commit | 81e70877e2e3387beac631dd7acaeed4a7c13022 | [log] [tgz] |
---|---|---|
author | Andrey Pronin <apronin@chromium.org> | Mon Nov 28 19:12:12 2016 -0800 |
committer | chrome-bot <chrome-bot@chromium.org> | Tue Nov 29 13:12:41 2016 -0800 |
tree | a2008cb559c09d3cf02fe7fd8463010bc7d289df | |
parent | 07ec984d630c89128306671ec42b964236ce4eaf [diff] |
tpm2: fix algorithm IDs for hashing algorithms Uncomment the AlgorithmIdentifier values for hashing algorithms. Without that, all zeroes were used for DER encoding the hash value when signing using RSASSA. BUG=chrome-os-partner:59754 BUG=chrome-os-partner:60382 TEST=On TPM2 for a pre-generated key pair (/tmp/priv.key + /tmp/pub.key) and input /tmp/1.txt, import the private key, sign the text using it and SHA256-RSA-PKCS, and verify that the signature is correct: openssl pkcs8 -inform pem -outform der -in /tmp/priv.key \ -out /tmp/priv.der -nocrypt p11_replay --import --path=/tmp/priv.der --type=privkey \ -id=bbbbbb pkcs11-tool --module=`ls /usr/lib**/libchaps.so` --slot=0 \ --id=bbbbbb --sign -i /tmp/1.txt -o /tmp/1.sig \ -m SHA256-RSA-PKCS openssl dgst -sha256 -verify /tmp/pub.key \ -signature /tmp/1.sig /tmp/1.txt The last operation should say "Verified OK". Change-Id: I8c29ec320d8c5832267c6295d00440846d27ff87 Reviewed-on: https://chromium-review.googlesource.com/415024 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Nagendra Modadugu <ngm@google.com> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-by: Darren Krahn <dkrahn@chromium.org>