Menu
▾
▴
Re: [TrouSerS-users] Non-deterministic failure with Tspi_Key_CertifyKey
|
From: Hal F. <hal...@gm...> - 2008-02-20 17:35:21
|
Hi Carolin -
Looks like there is a bug in Trousers tspi_certify.c when a key
involved uses authorization. Trousers computes the checksum on the
data returned from the TPM incorrectly:
116 /* Validate auth */
117 if (useAuthCert || useAuthKey) {
118 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1);
119 result |= Trspi_Hash_UINT32(&hashCtx, result);
120 result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CertifyKey);
121 result |= Trspi_HashUpdate(&hashCtx, CertifyInfoSize, CertifyInfo);
122 if ((result |= Trspi_HashFinal(&hashCtx, digest.digest)))
123 return result;
This should also hash in outDataSize and outData per the TPM spec. So
that will cause Trousers to incorrectly report an error.
Hal
On Wed, Feb 20, 2008 at 8:39 AM, Carolin Latze <car...@un...> wrote:
> Hi everybody,
>
> I am still working with Tspi_Key_CertifyKey and I have still problems ;-)
>
> Everything is perfect, as long as I use keys with no authorization. But
> when I use keys, that need authorization, I get "Authorization failed"
> from Tspi_Key_CertifyKey.
|