gocryptographyhandletpmkey-pair

How to find a free TPM handle for saving a new key pair object?


I am new to TPM and currently working on a project that involves generating and storing serveral key pairs using tpm. I would like to know how to find an available TPM handle that can be used to save a new key pair object. I have searched for information on this topic but haven't found a clear answer.Here are some specific questions I have:

  1. How can I programmatically determine if a TPM handle points to an empty area and is free to be used for saving a new key pair object?

  2. Are there any specific functions or methods in the Go-TPM package that can help me with this task?

  3. Are there any considerations or best practices I should be aware of when selecting a TPM handle for storing key pairs?

I would greatly appreciate any guidance, code examples, or references to relevant documentation that can help me understand how to find an available TPM handle for saving a new key pair object in tpm.Thank you in advance for your assistance.

Here is what I have tried:

  1. Manually creating key pairs using specific handles like 0x81010001 or 0x81010002.

  2. Attempting to save the key pairs in TPM persistent memory.


Solution

  • I don't know the Go TPM library, but from a low level point of view you can use the TPM2_GetCapability command using TPM_CAP_HANDLES (0x00000001) as capability parameter, 0x81000000 as property parameter and for example 32 as propertyCount parameter.

    This will return a list of allocated handles in the handle range for persistent objects, choose an index that is not in the list and is in the range 0x81000000 - 0x817FFFFF.