[TrouSerS-users] Bad Handle to AIK in DAA

Discussion:

[TrouSerS-users] Bad Handle to AIK in DAA_Sign stage 10

Bill Martin

2015-11-17 17:22:08 UTC

I am using Trousers 0.3.10 and use an Infineon SLB9645 TPM.

In 15.2 of "TPM Main Part 3 Commands" spec for TPM 1.2â I see from the description of the TPM_ActivateIdentity command that the hash of the identity key might be calculated - provided a payload is a TPM_ASYM_CA_CONTENTS form. Does this hash get stored in the TPM?

I'm trying a DAA_Sign operation (stage 10, yes I have managed to get 0.3.10 DAA going, without anonymity revocation and the commitment TODOs) and I previously loaded the AIK by UUID. I have the payload flag set to 0 to indicate to use a key handle, so I passed in the AIK handle. I get out a 0x58, indicating bad handle. signdata.payload is set to 0xC0000009, which is the handle I get for the AIK. Just in case, I tried swapping the bytes. I have added some debug statements into my copy of Trousers 0.3.10 and test_sign.c

So before the Tspi_DAA_Sign call in test_sign, I load the key:

LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:339 RPC_LoadKeyByUUID_TP: TCS key handle: 0x22330000
LOG_DEBUG TSPI rpc/tcstp/rpc_ps.c:274 RPC_GetRegisteredKeyBlob_TP: TCS Context: 0xa0dfb500
TCSD tcsd_threads.c:232 total_recv_size 50, buf_size 1024, recd_so_far 28
TCSD tcsd_threads.c:277 recv_chunk_size 22 recd_so_far 28
TCSD tcsd_threads.c:284 Rx'd packet
TCSD TCS rpc/tcstp/rpc.c:581 Dispatching ordinal 9 (GetRegisteredKeyBlob)
TCSD TCS rpc/tcstp/rpc_ps.c:140 tcs_wrap_GetRegisteredKeyBlob: thread -1228499856 context a0dfb500
TCSD TCS ps/tcsps.c:191 psfile_get_key_by_uuid: Version: 1.1.0.0
TCSD TCS ps/tcsps.c:191 psfile_get_key_by_uuid: keyUsage: 0x12
TCSD TCS ps/tcsps.c:191 psfile_get_key_by_uuid: keyFlags: 0x4
TCSD TCS ps/tcsps.c:191 psfile_get_key_by_uuid: authDatausage: 0
TCSD TCS ps/tcsps.c:191 psfile_get_key_by_uuid: pcrInfosize: 0
TCSD TCS ps/tcsps.c:191 psfile_get_key_by_uuid: encDataSize: 256
TCSD tcsd_threads.c:313 Sending 0x251 bytes back

Loaded AIK!

LOG_DEBUG TSPI test_sign.c:429 signData.payload is 0xdb4de0
LOG_DEBUG TSPI test_sign.c:431 signData.payloadLength is 4
LOG_DEBUG TSPI test_sign.c:433 *AIK_Address is 0xC0000009
LOG_DEBUG TSPI test_sign.c:440 *(unsigned int*)signData.payload is 0x90000C0
LOG_DEBUG TSPI tspi_daa.c:687 -> TSPI_TPM_DAA_Sign hDAA=-1073741816 hTPM=-1073741820
LOG_DEBUG TSPI daa/daa_verifier/verifier_transaction.c:113 project_into_group_gamma: rho [26]:CDA06AB6C81AD2C69A63258975F19DE621F8707EF8509D6DE5F1

â

I swapped the key's bytes in the above case if that is what the TPM wants. The listing below of stage 10 processing shows it in the hex dump in the order 0xC0000009:

LOG_DEBUG TSPI daa/daa_platform/platform.c:167 Tcsip_TPM_DAA_Sign(tcsContext=c0000001,hDAA=c0000008,sign_session=f8975c, hTPM=c0000004 stage=10)
LOG_DEBUG TSPI daa/daa_platform/platform.c:169 obj_tpm_get_policy(hTPM=C0000004)
LOG_DEBUG TSPI daa/daa_platform/platform.c:172 Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Sign, hashblob)
LOG_DEBUG TSPI daa/daa_platform/platform.c:175 Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest)
LOG_DEBUG TSPI daa/daa_platform/platform.c:178 Trspi_LoadBlob_UINT32(&offset, 0, hashblob)
LOG_DEBUG TSPI daa/daa_platform/platform.c:181 Trspi_LoadBlob_UINT32(&offset, inputSize0:1
LOG_DEBUG TSPI daa/daa_platform/platform.c:186 Trspi_LoadBlob_UINT32(&offset, inputSize1:4
LOG_DEBUG TSPI rpc/tcstp/rpc_auth.c:37 RPC_OIAP_TP: TCS Context: 0xa0dfb500
TCSD tcsd_threads.c:232 total_recv_size 33, buf_size 1024, recd_so_far 28
TCSD tcsd_threads.c:277 recv_chunk_size 5 recd_so_far 28
TCSD tcsd_threads.c:284 Rx'd packet
TCSD TCS rpc/tcstp/rpc.c:581 Dispatching ordinal 23 (OIAP)
TCSD TCS rpc/tcstp/rpc_auth.c:44 tcs_wrap_OIAP: thread -1228499856 context a0dfb500
TCSD TCS tcsi_auth.c:40 Entering TCSI_OIAP
To TPM: 00 C1 00 00 00 0A 00 00 00 0A
TCSD TDDL tddl.c:171 Calling write to driver
From TPM: 00 C4 00 00 00 22 00 00 00 00 00 4E CA B1 AC 28
From TPM: 79 F7 BD B0 BA 47 D8 32 1F 2D A3 97 0A 96 2C BE
From TPM: B7 BA
TCSD TCS tcs_auth_mgr.c:383 added auth for TCS a0dfb500 TPM 4ecab1
TCSD tcsd_threads.c:313 Sending 0x36 bytes back
LOG_DEBUG TSPI obj_policy.c:230 Got a secret:
04 0C 8B 0D B6 11 64 34 7A C1 23 FE 39 AC 17 3A
6F 2D 2F B1
LOG_DEBUG TSPI daa/daa_platform/platform.c:194 secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Sign ret=0
LOG_DEBUG TSPI daa/daa_platform/platform.c:201 TCSP_DAASign(c0000001,c0000004,stage=a,1,befef7cb,4,db4de0,befef764)
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:121 RPC_DaaSign_TP: stage=10
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:124 RPC_DaaSign_TP: TCS Context: 0xa0dfb500
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:133 RPC_DaaSign_TP: inputSize0=<network>=1 <host>=1
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:138 RPC_DaaSign_TP: inputSize1=<network>=4 <host>=4
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:145 RPC_DaaSign_TP: sendTCSDPacket: 0xdb72d0
TCSD tcsd_threads.c:232 total_recv_size 103, buf_size 1024, recd_so_far 28
TCSD tcsd_threads.c:277 recv_chunk_size 75 recd_so_far 28
TCSD tcsd_threads.c:284 Rx'd packet
TCSD TCS rpc/tcstp/rpc.c:581 Dispatching ordinal 75 (DaaSign)
TCSD TCS rpc/tcstp/rpc_daa.c:155 tcs_wrap_DaaSign: thread -1228499856 hDAA f8975c
TCSD TCS rpc/tcstp/rpc_daa.c:159 tcs_wrap_DaaSign: getData 2 (stage=10)
TCSD TCS rpc/tcstp/rpc_daa.c:163 getData 3 inputSize0=1
TCSD TCS rpc/tcstp/rpc_daa.c:171 getData 4 inputData0
TCSD TCS rpc/tcstp/rpc_daa.c:177 getData 5
TCSD TCS rpc/tcstp/rpc_daa.c:182 getData 5 inputSize1=4
TCSD TCS rpc/tcstp/rpc_daa.c:192 getData 6 inputData1
TCSD TCS rpc/tcstp/rpc_daa.c:200 getData 7
TCSD TCS rpc/tcstp/rpc_daa.c:207 tcs_wrap_DaaSign: -> TCSP_DaaSign_internal
TCSD TCS tcsi_daa.c:128 TCSP_DaaSign_internal: Enter
TCSD TCS tcsi_daa.c:162 req_mgr_submit_req (oldOffset=73)
To TPM: 00 C2 00 00 00 49 00 00 00 31 00 F8 97 5C 0A 00
To TPM: 00 00 01 00 00 00 00 04 C0 00 00 09 00 4E CA B1
To TPM: 7D DC 9C 1F D1 68 1C 2B 3C FB C3 57 CB 04 DF 1A
To TPM: 10 99 76 83 00 C3 67 E3 9C 63 82 7B EF 28 F3 22
To TPM: 0F A5 D9 4F 45 5A 76 EF 41
TCSD TDDL tddl.c:171 Calling write to driver
From TPM: 00 C4 00 00 00 0A 00 00 00 58
LOG_RETERR TPM tcsi_daa.c:165: 0x58
TCSD TCS tcsi_daa.c:166 UnloadBlob (paramSize=10) result=88
TCSD TCS tcsi_daa.c:188 Leaving DaaSign with result:88

