Cannot Import AES 256 Key #3421
Comments
|
From the man page of tpm2_import: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
I need to import an 256 AES key. but I am starting to think my TPM does not support this key length?
I read that the parent key must be bigger than the imported key. so I am running this:
tpm2_createptimary -C o -g sha256 -G aes256cfb -c primary.ctx
but then i get this error:
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000002c4)
ERROR: Esys_CreatePrimary(0x2C4) - tpm:parameter(2):value is out of range or is not correct for the context
ERROR: Unable to run tpm2_createprimary
If i simply run this it works:
tpm2_createprimary -G aes -C o -c parent.ctx -P 246
but when i run this it fails (aes.key is 256 bits)
tpm2_import -C parent.ctx -G aes -i aes.key -u key.pub -r key.priv
i get this error:
ERROR: Cannot handle algorithm, got: symcipher
ERROR: Failed Seed Encryption
I've tried different combinations with the -G option -- such as rsa2048:null:aes128cfb. but all of them fail.
here is the output to getcap algorithms on my hardware:
rsa:
value: 0x1
asymmetric: 1
symmetric: 0
hash: 0
object: 1
reserved: 0x0
signing: 0
encrypting: 0
method: 0
sha1:
value: 0x4
asymmetric: 0
symmetric: 0
hash: 1
object: 0
reserved: 0x0
signing: 0
encrypting: 0
method: 0
hmac:
value: 0x5
asymmetric: 0
symmetric: 0
hash: 1
object: 0
reserved: 0x0
signing: 1
encrypting: 0
method: 0
aes:
value: 0x6
asymmetric: 0
symmetric: 1
hash: 0
object: 0
reserved: 0x0
signing: 0
encrypting: 0
method: 0
keyedhash:
value: 0x8
asymmetric: 0
symmetric: 0
hash: 1
object: 1
reserved: 0x0
signing: 1
encrypting: 1
method: 0
xor:
value: 0xA
asymmetric: 0
symmetric: 1
hash: 1
object: 0
reserved: 0x0
signing: 0
encrypting: 0
method: 0
sha256:
value: 0xB
asymmetric: 0
symmetric: 0
hash: 1
object: 0
reserved: 0x0
signing: 0
encrypting: 0
method: 0
rsassa:
value: 0x14
asymmetric: 1
symmetric: 0
hash: 0
object: 0
reserved: 0x0
signing: 1
encrypting: 0
method: 0
rsaes:
value: 0x15
asymmetric: 1
symmetric: 0
hash: 0
object: 0
reserved: 0x0
signing: 0
encrypting: 1
method: 0
rsapss:
value: 0x16
asymmetric: 1
symmetric: 0
hash: 0
object: 0
reserved: 0x0
signing: 1
encrypting: 0
method: 0
oaep:
value: 0x17
asymmetric: 1
symmetric: 0
hash: 0
object: 0
reserved: 0x0
signing: 0
encrypting: 1
method: 0
ecdsa:
value: 0x18
asymmetric: 1
symmetric: 0
hash: 0
object: 0
reserved: 0x0
signing: 1
encrypting: 0
method: 1
ecdh:
value: 0x19
asymmetric: 1
symmetric: 0
hash: 0
object: 0
reserved: 0x0
signing: 0
encrypting: 0
method: 1
ecdaa:
value: 0x1A
asymmetric: 1
symmetric: 0
hash: 0
object: 0
reserved: 0x0
signing: 1
encrypting: 0
method: 0
kdf1_sp800_56a:
value: 0x20
asymmetric: 0
symmetric: 0
hash: 1
object: 0
reserved: 0x0
signing: 0
encrypting: 0
method: 1
kdf1_sp800_108:
value: 0x22
asymmetric: 0
symmetric: 0
hash: 1
object: 0
reserved: 0x0
signing: 0
encrypting: 0
method: 1
ecc:
value: 0x23
asymmetric: 1
symmetric: 0
hash: 0
object: 1
reserved: 0x0
signing: 0
encrypting: 0
method: 0
symcipher:
value: 0x25
asymmetric: 0
symmetric: 0
hash: 0
object: 1
reserved: 0x0
signing: 0
encrypting: 0
method: 0
cfb:
value: 0x43
asymmetric: 0
symmetric: 1
hash: 0
object: 0
reserved: 0x0
signing: 0
encrypting: 1
method: 0
This is what the get_cap properties-fixed says about sym size:
TPM2_PT_CONTEXT_SYM_SIZE:
raw: 0x80
does this mean my TPM cannot import an AES 256 bit key?
The text was updated successfully, but these errors were encountered: