6:35 p.m.
I was trying to make wpa_supplicant use a tpm2-pkcs11 stored private key to authenticate
against a RADIUS server, I mentioned about it on this discussion:
https://lists.01.org/hyperkitty/list/tpm2@lists.01.org/message/AYUBCAFCCX...
With some fixes on tpm2-pkcs11, TLS is working and there is an integration test for that
here:
https://github.com/tpm2-software/tpm2-pkcs11/blob/master/test/integration...
I wasn't able to reproduce this on Ubuntu 18, and noted that the test cases ran on top
of an Ubuntu 16.04 image. I tried Ubuntu 16.04 and TLS works as in the integration test. I
also checked that using latest version of wpa_supplicant, it does work with tpm2-pkcs11
and creates an EAP-TLS connection using the TPM.
I've debugged a bit in both OS versions and found that openssl is calling
pkey_rsa_sign with different padding modes: RSA_PKCS1_PADDING in Ubuntu 16, and
RSA_PKCS1_PSS_PADDING in Ubuntu 18. The consequence is that in tpm2-pkcs11, sign_init is
being called using CKM_RSA_PKCS as mechanism on Ubuntu 16, but in Ubuntu 18 it is being
called with CKM_RSA_X_509, which is not supported.
I think I have to file a bug to OpenSSL, but I don't know too much about the PKCS11
specs to support the claims. I'd appreciate any help to file a decent issue. Also, any
workaround is welcome, as replacing OpenSSL in any distribution is very hard given all the
software that depends on it.
2:43 p.m.
-----Original Message-----
From: Ignacio Jaureguiberry [mailto:ignaciox.jaureguiberry@intel.com]
Sent: Wednesday, January 22, 2020 12:36 PM
To: tpm2(a)lists.01.org
Subject: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer versions
I was trying to make wpa_supplicant use a tpm2-pkcs11 stored private key to
authenticate against a RADIUS server, I mentioned about it on this discussion:
https://lists.01.org/hyperkitty/list/tpm2@lists.01.org/message/AYUBCAFCCX...
SWA4IFC466LYS6ZIYX/
With some fixes on tpm2-pkcs11, TLS is working and there is an integration test
for that here: https://github.com/tpm2-software/tpm2-
pkcs11/blob/master/test/integration/tls-tests.sh
I wasn't able to reproduce this on Ubuntu 18, and noted that the test cases ran
on top of an Ubuntu 16.04 image. I tried Ubuntu 16.04 and TLS works as in the
integration test. I also checked that using latest version of wpa_supplicant, it
does work with tpm2-pkcs11 and creates an EAP-TLS connection using the TPM.
Increasing our distro coverage is definitely something I need/want to do for tpm2-pkcs11.
I already did this for many of the other tpm2 projects like tpm2-tools and tpm2-tss.
I've debugged a bit in both OS versions and found that openssl is calling
pkey_rsa_sign with different padding modes: RSA_PKCS1_PADDING in Ubuntu
16, and RSA_PKCS1_PSS_PADDING in Ubuntu 18. The consequence is that in
This seems like a good change, IIUC PKCS1 padding has some known issues, so changing
To PSS is a good move.
tpm2-pkcs11, sign_init is being called using CKM_RSA_PKCS as
mechanism on
Ubuntu 16, but in Ubuntu 18 it is being called with CKM_RSA_X_509, which is not
supported.
CKM_RSA_X_509 is supported, it's raw RSA encryption and AFAICT it's been
supported
since release 1.0. If it's signing with raw RSA, It must apply the PSS padding
separately. Which it does looking at OSSL 1_1_1 code:
-- code ---
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
if (!setup_tbuf(rctx, ctx))
return -1;
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
rctx->tbuf, tbs,
rctx->md, rctx->mgf1md,
rctx->saltlen))
return -1;
ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
sig, rsa, RSA_NO_PADDING);
---
So this makes sense to what you're seeing hitting the pkey_rsa_sign versus the calls
hitting
pkcs11 C_SignInit.
I think I have to file a bug to OpenSSL, but I don't know too much about the
PKCS11 specs to support the claims. I'd appreciate any help to file a decent issue.
Also, any workaround is welcome, as replacing OpenSSL in any distribution is very
hard given all the software that depends on it.
Probably not, it's probably something we need to fix in the pkcs11 library which is
very much an under development project. We should try and replicate the bug
first, and deduce that it is their bug before we file. We don't want to cry wolf
here.
I would capture the parameters going into the C_SignInit and subsequent C_Sign calls
and create a test in test/integration/pkcs-crypt.int.c that reproduces the error.
If you get me the inputs soon, I can develop this test and get a fix out. I am out
all next week Jan 27-Jan31.
Another great way to debug deeper is both pkcs11spy and setting the env variable
"export TPM2_PKCS11_DEBUG_LOG=2" to get verbose logs out of the tpm2-pkcs11
Library. You can find the pkcs11spy project at:
https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC
Also, specifying versions of OSSL and tpm2-pkcs11 as well as more logs and specific error
messages you share,
the easier it will be for us to help debug.
Thanks,
Bill
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
7:16 p.m.
These are the software versions on each setup. For the Ubuntu packages I'm putting the
Ubuntu package and version, and also de project with its version.
On the Ubuntu 16.04:
Bundled with Ubuntu:
* libssl1.0.0 [1.0.2g-1] - openssl [1.0.2g]
* libp11-2 [0.3.1-1] - libp11 [0.3.1]
* libengine-pkcs11-openssl [0.2.1-1] - engine_pkcs11 [0.2.1]
Tpm2 project libraries, built from sources:
* tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
* tpm2-abrmd [ git sha: e275930 - tag 2.3.1 ]
* tpm2-tools [ git sha: c971982 - master ]
* tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
On the Ubuntu 18.04 setup:
Bundled with Ubuntu:
* libssl1.1 [1.1.1-1ubuntu2.1] - openssl [1.1.1]
* libengine-pkcs11-openssl [0.4.7-3] - libp11 [0.4.7]
* opensc-pkcs11 [0.17.0-3] - opensc [0.17.0]
* p11-kit-modules [0.23.9-2] - p11-kit [0.23.9]
Tpm2 project libraries, built from sources:
* tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
* tpm2-tools [ git sha: c971982 - master ]
* tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
I'm sending the logs and function calls captured with pkcs11spy for each setup. The
different mechanism in C_SignInit can be seen on them.
-----Original Message-----
From: Roberts, William C
Sent: Thursday, January 23, 2020 11:44 AM
To: Jaureguiberry, IgnacioX <ignaciox.jaureguiberry(a)intel.com>; tpm2(a)lists.01.org
Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer versions
-----Original Message-----
From: Ignacio Jaureguiberry [mailto:ignaciox.jaureguiberry@intel.com]
Sent: Wednesday, January 22, 2020 12:36 PM
To: tpm2(a)lists.01.org
Subject: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer
versions
I was trying to make wpa_supplicant use a tpm2-pkcs11 stored private
key to authenticate against a RADIUS server, I mentioned about it on this discussion:
https://lists.01.org/hyperkitty/list/tpm2@lists.01.org/message/AYUBCAF
CCXITEV
SWA4IFC466LYS6ZIYX/
With some fixes on tpm2-pkcs11, TLS is working and there is an
integration test for that here: https://github.com/tpm2-software/tpm2-
pkcs11/blob/master/test/integration/tls-tests.sh
I wasn't able to reproduce this on Ubuntu 18, and noted that the test
cases ran on top of an Ubuntu 16.04 image. I tried Ubuntu 16.04 and
TLS works as in the integration test. I also checked that using latest
version of wpa_supplicant, it does work with tpm2-pkcs11 and creates an EAP-TLS
connection using the TPM.
