26 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Grace,

The issue is your `wolfTPM2_CreateSRK` was modified to not pass in the auth, however you set it on the handle, so it tries to use it later even though the SRK doesn't have one.

The fix required is in your getPrimaryStoragekey to either pass the auth in on wolfTPM2_CreateSRK or don't set it later in the function `pStorageKey->handle.auth`.

The next issue is:

Crypto CB: PK ECDSA-Sign (4)
Error: Handle Number 1
TPM2_Sign failed 412: TPM_RC_KEY: Key fields are not compatible with the selected use
wolfTPM2_CryptoDevCb failed rc = 412
wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use

Caused by this check in the TPM:

if(!IsSigningObject(signObject))
    return TPM_RCS_KEY + RC_Sign_keyHandle;

The fix for that issue is in your importECKey function where you setup the `attributes`. Replace `TPMA_OBJECT_decrypt` with `TPMA_OBJECT_sign`.

The next issue is:

Error: Parameter Number 3
TPM2_Sign failed 992: TPM_RC_TICKET: Invalid ticket
wolfTPM2_CryptoDevCb failed rc = 992
wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use

You cannot use `TPMA_OBJECT_restricted` for an externally imported key.

Then wolfTPM2_CSR_MakeAndSign_ex is returning the size of the resulting DER and you assume rc == 0 on success. Replace your main.c like 864 `if (rc != TPM_RC_SUCCESS) {` with `if (rc < 0) {`.

Now the code works.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

27 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Grace,

I was able to reproduce and find one of the issues. Your crypto callback context does not have tlsCtx->eccKey set, so it is NULL and the ECC sign doesn't known which TPM key to use.

Patch:
Move `tpmCtx.eccKey = &key;` below the `XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));` in `generate_CERT`.

Also one bug:
-        rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_ECC);
+        rc = getPrimaryStoragekey(dev, &storage, TPM_ALG_ECC);

However it still fails with various auth errors.

I see you are importing an external private key, but then also calling `getECCkey` which ends up trying to create a new key.
The imported key will output to your device_key.bin. There is another bug with using this. I'm still tracking it down in your code.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

28 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Grace,

Please share me your full source code (you can email it to me). I will try to reproduce and debug.

Note: I usually use a TPM simulator like https://github.com/kgoldman/ibmswtpm2 and wolfTPM's --enable-swtpm option to debug locally on my PC. Its the best way to make sure you code works before deploying on hardware.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

29 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Grace,

Looks like both the wolfCryptTest and wrap_test are passing. The error is not on the get_random, that worked fine. It is something after that. Can you please run your generate_CERT with wolfSSL debugging enabled? Call `wolfSSL_Debugging_ON();` from wolfssl/wolfcrypt/logging.h. This should provide helpful details as to why it's failing. Are you able to use GDB and step into the failing code in the crypto callback? I suspect the real error is being overwritten with the bad function arg.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

30 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Grace,

I will send you an email directly.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

31 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Grace,

Can you run the wolfcrypt/test/testwolfcrypt on the target? This will confirm your algorithms are working.
Can you run the example/wrap/wrap_test run correctly? I'd like to see the GetCapabilities report and see if it passes the RNG test.
If you are using the --enable-devtpm option it uses /dev/tpm0 and the --enable-advio and --enable-i2c options won't apply, but it should not cause issues.
Why are you using `--enable-asynccrypt`? This requires the files from wolfAsyncCrypt repo and is not common.
Is there a reason you have all crypto and all openssl compatibility on?

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

32 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Grace,

The error is `BAD_FUNC_ARG = -173,  /* Bad function argument provided */`
The command before the failure is `TPM_CC_GetRandom = 0x0000017B,`

Can you share me the build options you are using for both wolfSSL and wolfTPM?
Which TPM simulator are you using? Guessing ibmswtpm... have you tried removing the NVChip file to reset the NV?

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

33 Reply by dgarske

(6 replies, posted in wolfTPM)

Hi,

Looks like an issue with the EncryptDecrypt function due to auth. I will try to reproduce and fix. Note this is not likely a feature you will use and the rest of the tests look good. Using symetric AES on the TPM is uncommon because it is slow.

Also I recently added the CFB to the Cube template. See https://github.com/wolfSSL/wolfssl/pull/7171

Can you tell me more about your use case? If you’d like to keep it private you can email support at wolfssl dot com.
Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

34 Reply by dgarske

(6 replies, posted in wolfTPM)

Hi,

You will need to manually add WOLFSSL_AES_CFB to the generated conf file wolfSSL.I-CUBE-wolfSSL_conf.h.

We will consider adding a checkbox for CFB in the cube pack configurator.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

35 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Grace,

Can you enable the DEBUG_WOLFTPM and WOLFTPM_DEBUG_VERBOSE (or --enable-debug=verbose) options and provide logs? I suspect it will help guide what the error is. Oh and you should also enable the wolfSSL debugging using --enable-debug or DEBUG_WOLFSSL.

