Proxmox-Port/libtpms
1
0
Fork 0
mirror of https://github.com/stefanberger/libtpms synced 2026-01-14 03:35:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

rev148: Fixes to EccSignature math and test cases

Browse Source 
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
This commit is contained in:
Stefan Berger 2018-07-11 08:12:14 -04:00 committed by Stefan Berger
parent fcbd854ffc
commit 3da0cce06e
2 changed files with 66 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
src/tpm2/EccTestData.h
View File

@ -3,7 +3,7 @@
/* Parameter data for ECC testing */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: EccTestData.h 1160 2018-04-17 17:15:34Z kgoldman $ */
/* $Id: EccTestData.h 1259 2018-07-10 19:11:09Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
@ -55,21 +55,14 @@
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2018 */
/* (c) Copyright IBM Corp. and others, 2016 - 2018 */
/* */
/********************************************************************************/
#ifndef ECCTESTDATA_H
#define ECCTESTDATA_H
/* 10.1.12 EccTestData.h */
#ifdef SELF_TEST_DATA
TPM2B_TYPE(EC_TEST, 32);
const TPM_ECC_CURVE c_testCurve = 00003;
/* The static key */
// The static key
const TPM2B_EC_TEST c_ecTestKey_ds = {{32, {
0xdf,0x8d,0xa4,0xa3,0x88,0xf6,0x76,0x96,0x89,0xfc,0x2f,0x2d,0xa1,0xb4,0x39,0x7a,
0x78,0xc4,0x7f,0x71,0x8c,0xa6,0x91,0x85,0xc0,0xbf,0xf3,0x54,0x20,0x91,0x2f,0x73}}};
@ -79,9 +72,7 @@ const TPM2B_EC_TEST c_ecTestKey_QsX = {{32, {
const TPM2B_EC_TEST c_ecTestKey_QsY = {{32, {
0xa6,0xca,0xf2,0x18,0x45,0x96,0x6e,0x58,0xe6,0x72,0x34,0x12,0x89,0xcd,0xaa,0xad,
0xcb,0x68,0xb2,0x51,0xdc,0x5e,0xd1,0x6d,0x38,0x20,0x35,0x57,0xb2,0xfd,0xc7,0x52}}};
/* The ephemeral key */
// The ephemeral key
const TPM2B_EC_TEST c_ecTestKey_de = {{32, {
0xb6,0xb5,0x33,0x5c,0xd1,0xee,0x52,0x07,0x99,0xea,0x2e,0x8f,0x8b,0x19,0x18,0x07,
0xc1,0xf8,0xdf,0xdd,0xb8,0x77,0x00,0xc7,0xd6,0x53,0x21,0xed,0x02,0x53,0xee,0xac}}};
@ -91,23 +82,19 @@ const TPM2B_EC_TEST c_ecTestKey_QeX = {{32, {
const TPM2B_EC_TEST c_ecTestKey_QeY = {{32, {
0x30,0xe6,0x4f,0x97,0x03,0xa1,0xcb,0x3b,0x32,0x2a,0x70,0x39,0x94,0xeb,0x4e,0xea,
0x55,0x88,0x81,0x3f,0xb5,0x00,0xb8,0x54,0x25,0xab,0xd4,0xda,0xfd,0x53,0x7a,0x18}}};
/* ECDH test results */
// ECDH test results
const TPM2B_EC_TEST c_ecTestEcdh_X = {{32, {
0x64,0x02,0x68,0x92,0x78,0xdb,0x33,0x52,0xed,0x3b,0xfa,0x3b,0x74,0xa3,0x3d,0x2c,
0x2f,0x9c,0x59,0x03,0x07,0xf8,0x22,0x90,0xed,0xe3,0x45,0xf8,0x2a,0x0a,0xd8,0x1d}}};
