Attached, is complete compilable test case to reproduce this problem. It fails
with "ERROR: 26. Tspi_Key_CreateMigrationBlob() failed (code=0x1)." message on
my test platform.
You can compile this code with "gcc create_migration_blob.c -ltspi -o
create_migration_blob" and then execute the "./create_migration_blob" on a
machine with TPM and trousers.
----- Original Message -----
> From: "Dmitri Toubelis" <[email protected]>
> To: "trousers-users" <[email protected]>
> Sent: Friday, April 18, 2014 2:21:21 PM
> Subject: Re: [TrouSerS-users] Tspi_Key_CreateMigrationBlob() failure
>
> Here is the public key blob I use with the test case (as returned by
> Tspi_Key_GetPubKey() for my SRK):
>
> guint8 pubkey_dat[] = {
> 0x00, 0x00, 0x00, 0x01, // TCG_ALGORITHM_ID
> 0x00, 0x03, // TCG_ENC_SCHEME
> 0x00, 0x01, // TCG_SIG_DCHEME
> 0x00, 0x00, 0x00, 0x0c, // Parameter Size
> 0x00, 0x00, 0x08, 0x00, // Key Size
> 0x00, 0x00, 0x00, 0x02, // Number of Primes
> 0x00, 0x00, 0x00, 0x00, // Size of exponent
> 0x00, 0x00, 0x01, 0x00, // Length of Key
> 0xd9, 0x8e, 0x8e, 0xe7, 0x3b, 0x70, 0x4d, 0xa9, 0x77, 0x11,
> 0x9d, 0xb0, 0x32, 0x4a, 0xb7, 0x18,
> 0xfd, 0xc9, 0x9d, 0xf4, 0xaf, 0x0a, 0xb4, 0x38, 0xec, 0x17,
> 0xa6, 0x2c, 0xda, 0x82, 0x04, 0x28,
> 0x35, 0xdf, 0x3a, 0x19, 0x8a, 0xe1, 0xd4, 0xf4, 0x17, 0x3b,
> 0x05, 0xcd, 0x87, 0x97, 0x2b, 0x54,
> 0x96, 0x63, 0xb0, 0x9a, 0x9a, 0x00, 0xe4, 0x07, 0x39, 0x2b,
> 0xf2, 0x89, 0x6b, 0xed, 0x3a, 0xe6,
> 0x4f, 0xc0, 0xee, 0x8e, 0x1a, 0x84, 0x20, 0x38, 0x83, 0xe8,
> 0xdb, 0x23, 0x51, 0xd1, 0x57, 0xa8,
> 0xc8, 0x2d, 0xac, 0x24, 0xd4, 0xcd, 0xcd, 0x5b, 0xda, 0xb3,
> 0xaf, 0x4f, 0x10, 0x60, 0x6d, 0x48,
> 0x5f, 0xd7, 0x15, 0xbe, 0xd1, 0x63, 0x77, 0xa0, 0xa7, 0x31,
> 0xf0, 0x5d, 0x5a, 0xbd, 0x4c, 0x56,
> 0x68, 0xae, 0x25, 0x81, 0x16, 0x8f, 0xf7, 0xd7, 0x40, 0xee,
> 0x89, 0x4a, 0xa4, 0x95, 0xdb, 0xb8,
> 0x51, 0xf3, 0xa3, 0x3e, 0x30, 0xf2, 0xf8, 0xfc, 0x0f, 0x32,
> 0x52, 0xfb, 0xa5, 0xda, 0x8d, 0x4c,
> 0xda, 0xea, 0x66, 0xd9, 0xb4, 0x33, 0x80, 0x1f, 0xe4, 0x1b,
> 0x36, 0x17, 0xd9, 0xa3, 0x0d, 0x54,
> 0xd3, 0x45, 0xae, 0x97, 0xf2, 0xff, 0x2b, 0x63, 0xc5, 0x5a,
> 0x54, 0xb1, 0x10, 0x23, 0x14, 0x1f,
> 0x9b, 0x2b, 0xd7, 0xfe, 0xce, 0x36, 0xaa, 0x5d, 0xa5, 0x5d,
> 0x72, 0x48, 0x46, 0x95, 0x6c, 0x81,
> 0xa9, 0x36, 0x08, 0x6e, 0x5b, 0x99, 0x0f, 0xd3, 0x3f, 0x51,
> 0xd8, 0x4f, 0x66, 0x99, 0x6c, 0x77,
> 0x80, 0xf8, 0xe3, 0xb7, 0x71, 0x34, 0x26, 0x7a, 0x98, 0xb1,
> 0x5a, 0xcf, 0x49, 0x75, 0xe6, 0x70,
> 0x68, 0x61, 0xb7, 0x2c, 0x02, 0x0b, 0xfd, 0x40, 0xd8, 0x39,
