Welcome to the wolfSSL Forums!

6grace12345grace7 · 2024-01-10 19:44:44

6grace12345grace7
Member
Offline

Registered: 2024-01-10
Posts: 9

Topic: Import external ECC private key

I am currently encountering an issue where I need to import an external ECC private key into a TPM and subsequently verify whether the ECC private key read from the TPM matches the original ECC private key. However, I have observed that the ECC private key stored in the TPM undergoes processing with a random seed before being saved.

I am referring to /wolfTPM-3.0.0/examples/keygen/keyimport.c and using wolfTPM2_ImportPrivateKeyBuffer for this process. How can I ensure that the content stored and read are identical given the described circumstances?

dgarske · 2024-01-11 11:26:34

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 416

Re: Import external ECC private key

Hi Grace,

What are you comparing to confirm the key? I would suggest using the public portion of the key to confirm its valid/matching.

If you need to import with a custom see that is supported, see https://github.com/wolfSSL/wolfTPM/blob … l_import.c

Can you share more about your project? Feel free to email support at wolfssl dot com directly if you'd like to take the conversation private.

Thanks,
David Garske, wolfSSL

6grace12345grace7 · 2024-01-25 20:32:04

6grace12345grace7
Member
Offline

Registered: 2024-01-10
Posts: 9

Re: Import external ECC private key

Hi David,

I want to store an EC private key in TPM and then generate a certificate.
After successfully using the import.c sample code to store the private key in the TPM, I'm currently encountering an error during the certificate generation process: "wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use."
I would like to inquire about possible solutions to address this issue.

I refer to csr.c and keyimport.c , the following is the printed log:
I have imported the key from the certs (example-ecc256-key.pem).

Initializing wolfTPM2
Loading SRK: Storage 0x81000201 (90 bytes)
Import ecc key ...
Contents of buf:
2D 2D 2D 2D 2D 42 45 47 49 4E 20 45 43 20 50 52
49 56 41 54 45 20 4B 45 59 2D 2D 2D 2D 2D 0A 4D
48 63 43 41 51 45 45 49 45 57 32 61 51 4A 7A 6E
47 79 46 6F 54 68 62 63 75 6A 6F 78 36 7A 45 41
34 31 54 4E 51 54 36 62 43 6A 63 4E 49 33 68 71
41 6D 4D 6F 41 6F 47 43 43 71 47 53 4D 34 39 0A
41 77 45 48 6F 55 51 44 51 67 41 45 75 7A 4F 73
54 43 64 51 53 73 5A 4B 70 51 54 44 50 4E 36 66
4E 74 74 79 4C 63 36 55 36 69 76 36 79 79 41 4A
4F 53 77 57 36 47 45 43 36 61 39 4E 30 77 4B 54
0A 6D 6A 46 62 6C 35 49 68 66 2F 44 50 47 4E 71
52 45 51 49 30 68 75 67 67 57 44 4D 4C 67 44 53
4A 32 41 3D 3D 0A 2D 2D 2D 2D 2D 45 4E 44 20 45
43 20 50 52 49 56 41 54 45 20 4B 45 59 2D 2D 2D
2D 2D 0A
(Import EC-KEY)Loaded key to 0x80000008
Successful for Loading key!!!
Wrote 254 bytes to device_key.bin
Key Public Blob 90
Key Private Blob 158
Public Area (size 90):
Type: ECC (0x23), name: SHA256 (0xB), objAttr: 0x30460, authPolicy sz: 0
ECC: sym algorithm: AES (0x6), sym keyBits: 128, sym mode: AES-CFB (0x43)
scheme: NULL (0x10), scheme hash: SHA256 (0xB), curveID: size 32, 0x3
KDF scheme: NULL (0x10), KDF alg: Unknown (0x0), unique X/Y size 32/32
Key Public Blob 90
23 00 0b 00 60 04 03 00 00 00 00 00 00 00 00 00 | #...`...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 06 00 80 00 | ................
43 00 10 00 0b 00 00 00 03 00 | C.........
Key Private Blob 158
00 20 44 cd ac 84 20 4f 8f bd 8a c3 6b f9 84 74 | . D... O....k..t
a0 ff c6 75 41 4b b9 c2 be 9d 13 8a 1e ec f6 71 | ...uAK.........q
7b ce 00 10 2b cc dc 64 96 d0 26 16 7d 7c 2e b4 | {...+..d..&.}|..
aa 2c eb 8b a6 06 ac 70 55 9c 17 a3 1e 87 46 aa | .,.....pU.....F.
05 27 77 f1 5e aa 8c 22 e2 86 5d 28 3b 4a a0 72 | .'w.^.."..](;J.r
a0 d2 22 6e 84 63 94 e3 15 82 29 7e 6d 77 e1 65 | .."n.c....)~mw.e
a8 55 a1 1d 1a 48 cf af df 22 95 98 57 d5 80 08 | .U...H..."..W...
17 c9 0f bc b4 5d c9 22 e8 ab 12 f6 9a 53 aa 87 | .....].".....S..
11 ea 76 3a 6e 7c 00 99 77 83 2d 78 4d 90 d5 c6 | ..v:n|..w.-xM...
34 c2 9b 94 2a ea 11 2d d5 73 96 de 3e 2f | 4...*..-.s..>/
TPM2 CSR TEST
Loading SRK: Storage 0x81000201 (90 bytes)
Reading 254 bytes from device_key.bin
Reading the private part of the key
Key Public Blob 90
23 00 0b 00 60 04 03 00 00 00 00 00 00 00 00 00 | #...`...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 06 00 80 00 | ................
43 00 10 00 00 00 00 00 03 00 | C.........
Key Private Blob 158
00 20 44 cd ac 84 20 4f 8f bd 8a c3 6b f9 84 74 | . D... O....k..t
a0 ff c6 75 41 4b b9 c2 be 9d 13 8a 1e ec f6 71 | ...uAK.........q
7b ce 00 10 2b cc dc 64 96 d0 26 16 7d 7c 2e b4 | {...+..d..&.}|..
aa 2c eb 8b a6 06 ac 70 55 9c 17 a3 1e 87 46 aa | .,.....pU.....F.
05 27 77 f1 5e aa 8c 22 e2 86 5d 28 3b 4a a0 72 | .'w.^.."..](;J.r
a0 d2 22 6e 84 63 94 e3 15 82 29 7e 6d 77 e1 65 | .."n.c....)~mw.e
a8 55 a1 1d 1a 48 cf af df 22 95 98 57 d5 80 08 | .U...H..."..W...
17 c9 0f bc b4 5d c9 22 e8 ab 12 f6 9a 53 aa 87 | .....].".....S..
11 ea 76 3a 6e 7c 00 99 77 83 2d 78 4d 90 d5 c6 | ..v:n|..w.-xM...
34 c2 9b 94 2a ea 11 2d d5 73 96 de 3e 2f | 4...*..-.s..>/
(readandloadkey)Loaded key to 0x80000008
Key Public Blob : 90
Start CSR generate!
Before TPM2_CSR_Generatee:
dev: 0xbe8dff5c
key: 0xbe8e0224
gClientCertEccFile: ./device-key-cert.pem
makeSelfSignedCert: 1
tpmDevId: 0
sigType: 524
Before wolfTPM2_CSR_MakeAndSign_ex:
dev: 0xbe8df70c
key: 0xbe8e0224
csr: 0x33d8c0
csr->req.version: 2
csr->req.issuer.len: 0
output: 0xbe8df714
outputSz: 2048
sigType: 524
makeSelfSignedCert: 1
devId: 0
wc_MakeCert_ex failure 0x24c: Unknown
wc_SignCert_ex failure 0xffffff08: Error with hardware crypto use
CSR_MakeAndSign failure 0xffffff08: Error with hardware crypto use
wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use
CSR_MakeAndSign failed
Fail to generate CSR
TPM2_CSR_Generate failure 0xffffff08: Error with hardware crypto use
error when generate CSR

Thanks,
Grace

dgarske · 2024-01-26 11:43:01

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 416

Re: Import external ECC private key

Hi Grace,

Can you enable the DEBUG_WOLFTPM and WOLFTPM_DEBUG_VERBOSE (or --enable-debug=verbose) options and provide logs? I suspect it will help guide what the error is. Oh and you should also enable the wolfSSL debugging using --enable-debug or DEBUG_WOLFSSL.

I suspect there is a missing build option for wolfSSL or you haven't properly set the crypto callback TpmCryptoDevCtx .rsaKey or .eccKey.

Thanks,
David Garske, wolfSSL

6grace12345grace7 · 2024-01-28 19:28:33

6grace12345grace7
Member
Offline

Registered: 2024-01-10
Posts: 9

Re: Import external ECC private key

Hi David,

Here's the logs that I --enable-debug from WOLFSSL and WOLFTPM.

Initializing wolfTPM2
wolfSSL Entering wolfCrypt_Init
TPM2: Caps 0x00000000, Did 0x0000, Vid 0x0000, Rid 0x 0
Command size: 14
80 01 00 00 00 0e 00 00 01 73 81 00 02 01 | .........s....
Response size: 174
80 01 00 00 00 ae 00 00 00 00 00 5a 00 23 00 0b | ...........Z.#..
00 03 04 72 00 00 00 06 00 80 00 43 00 10 00 03 | ...r.......C....
00 10 00 20 f0 e9 1a e9 48 14 fb 5d 09 c3 49 ee | ... ....H..]..I.
57 90 6b 2c 25 a3 fa 45 5d 54 ed 43 5e 81 2d a3 | W.k,%..E]T.C^.-.
e1 10 bc 36 00 20 c6 7c bf fc ab 3b b4 7c be bf | ...6. .|...;.|..
73 80 e4 16 d2 bf d6 c8 03 a9 aa 89 7c 36 82 da | s...........|6..
1f 1e 01 a1 bf 1a 00 22 00 0b 6e 91 85 44 e8 e2 | ......."..n..D..
02 92 b2 96 80 f1 f4 7f db 1c 64 c7 59 79 a3 11 | ..........d.Yy..
e0 5e 45 ae a6 93 8d 75 02 f1 00 22 00 0b 3a 26 | .^E....u..."..:&
f3 54 93 a6 21 d7 3d 6e 72 c4 0b 15 1e a8 64 1c | .T..!.=nr.....d.
f6 5f c5 b4 90 c0 8f 2e c4 19 c3 e2 39 81 | ._..........9.
TPM2_ReadPublic Handle 0x81000201: pub 90, name 34, qualifiedName 34
Loading SRK: Storage 0x81000201 (90 bytes)
Import ecc key ...
Contents of buf:
30 77 02 01 01 04 20 45 B6 69 02 73 9C 6C 85 A1
38 5B 72 E8 E8 C7 AC C4 03 8D 53 35 04 FA 6C 28
DC 34 8D E1 A8 09 8C A0 0A 06 08 2A 86 48 CE 3D
03 01 07 A1 44 03 42 00 04 BB 33 AC 4C 27 50 4A
C6 4A A5 04 C3 3C DE 9F 36 DB 72 2D CE 94 EA 2B
FA CB 20 09 39 2C 16 E8 61 02 E9 AF 4D D3 02 93
9A 31 5B 97 92 21 7F F0 CF 18 DA 91 11 02 34 86
E8 20 58 33 0B 80 34 89 D8
TPM2_GetNonce (32 bytes)
Encrypt secret: Alg ECC, Label DUPLICATE
Encrypt Secret 0: 32 bytes
8b 50 47 2e 62 67 8a 29 85 53 9c d5 25 74 95 6e | .PG.bg.).S..%t.n
35 14 72 a7 56 af 62 d0 10 5a 9a f6 9d 8f f8 25 | 5.r.V.b..Z.....%
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x00
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Found 1 auth sessions
CommandProcess: Handles (Auth 1, In 1), CmdSz 325, AuthSz 31, ParamSz 276, EncSz 0
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x01
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Command size: 325
80 02 00 00 01 45 00 00 01 56 81 00 02 01 00 00 | .....E...V......
00 1f 40 00 00 09 00 00 01 00 16 54 68 69 73 49 | ..@........ThisI
73 4d 79 53 74 6f 72 61 67 65 4b 65 79 41 75 74 | sMyStorageKeyAut
68 00 00 00 5a 00 23 00 0b 00 03 04 60 00 00 00 | h...Z.#.....`...
06 00 80 00 43 00 10 00 03 00 10 00 20 bb 33 ac | ....C....... .3.
4c 27 50 4a c6 4a a5 04 c3 3c de 9f 36 db 72 2d | L'PJ.J...<..6.r-
ce 94 ea 2b fa cb 20 09 39 2c 16 e8 61 00 20 02 | ...+.. .9,..a. .
e9 af 4d d3 02 93 9a 31 5b 97 92 21 7f f0 cf 18 | ..M....1[..!....
da 91 11 02 34 86 e8 20 58 33 0b 80 34 89 d8 00 | ....4.. X3..4...
6c 00 20 23 71 e9 a0 b5 b3 8c 9f 4e e2 0a 21 4e | l. #q......N..!N
5f ee 76 9a 1c 42 72 25 3a 8e bb 76 2a 0f c9 86 | _.v..Br%:..v*...
4e f1 07 78 f0 5c e4 54 10 d0 69 f0 27 d9 43 46 | N..x.\.T..i.'.CF
6f 1c e5 c9 3b 1e 83 65 eb ce dd 0d a6 7e 96 86 | o...;..e.....~..
78 f0 f8 7f 62 42 9b ce db 6c b3 07 8f 08 1f 28 | x...bB...l.....(
ca 87 9c 19 01 ab 12 1a b8 ff 7b cf fa 7d 23 6f | ..........{..}#o
ee 78 7f be 6f 48 dd 8e 85 a5 a4 3b e3 00 44 00 | .x..oH.....;..D.
20 1e 90 33 4b 3c 33 1a 36 e9 86 db cd bd 40 67 | ..3K<3.6.....@g
a4 a6 36 8f d9 f2 42 17 a8 55 f5 7f f4 11 2d ea | ..6...B..U....-.
af 00 20 7c 8f 38 28 06 d1 cd b9 87 87 4d 3b 69 | .. |.8(......M;i
17 cf c1 7a c0 68 aa 39 af 4a 31 0d fe 2e b8 70 | ...z.h.9.J1....p
d9 b1 c4 00 10 | .....
Response size: 179
80 02 00 00 00 b3 00 00 00 00 00 00 00 a0 00 9e | ................
00 20 4b fa 69 6f 65 1a 86 52 37 f7 6e b2 d4 41 | . K.ioe..R7.n..A
ec e2 f0 2d 1b f6 cc e2 7a ae 06 a3 b0 ae af ee | ...-....z.......
b6 95 00 10 ad 25 4b 4c 24 ee 93 01 87 53 7e df | .....%KL$....S~.
bf e6 7d c0 ed 5e 81 a6 6b a8 48 ef 04 cf bd 9d | ..}..^..k.H.....
e6 25 05 66 f5 d5 eb 62 65 b1 f9 00 8c 98 45 f4 | .%.f...be.....E.
4e ef 2d 85 c8 04 d5 f1 4a 26 b4 f3 60 b5 ba 95 | N.-.....J&..`...
32 2a 02 d0 78 8f 6e 2c 9b 76 01 32 59 44 ac 5b | 2*..x.n,.v.2YD.[
94 d1 38 7f 1f c7 60 4a 08 25 35 ac 8b be 40 1d | ..8...`J.%5...@.
46 90 58 fe c6 ba a6 62 07 a9 50 1a 02 02 5a 2f | F.X....b..P...Z/
3d 98 cc f6 88 94 fc 50 db 05 64 e6 69 7d 00 00 | =......P..d.i}..
01 00 00 | ...
ResponseProcess: Handles (Out 0), RespSz 179, ParamSz 160, DecSz 158, AuthSz 5
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x00
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Found 1 auth sessions
CommandProcess: Handles (Auth 1, In 1), CmdSz 301, AuthSz 31, ParamSz 252, EncSz 158
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x01
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Command size: 301
80 02 00 00 01 2d 00 00 01 57 81 00 02 01 00 00 | .....-...W......
00 1f 40 00 00 09 00 00 01 00 16 54 68 69 73 49 | ..@........ThisI
73 4d 79 53 74 6f 72 61 67 65 4b 65 79 41 75 74 | sMyStorageKeyAut
68 00 9e 00 20 4b fa 69 6f 65 1a 86 52 37 f7 6e | h... K.ioe..R7.n
b2 d4 41 ec e2 f0 2d 1b f6 cc e2 7a ae 06 a3 b0 | ..A...-....z....
ae af ee b6 95 00 10 ad 25 4b 4c 24 ee 93 01 87 | ........%KL$....
53 7e df bf e6 7d c0 ed 5e 81 a6 6b a8 48 ef 04 | S~...}..^..k.H..
cf bd 9d e6 25 05 66 f5 d5 eb 62 65 b1 f9 00 8c | ....%.f...be....
98 45 f4 4e ef 2d 85 c8 04 d5 f1 4a 26 b4 f3 60 | .E.N.-.....J&..`
b5 ba 95 32 2a 02 d0 78 8f 6e 2c 9b 76 01 32 59 | ...2*..x.n,.v.2Y
44 ac 5b 94 d1 38 7f 1f c7 60 4a 08 25 35 ac 8b | D.[..8...`J.%5..
be 40 1d 46 90 58 fe c6 ba a6 62 07 a9 50 1a 02 | .@.F.X....b..P..
02 5a 2f 3d 98 cc f6 88 94 fc 50 db 05 64 e6 69 | .Z/=......P..d.i
7d 00 5a 00 23 00 0b 00 03 04 60 00 00 00 06 00 | }.Z.#.....`.....
80 00 43 00 10 00 03 00 10 00 20 bb 33 ac 4c 27 | ..C....... .3.L'
50 4a c6 4a a5 04 c3 3c de 9f 36 db 72 2d ce 94 | PJ.J...<..6.r-..
ea 2b fa cb 20 09 39 2c 16 e8 61 00 20 02 e9 af | .+.. .9,..a. ...
4d d3 02 93 9a 31 5b 97 92 21 7f f0 cf 18 da 91 | M....1[..!......
11 02 34 86 e8 20 58 33 0b 80 34 89 d8 | ..4.. X3..4..
Response size: 59
80 02 00 00 00 3b 00 00 00 00 80 00 00 08 00 00 | .....;..........
00 24 00 22 00 0b dc 7c 0a 77 a2 e8 3b bf 1a 92 | .$."...|.w..;...
31 2b fd fe 70 29 c6 ab ae 40 bd 17 15 cb e2 5d | 1+..p)...@.....]
cb 40 97 e6 df 8d 00 00 01 00 00 | .@.........
ResponseProcess: Handles (Out 1), RespSz 59, ParamSz 36, DecSz 34, AuthSz 5
TPM2_Load Key Handle 0x80000008
(Import EC-KEY)Loaded key to 0x80000008
Successful for Loading key!!!
00 5a 00 23 00 0b 00 03 04 60 00 00 00 06 00 80 | .Z.#.....`......
00 43 00 10 00 03 00 10 00 20 bb 33 ac 4c 27 50 | .C....... .3.L'P
4a c6 4a a5 04 c3 3c de 9f 36 db 72 2d ce 94 ea | J.J...<..6.r-...
2b fa cb 20 09 39 2c 16 e8 61 00 20 02 e9 af 4d | +.. .9,..a. ...M
d3 02 93 9a 31 5b 97 92 21 7f f0 cf 18 da 91 11 | ....1[..!.......
02 34 86 e8 20 58 33 0b 80 34 89 d8 | .4.. X3..4..
Wrote 254 bytes to device_key.bin
Key Public Blob 90
23 00 0b 00 60 04 03 00 00 00 00 00 00 00 00 00 | #...`...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 06 00 80 00 | ................
43 00 10 00 0b 00 00 00 03 00 | C.........
Key Private Blob 158
00 20 4b fa 69 6f 65 1a 86 52 37 f7 6e b2 d4 41 | . K.ioe..R7.n..A
ec e2 f0 2d 1b f6 cc e2 7a ae 06 a3 b0 ae af ee | ...-....z.......
b6 95 00 10 ad 25 4b 4c 24 ee 93 01 87 53 7e df | .....%KL$....S~.
bf e6 7d c0 ed 5e 81 a6 6b a8 48 ef 04 cf bd 9d | ..}..^..k.H.....
e6 25 05 66 f5 d5 eb 62 65 b1 f9 00 8c 98 45 f4 | .%.f...be.....E.
4e ef 2d 85 c8 04 d5 f1 4a 26 b4 f3 60 b5 ba 95 | N.-.....J&..`...
32 2a 02 d0 78 8f 6e 2c 9b 76 01 32 59 44 ac 5b | 2*..x.n,.v.2YD.[
94 d1 38 7f 1f c7 60 4a 08 25 35 ac 8b be 40 1d | ..8...`J.%5...@.
46 90 58 fe c6 ba a6 62 07 a9 50 1a 02 02 5a 2f | F.X....b..P...Z/
3d 98 cc f6 88 94 fc 50 db 05 64 e6 69 7d | =......P..d.i}
Public Area (size 90):
Type: ECC (0x23), name: SHA256 (0xB), objAttr: 0x30460, authPolicy sz: 0
ECC: sym algorithm: AES (0x6), sym keyBits: 128, sym mode: AES-CFB (0x43)
scheme: NULL (0x10), scheme hash: SHA256 (0xB), curveID: size 32, 0x3
KDF scheme: NULL (0x10), KDF alg: Unknown (0x0), unique X/Y size 32/32
Key Public Blob 90
23 00 0b 00 60 04 03 00 00 00 00 00 00 00 00 00 | #...`...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 06 00 80 00 | ................
43 00 10 00 0b 00 00 00 03 00 | C.........
Key Private Blob 158
00 20 4b fa 69 6f 65 1a 86 52 37 f7 6e b2 d4 41 | . K.ioe..R7.n..A
ec e2 f0 2d 1b f6 cc e2 7a ae 06 a3 b0 ae af ee | ...-....z.......
b6 95 00 10 ad 25 4b 4c 24 ee 93 01 87 53 7e df | .....%KL$....S~.
bf e6 7d c0 ed 5e 81 a6 6b a8 48 ef 04 cf bd 9d | ..}..^..k.H.....
e6 25 05 66 f5 d5 eb 62 65 b1 f9 00 8c 98 45 f4 | .%.f...be.....E.
4e ef 2d 85 c8 04 d5 f1 4a 26 b4 f3 60 b5 ba 95 | N.-.....J&..`...
32 2a 02 d0 78 8f 6e 2c 9b 76 01 32 59 44 ac 5b | 2*..x.n,.v.2YD.[
94 d1 38 7f 1f c7 60 4a 08 25 35 ac 8b be 40 1d | ..8...`J.%5...@.
46 90 58 fe c6 ba a6 62 07 a9 50 1a 02 02 5a 2f | F.X....b..P...Z/
3d 98 cc f6 88 94 fc 50 db 05 64 e6 69 7d | =......P..d.i}
Command size: 14
80 01 00 00 00 0e 00 00 01 65 80 00 00 08 | .........e....
Response size: 10
80 01 00 00 00 0a 00 00 00 00 | ..........
TPM2_FlushContext: Closed handle 0x80000008
TPM2 CSR TEST
Command size: 14
80 01 00 00 00 0e 00 00 01 73 81 00 02 01 | .........s....
Response size: 174
80 01 00 00 00 ae 00 00 00 00 00 5a 00 23 00 0b | ...........Z.#..
00 03 04 72 00 00 00 06 00 80 00 43 00 10 00 03 | ...r.......C....
00 10 00 20 f0 e9 1a e9 48 14 fb 5d 09 c3 49 ee | ... ....H..]..I.
57 90 6b 2c 25 a3 fa 45 5d 54 ed 43 5e 81 2d a3 | W.k,%..E]T.C^.-.
e1 10 bc 36 00 20 c6 7c bf fc ab 3b b4 7c be bf | ...6. .|...;.|..
73 80 e4 16 d2 bf d6 c8 03 a9 aa 89 7c 36 82 da | s...........|6..
1f 1e 01 a1 bf 1a 00 22 00 0b 6e 91 85 44 e8 e2 | ......."..n..D..
02 92 b2 96 80 f1 f4 7f db 1c 64 c7 59 79 a3 11 | ..........d.Yy..
e0 5e 45 ae a6 93 8d 75 02 f1 00 22 00 0b 3a 26 | .^E....u..."..:&
f3 54 93 a6 21 d7 3d 6e 72 c4 0b 15 1e a8 64 1c | .T..!.=nr.....d.
f6 5f c5 b4 90 c0 8f 2e c4 19 c3 e2 39 81 | ._..........9.
TPM2_ReadPublic Handle 0x81000201: pub 90, name 34, qualifiedName 34
Loading SRK: Storage 0x81000201 (90 bytes)
Reading 254 bytes from device_key.bin
Public Area (size 90):
Type: ECC (0x23), name: SHA256 (0xB), objAttr: 0x30460, authPolicy sz: 0
ECC: sym algorithm: AES (0x6), sym keyBits: 128, sym mode: AES-CFB (0x43)
scheme: NULL (0x10), scheme hash: Unknown (0x0), curveID: size 32, 0x3
KDF scheme: NULL (0x10), KDF alg: Unknown (0x0), unique X/Y size 32/32
bb 33 ac 4c 27 50 4a c6 4a a5 04 c3 3c de 9f 36 | .3.L'PJ.J...<..6
db 72 2d ce 94 ea 2b fa cb 20 09 39 2c 16 e8 61 | .r-...+.. .9,..a
02 e9 af 4d d3 02 93 9a 31 5b 97 92 21 7f f0 cf | ...M....1[..!...
18 da 91 11 02 34 86 e8 20 58 33 0b 80 34 89 d8 | .....4.. X3..4..
Reading the private part of the key
Key Public Blob 90
23 00 0b 00 60 04 03 00 00 00 00 00 00 00 00 00 | #...`...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 06 00 80 00 | ................
43 00 10 00 00 00 00 00 03 00 | C.........
Key Private Blob 158
00 20 4b fa 69 6f 65 1a 86 52 37 f7 6e b2 d4 41 | . K.ioe..R7.n..A
ec e2 f0 2d 1b f6 cc e2 7a ae 06 a3 b0 ae af ee | ...-....z.......
b6 95 00 10 ad 25 4b 4c 24 ee 93 01 87 53 7e df | .....%KL$....S~.
bf e6 7d c0 ed 5e 81 a6 6b a8 48 ef 04 cf bd 9d | ..}..^..k.H.....
e6 25 05 66 f5 d5 eb 62 65 b1 f9 00 8c 98 45 f4 | .%.f...be.....E.
4e ef 2d 85 c8 04 d5 f1 4a 26 b4 f3 60 b5 ba 95 | N.-.....J&..`...
32 2a 02 d0 78 8f 6e 2c 9b 76 01 32 59 44 ac 5b | 2*..x.n,.v.2YD.[
94 d1 38 7f 1f c7 60 4a 08 25 35 ac 8b be 40 1d | ..8...`J.%5...@.
46 90 58 fe c6 ba a6 62 07 a9 50 1a 02 02 5a 2f | F.X....b..P...Z/
3d 98 cc f6 88 94 fc 50 db 05 64 e6 69 7d | =......P..d.i}
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x00
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Found 1 auth sessions
CommandProcess: Handles (Auth 1, In 1), CmdSz 301, AuthSz 31, ParamSz 252, EncSz 158
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x01
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Command size: 301
80 02 00 00 01 2d 00 00 01 57 81 00 02 01 00 00 | .....-...W......
00 1f 40 00 00 09 00 00 01 00 16 54 68 69 73 49 | ..@........ThisI
73 4d 79 53 74 6f 72 61 67 65 4b 65 79 41 75 74 | sMyStorageKeyAut
68 00 9e 00 20 4b fa 69 6f 65 1a 86 52 37 f7 6e | h... K.ioe..R7.n
b2 d4 41 ec e2 f0 2d 1b f6 cc e2 7a ae 06 a3 b0 | ..A...-....z....
ae af ee b6 95 00 10 ad 25 4b 4c 24 ee 93 01 87 | ........%KL$....
53 7e df bf e6 7d c0 ed 5e 81 a6 6b a8 48 ef 04 | S~...}..^..k.H..
cf bd 9d e6 25 05 66 f5 d5 eb 62 65 b1 f9 00 8c | ....%.f...be....
98 45 f4 4e ef 2d 85 c8 04 d5 f1 4a 26 b4 f3 60 | .E.N.-.....J&..`
b5 ba 95 32 2a 02 d0 78 8f 6e 2c 9b 76 01 32 59 | ...2*..x.n,.v.2Y
44 ac 5b 94 d1 38 7f 1f c7 60 4a 08 25 35 ac 8b | D.[..8...`J.%5..
be 40 1d 46 90 58 fe c6 ba a6 62 07 a9 50 1a 02 | .@.F.X....b..P..
02 5a 2f 3d 98 cc f6 88 94 fc 50 db 05 64 e6 69 | .Z/=......P..d.i
7d 00 5a 00 23 00 0b 00 03 04 60 00 00 00 06 00 | }.Z.#.....`.....
80 00 43 00 10 00 03 00 10 00 20 bb 33 ac 4c 27 | ..C....... .3.L'
50 4a c6 4a a5 04 c3 3c de 9f 36 db 72 2d ce 94 | PJ.J...<..6.r-..
ea 2b fa cb 20 09 39 2c 16 e8 61 00 20 02 e9 af | .+.. .9,..a. ...
4d d3 02 93 9a 31 5b 97 92 21 7f f0 cf 18 da 91 | M....1[..!......
11 02 34 86 e8 20 58 33 0b 80 34 89 d8 | ..4.. X3..4..
Response size: 59
80 02 00 00 00 3b 00 00 00 00 80 00 00 08 00 00 | .....;..........
00 24 00 22 00 0b dc 7c 0a 77 a2 e8 3b bf 1a 92 | .$."...|.w..;...
31 2b fd fe 70 29 c6 ab ae 40 bd 17 15 cb e2 5d | 1+..p)...@.....]
cb 40 97 e6 df 8d 00 00 01 00 00 | .@.........
ResponseProcess: Handles (Out 1), RespSz 59, ParamSz 36, DecSz 34, AuthSz 5
TPM2_Load Key Handle 0x80000008
(readandloadkey)Loaded key to 0x80000008
Key Public Blob : 90
Start CSR generate!
Before TPM2_CSR_Generatee:
dev: 0xbe94ef7c
key: 0xbe94f244
gClientCertEccFile: ./device-key-cert.pem
makeSelfSignedCert: 1
tpmDevId: 0
sigType: 524
Before wolfTPM2_CSR_MakeAndSign_ex:
dev: 0xbe94e72c
key: 0xbe94f244
csr: 0x33d858
csr->req.version: 2
csr->req.issuer.len: 0
output: 0xbe94e734
outputSz: 2048
sigType: 524
makeSelfSignedCert: 1
devId: 0
Command size: 12
80 01 00 00 00 0c 00 00 01 7b 00 10 | .........{..
Response size: 28
80 01 00 00 00 1c 00 00 00 00 00 10 1c a2 eb 17 | ................
d0 0e be ca a3 0e 35 b0 bd 04 a7 21 | ......5....!
wolfTPM2_CryptoDevCb failed rc = -173
wolfSSL error occurred, error = 248 line:28893 file:wolfcrypt/src/asn.c
wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use
CSR_MakeAndSign failed
Fail to generate CSR
TPM2_CSR_Generate failure 0xffffff08: Error with hardware crypto use
error when generate CSR
Command size: 12
80 01 00 00 00 0c 00 00 01 45 00 00 | .........E..
Response size: 10
80 01 00 00 00 0a 00 00 00 00 | ..........
wolfSSL Entering wolfCrypt_Cleanup

