* [tpm2] Unable to encrypt larger buffers
@ 2017-12-06 21:57 Arvind Kumar
0 siblings, 0 replies; 3+ messages in thread
From: Arvind Kumar @ 2017-12-06 21:57 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 498 bytes --]
Previously, I used tpm2_rsaencrypt to encrypt larger buffers. I installed
tpm2-tools, tpm2-abrmd, tpm2-tss from master and observe that tpm2_rsaencrypt
does not encrypt buffers larger than 128 bit. This will break all our use
cases, any clues why such a limitation?
ERROR:
$tpm2_rsaencrypt keyfile -c context_load_out -o encryptfile
ERROR: File "keyfile" size is larger than buffer, got 4096 expected less
than 512
ERROR: Data to be sealed larger than expected. Got 512 expected 1
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1806 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [tpm2] Unable to encrypt larger buffers
@ 2017-12-07 17:42 Roberts, William C
0 siblings, 0 replies; 3+ messages in thread
From: Roberts, William C @ 2017-12-07 17:42 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 3111 bytes --]
I think this is not a bug and is finally working as intended… but I could be wrong.
FYI some information is here as well:
https://github.com/intel/tpm2-tools/issues/680
For RSA:
I don’t think it’s a bug. You can’t encrypt data larger than the keysize and sometimes
smaller based on padding scheme. I don’t see a way to do a sequence with RSA
algorithms.
I think the code before in the tools was glossing over this bug and you are not getting what you
expect.
On 1.1.1 the input file was read with: loadDataFromFile. Both tools re using this routine.
The code below, looks like it would just read size bytes. Size has remained
constant through all revisions as the message size of a TPM2B_PUBLIC_KEY_RSA
type for the RSA tool. It looks like size has also remained constant in the tpm2_create
tool.
int loadDataFromFile(const char *fileName, UINT8 *buf, UINT16 *size)
{
UINT16 count = 1, left;
FILE *f;
if ( size == NULL || buf == NULL || fileName == NULL )
return -1;
f = fopen(fileName, "rb+");
if( f == NULL )
{
printf("File(%s) open error.\n", fileName);
return -2;
}
left = *size;
*size = 0;
while( left > 0 && count > 0 )
{
count = fread(buf, 1, left, f);
*size += count;
left -= count;
buf += count;
}
if( *size == 0 )
{
printf("File read error\n");
fclose(f);
return -3;
}
fclose(f);
return 0;
}
From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Ian Oliver
Sent: Thursday, December 7, 2017 1:22 AM
To: Arvind Kumar <arvind.kumar(a)iotium.io>
Cc: tpm2(a)lists.01.org
Subject: Re: [tpm2] Unable to encrypt larger buffers
Hello,
can confirm with 1.3.0rc1.... tpm2_create does not work with over 128 byte files:
tpm2_create -g sha256 -G keyedhash -u unseal.pub -r unseal.priv -I ethkey.gz -H 0x81010000
ERROR: File "ethkey.gz" size is larger than buffer, got 412 expected less than 128
ERROR: Data to be sealed larger than expected. Got 128 expected 1
ls -l ethkey.gz
-rw------- 1 ioliver ioliver 412 joulu 7 11:18 ethkey.gz
Ian
On 6 December 2017 at 23:57, Arvind Kumar <arvind.kumar(a)iotium.io<mailto:arvind.kumar(a)iotium.io>> wrote:
Previously, I used tpm2_rsaencrypt to encrypt larger buffers. I installed tpm2-tools, tpm2-abrmd, tpm2-tss from master and observe that tpm2_rsaencrypt does not encrypt buffers larger than 128 bit. This will break all our use cases, any clues why such a limitation?
ERROR:
$tpm2_rsaencrypt keyfile -c context_load_out -o encryptfile
ERROR: File "keyfile" size is larger than buffer, got 4096 expected less than 512
ERROR: Data to be sealed larger than expected. Got 512 expected 1
_______________________________________________
tpm2 mailing list
tpm2(a)lists.01.org<mailto:tpm2(a)lists.01.org>
https://lists.01.org/mailman/listinfo/tpm2
--
Dr. Ian Oliver
===============================
Privacy Engineering: via Amazon<http://www.amazon.co.uk/dp/1497569710>
Twitter: @i_j_oliver
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 16619 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [tpm2] Unable to encrypt larger buffers
@ 2017-12-07 9:22 Ian Oliver
0 siblings, 0 replies; 3+ messages in thread
From: Ian Oliver @ 2017-12-07 9:22 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 1335 bytes --]
Hello,
can confirm with 1.3.0rc1.... tpm2_create does not work with over 128 byte
files:
tpm2_create -g sha256 -G keyedhash -u unseal.pub -r unseal.priv -I
ethkey.gz -H 0x81010000
ERROR: File "ethkey.gz" size is larger than buffer, got 412 expected less
than 128
ERROR: Data to be sealed larger than expected. Got 128 expected 1
ls -l ethkey.gz
-rw------- 1 ioliver ioliver 412 joulu 7 11:18 ethkey.gz
Ian
On 6 December 2017 at 23:57, Arvind Kumar <arvind.kumar(a)iotium.io> wrote:
> Previously, I used tpm2_rsaencrypt to encrypt larger buffers. I installed
> tpm2-tools, tpm2-abrmd, tpm2-tss from master and observe that tpm2_rsaencrypt
> does not encrypt buffers larger than 128 bit. This will break all our use
> cases, any clues why such a limitation?
>
> ERROR:
>
> $tpm2_rsaencrypt keyfile -c context_load_out -o encryptfile
>
> ERROR: File "keyfile" size is larger than buffer, got 4096 expected less
> than 512
>
> ERROR: Data to be sealed larger than expected. Got 512 expected 1
>
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2
>
>
--
*Dr. Ian Oliver*
===============================
Privacy Engineering: via Amazon <http://www.amazon.co.uk/dp/1497569710>
*Twitter: @i_j_oliver*
[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 3707 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-12-07 17:42 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-12-06 21:57 [tpm2] Unable to encrypt larger buffers Arvind Kumar
2017-12-07 9:22 Ian Oliver
2017-12-07 17:42 Roberts, William C
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.