> 0x95, 0x29, 0x22, 0x87, 0xa3, 0x4e,
> 0x20, 0xd0, 0x38, 0x80, 0x93, 0x73, 0x9e, 0x6d, 0xa1, 0x0d,
> 0x66, 0xc0, 0x85, 0xd7, 0x68, 0x99
> };
> gsize pubkey_dat_len = 284;
>
>
> ----- Original Message -----
> > From: "Dmitri Toubelis" <[email protected]>
> > To: "trousers-users" <[email protected]>
> > Sent: Wednesday, April 16, 2014 11:44:04 PM
> > Subject: [TrouSerS-users] Tspi_Key_CreateMigrationBlob() failure
> >
> > Hi,
> >
> > I'm implementing a TSS_MS_REWRAP key migration scheme with TPM and
> > I'm having a problem with Tspi_Key_CreateMigrationBlob(). It fails
> > with return code of 0x1 which is none of the codes defined in TSS
> > spec nor TSS headers, so I have no clue why it is failing. The
> > source code is here http://pastebin.com/5atxy94W. I'm using
> > trousers-0.3.11.2 with TPM emulator from BerliOS project. Any ideas
> > what might be wrong?
> >
> > ------------------------------------------------------------------------------
> > Learn Graph Databases - Download FREE O'Reilly Book
> > "Graph Databases" is the definitive new guide to graph databases
> > and
> > their
> > applications. Written by three acclaimed leaders in the field,
> > this first edition is now available. Download your free book today!
> > http://p.sf.net/sfu/NeoTech
> > _______________________________________________
> > TrouSerS-users mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/trousers-users
> >
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and
> their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> TrouSerS-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/trousers-users
>
#include <tss/tspi.h>
#include <stdio.h>
TSS_UUID srk_uuid = TSS_UUID_SRK;
TSS_UUID storage_key_uuid = {0xcac99fa9, 0xeafa, 0x4858, 0xa1, 0x1d, {0xa2, 0x23, 0x93, 0xe3, 0x7d, 0xc9}};
TSS_UUID test_key_uuid = {0x2ba6a308, 0xa562, 0x4ec0, 0x91, 0x94, {0x6e, 0x1b, 0x72, 0x15, 0x02, 0xb4}};
unsigned char bytes[] = {0xd5, 0xa7, 0x98, 0xb8, 0x82, 0x67, 0x48, 0x40, 0x8e, 0x44, 0x1d, 0x62, 0x01, 0xc2, 0x6f, 0x79};
unsigned char pubkey_dat[] = {
0x00, 0x00, 0x00, 0x01, // TCG_ALGORITHM_ID
0x00, 0x03, // TCG_ENC_SCHEME
0x00, 0x01, // TCG_SIG_DCHEME
0x00, 0x00, 0x00, 0x0c, // Parameter Size
0x00, 0x00, 0x08, 0x00, // Key Size
0x00, 0x00, 0x00, 0x02, // Number of Primes
0x00, 0x00, 0x00, 0x00, // Size of exponent
0x00, 0x00, 0x01, 0x00, // Length of Key
0xd9, 0x8e, 0x8e, 0xe7, 0x3b, 0x70, 0x4d, 0xa9, 0x77, 0x11, 0x9d, 0xb0, 0x32, 0x4a, 0xb7, 0x18,
