Create RSA with both Sign and Encrypt/Decrypt

[lihanshang]

Hey folks

I am trying to create an RSA key can both sign and encrypt/decrypt under SRK. However when I add both sign and decrypt like this:

defaultKeyParams = tpm2.Public{
		Type:       tpm2.AlgRSA,
		NameAlg:    tpm2.AlgSHA256,
		Attributes:  tpm2.FlagDecrypt| tpm2.FlagSign |  tpm2.FlagFixedTPM |
			tpm2.FlagFixedParent |  tpm2.FlagSensitiveDataOrigin |  tpm2.FlagUserWithAuth,
		RSAParameters: &tpm2.RSAParams{
			Sign: &tpm2.SigScheme{
				Alg:  tpm2.AlgRSASSA,
				Hash: tpm2.AlgSHA256,
			},
			KeyBits: 2048,
		},
	}

it fails saying parameter 2, error code 0x12 : unsupported or incompatible scheme
When I only use either FlagDecrypt or FlagSign it worked. Is there any constraint on creating key that an RSA key cannot both sign and encrypt?\

I think it is doable since I saw this:
https://github.com/tpm2-software/tpm2-tss-engine/blob/89327fa8b51962348c46ddc659fb8c3636336a60/test/rsasign_importtpm.sh#L21-L25

Thank you very much!

[chrisfenner]

My hazy recollection of the TPM spec is 2 things:

• Some TPMs won't let you make a "general purpose" (signing + decryption) RSA key, and will return E_NOTFIPS TPM response code because it's in FIPS mode and FIPS says don't do that.
• If you do make a "general purpose" key, you may need to specify both a signing and decryption scheme on the key (otherwise, you can fake a signature by doing a textbook no-padding decryption over hand-padded data)

[lihanshang]

@chrisfenner
This for the reply:

1. I am testing it on the simulator from go-tpm-tools. Not sure if this is an issue.
2. Do you mean plus the Sign schema I will need to add the decryption schema in the template like this:

   defaultKeyParams = tpm2.Public{
     Type:       tpm2.AlgRSA,
     NameAlg:    tpm2.AlgSHA256,
     Attributes:  tpm2.FlagDecrypt| tpm2.FlagSign |  tpm2.FlagFixedTPM |
     	tpm2.FlagFixedParent |  tpm2.FlagSensitiveDataOrigin |  tpm2.FlagUserWithAuth,
     RSAParameters: &tpm2.RSAParams{
     	Sign: &tpm2.SigScheme{
     		Alg:  tpm2.AlgRSASSA,
     		Hash: tpm2.AlgSHA256,
     	},
                      Decryption: {.....},
     	KeyBits: 2048,
     },
   }
   

which I dont see an Decrytion scheme actually. Is there an example for that ?
Should I try Symmetric: &SymScheme{ Alg: AlgAES, KeyBits: 128, Mode: AlgCFB, }, as the RSA parameter?
Thanks

[chrisfenner]

Sorry for my bad memory. It's the opposite: you can't specify a scheme for a "general purpose" key. Here's what the spec says about the scheme:

TPMS_RSA_PARMS
scheme.scheme shall be: for an unrestricted signing key, either TPM_ALG_RSAPSS TPM_ALG_RSASSA or TPM_ALG_NULL
for a restricted signing key, either TPM_ALG_RSAPSS or TPM_ALG_RSASSA
for an unrestricted decryption key, TPM_ALG_RSAES, TPM_ALG_OAEP, or TPM_ALG_NULL unless the object also has the sign attribute
for a restricted decryption key, TPM_ALG_NULL
NOTE When both sign and decrypt are SET, restricted shall be CLEAR and scheme shall be TPM_ALG_NULL.

go-tpm reflects TPMS_RSA_PARMS imperfectly (filed #244), where we only support setting signature schemes on scheme (as Sign)

go-tpm/tpm2/structures.go

Lines 204 to 210 in d331077

	type RSAParams struct {
	Symmetric *SymScheme
	Sign *SigScheme
	KeyBits uint16
	ExponentRaw uint32
	ModulusRaw tpmutil.U16Bytes
	}

Does it work if you take out Sign: ... altogether? You can still sign using whatever scheme you want, by passing the scheme to the Sign command in sigScheme.

go-tpm/tpm2/tpm2.go

Line 1703 in d331077

func Sign(rw io.ReadWriter, key tpmutil.Handle, password string, digest []byte, validation *Ticket, sigScheme *SigScheme) (*Signature, error) {

[lihanshang]

Thank you very much @chrisfenner. Above method works!

[chrisfenner]

I'm so glad to have helped, @lihanshang! Closing this since I opened #244 to track the underlying issue with the library that I think led to trouble. Please re-open if you think there is another issue that is not tracked.