Comments (4)
Hi Ian,
Can you provide a link to the code, or at least
- the full invocation of Quote with all its parameters?
- the code or tool invocation that generates the AK and persists it to 81010002
Thanks
Chris
from go-tpm.
Using the tpm2_tools from https://github.com/tpm2-software/tpm2-tools, (I'll create everything from scratch here), so here's the EK and AK creation (first line shows the version number)
$ tpm2_createek -v
tool="tpm2_createek" version="4.0-122-g3bd466ca" tctis="libtss2-tctildr" tcti-default=tcti-abrmd
$ tpm2_createek -c 0x81010005 -G rsa -u ek.pub
$ tpm2_getcap handles-persistent
- 0x81010005
$ tpm2_createak -C 0x81010005 -c ak.ctx -G rsa -g sha256 -s rsassa -u ak.pub -f pem -n ak.name
loaded-key:
name: 000b187d0d7840ff3f7af4729d04ba8aa3be8acf5fe30f6b87f05707ea4f4a3e7088
$ ls -l ak*
-rw-r--r-- 1 pi pi 1253 Jul 30 19:55 ak.ctx
-rw-r--r-- 1 pi pi 34 Jul 30 19:55 ak.name
-rw-r--r-- 1 pi pi 451 Jul 30 19:55 ak.pub
$ tpm2_evictcontrol -c ak.ctx 0x81010006
persistent-handle: 0x81010006
action: persisted
$ tpm2_getcap handles-persistent
- 0x81010005
- 0x81010006
$ tpm2_quote -c 0x81010006 -l sha256:0 -g sha256
quoted: ff54434780180022000b5ca2bb233a3f9dd07346016e1083fbef3f1531ad7f1e9ba10995289fb326f90300000000000046103bdc000000170000000001000700550011cb0000000001000b030100000020159ce676d07312874e98ef541bfb9e576929e8463313abb60cfe75d875d46ba6
signature:
alg: rsassa
sig: 3e95530fdb045e50586595196cee2b8025dc5526bc1e576ac01e161933af605bcc89480a110fa9cf71b94268357565ca1f36885aeb77aa3f4ce1e048cdeaaae0c2f2fe143a1ad8a9e511854ede3d1fb8029c68eccb7f27962dabc40c7aefd8c769d832a0ec054d70c43f66b2166f4119472da28606143eaa44cd04db46c0d7b78782af6c70e56bad2567d1d66b95109cca74c972b72b843f8337d45624d8159aae21fcc40ff5d208f283a82b1ad0e8a6f532c26cfe45624e7650ef2ef1cf7e491ed0632e80a2747f29b5fcb248ba2a5092a05b31007d4d289eba3541ef5b2577c5af8d435462104ad5b250636f1a8957bab6de8a984baf18f6ddfca8c382227e
Then running the Go code from above and just reiterating how I made the call to Quote:
var handle = tpmutil.Handle(0x81010006)
att, sig, err := tpm2.Quote(
rwc,
handle,
"",
"",
nil,
tpm2.PCRSelection{ tpm2.AlgSHA256 , []int{0} },
tpm2.AlgSHA256)
I get the following result. NB: If abrmd is running then it interferes so that service must be stopped or killed otherwise the call to OpenTPM
fails. There'a few other fmt.Println
statements in my code as you can see from the output.
$ go run quote.go
Handle is 2164326406
Type: tpmutil.Handle
parameter 2, error code 0x12 : unsupported or incompatible scheme
Err is * parameter 2, error code 0x12 : unsupported or incompatible scheme *
length 0
Att [% x] []
from go-tpm.
Thanks Ian,
I filed #201 because the Quote API is incorrectly asking for an Algorithm
when instead it should take a SigScheme
. Your code passes AlgSHA256
which is not a valid TPMT_SIG_SCHEME
.
However, I think your issue should be resolved if you pass AlgNull
to Quote
, like the unit test does. This works by accident despite the error in the Quote
API because AlgNull
serializes to something that deserializes as a valid TPMT_SIG_SCHEME
.
Passing AlgNull
to Quote
here tells the TPM "just use the signing scheme this key is supposed to be used with" and I think that most closely corresponds to what you want anyway. This is because you set a signing scheme ("RSASSA" aka PKCS1.5) on the AK when you created it with tpm2_createak ... -s rsassa
.
Lines 1258 to 1279 in ac5b427
from go-tpm.
Thanks, can confirm, this works:
var handle = tpmutil.Handle(0x81010006)
att, sig, err := tpm2.Quote( rwc, handle, "", "", nil, tpm2.PCRSelection{ tpm2.AlgSHA256 , []int{0} }, tpm2.AlgNull )
with the result:
$ ./quote
Handle is 2164326406
Type: tpmutil.Handle
Err is * <nil> *
length 113
Att [% x] [255 84 67 71 128 24 0 34 0 11 92 162 187 35 58 63 157 208 115 70 1 110 16 131 251 239 63 21 49 173 127 30 155 161 9 149 40 159 179 38 249 3 0 0 0 0 0 0 70 144 26 120 0 0 0 23 0 0 0 0 1 0 7 0 85 0 17 203 0 0 0 0 1 0 11 3 1 0 0 0 32 21 156 230 118 208 115 18 135 78 152 239 84 27 251 158 87 105 41 232 70 51 19 171 182 12 254 117 216 117 212 107 166]
from go-tpm.
Related Issues (20)
- Make a marshallable interface/type constraint HOT 2
- Add helper for tpmDirect ObjectAttributes
- tpmDirect Design Feedback HOT 2
- delete the struct aliases & consider merging all of structures and commands into one 'tpm2' package HOT 4
- reduce repetitive, nested structs by proving a defaults package HOT 1
- support passing []byte as TPM2B HOT 2
- Add a Compare function
- Load TSS2 Private Key generated with tpm2tss-genkey HOT 2
- Inconsistency between written and read values when accessing PCR HOT 3
- reduce unnecessary overhead of Tbsi_Get_TCG_Log HOT 1
- Missing ExtraData in Quote
- Use `crypto/ecdh` for tpmdirect HOT 5
- Darwin ? HOT 1
- EvictControl missing from new tpm2 HOT 10
- Consider an UnmarshalReader API for types
- HMAC Session not working HOT 2
- Support As(TPMRC) for format-1 errors.
- Support serialization of persistent handles HOT 1
- Support for RSAEncrypt and RSADecrypt commands HOT 1
- TPM Simulator reporting unrecognised command over socket
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from go-tpm.