const TPM2B_EC_TEST c_ecTestEcdh_Y = {{32, {
0x58,0x94,0x05,0x82,0xbe,0x5f,0x33,0x02,0x25,0x90,0x3a,0x33,0x90,0x89,0xe3,0xe5,
0x10,0x4a,0xbc,0x78,0xa5,0xc5,0x07,0x64,0xaf,0x91,0xbc,0xe6,0xff,0x85,0x11,0x40}}};
TPM2B_TYPE(TEST_VALUE, 64);
const TPM2B_TEST_VALUE c_ecTestValue = {{64, {
0x78,0xd5,0xd4,0x56,0x43,0x61,0xdb,0x97,0xa4,0x32,0xc4,0x0b,0x06,0xa9,0xa8,0xa0,
0xf4,0x45,0x7f,0x13,0xd8,0x13,0x81,0x0b,0xe5,0x76,0xbe,0xaa,0xb6,0x3f,0x8d,0x4d,
0x23,0x65,0xcc,0xa7,0xc9,0x19,0x10,0xce,0x69,0xcb,0x0c,0xc7,0x11,0x8d,0xc3,0xff,
0x62,0x69,0xa2,0xbe,0x46,0x90,0xe7,0x7d,0x81,0x77,0x94,0x65,0x1c,0x3e,0xc1,0x3e}}};
#if ALG_SHA1_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0x57,0xf3,0x36,0xb7,0xec,0xc2,0xdd,0x76,0x0e,0xe2,0x81,0x21,0x49,0xc5,0x66,0x11,
@ -115,27 +102,13 @@ const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0x1b,0xed,0x23,0x72,0x8f,0x17,0x5f,0x47,0x2e,0xa7,0x97,0x2c,0x51,0x57,0x20,0x70,
0x6f,0x89,0x74,0x8a,0xa8,0xf4,0x26,0xf4,0x96,0xa1,0xb8,0x3e,0xe5,0x35,0xc5,0x94}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x42,0xc6,0x0d,0x2f,
0x86,0xa0,0x1c,0x93,0x5e,0x4a,0xad,0x0b,0x67,0xde,0x5d,0x2a,0xb1,0x08,0x4d,0xae}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32, {
0xb1,0x37,0x7b,0xff,0xf8,0xf7,0xcf,0x2f,0xa6,0xa9,0x5a,0xb1,0x03,0xc1,0x1e,0xa7,
0xf8,0x05,0x33,0xc0,0x0a,0x7b,0xda,0x7b,0x1a,0x00,0x47,0xe1,0x9e,0xbe,0x50,0xe4}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x1b,0x08,0x9f,0xde,
0xef,0x62,0xe3,0xf1,0x14,0xcb,0x54,0x28,0x13,0x76,0xfc,0x6d,0x69,0x22,0xb5,0x3e}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{
0xd9,0xd3,0x20,0xfb,0x4d,0x16,0xf2,0xe6,0xe2,0x45,0x07,0x45,0x1c,0x92,0x92,0x92,
0xa9,0x6b,0x48,0xf8,0xd1,0x98,0x29,0x4d,0xd3,0x8f,0x56,0xf2,0xbb,0x2e,0x22,0x3b}}};
#endif // SHA1
#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0xf5,0x74,0x6d,0xd6,0xc6,0x56,0x86,0xbb,0xba,0x1c,0xba,0x75,0x65,0xee,0x64,0x31,
0xce,0x04,0xe3,0x9f,0x24,0x3f,0xbd,0xfe,0x04,0xcd,0xab,0x7e,0xfe,0xad,0xcb,0x82}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0xc2,0x4f,0x32,0xa1,0x06,0xc0,0x85,0x4f,0xc6,0xd8,0x31,0x66,0x91,0x9f,0x79,0xcd,
0x5b,0xe5,0x7b,0x94,0xa1,0x91,0x38,0xac,0xd4,0x20,0xa2,0x10,0xf0,0xd5,0x9d,0xbf}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, {
0xad,0xe8,0xd2,0xda,0x57,0x6d,0x4a,0xe5,0xcc,0xcd,0x7c,0x14,0x1a,0x71,0x93,0xab,
0x6b,0x9d,0x0f,0x6a,0x97,0xb2,0x32,0x75,0x6c,0xb7,0x82,0x17,0x6b,0x17,0xca,0x1b}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32, {