0xfd, 0xc9, 0x9d, 0xf4, 0xaf, 0x0a, 0xb4, 0x38, 0xec, 0x17, 0xa6, 0x2c, 0xda, 0x82, 0x04, 0x28,
0x35, 0xdf, 0x3a, 0x19, 0x8a, 0xe1, 0xd4, 0xf4, 0x17, 0x3b, 0x05, 0xcd, 0x87, 0x97, 0x2b, 0x54,
0x96, 0x63, 0xb0, 0x9a, 0x9a, 0x00, 0xe4, 0x07, 0x39, 0x2b, 0xf2, 0x89, 0x6b, 0xed, 0x3a, 0xe6,
0x4f, 0xc0, 0xee, 0x8e, 0x1a, 0x84, 0x20, 0x38, 0x83, 0xe8, 0xdb, 0x23, 0x51, 0xd1, 0x57, 0xa8,
0xc8, 0x2d, 0xac, 0x24, 0xd4, 0xcd, 0xcd, 0x5b, 0xda, 0xb3, 0xaf, 0x4f, 0x10, 0x60, 0x6d, 0x48,
0x5f, 0xd7, 0x15, 0xbe, 0xd1, 0x63, 0x77, 0xa0, 0xa7, 0x31, 0xf0, 0x5d, 0x5a, 0xbd, 0x4c, 0x56,
0x68, 0xae, 0x25, 0x81, 0x16, 0x8f, 0xf7, 0xd7, 0x40, 0xee, 0x89, 0x4a, 0xa4, 0x95, 0xdb, 0xb8,
0x51, 0xf3, 0xa3, 0x3e, 0x30, 0xf2, 0xf8, 0xfc, 0x0f, 0x32, 0x52, 0xfb, 0xa5, 0xda, 0x8d, 0x4c,
0xda, 0xea, 0x66, 0xd9, 0xb4, 0x33, 0x80, 0x1f, 0xe4, 0x1b, 0x36, 0x17, 0xd9, 0xa3, 0x0d, 0x54,
0xd3, 0x45, 0xae, 0x97, 0xf2, 0xff, 0x2b, 0x63, 0xc5, 0x5a, 0x54, 0xb1, 0x10, 0x23, 0x14, 0x1f,
0x9b, 0x2b, 0xd7, 0xfe, 0xce, 0x36, 0xaa, 0x5d, 0xa5, 0x5d, 0x72, 0x48, 0x46, 0x95, 0x6c, 0x81,
0xa9, 0x36, 0x08, 0x6e, 0x5b, 0x99, 0x0f, 0xd3, 0x3f, 0x51, 0xd8, 0x4f, 0x66, 0x99, 0x6c, 0x77,
0x80, 0xf8, 0xe3, 0xb7, 0x71, 0x34, 0x26, 0x7a, 0x98, 0xb1, 0x5a, 0xcf, 0x49, 0x75, 0xe6, 0x70,
0x68, 0x61, 0xb7, 0x2c, 0x02, 0x0b, 0xfd, 0x40, 0xd8, 0x39, 0x95, 0x29, 0x22, 0x87, 0xa3, 0x4e,
0x20, 0xd0, 0x38, 0x80, 0x93, 0x73, 0x9e, 0x6d, 0xa1, 0x0d, 0x66, 0xc0, 0x85, 0xd7, 0x68, 0x9a
};
int pubkey_dat_len = 284;
BYTE well_known_secret[] = TSS_WELL_KNOWN_SECRET;
int main (int argc, char **argv)
{
TSS_HCONTEXT hContext = 0;
TSS_HPOLICY hDefaultPolicy;
TSS_HPOLICY hMigrationPolicy = 0;
TSS_HTPM hTpm;
TSS_HKEY hSrk = 0;
TSS_HKEY hStorageKey = 0;
TSS_HKEY hTestKey = 0;
TSS_HKEY hMigrationStorageKey = 0;
BYTE *mig_ticket = NULL;
UINT32 mig_ticket_size;
BYTE *mig_blob = NULL;
UINT32 mig_blob_size;
BYTE *rnd_blob = NULL;
UINT32 rnd_blob_size;
TSS_RESULT res;
int ret = -1;
/* create context */
res = Tspi_Context_Create (&hContext);
if (res != TSS_SUCCESS) {
printf ("ERROR: 1. Tspi_Context_Create() failed (code=0x%x).\n", res);
goto done;
}
/* connect context */
res = Tspi_Context_Connect (hContext, 0);
if (res != TSS_SUCCESS) {
printf ("ERROR: 2. Tspi_Context_Connect() failed (code=0x%x).\n", res);
goto done;
}
/* set default authentication policy */
res = Tspi_Context_GetDefaultPolicy (hContext, &hDefaultPolicy);
if (res != TSS_SUCCESS) {
printf ("ERROR: 3. Tspi_Context_GetDefaultPolicy() failed (code=0x%x).\n", res);
