Unable to encrypt larger buffers

[arvin4181]

Previously, I used tpm2_rsaencrypt to encrypt larger buffers.Today, I installed tpm2-tools, tpm2-abrmd, tpm2-tss from latest sources and observe that tpm2_rsaencrypt does not encrypt buffers larger than 128 bit. This breaks all our use cases, any clues why such a limitation? Now, I'm wondering how to encrypt larger buffers, any suggestions ?

ERROR:
$tpm2_rsaencrypt keyfile -c context_load_out -o encryptfile
ERROR: File "keyfile" size is larger than buffer, got 4096 expected less than 512
ERROR: Data to be sealed larger than expected. Got 512 expected 1

[williamcroberts]

@arvin4181 questions should be asked on the mailing list per the README.md on getting support. But ill play along on here.

What versions worked as you expected? Looking at version 2.1.1 and 1.1.1 it looks like TPM2B_PUBLIC_KEY_RSA has always been used to load the input data from the
file with size set to the buffer in that structure. Are you sure that data wasn't being tuncated
on the read before?

Per the spec it states that the message parameter is limited in size to the larges RSA keyhandle:

message to be encrypted
NOTE 1 The data type was chosen because it limits
the overall size of the input to no greater than
the size of the largest RSA public key. This
may be larger than allowed for keyHandle.

Note that this message size may be too big based on your key and padding scheme. If you choose RSA 256 and try and encrypt a 512 buffer, it will fail.

I think this is a case of the tools not reporting an error when one should have existed AFAICT.

[williamcroberts]

I don't think this is a bug, working as expected.