> It appears that TPM_CertifyKey succeeds only when the PCR values are correct > for the key being certified. So I can create a bind key restricted to PCR 0 = > 12345678901234... at any time but I can only certify that if PCR 0 actually > contains that. (I'm not sure why, from a security perspective; the PCR values > are included in the signed TPM_CERTIFY_INFO structure.)
The reason the check is triggered is that the key structure was missing the keyFlags.pcrIgnoredOnRead flag, which would have bypassed this check. It looks like trousers leaves this flag as zero (by being completely unaware of it) and so all keys created by trousers will have this check. From grepping the spec, it looks like only CertifyKey, CertifyKey2 and GetPubKey are affected. I'll open open a second bug to get support for this flag added. The default should be keyFlags.pcrIgnoredOnRead=1 and it should be settable through TSS_TSPATTRIB_KEYINFO_KEYFLAGS. > Why it's returning TPM_BAD_LOCALITY instead of TPM_WRONGPCRVAL, I have no > idea. Have you considered touching base with Infineon? There is a contact us link at the bottom of this page [1]. > Now, there is another problem. > > The TPM specification doesn't say TPM_CertifyKey2 is required in the (PCRs >= > 16 or locality restriction) case. It says that TPM_CertifyKey returns a > TPM_CERTIFY_INFO2 in that case, and a TPM_CERTIFY_INFO otherwise. My TPM does > indeed do this. > > When the TPM returns a TPM_CERTIFY_INFO2 structure, the extra fields, > "migrationAuthoritySize" and "migrationAuthority" are present in certifyInfo. > Trousers doesn't notice this, and interprets migrationAuthoritySize (which is, > in my case, zero) as TPM_CertifyInfo's outDataSize output. Thus it thinks > outData is empty. > > The result of this is that Tspi_Key_CertifyKey returns successfully but with a > zero-length string in pValidationData.rgbValidationData. > > Attached is a patch that fixes that. It looks for the TPM_STRUCTURE_TAG (or > TPM_VERSION) at the start of certifyInfo. Considering nobody seems to have > noticed problems with Tspi_Key_CertifyKey before, I wouldn't be surprised if > this patch breaks Trousers for someone else's TPM. Without testing it, I think your patch looks fine. Thanks for submitting it. Kent [1] http://www.infineon.com/cms/en/product/chip-card-and-security-ics/embedded-security/trusted-computing/trusted-platform-module-tpm1.2-pc/channel.html?channel=ff80808112ab681d0112ab6921ae011f&tab=contacts > ------------------------------------------------------------------------------ > Special Offer -- Download ArcSight Logger for FREE! > Finally, a world-class log management solution at an even better > price-free! And you'll get a free "Love Thy Logs" t-shirt when you > download Logger. Secure your free ArcSight Logger TODAY! > http://p.sf.net/sfu/arcsisghtdev2dev > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users > > ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