goto done;
}
/* set default policy secret */
res = Tspi_Policy_SetSecret (hDefaultPolicy, TSS_SECRET_MODE_SHA1, sizeof (well_known_secret), (BYTE *) well_known_secret);
if (res != TSS_SUCCESS) {
printf ("ERROR: 4. Tspi_Policy_SetSecret() failed (code=0x%x).\n", res);
goto done;
}
/* load srk */
res = Tspi_Context_LoadKeyByUUID (hContext, TSS_PS_TYPE_SYSTEM, srk_uuid, &hSrk);
if (res != TSS_SUCCESS) {
printf ("ERROR: 5. Tspi_Context_LoadKeyByUUID() failed (code=0x%x).\n", res);
goto done;
}
/* load storage key */
res = Tspi_Context_LoadKeyByUUID (hContext, TSS_PS_TYPE_SYSTEM, storage_key_uuid, &hStorageKey);
if (res != TSS_SUCCESS) {
TSS_FLAG key_flags =
TSS_KEY_TYPE_STORAGE |
TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE |
TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_NOT_MIGRATABLE;
/* create key object */
res = Tspi_Context_CreateObject (hContext, TSS_OBJECT_TYPE_RSAKEY, key_flags, &hStorageKey);
if (res != TSS_SUCCESS) {
printf ("ERROR: 6. Tspi_Context_CreateObject() failed (code=0x%x).\n", res);
goto done;
}
/* create key */
res = Tspi_Key_CreateKey (hStorageKey, hSrk, 0);
if (res != TSS_SUCCESS) {
printf ("ERROR: 7. Tspi_Key_CreateKey() failed (code=0x%x).\n", res);
goto done;
}
/* register key in persistent storage under SRK */
res = Tspi_Context_RegisterKey (hContext, hStorageKey, TSS_PS_TYPE_SYSTEM, storage_key_uuid, TSS_PS_TYPE_SYSTEM, srk_uuid);
if (res != TSS_SUCCESS) {
printf ("ERROR: 8. Tspi_Context_RegisterKey() failed (code=0x%x).\n", res);
goto done;
}
/* load key */
res = Tspi_Key_LoadKey (hStorageKey, hSrk);
if (res != TSS_SUCCESS) {
printf ("ERROR: 9. Tspi_Key_LoadKey() failed (code=0x%x).\n", res);
goto done;
}
}
/* load test key */
res = Tspi_Context_LoadKeyByUUID (hContext, TSS_PS_TYPE_SYSTEM, test_key_uuid, &hTestKey);
if (res == TSS_SUCCESS) {
/* create migration policy */
res = Tspi_Context_CreateObject (hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &hMigrationPolicy);
if (res != TSS_SUCCESS) {
printf ("ERROR: 10. Tspi_Context_CreateObject() failed (code=0x%x).\n", res);
goto done;
}
/* set migration policy sectret */
res = Tspi_Policy_SetSecret (hMigrationPolicy, TSS_SECRET_MODE_SHA1, sizeof (well_known_secret), (BYTE *) well_known_secret);
if (res != TSS_SUCCESS) {
printf ("ERROR: 11. Tspi_Policy_SetSecret() failed (code=0x%x).\n", res);
goto done;
}
/* assign policy to the key */
res = Tspi_Policy_AssignToObject (hMigrationPolicy, hTestKey);
if (res != TSS_SUCCESS) {
