Improve crypto callback key gen hash algorithm selection.

dgarske · dgarske · commit 541a85ca5f22 · 2025-07-23T13:33:37.000-07:00
diff --git a/examples/wrap/wrap_test.c b/examples/wrap/wrap_test.c
@@ -124,6 +124,8 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     TPM_ALG_ID paramEncAlg = TPM_ALG_NULL;
     WOLFTPM2_SESSION tpmSession;
 
+    XMEMSET(&rsaKey, 0, sizeof(rsaKey));
+    XMEMSET(&eccKey, 0, sizeof(eccKey));
     XMEMSET(&aesKey, 0, sizeof(aesKey));
     XMEMSET(&publicKey, 0, sizeof(publicKey));
 #ifndef WOLFTPM2_NO_WOLFCRYPT
@@ -172,11 +174,9 @@ int TPM2_Wrapper_TestArgs(void* userCtx, int argc, char *argv[])
     /* Setup the wolf crypto device callback */
     XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));
 #ifndef NO_RSA
-    XMEMSET(&rsaKey, 0, sizeof(rsaKey));
     tpmCtx.rsaKey = &rsaKey;
 #endif
 #ifdef HAVE_ECC
-    XMEMSET(&eccKey, 0, sizeof(eccKey));
     tpmCtx.eccKey = &eccKey;
 #endif
     tpmCtx.storageKey = &storageKey;
diff --git a/src/tpm2_cryptocb.c b/src/tpm2_cryptocb.c
@@ -220,23 +220,24 @@ int wolfTPM2_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx)
                     key->handle.hndl == TPM_RH_NULL
                 ) {
                     TPMT_PUBLIC publicTemplate;
-                    XMEMSET(&publicTemplate, 0, sizeof(publicTemplate));
+                    TPMI_ALG_HASH hashAlg;
+
+                    if (curve_id == TPM_ECC_NIST_P521)
+                        hashAlg = TPM_ALG_SHA512;
+                    else if (curve_id == TPM_ECC_NIST_P384)
+                        hashAlg = TPM_ALG_SHA384;
+                    else
+                        hashAlg = TPM_ALG_SHA256;
 
-                    rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
+                    XMEMSET(&publicTemplate, 0, sizeof(publicTemplate));
+                    rc = wolfTPM2_GetKeyTemplate_ECC_ex(&publicTemplate, hashAlg,
                         TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
                         TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
-                        curve_id, TPM_ALG_ECDSA);
+                        curve_id, TPM_ALG_ECDSA, hashAlg);
                     if (rc == 0) {
-                        if (curve_id == TPM_ECC_NIST_P521)
-                            publicTemplate.nameAlg = TPM_ALG_SHA512;
-                        else if (curve_id == TPM_ECC_NIST_P384)
-                            publicTemplate.nameAlg = TPM_ALG_SHA384;
-                        else
-                            publicTemplate.nameAlg = TPM_ALG_SHA256;
-
                         if (tlsCtx->ecdsaKey != NULL) {
                             /* Use create key and load key directly instead to make
-                            * sure the private portion is populated */
+                             * sure the private portion is populated */
                             rc = wolfTPM2_CreateKey(tlsCtx->dev, tlsCtx->ecdsaKey,
                                 &tlsCtx->storageKey->handle, &publicTemplate,
                                 (byte*)key->handle.auth.buffer,
