9:27 p.m.
Hi Dimi,
Thank you for your kind answer. Looking at the link you gave, I think I
can get more ideas.
I've been trying session encryption via tpm2-tools all weekend.
But I haven't found a way to create an encrypted session in tpm2-tools
yet. Maybe tpm2-tools doesn't support encrypted sessions?
If this is clear, I will implement parameter encryption through
tpm2-tools with referring to wolfTPM.
Thanks & Regards,
Joseph
------ Original Message ------
보낸 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>
받는 사람: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>; "Joseph Lee
(ZeronsoftN)" <joseph(a)zeronsoftn.com>
보낸 날짜: 2021-08-02 오전 4:33:02
제목: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?
Hi Joseph,
TPM 2.0 offers Parameter Encryption capability and HMAC sessions as
measures against Man-in-the-middle attacks.
Examples in wolfTPM demonstrate how to enable Parameter Encryption
https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf083...
There is also Keygen , Key import and Key loading examples with
Parameter Encryption
https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf083...
Last week we discussed the Dolos Group story about a stolen laptop with
TPM https://developers.tpm.dev/posts/15883726
If Parameter Encryption and HMAC session have been used, this story
would have developed differently.
Hope this helps.
Dimi
--
Founder of TPM.dev
--------------------------------------------------------------------------------
From: Joseph Lee (ZeronsoftN) <joseph(a)zeronsoftn.com>
Sent: Saturday, July 31, 2021 2:09 AM
To:tpm2@lists.01.org <tpm2(a)lists.01.org>
Subject: [tpm2] Is the tpm2_create command safe against sniffing
attacks?
Hello,
https://pulsesecurity.co.nz/articles/TPM-sniffing
In this article, can see that communication with the TPM is vulnerable
to sniffing if not careful.
https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
Is the disk encryption described in tpm2-software's blog safe against
these attacks?
tpm2_createprimary -Q -C o -c prim.ctx
dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g sha256
-u seal.pub -r seal.priv -i- -C prim.ctx
tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
seal.ctx
tpm2_evictcontrol -C o -c seal.ctx 0x81010001
My question is:
1. Is there a tool in linux that can sniff communication with the
current system's TPM?
2. How to encrypt communications if the methods described above are
not secure?
It seems that encryption is possible through
tpm2_startauthsession , but I do not know how to apply it to
tpm2_create . (The -S option simply did not work.)
Thank you.
3:33 a.m.
New subject: Is the tpm2_create command safe against sniffing attacks?
Hi Dimi,
Sorry to bother you. By installing the latest version of tpm2-tools,
encrypted communication is possible.
Seal/unseal was possible as shown below.
But I have one question. How can I detect if a MITM attack occurs during
the seal/unseal process? After establishing a session, is there any way
to get the EK certificate of that session?
It seems that the tpm2_getekcertificate command can only get
certificates created via the createek command. I'd like to know if the
TPM I've made a session with is genuine.
Seal:
tpm2_createprimary -c prim.ctx
tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
tpm2_create -Q -g sha256 -u seal.pub -r seal.priv -i temp.key -C
prim.ctx -S
sess.ctx
tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
seal.ctx
tpm2_evictcontrol -C o -c seal.ctx 0x81010001
tpm2_flushcontext sess.ctx
Unseal:
tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
tpm2_unseal -c seal.ctx -S sess.ctx -o out.key
tpm2_flushcontext sess.ctx
Thanks & Regards,
Joseph
------ Original Message ------
보낸 사람: "Joseph Lee (ZeronsoftN)" <joseph(a)zeronsoftn.com>
받는 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>;
"tpm2(a)lists.01.org"
<tpm2(a)lists.01.org>
보낸 날짜: 2021-08-02 오전 6:27:36
제목: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?
Hi Dimi,
Thank you for your kind answer. Looking at the link you gave, I think I
can get more ideas.
I've been trying session encryption via tpm2-tools all weekend.