Increasing our distro coverage is definitely something I need/want to do for tpm2-pkcs11.
I already did this for many of the other tpm2 projects like tpm2-tools and tpm2-tss.
I've debugged a bit in both OS versions and found that openssl is
calling pkey_rsa_sign with different padding modes: RSA_PKCS1_PADDING
in Ubuntu 16, and RSA_PKCS1_PSS_PADDING in Ubuntu 18. The consequence
is that in
This seems like a good change, IIUC PKCS1 padding has some known issues, so changing To
PSS is a good move.
tpm2-pkcs11, sign_init is being called using CKM_RSA_PKCS as
mechanism
on Ubuntu 16, but in Ubuntu 18 it is being called with CKM_RSA_X_509,
which is not supported.
CKM_RSA_X_509 is supported, it's raw RSA encryption and AFAICT it's been supported
since release 1.0. If it's signing with raw RSA, It must apply the PSS padding
separately. Which it does looking at OSSL 1_1_1 code:
-- code ---
} else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
if (!setup_tbuf(rctx, ctx))
return -1;
if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
rctx->tbuf, tbs,
rctx->md, rctx->mgf1md,
rctx->saltlen))
return -1;
ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
sig, rsa, RSA_NO_PADDING);
---
So this makes sense to what you're seeing hitting the pkey_rsa_sign versus the calls
hitting
pkcs11 C_SignInit.
I think I have to file a bug to OpenSSL, but I don't know too much
about the
PKCS11 specs to support the claims. I'd appreciate any help to file a decent issue.
Also, any workaround is welcome, as replacing OpenSSL in any
distribution is very hard given all the software that depends on it.
Probably not, it's probably something we need to fix in the pkcs11 library which is
very much an under development project. We should try and replicate the bug first, and
deduce that it is their bug before we file. We don't want to cry wolf here.
I would capture the parameters going into the C_SignInit and subsequent C_Sign calls and
create a test in test/integration/pkcs-crypt.int.c that reproduces the error.
If you get me the inputs soon, I can develop this test and get a fix out. I am out all
next week Jan 27-Jan31.
Another great way to debug deeper is both pkcs11spy and setting the env variable
"export TPM2_PKCS11_DEBUG_LOG=2" to get verbose logs out of the tpm2-pkcs11
Library. You can find the pkcs11spy project at:
https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC
Also, specifying versions of OSSL and tpm2-pkcs11 as well as more logs and specific error
messages you share, the easier it will be for us to help debug.
Thanks,
Bill
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email to
tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
7:32 p.m.
Backing up your TPM2_PKCS11_STORE, what happens if you bump tpm2-pkcs11 to current master
HEAD?
Still fail?
Bill
> -----Original Message-----
> From: Jaureguiberry, IgnacioX
> Sent: Thursday, January 23, 2020 1:16 PM
> To: Roberts, William C <william.c.roberts(a)intel.com>; tpm2(a)lists.01.org
> Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer
> versions
>
> These are the software versions on each setup. For the Ubuntu packages I'm
> putting the Ubuntu package and version, and also de project with its version.
>
> On the Ubuntu 16.04:
> Bundled with Ubuntu:
> * libssl1.0.0 [1.0.2g-1] - openssl [1.0.2g]
> * libp11-2 [0.3.1-1] - libp11 [0.3.1]
> * libengine-pkcs11-openssl [0.2.1-1] - engine_pkcs11 [0.2.1]
>
> Tpm2 project libraries, built from sources:
> * tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
> * tpm2-abrmd [ git sha: e275930 - tag 2.3.1 ]
> * tpm2-tools [ git sha: c971982 - master ]
> * tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
>
> On the Ubuntu 18.04 setup:
> Bundled with Ubuntu:
> * libssl1.1 [1.1.1-1ubuntu2.1] - openssl [1.1.1]
> * libengine-pkcs11-openssl [0.4.7-3] - libp11 [0.4.7]
> * opensc-pkcs11 [0.17.0-3] - opensc [0.17.0]
> * p11-kit-modules [0.23.9-2] - p11-kit [0.23.9]
>
> Tpm2 project libraries, built from sources:
> * tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
> * tpm2-tools [ git sha: c971982 - master ]
> * tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
>
> I'm sending the logs and function calls captured with pkcs11spy for each setup.
> The different mechanism in C_SignInit can be seen on them.
>
>
> -----Original Message-----
> From: Roberts, William C
> Sent: Thursday, January 23, 2020 11:44 AM
> To: Jaureguiberry, IgnacioX <ignaciox.jaureguiberry(a)intel.com>;
> tpm2(a)lists.01.org
> Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer
> versions
>
>
>
> > -----Original Message-----
> > From: Ignacio Jaureguiberry [mailto:ignaciox.jaureguiberry@intel.com]
> > Sent: Wednesday, January 22, 2020 12:36 PM
> > To: tpm2(a)lists.01.org
> > Subject: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer
> > versions
> >
> > I was trying to make wpa_supplicant use a tpm2-pkcs11 stored private
> > key to authenticate against a RADIUS server, I mentioned about it on this
> discussion:
> > https://lists.01.org/hyperkitty/list/tpm2@lists.01.org/message/AYUBCAF
> > CCXITEV
> > SWA4IFC466LYS6ZIYX/
> >
> > With some fixes on tpm2-pkcs11, TLS is working and there is an
> > integration test for that here: https://github.com/tpm2-software/tpm2-
> > pkcs11/blob/master/test/integration/tls-tests.sh
> >
> > I wasn't able to reproduce this on Ubuntu 18, and noted that the test
> > cases ran on top of an Ubuntu 16.04 image. I tried Ubuntu 16.04 and
> > TLS works as in the integration test. I also checked that using latest
> > version of wpa_supplicant, it does work with tpm2-pkcs11 and creates an EAP-
> TLS connection using the TPM.
>
> Increasing our distro coverage is definitely something I need/want to do for
> tpm2-pkcs11.
> I already did this for many of the other tpm2 projects like tpm2-tools and tpm2-
> tss.
>
> >
> > I've debugged a bit in both OS versions and found that openssl is
> > calling pkey_rsa_sign with different padding modes: RSA_PKCS1_PADDING
> > in Ubuntu 16, and RSA_PKCS1_PSS_PADDING in Ubuntu 18. The consequence
> > is that in
>
> This seems like a good change, IIUC PKCS1 padding has some known issues, so
> changing To PSS is a good move.
