infineon / arduino-optiga-trust-x Goto Github PK
View Code? Open in Web Editor NEWInfineon OPTIGA™ Trust X security solution library for Arduino
License: MIT License
Infineon OPTIGA™ Trust X security solution library for Arduino
License: MIT License
The calculateSignature routine can return various length of 68 to 70 bytes in IFX_OPTIGA_TrustX::checkChip(void).
The data extracting offset is incorrect when the calculate signature returns 70 bytes resulting in failure of validation. The proposed solution is to change the offset from 5 to 4 on line 3 below.
if (p_sign[1] == 0x21){
memcpy(p_unformSign, &p_sign[3], LENGTH_RS_VECTOR/2);
if (p_sign[(LENGTH_RS_VECTOR/2) + 4] == 0x21) {
memcpy(&p_unformSign[LENGTH_RS_VECTOR/2], &p_sign[(LENGTH_RS_VECTOR/2) + 6], LENGTH_RS_VECTOR/2);
} else {
memcpy(&p_unformSign[LENGTH_RS_VECTOR/2], &p_sign[(LENGTH_RS_VECTOR/2) + 5], LENGTH_RS_VECTOR/2);
}
}
else
{
memcpy(p_unformSign, &p_sign[2], LENGTH_RS_VECTOR/2);
if (p_sign[(LENGTH_RS_VECTOR/2) + 3] == 0x21)
{
memcpy(&p_unformSign[LENGTH_RS_VECTOR/2], &p_sign[(LENGTH_RS_VECTOR/2) + 5], (LENGTH_RS_VECTOR/2));
}
else
{
memcpy(&p_unformSign[LENGTH_RS_VECTOR/2], &p_sign[(LENGTH_RS_VECTOR/2) + 4], LENGTH_RS_VECTOR/2);
}
}
I havent found, how can i perform mutual handshake using arduino. This is an important thing which needs to be implemented. Secondly i donot find .c files corresponding to OCP.h header files in src folder.
I am a researcher and I want to use the ECC sign/verify options.
Using XMC2Go and the latest OPTIGA Trust X library, assert (shown in italic) is added and triggered. The bTagLocation variable returns from IntLib_GetTagPos() can be a value larger than the available array size causing the system to crash.
static int32_t IntLib_VerifyAC(eMetaDataTag_d PeMetaDataTag, sACVector_d *PpsACVal)
{.....
//get tag position of lcsO and read lcsO.
//LCO may not be found for all object.It is not an error
i4Status = IntLib_GetTagPos(PpsACVal->psMetaData->prgbStream,(uint8_t)eLCSO,&bTagLocation);
if(INT_LIB_OK == i4Status)
{
if(LENGTH_METADATA<=(bTagLocation+2)){
i4Status = (int32_t)INT_LIB_ERROR;
Serial.println("Assert: Array out of bound!");
Serial.println(bTagLocation,HEX);
break;
}
//get the LcsO value from TLV
PpsACVal->bLcsO = (PpsACVal->psMetaData->prgbStream)[bTagLocation+2];
.......
Hey
I was trying to verify a signature generated by this library using openssl on my computer.
It did not work until I finally discovered this issue
Since OpenSSL likes Signatures in the ASN.1 menthod I took the convenient function formatSignature
like this:
/*
* Generate a signature NIST-P256
*/
printGreen("Generate Signature ... ");
ret = trustX.calculateSignature(hash, hashLen, eFIRST_DEVICE_PRIKEY_1, formSign, signLen);
Serial.printf("Code: %u\n", ret);
ASSERT(ret);
output_result("Signature", formSign, signLen);
printGreen("Format Signature ... ");
ret = trustX.formatSignature(formSign, signLen, format, formatLen);
ASSERT(ret);
output_result("Signature Formated", format, formatLen);
Theoretically that should be fine, or did I misunderstand something?
As it is this does not work correctly though because the calculate Signature function will already add the 02 20
tags and the 00
for negative values before the r and s numbers. When I then use the formatSignature function they are added again and the rest of the buffer, so 4-6 bytes of the actual signature are discarded. Then verification of course does not work
When I take the data coming out of calculateSignature and add 0x30 and the length infront of it I get the correct ASN.1 format
Either I did not understand how this is supposed to be used or this is definitly a bug, in the first case pls still add this to the docs!
Thanks
In the file "arduino-optiga-trust-x/src/optiga_trustx/pal_i2c_arduino.cpp", in the function pal_i2c_read()
the Wire.beginTransmission()
just before the Wire.requestFrom()
may be removed. That is line 254 at the moment.
Explanation: Common-mistakes#3
I use setup() code from example (calculateSignVerifySign), without any changes.
Here is my code in loop: First i save a private key in the eSESSION_ID_1, later i use this as shared secred to derive a key, but i get following error code (0x 8001 000B) that means according to documentation Command or message out of sequence. I am using code directly from repo without any changes.
uint32_t ts = 0;
/*
uint8_t random_seed [] = {
0x61, 0xC7, 0xDE, 0xF9, 0x0F, 0xD5, 0xCD, 0x7A,
0x8B, 0x7A, 0x36, 0x41, 0x04, 0xE0, 0x0D, 0x82,
0x38, 0x46, 0xBF, 0xB7, 0x70, 0xEE, 0xBF, 0x8F,
0x40, 0x25, 0x2E, 0x0A, 0x21, 0x42, 0xAF, 0x9C,
};
uint8_t pkey[32];
ret = trustX.deriveKey(random_seed, 32, pkey, 32);
if (ret) {
printlnRed("deriveKey Failed , ret : ");
Serial.print(ret);
while (true);
}
Serial.print(" Success Session key generated and stored in session id");
Here is the output on serial :
Initializing ...
Begin to trust ... OK
OK
Generate Key Pair ... [OK] | Command executed in 125 ms
Public key Length: 68
Public key:
0x000000: 03 42 00 04 8b 0e fd f9 d6 5b 3a 5e 5c f4 ad cc .B.......[:^...
0x000010: be 19 ff e7 7b 35 01 1b f8 a1 eb b2 89 91 31 b0 ....{5........1.
0x000020: a9 9f 76 66 35 c7 91 78 a2 7b e8 8d c1 b9 14 ab ..vf5..x.{......
0x000030: d9 46 81 71 14 26 8a d1 ae 50 52 36 18 a1 9c 0d .F.q.&...PR6....
0x000040: 93 07 05 49 ...I
deriveKey Failed , ret :
2147549195
Hello. I am using Optiga in an Arduino based setup with low memory available. Is there a way to configure OptigaTrust X in order to be able to generate keys based on ECC 192 bit?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.