Hi ZLam,

Thanks for your questions. Can you tell me where you are located and more about your project?

The TPM has endorsements key(s) and certificate(s) provisioned by the manufacture. See: https://trustedcomputinggroup.org/resou … ished-pdf/

It varies by manufacture, but it is typically ECC and RSA. There is a place in NV to get the signed certificate elements. We support using the endorsement key for a few things in wolfTPM: https://github.com/wolfSSL/wolfTPM/blob … edential.c

We will soon be adding support for extracting the EK certificate(s) as well.

You can see some of the EK certificate support in the IBM TSS stack here: https://github.com/kgoldman/ibmtss/blob … /ekutils.c

Thanks,
David Garske, wolfSSL

Hi,

Would you mind trying with the latest wolfTPM v3.1.0 cube pack?
https://www.wolfssl.com/files/ide/wolfS … 3.1.0.pack

Thanks,
David Garske, wolfSSL

28

(16 replies, posted in wolfTPM)

Hi Grace,

The issue is your `wolfTPM2_CreateSRK` was modified to not pass in the auth, however you set it on the handle, so it tries to use it later even though the SRK doesn't have one.

The fix required is in your getPrimaryStoragekey to either pass the auth in on wolfTPM2_CreateSRK or don't set it later in the function `pStorageKey->handle.auth`.

The next issue is:

Crypto CB: PK ECDSA-Sign (4)
Error: Handle Number 1
TPM2_Sign failed 412: TPM_RC_KEY: Key fields are not compatible with the selected use
wolfTPM2_CryptoDevCb failed rc = 412
wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use

Caused by this check in the TPM:

if(!IsSigningObject(signObject))
    return TPM_RCS_KEY + RC_Sign_keyHandle;

The fix for that issue is in your importECKey function where you setup the `attributes`. Replace `TPMA_OBJECT_decrypt` with `TPMA_OBJECT_sign`.

The next issue is:

Error: Parameter Number 3
TPM2_Sign failed 992: TPM_RC_TICKET: Invalid ticket
wolfTPM2_CryptoDevCb failed rc = 992
wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use

You cannot use `TPMA_OBJECT_restricted` for an externally imported key.

Then wolfTPM2_CSR_MakeAndSign_ex is returning the size of the resulting DER and you assume rc == 0 on success. Replace your main.c like 864 `if (rc != TPM_RC_SUCCESS) {` with `if (rc < 0) {`.

Now the code works.

Thanks,
David Garske, wolfSSL

29

(16 replies, posted in wolfTPM)

Hi Grace,

I was able to reproduce and find one of the issues. Your crypto callback context does not have tlsCtx->eccKey set, so it is NULL and the ECC sign doesn't known which TPM key to use.

Patch:
Move `tpmCtx.eccKey = &key;` below the `XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));` in `generate_CERT`.

Also one bug:
-        rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_ECC);
+        rc = getPrimaryStoragekey(dev, &storage, TPM_ALG_ECC);

However it still fails with various auth errors.

I see you are importing an external private key, but then also calling `getECCkey` which ends up trying to create a new key.
The imported key will output to your device_key.bin. There is another bug with using this. I'm still tracking it down in your code.

Thanks,
David Garske, wolfSSL

30

(16 replies, posted in wolfTPM)

Hi Grace,

Please share me your full source code (you can email it to me). I will try to reproduce and debug.

Note: I usually use a TPM simulator like https://github.com/kgoldman/ibmswtpm2 and wolfTPM's --enable-swtpm option to debug locally on my PC. Its the best way to make sure you code works before deploying on hardware.

Thanks,
David Garske, wolfSSL

31

(16 replies, posted in wolfTPM)

Hi Grace,

Looks like both the wolfCryptTest and wrap_test are passing. The error is not on the get_random, that worked fine. It is something after that. Can you please run your generate_CERT with wolfSSL debugging enabled? Call `wolfSSL_Debugging_ON();` from wolfssl/wolfcrypt/logging.h. This should provide helpful details as to why it's failing. Are you able to use GDB and step into the failing code in the crypto callback? I suspect the real error is being overwritten with the bad function arg.

Thanks,
David Garske, wolfSSL

32

(16 replies, posted in wolfTPM)

Hi Grace,

I will send you an email directly.

Thanks,
David Garske, wolfSSL

33

(16 replies, posted in wolfTPM)

Hi Grace,

Can you run the wolfcrypt/test/testwolfcrypt on the target? This will confirm your algorithms are working.
Can you run the example/wrap/wrap_test run correctly? I'd like to see the GetCapabilities report and see if it passes the RNG test.
If you are using the --enable-devtpm option it uses /dev/tpm0 and the --enable-advio and --enable-i2c options won't apply, but it should not cause issues.
Why are you using `--enable-asynccrypt`? This requires the files from wolfAsyncCrypt repo and is not common.
Is there a reason you have all crypto and all openssl compatibility on?

