[SOLVED] tpm2_import is modifying the keyid of my private key.

avertyr · 05-19-2022, 04:22 AM

I did a tmp_clear before the commands on my last msg

ecdsa · 05-19-2022, 05:09 AM

Quote:

Originally Posted by avertyr

scheme:
value: null
raw: 0x10
scheme-halg:
value: null
raw: 0x10

I assume these should have values for it to work. Did you try passing rsa2048:rsassa-sha256 to tpm2_createprimary? It's also possible that attributes have to be passed to the latter (e.g. -a 'restricted|sign|fixedtpm|fixedparent|sensitivedataorigin|userwithauth', which uses sign instead of the default decrypt to mark the key as signature key).

avertyr · 05-19-2022, 07:02 AM

Ecdsa,

i try the same parameters with tpm2_create :

>> tpm2_create -G rsa:rsassa-sha256 -g sha256 -C parent.ctx -u import_rsa_key.pub -r import_rsa_key.priv
>> tpm2_load -C parent.ctx -u import_rsa_key.pub -r import_rsa_key.priv -c key.ctx
>> tpm2_evictcontrol -C o -c key.ctx 0x81000002

>> pki --print --type priv --keyid 0x81000002

TPM 2.0 via TSS2 v2 available
signature algorithm is RSASSA with SHA256 hash
privkey: RSA 2048 bits
keyid: 68:b7:ed:45:ca:e3:58:a1:6c:ca:7b:6b:b7:f7:53:a7:40:63:2c:8e
subjkey: a2:cf:da:fa:db:02:1c:b0:cf:79:db:43:78:c2:49:7c:cd:d8:6a:ef

Generate a key with a signature algorithm

But it seems that with tpm2_import that doesn't work

Could it be a tpm2_import bug ?

avertyr · 05-19-2022, 08:05 AM

Ecdsa,

i use the command :

>> tpm2_createprimary -Q -G rsa2048:rsassa-sha256 -g sha256 -C o -c parent.ctx

--> WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000002c2)
ERROR: Esys_CreatePrimary(0x2C2) - tpm

arameter(2):inconsistent attributes
ERROR: Unable to run tpm2_createprimary

then :
>> tpm2_createprimary -Q -G rsa2048 -g sha256 -C o -c parent.ctx
>> tpm2_import -G rsa2048:rsassa-sha256 -i ${PRIVATE_PEM} -C parent.ctx -u import_rsa_key.pub -r import_rsa_key.priv -a 'restricted|sign|fixedtpm|fixedparent|sensitivedataorigin|userwithauth'

-->

WARNING:esys:src/tss2-esys/api/Esys_Import.c:323:Esys_Import_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Import.c:110:Esys_Import() Esys Finish ErrorCode (0x000002c2)
ERROR: Esys_HMAC(0x2C2) - tpm

arameter(2):inconsistent attributes
ERROR: Unable to run tpm2_import

avertyr · 05-23-2022, 02:23 AM

It is a tpm2_import bug.

Have a look at this thread :

https://lists.01.org/hyperkitty/list...H2XS3UBJ7CPXP/