libtpmtss: Support of RSAPSS signature scheme
This commit is contained in:
parent
e74e920bbc
commit
fd21c40b6c
|
@ -93,7 +93,7 @@ METHOD(private_key_t, sign, bool,
|
|||
enumerator->destroy(enumerator);
|
||||
|
||||
return this->tpm->sign(this->tpm, this->hierarchy, this->handle, scheme,
|
||||
data, pin, signature);
|
||||
params, data, pin, signature);
|
||||
}
|
||||
|
||||
METHOD(private_key_t, decrypt, bool,
|
||||
|
|
|
@ -125,14 +125,15 @@ struct tpm_tss_t {
|
|||
* @param handle object handle of TPM key to be used for signature
|
||||
* @param hierarchy hierarchy the TPM key object is attached to
|
||||
* @param scheme scheme to be used for signature
|
||||
* @param param signature scheme parameters
|
||||
* @param data data to be hashed and signed
|
||||
* @param pin PIN code or empty chunk
|
||||
* @param signature returns signature
|
||||
* @return TRUE if signature succeeded
|
||||
*/
|
||||
bool (*sign)(tpm_tss_t *this, uint32_t hierarchy, uint32_t handle,
|
||||
signature_scheme_t scheme, chunk_t data, chunk_t pin,
|
||||
chunk_t *signature);
|
||||
signature_scheme_t scheme, void *params, chunk_t data,
|
||||
chunk_t pin, chunk_t *signature);
|
||||
|
||||
/**
|
||||
* Get random bytes from the TPM
|
||||
|
|
|
@ -584,7 +584,8 @@ err1:
|
|||
|
||||
METHOD(tpm_tss_t, sign, bool,
|
||||
private_tpm_tss_trousers_t *this, uint32_t hierarchy, uint32_t handle,
|
||||
signature_scheme_t scheme, chunk_t data, chunk_t pin, chunk_t *signature)
|
||||
signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin,
|
||||
chunk_t *signature)
|
||||
{
|
||||
return FALSE;
|
||||
}
|
||||
|
|
|
@ -828,10 +828,12 @@ METHOD(tpm_tss_t, quote, bool,
|
|||
|
||||
METHOD(tpm_tss_t, sign, bool,
|
||||
private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
|
||||
signature_scheme_t scheme, chunk_t data, chunk_t pin, chunk_t *signature)
|
||||
signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin,
|
||||
chunk_t *signature)
|
||||
{
|
||||
key_type_t key_type;
|
||||
hash_algorithm_t hash_alg;
|
||||
rsa_pss_params_t *rsa_pss_params;
|
||||
uint32_t rval;
|
||||
|
||||
TPM_ALG_ID alg_id;
|
||||
|
@ -870,8 +872,17 @@ METHOD(tpm_tss_t, sign, bool,
|
|||
}
|
||||
*( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0;
|
||||
|
||||
key_type = key_type_from_signature_scheme(scheme);
|
||||
hash_alg = hasher_from_signature_scheme(scheme, NULL);
|
||||
if (scheme == SIGN_RSA_EMSA_PSS)
|
||||
{
|
||||
key_type = KEY_RSA;
|
||||
rsa_pss_params = (rsa_pss_params_t *)params;
|
||||
hash_alg = rsa_pss_params->hash;
|
||||
}
|
||||
else
|
||||
{
|
||||
key_type = key_type_from_signature_scheme(scheme);
|
||||
hash_alg = hasher_from_signature_scheme(scheme, NULL);
|
||||
}
|
||||
|
||||
/* Check if hash algorithm is supported by TPM */
|
||||
alg_id = hash_alg_to_tpm_alg_id(hash_alg);
|
||||
|
@ -890,8 +901,16 @@ METHOD(tpm_tss_t, sign, bool,
|
|||
|
||||
if (key_type == KEY_RSA && public.t.publicArea.type == TPM_ALG_RSA)
|
||||
{
|
||||
sig_scheme.scheme = TPM_ALG_RSASSA;
|
||||
sig_scheme.details.rsassa.hashAlg = alg_id;
|
||||
if (scheme == SIGN_RSA_EMSA_PSS)
|
||||
{
|
||||
sig_scheme.scheme = TPM_ALG_RSAPSS;
|
||||
sig_scheme.details.rsapss.hashAlg = alg_id;
|
||||
}
|
||||
else
|
||||
{
|
||||
sig_scheme.scheme = TPM_ALG_RSASSA;
|
||||
sig_scheme.details.rsassa.hashAlg = alg_id;
|
||||
}
|
||||
}
|
||||
else if (key_type == KEY_ECDSA && public.t.publicArea.type == TPM_ALG_ECC)
|
||||
{
|
||||
|
@ -983,6 +1002,12 @@ METHOD(tpm_tss_t, sign, bool,
|
|||
sig.signature.rsassa.sig.t.buffer,
|
||||
sig.signature.rsassa.sig.t.size));
|
||||
break;
|
||||
case SIGN_RSA_EMSA_PSS:
|
||||
*signature = chunk_clone(
|
||||
chunk_create(
|
||||
sig.signature.rsapss.sig.t.buffer,
|
||||
sig.signature.rsapss.sig.t.size));
|
||||
break;
|
||||
case SIGN_ECDSA_256:
|
||||
case SIGN_ECDSA_384:
|
||||
case SIGN_ECDSA_521:
|
||||
|
|
|
@ -742,10 +742,12 @@ METHOD(tpm_tss_t, quote, bool,
|
|||
|
||||
METHOD(tpm_tss_t, sign, bool,
|
||||
private_tpm_tss_tss2_t *this, uint32_t hierarchy, uint32_t handle,
|
||||
signature_scheme_t scheme, chunk_t data, chunk_t pin, chunk_t *signature)
|
||||
signature_scheme_t scheme, void *params, chunk_t data, chunk_t pin,
|
||||
chunk_t *signature)
|
||||
{
|
||||
key_type_t key_type;
|
||||
hash_algorithm_t hash_alg;
|
||||
rsa_pss_params_t *rsa_pss_params;
|
||||
uint32_t rval;
|
||||
|
||||
TPM2_ALG_ID alg_id;
|
||||
|
@ -768,8 +770,17 @@ METHOD(tpm_tss_t, sign, bool,
|
|||
memcpy(cmd->hmac.buffer, pin.ptr, cmd->hmac.size);
|
||||
}
|
||||
|
||||
key_type = key_type_from_signature_scheme(scheme);
|
||||
hash_alg = hasher_from_signature_scheme(scheme, NULL);
|
||||
if (scheme == SIGN_RSA_EMSA_PSS)
|
||||
{
|
||||
key_type = KEY_RSA;
|
||||
rsa_pss_params = (rsa_pss_params_t *)params;
|
||||
hash_alg = rsa_pss_params->hash;
|
||||
}
|
||||
else
|
||||
{
|
||||
key_type = key_type_from_signature_scheme(scheme);
|
||||
hash_alg = hasher_from_signature_scheme(scheme, NULL);
|
||||
}
|
||||
|
||||
/* Check if hash algorithm is supported by TPM */
|
||||
alg_id = hash_alg_to_tpm_alg_id(hash_alg);
|
||||
|
@ -788,8 +799,16 @@ METHOD(tpm_tss_t, sign, bool,
|
|||
|
||||
if (key_type == KEY_RSA && public.publicArea.type == TPM2_ALG_RSA)
|
||||
{
|
||||
sig_scheme.scheme = TPM2_ALG_RSASSA;
|
||||
sig_scheme.details.rsassa.hashAlg = alg_id;
|
||||
if (scheme == SIGN_RSA_EMSA_PSS)
|
||||
{
|
||||
sig_scheme.scheme = TPM2_ALG_RSAPSS;
|
||||
sig_scheme.details.rsapss.hashAlg = alg_id;
|
||||
}
|
||||
else
|
||||
{
|
||||
sig_scheme.scheme = TPM2_ALG_RSASSA;
|
||||
sig_scheme.details.rsassa.hashAlg = alg_id;
|
||||
}
|
||||
}
|
||||
else if (key_type == KEY_ECDSA && public.publicArea.type == TPM2_ALG_ECC)
|
||||
{
|
||||
|
@ -881,6 +900,12 @@ METHOD(tpm_tss_t, sign, bool,
|
|||
sig.signature.rsassa.sig.buffer,
|
||||
sig.signature.rsassa.sig.size));
|
||||
break;
|
||||
case SIGN_RSA_EMSA_PSS:
|
||||
*signature = chunk_clone(
|
||||
chunk_create(
|
||||
sig.signature.rsapss.sig.buffer,
|
||||
sig.signature.rsapss.sig.size));
|
||||
break;
|
||||
case SIGN_ECDSA_256:
|
||||
case SIGN_ECDSA_384:
|
||||
case SIGN_ECDSA_521:
|
||||
|
|
Loading…
Reference in New Issue