But I haven't found a way to create an encrypted session in tpm2-tools
yet. Maybe tpm2-tools doesn't support encrypted sessions?
If this is clear, I will implement parameter encryption through
tpm2-tools with referring to wolfTPM.
Thanks & Regards,
Joseph
------ Original Message ------
보낸 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>
받는 사람: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>; "Joseph Lee
(ZeronsoftN)" <joseph(a)zeronsoftn.com>
보낸 날짜: 2021-08-02 오전 4:33:02
제목: [tpm2] Re: Is the tpm2_create command safe against sniffing
attacks?
>Hi Joseph,
>
>TPM 2.0 offers Parameter Encryption capability and HMAC sessions as
>measures against Man-in-the-middle attacks
>
>Examples in wolfTPM demonstrate how to enable Parameter Encryption
>
>
>https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>
>There is also Keygen , Key import and Key loading examples with
>Parameter Encryption
>
>https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>
>Last week we discussed the Dolos Group story about a stolen laptop
>with TPM https://developers.tpm.dev/posts/15883726
>
>If Parameter Encryption and HMAC session have been used, this story
>would have developed differently.
>
>Hope this helps.
>
>Dimi
>--
>Founder of TPM.dev
>
>--------------------------------------------------------------------------------
>From: Joseph Lee (ZeronsoftN) <joseph@zeronsoftncom
><mailto:joseph@zeronsoftn.com>>
>Sent: Saturday, July 31, 2021 2:09 AM
>To:tpm2@lists.01.org <tpm2(a)lists.01.org>
>Subject: [tpm2] Is the tpm2_create command safe against sniffing
>attacks?
>
>Hello,
>
>https://pulsesecurity.co.nz/articles/TPM-sniffing
>In this article, can see that communication with the TPM is vulnerable
>to sniffing if not careful.
>
>https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
>Is the disk encryption described in tpm2-software's blog safe against
>these attacks?
>
>tpm2_createprimary -Q -C o -c prim.ctx
>dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g
>sha256 -u seal.pub -r seal.priv -i- -C prim.ctx
>tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
>seal.ctx
>tpm2_evictcontrol -C o -c seal.ctx 0x81010001
>
>My question is:
> 1. Is there a tool in linux that can sniff communication with the
>current system's TPM?
> 2. How to encrypt communications if the methods described above
>are not secure?
> It seems that encryption is possible through
>tpm2_startauthsession , but I do not know how to apply it to
>tpm2_create . (The -S option simply did not work.)
>
>Thank you.
>
>
>
>
5:26 p.m.
New subject: Is the tpm2_create command safe against sniffing attacks?
Hi Joseph,
I think it may be an optional standard but my TPM has some certs
permanently stored in nv-indices in the 0x1c0000x range that can be checked
against the manufacturer cert. I haven't learned how to leverage those
into trusted parameter encryption keys yet but they should be able to
verify there's a real TPM at the other end at the very least (and more if
you learn to use them correctly).
On Sun, Aug 1, 2021 at 8:33 PM Joseph Lee (ZeronsoftN) <
joseph(a)zeronsoftn.com> wrote:
Hi Dimi,
Sorry to bother you. By installing the latest version of tpm2-tools,
encrypted communication is possible.
Seal/unseal was possible as shown below.
But I have one question. How can I detect if a MITM attack occurs during
the seal/unseal process? After establishing a session, is there any way to
get the EK certificate of that session?
It seems that the tpm2_getekcertificate command can only get certificates
created via the createek command. I'd like to know if the TPM I've made a
session with is genuine.
Seal:
> tpm2_createprimary -c prim.ctx
> tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
> tpm2_create -Q -g sha256 -u seal.pub -r seal.priv -i temp.key -C
prim.ctx -S sess.ctx
> tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
sealctx
> tpm2_evictcontrol -C o -c seal.ctx 0x81010001
> tpm2_flushcontext sess.ctx
Unseal:
> tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
> tpm2_unseal -c seal.ctx -S sess.ctx -o out.key
> tpm2_flushcontext sess.ctx
Thanks & Regards,
Joseph
------ Original Message ------
보낸 사람: "Joseph Lee (ZeronsoftN)" <joseph(a)zeronsoftn.com>
받는 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>;
"tpm2(a)lists.01.org" <
tpm2(a)lists.01.org>
보낸 날짜: 2021-08-02 오전 6:27:36
제목: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?
