Re: [Trustedjava-support] validate a certified key

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Here is the output of the test you sent me. It confirms what you said. Waiting for new laptop...:)
Thanks again.

Federico

run:
-== TPM Information ==-

TPM Version Info:
       tpmVendorID: IFX

-== VALIDATION ==-

The calculated SHA-1 hash of the modulus:
df5733968e250ebe07b82bb099109f5590d57dfa

The SHA-1 hash of the modulus as it was returned in the validation data:
4a06c58f10e86cf76bec2cce0cb71dac927a4e54

The SHA-1 hash of the entire TPM_STORE_PUBKEY struct
4a06c58f10e86cf76bec2cce0cb71dac927a4e54

ERROR: Digest of the certified key's modulus does not match the one in the provided validation data!
______________

SUCCESS: Signature successfully verified.
______________

SUCCESS: The nonce was successfully verified.
______________

2012/10/18 <Fed...@ff...<mailto:Fed...@ff...>>

-----Opprinnelig melding-----
Fra: Martin Pirker [mailto:Mar...@ia...<mailto:Mar...@ia...>]
Sendt: 18. oktober 2012 10:15
Til: tru...@li...<mailto:tru...@li...>
Emne: Re: [Trustedjava-support] validate a certified key

On 2012-10-17 22:29, Ronald Tögl wrote:
> I recall that some not so old Infineon TPMs needed a Firmware Update (to 3.17) to certify keys correctly...

IFX TPMs up to FW 3.16 are calculating the hash over the entire TPM_STORE_PUBKEY struct instead of just the key modulus as described in the TPM specification.
This was fixed in FW 3.17.

FYI, test code to check for this TPM bug and sample outputs attached.

HTH,
Martin