thanks in advance.

Bill

Bill Martin

2015-11-19 01:07:38 UTC

Permalink

Just a followup.

I can successfully sign a message using the -m option in ~/trousers-0.3.10/src/tspi/daa/test_sign. So I do not think the problem is the structure of the TrouSerS software. I suspect something in the chip. Error code 0x58, TPM_E_BAD_HANDLE, is not mentioned in the TPM command spec. The IBM TPM emulator suggests it's a problem with the session handle. Yet the previous stages worked. Here is my Stage 10 output when signData.payload was a hash digest message. The stage completed successfully:

LOG_DEBUG TSPI daa/daa_verifier/verifier_transaction.c:364 compute_sign_challenge_host[20]:07DF58CC7C9AEF3834C748C0312AC52A4058B9DC
LOG_DEBUG TSPI daa/daa_platform/platform.c:167 Tcsip_TPM_DAA_Sign(tcsContext=c0000001,hDAA=c0000008,sign_session=33857c, hTPM=c0000004 stage=9)
LOG_DEBUG TSPI daa/daa_platform/platform.c:169 obj_tpm_get_policy(hTPM=C0000004)
LOG_DEBUG TSPI daa/daa_platform/platform.c:172 Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Sign, hashblob)
LOG_DEBUG TSPI daa/daa_platform/platform.c:175 Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest)
LOG_DEBUG TSPI daa/daa_platform/platform.c:178 Trspi_LoadBlob_UINT32(&offset, 0, hashblob)
LOG_DEBUG TSPI daa/daa_platform/platform.c:181 Trspi_LoadBlob_UINT32(&offset, inputSize0:20
LOG_DEBUG TSPI daa/daa_platform/platform.c:186 Trspi_LoadBlob_UINT32(&offset, inputSize1:0
LOG_DEBUG TSPI rpc/tcstp/rpc_auth.c:37 RPC_OIAP_TP: TCS Context: 0xa028f207
TCSD tcsd_threads.c:232 total_recv_size 33, buf_size 1024, recd_so_far 28
TCSD tcsd_threads.c:277 recv_chunk_size 5 recd_so_far 28
TCSD tcsd_threads.c:284 Rx'd packet
TCSD TCS rpc/tcstp/rpc.c:581 Dispatching ordinal 23 (OIAP)
TCSD TCS rpc/tcstp/rpc_auth.c:44 tcs_wrap_OIAP: thread -1228639120 context a028f207
TCSD TCS tcsi_auth.c:40 Entering TCSI_OIAP
To TPM: 00 C1 00 00 00 0A 00 00 00 0A
TCSD TDDL tddl.c:171 Calling write to driver
>From TPM: 00 C4 00 00 00 22 00 00 00 00 00 39 8C 59 2F F6
>From TPM: 46 84 2A 95 C3 E7 2D 38 88 73 C7 98 79 38 7F 8D
>From TPM: 05 BB
TCSD TCS tcs_auth_mgr.c:383 added auth for TCS a028f207 TPM 398c59
TCSD tcsd_threads.c:313 Sending 0x36 bytes back
LOG_DEBUG TSPI obj_policy.c:230 Got a secret:
04 0C 8B 0D B6 11 64 34 7A C1 23 FE 39 AC 17 3A
6F 2D 2F B1
LOG_DEBUG TSPI daa/daa_platform/platform.c:194 secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Sign ret=0
LOG_DEBUG TSPI daa/daa_platform/platform.c:201 TCSP_DAASign(c0000001,c0000004,stage=9,14,1692d88,0,0,beb3670c)
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:121 RPC_DaaSign_TP: stage=9
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:124 RPC_DaaSign_TP: TCS Context: 0xa028f207