Hi Dimi,
Thank you for your kind answer. Looking at the link you gave, I think I
can get more ideas.
I've been trying session encryption via tpm2-tools all weekend.
But I haven't found a way to create an encrypted session in tpm2-tools
yet. Maybe tpm2-tools doesn't support encrypted sessions?
If this is clear, I will implement parameter encryption through tpm2-tools
with referring to wolfTPM
Thanks & Regards,
Joseph
------ Original Message ------
보낸 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>
받는 사람: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>; "Joseph Lee
(ZeronsoftN)"
<joseph(a)zeronsoftn.com>
보낸 날짜: 2021-08-02 오전 4:33:02
제목: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?
Hi Joseph,
TPM 2.0 offers Parameter Encryption capability and HMAC sessions as
measures against Man-in-the-middle attacks
Examples in wolfTPM demonstrate how to enable Parameter Encryption
https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf083...
There is also Keygen , Key import and Key loading examples with Parameter
Encryption
https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf083...
Last week we discussed the Dolos Group story about a stolen laptop with
TPM https://developers.tpm.dev/posts/15883726
If Parameter Encryption and HMAC session have been used, this story would
have developed differently.
Hope this helps.
Dimi
--
Founder of TPM.dev
------------------------------
*From:* Joseph Lee (ZeronsoftN) <joseph@zeronsoftncom
<joseph(a)zeronsoftn.com>>
*Sent:* Saturday, July 31, 2021 2:09 AM
*To:* tpm2(a)lists.01.org <tpm2(a)lists.01.org>
*Subject:* [tpm2] Is the tpm2_create command safe against sniffing
attacks?
Hello,
https://pulsesecurity.co.nz/articles/TPM-sniffing
In this article, can see that communication with the TPM is vulnerable to
sniffing if not careful.
https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
Is the disk encryption described in tpm2-software's blog safe against
these attacks?
1. tpm2_createprimary -Q -C o -c prim.ctx
2. dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g
sha256 -u seal.pub -r seal.priv -i- -C prim.ctx
3. tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
seal.ctx
4. tpm2_evictcontrol -C o -c seal.ctx 0x81010001
My question is:
1. Is there a tool in linux that can sniff communication with the
current system's TPM?
2. How to encrypt communications if the methods described above are
not secure?
It seems that encryption is possible through tpm2_startauthsession
, but I do not know how to apply it to tpm2_create . (The -S option simply
did not work.)
Thank you.
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
6:58 p.m.
New subject: Is the tpm2_create command safe against sniffing attacks?
"Steven Clark" <davolfman(a)gmail.com> wrote on 08/02/2021 01:26:56 PM:
I think it may be an optional standard but my TPM has some certs
permanently stored in nv-indices in the 0x1c0000x range that can be
checked against the manufacturer cert. I haven't learned how to
leverage those into trusted parameter encryption keys yet but they
should be able to verify there's a real TPM at the other end at the
very least (and more if you learn to use them correctly).
The EK certificates in NV are in theory optional, but every TPM
I have encountered has them.
Checking the certificate against the manufacturer's CA is
a standard crypto library function.
Once you have an authentic EK, create a salted session using
the EK.
Once you have the salted session, set the encrypt and/or decrypt bit
when running the command.
Underneath, there's some complicated crypto, but it's all
hidden from the application.
10:41 p.m.
New subject: Is the tpm2_create command safe against sniffing attacks?
"salted session" was the keyword I was looking for!