>
> > tpm2-pkcs11, sign_init is being called using CKM_RSA_PKCS as mechanism
> > on Ubuntu 16, but in Ubuntu 18 it is being called with CKM_RSA_X_509,
> > which is not supported.
>
> CKM_RSA_X_509 is supported, it's raw RSA encryption and AFAICT it's been
> supported since release 1.0. If it's signing with raw RSA, It must apply the PSS
> padding separately. Which it does looking at OSSL 1_1_1 code:
>
> -- code ---
> } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
> if (!setup_tbuf(rctx, ctx))
> return -1;
> if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
> rctx->tbuf, tbs,
> rctx->md, rctx->mgf1md,
> rctx->saltlen))
> return -1;
> ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
> sig, rsa, RSA_NO_PADDING);
> ---
>
> So this makes sense to what you're seeing hitting the pkey_rsa_sign versus the
> calls hitting
> pkcs11 C_SignInit.
>
> >
> > I think I have to file a bug to OpenSSL, but I don't know too much
> > about the
> > PKCS11 specs to support the claims. I'd appreciate any help to file a
decent
> issue.
> > Also, any workaround is welcome, as replacing OpenSSL in any
> > distribution is very hard given all the software that depends on it.
>
> Probably not, it's probably something we need to fix in the pkcs11 library which
is
> very much an under development project. We should try and replicate the bug
> first, and deduce that it is their bug before we file. We don't want to cry wolf
> here.
>
> I would capture the parameters going into the C_SignInit and subsequent C_Sign
> calls and create a test in test/integration/pkcs-crypt.int.c that reproduces the
> error.
>
> If you get me the inputs soon, I can develop this test and get a fix out. I am out
all
> next week Jan 27-Jan31.
>
> Another great way to debug deeper is both pkcs11spy and setting the env
> variable "export TPM2_PKCS11_DEBUG_LOG=2" to get verbose logs out of the
> tpm2-pkcs11 Library. You can find the pkcs11spy project at:
> https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC
>
> Also, specifying versions of OSSL and tpm2-pkcs11 as well as more logs and
> specific error messages you share, the easier it will be for us to help debug.
>
> Thanks,
> Bill
>
> > _______________________________________________
> > tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email to
> > tpm2-leave(a)lists.01.org
> > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
8:30 p.m.
I'm using tpm2-pkcs11 tag 1.0 because latest version requires python 3.7 for the
tpm2_ptool to work. This is a bit of work in both Ubuntu 16.04 and 18.04.
I've upgraded to python3.7 in the Ubuntu 18.04 setup and then installed tpm2-pkcs11 to
HEAD of master and it still shows the same error: C_SignInit with mechanism CKM_RSA_X_509
returns CKR_KEY_FUNCTION_NOT_PERMITTED.
-----Original Message-----
From: Roberts, William C
Sent: Thursday, January 23, 2020 4:33 PM
To: Jaureguiberry, IgnacioX <ignaciox.jaureguiberry(a)intel.com>; tpm2(a)lists.01.org
Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer versions
Backing up your TPM2_PKCS11_STORE, what happens if you bump tpm2-pkcs11 to current master
HEAD?
Still fail?
Bill
> -----Original Message-----
> From: Jaureguiberry, IgnacioX
> Sent: Thursday, January 23, 2020 1:16 PM
> To: Roberts, William C <william.c.roberts(a)intel.com>;
> tpm2(a)lists.01.org
> Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on
> newer versions
>
> These are the software versions on each setup. For the Ubuntu packages
> I'm putting the Ubuntu package and version, and also de project with its
version.
>
> On the Ubuntu 16.04:
> Bundled with Ubuntu:
> * libssl1.0.0 [1.0.2g-1] - openssl [1.0.2g]
> * libp11-2 [0.3.1-1] - libp11 [0.3.1]
> * libengine-pkcs11-openssl [0.2.1-1] - engine_pkcs11 [0.2.1]
>
> Tpm2 project libraries, built from sources:
> * tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
> * tpm2-abrmd [ git sha: e275930 - tag 2.3.1 ]
> * tpm2-tools [ git sha: c971982 - master ]
> * tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
>
> On the Ubuntu 18.04 setup:
> Bundled with Ubuntu:
> * libssl1.1 [1.1.1-1ubuntu2.1] - openssl [1.1.1]
> * libengine-pkcs11-openssl [0.4.7-3] - libp11 [0.4.7]
> * opensc-pkcs11 [0.17.0-3] - opensc [0.17.0]
> * p11-kit-modules [0.23.9-2] - p11-kit [0.23.9]
>
> Tpm2 project libraries, built from sources:
> * tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
> * tpm2-tools [ git sha: c971982 - master ]
> * tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
>
> I'm sending the logs and function calls captured with pkcs11spy for each setup.
> The different mechanism in C_SignInit can be seen on them.
>
>
> -----Original Message-----
> From: Roberts, William C
> Sent: Thursday, January 23, 2020 11:44 AM
> To: Jaureguiberry, IgnacioX <ignaciox.jaureguiberry(a)intel.com>;
> tpm2(a)lists.01.org
> Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on
> newer versions
>
>
>
> > -----Original Message-----
> > From: Ignacio Jaureguiberry
> > [mailto:ignaciox.jaureguiberry@intel.com]
> > Sent: Wednesday, January 22, 2020 12:36 PM
> > To: tpm2(a)lists.01.org
> > Subject: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer
> > versions
> >
> > I was trying to make wpa_supplicant use a tpm2-pkcs11 stored private
> > key to authenticate against a RADIUS server, I mentioned about it on
> > this
> discussion:
> > https://lists.01.org/hyperkitty/list/tpm2@lists.01.org/message/AYUBC
> > AF
> > CCXITEV
> > SWA4IFC466LYS6ZIYX/
> >
> > With some fixes on tpm2-pkcs11, TLS is working and there is an
> > integration test for that here:
> > https://github.com/tpm2-software/tpm2-
> > pkcs11/blob/master/test/integration/tls-tests.sh
> >
> > I wasn't able to reproduce this on Ubuntu 18, and noted that the
> > test cases ran on top of an Ubuntu 16.04 image. I tried Ubuntu 16.04
> > and TLS works as in the integration test. I also checked that using
> > latest version of wpa_supplicant, it does work with tpm2-pkcs11 and
> > creates an EAP-
> TLS connection using the TPM.
>
> Increasing our distro coverage is definitely something I need/want to
> do for tpm2-pkcs11.
> I already did this for many of the other tpm2 projects like tpm2-tools
> and tpm2- tss.
>
> >
> > I've debugged a bit in both OS versions and found that openssl is
> > calling pkey_rsa_sign with different padding modes:
> > RSA_PKCS1_PADDING in Ubuntu 16, and RSA_PKCS1_PSS_PADDING in Ubuntu
> > 18. The consequence is that in
>
> This seems like a good change, IIUC PKCS1 padding has some known
> issues, so changing To PSS is a good move.
>
> > tpm2-pkcs11, sign_init is being called using CKM_RSA_PKCS as
> > mechanism on Ubuntu 16, but in Ubuntu 18 it is being called with
> > CKM_RSA_X_509, which is not supported.
