All of lore.kernel.org
 help / color / mirror / Atom feed
From: Yasuhiro Hosoda <hosoda-yasuhiro at ntt-el.com>
To: tpm2@lists.01.org
Subject: [tpm2] tpm2-tss question
Date: Thu, 14 Dec 2017 15:58:57 +0900	[thread overview]
Message-ID: <52a6881d-5626-3dde-3ad0-2b06a1726502@ntt-el.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 2666 bytes --]

MY name is Yasuhiro Hosoda.


I am developing a program using TSS1.0(Nov1.2016).
I encountered a problem with PolicySecret error 0x98e and need help.
My program uses tpmtest.cpp as a base of development.
The situation is as follows:

1 Create TPM Keys like this.

EK
|--------
|          |
MK       AK
|
SK

2 Execute PolicySecret twice using HMAC session. At first, it ends 
without error. Then it ends with 0x98e
For clarification, I print out the values of Virtual Handle and Real Handle.
The value of Virtual/Real Handles differ at 2nd excution of the command. 
(See NO 25/26 Below)

I understand that the resource manager assigns Virtual Handle and my 
program calculates HMAC using that handles.
On the other hand, TPM may calculate HMAC using Real Handle.
That is my hypothesis.

Any suggestion about the usage of Session Handle?

NO      Command           Virtual/Real Handle         LOC
1.    CreatePrimary(EK) real=80000000, virtual=80000000 8381
2.    HierarchyChangeAuth1 8421
3.    HierarchyChangeAuth2 8431
4.    StartAuthSession(Policy) real=3000000, virtual=3000000 8480
5.    PolicySecret(ENDORSEMENT) 8494
6.    Create(MK) 8515
7.    PolicySecret(ENDORSEMENT) 8529
8.    Load(MK) real=80000001, virtual=80000001 8542
9.    Evict(MK) 8552
10.    Create(SK) 8590
11.    Load(SK) real=80000001, virtual=80000002 8598
12.    PolicySecret(ENDORSEMENT) 8609
13.    Create(AK) 8635
14.    PolicySecret(ENDORSEMENT) 8645
15.    Load(AK) real=80000001, virtual=80000003 8655
16.    FlushContext(POLICY) 8664
17.    StartAuthSession(POLICY) real=3000000, virtual=3000000 8668
18.    StartAuthSession(HMAC) real=2000001, virtual=2000001 8678
19.    ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000004 3706
20.    ComputeCommandHMAC(HMAC_Start) real=80000001, virtual=80000005 3706
21.    PolicySecret(SK) 8711
22.    FlushContext(HMAC) 8717
23.    FlushContext(POLICY) 8724
24.    CertifyCreation(SK) 8738
25.    StartAuthSession(POLICY) real=3000000, virtual=3000001 8745
26.    StartAuthSession(HMAC) real=2000001, virtual=2000000 8754
27.    ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000005 8782
28.    ComputeCommandHMAC(HMAC_Start) real=80000001, virtual=80000004 8782
29.    PolicySecret(SK) 8789

The whole  source program can be found here.
https://github.com/intel/tpm2-tss/files/1516612/tpmtest.cpp_0x98e_2.txt


Kind regards,

-- 
Yasuhiro Hosoda

NTT Electronics Corporation (NEL)
Security Support Project



             reply	other threads:[~2017-12-14  6:58 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-12-14  6:58 Yasuhiro Hosoda [this message]
2017-12-26 17:30 [tpm2] tpm2-tss question Roberts, William C
2018-01-12  9:46 Yasuhiro Hosoda
2018-01-14 21:51 Roberts, William C
2018-01-18 14:43 Yasuhiro Hosoda
2018-01-18 18:11 Roberts, William C
2018-01-18 23:11 Yasuhiro Hosoda
2018-01-25 18:30 Roberts, William C
2018-01-29 22:37 Yasuhiro Hosoda
2018-02-08 13:26 Yasuhiro Hosoda
2018-02-28 22:54 Yasuhiro Hosoda
2018-04-11  6:11 Yasuhiro Hosoda
2018-04-11  6:26 Fuchs, Andreas
2018-04-11  8:38 Yasuhiro Hosoda
2018-04-11 11:18 Fuchs, Andreas
2018-07-23  4:44 Yasuhiro Hosoda
2018-10-24  5:03 Yasuhiro Hosoda

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=52a6881d-5626-3dde-3ad0-2b06a1726502@ntt-el.com \
    --to=tpm2@lists.01.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.