Searched hist:e8bbd0e0e6bdf267b3977bb8e3145f7a71a2354c (Results 1 – 1 of 1) sorted by relevance
| /optee_os/core/drivers/crypto/versal/ |
| H A D | ecc.c | e8bbd0e0e6bdf267b3977bb8e3145f7a71a2354c Mon Jan 30 22:20:49 UTC 2023 Jorge Ramirez-Ortiz <jorge@foundries.io> crypto: versal: ecc: sign/verify fix
Both the message (hash) and the generated signatures must be swapped.
The following custom tests were executed for P384 (prime384v1) and
P521 (nistp521) curves.
Signing and verifying using pkcs#11 alone (ie like done in xtest) was
not sufficient to capture this bug.
PTOOL='pkcs11-tool --module /usr/lib/libckteec.so.0.1.0'
SO_PIN=55555555
PIN=44444444
FILE=hello
printf "OP-TEE: create key pair"
$PTOOL --id 01 --label ldts --token-label fio --pin $PIN \
--keypairgen \
--key-type EC:prime384v1
printf "OP-TEE: read the public key"
$PTOOL -l --pin $PIN --id 01 \
--read-object --type pubkey --output-file pubkey.spki
printf "Openssl: export key to PEM"
openssl ec -inform DER -outform PEM -in pubkey.spki -pubin > pubkey.pub
printf "Create file to sign"
echo "hello world" > $FILE
printf "OpenSSL: create the file sha384"
openssl dgst -binary -sha384 $FILE > $FILE.hash
printf "OP-TEE: generate signature "
$PTOOL --pin $PIN --id 01 --label ldts --token-label fio \
--sign
--input-file $FILE.hash
--output-file $FILE.sig
--mechanism ECDSA
-f openssl
printf "OpenSSL: verify signature"
openssl dgst -sha384 -verify pubkey.pub -signature "$FILE".sig "$FILE"
printf "OP-TEE: verify signature"
$PTOOL --pin $PIN --id 01 --label ldts --token-label fio \
--verify \
--input-file $FILE.hash \
--signature-format openssl \
--signature-file $FILE.sig \
--mechanism ECDSA
Signed-off-by: Jorge Ramirez-Ortiz <jorge@foundries.io>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
|