Esys_import without inner and outer wrapper
SchermannR opened this issue · 4 comments
Hi,
I am currently trying to import a key without inner and outer wrapper, only the private key and the public key portion. nevertheless I always get the error "0x000003d5 tpm:parameter(3):structure is the wrong size" size should be 48 in my case for the . So the question is: is there something wrong with my logic or is there a minor issue? Pub structure is an ecc256:ecdh Below the important snippets. Thanks in advance
TPM2B_SENSITIVE sensitive = {
.sensitiveArea = {
.sensitiveType = TPM2_ALG_ECC,
.authValue = {
.size = 0,
},
.seedValue = {
.size = 0,
},
.sensitive={
.ecc = {
.size = ecc_size,
.buffer = { 0 } // Private Key
}
}
}
};
memcpy(&sensitive.sensitiveArea.sensitive.ecc.buffer[0], source, ecc_size);
TPM2B_DIGEST inner = { .size = 0 };
TPM2B_DIGEST outer = { .size = 0 };
TPM2B_PRIVATE priv = { 0 };
size_t size = 0;
Tss2_MU_TPM2B_DIGEST_Marshal(&inner, &priv.buffer[size], sizeof(priv.buffer) - size, &size);
Tss2_MU_TPM2B_DIGEST_Marshal(&outer, &priv.buffer[size], sizeof(priv.buffer) - size, &size);
Tss2_MU_TPM2B_SENSITIVE_Marshal(&sensitive, &priv.buffer[size], sizeof(priv.buffer) - size, &size);
priv.size = size;
TPMT_SYM_DEF_OBJECT symmetric = {.algorithm = TPM2_ALG_NULL,
.keyBits = {.aes = 128},
.mode = {.aes = TPM2_ALG_CFB}};
...
rc = Esys_Import(_ctx,_primaryHandle_handle,ESYS_TR_PASSWORD,ESYS_TR_NONE,ESYS_TR_NONE,NULL,&inPublic2,&priv,NULL,&symmetric,&outPrivate);
In the TPM reference implementation at:
https://github.com/microsoft/ms-tpm-20-ref/blob/e9fc7b89d865536c46deb63f9c7d0121a3ded49c/TPMCmd/tpm/src/command/Object/Object_spt.c#L1377
you can see that the size of the TPM2B private is compared with the size of the TPM2B sensitive + 2.
I think the marshalling of inner and outer is not necessary?
mhm. So I do not know if I got the point - I dont see the point where the TOM2Bprivate is compared to the sensitve (this depends on the inner and outer wrapper stuff or?). But if my private key is a simple 32byte ecc key --> then the size should be 32. Because my :
sensitiveData = inPrivate->buffer; should be the ecc key. (32 bytes)
dataSize = inPrivate->size; --> 32
seed->size = 0
symDef->algorithm = TPM_ALG_NULL
Nevertheless, it does not work with the 32 either. Or 46 above(1st question). pcap trace:
.responseCode 000003d5 TPM_RC.SIZE (Parameter No. 3)
If I analyze the tpm2_tools (import) and openssl tools then the pcap file shows:
.duplicate
UINT16 .size 008e 142
What are the first four bytes of the duplicate parameter? There should be to two big endian UINT16 numbers. The second has to be the first - 2. Otherwise there will be a size error returned by the TPM in your case.
solved it. Thank you.