Problem faced in application when TPM version upgrade from V1.2 to V2.0

SHRIVASTAV Nikhil Kumar 1 Reputation point
2021-11-28T18:51:59.23+00:00

Dear Helpdesk,

We have an application which is using TPM through NCrypt provider for some cryptographic operations like Signing, importing keys etc. Everything works fine on laptops with specification 2.0. Problem arises on those laptops with specification 1.2 and are upgraded to specification 2.0 by using vendor specific official upgrade process. On these laptops, NCryptSignHash API is not working correctly.

According to official documentation,

NCryptSignHash(
[in] NCRYPT_KEY_HANDLE hKey,
[in, optional] VOID *pPaddingInfo,
[in] PBYTE pbHashValue,
[in] DWORD cbHashValue,
[out] PBYTE pbSignature,
[in] DWORD cbSignature,
[out] DWORD *pcbResult,
[in] DWORD dwFlags
);

When we call the API NCryptSignHash for performing RSA-PSS signing, we receive ERROR_SUCCESS return code but pbsignature do not receive any signature output and also pcbresult don’t provide the size required for signature.
The same API works well with same parameters on laptops with 2.0 TPM specification.

We have validated the same issue on below two laptop models which are upgraded from TPM1.2 to 2.0.

1) Lenovo T450
2) HP Elitebook 840 G3

On these laptop, other NCrypt APIs work fine like NCryptImportKey, NCRyptExportKey, NCryptSIgnHash with RSA_PKCS1 works fine.

Is there any known bug related to this specific API or is there anything that we are missing at our end?

Thanks,

Windows Hardware Performance
Windows Hardware Performance
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Hardware Performance: Delivering / providing hardware or hardware systems or adjusting / adapting hardware or hardware systems.
1,548 questions