I was trying to make wpa_supplicant use a tpm2-pkcs11 stored private key to authenticate against a RADIUS server, I mentioned about it on this discussion: https://firstname.lastname@example.org/message/AYUBCAFCCX...
With some fixes on tpm2-pkcs11, TLS is working and there is an integration test for that here: https://github.com/tpm2-software/tpm2-pkcs11/blob/master/test/integration...
I wasn't able to reproduce this on Ubuntu 18, and noted that the test cases ran on top of an Ubuntu 16.04 image. I tried Ubuntu 16.04 and TLS works as in the integration test. I also checked that using latest version of wpa_supplicant, it does work with tpm2-pkcs11 and creates an EAP-TLS connection using the TPM.
I've debugged a bit in both OS versions and found that openssl is calling pkey_rsa_sign with different padding modes: RSA_PKCS1_PADDING in Ubuntu 16, and RSA_PKCS1_PSS_PADDING in Ubuntu 18. The consequence is that in tpm2-pkcs11, sign_init is being called using CKM_RSA_PKCS as mechanism on Ubuntu 16, but in Ubuntu 18 it is being called with CKM_RSA_X_509, which is not supported.
I think I have to file a bug to OpenSSL, but I don't know too much about the PKCS11 specs to support the claims. I'd appreciate any help to file a decent issue. Also, any workaround is welcome, as replacing OpenSSL in any distribution is very hard given all the software that depends on it.
Hi, have been playing around with tpm2 tools and tss engine for openssl for awhile.
Also reading Practical Guide to TPM 2.0.
I have found all the resources in the tpm2-tools readme and wiki and beyond quite helping in getting started.
The book (chapter 10) talks about the primary seeds for the hierarchy, and how any amount of key hierarchies can be extended from the primary keys. Primary keys are derived from the primary seeds. My understanding is that the seeds are unique and permanent in the tpm hardware.
I was anticipating that tpm2_createprimary could be used to get back to the primary key (given the same inputs/template) no matter what data is cleared or erased.
Running tpm2_createprimary twice yields same result as evidence by the rsa value, as expected.
yields a totally different key, as can be seen from the resulting rsa value.
This is also consistent with the manpage of tpm2_clear:
"Clears lockout, endorsement and owner hierarchy authorization values." and "NOTE: All objects created under the respective hierarchies are lost."
This makes tpm2_clear seem like an exceptionally dangerous command, if I run it once (inadvertently perhaps), I've now destroyed all use of all keys ever created on the system. Yet, based on what I thought I understood about the primary seeds, I'd always be able to derive back to a key value.
So, what I am I missing?
Feel free to link in references.
A side question:
I am unable to create a primary Platform key (owner, endorsement, and null work). Looks like authorization is expected.
Is this an expected result based on how the TPM is configured from the chip vendor? In this case Infineon
Here is the output:
$ tpm2_createprimary -C p -c platform_primary.ctx
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:393:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_CreatePrimary.c:135:Esys_CreatePrimary() Esys Finish ErrorCode (0x000009a2)
ERROR: Esys_CreatePrimary(0x9A2) - tpm:session(1):authorization failure without DA implications
ERROR: Unable to run tpm2_createprimary
I'm announcing a release of tpm2-pkcs11 version 1.2.0, available here:
Which has the following changelog:
* Fix PSS signatures. Non-FIPS mode TPMs produce PSS signatures with a
max salt len that poses interoperability issues with verifying clients,
notably TLS in OpenSSL.
* Handle Esys\_LoadExternal() API change where the hierarchy handle switches to an
ESYS\_TR rather than a TPM2\_RH\_.
Our requirement is to encrypt the given data (for example, private key)
with TPM key.
As and when required, decrypt the data using the TPM key and use it in the
To address this requirement, did the following.
First time initialization:
- Generated primary key under owner hierarchy
- Created the TPM symmetric key (which is used to encrypt/decrypt
under the primary key.
- Used Esys_EvictControl() to store the TPM key handle in the TPM
- Used Esys_TR_FromTPMPublic() to fetch existing TPM key handle from the
- Used Esys_EncryptDecrypt() to encrypt/decrypt the given data
Is this the right approach?
It worked fine with simulator. However, it failed with "command code not
with TPM device.
Received TPM Error
Esys Finish ErrorCode (0x00000143)
versa_tpm2_encrypt_decrypt.382: Esys_EncryptDecrypt failed; rc 0x143
main#568: Wrote 0 bytes of data
[admin@TPM2-VersaCSG-Ashok: ~] $ tpm2_rc_decode 0x143
description: Error produced by the TPM
format 0 error code
description: command code not supported
From the tpm2_dump_capability, looks like Esys_EncryptDecrypt() and
Esys_EncryptDecrypt2() are not supported.
For our usecase, what could be the right alternative method to use? Shall
Esys_RSA_Encrypt()? In that case, which scheme is better? TPM2_ALG_RSAES or
I would like to announce tpm2-pkcs11 1.2.0-RC0:
With the following changelog:
1.2.0-RC0 - 2020-02-24
Fix PSS signatures. Non-FIPS mode TPMs produce PSS signatures with a
max salt len that poses interoperability issues with verifying clients,
notably TLS in OpenSSL.
Handle Esys_LoadExternal() API change where the hierarchy handle switches to an
ESYS_TR rather than a TPM2_RH_.
After rather long rc cycle I'm happy to anounce that the final release
of tpm2-tss v2.4.0 is out. It can be found here:
The main change is the addition of the FAPI implementation.