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:133 RPC_DaaSign_TP: inputSize0=<network>=20 <host>=20
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:138 RPC_DaaSign_TP: inputSize1=<network>=0 <host>=0
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:145 RPC_DaaSign_TP: sendTCSDPacket: 0x168d2d0
TCSD tcsd_threads.c:232 total_recv_size 118, buf_size 1024, recd_so_far 28
TCSD tcsd_threads.c:277 recv_chunk_size 90 recd_so_far 28
TCSD tcsd_threads.c:284 Rx'd packet
TCSD TCS rpc/tcstp/rpc.c:581 Dispatching ordinal 75 (DaaSign)
TCSD TCS rpc/tcstp/rpc_daa.c:155 tcs_wrap_DaaSign: thread -1228639120 hDAA 33857c
TCSD TCS rpc/tcstp/rpc_daa.c:159 tcs_wrap_DaaSign: getData 2 (stage=9)
TCSD TCS rpc/tcstp/rpc_daa.c:163 getData 3 inputSize0=20
TCSD TCS rpc/tcstp/rpc_daa.c:171 getData 4 inputData0
TCSD TCS rpc/tcstp/rpc_daa.c:177 getData 5
TCSD TCS rpc/tcstp/rpc_daa.c:182 getData 5 inputSize1=0
TCSD TCS rpc/tcstp/rpc_daa.c:200 getData 7
TCSD TCS rpc/tcstp/rpc_daa.c:207 tcs_wrap_DaaSign: -> TCSP_DaaSign_internal
TCSD TCS tcsi_daa.c:128 TCSP_DaaSign_internal: Enter
TCSD TCS tcsi_daa.c:162 req_mgr_submit_req (oldOffset=88)
To TPM: 00 C2 00 00 00 58 00 00 00 31 00 33 85 7C 09 00
To TPM: 00 00 14 07 DF 58 CC 7C 9A EF 38 34 C7 48 C0 31
To TPM: 2A C5 2A 40 58 B9 DC 00 00 00 00 00 39 8C 59 17
To TPM: 68 4B 39 D8 93 4D 71 E8 18 A7 9D 8B 24 E8 EF F0
To TPM: 5A A1 8F 00 D6 0A 1C 00 96 C3 16 98 EE 56 73 A4
To TPM: C8 41 36 F0 5C 99 39 F3
TCSD TDDL tddl.c:171 Calling write to driver
>From TPM: 00 C5 00 00 00 4B 00 00 00 00 00 00 00 14 54 31
>From TPM: F5 36 12 FB A0 43 EC 89 C1 F4 85 D6 2D 18 22 03
>From TPM: EC CA D2 49 32 AF 32 F2 8D 78 E3 5F DA B6 B2 28
>From TPM: A8 8E 95 EE C8 D9 00 3C 91 D7 ED 05 B3 4B A4 3A
>From TPM: 98 C4 0B 79 C0 AD 31 13 E5 E5 93
TCSD TCS tcsi_daa.c:166 UnloadBlob (paramSize=75) result=0
TCSD TCS tcsi_daa.c:188 Leaving DaaSign with result:0
To TPM: 00 C1 00 00 00 12 00 00 00 BA 00 39 8C 59 00 00
To TPM: 00 02
TCSD TDDL tddl.c:171 Calling write to driver
>From TPM: 00 C4 00 00 00 0A 00 00 00 22
LOG_RETERR TPM tcsi_admin.c:464: 0x22
TCSD TCS tcs_auth_mgr.c:287 Tried to close an invalid auth handle: 398c59
TCSD TCS tcs_auth_mgr.c:118 no threads need to be signaled.
TCSD TCS rpc/tcstp/rpc_daa.c:216 tcs_wrap_DaaSign: <- TCSP_DaaSign_internal
TCSD tcsd_threads.c:313 Sending 0x60 bytes back
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:153 RPC_DaaSign_TP: getData outputSize
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:171 RPC_DaaSign_TP: getData outputData (outputSize=20)
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:181 RPC_DaaSign_TP: result=0
LOG_DEBUG TSPI daa/daa_platform/platform.c:221 TCSP_DAASign stage=9 outputSize=20 outputData=beb3676c RESULT=0
