From 1b5c15a992783b35ca05d747fbeee7f467691d45 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Fri, 17 Jul 2020 10:42:04 +0200 Subject: [PATCH] Use AES128 to be compatible with hardware TPMs My hardware TPM only supports AES128, so let's use that for now to be more compatible. The tpm_sym_def function does take a mutable ctx borrow, so that in the future it can automatically detect the best supported symdef. Signed-off-by: Patrick Uiterwijk --- src/main.rs | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index e68a46d..2e0eac4 100644 --- a/src/main.rs +++ b/src/main.rs @@ -68,6 +68,14 @@ where .and_then(|string| base64::decode(&string).map_err(serde::de::Error::custom)) } +fn tpm_sym_def(_ctx: &mut tss_esapi::Context) -> Result { + Ok(tss_esapi::tss2_esys::TPMT_SYM_DEF { + algorithm: tss_esapi::constants::TPM2_ALG_AES, + keyBits: tss_esapi::tss2_esys::TPMU_SYM_KEY_BITS { aes: 128 }, + mode: tss_esapi::tss2_esys::TPMU_SYM_MODE { aes: tss_esapi::constants::TPM2_ALG_CFB }, + }) +} + #[derive(Debug)] enum PinError { Text(&'static str), @@ -180,12 +188,14 @@ fn create_and_set_tpm2_session( ctx: &mut tss_esapi::Context, session_type: tss_esapi::tss2_esys::TPM2_SE, ) -> Result { + let symdef = tpm_sym_def(ctx)?; + let session = ctx.start_auth_session( ESYS_TR_NONE, ESYS_TR_NONE, &[], session_type, - utils::TpmtSymDefBuilder::aes_256_cfb(), + symdef, tss_esapi::constants::TPM2_ALG_SHA256, )?; let session_attr = utils::TpmaSessionBuilder::new() @@ -214,12 +224,14 @@ impl TPMPolicyStep { tss_esapi::constants::TPM2_SE_POLICY }; + let symdef = tpm_sym_def(ctx)?; + let session = ctx.start_auth_session( ESYS_TR_NONE, ESYS_TR_NONE, &[], pol_type, - utils::TpmtSymDefBuilder::aes_256_cfb(), + symdef, tss_esapi::constants::TPM2_ALG_SHA256, )?; let session_attr = utils::TpmaSessionBuilder::new()