I don't know the answer, but I think I understand the issue at
a high level.
You said that the TPM emulator is returning success, but the TSS
is not. Along with the 'authsess' hint, it appears that the TPM
returns success and a response HMAC, but the TSS fails when
verifying the response HMAC.
There are two response HMACs, one for the sealed object and one for the
parent. Are you doing anything unusual with either session or password?
Unless the TSS has some tracing capability, you'll have to set through
trousers in a debugger. Fortunately, the TPM side does extensive
tracing of the HMAC calculation, so you should not need a debugger in
that side.
On 2/8/2020 7:30 AM, Sam Jenkins via TrouSerS-users wrote:
Hello, after some further debugging, making use of a debug build of the
library and GDB I've found that my failure is occurring when data unseal
calls authsess_xsap_verify(xsap, &digest).
which supposedly checks whether or not the session is authorised, but Im
not actually sure what that means in this context, Im using the correct
keys, so Im not sure what to do about not being in an "authorised session"
_______________________________________________
TrouSerS-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/trousers-users