>
> CKM_RSA_X_509 is supported, it's raw RSA encryption and AFAICT it's
> been supported since release 1.0. If it's signing with raw RSA, It
> must apply the PSS padding separately. Which it does looking at OSSL 1_1_1 code:
>
> -- code ---
> } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
> if (!setup_tbuf(rctx, ctx))
> return -1;
> if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
> rctx->tbuf, tbs,
> rctx->md, rctx->mgf1md,
> rctx->saltlen))
> return -1;
> ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
> sig, rsa, RSA_NO_PADDING);
> ---
>
> So this makes sense to what you're seeing hitting the pkey_rsa_sign
> versus the calls hitting
> pkcs11 C_SignInit.
>
> >
> > I think I have to file a bug to OpenSSL, but I don't know too much
> > about the
> > PKCS11 specs to support the claims. I'd appreciate any help to file
> > a decent
> issue.
> > Also, any workaround is welcome, as replacing OpenSSL in any
> > distribution is very hard given all the software that depends on it.
>
> Probably not, it's probably something we need to fix in the pkcs11
> library which is very much an under development project. We should try
> and replicate the bug first, and deduce that it is their bug before we
> file. We don't want to cry wolf here.
>
> I would capture the parameters going into the C_SignInit and
> subsequent C_Sign calls and create a test in
> test/integration/pkcs-crypt.int.c that reproduces the error.
>
> If you get me the inputs soon, I can develop this test and get a fix
> out. I am out all next week Jan 27-Jan31.
>
> Another great way to debug deeper is both pkcs11spy and setting the
> env variable "export TPM2_PKCS11_DEBUG_LOG=2" to get verbose logs out
> of the
> tpm2-pkcs11 Library. You can find the pkcs11spy project at:
> https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC
>
> Also, specifying versions of OSSL and tpm2-pkcs11 as well as more logs
> and specific error messages you share, the easier it will be for us to help debug.
>
> Thanks,
> Bill
>
> > _______________________________________________
> > tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email
> > to tpm2-leave(a)lists.01.org
> > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
1:15 a.m.
I was able to reproduce this by commenting out all the support for other algorithms:
https://github.com/williamcroberts/tpm2-pkcs11/tree/force-raw-rsa
It dawned on my while eating dinner, that it was likely something where we needed to flip
the RSA operations.
The TPM adheres to the true definitions of RSA Encrypt and RSA Decrypt, and when you
specify a C_Encrypt() call with
A private key object, the code calls TPM2_RSA_Encrypt() which is the RSA operation with
the public key. Which the TPM
Doesn't throw an error because the handle going to the TPM maps to the keypair and the
TPM just does the right thing.
After doing the initial setup, if you swap the RSA encrypt/decrypt calls, it works (see
patch below).
We likely need to track and call the proper TPM RSA routines on what the operation is when
it is RSA X509:
Key Class Interface Operation
CKO_PRIVATE C_Decrypt tpm_decrypt
CKO_PUBLIC C_Decrypt tpm_encrypt
CKO_PRIVATE C_Encrypt tpm_decrypt
CKO_PUBLIC C_Encrypt tpm_encrypt
We'll need to get proper support in for this and a regression test performing one half
in the TPM and the other half
With OpenSSL. Theirs already tests for CKM_RSA_X_509 in pkcs-crypt.int.c, so we likely
just need to expand on those.
diff --git a/src/lib/tpm.c b/src/lib/tpm.c
index f906ffbc584e..735151f016a7 100644
--- a/src/lib/tpm.c
+++ b/src/lib/tpm.c
@@ -1836,7 +1836,7 @@ CK_RV tpm_encrypt(crypto_op_data *opdata,
tpm_encrypt_data *tpm_enc_data = opdata->tpm_enc_data;
if (tpm_enc_data->is_rsa) {
- return tpm_rsa_encrypt(tpm_enc_data, ptext, ptextlen, ctext, ctextlen);
+ return tpm_rsa_decrypt(tpm_enc_data, ptext, ptextlen, ctext, ctextlen);
}
tpm_ctx *ctx = tpm_enc_data->ctx;
@@ -1857,7 +1857,7 @@ CK_RV tpm_decrypt(crypto_op_data *opdata,
tpm_encrypt_data *tpm_enc_data = opdata->tpm_enc_data;
if (tpm_enc_data->is_rsa) {
- return tpm_rsa_decrypt(tpm_enc_data, ctext, ctextlen, ptext, ptextlen);
+ return tpm_rsa_encrypt(tpm_enc_data, ctext, ctextlen, ptext, ptextlen);
}
tpm_ctx *ctx = tpm_enc_data->ctx;
> -----Original Message-----
> From: Jaureguiberry, IgnacioX
> Sent: Thursday, January 23, 2020 2:30 PM
> To: Roberts, William C <william.c.roberts(a)intel.com>; tpm2(a)lists.01.org
> Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer
> versions
>
> I'm using tpm2-pkcs11 tag 1.0 because latest version requires python 3.7 for the
> tpm2_ptool to work. This is a bit of work in both Ubuntu 16.04 and 18.04.
>
> I've upgraded to python3.7 in the Ubuntu 18.04 setup and then installed tpm2-
> pkcs11 to HEAD of master and it still shows the same error: C_SignInit with
> mechanism CKM_RSA_X_509 returns CKR_KEY_FUNCTION_NOT_PERMITTED.
>
> -----Original Message-----
> From: Roberts, William C
> Sent: Thursday, January 23, 2020 4:33 PM
> To: Jaureguiberry, IgnacioX <ignaciox.jaureguiberry(a)intel.com>;
> tpm2(a)lists.01.org
> Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer
> versions
>
> Backing up your TPM2_PKCS11_STORE, what happens if you bump tpm2-pkcs11
> to current master HEAD?
>
> Still fail?
>
> Bill
>
> > -----Original Message-----
> > From: Jaureguiberry, IgnacioX
> > Sent: Thursday, January 23, 2020 1:16 PM
> > To: Roberts, William C <william.c.roberts(a)intel.com>;
> > tpm2(a)lists.01.org
> > Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on
> > newer versions
> >
> > These are the software versions on each setup. For the Ubuntu packages
> > I'm putting the Ubuntu package and version, and also de project with its
> version.
> >
> > On the Ubuntu 16.04:
> > Bundled with Ubuntu:
> > * libssl1.0.0 [1.0.2g-1] - openssl [1.0.2g]
> > * libp11-2 [0.3.1-1] - libp11 [0.3.1]
> > * libengine-pkcs11-openssl [0.2.1-1] - engine_pkcs11 [0.2.1]
> >
> > Tpm2 project libraries, built from sources:
> > * tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
> > * tpm2-abrmd [ git sha: e275930 - tag 2.3.1 ]
> > * tpm2-tools [ git sha: c971982 - master ]
> > * tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
> >
> > On the Ubuntu 18.04 setup:
> > Bundled with Ubuntu:
> > * libssl1.1 [1.1.1-1ubuntu2.1] - openssl [1.1.1]
> > * libengine-pkcs11-openssl [0.4.7-3] - libp11 [0.4.7]
> > * opensc-pkcs11 [0.17.0-3] - opensc [0.17.0]
> > * p11-kit-modules [0.23.9-2] - p11-kit [0.23.9]
> >
> > Tpm2 project libraries, built from sources:
> > * tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
> > * tpm2-tools [ git sha: c971982 - master ]
> > * tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
> >
> > I'm sending the logs and function calls captured with pkcs11spy for each
setup.
> > The different mechanism in C_SignInit can be seen on them.
> >
> >
> > -----Original Message-----
> > From: Roberts, William C
> > Sent: Thursday, January 23, 2020 11:44 AM
> > To: Jaureguiberry, IgnacioX <ignaciox.jaureguiberry(a)intel.com>;
> > tpm2(a)lists.01.org
> > Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on
> > newer versions
> >
> >
> >
> > > -----Original Message-----
> > > From: Ignacio Jaureguiberry
> > > [mailto:ignaciox.jaureguiberry@intel.com]
> > > Sent: Wednesday, January 22, 2020 12:36 PM
> > > To: tpm2(a)lists.01.org
> > > Subject: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer
> > > versions
> > >
> > > I was trying to make wpa_supplicant use a tpm2-pkcs11 stored private
> > > key to authenticate against a RADIUS server, I mentioned about it on
> > > this
> > discussion:
> > > https://lists.01.org/hyperkitty/list/tpm2@lists.01.org/message/AYUBC
> > > AF
> > > CCXITEV
> > > SWA4IFC466LYS6ZIYX/
> > >
> > > With some fixes on tpm2-pkcs11, TLS is working and there is an
> > > integration test for that here:
> > > https://github.com/tpm2-software/tpm2-
> > > pkcs11/blob/master/test/integration/tls-tests.sh
> > >
> > > I wasn't able to reproduce this on Ubuntu 18, and noted that the
> > > test cases ran on top of an Ubuntu 16.04 image. I tried Ubuntu 16.04
> > > and TLS works as in the integration test. I also checked that using
> > > latest version of wpa_supplicant, it does work with tpm2-pkcs11 and
> > > creates an EAP-
> > TLS connection using the TPM.
> >
> > Increasing our distro coverage is definitely something I need/want to
> > do for tpm2-pkcs11.
> > I already did this for many of the other tpm2 projects like tpm2-tools
> > and tpm2- tss.
> >
> > >
> > > I've debugged a bit in both OS versions and found that openssl is
> > > calling pkey_rsa_sign with different padding modes:
> > > RSA_PKCS1_PADDING in Ubuntu 16, and RSA_PKCS1_PSS_PADDING in
> Ubuntu
> > > 18. The consequence is that in
> >
> > This seems like a good change, IIUC PKCS1 padding has some known
> > issues, so changing To PSS is a good move.
> >
> > > tpm2-pkcs11, sign_init is being called using CKM_RSA_PKCS as
> > > mechanism on Ubuntu 16, but in Ubuntu 18 it is being called with
> > > CKM_RSA_X_509, which is not supported.
> >
> > CKM_RSA_X_509 is supported, it's raw RSA encryption and AFAICT it's
> > been supported since release 1.0. If it's signing with raw RSA, It
> > must apply the PSS padding separately. Which it does looking at OSSL 1_1_1
> code:
> >
> > -- code ---
> > } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
> > if (!setup_tbuf(rctx, ctx))
> > return -1;
> > if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
> > rctx->tbuf, tbs,
> > rctx->md, rctx->mgf1md,
> > rctx->saltlen))
> > return -1;
> > ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
> > sig, rsa, RSA_NO_PADDING);
> > ---
> >
> > So this makes sense to what you're seeing hitting the pkey_rsa_sign
> > versus the calls hitting
> > pkcs11 C_SignInit.
> >
> > >
> > > I think I have to file a bug to OpenSSL, but I don't know too much
> > > about the
> > > PKCS11 specs to support the claims. I'd appreciate any help to file
> > > a decent
> > issue.
> > > Also, any workaround is welcome, as replacing OpenSSL in any
> > > distribution is very hard given all the software that depends on it.
> >
> > Probably not, it's probably something we need to fix in the pkcs11
> > library which is very much an under development project. We should try
> > and replicate the bug first, and deduce that it is their bug before we
> > file. We don't want to cry wolf here.
> >
> > I would capture the parameters going into the C_SignInit and
> > subsequent C_Sign calls and create a test in
> > test/integration/pkcs-crypt.int.c that reproduces the error.
> >
> > If you get me the inputs soon, I can develop this test and get a fix
> > out. I am out all next week Jan 27-Jan31.
> >
> > Another great way to debug deeper is both pkcs11spy and setting the
> > env variable "export TPM2_PKCS11_DEBUG_LOG=2" to get verbose logs out
> > of the
> > tpm2-pkcs11 Library. You can find the pkcs11spy project at:
> > https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC
> >
> > Also, specifying versions of OSSL and tpm2-pkcs11 as well as more logs
> > and specific error messages you share, the easier it will be for us to help
debug.
> >
> > Thanks,
> > Bill
> >
> > > _______________________________________________
> > > tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an email
> > > to tpm2-leave(a)lists.01.org
> > > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
1:51 a.m.
Here's a somewhat proper fix:
https://github.com/tpm2-software/tpm2-pkcs11/pull/397
> -----Original Message-----
> From: Roberts, William C
> Sent: Friday, January 24, 2020 7:16 PM
> To: Jaureguiberry, IgnacioX <ignaciox.jaureguiberry(a)intel.com>;
> tpm2(a)lists.01.org
> Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on newer
> versions
>
> I was able to reproduce this by commenting out all the support for other
> algorithms:
> https://github.com/williamcroberts/tpm2-pkcs11/tree/force-raw-rsa
>
> It dawned on my while eating dinner, that it was likely something where we
> needed to flip the RSA operations.
> The TPM adheres to the true definitions of RSA Encrypt and RSA Decrypt, and
> when you specify a C_Encrypt() call with A private key object, the code calls
> TPM2_RSA_Encrypt() which is the RSA operation with the public key. Which the
> TPM Doesn't throw an error because the handle going to the TPM maps to the
> keypair and the TPM just does the right thing.
>
> After doing the initial setup, if you swap the RSA encrypt/decrypt calls, it works
> (see patch below).
>
> We likely need to track and call the proper TPM RSA routines on what the
> operation is when it is RSA X509:
>
> Key Class Interface Operation
> CKO_PRIVATE C_Decrypt tpm_decrypt
> CKO_PUBLIC C_Decrypt tpm_encrypt
> CKO_PRIVATE C_Encrypt tpm_decrypt
> CKO_PUBLIC C_Encrypt tpm_encrypt
>
> We'll need to get proper support in for this and a regression test performing
one
> half in the TPM and the other half With OpenSSL. Theirs already tests for
> CKM_RSA_X_509 in pkcs-crypt.int.c, so we likely just need to expand on those.