printf ("ERROR: 12. Tspi_Policy_AssignToObject() failed (code=0x%x).\n", res);
goto done;
}
}
else {
TSS_FLAG key_flags =
TSS_KEY_TYPE_LEGACY |
TSS_KEY_SIZE_2048 |
TSS_KEY_VOLATILE |
TSS_KEY_AUTHORIZATION |
TSS_KEY_MIGRATABLE;
/* create key object */
res = Tspi_Context_CreateObject (hContext, TSS_OBJECT_TYPE_RSAKEY, key_flags, &hTestKey);
if (res != TSS_SUCCESS) {
printf ("ERROR: 13. Tspi_Context_CreateObject() failed (code=0x%x).\n", res);
goto done;
}
/* create migration policy */
res = Tspi_Context_CreateObject (hContext, TSS_OBJECT_TYPE_POLICY, TSS_POLICY_MIGRATION, &hMigrationPolicy);
if (res != TSS_SUCCESS) {
printf ("ERROR: 14. Tspi_Context_CreateObject() failed (code=0x%x).\n", res);
goto done;
}
/* set migration policy sectret */
res = Tspi_Policy_SetSecret (hMigrationPolicy, TSS_SECRET_MODE_SHA1, sizeof (well_known_secret), (BYTE *) well_known_secret);
if (res != TSS_SUCCESS) {
printf ("ERROR: 15. Tspi_Policy_SetSecret() failed (code=0x%x).\n", res);
goto done;
}
/* assign policy to the key */
res = Tspi_Policy_AssignToObject (hMigrationPolicy, hTestKey);
if (res != TSS_SUCCESS) {
printf ("ERROR: 16. Tspi_Policy_AssignToObject() failed (code=0x%x).\n", res);
goto done;
}
/* create key */
res = Tspi_Key_CreateKey (hTestKey, hStorageKey, 0);
if (res != TSS_SUCCESS) {
printf ("ERROR: 17. Tspi_Key_CreateKey() failed (code=0x%x).\n", res);
goto done;
}
/* register key in persistent storage under SRK */
res = Tspi_Context_RegisterKey (hContext, hTestKey, TSS_PS_TYPE_SYSTEM, test_key_uuid, TSS_PS_TYPE_SYSTEM, storage_key_uuid);
if (res != TSS_SUCCESS) {
printf ("ERROR: 18. Tspi_Context_RegisterKey() failed (code=0x%x).\n", res);
goto done;
}
/* load key */
res = Tspi_Key_LoadKey (hTestKey, hStorageKey);
if (res != TSS_SUCCESS) {
printf ("ERROR: 19. Tspi_Key_LoadKey() failed (code=0x%x).\n", res);
goto done;
}
}
/* get TPM handle */
res = Tspi_Context_GetTpmObject (hContext, &hTpm);
if (res != TSS_SUCCESS) {
printf ("ERROR: 20. Tspi_Context_GetTpmObject() failed (code=0x%x).\n", res);
goto done;
}
/* get current TPM policy and set the well-known secret */
{
TSS_HPOLICY hTpmPolicy;
res = Tspi_GetPolicyObject (hTpm, TSS_POLICY_USAGE, &hTpmPolicy);
if (res != TSS_SUCCESS) {
printf ("ERROR: 21. Tspi_GetPolicyObject() failed (code=0x%x).\n", res);
goto done;
}
/* set usage policy sectret */
res = Tspi_Policy_SetSecret (hTpmPolicy, TSS_SECRET_MODE_SHA1, sizeof (well_known_secret), (BYTE *) well_known_secret);
if (res != TSS_SUCCESS) {
