joholl
commented
1 year ago It seems like your stream is broken. Its commandSize is 163, but your binary stream is 169 bytes long.
printf "8002000000a30000013140000001000000490200000000205765e890f5c7bafa312e331803c60631ede51d3cdcc6b991117456f1b19b9d31e10020410adc18ef2c019b7c7d55a808de9ae8cec1fdcfbe0b95a893acdce8d1149b610004e8cd41f9003a0023000b000300b20020e587c11ab50f9d8730f721e3fea42b46c0455b246f96aee85d18eb3be64d666a0006008000430010000300100000000000000000018a0000000080ff" | xxd -r -p | wc -c # prints 169As you can see in the output of the master-branch tpmstream, .parameters.creationPCR.count = 18a is too high. Also, reading the stream from the end: 80ff fits nowhere in the TPML_PCR_SELECTION, as far as i can see.
❯ printf "8002000000a30000013140000001000000490200000000205765e890f5c7bafa312e331803c60631ede51d3cdcc6b991117456f1b19b9d31e10020410adc18ef2c019b7c7d55a808de9ae8cec1fdcfbe0b95a893acdce8d1149b610004e8cd41f9003a0023000b000300b20020e587c11ab50f9d8730f721e3fea42b46c0455b246f96aee85d18eb3be64d666a0006008000430010000300100000000000000000018a0000000080ff" | xxd -r -p | tpmstream co -
Command .
TPMI_ST_COMMAND_TAG | .tag 8002 TPMI_ST_COMMAND_TAG.SESSIONS
UINT32 | .commandSize 000000a3 163
TPM_CC | .commandCode 00000131 TPM_CC.CreatePrimary
TPMS_COMMAND_HANDLES_CREATE_PRIMARY | .handles
TPMI_RH_HIERARCHY | | .primaryHandle 40000001 TPM_RH.OWNER
UINT32 | .authSize 00000049 73
TPMS_AUTH_COMMAND | .authorizationArea[0]
TPMI_SH_AUTH_SESSION | | .sessionHandle 02000000 TPM_HR.HMAC_SESSION.000000
TPM2B_NONCE | | .nonce
UINT16 | | | .size 0020 32
list[BYTE] | | | .buffer 5765e890f5c7bafa312e331803c60631ede51d3cdcc6b991117456f1b19b9d31 We......1.3....1...<.....tV....1
TPMA_SESSION | | .sessionAttributes e1 TPMA_SESSION.continueSession | TPMA_SESSION.decrypt | TPMA_SESSION.encrypt | TPMA_SESSION.audit
| | | .continueSession .......1
| | | .auditExclusive ......0.
| | | .auditReset .....0..
| | | .reserved ...00...
| | | .decrypt ..1.....
| | | .encrypt .1......
| | | .audit 1.......
TPM2B_AUTH | | .hmac
UINT16 | | | .size 0020 32
list[BYTE] | | | .buffer 410adc18ef2c019b7c7d55a808de9ae8cec1fdcfbe0b95a893acdce8d1149b61 A....,..|}U....................a
TPMS_COMMAND_PARAMS_CREATE_PRIMARY | .parameters
TPM2B_ENCRYPTED_PARAM | | .inSensitive
UINT16 | | | .size 0004 4
list[BYTE] | | | .encryptedParam e8cd41f9 ..A.
TPM2B_PUBLIC | | .inPublic
UINT16 | | | .size 003a 58
TPMT_PUBLIC | | | .publicArea
TPMI_ALG_PUBLIC | | | | .type 0023 TPMI_ALG_PUBLIC.ECC
TPMI_ALG_HASH | | | | .nameAlg 000b TPMI_ALG_HASH.SHA256
TPMA_OBJECT | | | | .objectAttributes 000300b2 TPMA_OBJECT.fixedTPM | TPMA_OBJECT.fixedParent | TPMA_OBJECT.sensitiveDataOrigin | TPMA_OBJECT.adminWithPolicy | TPMA_OBJECT.restricted | TPMA_OBJECT.decrypt
| | | | | .reserved ...............................0
| | | | | .fixedTPM ..............................1.
| | | | | .stClear .............................0..
| | | | | .reserved0 ............................0...
| | | | | .fixedParent ...........................1....
| | | | | .sensitiveDataOrigin ..........................1.....
| | | | | .userWithAuth .........................0......
| | | | | .adminWithPolicy ........................1.......
| | | | | .reserved1 ......................00........
| | | | | .noDA .....................0..........
| | | | | .encryptedDuplication ....................0...........
| | | | | .reserved2 ................0000............
| | | | | .restricted ...............1................
| | | | | .decrypt ..............1.................
| | | | | .sign_decrypt .............0..................
| | | | | .sign ............0...................
| | | | | .reserved3 000000000000....................
