• wojt
  • Member
  • Offline
  • Registered: 2024-01-27
  • Posts: 4

Topic: tpm wrapper test under Stm32CubeIDE fails at SensitiveToPrivate

Hello
I set up Wolfssl and WolfTPM from STM IDE, read available documentation before. And use ST33TP on SPI2. Connection is up and running after minor adaption of IO callback.
Earlier made test+benchmark of WolfSSL+WolfCrypto on H743 Nucleo board and that worked fine including all symmetric/assymetric cryptography. But it was SW wolfcrypto based.

So, I attach the log. I encountered unresolved dependency, it seems that from STM32IDE I can't setup WolfCrypto settings to activate needed feature -> WOLFSSL_AES_CFB in this case. Is it configurable from command line only?

Greetings,
Wojt

-----------------------
My log:

Running wolfTPM Wrap Test...
TPM2 Demo for Wrapper API's
TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e
TPM2_Startup pass
Mfg STM  (2), Vendor , Fw 74.64 (0x44a01a03), FIPS 140-2 1, CC-EAL4 0
TPM2_FlushContext failed 459: TPM_RC_NV_SPACE: Insufficient space for NV allocation
TPM2_FlushContext failed 459: TPM_RC_NV_SPACE: Insufficient space for NV allocation
TPM2_FlushContext failed 459: TPM_RC_NV_SPACE: Insufficient space for NV allocation
TPM2_CreatePrimary: 0x80000000 (314 bytes)
TPM2_FlushContext: Closed handle 0x80000000
TPM2_ReadPublic Handle 0x81000200: pub 282, name 34, qualifiedName 34
TPM2_CreateLoaded key: pub 278, priv 222
Public Area (size 278):
  Type: RSA (0x1), name: SHA256 (0xB), objAttr: 0x40460, authPolicy sz: 0
  RSA: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
       scheme: NULL (0x10), scheme hash: Unknown (0x0)
       keyBits: 2048, exponent: 0x10001, unique size 256
Creating a loaded new TPM 2.0 key Test Passed
TPM2_FlushContext: Closed handle 0x80000000
TPM2_Create key: pub 278, priv 222
Public Area (size 278):
  Type: RSA (0x1), name: SHA256 (0xB), objAttr: 0x40460, authPolicy sz: 0
  RSA: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
       scheme: NULL (0x10), scheme hash: Unknown (0x0)
       keyBits: 2048, exponent: 0x10001, unique size 256
TPM2_Load Key Handle 0x80000000
TPM2_Sign: RSASSA 256
TPM2_VerifySignature: Tag 32802
RSA Sign/Verify using RSA PKCSv1.5 (SSA) padding
TPM2_Sign: RSAPSS 256
TPM2_VerifySignature: Tag 32802
RSA Sign/Verify using RSA PSS padding
TPM2_FlushContext: Closed handle 0x80000000
TPM2_Create key: pub 278, priv 222
Public Area (size 278):
  Type: RSA (0x1), name: SHA256 (0xB), objAttr: 0x20460, authPolicy sz: 0
  RSA: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
       scheme: NULL (0x10), scheme hash: Unknown (0x0)
       keyBits: 2048, exponent: 0x10001, unique size 256
TPM2_Load Key Handle 0x80000000
TPM2_RSA_Encrypt: 256
TPM2_RSA_Decrypt: 256
RSA Encrypt/Decrypt Test Passed
TPM2_RSA_Encrypt: 256
TPM2_RSA_Decrypt: 32
RSA Encrypt/Decrypt OAEP Test Passed
TPM2_RSA_Encrypt: 256
TPM2_RSA_Decrypt: 32
RSA Encrypt/Decrypt RSAES Test Passed
RSA Key 0x80000000 Exported to wolf RsaKey
TPM2_FlushContext: Closed handle 0x80000000
TPM2_LoadExternal: 0x80000000
TPM2_FlushContext: Closed handle 0x80000000
TPM2_LoadExternal: 0x80000000
wolf RsaKey loaded into TPM: Handle 0x80000000
TPM2_FlushContext: Closed handle 0x80000000
Encrypt secret: Alg RSA, Label DUPLICATE
wolfTPM2_SensitiveToPrivate: failed -174: Feature not compiled in
Failure 0xffffff52: Feature not compiled in
TPM2_FlushContext failed 452: TPM_RC_AUTHSIZE: The value of authorizationSize is out of range or the number of octets in the Authorization Area is greater than required
wolfTPM2_Shutdown complete
wolfTPM wrap test: Return code -174

Share

  • Registered: 2015-10-07
  • Posts: 416

Re: tpm wrapper test under Stm32CubeIDE fails at SensitiveToPrivate

Hi,

You will need to manually add WOLFSSL_AES_CFB to the generated conf file wolfSSL.I-CUBE-wolfSSL_conf.h.

