All of lore.kernel.org
 help / color / mirror / Atom feed
* [tpm2] Re: import bytes as AES key into TPM using pytss
@ 2022-09-26 21:59 Roberts, William C
  0 siblings, 0 replies; only message in thread
From: Roberts, William C @ 2022-09-26 21:59 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 2108 bytes --]

On Thu, 2022-09-22 at 08:51 +0000, Gadacz, Henry wrote:
> Hello everyone,
>  
> I have a secret bytestring which I want to import as an AES key into
> the TPM using tpm2-pytss.
>  
> For the example lets use some random generated bytes as the secret:
> secret = bytes(esapi.get_random(16))
>  
> To put it into an TPM2B_PRIVATE object that I can use in
> esapi.import_() I put the secret into a TPM2B_SENSITIVE object:
> sensitive =
> TPM2B_SENSITIVE(sensitiveArea=TPMT_SENSITIVE(sensitiveType=TPM2_ALG_A
> ES,

NameError: name 'TPM2_ALG_AES' is not defined

>                                                             
> authValue=TPM2B_AUTH(bytes()),
>                                                             
> seedValue=TPM2B_DIGEST(bytes()),
>                                                             
> sensitive=TPMU_SENSITIVE_COMPOSITE(
>                                                                 
> sym=TPM2B_SYM_KEY(buffer=secret))))
> sensitive.size = asizeof.asizeof(sensitive)

Never touch size. This should throw an exception, looks like we missed
the check in our code.

>  
> The creation of TPM2B_PRIVATE requires bytes or list or tuple (not
> TPM2B_SENSITIVE) so I want to marshal the TPM2B_SENSITIVE into bytes.
> key = TPM2B_PRIVATE(buffer=sensitive.marshal())
>  
> Unfortunately the marshaling fails with the exception:
> “TSS2_Exception: mu:A parameter has a bad value”
>  
> Does anybody has the experience or knowledge to help me which value
> is bad or missing or to tell me what else is my mistake?

Their is TPM2B_SENSITIVE.symcipher_from_secret which would return a
public and private blob, but that doesn't seem to support authValue
(password). But it's easy to add to it. See this Gist:
https://gist.github.com/williamcroberts/b5639b844973d6200527166bce1f69d2


>  
> Best Regards,
> Henry
>  
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2022-09-26 21:59 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-26 21:59 [tpm2] Re: import bytes as AES key into TPM using pytss Roberts, William C

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.