Hi Dimi,
creationCertify is used like a double check for AK and is used before makeCredential, just to check some properties and see if this key is correct for his purpose. After this check, makeCredential + activateCredential is used.
You are not logged in. Please login or register.
Please post questions or comments you have about wolfSSL products here. It is helpful to be as descriptive as possible when asking your questions.
ReferenceswolfSSL - Embedded SSL Library → Posts by junioarssuncaolp
Pages 1
Hi Dimi,
creationCertify is used like a double check for AK and is used before makeCredential, just to check some properties and see if this key is correct for his purpose. After this check, makeCredential + activateCredential is used.
Hi dimitom,
Thank's for the explanation. I got it.
I am using CertifyCreation just to say to some Verifier entity that at least a certification was done within that context of the AK. I pretend to use this AK as a parameter for creating a challenge (for example, as a result of the TPM2_MakeCredential approach).
Hi jeff,
It was it, I hadn't set the signHandle. After this change (see below) my code worked, so I guess is everything correct, right?
/* set session auth for RSA key */
session[0].auth.size = sizeof(usageAuth)-1;
XMEMCPY(session[0].auth.buffer, usageAuth, session[0].auth.size);
cmdIn.certifyCreationIn.signHandle = rsaKey.handle; // Setting the signHandle with the rsaKey handle
cmdIn.certifyCreationIn.objectHandle = rsaKey.handle;
cmdIn.certifyCreationIn.creationHash = rsaKey.creationHash;
cmdIn.certifyCreationIn.creationTicket = rsaKey.creationTicket;
cmdIn.certifyCreationIn.inScheme.scheme = TPM_ALG_RSASSA;
cmdIn.certifyCreationIn.inScheme.details.any.hashAlg = TPM_ALG_SHA256;
rc = TPM2_CertifyCreation(&cmdIn.certifyCreationIn, &cmdOut.certifyCreationOut);
cmdIn.certifyCreationIn.qualifyingData.size = 0; /* optional */
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_CertifyCreation RSA key failed 0x%x: %s\n", rc, TPM2_GetRCString(rc));
goto exit;
}
Thanks for your help!
Hello,
I'm trying to certify the creation of a object (a RSA key) using the TPM2_CertifyCreation method, but I'm not having success. I had to modify the RsaKey strucutre in Native Test example to get some parameters that are necessary to call TPM2_CertifyCreation(). This code uses any RsaKey, but I intend to use the Attestation Identity Key. Here is the code:
typedef struct tpmKey {
TPM_HANDLE handle;
TPM2B_AUTH auth;
TPMT_SYM_DEF_OBJECT symmetric; /* used for parameter encrypt/decrypt */
TPM2B_PRIVATE priv;
TPM2B_PUBLIC pub;
TPM2B_CREATION_DATA creationData;
TPM2B_DIGEST creationHash;
TPMT_TK_CREATION creationTicket;
TPM2B_NAME name;
} TpmKey;
typedef TpmKey TpmRsaKey;
TpmRsaKey rsaKey;
/* Load new key */
XMEMSET(&cmdIn.load, 0, sizeof(cmdIn.load));
cmdIn.load.parentHandle = storage.handle;
cmdIn.load.inPrivate = rsaKey.priv;
cmdIn.load.inPublic = rsaKey.pub;
rc = TPM2_Load(&cmdIn.load, &cmdOut.load);
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_Load RSA key failed 0x%x: %s\n", rc,
TPM2_GetRCString(rc));
goto exit;
}
rsaKey.handle = cmdOut.load.objectHandle;
printf("TPM2_Load RSA Key Handle 0x%x\n", (word32)rsaKey.handle);
/* set session auth for RSA key */
session[0].auth.size = sizeof(usageAuth)-1;
XMEMCPY(session[0].auth.buffer, usageAuth, session[0].auth.size);
cmdIn.certifyCreationIn.objectHandle = rsaKey.handle;
cmdIn.certifyCreationIn.creationHash = rsaKey.creationHash;
cmdIn.certifyCreationIn.creationTicket = rsaKey.creationTicket;
cmdIn.certifyCreationIn.inScheme.scheme = TPM_ALG_RSASSA;
cmdIn.certifyCreationIn.inScheme.details.any.hashAlg = TPM_ALG_SHA256;
rc = TPM2_CertifyCreation(&cmdIn.certifyCreationIn, &cmdOut.certifyCreationOut);
cmdIn.certifyCreationIn.qualifyingData.size = 0; /* optional */
if (rc != TPM_RC_SUCCESS) {
printf("TPM2_CertifyCreation RSA key failed 0x%x: %s\n", rc,
TPM2_GetRCString(rc));
goto exit;
}
After executing the code I'm receiving this message error:
TPM2_CertifyCreation RSA key failed 0x9a2: TPM_RC_BAD_AUTH: Authorization failure without DA implications
Thanks in advance.
Pages 1
wolfSSL - Embedded SSL Library → Posts by junioarssuncaolp
Powered by PunBB, supported by Informer Technologies, Inc.
Generated in 0.019 seconds (96% PHP - 4% DB) with 5 queries