0xd6,0xf1,0xe3,0x05,0xe5,0xdb,0x7c,0x8f,0x67,0x46,0x24,0x0f,0x5a,0x67,0xf8,0x2d,
0x5e,0xcb,0xa6,0x8b,0xd7,0x80,0x66,0x83,0x36,0x50,0xd7,0x73,0x7c,0xb8,0x63,0x41}}};
#endif // SHA384
#if ALG_SHA256_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0x04,0x7d,0x54,0xeb,0x04,0x6f,0x56,0xec,0xa2,0x6c,0x38,0x8c,0xeb,0x43,0x0b,0x71,
@ -144,31 +117,39 @@ const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0x8f,0xd0,0x12,0xd9,0x24,0x75,0xf6,0xc4,0x3b,0xb5,0x46,0x75,0x3a,0x41,0x8d,0x80,
0x23,0x99,0x38,0xd7,0xe2,0x40,0xca,0x9a,0x19,0x2a,0xfc,0x54,0x75,0xd3,0x4a,0x6e}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, {
0x80,0xd5,0x77,0x52,0xf4,0x51,0x4a,0xe8,0xd0,0x28,0x91,0x98,0xbd,0x36,0x5d,0x89,
0x24,0x0b,0xcf,0x08,0x30,0x35,0xc2,0x19,0x9f,0xf9,0x49,0x4f,0x53,0xe5,0x1f,0xe8}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32, {
0xf7,0x47,0xda,0x09,0xc6,0xc3,0x28,0x28,0xc2,0xbd,0xbf,0xe6,0xa2,0xec,0x3f,0x44,
0xcf,0xee,0xa2,0x30,0x96,0xe7,0xa4,0xaf,0x1f,0x37,0xac,0x1f,0xc6,0xc1,0xb4,0x25}}};
0xf7,0xb9,0x15,0x4c,0x34,0xf6,0x41,0x19,0xa3,0xd2,0xf1,0xbd,0xf4,0x13,0x6a,0x4f,
0x63,0xb8,0x4d,0xb5,0xc8,0xcd,0xde,0x85,0x95,0xa5,0x39,0x0a,0x14,0x49,0x3d,0x2f}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{
0xfe,0xbe,0x17,0xaa,0x31,0x22,0x9f,0xd0,0xd2,0xf5,0x25,0x04,0x92,0xb0,0xaa,0x4e,
0xcc,0x1c,0xb6,0x79,0xd6,0x42,0xb3,0x4e,0x3f,0xbb,0xfe,0x5f,0xd0,0xd0,0x8b,0xc3}}};
#endif // SHA256
#if ALG_SHA384_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0xf5,0x74,0x6d,0xd6,0xc6,0x56,0x86,0xbb,0xba,0x1c,0xba,0x75,0x65,0xee,0x64,0x31,
0xce,0x04,0xe3,0x9f,0x24,0x3f,0xbd,0xfe,0x04,0xcd,0xab,0x7e,0xfe,0xad,0xcb,0x82}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32, {
0xc2,0x4f,0x32,0xa1,0x06,0xc0,0x85,0x4f,0xc6,0xd8,0x31,0x66,0x91,0x9f,0x79,0xcd,
0x5b,0xe5,0x7b,0x94,0xa1,0x91,0x38,0xac,0xd4,0x20,0xa2,0x10,0xf0,0xd5,0x9d,0xbf}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32, {
0x1e,0xb8,0xe1,0xbf,0xa1,0x9e,0x39,0x1e,0x58,0xa2,0xe6,0x59,0xd0,0x1a,0x6a,0x03,
0x6a,0x1f,0x1c,0x4f,0x36,0x19,0xc1,0xec,0x30,0xa4,0x85,0x1b,0xe9,0x74,0x35,0x66}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{
0xb9,0xe6,0xe3,0x7e,0xcb,0xb9,0xea,0xf1,0xcc,0xf4,0x48,0x44,0x4a,0xda,0xc8,0xd7,
0x87,0xb4,0xba,0x40,0xfe,0x5b,0x68,0x11,0x14,0xcf,0xa0,0x0e,0x85,0x46,0x99,0x01}}};
#endif // SHA384
#if ALG_SHA512_VALUE == DEFAULT_TEST_HASH
const TPM2B_EC_TEST c_TestEcDsa_r = {{32, {
