Eric Naud
2015-09-16 17:15:06 UTC
Hi,
I'm looking into transport layer TSS API test failures ofr Tspi_Key_UnloadKey_trans01 and trans02 specifically.
I know these tests have passed on other TPMs but seem to fail on the Infineon chip I'm working with:
TPM 1.2 Version Info:
Chip Version: 1.2.4.40
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: IFX
Vendor Specific data: 04280077 0074706d 3631ffff ff
TPM Version: 01010000
Manufacturer Info: 49465800
Both tests fail on the call to Testsuite_Transport_Final as it's trying to verify a signature, here's the call stack:
#0 Trspi_Verify (HashType=1, pHash="...", iHashLength=20, pModulus=0x805e2c0 "", iKeyLength=64, pSignature=0x805e220 "", sig_len=64) at crypto/openssl/rsa.c:173
#1 0xb8223354 in __tspi_rsa_verify
#2 0xb82239ec in Tspi_Context_CloseSignTransport
#3 0x0804f710 in Testsuite_Transport_Final
#4 0x0804a017 in main_v1_2
#5 0x08049c19 in main
It seems that in frame #2 we're unable to verify a signature:
result = __tspi_rsa_verify(hSigningKey, TSS_HASH_SHA1, sizeof(TPM_DIGEST), digest.digest,
sigLen, sig);
The only thing I can think of is this remark in the TSS Spec for Tspi_Context_CloseSignTransport():
@Section 4.3.4.1.4 Tspi_Context_CloseSignTransport
"The required key information must be set into the key object addressed by hSigningKey via Tspi_SetAttribData( ) before this method is called."
But I don't see any calls to Tspi_SetAttribData to bind the hSigningKey to the key object in the test case or common.c/Testsuite_Transport_Init(). Could this be related to the issue? Can it explain why it runs on other TPMs?
Anyone have an idea why these two tests would fail specifically on this TPM?
Side notes:
- the test passes if we don't call Tspi_Key_UnloadKey before calling Tspi_Context_CloseSignTransport()
- the test passes if we pass in 0 instead of hSigning (indicating this really is a signature validation issue)
Thanks,
Eric
I'm looking into transport layer TSS API test failures ofr Tspi_Key_UnloadKey_trans01 and trans02 specifically.
I know these tests have passed on other TPMs but seem to fail on the Infineon chip I'm working with:
TPM 1.2 Version Info:
Chip Version: 1.2.4.40
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: IFX
Vendor Specific data: 04280077 0074706d 3631ffff ff
TPM Version: 01010000
Manufacturer Info: 49465800
Both tests fail on the call to Testsuite_Transport_Final as it's trying to verify a signature, here's the call stack:
#0 Trspi_Verify (HashType=1, pHash="...", iHashLength=20, pModulus=0x805e2c0 "", iKeyLength=64, pSignature=0x805e220 "", sig_len=64) at crypto/openssl/rsa.c:173
#1 0xb8223354 in __tspi_rsa_verify
#2 0xb82239ec in Tspi_Context_CloseSignTransport
#3 0x0804f710 in Testsuite_Transport_Final
#4 0x0804a017 in main_v1_2
#5 0x08049c19 in main
It seems that in frame #2 we're unable to verify a signature:
result = __tspi_rsa_verify(hSigningKey, TSS_HASH_SHA1, sizeof(TPM_DIGEST), digest.digest,
sigLen, sig);
The only thing I can think of is this remark in the TSS Spec for Tspi_Context_CloseSignTransport():
@Section 4.3.4.1.4 Tspi_Context_CloseSignTransport
"The required key information must be set into the key object addressed by hSigningKey via Tspi_SetAttribData( ) before this method is called."
But I don't see any calls to Tspi_SetAttribData to bind the hSigningKey to the key object in the test case or common.c/Testsuite_Transport_Init(). Could this be related to the issue? Can it explain why it runs on other TPMs?
Anyone have an idea why these two tests would fail specifically on this TPM?
Side notes:
- the test passes if we don't call Tspi_Key_UnloadKey before calling Tspi_Context_CloseSignTransport()
- the test passes if we pass in 0 instead of hSigning (indicating this really is a signature validation issue)
Thanks,
Eric