LOG_DEBUG TSPI daa/daa_platform/platform.c:2422 done Sign 9 - compute sign challenge host. Return nonce_tpm
LOG_DEBUG TSPI daa/daa_platform/platform.c:167 Tcsip_TPM_DAA_Sign(tcsContext=c0000001,hDAA=c0000008,sign_session=33857c, hTPM=c0000004 stage=10)
LOG_DEBUG TSPI daa/daa_platform/platform.c:169 obj_tpm_get_policy(hTPM=C0000004)
LOG_DEBUG TSPI daa/daa_platform/platform.c:172 Trspi_LoadBlob_UINT32(&offset, TPM_ORD_DAA_Sign, hashblob)
LOG_DEBUG TSPI daa/daa_platform/platform.c:175 Trspi_Hash(TSS_HASH_SHA1, offset, hashblob, digest.digest)
LOG_DEBUG TSPI daa/daa_platform/platform.c:178 Trspi_LoadBlob_UINT32(&offset, 0, hashblob)
LOG_DEBUG TSPI daa/daa_platform/platform.c:181 Trspi_LoadBlob_UINT32(&offset, inputSize0:1
LOG_DEBUG TSPI daa/daa_platform/platform.c:186 Trspi_LoadBlob_UINT32(&offset, inputSize1:20
LOG_DEBUG TSPI rpc/tcstp/rpc_auth.c:37 RPC_OIAP_TP: TCS Context: 0xa028f207
TCSD tcsd_threads.c:232 total_recv_size 33, buf_size 1024, recd_so_far 28
TCSD tcsd_threads.c:277 recv_chunk_size 5 recd_so_far 28
TCSD tcsd_threads.c:284 Rx'd packet
TCSD TCS rpc/tcstp/rpc.c:581 Dispatching ordinal 23 (OIAP)
TCSD TCS rpc/tcstp/rpc_auth.c:44 tcs_wrap_OIAP: thread -1228639120 context a028f207
TCSD TCS tcsi_auth.c:40 Entering TCSI_OIAP
To TPM: 00 C1 00 00 00 0A 00 00 00 0A
TCSD TDDL tddl.c:171 Calling write to driver
>From TPM: 00 C4 00 00 00 22 00 00 00 00 00 6B 6C 82 ED AD
>From TPM: F9 4F 18 BE E7 DA 5B 94 4A D1 29 8C EE BA A1 29
>From TPM: FB B1
TCSD TCS tcs_auth_mgr.c:383 added auth for TCS a028f207 TPM 6b6c82
TCSD tcsd_threads.c:313 Sending 0x36 bytes back
LOG_DEBUG TSPI obj_policy.c:230 Got a secret:
04 0C 8B 0D B6 11 64 34 7A C1 23 FE 39 AC 17 3A
6F 2D 2F B1
LOG_DEBUG TSPI daa/daa_platform/platform.c:194 secret_PerformAuth_OIAP(hTPM, TPM_ORD_DAA_Sign ret=0
LOG_DEBUG TSPI daa/daa_platform/platform.c:201 TCSP_DAASign(c0000001,c0000004,stage=a,1,beb36773,14,168ffb0,beb3670c)
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:121 RPC_DaaSign_TP: stage=10
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:124 RPC_DaaSign_TP: TCS Context: 0xa028f207
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:133 RPC_DaaSign_TP: inputSize0=<network>=1 <host>=1
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:138 RPC_DaaSign_TP: inputSize1=<network>=20 <host>=20
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:145 RPC_DaaSign_TP: sendTCSDPacket: 0x168d2d0
TCSD tcsd_threads.c:232 total_recv_size 119, buf_size 1024, recd_so_far 28
TCSD tcsd_threads.c:277 recv_chunk_size 91 recd_so_far 28
TCSD tcsd_threads.c:284 Rx'd packet
TCSD TCS rpc/tcstp/rpc.c:581 Dispatching ordinal 75 (DaaSign)
TCSD TCS rpc/tcstp/rpc_daa.c:155 tcs_wrap_DaaSign: thread -1228639120 hDAA 33857c
TCSD TCS rpc/tcstp/rpc_daa.c:159 tcs_wrap_DaaSign: getData 2 (stage=10)
