A few inline comments. However, I am not a TSS expert. Does someone have a better idea?
Also, if you're stuck, bisecting the problem helps debug. Rather than use RSA_verify, do a raw public key encrypt. If you see PKCS1 padding, the OID, and a hash, then the keys are correct but the hash on the sign and verify don't match. If you see random numbers, than the public and private keys don't match. On 4/12/2017 4:46 AM, Promila Jangra wrote: > Hello Ken > > Thank you for responding. I also implement the same and posting the code > below. But still I got wrong verification result. RSA_verify API return > zero for the same input signature verification. Please correct me if I > am doing something wrong. If you have sample code then share the same. > > To get the TPM public key modulus and exponent- > result=Tspi_Key_CreateKey(hSigning_Key,hSRK,0); > > result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO, > TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &pubKeyModulusLen, &pubKeyModulus); I assume that this is correct. Perhaps check that the length is 256, that it's bytes, not bits. > result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO, > TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &pubKeyExponentLen, &pubKeyExponent); Does this return 0 (the TPM default) or 0x10001. You may have to map from the default to the actual value. > To construct the RSA key pair using opnessl: > RSA *rsa = RSA_new(); > rsa->e = BN_bin2bn(pubKeyExponent, pubKeyExponentLen, rsa->e); > rsa->n = BN_bin2bn(pubKeyModulus, pubKeyModulusLen, rsa->n); I'm not sure that RSA_new allocates the e and n bignums. Perhaps try passing in NULL to the BN-bin2bn functions. > SHA1(data, strlen(data)+1, hash); > > ret = RSA_verify(NID_sha1, hash, SHA256_DIGEST_LENGTH, > signature,signatureLength, rsa); It is odd that you create a SHA-1 hash and then say its a SHA-256 length. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
