Fix create_ak for ECC keys

Fixing the parameters for creating AKs in the Endorsement Hierarchy. The `count` value part of the `EccScheme` has been adjusted, and an empty `EccPoint` was added as unique identifier for the key. Signed-off-by: Ionut Mihalcea <[email protected]>
parallaxsecond · Oct 26, 2023 · ae7bffb · ae7bffb
1 parent d942908
commit ae7bffb
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 3 deletions.
diff --git a/tss-esapi/src/abstraction/ak.rs b/tss-esapi/src/abstraction/ak.rs
@@ -16,7 +16,7 @@ use crate::{
         session_handles::PolicySession,
     },
     structures::{
-        Auth, CreateKeyResult, EccScheme, KeyDerivationFunctionScheme, Private, Public,
+        Auth, CreateKeyResult, EccPoint, EccScheme, KeyDerivationFunctionScheme, Private, Public,
         PublicBuilder, PublicEccParametersBuilder, PublicKeyRsa, PublicRsaParametersBuilder,
         RsaExponent, RsaScheme, SymmetricDefinitionObject,
     },
@@ -77,12 +77,17 @@ fn create_ak_public<IKC: IntoKeyCustomization>(
                     .with_ecc_scheme(EccScheme::create(
                         EccSchemeAlgorithm::try_from(AlgorithmIdentifier::from(sign_alg))?,
                         Some(hash_alg),
-                        Some(0),
+                        if sign_alg == SignatureSchemeAlgorithm::EcDaa {
+                            Some(0)
+                        } else {
+                            None
+                        },
                     )?)
                     .with_curve(ecc_curve)
                     .with_key_derivation_function_scheme(KeyDerivationFunctionScheme::Null)
                     .build()?,
-            ),
+            )
+            .with_ecc_unique_identifier(EccPoint::default()),
     };
 
     let key_builder = if let Some(ref k) = key_customization {

diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/ak_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/ak_tests.rs
@@ -67,6 +67,28 @@ fn test_create_ak_rsa_ecc() {
     }
 }
 
+#[test]
+fn test_create_ak_ecc_ecc() {
+    let mut context = create_ctx_without_session();
+
+    let ek_ecc = ek::create_ek_object(
+        &mut context,
+        AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP384),
+        None,
+    )
+    .unwrap();
+    ak::create_ak(
+        &mut context,
+        ek_ecc,
+        HashingAlgorithm::Sha256,
+        AsymmetricAlgorithmSelection::Ecc(EccCurve::NistP256),
+        SignatureSchemeAlgorithm::EcDsa,
+        None,
+        None,
+    )
+    .unwrap();
+}
+
 #[test]
 fn test_create_and_use_ak() {
     let mut context = create_ctx_without_session();