Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

OPTIGA™ Trust

JBP
Employee
5 questions asked 10 sign-ins 5 sign-ins
Employee

Hello,

I use Optiga Trust M Eval Kit to integrate Optiga Trust M in our product. We use the following example: 

https://github.com/Infineon/optiga-trust-m/blob/develop/examples/utilities/authenticate_chip/example...

We observed that pal_crypt_verify_signature independently of Keys, Digest and Signature delivers return code 0xB380. This return code we cannot decrpyt according to the existing return codes. 
The return code is independent of the input data. We used input data from example_optiga_crypt_ecdsa_verify.c as well as python-generated random data. 

Please, explain why pal_crypt_verify_signature fails.

Best regards,

0 Likes
1 Solution
Sharath
Moderator
Moderator 10 replies posted 25 sign-ins First like given
Moderator

It seems like the issue is in OPTIGA initialization.  Please initialize OPTIGA before using it via optiga_util_open_application

View solution in original post

0 Likes
5 Replies
Sharath
Moderator
Moderator 10 replies posted 25 sign-ins First like given
Moderator

Hello,

Could you please provide the following info:

1. What steps did you follow (exact sequence) and got the error? E.g. Initialize OPTIGA, open application etc.

2. Could you provide any logs or other artifacts which can help us understand the problem in depth?

0 Likes
Maik
Level 1
First reply posted Welcome!
Level 1

Hello,

We used your source code on our Aurix TC233. So I copied the sources, compiled it and just run

status = pal_crypt_verify_signature(p_pubkey, pubkey_size,
signature, signature_size,
digest, LENGTH_SHA256);

of the module example_authenticate_chip.c

 

I used the signature, digest and public key from your "getting started optiga" project from the module example_optiga_crypt_ecdsa_verify.c .

Since we are on an embedded system I have no logs so far. But nevertheless due to the return code, there should be an indicator what went wrong.

I will try to get some logs, but in the meantime a small hint in what direction we could look would be helpful.

0 Likes
Sharath
Moderator
Moderator 10 replies posted 25 sign-ins First like given
Moderator

We do not expect the return value you get, please check the following hints:

1. Is OPTIGA initialized?

2.  Is the sequence for open application with OPTIGA followed before calling any OPTIGA functions?

3. Is the PAL integrated and implemented properly? If PAL is not implemented properly, it could be the PAL providing the unknown return value, but not OPTIGA.

4. Are the pointers to digest, signature etc. pointing to a local or global variable? 

0 Likes
Maik
Level 1
First reply posted Welcome!
Level 1

We were just cutting out the pal_crypt_verify_signature function to use it in our project. So the actual initialization of the optiga is done by an other component. We just get transfered the digest and signature to verify the results with or public key. So we do not use the optiga directly.

1. not initialize. Maybe we are wrong, but as far as we understood it, for this single pal_crypt_verify_signature  function it was not necessary

2. we just use this one function, everything else is use by an other component

3. PAL not used

4. local variables. For testing it is even hard coded in the source code

 

What is absolutly necessary to just use this one function, in case pkey, digest and signature is known?

0 Likes
Sharath
Moderator
Moderator 10 replies posted 25 sign-ins First like given
Moderator

It seems like the issue is in OPTIGA initialization.  Please initialize OPTIGA before using it via optiga_util_open_application

0 Likes