printf ("ERROR: 22. Tspi_Policy_SetSecret() failed (code=0x%x).\n", res);
goto done;
}
}
/* create a new migration key */
TSS_FLAG pub_key_flags = TSS_KEY_TYPE_STORAGE | TSS_KEY_SIZE_2048 | TSS_KEY_NO_AUTHORIZATION;
res = Tspi_Context_CreateObject (hContext, TSS_OBJECT_TYPE_RSAKEY, pub_key_flags, &hMigrationStorageKey);
if (res != TSS_SUCCESS) {
printf ("ERROR: 23. Tspi_Context_CreateObject() failed (code=0x%x).\n", res);
goto done;
}
/* set public key */
res = Tspi_SetAttribData (hMigrationStorageKey, TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, (UINT32) pubkey_dat_len, (BYTE *) pubkey_dat);
if (res != TSS_SUCCESS) {
printf ("ERROR: 24. Tspi_SetAttribData() failed (code=0x%x).\n", res);
goto done;
}
/* create migration ticket */
res = Tspi_TPM_AuthorizeMigrationTicket (hTpm, hMigrationStorageKey, TSS_MS_REWRAP, &mig_ticket_size, &mig_ticket);
if (res != TSS_SUCCESS) {
printf ("ERROR: 25. Tspi_TPM_AuthorizeMigrationTicket() failed (code=0x%x).\n", res);
goto done;
}
/* create migration blob */
res = Tspi_Key_CreateMigrationBlob (hTestKey, hStorageKey, mig_ticket_size, mig_ticket, &rnd_blob_size, &rnd_blob, &mig_blob_size, &mig_blob);
if (res != TSS_SUCCESS) {
printf ("ERROR: 26. Tspi_Key_CreateMigrationBlob() failed (code=0x%x).\n", res);
goto done;
}
ret = 0;
done:
if (rnd_blob) {
res = Tspi_Context_FreeMemory (hContext, rnd_blob);
if (res != TSS_SUCCESS) {
printf ("WARNING: Tspi_Context_FreeMemory() failed (code=0x%x).\n", res);
}
}
if (mig_blob) {
res = Tspi_Context_FreeMemory (hContext, mig_blob);
if (res != TSS_SUCCESS) {
printf ("WARNING: Tspi_Context_FreeMemory() failed (code=0x%x).\n", res);
}
}
if (mig_ticket) {
res = Tspi_Context_FreeMemory (hContext, mig_ticket);
if (res != TSS_SUCCESS) {
printf ("WARNING: Tspi_Context_FreeMemory() failed (code=0x%x).\n", res);
}
}
if (hTestKey) {
res = Tspi_Context_CloseObject (hContext, hTestKey);
if (res != TSS_SUCCESS) {
printf ("WARNING: Tspi_Context_CloseObject() failed (code=0x%x).\n", res);
}
}
if (hStorageKey) {
res = Tspi_Context_CloseObject (hContext, hStorageKey);
if (res != TSS_SUCCESS) {
printf ("WARNING: Tspi_Context_CloseObject() failed (code=0x%x).\n", res);
}
}
if (hSrk) {
res = Tspi_Context_CloseObject (hContext, hSrk);
if (res != TSS_SUCCESS) {
printf ("WARNING: Tspi_Context_CloseObject() failed (code=0x%x).\n", res);
}
}
if (hContext) {
Tspi_Context_FreeMemory (hContext, NULL);
Tspi_Context_Close (hContext);
}
return ret;
}
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
