From bfce0002cdeb27446d919348fffd9bfdd8a97f24 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Wed, 5 Nov 2025 09:35:11 -0800 Subject: [PATCH 1/2] ek: fixup auth policies For a reason I'm not clear about, the templates used for the EK were incorrect for anything but NistP256 and Rsa2048. I'm fairly convinced the authPolicy should always be the values of PolicyA (Table 15 in the [spec]). [spec]: https://trustedcomputinggroup.org/wp-content/uploads/EK-Credential-Profile-For-TPM-Family-2.0-Level-0-V2.5-R1.0_28March2022.pdf#page=55 Signed-off-by: Arthur Gautier --- tss-esapi/src/abstraction/ek.rs | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/tss-esapi/src/abstraction/ek.rs b/tss-esapi/src/abstraction/ek.rs index dcba25ad..49aeb7e7 100644 --- a/tss-esapi/src/abstraction/ek.rs +++ b/tss-esapi/src/abstraction/ek.rs @@ -38,6 +38,27 @@ const AUTHPOLICY_A_SHA256: [u8; 32] = [ 0x83, 0x71, 0x97, 0x67, 0x44, 0x84, 0xb3, 0xf8, 0x1a, 0x90, 0xcc, 0x8d, 0x46, 0xa5, 0xd7, 0x24, 0xfd, 0x52, 0xd7, 0x6e, 0x06, 0x52, 0x0b, 0x64, 0xf2, 0xa1, 0xda, 0x1b, 0x33, 0x14, 0x69, 0xaa, ]; +const AUTHPOLICY_A_SHA384: [u8; 48] = [ + 0x8b, 0xbf, 0x22, 0x66, 0x53, 0x7c, 0x17, 0x1c, 0xb5, 0x6e, 0x40, 0x3c, 0x4d, 0xc1, 0xd4, 0xb6, + 0x4f, 0x43, 0x26, 0x11, 0xdc, 0x38, 0x6e, 0x6f, 0x53, 0x20, 0x50, 0xc3, 0x27, 0x8c, 0x93, 0x0e, + 0x14, 0x3e, 0x8b, 0xb1, 0x13, 0x38, 0x24, 0xcc, 0xb4, 0x31, 0x05, 0x38, 0x71, 0xc6, 0xdb, 0x53, +]; +const AUTHPOLICY_A_SHA512: [u8; 64] = [ + 0x1e, 0x3b, 0x76, 0x50, 0x2c, 0x8a, 0x14, 0x25, 0xaa, 0x0b, 0x7b, 0x3f, 0xc6, 0x46, 0xa1, 0xb0, + 0xfa, 0xe0, 0x63, 0xb0, 0x3b, 0x53, 0x68, 0xf9, 0xc4, 0xcd, 0xde, 0xca, 0xff, 0x08, 0x91, 0xdd, + 0x68, 0x2b, 0xac, 0x1a, 0x85, 0xd4, 0xd8, 0x32, 0xb7, 0x81, 0xea, 0x45, 0x19, 0x15, 0xde, 0x5f, + 0xc5, 0xbf, 0x0d, 0xc4, 0xa1, 0x91, 0x7c, 0xd4, 0x2f, 0xa0, 0x41, 0xe3, 0xf9, 0x98, 0xe0, 0xee, +]; +const AUTHPOLICY_A_SM3_256: [u8; 32] = [ + 0xc6, 0x7f, 0x7d, 0x35, 0xf6, 0x6f, 0x3b, 0xec, 0x13, 0xc8, 0x9f, 0xe8, 0x98, 0x92, 0x1c, 0x65, + 0x1b, 0x0c, 0xb5, 0xa3, 0x8a, 0x92, 0x69, 0x0a, 0x62, 0xa4, 0x3c, 0x00, 0x12, 0xe4, 0xfb, 0x8b, +]; + +/* +const AUTHPOLICY_B_SHA256: [u8; 32] = [ + 0xca, 0x3d, 0x0a, 0x99, 0xa2, 0xb9, 0x39, 0x06, 0xf7, 0xa3, 0x34, 0x24, 0x14, 0xef, 0xcf, 0xb3, + 0xa3, 0x85, 0xd4, 0x4c, 0xd1, 0xfd, 0x45, 0x90, 0x89, 0xd1, 0x9b, 0x50, 0x71, 0xc0, 0xb7, 0xa0, +]; const AUTHPOLICY_B_SHA384: [u8; 48] = [ 0xb2, 0x6e, 0x7d, 0x28, 0xd1, 0x1a, 0x50, 0xbc, 0x53, 0xd8, 0x82, 0xbc, 0xf5, 0xfd, 0x3a, 0x1a, 0x07, 0x41, 0x48, 0xbb, 0x35, 0xd3, 0xb4, 0xe4, 0xcb, 0x1c, 0x0a, 0xd9, 0xbd, 0xe4, 0x19, 0xca, @@ -53,6 +74,7 @@ const AUTHPOLICY_B_SM3_256: [u8; 32] = [ 0x16, 0x78, 0x60, 0xa3, 0x5f, 0x2c, 0x5c, 0x35, 0x67, 0xf9, 0xc9, 0x27, 0xac, 0x56, 0xc0, 0x32, 0xf3, 0xb3, 0xa6, 0x46, 0x2f, 0x8d, 0x03, 0x79, 0x98, 0xe7, 0xa1, 0x0f, 0x77, 0xfa, 0x45, 0x4a, ]; +*/ /// Get the [`Public`] representing a default Endorsement Key /// @@ -104,7 +126,7 @@ pub fn create_ek_public_from_default_template( ), RsaKeyBits::Rsa3072 | RsaKeyBits::Rsa4096 => ( HashingAlgorithm::Sha384, - AUTHPOLICY_B_SHA384.into(), + AUTHPOLICY_A_SHA384.into(), SymmetricDefinitionObject::AES_256_CFB, PublicKeyRsa::new_empty(), ), @@ -140,19 +162,19 @@ pub fn create_ek_public_from_default_template( ), EccCurve::NistP384 => ( HashingAlgorithm::Sha384, - AUTHPOLICY_B_SHA384.into(), + AUTHPOLICY_A_SHA384.into(), SymmetricDefinitionObject::AES_256_CFB, 0, ), EccCurve::NistP521 => ( HashingAlgorithm::Sha512, - AUTHPOLICY_B_SHA512.into(), + AUTHPOLICY_A_SHA512.into(), SymmetricDefinitionObject::AES_256_CFB, 0, ), EccCurve::Sm2P256 => ( HashingAlgorithm::Sm3_256, - AUTHPOLICY_B_SM3_256.into(), + AUTHPOLICY_A_SM3_256.into(), SymmetricDefinitionObject::SM4_128_CFB, 0, ), From db7f6cff189ab2f9523ae800557e7aafef607001 Mon Sep 17 00:00:00 2001 From: Arthur Gautier Date: Wed, 5 Nov 2025 23:39:07 -0800 Subject: [PATCH 2/2] ak: fixup session configuration Signed-off-by: Arthur Gautier --- tss-esapi/src/abstraction/ak.rs | 79 +++------------------------------ 1 file changed, 7 insertions(+), 72 deletions(-) diff --git a/tss-esapi/src/abstraction/ak.rs b/tss-esapi/src/abstraction/ak.rs index 44c335e6..518513ac 100644 --- a/tss-esapi/src/abstraction/ak.rs +++ b/tss-esapi/src/abstraction/ak.rs @@ -14,47 +14,14 @@ use crate::{ session_handles::PolicySession, }, structures::{ - Auth, CreateKeyResult, DigestList, EccPoint, EccScheme, KeyDerivationFunctionScheme, - Private, Public, PublicBuilder, PublicEccParametersBuilder, PublicKeyRsa, - PublicRsaParametersBuilder, RsaExponent, RsaScheme, SymmetricDefinitionObject, + Auth, CreateKeyResult, EccPoint, EccScheme, KeyDerivationFunctionScheme, Private, Public, + PublicBuilder, PublicEccParametersBuilder, PublicKeyRsa, PublicRsaParametersBuilder, + RsaExponent, RsaScheme, SymmetricDefinitionObject, }, Context, Error, Result, WrapperErrorKind, }; use