>
> diff --git a/src/lib/tpm.c b/src/lib/tpm.c index f906ffbc584e..735151f016a7 100644
> --- a/src/lib/tpm.c
> +++ b/src/lib/tpm.c
> @@ -1836,7 +1836,7 @@ CK_RV tpm_encrypt(crypto_op_data *opdata,
> tpm_encrypt_data *tpm_enc_data = opdata->tpm_enc_data;
>
> if (tpm_enc_data->is_rsa) {
> - return tpm_rsa_encrypt(tpm_enc_data, ptext, ptextlen, ctext, ctextlen);
> + return tpm_rsa_decrypt(tpm_enc_data, ptext, ptextlen, ctext,
> + ctextlen);
> }
>
> tpm_ctx *ctx = tpm_enc_data->ctx;
> @@ -1857,7 +1857,7 @@ CK_RV tpm_decrypt(crypto_op_data *opdata,
> tpm_encrypt_data *tpm_enc_data = opdata->tpm_enc_data;
>
> if (tpm_enc_data->is_rsa) {
> - return tpm_rsa_decrypt(tpm_enc_data, ctext, ctextlen, ptext, ptextlen);
> + return tpm_rsa_encrypt(tpm_enc_data, ctext, ctextlen, ptext,
> + ptextlen);
> }
>
> tpm_ctx *ctx = tpm_enc_data->ctx;
>
> > -----Original Message-----
> > From: Jaureguiberry, IgnacioX
> > Sent: Thursday, January 23, 2020 2:30 PM
> > To: Roberts, William C <william.c.roberts(a)intel.com>;
> > tpm2(a)lists.01.org
> > Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on
> > newer versions
> >
> > I'm using tpm2-pkcs11 tag 1.0 because latest version requires python
> > 3.7 for the tpm2_ptool to work. This is a bit of work in both Ubuntu 16.04 and
> 18.04.
> >
> > I've upgraded to python3.7 in the Ubuntu 18.04 setup and then
> > installed tpm2-
> > pkcs11 to HEAD of master and it still shows the same error: C_SignInit
> > with mechanism CKM_RSA_X_509 returns
> CKR_KEY_FUNCTION_NOT_PERMITTED.
> >
> > -----Original Message-----
> > From: Roberts, William C
> > Sent: Thursday, January 23, 2020 4:33 PM
> > To: Jaureguiberry, IgnacioX <ignaciox.jaureguiberry(a)intel.com>;
> > tpm2(a)lists.01.org
> > Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on
> > newer versions
> >
> > Backing up your TPM2_PKCS11_STORE, what happens if you bump
> > tpm2-pkcs11 to current master HEAD?
> >
> > Still fail?
> >
> > Bill
> >
> > > -----Original Message-----
> > > From: Jaureguiberry, IgnacioX
> > > Sent: Thursday, January 23, 2020 1:16 PM
> > > To: Roberts, William C <william.c.roberts(a)intel.com>;
> > > tpm2(a)lists.01.org
> > > Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on
> > > newer versions
> > >
> > > These are the software versions on each setup. For the Ubuntu
> > > packages I'm putting the Ubuntu package and version, and also de
> > > project with its
> > version.
> > >
> > > On the Ubuntu 16.04:
> > > Bundled with Ubuntu:
> > > * libssl1.0.0 [1.0.2g-1] - openssl [1.0.2g]
> > > * libp11-2 [0.3.1-1] - libp11 [0.3.1]
> > > * libengine-pkcs11-openssl [0.2.1-1] - engine_pkcs11 [0.2.1]
> > >
> > > Tpm2 project libraries, built from sources:
> > > * tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
> > > * tpm2-abrmd [ git sha: e275930 - tag 2.3.1 ]
> > > * tpm2-tools [ git sha: c971982 - master ]
> > > * tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
> > >
> > > On the Ubuntu 18.04 setup:
> > > Bundled with Ubuntu:
> > > * libssl1.1 [1.1.1-1ubuntu2.1] - openssl [1.1.1]
> > > * libengine-pkcs11-openssl [0.4.7-3] - libp11 [0.4.7]
> > > * opensc-pkcs11 [0.17.0-3] - opensc [0.17.0]
> > > * p11-kit-modules [0.23.9-2] - p11-kit [0.23.9]
> > >
> > > Tpm2 project libraries, built from sources:
> > > * tpm2-tss [ git sha: eedaf1a - tag 2.3.2 ]
> > > * tpm2-tools [ git sha: c971982 - master ]
> > > * tpm2-pkcs11 [ git sha: 7af62a4 - tag 1.0 ]
> > >
> > > I'm sending the logs and function calls captured with pkcs11spy for
each
> setup.
> > > The different mechanism in C_SignInit can be seen on them.
> > >
> > >
> > > -----Original Message-----
> > > From: Roberts, William C
> > > Sent: Thursday, January 23, 2020 11:44 AM
> > > To: Jaureguiberry, IgnacioX <ignaciox.jaureguiberry(a)intel.com>;
> > > tpm2(a)lists.01.org
> > > Subject: RE: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on
> > > newer versions
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Ignacio Jaureguiberry
> > > > [mailto:ignaciox.jaureguiberry@intel.com]
> > > > Sent: Wednesday, January 22, 2020 12:36 PM
> > > > To: tpm2(a)lists.01.org
> > > > Subject: [tpm2] OpenSSL TLS using tpm2-pkcs11 doesn't work on
> > > > newer versions
> > > >
> > > > I was trying to make wpa_supplicant use a tpm2-pkcs11 stored
> > > > private key to authenticate against a RADIUS server, I mentioned
> > > > about it on this
> > > discussion:
> > > > https://lists.01.org/hyperkitty/list/tpm2@lists.01.org/message/AYU
> > > > BC
> > > > AF
> > > > CCXITEV
> > > > SWA4IFC466LYS6ZIYX/
> > > >
> > > > With some fixes on tpm2-pkcs11, TLS is working and there is an
> > > > integration test for that here:
> > > > https://github.com/tpm2-software/tpm2-
> > > > pkcs11/blob/master/test/integration/tls-tests.sh
> > > >
> > > > I wasn't able to reproduce this on Ubuntu 18, and noted that the
> > > > test cases ran on top of an Ubuntu 16.04 image. I tried Ubuntu
> > > > 16.04 and TLS works as in the integration test. I also checked
> > > > that using latest version of wpa_supplicant, it does work with
> > > > tpm2-pkcs11 and creates an EAP-
> > > TLS connection using the TPM.
> > >
> > > Increasing our distro coverage is definitely something I need/want
> > > to do for tpm2-pkcs11.
> > > I already did this for many of the other tpm2 projects like
> > > tpm2-tools and tpm2- tss.
> > >
> > > >
> > > > I've debugged a bit in both OS versions and found that openssl is
> > > > calling pkey_rsa_sign with different padding modes:
> > > > RSA_PKCS1_PADDING in Ubuntu 16, and RSA_PKCS1_PSS_PADDING in
> > Ubuntu
> > > > 18. The consequence is that in
> > >
> > > This seems like a good change, IIUC PKCS1 padding has some known
> > > issues, so changing To PSS is a good move.
> > >
> > > > tpm2-pkcs11, sign_init is being called using CKM_RSA_PKCS as
> > > > mechanism on Ubuntu 16, but in Ubuntu 18 it is being called with
> > > > CKM_RSA_X_509, which is not supported.
