我正在编写一个需要生成RSA签名密钥的程序,该程序仅在某些PCR处于特定状态时才可用。但是,我根本无法让TPM强制执行该策略-密钥的行为就像没有策略一样。我正在使用Microsoft的TPM.MSR库。
我计算出的政策如下(基于示例程序):
var pcrs = new uint[] { 1, 2, 3 };
var sel = new PcrSelection(TpmAlgId.Sha, pcrs);
PcrSelection[] selOut;
Tpm2bDigest[] pcrValues;
tpm.PcrRead(new[] { sel }, out selOut, out pcrValues);
//
// Save the current PCR values in a convenient data structure
//
var expectedPcrVals = new PcrValueCollection(selOut, pcrValues);
//
// TSS.Net encapsulates a set of policy assertions as the PolicyTree class.
//
var policy = new PolicyTree(TpmAlgId.Sha256);
//
// Set the policy: Locality AND PolicyPcr. This form of CreatePOlicy
// only creates a single chain. Note that all well-formed policy chains
// must have leaf identifiers. Leaf identifiers are just strings that
// are unique in a policy so that the framework can be told what
// chain to evaluate.
//
policy.Create(
new PolicyAce[]
{
new TpmPolicyPcr(expectedPcrVals),
"leaf"
}
);
//
// Ask TSS.Net for the expected policy-hash for this policy
//
TpmHash expectedPolicyHash = policy.GetPolicyDigest();
接下来,我使用公共密钥模板生成签名密钥,并在其中放入预期的策略哈希:
signKeyTemplate = TpmPublic(TpmAlgId.Sha256,
ObjectAttr.UserWithAuth | ObjectAttr.Sign | ObjectAttr.NoDA |
ObjectAttr.FixedParent | ObjectAttr.FixedTPM |
ObjectAttr.SensitiveDataOrigin,
expectedPolicyHash,
new RsaParms(new SymDefObject(),
new SchemeRsassa(TpmAlgId.Sha256), 2048, 0),
new Tpm2bPublicKeyRsa());
最后我使用以下命令生成密钥:
TpmPrivate signKeyPrivate = client.tpm[srkKeyAuth].Create(srkKeyHandle,
new SensitiveCreate(skd.signKeyAuth, null),
signKeyTemplate,
null,
new PcrSelection[0],
out signKeyPublic,
out signCreationData, out signCreationHash, out signCreationTicket);
所以我的期望是,因为我在上面的模板中指定了授权策略,所以只能在策略会话中完全使用密钥(用于签名等)。但这似乎并非如此。我可以在不使用策略会话的情况下立即使用密钥。同样,更改PCR值(上述pcrValues中具有可观察到的更改)也不会阻止使用该键。我是否以错误的方式构造了策略,或者由于看似未执行策略而以错误的方式创建了密钥?还是TPM错误?