tpm2_create TPM2_ALG_ECDAA support

[SchermannR]

Hi,

may I'm missing something. How I create an ECDAA key with the tpm2_create function? This algorithm seems not to be specified.

Cheers

[idesai]

-G ecc256:ecdaa-sha384

[SchermannR]

Thanks. May I put another question. How I can certify a child key with an ecdaa key?

`tpm2_createprimary -C e -g sha256 -G ecc-c primaryEcc.ctx

tpm2_create -G ecc-u certifyEcc.pub -r certifyEcc.priv -C primaryEcc.ctx

tpm2_load -C primaryEcc.ctx -u certifyEcc.pub -r certifyEcc.priv -n certifyEcc.name -c certifyEcc.ctx

tpm2_create -G ecc256:ecdaa-sha256 -u certifyEcc1.pub -r certifyEcc1.priv -C primaryEcc.ctx tpm2_load -C primaryEcc.ctx -u certifyEcc1.pub -r certifyEcc1.priv -n certifyEcc1.name -c certifyEcc1.ctx

tpm2_commit -c certifyEccDaa.ctx -t count.er --eccpoint-K K.bin --eccpoint-L L.bin -u E.bin

tpm2_certify -c certifyEcc.ctx -C certifyEcc1.ctx --scheme ecdaa -g sha256 -o attestEcc1.out -s sigEcc1.out`

it worked once - After a reset of the HW TPM. Then:

Error Output: WARNING:esys:src/tss2-esys/api/Esys_Certify.c:331:Esys_Certify_Finish() Received TPM Error ERROR:esys:src/tss2-esys/api/Esys_Certify.c:107:Esys_Certify() Esys Finish ErrorCode (0x00000084) ERROR: Eys_Certify(0x84) - tpm:handle(unk):value is out of range or is not correct for the context ERROR: Unable to run tpm2_certify

[SchermannR]

Ok I tried it now with a signature -> each sign with an eccdaa key depends on the counter value. However, in the tpm2_certify I am not able to define a counter value. So when the counter is set to 0 (after a reset for example) the tpm2_certify functions works. The 2nd run will be canceled with the error message above.

[SchermannR]

Created a new issue - seems to be a bug here. Anyway,I try to fix it in the meantime in the code. https://github.com/tpm2-software/tpm2-tools/issues/3115