hi,
this post helped me a lot:
http://sourceforge.net/mailarchive/[email protected]
<http://sourceforge.net/mailarchive/[email protected]>i
am trying to write an unseal very much alike what the authors in the above
post had done, and i need to obtain all the 13 parameters to send as part of
TPM_Unseal and i'm down to the last one, which is the dataAuth parameter
(TPM_AUTHDATA) that is the authorization digest for the sealed blob. for
easy reference, i cut and pasted a portion of the referenced post here:
"
> Unseal requires two auth sessions, one for the key and one for the
> data blob. So you make two calls to OSAP or OIAP before doing
> TPM_Unseal. Then you compute a second HMAC over the parameters labeled
> 2H2, 3H2, and 4H2. As before, the 1st HMAC parameter is the
> inParamDigest, the SHA-1 of the parameters labeled 1S and 2S. The HMAC
> key is either the shared secret if an OSAP session was used, or the
> data auth value if it was an OIAP session. Then the output of this
> HMAC is the dataAuth parameter.
"
since i am using OIAP sessions to calculate the HMACs, my question is on how
to get the "auth value" (which is stated as entity.usageAuth) for the data
blob, so i can use it as the key to the HMAC. is this 20-byte value passed
in as a parameter during the seal operation? Since this is a sealed blob
instead of a key object, does it even have an auth value?
thank you - adrian
------------------------------------------------------------------------------
Join us December 9, 2009 for the Red Hat Virtual Experience,
a free event focused on virtualization and cloud computing.
Attend in-depth sessions from your desk. Your couch. Anywhere.
http://p.sf.net/sfu/redhat-sfdev2dev
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