I suspect there is a missing build option for wolfSSL or you haven't properly set the crypto callback TpmCryptoDevCtx .rsaKey or .eccKey.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

36 Reply by dgarske

(11 replies, posted in wolfCrypt)

Hi Alessandro,

That error typically means you have not allocated enough stack space to the task.

Can you share how you are building wolfSSL? We have a few different math library options with different memory use.

If you want to reduce stack use try with WOLFSSL_SMALL_STACK set.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

37 Reply by dgarske

(11 replies, posted in wolfCrypt)

Hi Alessandro,

The RsaKey can be either a public only or private key. Depending on that you can do either a public only operation or public and private. The public modulus and exponent must be known. You would use the wc_RsaPublicKeyDecodeRaw API to import those. Example: https://github.com/wolfSSL/wolfTPM/blob … 0-L3092C34

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

38 Reply by dgarske

(11 replies, posted in wolfCrypt)

Hi Alessandro,

Your input is 30 byes, which is not padded. Direct requires the input to match the key size (256 bytes).

If your input really is 30 bytes you need to apply a padding. There are a few standards like PKCSv15, PSS and OAEP.

Can you describe more about your use-case? This will help me recommend the right solution.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

39 Reply by dgarske

(11 replies, posted in wolfCrypt)

Hi Alessandro,

I assume your key size is 2048-bit. The RsaPublicEncrypt uses PKCSV15, so the max input is not the key size. To public encrypt an already padded 256-byte you would want to use `wc_RsaDirect`.

/* Function that does the RSA operation directly with no padding.
 *
 * in       buffer to do operation on
 * inLen    length of input buffer
 * out      buffer to hold results
 * outSz    gets set to size of result buffer. Should be passed in as length
 *          of out buffer. If the pointer "out" is null then outSz gets set to
 *          the expected buffer size needed and LENGTH_ONLY_E gets returned.
 * key      RSA key to use for encrypt/decrypt
 * type     if using private or public key {RSA_PUBLIC_ENCRYPT,
 *          RSA_PUBLIC_DECRYPT, RSA_PRIVATE_ENCRYPT, RSA_PRIVATE_DECRYPT}
 * rng      wolfSSL RNG to use if needed
 *
 * returns size of result on success
 */
int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz,
        RsaKey* key, int type, WC_RNG* rng);

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

40 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Grace,

What are you comparing to confirm the key? I would suggest using the public portion of the key to confirm its valid/matching.

If you need to import with a custom see that is supported, see https://github.com/wolfSSL/wolfTPM/blob … l_import.c

Can you share more about your project? Feel free to email support at wolfssl dot com directly if you'd like to take the conversation private.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

41 Reply by dgarske

(3 replies, posted in wolfSSL)

Hi Febin,

That is a generated file. Have you followed the instructions here?
https://github.com/wolfSSL/wolfssl/tree/master/tirtos
https://www.wolfssl.com/documentation/U … I-RTOS.pdf

I recently did build TI-RTOS for a project successfully, but it was difficult getting the packages setup.

I also recently pushed some fixes for the TM4C here: https://github.com/wolfSSL/wolfssl/pull/7018
Those are in the latest v5.6.6 release.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

42 Reply by dgarske

(3 replies, posted in wolfTPM)

Hi Resarf,

Not sure it will help, but there are some Raspberry Pi Pico examples the Japan team put together here: https://github.com/wolfssl-jp/RPi-pico-w

Seems like it would be easy to adapt building wolfTPM on there. I do have a Pi RP2040 and would be happy to help you through getting wolfTPM working on it.

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

43 Reply by dgarske

(8 replies, posted in wolfSSL)

Hi Ethan and John,

Its difficult getting the environment setup. Would one of you mind sharing a CCS project with me?

I've got wolfSSL building using the instructions at https://www.wolfssl.com/documentation/U … -RTOS.pdf, but having trouble importing the TLS echo example. I may just end up creating a simple wolfCrypt_test project from scratch.

So far I've pushed my cleanups to: https://github.com/dgarske/wolfssl/tree/ti_aes , however no real fixes in AES GCM yet.

Feel free to email support at wolfssl dot come directly with any examples and reference this forum link.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

44 Reply by dgarske

(8 replies, posted in wolfSSL)

Hi Ethan and John,

Thank you both for the report of the TM4C issues with AES GCM. I've got a TM4C129XL board here and will see if I can reproduce and fix. Hopefully this board has the AES GCM feature (enabled with `WOLFSSL_TI_CRYPT`).

It sounds like the ti-aes.c isn't properly handling the IV.

