Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

tpm2_hmac not working with symmetric key #3423

Open
bharath1294 opened this issue Sep 4, 2024 · 3 comments
Open

tpm2_hmac not working with symmetric key #3423

bharath1294 opened this issue Sep 4, 2024 · 3 comments

Comments

@bharath1294
Copy link

I am trying to load AES256 key and want to calculate dgst using sha1.

Commands used:
openssl rand -out aes-128.key 16
openssl rand -out challenge.bin 16
tpm2_loadexternal -G aes128 -r aes-128.key -c key_handle
name: 000bb3847c63c273860a2ea7da767bec90db8b339e90ee28391cb30533ecbb05b084
tpm2_hmac -c key_handle -g sha1 -o response.bin challenge.bin
WARNING:esys:src/tss2-esys/api/Esys_HMAC.c:300:Esys_HMAC_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_HMAC.c:100:Esys_HMAC() Esys Finish ErrorCode (0x000002d2)
ERROR: Esys_HMAC(0x2D2) - tpm:parameter(2):unsupported or incompatible scheme
ERROR: Unable to run tpm2_hmac

@JuergenReppSIT
Copy link
Member

At #1597 (comment) you will find how to import a symmetric key for HMAC computation. If you need sha1 you have to use -G hmac:sha1 for the import command.

@bharath1294
Copy link
Author

Hi @JuergenReppSIT Thanks for responding, however i have one more issue. I want to calculate using sha1 and the comment you mentioned defaults to sha256 eventhough i change the parameter. Can you share how to enable the command to use sha1

Command: tpm2_import -C primary.ctx -G hmac -gsha1 -i aes-128.key -u aes-128.pub -r aes-128.priv

name-alg:
value: sha1
raw: 0x4
attributes:
value: userwithauth|sign
raw: 0x40040
type:
value: keyedhash
raw: 0x8
algorithm:
value: hmac
raw: 0x5
hash-alg:
value: sha256
raw: 0xb

@JuergenReppSIT
Copy link
Member

you should use:
tpm2_import -C primary.ctx -G hmac:sha1 -gsha1 -i aes-128.key -u aes-128.pub -r aes-128.priv
`

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants