search

google / go-tpm-tools

Go packages built on go-tpm providing a high-level API for using TPMs
Apache License 2.0
229 stars 71 forks source link

Error when Importing blob on Google Cloud VM #464

Closed gaetan-sbt closed 4 months ago

gaetan-sbt commented 4 months ago

I am getting the following error when Importing a blob on a Google Cloud VM:

Failed to import secret: import failed: parameter 4, error code 0x15 : structure is the wrong size

The 4th argument is the encryptedSym inSymSeed. Not sure what I could have done wrong in the code to generate an invalid inSymSeed.

This is the code that generates the error:

func ImportBlob(ekPub *crypto.PublicKey) {
    // on server
    importBlob, err := server.CreateImportBlob(ekPub, []byte("G-KaPdSgUkXp2s5v8y/B?E(H+MbQeThW"), nil)
    if err != nil {
    return nil, errors.Join(errors.New("failed to create import blob"), err)
    }
    importBlobPb, err := proto.Marshal(importBlob)
    if err != nil {
    return nil, errors.Join(errors.New("failed to marshal import blob"), err)
    }

   // on client
   importBlob := tpm.ImportBlob{}
    err = proto.Unmarshal(importBlobProto, &importBlob)
    if err != nil {
    log.Fatal("Failed to unmarshal importBlob: ", err)
    }

    tpmDev, err := tpm2.OpenTPM()

    if err != nil {
    log.Fatal("Failed to open TPM: ", err)
    }

    ek, err := client.EndorsementKeyECC(tpmDev)
    if err != nil {
    log.Fatal("Failed to load ECC Endorsement Key: ", err)
    }
    secret, err := ek.Import(&importBlob)
    if err != nil {
    log.Fatal("Failed to import secret: ", err)
    }
}
gaetan-sbt commented 4 months ago

I was importing the wrong kind of Public Key.