search

tpm2-software / tpm2-tss

OSS implementation of the TCG TPM2 Software Stack (TSS2)
https://tpm2-software.github.io
BSD 2-Clause "Simplified" License
755 stars 366 forks source link

Esys_import without inner and outer wrapper #2697

Open SchermannR opened 1 year ago

SchermannR commented 1 year ago

Hi, I am currently trying to import a key without inner and outer wrapper, only the private key and the public key portion. nevertheless I always get the error "0x000003d5 tpm:parameter(3):structure is the wrong size" size should be 48 in my case for the . So the question is: is there something wrong with my logic or is there a minor issue? Pub structure is an ecc256:ecdh Below the important snippets. Thanks in advance

TPM2B_SENSITIVE sensitive = { .sensitiveArea = { .sensitiveType = TPM2_ALG_ECC, .authValue = { .size = 0, }, .seedValue = { .size = 0, }, .sensitive={ .ecc = { .size = ecc_size, .buffer = { 0 } // Private Key } } } }; memcpy(&sensitive.sensitiveArea.sensitive.ecc.buffer[0], source, ecc_size); TPM2B_DIGEST inner = { .size = 0 }; TPM2B_DIGEST outer = { .size = 0 }; TPM2B_PRIVATE priv = { 0 }; size_t size = 0; Tss2_MU_TPM2B_DIGEST_Marshal(&inner, &priv.buffer[size], sizeof(priv.buffer) - size, &size); Tss2_MU_TPM2B_DIGEST_Marshal(&outer, &priv.buffer[size], sizeof(priv.buffer) - size, &size); Tss2_MU_TPM2B_SENSITIVE_Marshal(&sensitive, &priv.buffer[size], sizeof(priv.buffer) - size, &size);

priv.size = size;

TPMT_SYM_DEF_OBJECT symmetric = {.algorithm = TPM2_ALG_NULL, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB}};

... rc = Esys_Import(_ctx,_primaryHandle_handle,ESYS_TR_PASSWORD,ESYS_TR_NONE,ESYS_TR_NONE,NULL,&inPublic2,&priv,NULL,&symmetric,&outPrivate);

JuergenReppSIT commented 1 year ago

In the TPM reference implementation at: https://github.com/microsoft/ms-tpm-20-ref/blob/e9fc7b89d865536c46deb63f9c7d0121a3ded49c/TPMCmd/tpm/src/command/Object/Object_spt.c#L1377 you can see that the size of the TPM2B private is compared with the size of the TPM2B sensitive + 2. I think the marshalling of inner and outer is not necessary?

SchermannR commented 1 year ago

mhm. So I do not know if I got the point - I dont see the point where the TOM2Bprivate is compared to the sensitve (this depends on the inner and outer wrapper stuff or?). But if my private key is a simple 32byte ecc key --> then the size should be 32. Because my : sensitiveData = inPrivate->buffer; should be the ecc key. (32 bytes) dataSize = inPrivate->size; --> 32 seed->size = 0 symDef->algorithm = TPM_ALG_NULL

Nevertheless, it does not work with the 32 either. Or 46 above(1st question). pcap trace: .responseCode 000003d5 TPM_RC.SIZE (Parameter No. 3) If I analyze the tpm2_tools (import) and openssl tools then the pcap file shows: .duplicate
UINT16 .size 008e 142

JuergenReppSIT commented 1 year ago

What are the first four bytes of the duplicate parameter? There should be to two big endian UINT16 numbers. The second has to be the first - 2. Otherwise there will be a size error returned by the TPM in your case.

SchermannR commented 1 year ago

solved it. Thank you.