Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve error messages of Public{Ecc,Rsa}ParametersBuilder #431

Merged
merged 1 commit into from
Sep 14, 2023
Merged

Improve error messages of Public{Ecc,Rsa}ParametersBuilder #431

merged 1 commit into from
Sep 14, 2023

Conversation

brandsimon
Copy link
Contributor

@brandsimon brandsimon commented Sep 10, 2023
edited
Loading

I am not sure, if the 'restricted' and 'is_decrypt_key' is wanted, since it is used that way in computing languages (but not in human language).

@brandsimon
Copy link
Contributor Author

brandsimon commented Sep 10, 2023
edited
Loading

Tbh I am not sure if the logic here is correct.
I am trying to port a shell-script to rust with no success at all. It loads an object into the TPM (protected by a primary-endorsement-key protected by PCRs) and signs something with it.

I'd appreciate if someone can have a look, the shell script, rust-code and output are here:
https://gist.github.com/brandsimon/b6c898a5a5021cf9757756a8319b741e
The public and private portion can be created with this script: (choose PCR 7):
https://gitlab.com/cryptographic_id/cryptographic-id-rs/-/blob/v0.2.2/usr/bin/cryptographic_id_add_initramfs

@ionut-arm
Copy link
Member

Hey! Thanks for the patch. Looking at your output and Rust code, it seems you're getting TPM_RC_SCHEME, which (given the documentation of TPM2_Create) would mean you might be using the wrong ECC scheme. For our EK abstraction we use EccScheme::Null - perhaps you can try with that?

@brandsimon
Copy link
Contributor Author

@ionut-arm
Thank you very much! I think your hint was a huge step into the right direction.

@Superhepper
Copy link
Collaborator

There are a lot fo magical things tpm2-tools does in the background that one unfortunately have to do manually when porting from a script into a program. So if one wants to find out the root of the problem one needs to dig through the tpm2-tool code and have the specification ready at hand. But as @ionut-arm mentioned and from my own experience a mismatch in scheme between either a key and operation one tries to perform is not unusual.

wiktor-k
wiktor-k approved these changes Sep 14, 2023
View reviewed changes
Copy link
Collaborator

@wiktor-k wiktor-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it looks good 👍 . Fix the spelling though 😅

@brandsimon
Copy link
Contributor Author

@wiktor-k
I change a typo against a typo 😆

@Superhepper
Thank you, I found a lot in the tpm2-tools (like correct algorithms). I still struggle a bit, but I don't thick it could be related to the logic in PublicEccParametersBuilder anymore. I will ask in the slack channel if I have more questions.

@wiktor-k wiktor-k merged commit 56f7b1d into parallaxsecond:main Sep 14, 2023
9 of 10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wiktor-k wiktor-k wiktor-k approved these changes

@Superhepper Superhepper Superhepper approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@brandsimon @ionut-arm @Superhepper @wiktor-k