tpm2-tools icon indicating copy to clipboard operation
tpm2-tools copied to clipboard

Published 20 hours ago verified publisher icon tpm2-software

ERROR:fapi:src/tss2-fapi/fapi_crypto.c:1046:get_ecc_tpm2b_public_from_evp() ErrorCode (0x0006000b) Curve 494 not implemented

Open qq8512852 opened this issue 2 years ago • 10 comments

log: WARNING:tcti:src/tss2-tcti/tcti-device.c:189:tcti_device_receive() The underlying IPC mechanism does not support asynchronous I/O. The 'timeout' parameter is set to TSS2_TCTI_TIMEOUT_BLOCK Fapi_Initialize OK! test.1

ERROR:fapi:src/tss2-fapi/fapi_crypto.c:1046:get_ecc_tpm2b_public_from_evp() ErrorCode (0x0006000b) Curve 494 not implemented

ERROR:fapi:src/tss2-fapi/fapi_crypto.c:1742:ifapi_cert_to_pem() Get public for ECC key. ErrorCode (0x0006000b) ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:605:Fapi_Provision_Finish() Convert certificate to pem. ErrorCode (0x0006000b) ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:121:Fapi_Provision() ErrorCode (0x0006000b) Provision test.2 ERROR:fapi:src/tss2-fapi/api/Fapi_Delete.c:386:Fapi_Delete_Async() ErrorCode (0x0006001d) No objects found. ERROR:fapi:src/tss2-fapi/api/Fapi_Delete.c:297:Fapi_Delete() ErrorCode (0x0006001d) Entity_Delete Error Fapi_Provision ErrorCode (0x0006000b)root@JSM-GW:/customer/ability_manager/test-tpm2#

code: TSS2_RC r; r = Fapi_Initialize(&context, NULL); printf("test.1\n"); r = Fapi_Provision(context, NULL, NULL, NULL); printf("test.2\n");
r = Fapi_GetInfo(context, &info); printf(">>>>>>>>>>>>:%s\n", info); ……

The problem is Fapi_Provision(),how to fix it?

qq8512852 avatar Aug 04 '22 06:08 qq8512852

@AndreasFuchsTPM or @JuergenReppSIT any ideas?

williamcroberts avatar Aug 04 '22 14:08 williamcroberts

The error seems to occur because the following code is not executed:

#if OPENSSL_VERSION_NUMBER >= 0x10101000L
    case NID_sm2:
        tpmCurveId = TPM2_ECC_SM2_P256;
        break;
#endif

So what OpenSSL Version do you use? If sm2 is available it should be defined in /usr/include/openssl/obj_mac.h: grep NID_sm2 /usr/include/openssl/*h

JuergenReppSIT avatar Aug 04 '22 15:08 JuergenReppSIT

The error seems to occur because the following code is not executed:

#if OPENSSL_VERSION_NUMBER >= 0x10101000L
    case NID_sm2:
        tpmCurveId = TPM2_ECC_SM2_P256;
        break;
#endif

So what OpenSSL Version do you use? If sm2 is available it should be defined in /usr/include/openssl/obj_mac.h: grep NID_sm2 /usr/include/openssl/*h

openssl version : 1.1.1k

qq8512852 avatar Aug 04 '22 15:08 qq8512852

The error seems to occur because the following code is not executed:

#if OPENSSL_VERSION_NUMBER >= 0x10101000L
    case NID_sm2:
        tpmCurveId = TPM2_ECC_SM2_P256;
        break;
#endif

So what OpenSSL Version do you use? If sm2 is available it should be defined in /usr/include/openssl/obj_mac.h: grep NID_sm2 /usr/include/openssl/*h

I try to grep the key word. as follow:

wubo@wubo-VirtualBox:~/Desktop/code/tpm2.0/openssl-1.1.1k$ grep -E "NID_sm2" -nR include/openssl/obj_mac.h:1169:#define NID_sm2 1172 include/openssl/evp.h:53:# define EVP_PKEY_SM2 NID_sm2 Binary file test/evp_extra_test matches Binary file test/evp_extra_test.o matches test/evp_extra_test.c:711: if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) crypto/objects/obj_dat.h:2255: {"SM2", "sm2", NID_sm2, 8, &so[7617]}, crypto/ec/ec_curve.c:3003: {NID_sm2, &_EC_sm2p256v1.h, 0,

qq8512852 avatar Aug 04 '22 15:08 qq8512852

With openssl version : 1.1.1k NID_sm2 should be defined. Could you please check whether the correct h file is included.

cd tpm2-tss
gcc -M src/tss2-fapi/fapi_crypto.c -I src -I include/tss2| grep "openssl/obj_mac."

JuergenReppSIT avatar Aug 04 '22 16:08 JuergenReppSIT

With openssl version : 1.1.1k NID_sm2 should be defined. Could you please check whether the correct h file is included.

cd tpm2-tss
gcc -M src/tss2-fapi/fapi_crypto.c -I src -I include/tss2| grep "openssl/obj_mac."

wubo@wubo-VirtualBox:~/Desktop/code/tpm2.0/TPM2.0-TSS$ gcc -M src/tss2-fapi/fapi_crypto.c -I src -I include/tss2| grep "openssl/obj_mac." In file included from src/tss2-fapi/fapi_crypto.c:27: src/util/log.h:55:2: error: #error "MAXLOGLEVEL undefined" 55 | #error "MAXLOGLEVEL undefined" | ^~~~~ /usr/include/openssl/objects.h /usr/include/openssl/obj_mac.h \

qq8512852 avatar Aug 04 '22 16:08 qq8512852

Is NID_sm2 defined in /usr/include/openssl/obj_mac.h? grep NID_sm2 /usr/include/openssl/obj_mac.h

JuergenReppSIT avatar Aug 04 '22 16:08 JuergenReppSIT

NID_sm2

I found this defined in the obj_mac.h as follow: #define NID_sm2 1172

qq8512852 avatar Aug 05 '22 04:08 qq8512852

Could you please check whether:

#if OPENSSL_VERSION_NUMBER >= 0x10101000L
    case NID_sm2:
        tpmCurveId = TPM2_ECC_SM2_P256;
        break;
#endif

is used in the function get_ecc_tpm2b_public_from_evp (switch (curveId)...) in file src/tss2-fapi/fapi_crypto.c of your source code? The default in the case statement which produces the error should not be executed.

JuergenReppSIT avatar Aug 05 '22 08:08 JuergenReppSIT

Could you please check whether:

#if OPENSSL_VERSION_NUMBER >= 0x10101000L
    case NID_sm2:
        tpmCurveId = TPM2_ECC_SM2_P256;
        break;
#endif

is used in the function get_ecc_tpm2b_public_from_evp (switch (curveId)...) in file src/tss2-fapi/fapi_crypto.c of your source code? The default in the case statement which produces the error should not be executed.

Thanks. I need to study deeply.

qq8512852 avatar Aug 10 '22 11:08 qq8512852