We will consider adding a checkbox for CFB in the cube pack configurator.

Thanks,
David Garske, wolfSSL

Share

  • wojt
  • Member
  • Offline
  • Registered: 2024-01-27
  • Posts: 4

Re: tpm wrapper test under Stm32CubeIDE fails at SensitiveToPrivate

Thank you for your reply. I added this definition and few more as well to compilation symbols and test proceeds further. Though I get one non-critical and one critical fault. But no easy conclusion what do I miss to enable this time...

Greetings,
Wojt

--------------------------------------

Newest log:


Running wolfTPM Wrap Test...
TPM2 Demo for Wrapper API's
TPM2: Caps 0x30000495, Did 0x0000, Vid 0x104a, Rid 0x4e
TPM2_Startup pass
Mfg STM  (2), Vendor , Fw 74.64 (0x44a01a03), FIPS 140-2 1, CC-EAL4 0
TPM2_FlushContext failed 459: TPM_RC_NV_SPACE: Insufficient space for NV allocation
TPM2_FlushContext failed 459: TPM_RC_NV_SPACE: Insufficient space for NV allocation
TPM2_FlushContext failed 459: TPM_RC_NV_SPACE: Insufficient space for NV allocation
TPM2_CreatePrimary: 0x80000000 (314 bytes)
TPM2_FlushContext: Closed handle 0x80000000
TPM2_ReadPublic Handle 0x81000200: pub 282, name 34, qualifiedName 34
TPM2_CreateLoaded key: pub 278, priv 222
Public Area (size 278):
  Type: RSA (0x1), name: SHA256 (0xB), objAttr: 0x40460, authPolicy sz: 0
  RSA: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
       scheme: NULL (0x10), scheme hash: Unknown (0x0)
       keyBits: 2048, exponent: 0x10001, unique size 256
Creating a loaded new TPM 2.0 key Test Passed
TPM2_FlushContext: Closed handle 0x80000000
TPM2_Create key: pub 278, priv 222
Public Area (size 278):
  Type: RSA (0x1), name: SHA256 (0xB), objAttr: 0x40460, authPolicy sz: 0
  RSA: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
       scheme: NULL (0x10), scheme hash: Unknown (0x0)
       keyBits: 2048, exponent: 0x10001, unique size 256
TPM2_Load Key Handle 0x80000000
TPM2_Sign: RSASSA 256
TPM2_VerifySignature: Tag 32802
RSA Sign/Verify using RSA PKCSv1.5 (SSA) padding
TPM2_Sign: RSAPSS 256
TPM2_VerifySignature: Tag 32802
RSA Sign/Verify using RSA PSS padding
TPM2_FlushContext: Closed handle 0x80000000
TPM2_Create key: pub 278, priv 222
Public Area (size 278):
  Type: RSA (0x1), name: SHA256 (0xB), objAttr: 0x20460, authPolicy sz: 0
  RSA: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
       scheme: NULL (0x10), scheme hash: Unknown (0x0)
       keyBits: 2048, exponent: 0x10001, unique size 256
TPM2_Load Key Handle 0x80000000
TPM2_RSA_Encrypt: 256
TPM2_RSA_Decrypt: 256
RSA Encrypt/Decrypt Test Passed
TPM2_RSA_Encrypt: 256
TPM2_RSA_Decrypt: 32
RSA Encrypt/Decrypt OAEP Test Passed
TPM2_RSA_Encrypt: 256
TPM2_RSA_Decrypt: 32
RSA Encrypt/Decrypt RSAES Test Passed
RSA Key 0x80000000 Exported to wolf RsaKey
TPM2_FlushContext: Closed handle 0x80000000
TPM2_LoadExternal: 0x80000000
TPM2_FlushContext: Closed handle 0x80000000
TPM2_LoadExternal: 0x80000000
wolf RsaKey loaded into TPM: Handle 0x80000000
TPM2_FlushContext: Closed handle 0x80000000
Encrypt secret: Alg RSA, Label DUPLICATE
TPM2_Load Key Handle 0x80000000
TPM2_FlushContext: Closed handle 0x80000000
Encrypt secret: Alg RSA, Label DUPLICATE
TPM2_Load Key Handle 0x80000000
RSA Private Key Loaded into TPM: Handle 0x80000000
TPM2_FlushContext: Closed handle 0x80000000
TPM2_CreatePrimary: 0x80000000 (122 bytes)
TPM2_FlushContext: Closed handle 0x80000000
TPM2_ReadPublic Handle 0x81000201: pub 90, name 34, qualifiedName 34
TPM2_Create key: pub 88, priv 126
Public Area (size 88):
  Type: ECC (0x23), name: SHA256 (0xB), objAttr: 0x40460, authPolicy sz: 0
  ECC: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
       scheme: ECDSA (0x18), scheme hash: SHA256 (0xB), curveID: size 32, 0x3
       KDF scheme: NULL (0x10), KDF alg: Unknown (0x0), unique X/Y size 32/32
TPM2_Load Key Handle 0x80000000
TPM2_FlushContext: Closed handle 0x80000000
wolfTPM2_ChangeAuthKey: Key Handle 0x80000000
