On Wed May 29, 2024 at 12:42 AM EEST, Jarkko Sakkinen wrote: > On Wed May 29, 2024 at 12:08 AM EEST, Jarkko Sakkinen wrote: > > + /* Encode the ASN.1 signature: */ > > +#define TPM2_KEY_ECDSA_SIG_SIZE (2 + 2 * (2 + SHA256_DIGEST_SIZE) + r_0 + s_0) > > + pr_info("sig_size=%d\n", TPM2_KEY_ECDSA_SIG_SIZE); > > + ptr[0] = 0x30; /* SEQUENCE */ > > + ptr[1] = TPM2_KEY_ECDSA_SIG_SIZE - 2; > > +#define TPM2_KEY_ECDSA_SIG_R_TAG 2 > > +#define TPM2_KEY_ECDSA_SIG_R_SIZE 3 > > +#define TPM2_KEY_ECDSA_SIG_R_BODY 4 > > + ptr[TPM2_KEY_ECDSA_SIG_R_TAG] = 0x02; /* INTEGER */ > > + ptr[TPM2_KEY_ECDSA_SIG_R_SIZE] = SHA256_DIGEST_SIZE + r_0; > > + ptr[TPM2_KEY_ECDSA_SIG_R_BODY] = 0x00; /* maybe dummy write */ > > + memcpy(&ptr[TPM2_KEY_ECDSA_SIG_R_BODY + r_0], r, SHA256_DIGEST_SIZE); > > +#define TPM2_KEY_ECDSA_SIG_S_TAG (4 + r_0 + SHA256_DIGEST_SIZE) > > +#define TPM2_KEY_ECDSA_SIG_S_SIZE (5 + r_0 + SHA256_DIGEST_SIZE) > > +#define TPM2_KEY_ECDSA_SIG_S_BODY (6 + r_0 + SHA256_DIGEST_SIZE) > > + ptr[TPM2_KEY_ECDSA_SIG_S_TAG] = 0x02; /* INTEGER */ > > + ptr[TPM2_KEY_ECDSA_SIG_S_SIZE] = SHA256_DIGEST_SIZE + s_0; > > + ptr[TPM2_KEY_ECDSA_SIG_S_BODY] = 0x00; /* maybe dummy write */ > > + memcpy(&ptr[TPM2_KEY_ECDSA_SIG_S_BODY + s_0], s, SHA256_DIGEST_SIZE); > > + ret = TPM2_KEY_ECDSA_SIG_SIZE; > > Stefan, so this how I realized the signature encoding, thanks to > your earlier remarks [1]! I found out based on that a few glitches > and ended up with this better structured ECDSA signature encoder, > so thank you for doing that. 1. SHA384 would fit without any significant changes. 2. SHA512 will require a single additional byte, i.e. prefix byte 0x81 for the sequence (not for coeffients). 3. SM3 similarly is also trivial to add. Both will be also easy to add later on. I would not enlarge this patch set from what it is now. So I think this is pretty well along the lines of: https://datatracker.ietf.org/doc/draft-woodhouse-cert-best-practice/ BR, Jarkko