* [tpm2] Re: import bytes as AES key into TPM using pytss
@ 2022-09-26 21:59 Roberts, William C
0 siblings, 0 replies; only message in thread
From: Roberts, William C @ 2022-09-26 21:59 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 2108 bytes --]
On Thu, 2022-09-22 at 08:51 +0000, Gadacz, Henry wrote:
> Hello everyone,
>
> I have a secret bytestring which I want to import as an AES key into
> the TPM using tpm2-pytss.
>
> For the example lets use some random generated bytes as the secret:
> secret = bytes(esapi.get_random(16))
>
> To put it into an TPM2B_PRIVATE object that I can use in
> esapi.import_() I put the secret into a TPM2B_SENSITIVE object:
> sensitive =
> TPM2B_SENSITIVE(sensitiveArea=TPMT_SENSITIVE(sensitiveType=TPM2_ALG_A
> ES,
NameError: name 'TPM2_ALG_AES' is not defined
>
> authValue=TPM2B_AUTH(bytes()),
>
> seedValue=TPM2B_DIGEST(bytes()),
>
> sensitive=TPMU_SENSITIVE_COMPOSITE(
>
> sym=TPM2B_SYM_KEY(buffer=secret))))
> sensitive.size = asizeof.asizeof(sensitive)
Never touch size. This should throw an exception, looks like we missed
the check in our code.
>
> The creation of TPM2B_PRIVATE requires bytes or list or tuple (not
> TPM2B_SENSITIVE) so I want to marshal the TPM2B_SENSITIVE into bytes.
> key = TPM2B_PRIVATE(buffer=sensitive.marshal())
>
> Unfortunately the marshaling fails with the exception:
> “TSS2_Exception: mu:A parameter has a bad value”
>
> Does anybody has the experience or knowledge to help me which value
> is bad or missing or to tell me what else is my mistake?
Their is TPM2B_SENSITIVE.symcipher_from_secret which would return a
public and private blob, but that doesn't seem to support authValue
(password). But it's easy to add to it. See this Gist:
https://gist.github.com/williamcroberts/b5639b844973d6200527166bce1f69d2
>
> Best Regards,
> Henry
>
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-09-26 21:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-26 21:59 [tpm2] Re: import bytes as AES key into TPM using pytss Roberts, William C
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.