From: Roberts, William C <william.c.roberts at intel.com>
To: tpm2@lists.01.org
Subject: [tpm2] Re: import bytes as AES key into TPM using pytss
Date: Mon, 26 Sep 2022 21:59:54 +0000 [thread overview]
Message-ID: <955fad84664b77bd14dfd1cc530aa0b44c321194.camel@intel.com> (raw)
In-Reply-To: FR0P281MB17067E121B8219E749B38197D14E9@FR0P281MB1706.DEUP281.PROD.OUTLOOK.COM
[-- Attachment #1: Type: text/plain, Size: 2108 bytes --]
On Thu, 2022-09-22 at 08:51 +0000, Gadacz, Henry wrote:
> Hello everyone,
>
> I have a secret bytestring which I want to import as an AES key into
> the TPM using tpm2-pytss.
>
> For the example lets use some random generated bytes as the secret:
> secret = bytes(esapi.get_random(16))
>
> To put it into an TPM2B_PRIVATE object that I can use in
> esapi.import_() I put the secret into a TPM2B_SENSITIVE object:
> sensitive =
> TPM2B_SENSITIVE(sensitiveArea=TPMT_SENSITIVE(sensitiveType=TPM2_ALG_A
> ES,
NameError: name 'TPM2_ALG_AES' is not defined
>
> authValue=TPM2B_AUTH(bytes()),
>
> seedValue=TPM2B_DIGEST(bytes()),
>
> sensitive=TPMU_SENSITIVE_COMPOSITE(
>
> sym=TPM2B_SYM_KEY(buffer=secret))))
> sensitive.size = asizeof.asizeof(sensitive)
Never touch size. This should throw an exception, looks like we missed
the check in our code.
>
> The creation of TPM2B_PRIVATE requires bytes or list or tuple (not
> TPM2B_SENSITIVE) so I want to marshal the TPM2B_SENSITIVE into bytes.
> key = TPM2B_PRIVATE(buffer=sensitive.marshal())
>
> Unfortunately the marshaling fails with the exception:
> “TSS2_Exception: mu:A parameter has a bad value”
>
> Does anybody has the experience or knowledge to help me which value
> is bad or missing or to tell me what else is my mistake?
Their is TPM2B_SENSITIVE.symcipher_from_secret which would return a
public and private blob, but that doesn't seem to support authValue
(password). But it's easy to add to it. See this Gist:
https://gist.github.com/williamcroberts/b5639b844973d6200527166bce1f69d2
>
> Best Regards,
> Henry
>
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
reply other threads:[~2022-09-26 21:59 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=955fad84664b77bd14dfd1cc530aa0b44c321194.camel@intel.com \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox