1 (edited by messias.filho 2021-09-15 10:15:47)

Topic: Cryptographic operations with wolfTPM


I am trying to use wolfTPM wrappers to encrypt some data (random number) using a PEM RSA public key. My use case is to read a PEM containing a Public RSA Key and convert this external public key in a key to be used in wolfTPM. This can be done using the wolfTPM2_RsaKey_PubPemToTpm() wrapper. Next, I am using the loaded RSA key (WOLFTPM2_KEY) to encrypt some data using the  wolfTPM2_RsaEncrypt() wrapper.

My goal is to use RSA/ECB/PKCS1Padding as cypher type on the encryption operation, but I am not getting how to set this parameters on the wolfTPM2_RsaEncrypt() wrapper. Does the wolfTPM has support for this operation? Does the encryption wrapper's scheme parameter have anything related to it? For example, TPM_ALG_NULL, TPM_ALG_OAEP or TPM_ALG_RSAES?

I've already used the wolfTPM wrappers to encrypt some data with the public key generated using some Online RSA Key Generator (https://www.devglan.com/online-tools/rs … decryption), then I got the encrypted data and tryied to decrypt it using the private part of the key on the Online RSA Key Generator, but the decryption fails with RSA/ECB/PKCS1Padding as cypher type.

Thanks in advance.


Re: Cryptographic operations with wolfTPM

Hi messias,

Can you share a simple version of your code? I don't see an exact example of your use-case and will look at adding one.



3 (edited by jeff 2021-09-16 09:19:55)

Re: Cryptographic operations with wolfTPM

Hi Messias,

I've fixed an issue and added a test for RSAES in a PR

Attached is a program I used to test against the website you linked. The output is binary. I tested against the website by converting the output to base64 `base64 out.bin` and copy-paste into RSA Decryption. To test against openssl I ran `openssl rsautl -decrypt -inkey rsa2k.pem -in out.bin`

Note: that for OAEP with SHA1, in order to be compatible you must change the default HASH of wolfTPM by adding `CFLAGS=-DWOLFTPM2_WRAP_DIGEST=TPM_ALG_SHA1` to configure. This is not needed for RSA/ECB/PKCS1Padding. For openssl with SHA256 (wolfTPM default) you can decrypt with `openssl pkeyutl -inkey rsa2k.pem -in out.bin -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -decrypt`

Post's attachments

test_rsa.c 1.5 kb, 2 downloads since 2021-09-16 

You don't have the permssions to download the attachments of this post.


Re: Cryptographic operations with wolfTPM

Hello Jeff,

I tested your solution and the last updates/fixes solved my problem and is working fine in my use case.

Thank you for your help and support!