issues in authenticate chip example

JBP · ‎Jan 12, 2022

Hello,

I use Optiga Trust M Eval Kit to integrate Optiga Trust M in our product. We use the following example:

https://github.com/Infineon/optiga-trust-m/blob/develop/examples/utilities/authenticate_chip/example...

We observed that pal_crypt_verify_signature independently of Keys, Digest and Signature delivers return code 0xB380. This return code we cannot decrpyt according to the existing return codes.
The return code is independent of the input data. We used input data from example_optiga_crypt_ecdsa_verify.c as well as python-generated random data.

Please, explain why pal_crypt_verify_signature fails.

Best regards,

Sharath_V · ‎Jan 24, 2022

It seems like the issue is in OPTIGA initialization. Please initialize OPTIGA before using it via optiga_util_open_application

View solution in original post

Sharath_V · ‎Jan 18, 2022

Hello,

Could you please provide the following info:

1. What steps did you follow (exact sequence) and got the error? E.g. Initialize OPTIGA, open application etc.

2. Could you provide any logs or other artifacts which can help us understand the problem in depth?

Maik · ‎Jan 20, 2022

Hello,

We used your source code on our Aurix TC233. So I copied the sources, compiled it and just run

status = pal_crypt_verify_signature(p_pubkey, pubkey_size,
signature, signature_size,
digest, LENGTH_SHA256);

of the module example_authenticate_chip.c

I used the signature, digest and public key from your "getting started optiga" project from the module example_optiga_crypt_ecdsa_verify.c .

Since we are on an embedded system I have no logs so far. But nevertheless due to the return code, there should be an indicator what went wrong.

I will try to get some logs, but in the meantime a small hint in what direction we could look would be helpful.

Sharath_V · ‎Jan 20, 2022

We do not expect the return value you get, please check the following hints:

1. Is OPTIGA initialized?

2. Is the sequence for open application with OPTIGA followed before calling any OPTIGA functions?

3. Is the PAL integrated and implemented properly? If PAL is not implemented properly, it could be the PAL providing the unknown return value, but not OPTIGA.

4. Are the pointers to digest, signature etc. pointing to a local or global variable?

Maik · ‎Jan 24, 2022

We were just cutting out the pal_crypt_verify_signature function to use it in our project. So the actual initialization of the optiga is done by an other component. We just get transfered the digest and signature to verify the results with or public key. So we do not use the optiga directly.

1. not initialize. Maybe we are wrong, but as far as we understood it, for this single pal_crypt_verify_signature function it was not necessary

2. we just use this one function, everything else is use by an other component

3. PAL not used

4. local variables. For testing it is even hard coded in the source code

What is absolutly necessary to just use this one function, in case pkey, digest and signature is known?

Sharath_V · ‎Jan 24, 2022

It seems like the issue is in OPTIGA initialization. Please initialize OPTIGA before using it via optiga_util_open_application

issues in authenticate chip example

Re: issues in authenticate chip example

Re: issues in authenticate chip example

Re: issues in authenticate chip example

Re: issues in authenticate chip example

Re: issues in authenticate chip example

Re: issues in authenticate chip example