You said that "I would look at how the tpm2-tools do it, they make for decent reference code." Would you tell me the place of tpm2-tools where I should look as reference code. Regards, > >> -----Original Message----- >> From: Yasuhiro Hosoda [mailto:hosoda-yasuhiro(a)ntt-el.com] >> Sent: Thursday, January 18, 2018 6:44 AM >> To: Roberts, William C ; tpm2(a)lists.01.org >> Subject: Re: [tpm2] tpm2-tss question >> >> I appreciate much for your help. I am expecting for your information about tpm2- >> tools. > What information are you expecting? > >>>> -----Original Message----- >>>> From: Yasuhiro Hosoda [mailto:hosoda-yasuhiro(a)ntt-el.com] >>>> Sent: Friday, January 12, 2018 1:47 AM >>>> To: Roberts, William C ; >>>> tpm2(a)lists.01.org >>>> Subject: Re: [tpm2] tpm2-tss question >>>> >>>> Hi, Mr. Roberts, William >>>> >>>> Thank you for your advice. >>>> I had already checked the details of this error code. >>>> My understanding is that the problem is not the setting of the auth >>>> but there occurs the discrepancy between the virtual handles and the >>>> real handles in the resource manager. >>> Unless you took an RM virtualized handle and went directly to the TPM >>> with it, there shouldn't Be a problem. The RM should be swapping out >>> virtualized handles with real ones for you before They hit the tpm, and thus, >> should be transparent. >>> As far as what the problem is, it's hard to tell offhand. I would look >>> at how the tpm2-tools do it, they make for decent reference code. >>> >>>> Any help will be greatly appreciated >>>> >>>> Regard, >>>>> 0x98e is: >>>>> >>>>> $ ./tpm2_rc_decode 0x98e >>>>> error layer >>>>> hex: 0x0 >>>>> identifier: TSS2_TPM_RC_LAYER >>>>> description: Error produced by the TPM format 1 error code >>>>> hex: 0x0e >>>>> identifier: TPM2_RC_AUTH_FAIL >>>>> description: the authorization HMAC check failed and DA counter >>>>> incremented session >>>>> hex: 0x100 >>>>> identifier: TPM2_RC_1 >>>>> description: (null) >>>>> >>>>> SO it looks like you're not setting up the auth properly in the session. >>>>> >>>>>> -----Original Message----- >>>>>> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Yasuhiro >>>>>> Hosoda >>>>>> Sent: Wednesday, December 13, 2017 10:59 PM >>>>>> To: tpm2(a)lists.01.org >>>>>> Subject: [tpm2] tpm2-tss question >>>>>> >>>>>> MY name is Yasuhiro Hosoda. >>>>>> >>>>>> >>>>>> I am developing a program using TSS1.0(Nov1.2016). >>>>>> I encountered a problem with PolicySecret error 0x98e and need help. >>>>>> My program uses tpmtest.cpp as a base of development. >>>>>> The situation is as follows: >>>>>> >>>>>> 1 Create TPM Keys like this. >>>>>> >>>>>> EK >>>>>> |-------- >>>>>> |          | >>>>>> MK       AK >>>>>> | >>>>>> SK >>>>>> >>>>>> 2 Execute PolicySecret twice using HMAC session. At first, it ends >>>>>> without >>>> error. >>>>>> Then it ends with 0x98e For clarification, I print out the values >>>>>> of Virtual Handle and Real Handle. >>>>>> The value of Virtual/Real Handles differ at 2nd excution of the command. >>>>>> (See NO 25/26 Below) >>>>>> >>>>>> I understand that the resource manager assigns Virtual Handle and >>>>>> my program calculates HMAC using that handles. >>>>>> On the other hand, TPM may calculate HMAC using Real Handle. >>>>>> That is my hypothesis. >>>>>> >>>>>> Any suggestion about the usage of Session Handle? >>>>>> >>>>>> NO      Command           Virtual/Real Handle         LOC 1. >>>>>> CreatePrimary(EK) real=80000000, virtual=80000000 8381 2. >>>>>> HierarchyChangeAuth1 8421 3.    HierarchyChangeAuth2 8431 4. >>>>>> StartAuthSession(Policy) real=3000000, >>>>>> virtual=3000000 8480 5.    PolicySecret(ENDORSEMENT) 8494 6. >>>>>> Create(MK) 8515 7.    PolicySecret(ENDORSEMENT) 8529 8.    Load(MK) >>>>>> real=80000001, >>>>>> virtual=80000001 8542 9.    Evict(MK) 8552 10.    Create(SK) 8590 11. >>>>>> Load(SK) real=80000001, virtual=80000002 8598 12. >>>>>> PolicySecret(ENDORSEMENT) 8609 13.    Create(AK) 8635 14. >>>>>> PolicySecret(ENDORSEMENT) 8645 15.    Load(AK) real=80000001, >>>>>> virtual=80000003 8655 16.    FlushContext(POLICY) 8664 17. >>>>>> StartAuthSession(POLICY) real=3000000, virtual=3000000 8668 18. >>>>>> StartAuthSession(HMAC) real=2000001, virtual=2000001 8678 19. >>>>>> ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000004 >>>>>> 3706 20.    ComputeCommandHMAC(HMAC_Start) real=80000001, >>>>>> virtual=80000005 3706 21.    PolicySecret(SK) 8711 22. >>>>>> FlushContext(HMAC) 8717 23.    FlushContext(POLICY) 8724 24. >>>>>> CertifyCreation(SK) 8738 25.    StartAuthSession(POLICY) >>>>>> real=3000000, virtual=3000001 8745 26.    StartAuthSession(HMAC) >>>>>> real=2000001, virtual=2000000 8754 27. >>>>>> ComputeCommandHMAC(LoadExternal) real=80000000, virtual=80000005 >>>>>> 8782 28.    ComputeCommandHMAC(HMAC_Start) real=80000001, >>>>>> virtual=80000004 8782 29.    PolicySecret(SK) 8789 >>>>>> >>>>>> The whole  source program can be found here. >>>>>> https://github.com/intel/tpm2-tss/files/1516612/tpmtest.cpp_0x98e_2 >>>>>> .t >>>>>> xt >>>>>> >>>>>> >>>>>> Kind regards, >>>>>> >>>>>> -- >>>>>> Yasuhiro Hosoda >>>>>> >>>>>> NTT Electronics Corporation (NEL) >>>>>> Security Support Project >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> tpm2 mailing list >>>>>> tpm2(a)lists.01.org >>>>>> https://lists.01.org/mailman/listinfo/tpm2 -- __________________________________________ / 細田泰弘 |                | NTTエレクトロニクス株式会社(NEL) | | システム化支援センタ   | セキュリティ技術支援プロジェクト  |                    |〒221-0031 神奈川県横浜市神奈川区 | 新浦島町1-1-32 | ニューステージ横浜 | | Tel 050-9000-6109/050-9000-6485(直) | (9225(内)) | Fax 045-453-9620 | E-mail: hosoda-yasuhiro(a)ntt-el.com |________________________________________/