> > >
> > > CKM_RSA_X_509 is supported, it's raw RSA encryption and AFAICT
it's
> > > been supported since release 1.0. If it's signing with raw RSA, It
> > > must apply the PSS padding separately. Which it does looking at OSSL
> > > 1_1_1
> > code:
> > >
> > > -- code ---
> > > } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
> > > if (!setup_tbuf(rctx, ctx))
> > > return -1;
> > > if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
> > > rctx->tbuf, tbs,
> > > rctx->md,
rctx->mgf1md,
> > > rctx->saltlen))
> > > return -1;
> > > ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
> > > sig, rsa, RSA_NO_PADDING);
> > > ---
> > >
> > > So this makes sense to what you're seeing hitting the pkey_rsa_sign
> > > versus the calls hitting
> > > pkcs11 C_SignInit.
> > >
> > > >
> > > > I think I have to file a bug to OpenSSL, but I don't know too
much
> > > > about the
> > > > PKCS11 specs to support the claims. I'd appreciate any help to
> > > > file a decent
> > > issue.
> > > > Also, any workaround is welcome, as replacing OpenSSL in any
> > > > distribution is very hard given all the software that depends on it.
> > >
> > > Probably not, it's probably something we need to fix in the pkcs11
> > > library which is very much an under development project. We should
> > > try and replicate the bug first, and deduce that it is their bug
> > > before we file. We don't want to cry wolf here.
> > >
> > > I would capture the parameters going into the C_SignInit and
> > > subsequent C_Sign calls and create a test in
> > > test/integration/pkcs-crypt.int.c that reproduces the error.
> > >
> > > If you get me the inputs soon, I can develop this test and get a fix
> > > out. I am out all next week Jan 27-Jan31.
> > >
> > > Another great way to debug deeper is both pkcs11spy and setting the
> > > env variable "export TPM2_PKCS11_DEBUG_LOG=2" to get verbose
logs
> > > out of the
> > > tpm2-pkcs11 Library. You can find the pkcs11spy project at:
> > > https://github.com/OpenSC/OpenSC/wiki/Using-OpenSC
> > >
> > > Also, specifying versions of OSSL and tpm2-pkcs11 as well as more
> > > logs and specific error messages you share, the easier it will be for us to
help
> debug.
> > >
> > > Thanks,
> > > Bill
> > >
> > > > _______________________________________________
> > > > tpm2 mailing list -- tpm2(a)lists.01.org To unsubscribe send an
> > > > email to tpm2-leave(a)lists.01.org
> > > > %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
7:35 p.m.
I have the same problem in Fedora 30, this are my versions:
1. tpm2-tss(a)2.3.0
2. tpm2-tools(a)4.0.1
3. tpm2-pkcs11(a)1.0
4. openssl(a)1.1
The radius log reports the same issue as Ignacio:
(13) eap_tls: TLS_accept: SSLv3/TLS read client certificate
(13) eap_tls: <<< recv TLS 1.2 [length 0046]
(13) eap_tls: TLS_accept: SSLv3/TLS read client key exchange
(13) eap_tls: <<< recv TLS 1.2 [length 0108]
(13) eap_tls: >>> send TLS 1.2 [length 0002]
(13) eap_tls: ERROR: TLS Alert write:fatal:decrypt error
tls: TLS_accept: Error in error
(13) eap_tls: ERROR: Failed in __FUNCTION__ (SSL_read)
(13) eap_tls: ERROR: error:0407E088:rsa routines:RSA_verify_PKCS1_PSS_mgf1:salt length
check failed
(13) eap_tls: ERROR: error:1417B07B:SSL routines:tls_process_cert_verify:bad signature
(13) eap_tls: ERROR: System call (I/O) error (-1)
(13) eap_tls: ERROR: TLS receive handshake failed during operation
(13) eap_tls: ERROR: [eaptls process] = fail
(13) eap: ERROR: Failed continuing EAP TLS (13) session. EAP sub-module failed
(13) eap: Sending EAP Failure (code 4) ID 6 length 4
(13) eap: Failed in EAP select
(13) [eap] = invalid
(13) } # authenticate = invalid
(13) Failed to authenticate the user
My tpm2_pkcs11 ldd output is
[root@localhost ~]# ldd /usr/lib64/pkcs11/libtpm2_pkcs11.so
linux-vdso.so.1 (0x00007ffe2f3e7000)
libtss2-esys.so.0 => /usr/local/lib/libtss2-esys.so.0 (0x00007f95a2714000)
libtss2-sys.so.0 => /usr/local/lib/libtss2-sys.so.0 (0x00007f95a26eb000)
libtss2-mu.so.0 => /usr/local/lib/libtss2-mu.so.0 (0x00007f95a26a3000)
libtss2-tctildr.so.0 => /usr/local/lib/libtss2-tctildr.so.0
(0x00007f95a269a000)
libtss2-rc.so.0 => /usr/local/lib/libtss2-rc.so.0 (0x00007f95a2690000)
libsqlite3.so.0 => /lib64/libsqlite3.so.0 (0x00007f95a2571000)
libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f95a228f000)
libyaml-0.so.2 => /lib64/libyaml-0.so.2 (0x00007f95a226d000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f95a2267000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f95a2246000)
libc.so.6 => /lib64/libc.so.6 (0x00007f95a2080000)
/lib64/ld-linux-x86-64.so.2 (0x00007f95a27d5000)
libm.so.6 => /lib64/libm.so.6 (0x00007f95a1f3a000)
libz.so.1 => /lib64/libz.so.1 (0x00007f95a1f1e000)
Could this be confirmed by compiling the tpm2_pkcs11 module with openssl 1.0.2?
8:53 a.m.
Hello,
another way to get this working would be to avoid tpm2-pkcs11 entirely.
Both wpa_supplicant and NetworkManager have versions working with
tpm2-tss-engine already.
For NetworkManager that should be any version > 1.20 and for
wpa_supplicant, its in the current development branch.
Although that might be no fun at all as well with older Ubuntu versions.
regards,
Steffen
On 1/22/20 7:35 PM, Ignacio Jaureguiberry wrote:
I was trying to make wpa_supplicant use a tpm2-pkcs11 stored private
key to authenticate against a RADIUS server, I mentioned about it on this discussion:
https://lists.01.org/hyperkitty/list/tpm2@lists.01.org/message/AYUBCAFCCX...
With some fixes on tpm2-pkcs11, TLS is working and there is an integration test for that
here:
https://github.com/tpm2-software/tpm2-pkcs11/blob/master/test/integration...
I wasn't able to reproduce this on Ubuntu 18, and noted that the test cases ran on
top of an Ubuntu 16.04 image. I tried Ubuntu 16.04 and TLS works as in the integration
test. I also checked that using latest version of wpa_supplicant, it does work with
tpm2-pkcs11 and creates an EAP-TLS connection using the TPM.
I've debugged a bit in both OS versions and found that openssl is calling
pkey_rsa_sign with different padding modes: RSA_PKCS1_PADDING in Ubuntu 16, and
RSA_PKCS1_PSS_PADDING in Ubuntu 18. The consequence is that in tpm2-pkcs11, sign_init is
being called using CKM_RSA_PKCS as mechanism on Ubuntu 16, but in Ubuntu 18 it is being
called with CKM_RSA_X_509, which is not supported.
