Pad elliptic curve points

Some tests with EC keys occasionally fail with TPM_RC_KEY.  This has
been traced to the x or y points of the public key being representable
in fewer bytes than the order of the curve.  Apparently the MS TPM
emulator contains a check that the size of the points is always the
order of the curve.  Fix this by always padding EC points up to the
curve order.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

1 files changed, 15 insertions, 2 deletions

diff --git a/tpm2-common.c b/tpm2-common.c
index eebde89..1184d5a 100644
--- a/tpm2-common.c
+++ b/tpm2-common.c
@@ -1171,6 +1171,17 @@ int tpm2_curve_name_to_nid(TPMI_ECC_CURVE curve)
 	return 0;
 }
 
+int tpm2_curve_to_order(TPMI_ECC_CURVE curve)
+{
+	int i;
+
+	for (i = 0; tpm2_supported_curves[i].name != NULL; i++)
+		if (tpm2_supported_curves[i].curve == curve)
+			return tpm2_supported_curves[i].C[5].s;
+
+	return 0;
+}
+
 TPMI_ECC_CURVE tpm2_nid_to_curve_name(int nid)
 {
 	int i;
@@ -2695,6 +2706,7 @@ TPM_RC openssl_to_tpm_public_ecc(TPMT_PUBLIC *pub, EVP_PKEY *pkey)
 	TPM_RC rc = TPM_RC_CURVE;
 	BN_CTX *ctx = NULL;
 	BIGNUM *x, *y;
+	int order;
 
 	if (curve == TPM_ECC_NONE) {
 		fprintf(stderr, "TPM does not support the curve in this EC key\n");
@@ -2726,10 +2738,11 @@ TPM_RC openssl_to_tpm_public_ecc(TPMT_PUBLIC *pub, EVP_PKEY *pkey)
 		goto err;
 	}
 
+	order = tpm2_curve_to_order(curve);
 	VAL_2B(pub->unique.ecc.x, size) =
-		BN_bn2bin(x, VAL_2B(pub->unique.ecc.x, buffer));
+		BN_bn2binpad(x, VAL_2B(pub->unique.ecc.x, buffer), order);
 	VAL_2B(pub->unique.ecc.y, size) =
-		BN_bn2bin(y, VAL_2B(pub->unique.ecc.y, buffer));
+		BN_bn2binpad(y, VAL_2B(pub->unique.ecc.y, buffer), order);
 
 	rc = TPM_RC_SUCCESS;