order(TPMI_ECC_CURVE curve) +{ + int i; + + for (i = 0; tpm2_supported_curves[i].name != NULL; i++) + if (tpm2_supported_curves[i].curve == curve) + return tpm2_supported_curves[i].C[5].s; + + return 0; +} + TPMI_ECC_CURVE tpm2_nid_to_curve_name(int nid) { int i; @@ -2695,6 +2706,7 @@ TPM_RC openssl_to_tpm_public_ecc(TPMT_PUBLIC *pub, EVP_PKEY *pkey) TPM_RC rc = TPM_RC_CURVE; BN_CTX *ctx = NULL; BIGNUM *x, *y; + int order; if (curve == TPM_ECC_NONE) { fprintf(stderr, "TPM does not support the curve in this EC key\n"); @@ -2726,10 +2738,11 @@ TPM_RC openssl_to_tpm_public_ecc(TPMT_PUBLIC *pub, EVP_PKEY *pkey) goto err; } + order = tpm2_curve_to_order(curve); VAL_2B(pub->unique.ecc.x, size) = - BN_bn2bin(x, VAL_2B(pub->unique.ecc.x, buffer)); + BN_bn2binpad(x, VAL_2B(pub->unique.ecc.x, buffer), order); VAL_2B(pub->unique.ecc.y, size) = - BN_bn2bin(y, VAL_2B(pub->unique.ecc.y, buffer)); + BN_bn2binpad(y, VAL_2B(pub->unique.ecc.y, buffer), order); rc = TPM_RC_SUCCESS; |