TPM2B_DIGEST | | | | .authPolicy
UINT16 | | | | | .size 0020 32
list[BYTE] | | | | | .buffer e587c11ab50f9d8730f721e3fea42b46c0455b246f96aee85d18eb3be64d666a ........0.!...+F.E[$o...]..;.Mfj
TPMU_PUBLIC_PARMS | | | | .parameters
TPMS_ECC_PARMS | | | | | .eccDetail
TPMT_SYM_DEF_OBJECT | | | | | | .symmetric
TPMI_ALG_SYM_OBJECT | | | | | | | .algorithm 0006 TPMI_ALG_SYM_OBJECT.AES
TPMU_SYM_KEY_BITS | | | | | | | .keyBits
TPMI_AES_KEY_BITS | | | | | | | | .aes 0080 128
TPMU_SYM_MODE | | | | | | | .mode
TPMI_ALG_SYM_MODE | | | | | | | | .aes 0043 TPMI_ALG_SYM_MODE.CFB
TPMU_SYM_DETAILS | | | | | | | .details
TPMT_ECC_SCHEME | | | | | | .scheme
TPMI_ALG_ECC_SCHEME | | | | | | | .scheme 0010 TPMI_ALG_ECC_SCHEME.NULL
TPMU_ASYM_SCHEME | | | | | | | .details
TPMI_ECC_CURVE | | | | | | .curveID 0003 TPMI_ECC_CURVE.NIST_P256
TPMT_KDF_SCHEME | | | | | | .kdf
TPMI_ALG_KDF | | | | | | | .scheme 0010 TPMI_ALG_KDF.NULL
TPMU_KDF_SCHEME | | | | | | | .details
TPMU_PUBLIC_ID | | | | .unique
TPMS_ECC_POINT | | | | | .ecc
TPM2B_ECC_PARAMETER | | | | | | .x
UINT16 | | | | | | | .size 0000 0
list[BYTE] | | | | | | | .buffer
TPM2B_ECC_PARAMETER | | | | | | .y
UINT16 | | | | | | | .size 0000 0
list[BYTE] | | | | | | | .buffer
TPM2B_DATA | | .outsideInfo
UINT16 | | | .size 0000 0
list[BYTE] | | | .buffer
TPML_PCR_SELECTION | | .creationPCR
UINT32 | | | .count 0000018a 394
TPMS_PCR_SELECTION | | | .pcrSelections[0]
Warning: Violated size constraint .commandSize = 163: already parsed 163 bytes and .parameters.creationPCR.pcrSelections[0].hash exceeds the limit by 2 byte(s).
Response .
TPM_ST | .tag 0000 TPM_ST.None
Warning: Parsed bad value for TPM_ST .tag = 0x0 = 0 not in ValidValues(TPM_ST)
UINT32 | .responseSize 000080ff 33023
Warning: Input stream exhausted but parser is not done.For reference, all instances of TPML_PCR_SELECTION in my database:
❯ tpmstream ex TPML_PCR_SELECTION
TPML_PCR_SELECTION: 00000004 0004 03 ff ff ff 000b 03 ff ff ff 000c 03 ff ff ff 000d 03 ff ff ff
TPML_PCR_SELECTION .
UINT32 | .count 00000004 4
TPMS_PCR_SELECTION | .pcrSelections[0]
TPMI_ALG_HASH | | .hash 0004 TPMI_ALG_HASH.SHA
UINT8 | | .sizeofSelect 03 3
list[BYTE] | | .pcrSelect ffffff ...
TPMS_PCR_SELECTION | .pcrSelections[1]
TPMI_ALG_HASH | | .hash 000b TPMI_ALG_HASH.SHA256
UINT8 | | .sizeofSelect 03 3
list[BYTE] | | .pcrSelect ffffff ...
TPMS_PCR_SELECTION | .pcrSelections[2]
TPMI_ALG_HASH | | .hash 000c TPMI_ALG_HASH.SHA384
UINT8 | | .sizeofSelect 03 3
list[BYTE] | | .pcrSelect ffffff ...
TPMS_PCR_SELECTION | .pcrSelections[3]
TPMI_ALG_HASH | | .hash 000d TPMI_ALG_HASH.SHA512
UINT8 | | .sizeofSelect 03 3
list[BYTE] | | .pcrSelect ffffff ...
TPML_PCR_SELECTION: 00000000
TPML_PCR_SELECTION .
UINT32 | .count 00000000 0
list[TPMS_PCR_SELECTION] | .pcrSelections
TPML_PCR_SELECTION: 00000001 000b 03 01 00 03
TPML_PCR_SELECTION .
UINT32 | .count 00000001 1
TPMS_PCR_SELECTION | .pcrSelections[0]
TPMI_ALG_HASH | | .hash 000b TPMI_ALG_HASH.SHA256
UINT8 | | .sizeofSelect 03 3
list[BYTE] | | .pcrSelect 010003 ...
TPML_PCR_SELECTION: 00000002 000b 03 00 04 00 000b 03 00 04 00
TPML_PCR_SELECTION .
UINT32 | .count 00000002 2
TPMS_PCR_SELECTION | .pcrSelections[0]
TPMI_ALG_HASH | | .hash 000b TPMI_ALG_HASH.SHA256
UINT8 | | .sizeofSelect 03 3
list[BYTE] | | .pcrSelect 000400 ...
TPMS_PCR_SELECTION | .pcrSelections[1]
TPMI_ALG_HASH | | .hash 000b TPMI_ALG_HASH.SHA256
UINT8 | | .sizeofSelect 03 3
list[BYTE] | | .pcrSelect 000400 ...
TPML_PCR_SELECTION: 00000001 0004 03 00 01 00
TPML_PCR_SELECTION .
UINT32 | .count 00000001 1
TPMS_PCR_SELECTION | .pcrSelections[0]
TPMI_ALG_HASH | | .hash 0004 TPMI_ALG_HASH.SHA
UINT8 | | .sizeofSelect 03 3
list[BYTE] | | .pcrSelect 000100 ...
TPML_PCR_SELECTION: 00000001 000b 03 00 00 01
TPML_PCR_SELECTION .
UINT32 | .count 00000001 1
TPMS_PCR_SELECTION | .pcrSelections[0]
TPMI_ALG_HASH | | .hash 000b TPMI_ALG_HASH.SHA256
UINT8 | | .sizeofSelect 03 3
list[BYTE] | | .pcrSelect 000001 ...
Parsing of TPM2_CreatePrimary() creationPCRs does not work.
Example: