9:27 a.m.
I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon
running on an Orange-Pi zero (also a single-board computer a little
smaller than the raspi).
I've successfully built tpm2-tss-engine and have the following questions:
- The key generation examples in the README.md create the private key in
a file on the local filesystem. Isn't the purpose of a
hw-security-module that the key stays inside the device and can't be
extracted? Or am I missing something here? Is there a way to create a
protected key inside the device in a way that it cannot be extracted?
- I'm not familiar with the engine concept of OpenSSL, is there a way to
use the engine with a software that is not engine-aware? In my case
the mosquitto message broker. Or would I have to modify the software?
Thanks
Ralf Schlatterbeck
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office(a)runtux.com
10:44 a.m.
-----Original Message-----
From: tpm2 [mailto:tpm2-bounces@lists.01.org] On Behalf Of Ralf Schlatterbeck
Sent: Wednesday, April 10, 2019 9:27 AM
To: tpm2(a)lists.01.org
Subject: [tpm2] tpm2-tss-engine
I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon running on
an Orange-Pi zero (also a single-board computer a little smaller than the raspi).
I've successfully built tpm2-tss-engine and have the following questions:
- The key generation examples in the README.md create the private key in
a file on the local filesystem. Isn't the purpose of a
hw-security-module that the key stays inside the device and can't be
extracted? Or am I missing something here?
That blob of data that gets stored on disk is sealed to that TPM. So outside of DOS
If someone deletes that keyblob, there's no real way to use it to extract the key
material
Directly from that blob unless they break the TPMs crypto mechanism used to protect it.
They could load it if they access to the parent objects authorization value, but
wouldn't be
able to use the object without satisfying it's authorization value, but the TPM has
dictionary
attack prevention to prevent brute force guessing, so that helps. TPM DA protection
requires
the object be created with noDA attribute clear.
Theirs other attributes when creating the object that indicate whether or not the
key can ever be exported from the TPM, not sure if those are being set.
Is there a way to create a
protected key inside the device in a way that it cannot be
extracted?
I think you want fixedtpm and fixedparent.
If we look at the ECC key, we see these being set:
.objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
TPMA_OBJECT_SIGN_ENCRYPT |
TPMA_OBJECT_FIXEDTPM |
TPMA_OBJECT_FIXEDPARENT |
TPMA_OBJECT_SENSITIVEDATAORIGIN |
TPMA_OBJECT_NODA),
https://github.com/tpm2-software/tpm2-tss-engine/blob/master/src/tpm2-tss...
The code is setting NODA which means someone can load up that object, and very slowly
brute force
the auth value.
The auth value seems to be the password directly:
src/tpm2-tss-engine-ecc.c:463: tpm2Data->userauth.size = strlen(password);
src/tpm2-tss-engine-ecc.c:464: memcpy(&tpm2Data->userauth.buffer[0],
password,
src/tpm2-tss-engine-ecc.c:465: tpm2Data->userauth.size);
https://github.com/tpm2-software/tpm2-tss-engine/blob/master/src/tpm2-tss...
So pick a strong one, not sure why they're not embedding a salt/iters in the PEM file
and using a pbkdf routine.
- I'm not familiar with the engine concept of OpenSSL, is there a
way to
use the engine with a software that is not engine-aware? In my case
the mosquitto message broker. Or would I have to modify the software?
I think engines can be loaded via the config file or environment variables.
Thanks
Ralf Schlatterbeck
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office(a)runtux.com
_______________________________________________
tpm2 mailing list
tpm2(a)lists.01.org
https://lists.01.org/mailman/listinfo/tpm2
1:46 a.m.
On Wed, 2019-04-10 at 17:44 +0000, Roberts, William C wrote:
> - I'm not familiar with the engine concept of OpenSSL, is
there a way to
> use the engine with a software that is not engine-aware? In my case
> the mosquitto message broker. Or would I have to modify the software?
I think engines can be loaded via the config file or environment variables.
The engine can be loaded simply by calling ENGINE_by_id("tpm2"). If
it's installed properly you shouldn't need to mess with config files
etc.
(We did fix the engine name to be consistent with the other
implementation, so that applications don't need to try both, didn't we?
Otherwise, apps need to try both "tpm2" and "tpm2-tss" engine names.)
For example applications using this, see OpenConnect:
http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/openssl.c...
Or wpa_supplicant:
https://www.spinics.net/lists/hostap/msg05728.html
It isn't hard. Of course, OpenSSL should make it *easier*, and should
just Do The Right Thing when it sees a PEM file with the appropriate
-----BEGIN TSS2 PRIVATE KEY----- marker.... but that will take a while
to fix. Perhaps if the engine were to offer an ASN1_METHOD for it?
1:10 p.m.
The engine can be loaded simply by calling
ENGINE_by_id("tpm2"). If
it's installed properly you shouldn't need to mess with config files
etc.
(We did fix the engine name to be consistent with the other
implementation, so that applications don't need to try both, didn't we?
Otherwise, apps need to try both "tpm2" and "tpm2-tss" engine names.)
No we did not change the engine name. James never answered and I did
not want to just invade his namespace...
Thus we now have 2 names, tpm2-tss is the TCG-TSS one...
11:54 a.m.
As Bill already said:
- The keys are only known to the TPM and will never be known outside, so they cannot be
"stolen" or copied.
Think of heartbleed or any other hacker break into your system
- You can define an openssl.cnf file and env variable. See
https://www.openssl.org/docs/man1.1.0/man5/config.html
P.S. The TPM is much slower than software. So it's not suited for high-load servers,
but low-load servers or clients.
(yes, works with client authentication as well)
I now remember that I wanted to provide a openssl.cnf.sample file.
Will add a bug for this.
Cheers,
Andreas
________________________________________
From: tpm2 [tpm2-bounces(a)lists.01.org] on behalf of Ralf Schlatterbeck [rsc(a)runtux.com]
Sent: Wednesday, April 10, 2019 18:27
To: tpm2(a)lists.01.org
Subject: [tpm2] tpm2-tss-engine
I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon
running on an Orange-Pi zero (also a single-board computer a little
smaller than the raspi).
I've successfully built tpm2-tss-engine and have the following questions:
- The key generation examples in the README.md create the private key in
a file on the local filesystem. Isn't the purpose of a
hw-security-module that the key stays inside the device and can't be
extracted? Or am I missing something here? Is there a way to create a
protected key inside the device in a way that it cannot be extracted?
- I'm not familiar with the engine concept of OpenSSL, is there a way to
use the engine with a software that is not engine-aware? In my case
the mosquitto message broker. Or would I have to modify the software?
Thanks
Ralf Schlatterbeck
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office(a)runtux.com
_______________________________________________
tpm2 mailing list
tpm2(a)lists.01.org
https://lists.01.org/mailman/listinfo/tpm2
8:43 a.m.
On Wed, Apr 10, 2019 at 05:44:09PM +0000, Roberts, William C wrote:
> -----Original Message-----
> From: tpm2 On Behalf Of Ralf Schlatterbeck
> I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon running on
> - The key generation examples in the README.md create the private key in
> a file on the local filesystem. Isn't the purpose of a
> hw-security-module that the key stays inside the device and can't be
> extracted? Or am I missing something here?
That blob of data that gets stored on disk is sealed to that TPM. So
outside of DOS If someone deletes that keyblob, there's no real way to
use it to extract the key material Directly from that blob unless they
break the TPMs crypto mechanism used to protect it.
Thanks, the process of key generation looked too much like the normal
ssl key generation and I didn't look into the key file. It has "BEGIN
TSS2 PRIVATE KEY" which could have told me something had I looked :-)
Shouldn't that be documented in one or two sentences in the README.md?
> - I'm not familiar with the engine concept of OpenSSL, is
there a way to
> use the engine with a software that is not engine-aware? In my case
> the mosquitto message broker. Or would I have to modify the software?
I think engines can be loaded via the config file or environment variables.
On Wed, Apr 10, 2019 at 06:54:19PM +0000, Fuchs, Andreas wrote:
- You can define an openssl.cnf file and env variable. See
https://www.openssl.org/docs/man1.1.0/man5/config.html
On Thu, Apr 11, 2019 at 11:46:30AM +0300, David Woodhouse wrote:
The engine can be loaded simply by calling ENGINE_by_id("tpm2"). If
it's installed properly you shouldn't need to mess with config files
etc.
OK I had hoped that simply plugging an engine into the openssl config
would do the trick for me: Openssl should be smart enough to figure out
via the key file that it can/should use an engine to do the work. Oh
well. My naive approach involved configuring the TSS2 PRIVATE KEY file
as the key-file in mosquitto and setting all the engine stuff (see
below). But this only gets me the
'Error: Unable to load server key file
"/etc/mosquitto/certs/server.key". Check keyfile.'
My current /etc/ssl/openssl.cnf looks as follows, so maybe this can be a
contribution for an example file:
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
engines = engine_section
[engine_section]
tpm = tpm_section
[tpm_section]
engine_id = tpm2
dynamic_path = /usr/lib/arm-linux-gnueabihf/engines-1.1/tpm2tss.so
SET_TCTI = device:/dev/tpmrm0
So I'm getting correct output:
root@sun8i:/# openssl engine -c -vvvv -t tpm2tss
(tpm2tss) TPM2-TSS engine for OpenSSL
[RSA, RAND]
[ available ]
SET_OWNERAUTH: Set the password for the owner hierarchy (default none)
(input flags): STRING
SET_TCTI: Set the TCTI module and options (default none)
(input flags): STRING
Just some questions here:
- I take away from this question that I need to modify sourcecode to
make an engine work with openssl, is this really the case?
- My TPM 2.0 module from Infineon does support elliptic curves, is there
a way to support this with the engine? Especially in the light of
recent ROCA vulnerabilities of Infineon modules I'd like to use EC
instead of RSA if possible. (see soon-to-come separate posting about ROCA)
Oh, and a note on performance: My singleboard "computer" is an OrangePi
zero, 256M RAM, 100M Ethernet, 5x5cm in size (but quad-core :-) so I'm
not worried about performance here, the goal is a proof-of-concept
implementation.
Thanks
Ralf Schlatterbeck
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office(a)runtux.com
1:19 p.m.
- You need to somehow tell openssl to use "keyform = engine"
Unfortunately, I don't currently know how to do this using the openssl.cnf
Once we merge PR https://github.com/tpm2-software/tpm2-tss-engine/pull/89
The loading of keys should work without the "keyform = engine" settings.
Until then, I'm unsure how exactly this can be managed.
- The engine already support ECDSA. Have a look at the -alg parameter of tpm2tss-genkey
- An wrt documentation: I'd appreciate anything you seem fit. Preferably as
PullRequest
or as Issue on github. Emails just allways get lost.
Cheers,
Andreas
________________________________________
From: tpm2 [tpm2-bounces(a)lists.01.org] on behalf of Ralf Schlatterbeck [rsc(a)runtux.com]
Sent: Thursday, April 11, 2019 17:43
To: tpm2(a)lists.01.org
Subject: Re: [tpm2] tpm2-tss-engine
On Wed, Apr 10, 2019 at 05:44:09PM +0000, Roberts, William C wrote:
> -----Original Message-----
> From: tpm2 On Behalf Of Ralf Schlatterbeck
> I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon running on
> - The key generation examples in the README.md create the private key in
> a file on the local filesystem. Isn't the purpose of a
> hw-security-module that the key stays inside the device and can't be
> extracted? Or am I missing something here?
That blob of data that gets stored on disk is sealed to that TPM. So
outside of DOS If someone deletes that keyblob, there's no real way to
use it to extract the key material Directly from that blob unless they
break the TPMs crypto mechanism used to protect it.
Thanks, the process of key generation looked too much like the normal
ssl key generation and I didn't look into the key file. It has "BEGIN
TSS2 PRIVATE KEY" which could have told me something had I looked :-)
Shouldn't that be documented in one or two sentences in the README.md?
> - I'm not familiar with the engine concept of OpenSSL, is
there a way to
> use the engine with a software that is not engine-aware? In my case
> the mosquitto message broker. Or would I have to modify the software?
I think engines can be loaded via the config file or environment variables.
On Wed, Apr 10, 2019 at 06:54:19PM +0000, Fuchs, Andreas wrote:
- You can define an openssl.cnf file and env variable. See
https://www.openssl.org/docs/man1.1.0/man5/config.html
On Thu, Apr 11, 2019 at 11:46:30AM +0300, David Woodhouse wrote:
The engine can be loaded simply by calling ENGINE_by_id("tpm2"). If
it's installed properly you shouldn't need to mess with config files
etc.
OK I had hoped that simply plugging an engine into the openssl config
would do the trick for me: Openssl should be smart enough to figure out
via the key file that it can/should use an engine to do the work. Oh
well. My naive approach involved configuring the TSS2 PRIVATE KEY file
as the key-file in mosquitto and setting all the engine stuff (see
below). But this only gets me the
'Error: Unable to load server key file
"/etc/mosquitto/certs/server.key". Check keyfile.'
My current /etc/ssl/openssl.cnf looks as follows, so maybe this can be a
contribution for an example file:
openssl_conf = default_conf
[default_conf]
ssl_conf = ssl_sect
engines = engine_section
[engine_section]
tpm = tpm_section
[tpm_section]
engine_id = tpm2
dynamic_path = /usr/lib/arm-linux-gnueabihf/engines-1.1/tpm2tss.so
SET_TCTI = device:/dev/tpmrm0
So I'm getting correct output:
root@sun8i:/# openssl engine -c -vvvv -t tpm2tss
(tpm2tss) TPM2-TSS engine for OpenSSL
[RSA, RAND]
[ available ]
SET_OWNERAUTH: Set the password for the owner hierarchy (default none)
(input flags): STRING
SET_TCTI: Set the TCTI module and options (default none)
(input flags): STRING
Just some questions here:
- I take away from this question that I need to modify sourcecode to
make an engine work with openssl, is this really the case?
- My TPM 2.0 module from Infineon does support elliptic curves, is there
a way to support this with the engine? Especially in the light of
recent ROCA vulnerabilities of Infineon modules I'd like to use EC
instead of RSA if possible. (see soon-to-come separate posting about ROCA)
Oh, and a note on performance: My singleboard "computer" is an OrangePi
zero, 256M RAM, 100M Ethernet, 5x5cm in size (but quad-core :-) so I'm
not worried about performance here, the goal is a proof-of-concept
implementation.
Thanks
Ralf Schlatterbeck
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office(a)runtux.com
_______________________________________________
tpm2 mailing list
tpm2(a)lists.01.org
https://lists.01.org/mailman/listinfo/tpm2
12:58 a.m.
On Thu, Apr 11, 2019 at 08:19:57PM +0000, Fuchs, Andreas wrote:
- You need to somehow tell openssl to use "keyform =
engine"
Unfortunately, I don't currently know how to do this using the openssl.cnf
Once we merge PR https://github.com/tpm2-software/tpm2-tss-engine/pull/89
The loading of keys should work without the "keyform = engine" settings.
Until then, I'm unsure how exactly this can be managed.
That looks promising. So can I asume that with keyform = engine an
existing client can use the engine without additional code changes? I'll
try to find out if I can set the keyform parameter in the ssl config.
- The engine already support ECDSA. Have a look at the -alg
parameter
of tpm2tss-genkey
Oh. I was irritated by
root@sun8i:/etc/mosquitto# openssl engine -c -vvvv -t tpm2tss
(tpm2tss) TPM2-TSS engine for OpenSSL
[RSA, RAND]
...
which indicates it does support only RSA?
- An wrt documentation: I'd appreciate anything you seem fit.
Preferably as PullRequest or as Issue on github. Emails just allways
get lost.
OK I'll look into this but don't know enough yet about the tpm to
describe the key protection in more detail. But I think I can come up
with a note that hopefully would prevent the questions I asked for
someone coming later :-)
Thanks
Ralf
--
Dr. Ralf Schlatterbeck Tel: +43/2243/26465-16
Open Source Consulting www: http://www.runtux.com
Reichergasse 131, A-3411 Weidling email: office(a)runtux.com
1217
days inactive
1219
days old
7 comments
4 participants
participants (4)
-
David Woodhouse -
Fuchs, Andreas -
Ralf Schlatterbeck -
Roberts, William C