0xc9,0x71,0xa6,0xb4,0xaf,0x46,0x26,0x8c,0x27,0x00,0x06,0x3b,0x00,0x0f,0xa3,0x17,
0x72,0x48,0x40,0x49,0x4d,0x51,0x4f,0xa4,0xcb,0x7e,0x86,0xe9,0xe7,0xb4,0x79,0xb2}}};
const TPM2B_EC_TEST c_TestEcDsa_s = {{32,{
0x87,0xbc,0xc0,0xed,0x74,0x60,0x9e,0xfa,0x4e,0xe8,0x16,0xf3,0xf9,0x6b,0x26,0x07,
0x3c,0x74,0x31,0x7e,0xf0,0x62,0x46,0xdc,0xd6,0x45,0x22,0x47,0x3e,0x0c,0xa0,0x02}}};
const TPM2B_EC_TEST c_TestEcSchnorr_r = {{32,{
0xcc,0x07,0xad,0x65,0x91,0xdd,0xa0,0x10,0x23,0xae,0x53,0xec,0xdf,0xf1,0x50,0x90,
0x16,0x96,0xf4,0x45,0x09,0x73,0x9c,0x84,0xb5,0x5c,0x5f,0x08,0x51,0xcb,0x60,0x01}}};
const TPM2B_EC_TEST c_TestEcSchnorr_s = {{32,{
0x55,0x20,0x21,0x54,0xe2,0x49,0x07,0x47,0x71,0xf4,0x99,0x15,0x54,0xf3,0xab,0x14,
0xdb,0x8e,0xda,0x79,0xb6,0x02,0x0e,0xe3,0x5e,0x6f,0x2c,0xb6,0x05,0xbd,0x14,0x10}}};
#endif // SHA512
#endif // SELF_TEST_DATA
#endif

76
src/tpm2/crypto/openssl/CryptEccSignature.c
View File

@ -1,9 +1,9 @@
/********************************************************************************/
/* */
/* */
/* ECC Signatures */
/* Written by Ken Goldman */
/* IBM Thomas J. Watson Research Center */
/* $Id: CryptEccSignature.c 1047 2017-07-20 18:27:34Z kgoldman $ */
/* $Id: CryptEccSignature.c 1259 2018-07-10 19:11:09Z kgoldman $ */
/* */
/* Licenses and Notices */
/* */
@ -55,7 +55,7 @@
/* arising in any way out of use or reliance upon this specification or any */
/* information herein. */
/* */
/* (c) Copyright IBM Corp. and others, 2016, 2017 */
/* (c) Copyright IBM Corp. and others, 2016 - 2018 */
/* */
/********************************************************************************/
@ -144,7 +144,7 @@ BnSignEcdsa(
{
ECC_NUM(bnK);
ECC_NUM(bnIk);
BN_VAR(bnE, MAX_DIGEST_SIZE * 8);
BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8);
POINT(ecR);
bigConst order = CurveGetOrder(AccessCurveData(E));
TPM_RC retVal = TPM_RC_SUCCESS;
@ -284,7 +284,7 @@ BnSignEcdaa(
return retVal;
}
#endif // ALG_ECDAA
#if ALG_ECSCHNORR //%
#if ALG_ECSCHNORR
/* 10.2.13.3.3 SchnorrReduce() */
/* Function to reduce a hash result if it's magnitude is to large. The size of number is set so that
it has no more bytes of significance than the reference value. If the resulting number can have
@ -372,7 +372,7 @@ BnSignEcSchnorr(
}
#endif // ALG_ECSCHNORR
#if ALG_SM2
#ifdef _SM2_SIGN_DEBUG
#ifdef _SM2_SIGN_DEBUG
static BOOL
BnHexEqual(
bigNum bn, //IN: big number value
@ -402,20 +402,19 @@ BnSignEcSm2(
// debug)
)
{
BN_MAX_INITIALIZED(bnE, digest); // Don't know how big digest might be