I think I have to file a bug to OpenSSL, but I don't know too much about the PKCS11
specs to support the claims. I'd appreciate any help to file a decent issue. Also, any
workaround is welcome, as replacing OpenSSL in any distribution is very hard given all the
software that depends on it.
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
--
Steffen Schwebel
Mail: s.schwebel(a)uvensys.de
uvensys GmbH
Firmensitz und Sitz der Gesellschaft:
uvensys GmbH
Robert-Bosch-Straße 4b
35440 Linden
HRB: AG Friedberg, 7780
USt-Id: DE282879294
Geschäftsführer:
Dr. Thomas Licht, t.licht(a)uvensys.de
Volker Lieder, v.lieder(a)uvensys.de
Mail: info(a)uvensys.de
Internet: www.uvensys.de
Durchwahl: 06403 - 789 3622
Hotline: 06403 - 789 3688
Zentrale: 06403- 789 360
Fax: 06403 - 789 3699
==========================================================
Jegliche Stellungnahmen und Meinungen dieser E-Mail sind
alleine die des Autors und nicht notwendigerweise die der
Firma. Falls erforderlich, können Sie eine gesonderte
schriftliche Bestätigung anfordern.
Any views or opinions presented in this email are solely
those of the author and do not necessarily represent those
of the company. If verification is required please request
a hard-copy version.
3:52 p.m.
Will definitively take a look at it once the tpm2-pkcs11 approach works!
Are you talking about this commit in master branch of wpa_supplicant?
https://w1.fi/cgit/hostap/commit/?id=18780c6d6706ee90c98eb5f27454c1bcf7b4...
The reason why we moved forward with the pkcs11 approach is mostly because it has the PKCS
standard in the package name, (..."The PKCS #11 standard defines a
platform-independent API to cryptographic tokens, such as hardware security modules (HSM)
and smart cards"..).
Our assumption is that, if we make the PKCS#11 module work for wpa_supplicant, we will
also enable any software that wants to use the TPM by just using the PKCS#11 standard,
which is much more easier than implementing specific logic to talk with the TPM in
specific platforms (standards are good
Additionally, to have this widely available, we need to make this packages available in
the target distros (Fedora and Ubuntu for now).
There is a tpm2-pkcs11 package available in Fedora as today:
https://pkgs.org/download/tpm2-pkcs11.
I just found that there is a tpm2-pk11 package in Ubuntu as well, that also uses tpm2-tss
here https://zoomadmin.com/HowToInstall/UbuntuPackage/tpm2-pk11.
As regards the tpm2-tss-engine, there is no package for Ubuntu. There is an rpm for Fedora
being assembled here https://bugzilla.redhat.com/show_bug.cgi?id=1773855 though.
So I hope that all this exercise makes the process more stable for everybody!
5:10 p.m.
Hello,
On Fri, Jan 24, 2020 at 4:52 PM <nicolasoliver03(a)gmail.com> wrote:
Our assumption is that, if we make the PKCS#11 module work for
wpa_supplicant, we will also enable any software that wants to use the TPM
by just using the PKCS#11 standard, which is much more easier than
implementing specific logic to talk with the TPM in specific platforms
(standards are good
In my experience this is mostly true - the key word in that sentence being
"mostly". The PKCS#11 is fairly big (
http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-...)
and while it fully describes the interface between the cryptographic system
and its user, it does very little to describe how is shall be used. That's
where the experience comes in handy: different softwares use different
workflows. So given a specific PKCS#11 engine, you may be able to have it
work with (for example) OpenVPN, but not with wget (though the PKCS#11
engine for OpenSSL). This will only be true if the specific PKCS#11 engine
you use for your device implements everything in the spec.
Additionally, to have this widely available, we need to make this packages
available in the target distros (Fedora and Ubuntu for now).
There is a tpm2-pkcs11 package available in Fedora as today:
https://pkgs.org/download/tpm2-pkcs11.
I just found that there is a tpm2-pk11 package in Ubuntu as well, that
also uses tpm2-tss here
https://zoomadmin.com/HowToInstall/UbuntuPackage/tpm2-pk11.
I haven't worked with tpm2-pkcs11 yet so I cannot say much about it (this
is planed but I have to find some time to do so ; my goal is to use it over
tpm2-pk11 but then I have a specific version where the public certificates
are stored as DER in the nvram of the TPM2 instead of being stored in a
specific directory). tpm2-pk11 was missing things when I started to use it
and I had to add what was missing for my own use case (we have used it for
2 years with OpenVPN, OpenSSL and a handful of other programs).
As regards the tpm2-tss-engine, there is no package for Ubuntu. There
is
an rpm for Fedora being assembled here
https://bugzilla.redhat.com/show_bug.cgi?id=1773855 though.
So I hope that all this exercise makes the process more stable for
everybody!
Thanks :)
Best regards,
--
Emmanuel Deloget
9:11 p.m.
On Fri, 2020-01-24 at 18:10 +0100, Emmanuel Deloget wrote:
In my experience this is mostly true - the key word in that sentence
being "mostly". The PKCS#11 is fairly big (
http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-...
) and while it fully describes the interface between the
cryptographic system and its user, it does very little to describe
how is shall be used. That's where the experience comes in handy:
different softwares use different workflows. So given a specific
PKCS#11 engine, you may be able to have it work with (for example)
OpenVPN, but not with wget (though the PKCS#11 engine for OpenSSL).
This will only be true if the specific PKCS#11 engine you use for
your device implements everything in the spec.
FWIW much of this *shouldn't* be true, at least for basic key storage
for TLS and similar purposes.
If you have a properly functioning PKCS#11 provider which is correctly
registered with p11-kit on a Linux system, then any application which
accepts certificates+keys in a PEM or PKCS#12 or similar file SHOULD
also accept a PKCS#11 URI as defined by RFC7512.
At least in Fedora, if you find an application for which that *isn't*
true, please file a bug and Cc me.
On other distributions, YMMV.
8:40 p.m.
Hi David!
wpa_supplicant is now working in F32 with tpm2-pkcs11 1.2.0
Network Manager is having problems. I posted a bug an Cc you in
https://bugzilla.redhat.com/show_bug.cgi?id=1821924
Thanks!
8:59 p.m.
Looks like NM added a second empty ;pin-value=?
On 7 April 2020 21:40:30 BST, nicolasoliver03(a)gmail.com wrote:
Hi David!
wpa_supplicant is now working in F32 with tpm2-pkcs11 1.2.0
Network Manager is having problems. I posted a bug an Cc you in
https://bugzilla.redhat.com/show_bug.cgi?id=1821924
Thanks!
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
566
days inactive
642
days old
13 comments
7 participants
participants (7)
-
David Woodhouse -
Emmanuel Deloget -
Ignacio Jaureguiberry -
Jaureguiberry, IgnacioX
-
nicolasoliver03@gmail.com -
Roberts, William C -
Steffen Schwebel