tpm2-tss icon indicating copy to clipboard operation
tpm2-tss copied to clipboard
verified publisher icon tpm2-software

finish 1.59 spec support

Open ProLoDs opened this issue 4 years ago • 9 comments

Hi,

i want to calculate a CMAC with the TPM. I have seen, that the TPM2_ALG_CMAC was added, but i have not found out howto use it. The alg.md only specifies the HMAC not the CMAC.

Thank you in advance.

EDIT: looks like it was added here : https://github.com/tpm2-software/tpm2-tools/commit/0d88935be88e9590a893b2532a0271a1cb1ed868. But i can't use it with tpm2 create -Q -G cmac -C primary.ctx. I just get unable to run command. If i execute tpm2_hmac -g cmac -c hmac.ctx --hex data.in it just returns nothing.

Im currently running: tag 5.1.1

ProLoDs avatar Mar 01 '22 12:03 ProLoDs

If I understand correctly, this is currently unsupported by the tpm2-tss library that this project relies on: calculating a CMAC on a TPM seems to require using the TPM2_MAC command, newly introduced in revision 1.59 of the TPM library specification. This command would need to be exposed by the tpm2-tss ESAPI as Esys_MAC, similar to the older Esys_HMAC, in order to be used by tpm2-tools.

I couldn't find a feature request for this in tpm2-tss. It would be worth creating one to keep track of this issue there.

The commit you referred to only adds CMAC to the list of recognised algorithms. This is enough to show whether a TPM has support for it in the output of tpm2 getcap algorithms, but not enough to actually perform CMAC operations.

diabonas avatar Mar 01 '22 16:03 diabonas

The bug is on a list of TODO's to support (1.59 of the spec). We should just create a generic ticket in the tss to finish 1.59 support. We're in an awkward state of support between 1.38 (I think that's the last one offhand) and 1.59.

williamcroberts avatar Mar 01 '22 16:03 williamcroberts

FYI The recent versions of all of our specs should have the 1.59 changes:

  • https://trustedcomputinggroup.org/resources/?workgroups=TPM%20Software%20Stack%20(TSS)&

williamcroberts avatar Mar 01 '22 16:03 williamcroberts

@williamcroberts and @diabonas Thanks for the info. Is there a timeline or version connected to the spec 1.59?

ProLoDs avatar Apr 05 '22 15:04 ProLoDs

I was hoping to be done with it this summer, not sure what kind of time I have on it. Perhaps @JuergenReppSIT or @AndreasFuchsSIT want to get it into a specified timeline?

williamcroberts avatar Apr 05 '22 18:04 williamcroberts

Any News? @JuergenReppSIT , @AndreasFuchsTPM is there a rough timeline? A 'No there is no timeline.' Would be okay too.

ProLoDs avatar Jun 28 '22 12:06 ProLoDs

Any News? @JuergenReppSIT , @AndreasFuchsTPM is there a rough timeline? A 'No there is no timeline.' Would be okay too.

I think I might have @malikabhi05 look at this next, so probably a release within a month or two offhand.

williamcroberts avatar Jun 28 '22 14:06 williamcroberts

@williamcroberts No there is no timeline from my side.

JuergenReppSIT avatar Jun 29 '22 17:06 JuergenReppSIT

@malikabhi05 the first thing to do will be to generate a todo list of each change to make sure we don't miss anything

  • [ ] Add CMAC commands to tss2-sys
  • [ ] Add CMAC commands to tss2-esys
  • [ ] Update signatures for Encrypt/Encrypt2/Decrypt in tss2-sys
  • [ ] Update signatures for Encrypt/Encrypt2/Decrypt in tss2-esys
  • [ ] Etc Etc

williamcroberts avatar Jul 06 '22 21:07 williamcroberts

I guess this is closed since merge of #2402 with the upcoming 4.0 release.

AndreasFuchsTPM avatar Nov 02 '22 11:11 AndreasFuchsTPM