Btw, here I have one more question, from the above log, how can I confirm that the key I imported and the key I loaded are the same? My current method of confirmation is to check if the content of the Key Private Blob and Key Public Blob match, which indicates that the imported key and the loaded key are the same. However, I am unsure if this method of verification is correct.

Thanks,
Grace

6grace12345grace7 · 2024-01-28 22:25:45

6grace12345grace7
Member
Offline

Registered: 2024-01-10
Posts: 9

Re: Import external ECC private key

Hi David,

I am currently using wolfTPM 3.0.0 and wolfSSL 5.6.4.
The following code is mainly what I am using to generate a certificate:
(Basically, I am referring to the sample code in csr.c for the most part.)

int generate_CERT(WOLFTPM2_DEV *dev){

int rc;
WOLFTPM2_KEY storageKey;
WOLFTPM2_KEY key;
TpmCryptoDevCtx tpmCtx;
TPM2B_AUTH auth;
int tpmDevId;
TPMT_PUBLIC publicTemplate;
WOLFTPM2_KEY *primary = NULL;

TPM_ECC_CURVE curve = TPM_ECC_NIST_P256;
int sigType = CTC_SHA256wECDSA;
tpmCtx.eccKey = &key;
int makeSelfSignedCert = 1;

printf("TPM2 CSR TEST\n");

/* initialize variables */
XMEMSET(&key, 0, sizeof(key));
XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));

/* set session for authorization key */
auth.size = (int)sizeof(gAiKeyAuth)-1;
XMEMCPY(auth.buffer, gAiKeyAuth, auth.size);

rc = wolfTPM2_SetCryptoDevCb(dev, wolfTPM2_CryptoDevCb, &tpmCtx, &tpmDevId);
if (rc == 0) {
/* See if primary storage key already exists */
rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_ECC);
}

/*rc = wolfTPM2_GetKeyTemplate_ECC(&publicTemplate,
TPMA_OBJECT_sensitiveDataOrigin | TPMA_OBJECT_userWithAuth |
TPMA_OBJECT_sign | TPMA_OBJECT_noDA,
curve, TPM_ALG_ECDSA);*/

//rc = getECCkey(dev, &storage, &key, NULL, tpmDevId, gAiKeyAuth, auth.size, &publicTemplate);
rc = getECCkey(dev, &storage, &key, NULL, tpmDevId, (byte*)gAiKeyAuth, auth.size, &publicTemplate);
if (rc != TPM_RC_SUCCESS) {
printf("getECCkey failed\n");
wolfTPM2_UnloadHandle(dev, &key.handle);
return rc;
}

printf("Key Public Blob : %d\n", key.pub.size);
//_printBin((const byte*)&key.pub.publicArea, key.pub.size);
//printf("Key Private Blob :%d\n", key.priv.size);
//_printBin(key.priv.buffer, key.priv.size);

printf("Start CSR generate!\n");

/*printf("Before TPM2_CSR_Generatee:\n");
printf("dev: %p\n", (void*)&dev);
printf("key: %p\n", (void*)&key);
printf("gClientCertEccFile: %s\n", gClientCertEccFile);
printf("makeSelfSignedCert: %d\n", makeSelfSignedCert);
printf("tpmDevId: %d\n", tpmDevId);
printf("sigType: %d\n", sigType);*/
rc = TPM2_CSR_Generate(dev, ECC_TYPE, &key, gClientCertEccFile, makeSelfSignedCert, tpmDevId, sigType);
if (rc != TPM_RC_SUCCESS) {
printf("Fail to generate CSR\n");
printf("TPM2_CSR_Generate failure 0x%x: %s\n", rc, wolfTPM2_GetRCString(rc));
return rc;
}

printf("dev: %p\n", (void*)&dev);

return rc;

}

Thanks,
Grace

dgarske · 2024-01-29 09:09:49

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 416

Re: Import external ECC private key

Hi Grace,

The error is `BAD_FUNC_ARG = -173, /* Bad function argument provided */`
The command before the failure is `TPM_CC_GetRandom = 0x0000017B,`

Can you share me the build options you are using for both wolfSSL and wolfTPM?
Which TPM simulator are you using? Guessing ibmswtpm... have you tried removing the NVChip file to reset the NV?

Thanks,
David Garske, wolfSSL

6grace12345grace7 · 2024-01-29 09:39:01

6grace12345grace7
Member
Offline

Registered: 2024-01-10
Posts: 9

Re: Import external ECC private key

Hi David,

For wolfTPM:
./configure --host=arm-linux CC=arm-linux-gnueabihf-gcc AR=arm-linux-gnueabihf-ar RANLIB=arm-linux-gnueabihf-ranlib CPPFLAGS="-I./" --prefix=/customer --enable-advio --enable-st --enable-i2c --enable-devtpm --enable-debug=verbose --enable-wolfcrypt --with-wolfcrypt=/customer

For wolfSSL:
./configure --host=arm-linux CC=arm-linux-gnueabihf-gcc AR=arm-linux-gnueabihf-ar RANLIB=arm-linux-gnueabihf-ranlib CFLAGS="-Os" CPPFLAGS="-I./ -DTIME_T_NOT_64BIT -DNO_WRITEV" --prefix=/customer --enable-fastmath --enable-wolftpm --enable-cryptocb --enable-all-crypto --enable-opensslall --enable-opensslextra --enable-all --enable-debug --enable-asynccrypt

Thanks,
Grace

dgarske · 2024-01-29 10:25:01

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 416

Re: Import external ECC private key

Hi Grace,

Can you run the wolfcrypt/test/testwolfcrypt on the target? This will confirm your algorithms are working.
Can you run the example/wrap/wrap_test run correctly? I'd like to see the GetCapabilities report and see if it passes the RNG test.
If you are using the --enable-devtpm option it uses /dev/tpm0 and the --enable-advio and --enable-i2c options won't apply, but it should not cause issues.
Why are you using `--enable-asynccrypt`? This requires the files from wolfAsyncCrypt repo and is not common.
Is there a reason you have all crypto and all openssl compatibility on?

Thanks,
David Garske, wolfSSL

6grace12345grace7 · 2024-01-29 20:17:30

6grace12345grace7
Member
Offline

Registered: 2024-01-10
Posts: 9

Re: Import external ECC private key

Hi David,

The following log is generated after executing wolfcrypt/test/testwolfcrypt:

Math: Multi-Precision: Fast max-bits=16384 tfm.c
------------------------------------------------------------------------------
wolfSSL version 5.6.4
------------------------------------------------------------------------------
error test passed!
MEMORY test passed!
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too big
Bad Base64 Decode data, too small
Bad Base64 Decode data, too big
Bad Base64 Decode data, too small
Bad Base64 Decode data, too big
Bad Base64 Decode data, too small
Bad Base64 Decode data, too big
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad end of line in Base64 Decode
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode data, too small
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode bad character
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Bad Base64 Decode data, too big
Escape buffer max too small
base64 test passed!
base16 test passed!
asn test passed!
RANDOM test passed!
MD5 test passed!
MD2 test passed!
MD4 test passed!
SHA test passed!
SHA-224 test passed!
SHA-256 test passed!
SHA-384 test passed!
SHA-512 test passed!
SHA-512/224 test passed!
SHA-512/256 test passed!
SHA-3 test passed!
SHAKE128 test passed!
SHAKE256 test passed!
Hash test passed!
RIPEMD test passed!
BLAKE2b test passed!
BLAKE2s test passed!
HMAC-MD5 test passed!
HMAC-SHA test passed!
HMAC-SHA224 test passed!
HMAC-SHA256 test passed!
HMAC-SHA384 test passed!
HMAC-SHA512 test passed!
HMAC-SHA3 test passed!
HMAC-KDF test passed!
SSH-KDF test passed!
TLSv1.3 KDF test passed!
X963-KDF test passed!
HPKE test passed!
GMAC test passed!
ARC4 test passed!
Chacha test passed!
XChacha test passed!
POLY1305 test passed!
ChaCha20-Poly1305 AEAD test passed!
XChaCha20-Poly1305 AEAD test passed!
DES test passed!
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
wolfSSL Entering wolfSSL_DES_ede3_cbc_encrypt
DES3 test passed!
wolfSSL Entering wolfSSL_EVP_aes_128_xts
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_XTS
wolfSSL Entering wolfSSL_StoreExternalIV
AES XTS
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_XTS
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_XTS
wolfSSL Entering wolfSSL_StoreExternalIV
AES XTS
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_XTS
wolfSSL Entering wolfSSL_EVP_aes_256_xts
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_XTS
wolfSSL Entering wolfSSL_StoreExternalIV
AES XTS
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_XTS
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_XTS
wolfSSL Entering wolfSSL_StoreExternalIV
AES XTS
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_XTS
wolfSSL Entering wolfSSL_EVP_aes_128_cfb128
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB128
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB128
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB128
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB128
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB128
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB128
wolfSSL Entering wolfSSL_EVP_aes_192_cfb128
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB128
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB128
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB128
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB128
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB128
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB128
wolfSSL Entering wolfSSL_EVP_aes_256_cfb128
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB128
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB128
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB128
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB128
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB128
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB128
wolfSSL Entering wolfSSL_EVP_aes_128_cfb1
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB1
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB1
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB1
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB1
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB1
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB1
wolfSSL Entering wolfSSL_EVP_aes_192_cfb1
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB1
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB1
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB1
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB1
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB1
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB1
wolfSSL Entering wolfSSL_EVP_aes_256_cfb1
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB1
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB1
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB1
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB1
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB1
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB1
wolfSSL Entering wolfSSL_EVP_aes_128_cfb8
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB8
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB8
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB8
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB8
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB8
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_CFB8
wolfSSL Entering wolfSSL_EVP_aes_192_cfb8
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB8
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB8
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB8
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB8
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB8
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_CFB8
wolfSSL Entering wolfSSL_EVP_aes_256_cfb8
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB8
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB8
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB8
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB8
wolfSSL Entering wolfSSL_StoreExternalIV
AES CFB8
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_CFB8
AES test passed!
AES192 test passed!
AES256 test passed!
wolfSSL Entering wolfSSL_EVP_aes_128_ofb
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_OFB
wolfSSL Entering wolfSSL_StoreExternalIV
AES OFB
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_OFB
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_OFB
wolfSSL Entering wolfSSL_StoreExternalIV
AES OFB
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_128_OFB
wolfSSL Entering wolfSSL_EVP_aes_192_ofb
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_OFB
wolfSSL Entering wolfSSL_StoreExternalIV
AES OFB
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_OFB
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_OFB
wolfSSL Entering wolfSSL_StoreExternalIV
AES OFB
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_192_OFB
wolfSSL Entering wolfSSL_EVP_aes_256_ofb
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_OFB
wolfSSL Entering wolfSSL_StoreExternalIV
AES OFB
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_OFB
wolfSSL Entering wolfSSL_EVP_CIPHER_CTX_init
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_OFB
wolfSSL Entering wolfSSL_StoreExternalIV
AES OFB
wolfSSL Entering wolfSSL_EVP_CipherUpdate
wolfSSL Entering wolfSSL_EVP_CipherFinal
wolfSSL Entering wolfSSL_EVP_CipherInit
EVP_AES_256_OFB
AESOFB test passed!
AES-GCM test passed!
Bad auth tag size AES-CCM
AES-CCM test passed!
AES Key Wrap test passed!
AES-SIV test passed!
AES-EAX test passed!
CAMELLIA test passed!
can't open clientKey, Please run from wolfSSL home dir error L=17053 errno=2 (No such file or directory)
[fiducial line numbers: 7921 24488 36565 48744]
RSA NOPAD test failed!
error L=17054 errno=2 (No such file or directory)
[fiducial line numbers: 7921 24488 36565 48744]
wolfSSL Entering wolfCrypt_Cleanup
Exiting main with return code: -1

There are too many wrap_test logs and cannot be uploaded directly, and there seems to be a problem with the attachments choose file function and cannot be uploaded.

Could you give me your email, so that I can send the logs to you

Thanks,
Grace

dgarske · 2024-01-30 09:01:17

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 416

Re: Import external ECC private key

Hi Grace,

I will send you an email directly.

Thanks,
David Garske, wolfSSL

dgarske · 2024-01-31 13:58:09

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 416

Re: Import external ECC private key

Hi Grace,

Looks like both the wolfCryptTest and wrap_test are passing. The error is not on the get_random, that worked fine. It is something after that. Can you please run your generate_CERT with wolfSSL debugging enabled? Call `wolfSSL_Debugging_ON();` from wolfssl/wolfcrypt/logging.h. This should provide helpful details as to why it's failing. Are you able to use GDB and step into the failing code in the crypto callback? I suspect the real error is being overwritten with the bad function arg.

Thanks,
David Garske, wolfSSL

6grace12345grace7 · 2024-02-01 00:42:40

6grace12345grace7
Member
Offline

Registered: 2024-01-10
Posts: 9

Re: Import external ECC private key

Hi David,

No, I can't use GDB because I'm working on a development board.

After adding wolfSSL_Debugging_ON() and enabling debug, the logs remain unchanged,
I have confirmed that wolfSSL_Debugging_ON() returns 0.

Initializing wolfTPM2
wolfSSL Entering wolfCrypt_Init
TPM2: Caps 0x00000000, Did 0x0000, Vid 0x0000, Rid 0x 0
hello!!!!!
Command size: 14
80 01 00 00 00 0e 00 00 01 73 81 00 02 01 | .........s....
Response size: 174
80 01 00 00 00 ae 00 00 00 00 00 5a 00 23 00 0b | ...........Z.#..
00 03 04 72 00 00 00 06 00 80 00 43 00 10 00 03 | ...r.......C....
00 10 00 20 f0 e9 1a e9 48 14 fb 5d 09 c3 49 ee | ... ....H..]..I.
57 90 6b 2c 25 a3 fa 45 5d 54 ed 43 5e 81 2d a3 | W.k,%..E]T.C^.-.
e1 10 bc 36 00 20 c6 7c bf fc ab 3b b4 7c be bf | ...6. .|...;.|..
73 80 e4 16 d2 bf d6 c8 03 a9 aa 89 7c 36 82 da | s...........|6..
1f 1e 01 a1 bf 1a 00 22 00 0b 6e 91 85 44 e8 e2 | ......."..n..D..
02 92 b2 96 80 f1 f4 7f db 1c 64 c7 59 79 a3 11 | ..........d.Yy..
e0 5e 45 ae a6 93 8d 75 02 f1 00 22 00 0b 3a 26 | .^E....u..."..:&
f3 54 93 a6 21 d7 3d 6e 72 c4 0b 15 1e a8 64 1c | .T..!.=nr.....d.
f6 5f c5 b4 90 c0 8f 2e c4 19 c3 e2 39 81 | ._..........9.
TPM2_ReadPublic Handle 0x81000201: pub 90, name 34, qualifiedName 34
Loading SRK: Storage 0x81000201 (90 bytes)
Import ecc key ...
Contents of buf:
30 77 02 01 01 04 20 45 B6 69 02 73 9C 6C 85 A1
38 5B 72 E8 E8 C7 AC C4 03 8D 53 35 04 FA 6C 28
DC 34 8D E1 A8 09 8C A0 0A 06 08 2A 86 48 CE 3D
03 01 07 A1 44 03 42 00 04 BB 33 AC 4C 27 50 4A
C6 4A A5 04 C3 3C DE 9F 36 DB 72 2D CE 94 EA 2B
FA CB 20 09 39 2C 16 E8 61 02 E9 AF 4D D3 02 93
9A 31 5B 97 92 21 7F F0 CF 18 DA 91 11 02 34 86
E8 20 58 33 0B 80 34 89 D8
TPM2_GetNonce (32 bytes)
Encrypt secret: Alg ECC, Label DUPLICATE
Encrypt Secret 0: 32 bytes
f3 16 6d 9c cc 95 5d e2 dc f0 bb b0 56 ba 38 b4 | ..m...].....V.8.
9f cd 85 bc a8 bc 87 06 be 68 c3 0c 02 ac f4 67 | .........h.....g
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x00
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Found 1 auth sessions
CommandProcess: Handles (Auth 1, In 1), CmdSz 325, AuthSz 31, ParamSz 276, EncSz 0
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x01
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Command size: 325
80 02 00 00 01 45 00 00 01 56 81 00 02 01 00 00 | .....E...V......
00 1f 40 00 00 09 00 00 01 00 16 54 68 69 73 49 | ..@........ThisI
73 4d 79 53 74 6f 72 61 67 65 4b 65 79 41 75 74 | sMyStorageKeyAut
68 00 00 00 5a 00 23 00 0b 00 03 04 60 00 00 00 | h...Z.#.....`...
06 00 80 00 43 00 10 00 03 00 10 00 20 bb 33 ac | ....C....... .3.
4c 27 50 4a c6 4a a5 04 c3 3c de 9f 36 db 72 2d | L'PJ.J...<..6.r-
ce 94 ea 2b fa cb 20 09 39 2c 16 e8 61 00 20 02 | ...+.. .9,..a. .
e9 af 4d d3 02 93 9a 31 5b 97 92 21 7f f0 cf 18 | ..M....1[..!....
da 91 11 02 34 86 e8 20 58 33 0b 80 34 89 d8 00 | ....4.. X3..4...
6c 00 20 cd 24 27 a6 c9 eb f0 e6 9c 60 f5 74 15 | l. .$'......`.t.
0b 1c f7 b3 15 9d 9b 06 69 46 fa 98 e3 83 bb 8e | ........iF......
c5 ef 45 c4 c7 7b 7e 29 b2 ad 90 7c 74 42 51 52 | ..E..{~)...|tBQR
be c5 7a e3 ef c1 48 74 02 08 b5 ae e8 83 6c ca | ..z...Ht......l.
49 b9 a7 b9 7c 38 00 30 44 43 ad 70 55 c1 17 38 | I...|8.0DC.pU..8
8b a9 6f 0c db a5 a4 26 d3 9f 7f 3f 30 7f 57 72 | ..o....&...?0.Wr
38 44 a7 4b ce ac 33 db f9 ea 12 5d 30 00 44 00 | 8D.K..3....]0.D.
20 f5 5e d9 8f 3e ff 13 3c 0d da be 5f 05 39 e0 | .^..>..<..._.9.
3d c2 fe d7 ca 50 3c cc a8 d5 d0 3b e8 70 e9 b5 | =....P<....;.p..
ce 00 20 a1 90 51 28 2d 26 8e c1 91 db a3 9b 4f | .. ..Q(-&......O
f6 c7 a2 2e 96 c6 78 87 93 00 9b 1e 9e 16 de 76 | ......x........v
fd 87 f7 00 10 | .....
Response size: 179
80 02 00 00 00 b3 00 00 00 00 00 00 00 a0 00 9e | ................
00 20 6c 4e 9c e8 63 3d df f8 64 ab d2 9c 73 c8 | . lN..c=..d...s.
a2 3d 02 80 39 af f6 85 bb da 41 78 be 9e 7a cb | .=..9.....Ax..z.
63 aa 00 10 b2 d5 9b bd a0 5d 40 8b a5 6a 9b 33 | c........]@..j.3
b3 9b 95 14 8c 42 b7 8e 45 78 5b 04 41 8b d2 7c | .....B..Ex[.A..|
b9 75 ef 55 85 61 fd f9 11 57 16 17 50 1b bc d2 | .u.U.a...W..P...
07 e5 27 ff 43 1c 1b f2 ba 0f 21 f5 1a bc 74 f9 | ..'.C.....!...t.
ca f3 72 58 b3 15 7f b5 3c 0f 07 7d 0c 8a c2 4c | ..rX....<..}...L
f1 4e 10 2c 66 58 42 ba 25 10 55 c4 46 46 56 3c | .N.,fXB.%.U.FFV<
8d 3a 9e bd 92 98 a0 e5 e8 e8 18 8d 17 a2 3e 6a | .:............>j
af 54 75 b8 68 5f 8e 76 63 22 b2 21 b0 9e 00 00 | .Tu.h_.vc".!....
01 00 00 | ...
ResponseProcess: Handles (Out 0), RespSz 179, ParamSz 160, DecSz 158, AuthSz 5
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x00
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Found 1 auth sessions
CommandProcess: Handles (Auth 1, In 1), CmdSz 301, AuthSz 31, ParamSz 252, EncSz 158
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x01
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Command size: 301
80 02 00 00 01 2d 00 00 01 57 81 00 02 01 00 00 | .....-...W......
00 1f 40 00 00 09 00 00 01 00 16 54 68 69 73 49 | ..@........ThisI
73 4d 79 53 74 6f 72 61 67 65 4b 65 79 41 75 74 | sMyStorageKeyAut
68 00 9e 00 20 6c 4e 9c e8 63 3d df f8 64 ab d2 | h... lN..c=..d..
9c 73 c8 a2 3d 02 80 39 af f6 85 bb da 41 78 be | .s..=..9.....Ax.
9e 7a cb 63 aa 00 10 b2 d5 9b bd a0 5d 40 8b a5 | .z.c........]@..
6a 9b 33 b3 9b 95 14 8c 42 b7 8e 45 78 5b 04 41 | j.3.....B..Ex[.A
8b d2 7c b9 75 ef 55 85 61 fd f9 11 57 16 17 50 | ..|.u.U.a...W..P
1b bc d2 07 e5 27 ff 43 1c 1b f2 ba 0f 21 f5 1a | .....'.C.....!..
bc 74 f9 ca f3 72 58 b3 15 7f b5 3c 0f 07 7d 0c | .t...rX....<..}.
8a c2 4c f1 4e 10 2c 66 58 42 ba 25 10 55 c4 46 | ..L.N.,fXB.%.U.F
46 56 3c 8d 3a 9e bd 92 98 a0 e5 e8 e8 18 8d 17 | FV<.:...........
a2 3e 6a af 54 75 b8 68 5f 8e 76 63 22 b2 21 b0 | .>j.Tu.h_.vc".!.
9e 00 5a 00 23 00 0b 00 03 04 60 00 00 00 06 00 | ..Z.#.....`.....
80 00 43 00 10 00 03 00 10 00 20 bb 33 ac 4c 27 | ..C....... .3.L'
50 4a c6 4a a5 04 c3 3c de 9f 36 db 72 2d ce 94 | PJ.J...<..6.r-..
ea 2b fa cb 20 09 39 2c 16 e8 61 00 20 02 e9 af | .+.. .9,..a. ...
4d d3 02 93 9a 31 5b 97 92 21 7f f0 cf 18 da 91 | M....1[..!......
11 02 34 86 e8 20 58 33 0b 80 34 89 d8 | ..4.. X3..4..
Response size: 59
80 02 00 00 00 3b 00 00 00 00 80 00 00 08 00 00 | .....;..........
00 24 00 22 00 0b dc 7c 0a 77 a2 e8 3b bf 1a 92 | .$."...|.w..;...
31 2b fd fe 70 29 c6 ab ae 40 bd 17 15 cb e2 5d | 1+..p)...@.....]
cb 40 97 e6 df 8d 00 00 01 00 00 | .@.........
ResponseProcess: Handles (Out 1), RespSz 59, ParamSz 36, DecSz 34, AuthSz 5
TPM2_Load Key Handle 0x80000008
(Import EC-KEY)Loaded key to 0x80000008
Successful for Loading key!!!
Wrote 254 bytes to device_key.bin
Key Public Blob 90
Key Private Blob 158
Public Area (size 90):
Type: ECC (0x23), name: SHA256 (0xB), objAttr: 0x30460, authPolicy sz: 0
ECC: sym algorithm: AES (0x6), sym keyBits: 128, sym mode: AES-CFB (0x43)
scheme: NULL (0x10), scheme hash: SHA256 (0xB), curveID: size 32, 0x3
KDF scheme: NULL (0x10), KDF alg: Unknown (0x0), unique X/Y size 32/32
Key Public Blob 90
23 00 0b 00 60 04 03 00 00 00 00 00 00 00 00 00 | #...`...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 06 00 80 00 | ................
43 00 10 00 0b 00 00 00 03 00 | C.........
Key Private Blob 158
00 20 6c 4e 9c e8 63 3d df f8 64 ab d2 9c 73 c8 | . lN..c=..d...s.
a2 3d 02 80 39 af f6 85 bb da 41 78 be 9e 7a cb | .=..9.....Ax..z.
63 aa 00 10 b2 d5 9b bd a0 5d 40 8b a5 6a 9b 33 | c........]@..j.3
b3 9b 95 14 8c 42 b7 8e 45 78 5b 04 41 8b d2 7c | .....B..Ex[.A..|
b9 75 ef 55 85 61 fd f9 11 57 16 17 50 1b bc d2 | .u.U.a...W..P...
07 e5 27 ff 43 1c 1b f2 ba 0f 21 f5 1a bc 74 f9 | ..'.C.....!...t.
ca f3 72 58 b3 15 7f b5 3c 0f 07 7d 0c 8a c2 4c | ..rX....<..}...L
f1 4e 10 2c 66 58 42 ba 25 10 55 c4 46 46 56 3c | .N.,fXB.%.U.FFV<
8d 3a 9e bd 92 98 a0 e5 e8 e8 18 8d 17 a2 3e 6a | .:............>j
af 54 75 b8 68 5f 8e 76 63 22 b2 21 b0 9e | .Tu.h_.vc".!..
Command size: 14
80 01 00 00 00 0e 00 00 01 65 80 00 00 08 | .........e....
Response size: 10
80 01 00 00 00 0a 00 00 00 00 | ..........
TPM2_FlushContext: Closed handle 0x80000008
TPM2 CSR TEST
Command size: 14
80 01 00 00 00 0e 00 00 01 73 81 00 02 01 | .........s....
Response size: 174
80 01 00 00 00 ae 00 00 00 00 00 5a 00 23 00 0b | ...........Z.#..
00 03 04 72 00 00 00 06 00 80 00 43 00 10 00 03 | ...r.......C....
00 10 00 20 f0 e9 1a e9 48 14 fb 5d 09 c3 49 ee | ... ....H..]..I.
57 90 6b 2c 25 a3 fa 45 5d 54 ed 43 5e 81 2d a3 | W.k,%..E]T.C^.-.
e1 10 bc 36 00 20 c6 7c bf fc ab 3b b4 7c be bf | ...6. .|...;.|..
73 80 e4 16 d2 bf d6 c8 03 a9 aa 89 7c 36 82 da | s...........|6..
1f 1e 01 a1 bf 1a 00 22 00 0b 6e 91 85 44 e8 e2 | ......."..n..D..
02 92 b2 96 80 f1 f4 7f db 1c 64 c7 59 79 a3 11 | ..........d.Yy..
e0 5e 45 ae a6 93 8d 75 02 f1 00 22 00 0b 3a 26 | .^E....u..."..:&
f3 54 93 a6 21 d7 3d 6e 72 c4 0b 15 1e a8 64 1c | .T..!.=nr.....d.
f6 5f c5 b4 90 c0 8f 2e c4 19 c3 e2 39 81 | ._..........9.
TPM2_ReadPublic Handle 0x81000201: pub 90, name 34, qualifiedName 34
Loading SRK: Storage 0x81000201 (90 bytes)
Reading 254 bytes from device_key.bin
Reading the private part of the key
Key Public Blob 90
23 00 0b 00 60 04 03 00 00 00 00 00 00 00 00 00 | #...`...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................
00 00 00 00 00 00 00 00 00 00 00 00 06 00 80 00 | ................
43 00 10 00 00 00 00 00 03 00 | C.........
Key Private Blob 158
00 20 6c 4e 9c e8 63 3d df f8 64 ab d2 9c 73 c8 | . lN..c=..d...s.
a2 3d 02 80 39 af f6 85 bb da 41 78 be 9e 7a cb | .=..9.....Ax..z.
63 aa 00 10 b2 d5 9b bd a0 5d 40 8b a5 6a 9b 33 | c........]@..j.3
b3 9b 95 14 8c 42 b7 8e 45 78 5b 04 41 8b d2 7c | .....B..Ex[.A..|
b9 75 ef 55 85 61 fd f9 11 57 16 17 50 1b bc d2 | .u.U.a...W..P...
07 e5 27 ff 43 1c 1b f2 ba 0f 21 f5 1a bc 74 f9 | ..'.C.....!...t.
ca f3 72 58 b3 15 7f b5 3c 0f 07 7d 0c 8a c2 4c | ..rX....<..}...L
f1 4e 10 2c 66 58 42 ba 25 10 55 c4 46 46 56 3c | .N.,fXB.%.U.FFV<
8d 3a 9e bd 92 98 a0 e5 e8 e8 18 8d 17 a2 3e 6a | .:............>j
af 54 75 b8 68 5f 8e 76 63 22 b2 21 b0 9e | .Tu.h_.vc".!..
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x00
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Found 1 auth sessions
CommandProcess: Handles (Auth 1, In 1), CmdSz 301, AuthSz 31, ParamSz 252, EncSz 158
authCmd:
sessionHandle=0x40000009
nonceSize=0 nonceBuffer:
sessionAttributes=0x01
hmacSize=22 hmacBuffer:
54 68 69 73 49 73 4d 79 53 74 6f 72 61 67 65 4b | ThisIsMyStorageK
65 79 41 75 74 68 | eyAuth
Command size: 301
80 02 00 00 01 2d 00 00 01 57 81 00 02 01 00 00 | .....-...W......
00 1f 40 00 00 09 00 00 01 00 16 54 68 69 73 49 | ..@........ThisI
73 4d 79 53 74 6f 72 61 67 65 4b 65 79 41 75 74 | sMyStorageKeyAut
68 00 9e 00 20 6c 4e 9c e8 63 3d df f8 64 ab d2 | h... lN..c=..d..
9c 73 c8 a2 3d 02 80 39 af f6 85 bb da 41 78 be | .s..=..9.....Ax.
9e 7a cb 63 aa 00 10 b2 d5 9b bd a0 5d 40 8b a5 | .z.c........]@..
6a 9b 33 b3 9b 95 14 8c 42 b7 8e 45 78 5b 04 41 | j.3.....B..Ex[.A
8b d2 7c b9 75 ef 55 85 61 fd f9 11 57 16 17 50 | ..|.u.U.a...W..P
1b bc d2 07 e5 27 ff 43 1c 1b f2 ba 0f 21 f5 1a | .....'.C.....!..
bc 74 f9 ca f3 72 58 b3 15 7f b5 3c 0f 07 7d 0c | .t...rX....<..}.
8a c2 4c f1 4e 10 2c 66 58 42 ba 25 10 55 c4 46 | ..L.N.,fXB.%.U.F
46 56 3c 8d 3a 9e bd 92 98 a0 e5 e8 e8 18 8d 17 | FV<.:...........
a2 3e 6a af 54 75 b8 68 5f 8e 76 63 22 b2 21 b0 | .>j.Tu.h_.vc".!.
9e 00 5a 00 23 00 0b 00 03 04 60 00 00 00 06 00 | ..Z.#.....`.....
80 00 43 00 10 00 03 00 10 00 20 bb 33 ac 4c 27 | ..C....... .3.L'
50 4a c6 4a a5 04 c3 3c de 9f 36 db 72 2d ce 94 | PJ.J...<..6.r-..
ea 2b fa cb 20 09 39 2c 16 e8 61 00 20 02 e9 af | .+.. .9,..a. ...
4d d3 02 93 9a 31 5b 97 92 21 7f f0 cf 18 da 91 | M....1[..!......
11 02 34 86 e8 20 58 33 0b 80 34 89 d8 | ..4.. X3..4..
Response size: 59
80 02 00 00 00 3b 00 00 00 00 80 00 00 08 00 00 | .....;..........
00 24 00 22 00 0b dc 7c 0a 77 a2 e8 3b bf 1a 92 | .$."...|.w..;...
31 2b fd fe 70 29 c6 ab ae 40 bd 17 15 cb e2 5d | 1+..p)...@.....]
cb 40 97 e6 df 8d 00 00 01 00 00 | .@.........
ResponseProcess: Handles (Out 1), RespSz 59, ParamSz 36, DecSz 34, AuthSz 5
TPM2_Load Key Handle 0x80000008
(readandloadkey)Loaded key to 0x80000008
Key Public Blob : 90
Start CSR generate!
Command size: 12
80 01 00 00 00 0c 00 00 01 7b 00 10 | .........{..
Response size: 28
80 01 00 00 00 1c 00 00 00 00 00 10 59 d9 58 79 | ............Y.Xy
3c 26 b8 0f 50 66 3b a4 f0 4f 28 48 | <&..Pf;..O(H
wolfTPM2_CryptoDevCb failed rc = -173
wolfSSL error occurred, error = 248 line:28893 file:wolfcrypt/src/asn.c
wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use
CSR_MakeAndSign failed
Fail to generate CSR
TPM2_CSR_Generate failure 0xffffff08: Error with hardware crypto use
error when generate CSR
Command size: 12
80 01 00 00 00 0c 00 00 01 45 00 00 | .........E..
Response size: 10
80 01 00 00 00 0a 00 00 00 00 | ..........
wolfSSL Entering wolfCrypt_Cleanup

Thanks,
Grace

dgarske · 2024-02-01 09:27:30

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 416

Re: Import external ECC private key

Hi Grace,

Please share me your full source code (you can email it to me). I will try to reproduce and debug.

Note: I usually use a TPM simulator like https://github.com/kgoldman/ibmswtpm2 and wolfTPM's --enable-swtpm option to debug locally on my PC. Its the best way to make sure you code works before deploying on hardware.

Thanks,
David Garske, wolfSSL

6grace12345grace7 · 2024-02-02 01:46:30

6grace12345grace7
Member
Offline

Registered: 2024-01-10
Posts: 9

Re: Import external ECC private key

Hi David,

I have sent email to you already!
please check the email.

Thanks,
Grace

dgarske · 2024-02-02 09:34:30

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 416

Re: Import external ECC private key

Hi Grace,

I was able to reproduce and find one of the issues. Your crypto callback context does not have tlsCtx->eccKey set, so it is NULL and the ECC sign doesn't known which TPM key to use.

Patch:
Move `tpmCtx.eccKey = &key;` below the `XMEMSET(&tpmCtx, 0, sizeof(tpmCtx));` in `generate_CERT`.

Also one bug:
- rc = getPrimaryStoragekey(&dev, &storage, TPM_ALG_ECC);
+ rc = getPrimaryStoragekey(dev, &storage, TPM_ALG_ECC);

However it still fails with various auth errors.

I see you are importing an external private key, but then also calling `getECCkey` which ends up trying to create a new key.
The imported key will output to your device_key.bin. There is another bug with using this. I'm still tracking it down in your code.

Thanks,
David Garske, wolfSSL

dgarske · 2024-02-02 12:08:31

dgarske
Moderator
Offline

Registered: 2015-10-07
Posts: 416

Re: Import external ECC private key

Hi Grace,

The issue is your `wolfTPM2_CreateSRK` was modified to not pass in the auth, however you set it on the handle, so it tries to use it later even though the SRK doesn't have one.

The fix required is in your getPrimaryStoragekey to either pass the auth in on wolfTPM2_CreateSRK or don't set it later in the function `pStorageKey->handle.auth`.

The next issue is:

Crypto CB: PK ECDSA-Sign (4)
Error: Handle Number 1
TPM2_Sign failed 412: TPM_RC_KEY: Key fields are not compatible with the selected use
wolfTPM2_CryptoDevCb failed rc = 412
wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use

Caused by this check in the TPM:

if(!IsSigningObject(signObject))
    return TPM_RCS_KEY + RC_Sign_keyHandle;

The fix for that issue is in your importECKey function where you setup the `attributes`. Replace `TPMA_OBJECT_decrypt` with `TPMA_OBJECT_sign`.

The next issue is:

Error: Parameter Number 3
TPM2_Sign failed 992: TPM_RC_TICKET: Invalid ticket
wolfTPM2_CryptoDevCb failed rc = 992
wolfTPM2_CSR_MakeAndSign_ex failure 0xffffff08: Error with hardware crypto use

You cannot use `TPMA_OBJECT_restricted` for an externally imported key.

Then wolfTPM2_CSR_MakeAndSign_ex is returning the size of the resulting DER and you assume rc == 0 on success. Replace your main.c like 864 `if (rc != TPM_RC_SUCCESS) {` with `if (rc < 0) {`.

Now the code works.

Thanks,
David Garske, wolfSSL

Welcome to the wolfSSL Forums!

Import external ECC private key

Posts: 17

1 Topic by 6grace12345grace7 2024-01-10 19:44:44 (edited by 6grace12345grace7 2024-01-10 19:48:52)

Topic: Import external ECC private key

2 Reply by dgarske 2024-01-11 11:26:34

Re: Import external ECC private key

3 Reply by 6grace12345grace7 2024-01-25 20:32:04 (edited by 6grace12345grace7 2024-01-26 01:27:14)

Re: Import external ECC private key

4 Reply by dgarske 2024-01-26 11:43:01

Re: Import external ECC private key

5 Reply by 6grace12345grace7 2024-01-28 19:28:33 (edited by 6grace12345grace7 2024-01-28 20:33:09)

Re: Import external ECC private key

6 Reply by 6grace12345grace7 2024-01-28 22:25:45

Re: Import external ECC private key

7 Reply by dgarske 2024-01-29 09:09:49

Re: Import external ECC private key

8 Reply by 6grace12345grace7 2024-01-29 09:39:01 (edited by 6grace12345grace7 2024-01-29 09:44:44)

Re: Import external ECC private key

9 Reply by dgarske 2024-01-29 10:25:01

Re: Import external ECC private key

10 Reply by 6grace12345grace7 2024-01-29 20:17:30 (edited by 6grace12345grace7 2024-01-29 20:29:50)

Re: Import external ECC private key

11 Reply by dgarske 2024-01-30 09:01:17

Re: Import external ECC private key

12 Reply by dgarske 2024-01-31 13:58:09

Re: Import external ECC private key

13 Reply by 6grace12345grace7 2024-02-01 00:42:40 (edited by 6grace12345grace7 2024-02-01 01:11:13)

Re: Import external ECC private key

14 Reply by dgarske 2024-02-01 09:27:30

Re: Import external ECC private key

15 Reply by 6grace12345grace7 2024-02-02 01:46:30

Re: Import external ECC private key

16 Reply by dgarske 2024-02-02 09:34:30

Re: Import external ECC private key

17 Reply by dgarske 2024-02-02 12:08:31

Re: Import external ECC private key

Posts: 17