Really thank you :) 화요일, 03 8월 2021, 03:59오전 +09:00 발신 Kenneth Goldman
kgoldman(a)us.ibm.com :
"Steven Clark" < davolfman(a)gmail.com> wrote on
08/02/2021 01:26:56 PM:
I think it may be an optional standard but my TPM has some certs
permanently stored in nv-indices in the 0x1c0000x range that can be
checked against the manufacturer cert. I haven't learned how to
leverage those into trusted parameter encryption keys yet but they
should be able to verify there's a real TPM at the other end at the
very least (and more if you learn to use them correctly).
The EK certificates in NV are in theory optional, but every TPM
I have encountered has them.
Checking the certificate against the manufacturer's CA is
a standard crypto library function.
Once you have an authentic EK, create a salted session using
the EK.
Once you have the salted session, set the encrypt and/or decrypt bit
when running the command.
Underneath, there's some complicated crypto, but it's all
hidden from the application.
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
2:02 p.m.
New subject: How can I prevent MITM attacks for unsealing?
Hi,
From the previous messages, I learned how salted sessions exchange keys
and are encrypted.
However, I have yet to get an idea to prevent MITM attacks.
I was able to get an salted session in the following way.
Sealing:
tpm2_startauthsession -S session.ctx
tpm2_policypcr -Q -S session.ctx -l sha256:0,2,4 -L pcrs.sha256.policy
tpm2_flushcontext session.ctx
tpm2_createprimary -C o -c tpm-primary.ctx
tpm2_startauthsession --hmac-session -c tpm-primary.ctx -S session.ctx
tpm2_create -g sha256 -u seal.pub -r seal.priv -i INPUT_KEY -C
tpm-primary.ctx -S
session.ctx -L pcrs.sha256.policy
tpm2_load -C tpm-primary.ctx -u seal.pub -r seal.priv -n seal.name -c
tpm-seal.ctx
tpm2_evictcontrol -C o -c tpm-seal.ctx 0x81000002
tpm2_flushcontext session.ctx
Unsealing:
tpm2_startauthsession --policy-session -S session.ctx
tpm2_policypcr -S session.ctx -l sha256:0,2,4
tpm2_unseal -p session:session.ctx -c 0x81000002 -o OUTPUT_KEY
tpm2_flushcontext session.ctx
However, in my opinion, from the tpm2_startauthsession part of the
unsealing process, an MITM attack is performed to establish a session
between the attacker-PC and the TPM-attacker session is established so
that the attacker will be able to obtain plaintext data for subsequent
unsealing.
Thanks & Regards,
Joseph.
------ Previous Message ------
>"Steven Clark" <davolfman(a)gmail.com> wrote on 08/02/2021 01:26:56 PM:
>
> > I think it may be an optional standard but my TPM has some certs
> > permanently stored in nv-indices in the 0x1c0000x range that can be
> > checked against the manufacturer cert. I haven't learned how to
> > leverage those into trusted parameter encryption keys yet but they
> > should be able to verify there's a real TPM at the other end at the
> > very least (and more if you learn to use them correctly).
>
>The EK certificates in NV are in theory optional, but every TPM
>I have encountered has them.
>
>Checking the certificate against the manufacturer's CA is
>a standard crypto library function.
>
>Once you have an authentic EK, create a salted session using
>the EK.
>
>Once you have the salted session, set the encrypt and/or decrypt bit
>when running the command.
>
>Underneath, there's some complicated crypto, but it's all
>hidden from the application.
>
>
>_______________________________________________
>tpm2 mailing list -- tpm2(a)lists.01.org
>To unsubscribe send an email to tpm2-leave(a)lists.01.org
>%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
1:34 p.m.
New subject: How can I prevent MITM attacks for unsealing?
Imran can you comment on the state this is in?