The release also comes with number of fixes and changes:
- Added a new Feature API (FAPI) implementation
- Added Esys_TRSess_GetAuthRequired() ESAPI function
- Added Esys_TR_GetTpmHandle() SAPI function
- Added Esys_GetSysContext() SAPI function
- Added the with-sanitizer configure option
- Added CI for FreeBSD
- Changed MSSIM TCTI to be async capable
- Removed TCTI loaders from ESYS dependencies in pkg-config
- Changed getPollHandles to allow num_handles query
- Improved CI builds
- Converted builds to docker builds
- Number of fixes and improvements in the test code
- Changed tcti-device in non-async mode to allways block
- Fixed hmac calculation for tpm2_clear command in ESAPI
- Fixed mixing salted and unsalted sessions in the same ESAPI context
- Removed use of VLAs from TPML marshal code
- Fixed setting C++ compiler for non-fuzzing builds at configure
- Fixed setting the name of session objects
- Fixed page alignment errors in Sys_Get/SetAuths functions
- Fixed potential buffer overflow in tcti_mssim_receive
- Fixed invalid memory alloc failure in Tss2_TctiLdr_Initialize
- Fixed list of exported symbols map for libtss2-mu
- Fixed resource name calculation in Esys_CreateLoaded
- Fixed keysize of ECC curve TPM2_ECC_NISTP224
- Fixed segmentation fault in tctildr if name_conf was too big
- Fixed memory leak in tctildr-tcti tests
- Fixed HMAC generation for policy sessions
- Added check for object node before calling compute_session_value function
- Fixed auth calculation in Esys_StartAuthSession called with optional
- Fixed compute_encrypted_salt error handling in Esys_StartAuthSession
- Fixed exported symbols map for libtss2-mu
tpm2-tools release candidate version 4.2-RC0 is published at https://github.com/tpm2-software/tpm2-tools/releases/tag/4.2-RC0.
Please provide your feedback for this release candidate.
# 4.2-RC0 - 2020-03-12
* tpm2_createek: Drop the unused -p or --ek-auth option
* tpm2_policyor: List of policy files should be specified as an argument
instead of -l option. The -l option is still retained for backwards
compatibility. See issue#1894.
* tpm2\_eventlog: add a tool for parsing and displaying the event log.
* tpm2_createek: Fix an issue where the `template` option looked for args
* tpm2_hierarchycontrol: Fixed bug where tool operation failed silently
* tpm2_nvdefine: Fixed an issue where text output suggested failures as passes
* tpm2_certify: Add an example usage in man page
* tpm2_policyor: Fix a bug where tool failed silently when no input were given
* tpm2_getekcertificate: Intel (R) PTT EK cert web portal is set as default address
* tpm2_alg_util.c: Fix a bug where string rsa3072 was not parsed
* .ci/download-deps.sh: Change tss dependency to 2.4.0 to acquire SAPI handles for cpHash calculations
* tpm2_policycphash: Add a tool to implement enhanced authorization with cpHash of a command
* Add option to tools to enable cpHash outputs
* tpm2_import: Fix an issue where the imported key always required to have a policy
* tpm2_policysecret: Fix an issue where authorization model was fixed to password only
* Feature API (FAPI) tools added. These additional set of tools implement utilities
using the FAPI which was added to the tpm2-tss v2.4.0:
tss2_decrypt, tss2_encrypt, tss2_list, tss2_changeauth, tss2_delete,
tss2_import, tss2_getinfo, tss2_createkey, tss2_createseal, tss2_exportkey,
tss2_getcertificate, tss2_getplatformcertificates, tss2_gettpmblobs,
tss2_getappdata, tss2_setappdata, tss2_setcertificate, tss2_sign,
tss2_verifysignature, tss2_verifyquote, tss2_createnv, tss2_nvextend,
tss2_nvincrement, tss2_nvread, tss2_nvsetbits, tss2_nvwrite,
tss2_getdescription, tss2_setdescription, tss2_pcrextend, tss2_quote,
tss2_pcrread, tss2_authorizepolicy, tss2_exportpolicy, tss2_import,
tss2_provision, tss2_getrandom, tss2_unseal, tss2_writeauthorizenv
* tpm2_policycountertimer: Fix an issue where operandB array was reversed causing faulty comparisons.
Thanks and Regards,
I'm trying to use the output of tpm2_certify to construt the Subject Key Attestation Evidence Extension (SKAE Extension) for a X.509 Certificate Request. I've followed the example at https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_certify.... , but I'm struggling to work out how to use the tpm2-tools to check the signature over the attestation structure. Looking at https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_verifysi... I expected to perform something like the following (unfortunately I'm not able to retrieve the complete command history right now):
tpm2_create -G rsa -u rsa.pub -r rsa.priv -C primary.ctx
tpm2_load -C primary.ctx -u rsa.pub -r rsa.priv -c rsa.ctx
tpm2_certify -c rsa.ctx -C certify.ctx -g sha256 -o attest.out -s sig.out
tpm2_verifysignature -c rsa.ctx -g sha256 -m attest.out -s sig.out
WARNING:esys:../tpm2-tss-2.3.2/src/tss2-esys/api/Esys_VerifySignature.c:302:Esys_VerifySignature_Finish() Received TPM Error
ERROR:esys:../tpm2-tss-2.3.2/src/tss2-esys/api/Esys_VerifySignature.c:103:Esys_VerifySignature() Esys Finish ErrorCode (0x000002db)
ERROR: Esys_VerifySignature(0x2DB) - tpm:parameter(2):the signature is not valid
ERROR: Verify signature failed!
ERROR: Unable to run tpm2_verifysignature
Is anyone able to post a complete example to show how the output of tpm2_certify is verified, based on the attestation key used?