Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tpm2_createprimary: rsa default incorrect #1206

Closed
1 of 2 tasks
williamcroberts opened this issue Oct 22, 2018 · 1 comment
Closed
1 of 2 tasks

tpm2_createprimary: rsa default incorrect #1206

williamcroberts opened this issue Oct 22, 2018 · 1 comment
Labels
enhancement
Milestone
4.0

Comments

@williamcroberts
Copy link
Member

williamcroberts commented Oct 22, 2018
edited

As initially reported in this thread: tpm2-software/tpm2-pkcs11#52

The man page for tpm2_createprimary states that the default algorithm is RSA when it is really rsa2048:aes256.

We should look at:

  • updating the manpage/code
    • I think perhaps defaulting to RSA and using the restricted field in the object attributes to determine if
      it needs sym key details would be better. Then choosing AES on that case.
  • the code in tpm2_alg_util_public_init() uses the object attributes to try and find sane defaults. However, these choices to not seem to be the best:
    • The use of AES gets us into issues where we select aes256 and only aes128 is supported. Perhaps use getcap to find the biggest size supported.
    tpm2_getcap - c properties-fixed
# parse yaml and query property TPM2_PT_CONTEXT_SYM_SIZE
This was referenced Oct 22, 2018
Closed
Closed
@williamcroberts williamcroberts added this to the 4.0 milestone Apr 25, 2019
@williamcroberts williamcroberts mentioned this issue Apr 29, 2019
Merged
@williamcroberts
Copy link
Member Author

We have this set to 128. The user can externally choose the best algorithm if we pick the wrong one. Getcap is so slow, I would like to avoid going to the TPM for these things.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
4.0
Development

No branches or pull requests
1 participant
@williamcroberts