Yes, this is also a problem for using owner-evict keys. Once you have logged off the session, you can't get a key handle back for them using TSS. I lobbied pretty ahrd to fix that, but got nowhere.
On Wed, Jan 6, 2016 at 1:23 PM, Bill Martin <[email protected]> wrote: > Here is a followup. I had a problem with the DAA_Sign stage 10 when I > tried to sign a AIK handle. It took a while since I had other tasks. Ken > encouraged me to use the SW TPM. From the software TPM (and the TPM Main > Part 3 Comands guide) it was clear the TPM key handle (as opposed to "TPM > Handle") was not getting passed out of TCS to the TSP. In fact, there is no > function that I have found in TrouSerS 0.3.10 to pass out the TPM Key > Handle to the TSP. The short term solution is at the time you load the AIK, > the TCS call LoadKeyByBlob_Internal needed a hack to save off the TPM Key > Handle to a binary file. the newSlot variables essentially the handle > retrieved from the TPM ("TPM Key Handle"). The test_sign.c file has to be > modified (in addition to the other modifications I made) to retrieve the > key handle and store it in signData.payload (reverse-byte order) when > signData.payloadFlag = TSS_FLAG_DAA_SIGN_IDENTITY_KEY. Also just before > the call to Tspi_DAA_VerifySignature, reallocate the signData.payload to > hold the 256-byte modulus of the AIK and retrieve the modulus using > Tspi_GetAttribData. > > A few years back, the late Hal Finney wrote a nice progress report on his > attempt to get the DAA going. Unfortunately I could not find his work on > line. I think DAA is a great process and I know TPM 2.0 will have ECDAA in > it. I think I did as much as Hal Finney did - I do not have the anonymity > revocation feature nor do I have the commitments done. > > The key point is that the TCS layer needs a way to export the TPM Key > Handle to the TSCI for the TPM DAA Sign stage 10. > > I have saved my work in a tar and have to take out some debug statements > (and the writing of the TPM Key handle is to a fixed folder, so I will have > to fix that) - before others can make use of this. > > The work that needs to be done includes commitments and anonymity > revocation. But all the TPM functionality works, as far as I can tell. > > thanks > > Bill Martin > ________________________________________ > From: Ken Goldman <[email protected]> > Sent: Thursday, November 19, 2015 2:45 PM > To: [email protected] > Subject: Re: [TrouSerS-users] Bad Handle to AIK in DAA_Sign stage 10 > > On 11/18/2015 8:07 PM, Bill Martin wrote: > > > > > I can successfully sign a message using the -m option in > > ~/trousers-0.3.10/src/tspi/daa/test_sign. So I do not think the problem > > is the structure of the TrouSerS software. I suspect something in the > > chip. Error code 0x58, TPM_E_BAD_HANDLE, is not mentioned in the TPM > > command spec. The IBM TPM emulator suggests it's a problem with the > > session handle. Yet the previous stages worked. Here is my Stage 10 > > output when signData.payload was a hash digest message. The stage > > completed successfully: > > I don't see a 0x58 in your trace. I believe that it is out of the range > of TPM return codes. > > If you send me the IBM TPM trace, I can see if there's anything obvious. > I'm not a DAA expert, though. > > A trick I've used to line up the TPM and TSS traces is to use the > session nonces. > > It's always possible that there's a bug in the TPM. The only regression > testing I did on the SW TPM was the IBM Zurich DAA regression test. I > suspect it's what everyone used. > > > > ------------------------------------------------------------------------------ > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users > > ------------------------------------------------------------------------------ > _______________________________________________ > TrouSerS-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/trousers-users >
------------------------------------------------------------------------------
_______________________________________________ TrouSerS-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-users
