tpm2-tss
tpm2-tss copied to clipboard
tpm2-software
How can I use Esys_import to import a symmetric key?
How can I use Esys_import to import a 128 bit SM4 key? I successfully imported it using tpm2 tools: tpm2_import -C parent.ctx -G sm4 -i sm4.key -u key.pub -r key.priv -g sm3_256 , but when using Esys_import, tpm: parameter (1): structure is the wrong size.How should I calculate the TPM2B-PUBLIC.size?
here are my codes ,kdf_out is the key
TPM2B_PUBLIC inPublic = { .publicArea = { .type = TPM2_ALG_SYMCIPHER, .nameAlg = TPM2_ALG_SM3_256, .objectAttributes = (TPMA_OBJECT_USERWITHAUTH | TPMA_OBJECT_DECRYPT | TPMA_OBJECT_SIGN_ENCRYPT), .authPolicy = { .size = 0, }, .parameters.eccDetail = { .symmetric = { .algorithm = TPM2_ALG_SM4, .keyBits.sm4 = 128, .mode.sm4 = TPM2_ALG_CFB, }, .scheme = { .scheme = TPM2_ALG_NULL, .details.anySig.hashAlg = 0, }, .curveID = TPM2_ECC_NONE, .kdf = {.scheme = TPM2_ALG_NULL, .details.kdf2.hashAlg = 0, } }, .unique.ecc = { .x = {.size = 0,.buffer = {}}, .y = {.size = 0,.buffer = {}} } , } }; inPublic.publicArea.unique.sym.size = 16; memcpy(inPublic.publicArea.unique.sym.buffer, kdf_out, 16); TPM2B_PRIVATE *outPrivate = NULL; TPM2B_DATA *encryptionKeyOut = NULL; TPM2B_PRIVATE *duplicate = NULL; TPM2B_ENCRYPTED_SECRET *outSymSeed = NULL; TPMT_SYM_DEF_OBJECT symmetric = {.algorithm = TPM2_ALG_SM4, .keyBits = {.sm4 = 128}, .mode = {.sm4 = TPM2_ALG_CFB}}; r = Esys_Import( esys_context, SRK_Handle, ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE, encryptionKeyOut, &inPublic, duplicate, outSymSeed, &symmetric, &outPrivate);
You can set inPublic.size = 0
Why do you use .parameters.eccDetail for type TPM2_ALG_SYMCIPHER?
You should use .parameters.symDetail. E.g. for AES:
.parameters.symDetail = {
.sym = {
.algorithm = TPM2_ALG_AES,
.keyBits = {.aes = 128},
.mode = {.aes = TPM2_ALG_CFB}}
},
.unique.sym = {
.size = 0,
.buffer = {}
}
You can set
inPublic.size = 0Why do you use.parameters.eccDetailfor typeTPM2_ALG_SYMCIPHER? You should use.parameters.symDetail. E.g. for AES:.parameters.symDetail = { .sym = { .algorithm = TPM2_ALG_AES, .keyBits = {.aes = 128}, .mode = {.aes = TPM2_ALG_CFB}} }, .unique.sym = { .size = 0, .buffer = {} }
Thanks for you reply!I need to import a 128bit SM4 key.I read the source code of tpm2_import in tpm-tools.It does a lot of things, such as generating seeds, innerwrap and outerwrap.I want to use esys_import to implement import key.Is there any easy way to do it instead of tpm2_import.
@PunyHunter In https://github.com/tpm2-software/tpm2-tss/pull/2727/commits/bc9186a637ca3c8e68146e1a47aeef7759c0cb29 I did implement importing of ossl keys without using innerwrap and outerwrap. Perhaps looking at this commit might be useful.
@PunyHunter In bc9186a I did implement importing of ossl keys without using innerwrap and outerwrap. Perhaps looking at this commit might be useful.
This key is a string of characters that I need to use to encrypt data after importing it. I want the import to return a handle, and then I will use this handle to call encryption. I hope no files will be generated during this process. I have reviewed some source code in detail, and it seems that using tpm tools is relatively simple. Thank you