Can't verify signature using internal certificate 0xE0E0

[matteofumagalli1275]

Hi,

When i do:

uint16_t oid = 0xE0E0;
...
return_status = optiga_crypt_ecdsa_verify(me, (uint8_t *) dig_buf, dig_buf_len,
                                                      der_buf, der_buf_len,
                                                      OPTIGA_CRYPT_OID_DATA, (void *)&oid);
...

I always get 0x8029 (Invalid certificate format).
If i read the public key from 0xE0E0 by reading the certificate with optiga_util_read_data and the passing it using OPTIGA_CRYPT_HOST_DATA it works fine.
When signing i always use optiga_crypt_ecdsa_sing using slot 0xE0F0.

Do you know what i'm doing wrong?

Thanks.

[sgsharath123]

Hi @matteofumagalli1275 ,
Have you stored a certificate in 0xE0E0 or just the public key directly?

[matteofumagalli1275]

I did not store anything on 0xE0E0. Isn't that provisioned by Infineon?

I if read manually using optiga_util_read_data the certificate inside 0xE0E0 and parse it to extract the public key, i can call optiga_crypt_ecdsa_verify and it works, so i suppose that there do is a valid key inside it. The problem is that i supposed it was possible to provide just the OID without extracting manually the key.

[sgsharath123]

How does the Infineon public key certificate (0xE0E0) correspond to the private key (0xE0F1)?
Optiga does not come in this configuration. Can you confirm if you have re-provisioned the certificate and private key slots?
Trying to understand if the private key slot and public key certificate slot really are a key pair.

[matteofumagalli1275]

Sorry that was i typo on my part... I meant the slot 0xE0F0. I'm fixing the main post.
The private key at 0xE0F0 should match the public key inside the certificate 0xE0E0, right?
Like descripted here: #57

[sgsharath123]

Thanks for the clarification, yes you are right, E0F0 and E0E0 are private and public key certificate slots of the same key pair. We were able to reproduce your issue on our side and we will get back to you with an explanation after internal testing and discussion. Please wait for our response.

[sgsharath123]

@matteofumagalli1275 ,
According to the Solutions Reference Manual, to use an OID for signature verification, the OID shall contain a single certificate encoded in DER format, starting 0x30 (see pg. 73). The Certificate in 0xE0E0 is encoded as a TLS identity certificate CHAIN (starts with 0xC0 and not 0x30), see pg. 112. Even though only 1 certificate is present in this TLS chain, it is still encoded as a chain, not as single certificate (chain with only 1 certificate).
We have 2 alternatives:

1. Extract the public key and try directly using it (you already tried and it works).
2. Copy the certificate using read data interface (with offset 9). Store this read certificate data into another OID (Trust Anchors like 0xE0E8, 0xE0E9) and try passing this OID for sign verify interface.

[matteofumagalli1275]

Thank you very much