std::convert::TryFrom; -// Source: TCG EK Credential Profile for TPM Family 2.0; Level 0 Version 2.5 Revision 2 -// Section B.6 -const POLICY_A_SHA384: [u8; 48] = [ - 0x8b, 0xbf, 0x22, 0x66, 0x53, 0x7c, 0x17, 0x1c, 0xb5, 0x6e, 0x40, 0x3c, 0x4d, 0xc1, 0xd4, 0xb6, - 0x4f, 0x43, 0x26, 0x11, 0xdc, 0x38, 0x6e, 0x6f, 0x53, 0x20, 0x50, 0xc3, 0x27, 0x8c, 0x93, 0x0e, - 0x14, 0x3e, 0x8b, 0xb1, 0x13, 0x38, 0x24, 0xcc, 0xb4, 0x31, 0x05, 0x38, 0x71, 0xc6, 0xdb, 0x53, -]; -const POLICY_A_SHA512: [u8; 64] = [ - 0x1e, 0x3b, 0x76, 0x50, 0x2c, 0x8a, 0x14, 0x25, 0xaa, 0x0b, 0x7b, 0x3f, 0xc6, 0x46, 0xa1, 0xb0, - 0xfa, 0xe0, 0x63, 0xb0, 0x3b, 0x53, 0x68, 0xf9, 0xc4, 0xcd, 0xde, 0xca, 0xff, 0x08, 0x91, 0xdd, - 0x68, 0x2b, 0xac, 0x1a, 0x85, 0xd4, 0xd8, 0x32, 0xb7, 0x81, 0xea, 0x45, 0x19, 0x15, 0xde, 0x5f, - 0xc5, 0xbf, 0x0d, 0xc4, 0xa1, 0x91, 0x7c, 0xd4, 0x2f, 0xa0, 0x41, 0xe3, 0xf9, 0x98, 0xe0, 0xee, -]; -const POLICY_A_SM3_256: [u8; 32] = [ - 0xc6, 0x7f, 0x7d, 0x35, 0xf6, 0x6f, 0x3b, 0xec, 0x13, 0xc8, 0x9f, 0xe8, 0x98, 0x92, 0x1c, 0x65, - 0x1b, 0x0c, 0xb5, 0xa3, 0x8a, 0x92, 0x69, 0x0a, 0x62, 0xa4, 0x3c, 0x00, 0x12, 0xe4, 0xfb, 0x8b, -]; -const POLICY_C_SHA384: [u8; 48] = [ - 0xd6, 0x03, 0x2c, 0xe6, 0x1f, 0x2f, 0xb3, 0xc2, 0x40, 0xeb, 0x3c, 0xf6, 0xa3, 0x32, 0x37, 0xef, - 0x2b, 0x6a, 0x16, 0xf4, 0x29, 0x3c, 0x22, 0xb4, 0x55, 0xe2, 0x61, 0xcf, 0xfd, 0x21, 0x7a, 0xd5, - 0xb4, 0x94, 0x7c, 0x2d, 0x73, 0xe6, 0x30, 0x05, 0xee, 0xd2, 0xdc, 0x2b, 0x35, 0x93, 0xd1, 0x65, -]; -const POLICY_C_SHA512: [u8; 64] = [ - 0x58, 0x9e, 0xe1, 0xe1, 0x46, 0x54, 0x47, 0x16, 0xe8, 0xde, 0xaf, 0xe6, 0xdb, 0x24, 0x7b, 0x01, - 0xb8, 0x1e, 0x9f, 0x9c, 0x7d, 0xd1, 0x6b, 0x81, 0x4a, 0xa1, 0x59, 0x13, 0x87, 0x49, 0x10, 0x5f, - 0xba, 0x53, 0x88, 0xdd, 0x1d, 0xea, 0x70, 0x2f, 0x35, 0x24, 0x0c, 0x18, 0x49, 0x33, 0x12, 0x1e, - 0x2c, 0x61, 0xb8, 0xf5, 0x0d, 0x3e, 0xf9, 0x13, 0x93, 0xa4, 0x9a, 0x38, 0xc3, 0xf7, 0x3f, 0xc8, -]; -const POLICY_C_SM3_256: [u8; 32] = [ - 0x2d, 0x4e, 0x81, 0x57, 0x8c, 0x35, 0x31, 0xd9, 0xbd, 0x1c, 0xdd, 0x7d, 0x02, 0xba, 0x29, 0x8d, - 0x56, 0x99, 0xa3, 0xe3, 0x9f, 0xc3, 0x55, 0x1b, 0xfe, 0xff, 0xcf, 0x13, 0x2b, 0x49, 0xe1, 0x1d, -]; - fn create_ak_public( key_alg: AsymmetricAlgorithmSelection, hash_alg: HashingAlgorithm, @@ -134,29 +101,11 @@ fn create_ak_public( fn session_config( context: &mut Context, parent: KeyHandle, -) -> Result<(HashingAlgorithm, SymmetricDefinitionObject, DigestList)> { +) -> Result<(HashingAlgorithm, SymmetricDefinitionObject)> { let parent_hash_alg = context.read_public(parent)?.0.name_hashing_algorithm(); let parent_symmetric = context.read_public(parent)?.0.symmetric_algorithm()?; - let mut policy_digests = DigestList::new(); - - match parent_hash_alg { - HashingAlgorithm::Sha384 => { - policy_digests.add(POLICY_A_SHA384.into())?; - policy_digests.add(POLICY_C_SHA384.into())? - } - HashingAlgorithm::Sha512 => { - policy_digests.add(POLICY_A_SHA512.into())?; - policy_digests.add(POLICY_C_SHA512.into())? - } - HashingAlgorithm::Sm3_256 => { - policy_digests.add(POLICY_A_SM3_256.into())?; - policy_digests.add(POLICY_C_SM3_256.into())? - } - _ => (), - }; - - Ok((parent_hash_alg, parent_symmetric, policy_digests)) + Ok((parent_hash_alg, parent_symmetric)) } /// This loads an Attestation Key previously generated under the Endorsement hierarchy @@ -167,7 +116,7 @@ pub fn load_ak( private: Private, public: Public, ) -> Result { - let (parent_hash_alg, parent_symmetric, policy_digests) = session_config(context, parent)?; + let (parent_hash_alg, parent_symmetric) = session_config(context, parent)?; let policy_auth_session = context .start_auth_session( @@ -209,13 +158,6 @@ pub fn load_ak( ) })?; - if !policy_digests.is_empty() { - ctx.policy_or( - PolicySession::try_from(policy_auth_session)?, - policy_digests, - )? - } - ctx.execute_with_session(Some(policy_auth_session), |ctx| { ctx.load(parent, private, public) }) @@ -240,7 +182,7 @@ pub fn create_ak( key_customization: IKC, ) -> Result { let ak_pub = create_ak_public(key_alg, hash_alg, sign_alg, key_customization)?; - let (parent_hash_alg, parent_symmetric, policy_digests) = session_config(context, parent)?; + let (parent_hash_alg, parent_symmetric) = session_config(context, parent)?; let policy_auth_session = context .start_auth_session( @@ -282,13 +224,6 @@ pub fn create_ak( ) })?; - if !policy_digests.is_empty() { - ctx.policy_or( - PolicySession::try_from(policy_auth_session)?, - policy_digests, - )? - }; - ctx.execute_with_session(Some(policy_auth_session), |ctx| { ctx.create(parent, ak_pub, ak_auth_value, None, None, None) })