-
Notifications
You must be signed in to change notification settings - Fork 366
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: Add user-level mu-api call for key derivation #2101
base: master
Are you sure you want to change the base?
Conversation
Alternative: Could also be a candidate for the utility library (#1587)? But I do not know the status there. |
Another possibility: TPM2 Specification Part 2 (01.59, 12.2.3.2 TPMU_PUBLIC_ID, p.140) does not specify a selector for derive. A new selector (e.g., TPM_ALG_DERIVE or TPM_ALG_KEYEDHASH_DERIVE) would make the user level call obsolete. |
But then we'd have a mismatch in the type selector of the surrounding TPMT_PUBLIC structure. |
We're looking at it in the TSS WG now, I think this would be a candidate for the utility library. I'm confused at what the problem this is solving. Isn't a derived object one in where you specify the seed in the template and have sensitiveDataOrigin clear? |
99c8095
to
de8616f
Compare
25f50ed
to
84c1107
Compare
84c1107
to
08249bc
Compare
c7d5a42
to
e50ee38
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #2101 +/- ##
==============================
==============================
☔ View full report in Codecov by Sentry. |
2a5adec
to
a08bc15
Compare
3be1527
to
cb5b8ef
Compare
This commit introduces a new user-level mu-api call (Tss2_MU_TPMT_PUBLIC_DERIVE_Marshal) that allows to create a Derived Object with the command TPM2_CreateLoaded. Signed-off-by: Christian Plappert <[email protected]>
cb5b8ef
to
19487f5
Compare
This commit introduces a new user-level mu-api call
(Tss2_MU_TPMT_PUBLIC_DERIVE_Marshal) that allows to
create a Derived Object with the command TPM2_CreateLoaded.
The rationale for a dedicated user-level call is that from a library
perspective it cannot be determined if a regular keyed-hash object
should be created or a derived object since the Marshalling API
(Tss2_MU_TPMU_PUBLIC_ID_Marshal) selects the dedicated marshalling
method based on the algorithm type which is in both cases TPM2_ALG_KEYEDHASH
(s. code snippet below).
Then we would need to add something like
which results in a duplicate case value.
Since the user knows which type of object he wants to create, I implemented the new
user-level call.
Any feedback on this approach?
Signed-off-by: Christian Plappert [email protected]