Thanks,
David Garske, wolfSSL

Go to forum: wolfSSL

45 Reply by dgarske

(3 replies, posted in wolfCrypt)

Hi RCuller,

The input password will need to be padded to block size before being encrypted. The block should still decrypt properly even if you use a larger size. If you can explain how the encryption works it will help us guide you. Hopefully the example will provide some clues.

If you'd like to take this to a private channel you can email support at wolfssl dot com and we'll provide free pre-sales support.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

46 Reply by dgarske

(3 replies, posted in wolfCrypt)

Hi RCuller,

Your example looks valid. The key size passed in sizeof(key) is 32 so it will use AES 256-bit. The AES CBC requires the input to be block aligned at 16 bytes. Is there a reason you are using 1024 bytes? I assume your encrypt routine looks similar and takes in a null terminated string and also uses 1024 bytes?

We have a good AES CBC file encryption example here:
https://github.com/wolfSSL/wolfssl-exam … -encrypt.c

Another thing to coding is making sure you include wolfssl/options.h above the other wolfSSL header includes. See FAQ 1: https://www.wolfssl.com/docs/frequently … r_wolfSSL?

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

47 Reply by dgarske

(11 replies, posted in wolfCrypt)

Hi mnzdbz,

Because you are using WOLFSSL_SMALL_STACK it uses heap instead. If you remove the small stack option it will use stack and not heap.

Which mode of AES? There are AES tables as you found. Not using the tables slows down the operation because it must compute values. Are you building the .c code with optimizations enabled like "-Os" or "-O2"? Those make a big different.

Besides WOLFSSL_AES_SMALL_TABLES you can also play with WOLFSSL_AES_NO_UNROLL to see how that impacts performance and code size.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

48 Reply by dgarske

(16 replies, posted in wolfTPM)

Hi Richeal C,

This is a Nuvoton NPCT750 TPM2.0. Check wait state is required.

Here is what the working output for TPM2_GetCapability should look like:

Command: 22
    80 01 00 00 00 16 00 00 01 7a 00 00 00 06 00 00 | .........z......
    01 05 00 00 00 08                               | ......
Response: 83
    80 01 00 00 00 53 00 00 00 00 01 00 00 00 06 00 | .....S..........
    00 00 08 00 00 01 05 4e 54 43 00 00 00 01 06 4e | .......NTC.....N
    50 43 54 00 00 01 07 37 35 78 00 00 00 01 08 22 | PCT....75x....."
    21 21 34 00 00 01 09 72 6c 73 00 00 00 01 0a 00 | !!4....rls......
    00 00 00 00 00 01 0b 00 07 00 02 00 00 01 0c 00 | ................
    02 00 00                                        | ...
Command: 22
    80 01 00 00 00 16 00 00 01 7a 00 00 00 06 00 00 | .........z......
    01 2d 00 00 00 01                               | .-....
Response: 27
    80 01 00 00 00 1b 00 00 00 00 01 00 00 00 06 00 | ................
    00 00 01 00 00 01 2d 00 00 00 01                | ......-....
Mfg NTC (4), Vendor NPCT75x"!!4rls, Fw 7.2 (131072), FIPS 140-2 1, CC-EAL4 0

The first command is TPM2_GetCapability with TPM_PT_MANUFACTURER.
The second command is TPM2_GetCapability with TPM_PT_MODES.

Can you try this patch and see how much further you can get?

diff --git a/src/tpm2.c b/src/tpm2.c
index 4c04770..c502e35 100644
--- a/src/tpm2.c
+++ b/src/tpm2.c
@@ -891,7 +891,6 @@ TPM_RC TPM2_GetCapability(GetCapability_In* in, GetCapability_Out* out)
                     printf("Unknown capability type 0x%x\n",
                         (unsigned int)out->capabilityData.capability);
             #endif
-                    rc = -1;
                     break;
             }
         }

Thanks,
David Garske, wolfSSL

Go to forum: wolfTPM

49 Reply by dgarske

(11 replies, posted in wolfCrypt)

Hi mnzdbz,

How is your stack configured? Fast math (tfm.c) uses stack not heap. The correct size for FP_MAX_BITS is your maximum key size * 2 (for multiplication of two big integers).

You would likely need about 8KB of stack with your configuration. If you would like to use heap I recommend the following build settings.


#define WOLFSSL_SP_MATH_ALL
#define WOLFSSL_SP_SMALL
#define WOLFSSL_SMALL_STACK

This will use our sp_int.c with heap allocations.

Thanks,
David Garske, wolfSSL

Go to forum: wolfCrypt

50 Reply by dgarske

(16 replies, posted in wolfTPM)

Looks like it is all working normal. I would recommend trying to run examples/wrap/wrap_test to verify.

It looks like the unit test makes an assumption about parsing capabilities. I will investigate tomorrow.

Go to forum: wolfTPM