Thanks,
David Garske, wolfSSL

34

(16 replies, posted in wolfTPM)

Hi Grace,

The error is `BAD_FUNC_ARG = -173,  /* Bad function argument provided */`
The command before the failure is `TPM_CC_GetRandom = 0x0000017B,`

Can you share me the build options you are using for both wolfSSL and wolfTPM?
Which TPM simulator are you using? Guessing ibmswtpm... have you tried removing the NVChip file to reset the NV?

Thanks,
David Garske, wolfSSL

Hi,

Looks like an issue with the EncryptDecrypt function due to auth. I will try to reproduce and fix. Note this is not likely a feature you will use and the rest of the tests look good. Using symetric AES on the TPM is uncommon because it is slow.

Also I recently added the CFB to the Cube template. See https://github.com/wolfSSL/wolfssl/pull/7171

Can you tell me more about your use case? If you’d like to keep it private you can email support at wolfssl dot com.
Thanks,
David Garske, wolfSSL

Hi,

You will need to manually add WOLFSSL_AES_CFB to the generated conf file wolfSSL.I-CUBE-wolfSSL_conf.h.

We will consider adding a checkbox for CFB in the cube pack configurator.

Thanks,
David Garske, wolfSSL

37

(16 replies, posted in wolfTPM)

Hi Grace,

Can you enable the DEBUG_WOLFTPM and WOLFTPM_DEBUG_VERBOSE (or --enable-debug=verbose) options and provide logs? I suspect it will help guide what the error is. Oh and you should also enable the wolfSSL debugging using --enable-debug or DEBUG_WOLFSSL.

I suspect there is a missing build option for wolfSSL or you haven't properly set the crypto callback TpmCryptoDevCtx .rsaKey or .eccKey.

Thanks,
David Garske, wolfSSL

38

(11 replies, posted in wolfCrypt)

Hi Alessandro,

That error typically means you have not allocated enough stack space to the task.

Can you share how you are building wolfSSL? We have a few different math library options with different memory use.

If you want to reduce stack use try with WOLFSSL_SMALL_STACK set.

Thanks,
David Garske, wolfSSL

39

(11 replies, posted in wolfCrypt)

Hi Alessandro,

The RsaKey can be either a public only or private key. Depending on that you can do either a public only operation or public and private. The public modulus and exponent must be known. You would use the wc_RsaPublicKeyDecodeRaw API to import those. Example: https://github.com/wolfSSL/wolfTPM/blob … 0-L3092C34

Thanks,
David Garske, wolfSSL

40

(11 replies, posted in wolfCrypt)

Hi Alessandro,

Your input is 30 byes, which is not padded. Direct requires the input to match the key size (256 bytes).

If your input really is 30 bytes you need to apply a padding. There are a few standards like PKCSv15, PSS and OAEP.

Can you describe more about your use-case? This will help me recommend the right solution.

Thanks,
David Garske, wolfSSL

41

(11 replies, posted in wolfCrypt)

Hi Alessandro,

I assume your key size is 2048-bit. The RsaPublicEncrypt uses PKCSV15, so the max input is not the key size. To public encrypt an already padded 256-byte you would want to use `wc_RsaDirect`.

/* Function that does the RSA operation directly with no padding.
 *
 * in       buffer to do operation on
 * inLen    length of input buffer
 * out      buffer to hold results
 * outSz    gets set to size of result buffer. Should be passed in as length
 *          of out buffer. If the pointer "out" is null then outSz gets set to
 *          the expected buffer size needed and LENGTH_ONLY_E gets returned.
 * key      RSA key to use for encrypt/decrypt
 * type     if using private or public key {RSA_PUBLIC_ENCRYPT,
 *          RSA_PUBLIC_DECRYPT, RSA_PRIVATE_ENCRYPT, RSA_PRIVATE_DECRYPT}
 * rng      wolfSSL RNG to use if needed
 *
 * returns size of result on success
 */
int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
        RsaKey* key, int type, WC_RNG* rng);

Thanks,
David Garske, wolfSSL

42

(16 replies, posted in wolfTPM)

Hi Grace,

What are you comparing to confirm the key? I would suggest using the public portion of the key to confirm its valid/matching.

If you need to import with a custom see that is supported, see https://github.com/wolfSSL/wolfTPM/blob … l_import.c

Can you share more about your project? Feel free to email support at wolfssl dot com directly if you'd like to take the conversation private.

Thanks,
David Garske, wolfSSL

43

(3 replies, posted in wolfSSL)

Hi Febin,

That is a generated file. Have you followed the instructions here?
https://github.com/wolfSSL/wolfssl/tree/master/tirtos
https://www.wolfssl.com/documentation/U … I-RTOS.pdf

I recently did build TI-RTOS for a project successfully, but it was difficult getting the packages setup.

I also recently pushed some fixes for the TM4C here: https://github.com/wolfSSL/wolfssl/pull/7018
Those are in the latest v5.6.6 release.

