On Wed May 29, 2024 at 12:08 AM EEST, Jarkko Sakkinen wrote:
> + /* Encode the ASN.1 signature: */
> +#define TPM2_KEY_ECDSA_SIG_SIZE (2 + 2 * (2 + SHA256_DIGEST_SIZE) + r_0 + s_0)
> + pr_info("sig_size=%d\n", TPM2_KEY_ECDSA_SIG_SIZE);
> + ptr[0] = 0x30; /* SEQUENCE */
> + ptr[1] = TPM2_KEY_ECDSA_SIG_SIZE - 2;
> +#define TPM2_KEY_ECDSA_SIG_R_TAG 2
> +#define TPM2_KEY_ECDSA_SIG_R_SIZE 3
> +#define TPM2_KEY_ECDSA_SIG_R_BODY 4
> + ptr[TPM2_KEY_ECDSA_SIG_R_TAG] = 0x02; /* INTEGER */
> + ptr[TPM2_KEY_ECDSA_SIG_R_SIZE] = SHA256_DIGEST_SIZE + r_0;
> + ptr[TPM2_KEY_ECDSA_SIG_R_BODY] = 0x00; /* maybe dummy write */
> + memcpy(&ptr[TPM2_KEY_ECDSA_SIG_R_BODY + r_0], r, SHA256_DIGEST_SIZE);
> +#define TPM2_KEY_ECDSA_SIG_S_TAG (4 + r_0 + SHA256_DIGEST_SIZE)
> +#define TPM2_KEY_ECDSA_SIG_S_SIZE (5 + r_0 + SHA256_DIGEST_SIZE)
> +#define TPM2_KEY_ECDSA_SIG_S_BODY (6 + r_0 + SHA256_DIGEST_SIZE)
> + ptr[TPM2_KEY_ECDSA_SIG_S_TAG] = 0x02; /* INTEGER */
> + ptr[TPM2_KEY_ECDSA_SIG_S_SIZE] = SHA256_DIGEST_SIZE + s_0;
> + ptr[TPM2_KEY_ECDSA_SIG_S_BODY] = 0x00; /* maybe dummy write */
> + memcpy(&ptr[TPM2_KEY_ECDSA_SIG_S_BODY + s_0], s, SHA256_DIGEST_SIZE);
> + ret = TPM2_KEY_ECDSA_SIG_SIZE;
Stefan, so this how I realized the signature encoding, thanks to
your earlier remarks [1]! I found out based on that a few glitches
and ended up with this better structured ECDSA signature encoder,
so thank you for doing that.
[1] https://lore.kernel.org/linux-crypto/[email protected]/
BR, Jarkko
On Wed May 29, 2024 at 12:42 AM EEST, Jarkko Sakkinen wrote:
> On Wed May 29, 2024 at 12:08 AM EEST, Jarkko Sakkinen wrote:
> > + /* Encode the ASN.1 signature: */
> > +#define TPM2_KEY_ECDSA_SIG_SIZE (2 + 2 * (2 + SHA256_DIGEST_SIZE) + r_0 + s_0)
> > + pr_info("sig_size=%d\n", TPM2_KEY_ECDSA_SIG_SIZE);
> > + ptr[0] = 0x30; /* SEQUENCE */
> > + ptr[1] = TPM2_KEY_ECDSA_SIG_SIZE - 2;
> > +#define TPM2_KEY_ECDSA_SIG_R_TAG 2
> > +#define TPM2_KEY_ECDSA_SIG_R_SIZE 3
> > +#define TPM2_KEY_ECDSA_SIG_R_BODY 4
> > + ptr[TPM2_KEY_ECDSA_SIG_R_TAG] = 0x02; /* INTEGER */
> > + ptr[TPM2_KEY_ECDSA_SIG_R_SIZE] = SHA256_DIGEST_SIZE + r_0;
> > + ptr[TPM2_KEY_ECDSA_SIG_R_BODY] = 0x00; /* maybe dummy write */
> > + memcpy(&ptr[TPM2_KEY_ECDSA_SIG_R_BODY + r_0], r, SHA256_DIGEST_SIZE);
> > +#define TPM2_KEY_ECDSA_SIG_S_TAG (4 + r_0 + SHA256_DIGEST_SIZE)
> > +#define TPM2_KEY_ECDSA_SIG_S_SIZE (5 + r_0 + SHA256_DIGEST_SIZE)
> > +#define TPM2_KEY_ECDSA_SIG_S_BODY (6 + r_0 + SHA256_DIGEST_SIZE)
> > + ptr[TPM2_KEY_ECDSA_SIG_S_TAG] = 0x02; /* INTEGER */
> > + ptr[TPM2_KEY_ECDSA_SIG_S_SIZE] = SHA256_DIGEST_SIZE + s_0;
> > + ptr[TPM2_KEY_ECDSA_SIG_S_BODY] = 0x00; /* maybe dummy write */
> > + memcpy(&ptr[TPM2_KEY_ECDSA_SIG_S_BODY + s_0], s, SHA256_DIGEST_SIZE);
> > + ret = TPM2_KEY_ECDSA_SIG_SIZE;
>
> Stefan, so this how I realized the signature encoding, thanks to
> your earlier remarks [1]! I found out based on that a few glitches
> and ended up with this better structured ECDSA signature encoder,
> so thank you for doing that.
1. SHA384 would fit without any significant changes.
2. SHA512 will require a single additional byte, i.e. prefix byte 0x81
for the sequence (not for coeffients).
3. SM3 similarly is also trivial to add.
Both will be also easy to add later on. I would not enlarge this patch
set from what it is now.
So I think this is pretty well along the lines of:
https://datatracker.ietf.org/doc/draft-woodhouse-cert-best-practice/
BR, Jarkko