BN_MAX_INITIALIZED(bnE, digest); // Don't know how big digest might be
ECC_NUM(bnN);
ECC_NUM(bnK);
ECC_NUM(bnX1);
ECC_NUM(bnT); // temp
ECC_NUM(bnT); // temp
POINT(Q1);
bigConst order = (E != NULL)
? CurveGetOrder(AccessCurveData(E)) : NULL;
//
#ifdef _SM2_SIGN_DEBUG
BnFromHex(bnE,
"B524F552CD82B8B028476E005C377FB19A87E6FC682D48BB5D42E3D9B9EFFE76");
BnFromHex(bnD,
"128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263");
BnFromHex(bnE, "B524F552CD82B8B028476E005C377FB1"
"9A87E6FC682D48BB5D42E3D9B9EFFE76");
BnFromHex(bnD, "128B2FA8BD433C6C068C8D803DFF7979"
"2A519A55171B1B650C23661D15897263");
#endif
// A3: Use random number generator to generate random number 1 <= k <= n-1;
// NOTE: Ax: numbers are from the SM2 standard
@ -424,20 +423,20 @@ BnSignEcSm2(
// Get a random number 0 < k < n
BnGenerateRandomInRange(bnK, order, rand);
#ifdef _SM2_SIGN_DEBUG
BnFromHex(bnK,
"6CB28D99385C175C94F94E934817663FC176D925DD72B727260DBAAE1FB2F96F");
BnFromHex(bnK, "6CB28D99385C175C94F94E934817663F"
"C176D925DD72B727260DBAAE1FB2F96F");
#endif
// A4: Figure out the point of elliptic curve (x1, y1)=[k]G, and according
// to details specified in 4.2.7 in Part 1 of this document, transform the
// data type of x1 into an integer;
if(BnEccModMult(Q1, NULL, bnK, E) != TPM_RC_SUCCESS)
if(!BnEccModMult(Q1, NULL, bnK, E))
goto loop;
// A5: Figure out r = (e + x1) mod n,
BnAdd(bnR, bnE, bnX1);
BnAdd(bnR, bnE, Q1->x);
BnMod(bnR, order);
#ifdef _SM2_SIGN_DEBUG
pAssert(BnHexEqual(bnR,
"40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1"));
pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41"
"94F79FB1EED2CAA55BACDB49C4E755D1"));
#endif
// if r=0 or r+k=n, return to A3;
if(BnEqualZero(bnR))
@ -451,8 +450,8 @@ BnSignEcSm2(
BnAddWord(bnT, bnD, 1);
BnModInverse(bnT, bnT, order);
#ifdef _SM2_SIGN_DEBUG
pAssert(BnHexEqual(bnT,
"79BFCF3052C80DA7B939E0C6914A18CBB2D96D8555256E83122743A7D4F5F956"));
pAssert(BnHexEqual(bnT, "79BFCF3052C80DA7B939E0C6914A18CB"
"B2D96D8555256E83122743A7D4F5F956"));
#endif
// compute s = t * (k - r * dA) mod n
BnModMult(bnS, bnR, bnD, order);
@ -461,8 +460,8 @@ BnSignEcSm2(
BnAdd(bnS, bnK, bnS);
BnModMult(bnS, bnS, bnT, order);
#ifdef _SM2_SIGN_DEBUG
pAssert(BnHexEqual(bnS,
"6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7"));
pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6"
"67A457872FB09EC56327A67EC7DEEBE7"));
#endif
if(BnEqualZero(bnS))
goto loop;
@ -472,10 +471,10 @@ BnSignEcSm2(
// is (r, s).
