Require access to owner auth when it isn't necessary

[scott-cryptosecure]

tpm2-tss-engine requires owner auth passed in as a parameter. The tpm2-tss-engine will use it to create the primary key even though it may already exists and may be in use by other processes. This should not be necessary since owner auth is only used to create primary and primary already exists and is persistent. tpm2-tss-engine should check for ownership or the primary key, and if already configured, it should not attempt to recreate or manage those highly sensitive resources.

I am attempting to use OpenSSL to create TLS connections with a TPM key and wanted to use tpm2-tss-engine. This is one of multiple features on the endpoint that will be using the TPM. As part of the provisioning of the system, ownership of the storage hierarchy will be set and the primary key will be created with multiple child keys. Owner auth is also used to protect items created and stored in NVRAM. Provisioning is performed in a secure environment and auth values used for owner auth and lockout auth are not shared with the runtime users of the system.

Here is a description of the test case that is failing and why we believe it is failing.

start with a TPM 2.0 that is not owned, but it is enabled and activated.

execute test application that uses TSS to perform the following: 1) take ownership of the storage hierarchy with a strong auth value 2) create an ECC primary key for the storage hierarchy, this primary key has null auth. 3) create ECC signing key(s) under the primary key. 4) create objects in NV using owner auth to create and for write auth.

verify created objects exist.

execute test application that uses openssl with tpm2-tss-engine to execute the following: 5) call tpm2tss to create an ECC key

operation fails with bad auth.

This implies, and review of the code seems to confirm, that we must pass tpm2-tss-engine the owner auth or use engine ctrl to allow tpm2-tss-engine to save the owner auth.

[AndreasFuchsTPM]

Makes sense, I guess.