Added option to create TPM keys with OAEP scheme for SSH protocol

[tomoveu]

@dgarske please take a look at this addition

OAEP with SHA1 is used by SSH and supported by TPM 2.0 (as it was by TPM 1.2 too)

For some reason, the TPM does not like the Key attributes. I tried with and without fixedTPM.

Note: the new helper Template_SSH sets SHA256 for TPM key Name computation and SHA1 for the signature scheme.

Failure 0x2c2: TPM_RC_ATTRIBUTES: Inconsistent attributes

Signed-off-by: Dimitar Tomov dimi@wolfssl.com

[tomoveu]

I think I found the source of the issue, but have to verify

TPM 2 spec, Part 1 , page 230

B.4 RSAES_OAEP This encryption scheme is defined in IETF RFC 3447. It is the only scheme used with an RSA-restricted decryption key. The algorithm identifier for this scheme is TPM_ALG_OAEP.

[tomoveu]

Ready for review @dgarske

1. Spec is right - OAEP key can be only decrypt , not signing
2. TPMA_OBJECT_SENSITIVE_ORIGIN was missing too

fixed and working.

dimitartomov@Dimitars-MacBook-Pro wolfTPM % ./examples/keygen/keygen -ssh
TPM2.0 Key generation example
    Key Blob: keyblob.bin
    Algorithm: RSA
...
SSH template for RSA key
Creating new RSA key...
TPM2_Create key: pub 280, priv 222
Public Area (size 280):
  Type: RSA (0x1), name: SHA256 (0xB), objAttr: 0x20472, authPolicy sz: 0
  RSA: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
       scheme: OAEP (0x17), scheme hash: SHA1 (0x4)
       keyBits: 2048, exponent: 0x0, unique size 256
Created new key (pub 280, priv 222 bytes)
Wrote 508 bytes to keyblob.bin
dimitartomov@Dimitars-MacBook-Pro wolfTPM % 

[tomoveu]

@dgarske please hold on merging until i confirm SSH works with these keys

There is something about the padding and singing with TPM OAEP key that I am figuring out on TPM.dev

[dgarske]

Closing to open new PR.