// This is handled by the common return code
#ifdef _SM2_SIGN_DEBUG
pAssert(BnHexEqual(bnR,
"40F1EC59F793D9F49E09DCEF49130D4194F79FB1EED2CAA55BACDB49C4E755D1"));
pAssert(BnHexEqual(bnS,
"6FC6DAC32C5D5CF10C77DFB20F7C2EB667A457872FB09EC56327A67EC7DEEBE7"));
pAssert(BnHexEqual(bnR, "40F1EC59F793D9F49E09DCEF49130D41"
"94F79FB1EED2CAA55BACDB49C4E755D1"));
pAssert(BnHexEqual(bnS, "6FC6DAC32C5D5CF10C77DFB20F7C2EB6"
"67A457872FB09EC56327A67EC7DEEBE7"));
#endif
return TPM_RC_SUCCESS;
}
@ -515,10 +514,6 @@ CryptEccSign(
= sizeof(signature->signature.ecdaa.signatureR.t.buffer);
signature->signature.ecdaa.signatureS.t.size
= sizeof(signature->signature.ecdaa.signatureS.t.buffer);
// Prime order for this implementation needs to be a multiple of a byte
// so, no P521 for now.
pAssert((BnSizeInBits(CurveGetPrime(C)) & 7) == 0);
pAssert((BnSizeInBits(CurveGetOrder(C)) & 7) == 0);
TEST(signature->sigAlg);
switch(signature->sigAlg)
{
@ -561,7 +556,7 @@ CryptEccSign(
CURVE_FREE(E);
return retVal;
}
#if ALG_ECDSA //%
#if ALG_ECDSA
/* 10.2.13.3.7 BnValidateSignatureEcdsa() */
/* This function validates an ECDSA signature. rIn and sIn should have been checked to make sure
that they are in the range 0 < v < n */
@ -579,7 +574,7 @@ BnValidateSignatureEcdsa(
{
// Make sure that the allocation for the digest is big enough for a maximum
// digest
BN_VAR(bnE, MAX_DIGEST_SIZE * 8);
BN_VAR(bnE, MAX(MAX_ECC_KEY_BYTES, MAX_DIGEST_SIZE) * 8);
POINT(ecR);
ECC_NUM(bnU1);
ECC_NUM(bnU2);
@ -616,7 +611,7 @@ BnValidateSignatureEcdsa(
Exit:
return retVal;
}
#endif //% ALG_ECDSA
#endif // ALG_ECDSA
#if ALG_SM2
/* 10.2.13.3.8 BnValidateSignatureEcSm2() */
/* This function is used to validate an SM2 signature. */
@ -648,7 +643,7 @@ BnValidateSignatureEcSm2(
"67A457872FB09EC56327A67EC7DEEBE7"));
#endif
// b) compute t := (r + s) mod n
BnAdd(bnT, bnT, bnS);
BnAdd(bnT, bnR, bnS);
BnMod(bnT, order);
#ifdef _SM2_SIGN_DEBUG
pAssert(BnHexEqual(bnT,
@ -669,16 +664,16 @@ BnValidateSignatureEcSm2(
"23E6D9188B2AE47759514657CE25D112"));
#endif
// e) compute r' := (e + x) mod n (the x coordinate is in bnT)
BnAdd(bnRp, bnE, P->x);
BnMod(bnRp, order);
OK = OK && BnAdd(bnRp, bnE, P->x);
OK = OK && BnMod(bnRp, order);
// f) verify that r' = r
OK = (BnUnsignedCmp(bnR, bnRp) != 0) & OK;
OK = OK && (BnUnsignedCmp(bnR, bnRp));
if(!OK)
return TPM_RC_SIGNATURE;
else
return TPM_RC_SUCCESS;
}
#endif //% ALG_SM2
#endif // ALG_SM2
#if ALG_ECSCHNORR
/* 10.2.13.3.9 BnValidateSignatureEcSchnorr() */
/* This function is used to validate an EC Schnorr signature. */
@ -825,7 +820,8 @@ CryptEccCommitCompute(
TPM2B_ECC_PARAMETER *r // IN: the computed r value (required)
)
{
CURVE_INITIALIZED(curve, curveId);
CURVE_INITIALIZED(curve, curveId); // Normally initialize E as the curve, but E means
// something else in this function
ECC_INITIALIZED(bnR, r);
TPM_RC retVal = TPM_RC_SUCCESS;
//