fixup! checkquote: support more curves and hashes

brandsimon · brandsimon · commit e8790da7e3ac · 2025-04-01T10:30:48.000Z
diff --git a/tss-esapi/src/utils/quote.rs b/tss-esapi/src/utils/quote.rs
@@ -45,7 +45,6 @@ where
         return Ok(false);
     };
     let Ok(public) = elliptic_curve::PublicKey::<C>::try_from(public) else {
-        println!("public convert failed");
         return Ok(false);
     };
 
@@ -326,16 +325,12 @@ pub fn checkquote(
                         let Signature::EcDsa(sig) = signature else {
                             return Ok(false);
                         };
-                        println!("hash_alg: {:?}", sig.hashing_algorithm());
-
                         if !verify_ecdsa::<$curve>(&public, &bytes, &sig, sig.hashing_algorithm())?
                         {
-                            println!("verification failed");
                             return Ok(false);
                         }
 
                         hash_alg = Some(sig.hashing_algorithm());
-                        println!("hash_alg: {hash_alg:?}");
                     }
                 };
             }
diff --git a/tss-esapi/tests/integration_tests/utils_tests/quote_test.rs b/tss-esapi/tests/integration_tests/utils_tests/quote_test.rs
@@ -193,7 +193,16 @@ mod test_quote {
         checkquote_ecc(HashingAlgorithm::Sha256);
     }
 
-    fn checkquote_rsa(keybits: RsaKeyBits, hash_alg: HashingAlgorithm) {
+    #[test]
+    fn checkquote_ecc_sha512() {
+        checkquote_ecc(HashingAlgorithm::Sha512);
+    }
+
+    fn checkquote_rsa(
+        keybits: RsaKeyBits,
+        hash_alg: HashingAlgorithm,
+        sig_scheme: SignatureSchemeAlgorithm,
+    ) {
         let mut context = create_ctx_with_session();
         let ek_rsa = ek::create_ek_object(
             &mut context,
@@ -207,7 +216,7 @@ mod test_quote {
             ek_rsa,
             hash_alg,
             AsymmetricAlgorithmSelection::Rsa(keybits),
-            SignatureSchemeAlgorithm::RsaPss,
+            sig_scheme,
             Some(ak_auth.clone()),
             None,
         )
@@ -252,17 +261,29 @@ mod test_quote {
     }
 
     #[test]
-    fn checkquote_rsa_sha1() {
-        checkquote_rsa(RsaKeyBits::Rsa2048, HashingAlgorithm::Sha1);
+    fn checkquote_rsa_pss_sha1() {
+        checkquote_rsa(
+            RsaKeyBits::Rsa1024,
+            HashingAlgorithm::Sha1,
+            SignatureSchemeAlgorithm::RsaPss,
+        );
     }
 
     #[test]
-    fn checkquote_rsa_sha256() {
-        checkquote_rsa(RsaKeyBits::Rsa3072, HashingAlgorithm::Sha256);
+    fn checkquote_rsa_ssa_sha256() {
+        checkquote_rsa(
+            RsaKeyBits::Rsa2048,
+            HashingAlgorithm::Sha256,
+            SignatureSchemeAlgorithm::RsaSsa,
+        );
     }
 
     #[test]
-    fn checkquote_rsa_sha384() {
-        checkquote_rsa(RsaKeyBits::Rsa3072, HashingAlgorithm::Sha384);
+    fn checkquote_rsa_pss_sha384() {
+        checkquote_rsa(
+            RsaKeyBits::Rsa3072,
+            HashingAlgorithm::Sha384,
+            SignatureSchemeAlgorithm::RsaPss,
+        );
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,6 @@ where`
`45`	`45`	`return Ok(false);`
`46`	`46`	`};`
`47`	`47`	`let Ok(public) = elliptic_curve::PublicKey::<C>::try_from(public) else {`
`48`		`- println!("public convert failed");`
`49`	`48`	`return Ok(false);`
`50`	`49`	`};`
`51`	`50`
`@@ -326,16 +325,12 @@ pub fn checkquote(`
`326`	`325`	`let Signature::EcDsa(sig) = signature else {`
`327`	`326`	`return Ok(false);`
`328`	`327`	`};`
`329`		`- println!("hash_alg: {:?}", sig.hashing_algorithm());`
`330`		`-`
`331`	`328`	`if !verify_ecdsa::<$curve>(&public, &bytes, &sig, sig.hashing_algorithm())?`
`332`	`329`	`{`
`333`		`- println!("verification failed");`
`334`	`330`	`return Ok(false);`
`335`	`331`	`}`
`336`	`332`
`337`	`333`	`hash_alg = Some(sig.hashing_algorithm());`
`338`		`- println!("hash_alg: {hash_alg:?}");`
`339`	`334`	`}`
`340`	`335`	`};`
`341`	`336`	`}`