TCSD TCS rpc/tcstp/rpc_daa.c:163 getData 3 inputSize0=1
TCSD TCS rpc/tcstp/rpc_daa.c:171 getData 4 inputData0
TCSD TCS rpc/tcstp/rpc_daa.c:177 getData 5
TCSD TCS rpc/tcstp/rpc_daa.c:182 getData 5 inputSize1=20
TCSD TCS rpc/tcstp/rpc_daa.c:192 getData 6 inputData1
TCSD TCS rpc/tcstp/rpc_daa.c:200 getData 7
TCSD TCS rpc/tcstp/rpc_daa.c:207 tcs_wrap_DaaSign: -> TCSP_DaaSign_internal
TCSD TCS tcsi_daa.c:128 TCSP_DaaSign_internal: Enter
TCSD TCS tcsi_daa.c:162 req_mgr_submit_req (oldOffset=89)
To TPM: 00 C2 00 00 00 59 00 00 00 31 00 33 85 7C 0A 00
To TPM: 00 00 01 01 00 00 00 14 E7 E8 3E 4A 52 6F 55 16
To TPM: 31 1B B4 33 66 73 86 D3 35 8E B4 6B 00 6B 6C 82
To TPM: 84 B0 A9 DE A2 85 57 F9 22 A1 8F 5B FC E5 24 19
To TPM: 43 23 88 E9 00 8C 06 B1 7C 3F 68 1D 97 3E 00 03
To TPM: 37 BC DA 1D F3 3E 7B D4 26
TCSD TDDL tddl.c:171 Calling write to driver
>From TPM: 00 C5 00 00 00 4B 00 00 00 00 00 00 00 14 B0 90
>From TPM: 7A 4C 2E D7 52 D8 68 0B 93 F1 31 18 44 23 72 35
>From TPM: 2F 4F 28 4E D1 2E 43 E0 EB 1A AE 50 69 4D 3F 30
>From TPM: D1 AB F1 8E E3 AD 00 AD EF 59 6C C5 FE 5B 07 18
>From TPM: 70 8D 5A E4 7E 48 F1 1D 3D A1 76
TCSD TCS tcsi_daa.c:166 UnloadBlob (paramSize=75) result=0
TCSD TCS tcsi_daa.c:188 Leaving DaaSign with result:0
To TPM: 00 C1 00 00 00 12 00 00 00 BA 00 6B 6C 82 00 00
To TPM: 00 02
TCSD TDDL tddl.c:171 Calling write to driver
>From TPM: 00 C4 00 00 00 0A 00 00 00 22
LOG_RETERR TPM tcsi_admin.c:464: 0x22
TCSD TCS tcs_auth_mgr.c:287 Tried to close an invalid auth handle: 6b6c82
TCSD TCS tcs_auth_mgr.c:118 no threads need to be signaled.
TCSD TCS rpc/tcstp/rpc_daa.c:216 tcs_wrap_DaaSign: <- TCSP_DaaSign_internal
TCSD tcsd_threads.c:313 Sending 0x60 bytes back
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:153 RPC_DaaSign_TP: getData outputSize
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:171 RPC_DaaSign_TP: getData outputData (outputSize=20)
LOG_DEBUG TSPI rpc/tcstp/rpc_daa.c:181 RPC_DaaSign_TP: result=0
LOG_DEBUG TSPI daa/daa_platform/platform.c:221 TCSP_DAASign stage=10 outputSize=20 outputData=beb36768 RESULT=0
LOG_DEBUG TSPI daa/daa_platform/platform.c:2430 calculation of c: ch[20]07DF58CC7C9AEF3834C748C0312AC52A4058B9DC
LOG_DEBUG TSPI daa/daa_platform/platform.c:2433 calculation of c: nonce_tpm[20]5431F53612FBA043EC89C1F485D62D182203ECCA
LOG_DEBUG TSPI daa/daa_platform/platform.c:2436 calculation of c: sign_data.payloadFlag[1]1
LOG_DEBUG TSPI daa/daa_platform/platform.c:2439 calculation of c: signdata.payload[20]E7E83E4A526F5516311BB433667386D3358EB46B
LOG_DEBUG TSPI daa/daa_platform/platform.c:2442 done Sign 10 - compute signData.payload.
LOG_DEBUG TSPI daa/daa_platform/platform.c:2445 Return c_bytes[20]B0907A4C2ED752D8680B93F13118442372352F4F