If you want a session that encrypts and decrypts, when starting the session you need to
supply the option `--key-context`.
you'll need to verify independently that the context points to a key you know and
trust, you can just do a sign/verify. We need
to add a name/public parameter to the input so we can perform this verification for users
in the tool. I think theirs an open bug
somewhere for this. If you use persistent keys, you can get the "serialized
handle", which under the hood is the ESYS_TR blob and
use that for "--key-context" and it will verify the name. You can obtain the
ESYS_TR with read public command. You'll still want to
do something to ensure that no-one has swapped out your key until you get through the
startauthsession. At that point it's not swappable
without detection (crypto would fail).
From there, you need to add that session to the -S parameter for all commands that you
want encryption for. I am not 100% sure of where
that feature state is now, I haven't looked in a while, but Imran might know more.
________________________________
From: Joseph Lee (ZeronsoftN) <joseph(a)zeronsoftn.com>
Sent: Tuesday, August 3, 2021 9:02 AM
To: tpm2(a)lists.01.org <tpm2(a)lists.01.org>
Subject: [tpm2] How can I prevent MITM attacks for unsealing?
Hi,
From the previous messages, I learned how salted sessions exchange keys and are
encrypted.
However, I have yet to get an idea to prevent MITM attacks.
I was able to get an salted session in the following way.
Sealing:
tpm2_startauthsession -S session.ctx
tpm2_policypcr -Q -S session.ctx -l sha256:0,2,4 -L pcrs.sha256.policy
tpm2_flushcontext session.ctx
tpm2_createprimary -C o -c tpm-primary.ctx
tpm2_startauthsession --hmac-session -c tpm-primary.ctx -S session.ctx
tpm2_create -g sha256 -u seal.pub -r seal.priv -i INPUT_KEY -C tpm-primary.ctx -S
session.ctx -L pcrs.sha256.policy
tpm2_load -C tpm-primary.ctx -u seal.pub -r seal.priv -n seal.name -c tpm-seal.ctx
tpm2_evictcontrol -C o -c tpm-seal.ctx 0x81000002
tpm2_flushcontext session.ctx
Unsealing:
tpm2_startauthsession --policy-session -S session.ctx
tpm2_policypcr -S session.ctx -l sha256:0,2,4
tpm2_unseal -p session:session.ctx -c 0x81000002 -o OUTPUT_KEY
tpm2_flushcontext session.ctx
However, in my opinion, from the tpm2_startauthsession part of the unsealing process, an
MITM attack is performed to establish a session between the attacker-PC and the
TPM-attacker session is established so that the attacker will be able to obtain plaintext
data for subsequent unsealing.
Thanks & Regards,
Joseph.
------ Previous Message ------
"Steven Clark" <davolfman@gmail.com<mailto:davolfman@gmail.com>>
wrote on 08/02/2021 01:26:56 PM:
I think it may be an optional standard but my TPM has some certs
permanently stored in nv-indices in the 0x1c0000x range that can be
checked against the manufacturer cert. I haven't learned how to
leverage those into trusted parameter encryption keys yet but they
should be able to verify there's a real TPM at the other end at the
very least (and more if you learn to use them correctly).
The EK certificates in NV are in theory optional, but every TPM
I have encountered has them.
Checking the certificate against the manufacturer's CA is
a standard crypto library function.
Once you have an authentic EK, create a salted session using
the EK.
Once you have the salted session, set the encrypt and/or decrypt bit
when running the command.
Underneath, there's some complicated crypto, but it's all
hidden from the application.
_______________________________________________
tpm2 mailing list -- tpm2@lists.01.org<mailto:tpm2@lists.01.org>
To unsubscribe send an email to
tpm2-leave@lists.01.org<mailto:tpm2-leave@lists.01.org>
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
[https://mail.zeronsoftn.com/mthumbnail/4e645b05-f948-4090-8a7d-a1196f1faf...]
[https://mail.zeronsoftn.com/mthumbnail/12cf28f0-6d3a-4e52-913d-c53ed8a8dc...]
286
days inactive
295
days old
6 comments
5 participants
participants (5)
-
Joseph Lee (ZeronsoftN) -
joseph@zeronsoftn.com
-
Kenneth Goldman -
Roberts, William C -
Steven Clark