search

tpm2-software / tpm2-tss-engine

OpenSSL Engine for TPM2 devices
https://tpm2-software.github.io
BSD 3-Clause "New" or "Revised" License
149 stars 99 forks source link

RSA decryption not working under owner authorization #158

Closed dswalla closed 4 years ago

dswalla commented 4 years ago

I've adjusted the rsadecrypt.sh test to use owner authorization instead of setting a password on the key.

The encryption works but when it comes to decryption, an error is thrown as seen below:

+ echo -n abcde12345abcde12345
+ tpm2tss-genkey -a rsa -s 2048 -o test mykey
Initializing
Setting owner auth to password.
Generating RSA key for 2048 bits keysize.
Establishing connection with TPM.
Creating primary key under owner.
Generating the RSA key inside the TPM.
Generated the RSA key inside the TPM.
+ echo test
+ openssl rsa -engine tpm2tss -inform engine -in mykey -pubout -outform pem -out mykey.pub -passin stdin
Initializing
engine "tpm2tss" set.
Loading private key mykey
Loaded key uses alg-id 1
Creating RSA key object.
Created RSA key object.
TPM2 Key loaded
writing RSA key
+ openssl pkeyutl -pubin -inkey mykey.pub -encrypt -in mydata -out mycipher
+ rm mydata
+ echo test
+ openssl pkeyutl -engine tpm2tss -keyform engine -inkey mykey -decrypt -in mycipher -out mydata -passin stdin
Initializing
engine "tpm2tss" set.
Loading private key mykey
Loaded key uses alg-id 1
Creating RSA key object.
Created RSA key object.
TPM2 Key loaded
rsa_priv_dec called for scheme 1 and input data(size=256):
a1c6d905acc90de582d17c28f7a0b6b8e0889c2d8c632a7faebfb8a29bff740752c721d31ae56844b20ec2d4b4edc45da516bfa35647c183004f225920aa3d3c063c80c0658c58fe95bac75de6c846a9048189d800ae45cd732b44ed09f3341a9b8a27321513099bcda9e57ba210ac4e35e807db6b5d56649298c557cf2f7b1c18a1fb4fa6da1f6ae47c3e9307155081f8a0ba606729b4bb950b67d5a536c02c918897fee43400877cc61095cab63d8ba2a5ad17673e34f90ef87556309d48b54cde6de29edffa4e59df37047d922dae3aa0fa0456ef32fab59300272b5555f8af948f9a5bd51eb19ab28cf5609bb66a4062e3b609a2883217b5606edf1e6472
Establishing connection with TPM.
Creating primary key under owner.
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:389:Esys_CreatePrimary_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2) 
++ cat mydata
+ test x = xabcde12345abcde12345

I've also attached my adjusted file. rsadecrypt.txt

AndreasFuchsTPM commented 4 years ago

You have to set the owner auth via an openssl.cnf file. See here for an example: https://github.com/tpm2-software/tpm2-tss-engine/blob/master/openssl.conf.sample#L15

dswalla commented 4 years ago

Perfect, thank you!