aes128cfb is not an HMAC algorithm, but an encryption algorithm.
... and 99% of (physical) TPMs don't support aes128-block-encryption.
I think you'd need -G hmac or -G keyhash or -G sha256 or something similar for this.
I don't know the code enough.
Also I don't think it's currently supported, since the flags for -G are asym and
not hmac or keydhash.
Maybe start loking yourself.
If you go through the calltrace from -G you'll end up here for aes:
We'll need something similar for keyedHash objects of type SHA256 or SHA1...
From: tpm2 [tpm2-bounces(a)lists.01.org] on behalf of Gallagher, James
Sent: Monday, July 15, 2019 14:03
Subject: [tpm2] Question about importing keys into the tpm
I am looking to import a premade 128 bit key into a TPM with the intention of using it for
the tpm2_hmac function. I think the tpm2_import command is what I am looking for, but I am
having trouble getting it working. The tpm2_import spec sheet has an example to follow but
it failed for me. Any help would be greatly appreciated.
The commands I tried to run:
sudo tpm2_createprimary -Grsa2048:aes128cfb -C o -P <password> -o parent.ctx
sudo dd if=/dev/urandom of=rand.key bs=1 count=16
sudo tpm2_import -C parent.ctx -G aes128cfb -i rand.key
The output from running tpm2_import:
ERROR: Unsupported key type
note: also tried " sudo tpm2_import -C parent.ctx -G aes128cfb -i rand.key -u key.pub
-r key.priv " which returns the same error.
TPM: infineon optiga SLB 9670 tpm2.0 iridium board
PC: raspberry pi 3
OS: raspbian "buster "
Thank you for your time,