TPM2_Sign: ECDSA 64
TPM2_VerifySignature: Tag 32802
TPM2_FlushContext: Closed handle 0x80000000
ECC Sign/Verify Passed
TPM2_Create key: pub 88, priv 126
Public Area (size 88):
  Type: ECC (0x23), name: SHA256 (0xB), objAttr: 0x20460, authPolicy sz: 0
  ECC: sym algorithm: NULL (0x10), sym keyBits: 0, sym mode: Unknown (0x0)
       scheme: ECDH (0x19), scheme hash: SHA256 (0xB), curveID: size 32, 0x3
       KDF scheme: NULL (0x10), KDF alg: Unknown (0x0), unique X/Y size 32/32
TPM2_Load Key Handle 0x80000000
TPM2_ECDH_KeyGen: zPt 68, pubPt 68
TPM2_ECDH_ZGen: zPt 68
ECC DH Test Passed
TPM2_LoadExternal: 0x80000002
TPM2_VerifySignature: Tag 32802
TPM2_FlushContext: Closed handle 0x80000002
ECC Verify Test Passed
ECC Key 0x80000000 Exported to wolf ecc_key
TPM2_FlushContext: Closed handle 0x80000000
TPM2_LoadExternal: 0x80000000
TPM2_FlushContext: Closed handle 0x80000000
TPM2_LoadExternal: 0x80000000
wolf ecc_key loaded into TPM: Handle 0x80000000
TPM2_FlushContext: Closed handle 0x80000000
Encrypt secret: Alg ECC, Label DUPLICATE
wolfTPM2_EncryptSecret: failed -174: Feature not compiled in
Encrypt secret: Alg ECC, Label DUPLICATE
wolfTPM2_EncryptSecret: failed -174: Feature not compiled in
ECC Private Key Loaded into TPM: Handle 0x0
TPM2_NV_ReadPublic: Sz 14, Idx 0x1800201, nameAlg 11, Attr 0x2060006, authPol 0, dataSz 1024, name 34
TPM2_NV_DefineSpace: Auth 0x40000001, Idx 0x1800201, Attribs 0x33947654, Size 1024
TPM2_NV_ReadPublic: Sz 14, Idx 0x1800201, nameAlg 11, Attr 0x22060006, authPol 0, dataSz 1024, name 34
TPM2_NV_Write: Auth 0x1800201, Idx 0x1800201, Offset 0, Size 768
TPM2_NV_Write: Auth 0x1800201, Idx 0x1800201, Offset 768, Size 256
TPM2_NV_Read: Auth 0x1800201, Idx 0x1800201, Offset 0, Size 768
TPM2_NV_Read: Auth 0x1800201, Idx 0x1800201, Offset 768, Size 256
TPM2_NV_ReadPublic: Sz 14, Idx 0x1800201, nameAlg 11, Attr 0x22060006, authPol 0, dataSz 1024, name 34
TPM2_NV_UndefineSpace: Auth 0x40000001, Idx 0x1800201
NV Test (with auth) on index 0x1800201 with 1024 bytes passed
TPM2_NV_ReadPublic: Sz 14, Idx 0x1800200, nameAlg 11, Attr 0x2060006, authPol 0, dataSz 1024, name 34
TPM2_NV_DefineSpace: Auth 0x40000001, Idx 0x1800200, Attribs 0x33947654, Size 1024
TPM2_NV_ReadPublic: Sz 14, Idx 0x1800200, nameAlg 11, Attr 0x2060006, authPol 0, dataSz 1024, name 34
TPM2_NV_ReadPublic: Sz 14, Idx 0x1800200, nameAlg 11, Attr 0x22060006, authPol 0, dataSz 1024, name 34
TPM2_NV_Write: Auth 0x1800200, Idx 0x1800200, Offset 0, Size 768
TPM2_NV_Write: Auth 0x1800200, Idx 0x1800200, Offset 768, Size 256
TPM2_NV_ReadPublic: Sz 14, Idx 0x1800200, nameAlg 11, Attr 0x22060006, authPol 0, dataSz 1024, name 34
TPM2_NV_Read: Auth 0x1800200, Idx 0x1800200, Offset 0, Size 768
TPM2_NV_Read: Auth 0x1800200, Idx 0x1800200, Offset 768, Size 256
TPM2_NV_ReadPublic: Sz 14, Idx 0x1800200, nameAlg 11, Attr 0x22060006, authPol 0, dataSz 1024, name 34
TPM2_NV_UndefineSpace: Auth 0x40000001, Idx 0x1800200
NV Test on index 0x1800200 with 1024 bytes passed
wolfTPM2_HashStart: Handle 0x80000000
wolfTPM2_HashUpdate: Handle 0x80000000, DataSz 56
wolfTPM2_HashFinish: Handle 0x80000000, DigestSz 32
Hash SHA256 test success
TPM2_Create key: pub 48, priv 146
Public Area (size 48):
  Type: KEYEDHASH (0x8), name: SHA256 (0xB), objAttr: 0x40440, authPolicy sz: 0
  Keyed Hash: scheme: HMAC (0x5), scheme hash: SHA256 (0xB), unique size 32
wolfTPM2_LoadKeyedHashKey Key Handle 0x80000000
wolfTPM2_HmacStart: Handle 0x80000002
wolfTPM2_HashUpdate: Handle 0x80000002, DataSz 8
wolfTPM2_HashFinish: Handle 0x80000002, DigestSz 32
TPM2_FlushContext: Closed handle 0x80000000
HMAC SHA256 test success
wolfTPM2_LoadSymmetricKey: 0x80000000
TPM2_SetCommandSet failed 0x125: TPM_RC_AUTH_MISSING: Command requires an authorization session for handle and it is not present
TPM2_EncryptDecrypt2 failed 0x125: TPM_RC_AUTH_MISSING: Command requires an authorization session for handle and it is not present

Share

  • Registered: 2015-10-07
  • Posts: 416

Re: tpm wrapper test under Stm32CubeIDE fails at SensitiveToPrivate

Hi,

Looks like an issue with the EncryptDecrypt function due to auth. I will try to reproduce and fix. Note this is not likely a feature you will use and the rest of the tests look good. Using symetric AES on the TPM is uncommon because it is slow.

Also I recently added the CFB to the Cube template. See https://github.com/wolfSSL/wolfssl/pull/7171

Can you tell me more about your use case? If you’d like to keep it private you can email support at wolfssl dot com.
Thanks,
David Garske, wolfSSL

Share

  • wojt
  • Member
  • Offline
  • Registered: 2024-01-27
  • Posts: 4

Re: tpm wrapper test under Stm32CubeIDE fails at SensitiveToPrivate

Thank you again.
My use case is simple, I am automotive engineer, recently involved in the topics related to certificate handling with HSM/Keym components. By this occassion, I would like to learn about generic and mainstream crypto stack implementations, from embedded perspective. I stumbled upon Wolfssl and I think it is great learning opportunity as plenty material is available. Also reading introductory book about TPM 2.0. I assume in the future I'll have opportunity to focus on TPM more, as automotive systems go towards bigger SW platforms nowadays.

Share

  • Registered: 2015-10-07
  • Posts: 416

Re: tpm wrapper test under Stm32CubeIDE fails at SensitiveToPrivate

Hi,

Would you mind trying with the latest wolfTPM v3.1.0 cube pack?
https://www.wolfssl.com/files/ide/wolfS … 3.1.0.pack

Thanks,
David Garske, wolfSSL

Share

  • wojt
  • Member
  • Offline
  • Registered: 2024-01-27
  • Posts: 4

Re: tpm wrapper test under Stm32CubeIDE fails at SensitiveToPrivate

Thank you for the feedback. I will, continue with my tests in incoming week, will check your update. Greetings!

Share