Closed tomoveu closed 2 years ago
I think I found the source of the issue, but have to verify
TPM 2 spec, Part 1 , page 230
B.4 RSAES_OAEP This encryption scheme is defined in IETF RFC 3447. It is the only scheme used with an RSA-restricted decryption key. The algorithm identifier for this scheme is TPM_ALG_OAEP.
Ready for review @dgarske
fixed and working.
dimitartomov@Dimitars-MacBook-Pro wolfTPM % ./examples/keygen/keygen -ssh
TPM2.0 Key generation example
Key Blob: keyblob.bin
Algorithm: RSA
...
SSH template for RSA key
Creating new RSA key...
TPM2_Create key: pub 280, priv 222
Public Area (size 280):
Type: RSA (0x1), name: SHA256 (0xB), objAttr: 0x20472, authPolicy sz: 0
RSA: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
scheme: OAEP (0x17), scheme hash: SHA1 (0x4)
keyBits: 2048, exponent: 0x0, unique size 256
Created new key (pub 280, priv 222 bytes)
Wrote 508 bytes to keyblob.bin
dimitartomov@Dimitars-MacBook-Pro wolfTPM %
@dgarske please hold on merging until i confirm SSH works with these keys
There is something about the padding and singing with TPM OAEP key that I am figuring out on TPM.dev
Closing to open new PR.
@dgarske please take a look at this addition
OAEP with SHA1 is used by SSH and supported by TPM 2.0 (as it was by TPM 1.2 too)
For some reason, the TPM does not like the Key attributes. I tried with and without fixedTPM.
Note: the new helper Template_SSH sets SHA256 for TPM key Name computation and SHA1 for the signature scheme.
Signed-off-by: Dimitar Tomov dimi@wolfssl.com