Add duplication example #460
Conversation
|
I believe @wiktor-k might have some working examples or abstractions built to handle something like this - hope I'm not remembering wrong! |
|
Yep, you're right Ionut. I think one example is right in the doctests of the duplicate function. If there are any problems digging it out I'll take a look tomorrow morning. |
|
Btw, check out this tiny example (that should be working). |
|
I think this example is pretty much the same as the one I copied from in the duplication tests (except that the test uses ecc not rsa https://github.com/parallaxsecond/rust-tss-esapi/blob/main/tss-esapi/tests/integration_tests/context_tests/tpm_commands/duplication_commands_tests.rs ). But it has a significant flaw, an that is that you are duplicating from a primary to the same primary. It's not actually testing or demonstrating moving between two separate keys. Additionally, the example I'm trying to make is mean to be for simulating or demonstrating if you have a specific duplication key below a primary, rather than duplicating between the primaries. So that's part of why I want to get this example to work - Because it certainly looks like it's exposing some bugs or flaws in functions like |
|
Just out of curiosity have you tried using RSA keys instead of ECC to see if the example passes? EC keys may have additional requirements for restricted decryption (like KDF specification). I mean: just to take the |
|
Okay, I sorted out the restricted decryption key issues - turns out it was my own silly fault! Anyway, just down to the policy failure with duplication now. Going to re-read your examples to check but I think they're correct. EDIT: The policy I was using was correct and the same as the duplication test, but your example uses an authValue based policy instead (which I actually prefer!). So I have adapted my code to use this, but it still fails in the same way.
|
|
@wiktor-k Can I get a re-review on this? Still stuck here with the duplication key :( |
Sorry for the delay, you know how it is in free-time open-source side-projects 😅 I'll try to take a look early next week and thanks for the ping! 🙏 |
Very much so 😅
Thank you so much for your help! |
Firstyear
force-pushed
the
20231018-add-key-duplication-example
branch
from
38ca201 to
0e84703
Compare
Firstyear
force-pushed
the
20231018-add-key-duplication-example
branch
from
0e84703 to
2d859d9
Compare
|
@wiktor-k Okay I re-read your comments multiple times, I've been reading section 23 about duplication of the spec and I still can not get this to work. I'm completely stumped now what I have done wrong here. I think I really need you or someone else to send me a diff or PR on what to change because I think this is beyond my ability :( |
Firstyear
force-pushed
the
20231018-add-key-duplication-example
branch
from
2d859d9 to
1188c6d
Compare
|
@ionut-arm @wiktor-k @Superhepper Okay, after lots of help from all of you this example now works! Thank you all so much! I have rebased to main, squashed and signed off. I have also updated the duplication example to be "with_encrypted_duplication(true)" and for bonus, I added a second example which is duplication using inner wrappers only showing how to duplicate against TPM2_RH_NULL. |
Firstyear
force-pushed
the
20231018-add-key-duplication-example
branch
from
1188c6d to
f4b2b41
Compare
This adds two examples demonstrating encrypted duplication and secret (inner) wrapper duplication only. As usual these examples are well commented and tested. They wouldn't have been possible without a lot of help from the community ❤️ Signed-off-by: William Brown <william.brown@suse.com>
Firstyear
force-pushed
the
20231018-add-key-duplication-example
branch
from
f4b2b41 to
1ed2ded
Compare
This adds an example of duplication.
As usual - it's broken. I can't seem to work out why, and I was literally copy-pasting as much as possible from this projects own test cases. So any assistance to get this sorted out and over the line would be great.