?

Ken Goldman

2015-11-19 22:45:44 UTC

Permalink

On 11/18/2015 8:07 PM, Bill Martin wrote:

>
> I can successfully sign a message using the -m option in
> ~/trousers-0.3.10/src/tspi/daa/test_sign. So I do not think the problem
> is the structure of the TrouSerS software. I suspect something in the
> chip. Error code 0x58, TPM_E_BAD_HANDLE, is not mentioned in the TPM
> command spec. The IBM TPM emulator suggests it's a problem with the
> session handle. Yet the previous stages worked. Here is my Stage 10
> output when signData.payload was a hash digest message. The stage
> completed successfully:

I don't see a 0x58 in your trace. I believe that it is out of the range
of TPM return codes.

If you send me the IBM TPM trace, I can see if there's anything obvious.
I'm not a DAA expert, though.

A trick I've used to line up the TPM and TSS traces is to use the
session nonces.

It's always possible that there's a bug in the TPM. The only regression
testing I did on the SW TPM was the IBM Zurich DAA regression test. I
suspect it's what everyone used.

------------------------------------------------------------------------------

Bill Martin

2016-01-06 18:23:24 UTC

Permalink

This post might be inappropriate. Click to display it.

David Challener

2016-01-06 19:15:34 UTC

Permalink

Yes, this is also a problem for using owner-evict keys. Once you have
logged off the session, you can't get a key handle back for them using TSS.
I lobbied pretty ahrd to fix that, but got nowhere.

On Wed, Jan 6, 2016 at 1:23 PM, Bill Martin <***@ghs.com> wrote:

> Here is a followup. I had a problem with the DAA_Sign stage 10 when I
> tried to sign a AIK handle. It took a while since I had other tasks. Ken
> encouraged me to use the SW TPM. From the software TPM (and the TPM Main
> Part 3 Comands guide) it was clear the TPM key handle (as opposed to "TPM
> Handle") was not getting passed out of TCS to the TSP. In fact, there is no
> function that I have found in TrouSerS 0.3.10 to pass out the TPM Key
> Handle to the TSP. The short term solution is at the time you load the AIK,
> the TCS call LoadKeyByBlob_Internal needed a hack to save off the TPM Key
> Handle to a binary file. the newSlot variables essentially the handle
> retrieved from the TPM ("TPM Key Handle"). The test_sign.c file has to be
> modified (in addition to the other modifications I made) to retrieve the
> key handle and store it in signData.payload (reverse-byte order) when
> signData.payloadFlag = TSS_FLAG_DAA_SIGN_IDENTITY_KEY. Also just before
> the call to Tspi_DAA_VerifySignature, reallocate the signData.payload to
> hold the 256-byte modulus of the AIK and retrieve the modulus using
> Tspi_GetAttribData.
>
> A few years back, the late Hal Finney wrote a nice progress report on his
> attempt to get the DAA going. Unfortunately I could not find his work on
> line. I think DAA is a great process and I know TPM 2.0 will have ECDAA in
> it. I think I did as much as Hal Finney did - I do not have the anonymity
> revocation feature nor do I have the commitments done.
>
> The key point is that the TCS layer needs a way to export the TPM Key
> Handle to the TSCI for the TPM DAA Sign stage 10.
>
> I have saved my work in a tar and have to take out some debug statements
> (and the writing of the TPM Key handle is to a fixed folder, so I will have
> to fix that) - before others can make use of this.
>
> The work that needs to be done includes commitments and anonymity
> revocation. But all the TPM functionality works, as far as I can tell.
>
> thanks
>
> Bill Martin
> ________________________________________
> From: Ken Goldman <***@us.ibm.com>
> Sent: Thursday, November 19, 2015 2:45 PM
> To: trousers-***@lists.sourceforge.net
> Subject: Re: [TrouSerS-users] Bad Handle to AIK in DAA_Sign stage 10
>
> On 11/18/2015 8:07 PM, Bill Martin wrote:
>
> >
> > I can successfully sign a message using the -m option in
> > ~/trousers-0.3.10/src/tspi/daa/test_sign. So I do not think the problem
> > is the structure of the TrouSerS software. I suspect something in the
> > chip. Error code 0x58, TPM_E_BAD_HANDLE, is not mentioned in the TPM
> > command spec. The IBM TPM emulator suggests it's a problem with the
> > session handle. Yet the previous stages worked. Here is my Stage 10
> > output when signData.payload was a hash digest message. The stage
> > completed successfully:
>
> I don't see a 0x58 in your trace. I believe that it is out of the range
> of TPM return codes.
>
> If you send me the IBM TPM trace, I can see if there's anything obvious.
> I'm not a DAA expert, though.
>
> A trick I've used to line up the TPM and TSS traces is to use the
> session nonces.
>
> It's always possible that there's a bug in the TPM. The only regression
> testing I did on the SW TPM was the IBM Zurich DAA regression test. I
> suspect it's what everyone used.
>
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> TrouSerS-users mailing list
> TrouSerS-***@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/trousers-users
>
> ------------------------------------------------------------------------------
> _______________________________________________
> TrouSerS-users mailing list
> TrouSerS-***@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/trousers-users
>

Ken Goldman

2015-11-19 22:38:34 UTC

Permalink

On 11/17/2015 12:22 PM, Bill Martin wrote:
> I am using Trousers 0.3.10 and use an Infineon SLB9645 TPM.
>
> In 15.2 of "TPM Main Part 3 Commands" spec for TPM 1.2 I see from the
> description of the TPM_ActivateIdentity command that the hash of the
> identity key might be calculated - provided a payload is a
> TPM_ASYM_CA_CONTENTS form. Does this hash get stored in the TPM?

At a high level, during TPM_ActivateIdentity:

The TPM calculates the hash of the public part of the already loaded
identity key. It compares that to the supplied
TPM_ASYM_CA_CONTENTS->idDigest.

It previously checked that the key is really an identity key.

The prevents an attacker from activating a key that isn't an identity
key, or of an identity key not connected to this TPM.

------------------------------------------------------------------------------