From: Hal F. <hal...@gm...> - 2008-02-20 17:35:21
|
Hi Carolin - Looks like there is a bug in Trousers tspi_certify.c when a key involved uses authorization. Trousers computes the checksum on the data returned from the TPM incorrectly: 116 /* Validate auth */ 117 if (useAuthCert || useAuthKey) { 118 result = Trspi_HashInit(&hashCtx, TSS_HASH_SHA1); 119 result |= Trspi_Hash_UINT32(&hashCtx, result); 120 result |= Trspi_Hash_UINT32(&hashCtx, TPM_ORD_CertifyKey); 121 result |= Trspi_HashUpdate(&hashCtx, CertifyInfoSize, CertifyInfo); 122 if ((result |= Trspi_HashFinal(&hashCtx, digest.digest))) 123 return result; This should also hash in outDataSize and outData per the TPM spec. So that will cause Trousers to incorrectly report an error. Hal On Wed, Feb 20, 2008 at 8:39 AM, Carolin Latze <car...@un...> wrote: > Hi everybody, > > I am still working with Tspi_Key_CertifyKey and I have still problems ;-) > > Everything is perfect, as long as I use keys with no authorization. But > when I use keys, that need authorization, I get "Authorization failed" > from Tspi_Key_CertifyKey. |