Thanks,
David Garske, wolfSSL

44

(3 replies, posted in wolfTPM)

Hi Resarf,

Not sure it will help, but there are some Raspberry Pi Pico examples the Japan team put together here: https://github.com/wolfssl-jp/RPi-pico-w

Seems like it would be easy to adapt building wolfTPM on there. I do have a Pi RP2040 and would be happy to help you through getting wolfTPM working on it.

Thanks,
David Garske, wolfSSL

Hi Ethan and John,

Its difficult getting the environment setup. Would one of you mind sharing a CCS project with me?

I've got wolfSSL building using the instructions at https://www.wolfssl.com/documentation/U … -RTOS.pdf, but having trouble importing the TLS echo example. I may just end up creating a simple wolfCrypt_test project from scratch.

So far I've pushed my cleanups to: https://github.com/dgarske/wolfssl/tree/ti_aes , however no real fixes in AES GCM yet.

Feel free to email support at wolfssl dot come directly with any examples and reference this forum link.

Thanks,
David Garske, wolfSSL

Hi Ethan and John,

Thank you both for the report of the TM4C issues with AES GCM. I've got a TM4C129XL board here and will see if I can reproduce and fix. Hopefully this board has the AES GCM feature (enabled with `WOLFSSL_TI_CRYPT`).

It sounds like the ti-aes.c isn't properly handling the IV.

Thanks,
David Garske, wolfSSL

47

(3 replies, posted in wolfCrypt)

Hi RCuller,

The input password will need to be padded to block size before being encrypted. The block should still decrypt properly even if you use a larger size. If you can explain how the encryption works it will help us guide you. Hopefully the example will provide some clues.

If you'd like to take this to a private channel you can email support at wolfssl dot com and we'll provide free pre-sales support.

Thanks,
David Garske, wolfSSL

48

(3 replies, posted in wolfCrypt)

Hi RCuller,

Your example looks valid. The key size passed in sizeof(key) is 32 so it will use AES 256-bit. The AES CBC requires the input to be block aligned at 16 bytes. Is there a reason you are using 1024 bytes? I assume your encrypt routine looks similar and takes in a null terminated string and also uses 1024 bytes?

We have a good AES CBC file encryption example here:
https://github.com/wolfSSL/wolfssl-exam … -encrypt.c

Another thing to coding is making sure you include wolfssl/options.h above the other wolfSSL header includes. See FAQ 1: https://www.wolfssl.com/docs/frequently … r_wolfSSL?

Thanks,
David Garske, wolfSSL

Hi mnzdbz,

Because you are using WOLFSSL_SMALL_STACK it uses heap instead. If you remove the small stack option it will use stack and not heap.

Which mode of AES? There are AES tables as you found. Not using the tables slows down the operation because it must compute values. Are you building the .c code with optimizations enabled like "-Os" or "-O2"? Those make a big different.

Besides WOLFSSL_AES_SMALL_TABLES you can also play with WOLFSSL_AES_NO_UNROLL to see how that impacts performance and code size.

Thanks,
David Garske, wolfSSL

Hi Richeal C,

This is a Nuvoton NPCT750 TPM2.0. Check wait state is required.

Here is what the working output for TPM2_GetCapability should look like:

Command: 22
    80 01 00 00 00 16 00 00 01 7a 00 00 00 06 00 00 | .........z......
    01 05 00 00 00 08                               | ......
Response: 83
    80 01 00 00 00 53 00 00 00 00 01 00 00 00 06 00 | .....S..........
    00 00 08 00 00 01 05 4e 54 43 00 00 00 01 06 4e | .......NTC.....N
    50 43 54 00 00 01 07 37 35 78 00 00 00 01 08 22 | PCT....75x....."
    21 21 34 00 00 01 09 72 6c 73 00 00 00 01 0a 00 | !!4....rls......
    00 00 00 00 00 01 0b 00 07 00 02 00 00 01 0c 00 | ................
    02 00 00                                        | ...
Command: 22
    80 01 00 00 00 16 00 00 01 7a 00 00 00 06 00 00 | .........z......
    01 2d 00 00 00 01                               | .-....
Response: 27
    80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 | ................
    00 00 01 00 00 01 2d 00 00 00 01                | ......-....
Mfg NTC (4), Vendor NPCT75x"!!4rls, Fw 7.2 (131072), FIPS 140-2 1, CC-EAL4 0

The first command is TPM2_GetCapability with TPM_PT_MANUFACTURER.
The second command is TPM2_GetCapability with TPM_PT_MODES.

Can you try this patch and see how much further you can get?

diff --git a/src/tpm2.c b/src/tpm2.c
index 4c04770..c502e35 100644
--- a/src/tpm2.c
+++ b/src/tpm2.c
@@ -891,7 +891,6 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
                     printf("Unknown capability type 0x%x\n",
                         (unsigned int)out->capabilityData.capability);
             #endif
-                    rc = -1;
                     break;
             }
         }

Thanks,
David Garske, wolfSSL