All of lore.kernel.org
 help / color / mirror / Atom feed
* [tpm2] Re: Generate keypair using OpenSSL, then load into TPM2
@ 2019-12-06 14:28 Roberts, William C
  0 siblings, 0 replies; 4+ messages in thread
From: Roberts, William C @ 2019-12-06 14:28 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 1513 bytes --]



> -----Original Message-----
> From: Frederick Gotham [mailto:cauldwell.thomas(a)gmail.com]
> Sent: Friday, December 6, 2019 4:47 AM
> To: tpm2 <tpm2(a)lists.01.org>
> Subject: [tpm2] Generate keypair using OpenSSL, then load into TPM2
> 
> I generate an RSA keypair as follows:
> 
>     openssl genrsa -out private.pem 2048
> 
> Next I want to load this keypair into the TPM2 and make it persistent.
> In future I will use it to verify signatures.
> 
> Looking through the manual for TPM2 tools, I notice three tools in particular,
> "load", "loadexternal", "import". At first glance it looks like the one I need here is
> "import". So here's what I do:
> 
>     tpm2_createprimary --hierarchy=o --hash-algorithm=sha256 --key-
> algorithm=rsa --key-context=primary.ctx
> 
>     tpm2_flushcontext --transient-object
> 
>     tpm2_import -C primary.ctx -G rsa -i private.pem -u key.pub -r key.priv

Import essentially creates blobs that can be loaded into the tpm (key.pub and key.priv)
These can be loaded via tpm2_load

tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx


> 
> It works fine up until here. Next I want make it persistent. . . .Oh wait I can't. I
> don't have a context file to feed into "tpm2_evictcontrol". So where do I go from
> here?
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [tpm2] Re: Generate keypair using OpenSSL, then load into TPM2
@ 2019-12-10  8:16 Frederick Gotham
  0 siblings, 0 replies; 4+ messages in thread
From: Frederick Gotham @ 2019-12-10  8:16 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 2842 bytes --]

On 12/9/19, Steven Clark <davolfman(a)gmail.com> wrote:

> Have you tried loading the keypair with permissions that let you sign and
> try to sign a digest with it?  Maybe you've just zero'd out a copy of the
> public key and a self signature or something?  Even a DER of an openSSL
> private key is much larger than it needs to be.
>
> Here's a rough layout of a 2048RSA private key I'm looking at with -text.
> Modulus ~256 bytes
> public exponent <=4 bytes
> Private exponent ~256 bytes
> Prime 1 ~128 bytes
> Prime 2 ~128 bytes
> Exponent 1 ~128 bytes
> Exponent 2 ~128 bytes
> Coefficient ~128 bytes
> If that helps you might be able to guess which parts of the key you're
> zeroing.

Here's the before and after of a private key I zero'ed out. The
uppercase letter 'A' corresponds to six bits all set to zero.

Before:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCujoM27e3vbybfgGBRXpB9N6HBG1/VNlg2COJbjysYHcG6elBe
bNldx7NscmwZFqY6hb577a0OWjpWXXJqfEpAropDKke3bqP/jFQGkMoiGfBs0P+p
e5oOvTMD7mgtQ7PXbZIdx30VMH9oZEveP8Fe1N3ES4RK1VxX/URpt3pOnwIDAQAB
AoGAAUdJ7r0PYRGPV1O5YN8wb7pYlPF+YjFjtAGcps8FoceWA6ehrw9dCDLOPZ0Y
7ZYc4ZDZNE8pVVGT284TaHRAlvWV1Qm0m/bP4oirymlnwY43m2ai70TLjw8q+xli
0OhxfVmKAy2c/winwpZKxK0w2kMMGJTrX1/lqMdNwf7QrwECQQDh64jWzLwz1dsk
dxJxq3KBJYl98+qycjkOAcBEhpU3vljLYsCIdO6ScADLGUBAGXz+TDjIg1VV2/rb
cM4AcDrzAkEAxcxDGyKfzhX1LQX54jr5NgoGZQAP/x0+5ZIwRJfWTvJnr1M/lEWs
IvhXkhMq0gpOsQtXxSlV4zd4WhLqV75wpQJAKjRJDO+UXQ6fcLF51ZhUvMGZbNkr
SAjEldRH6cVGjPJXPi+Fjjhh9SNNUqO1+AOK8SqmFPdL8s00kNgC89wDdwJACD1M
BlNY6NLNVcTL9fqS6wdb4NUx1WS4fAOs8w6IJN3AJ/OF0H1egE5sB2+49urrAEEC
tPnV1BM5djcXf/Q06QJBAMGkX/PF7jf4xgNKTH0Ps28oxAPA0nBt1/NGXZonsgPs
3Lk67iZYvjwj9H9nXnelFqwqRxJLS2r1AmYkxMv/0ns=
-----END RSA PRIVATE KEY-----

After:

-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCujoM27e3vbybfgGBRXpB9N6HBG1/VNlg2COJbjysYHcG6elBe
bNldx7NscmwZFqY6hb577a0OWjpWXXJqfEpAropDKke3bqP/jFQGkMoiGfBs0P+p
e5oOvTMD7mgtQ7PXbZIdx30VMH9oZEveP8Fe1N3ES4RK1VxX/URpt3pOnwIDAQAB
AoGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQQDh64jWzLwz1dsk
dxJxq3KBJYl98+qycjkOAcBEhpU3vljLYsCIdO6ScADLGUBAGXz+TDjIg1VV2/rb
cM4AcDrzAkEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAJBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
-----END RSA PRIVATE KEY-----


If I feed this zero'ed out key into OpenSSL, I can get back the public
key intact. Also I can import this private key into the TPM2 chip and
use it to verify a signature.

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [tpm2] Re: Generate keypair using OpenSSL, then load into TPM2
@ 2019-12-09 20:48 Steven Clark
  0 siblings, 0 replies; 4+ messages in thread
From: Steven Clark @ 2019-12-09 20:48 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 617 bytes --]

Have you tried loading the keypair with permissions that let you sign and
try to sign a digest with it?  Maybe you've just zero'd out a copy of the
public key and a self signature or something?  Even a DER of an openSSL
private key is much larger than it needs to be.

Here's a rough layout of a 2048RSA private key I'm looking at with -text.
Modulus ~256 bytes
public exponent <=4 bytes
Private exponent ~256 bytes
Prime 1 ~128 bytes
Prime 2 ~128 bytes
Exponent 1 ~128 bytes
Exponent 2 ~128 bytes
Coefficient ~128 bytes
If that helps you might be able to guess which parts of the key you're
zeroing.

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1241 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [tpm2] Re: Generate keypair using OpenSSL, then load into TPM2
@ 2019-12-06 17:52 Frederick Gotham
  0 siblings, 0 replies; 4+ messages in thread
From: Frederick Gotham @ 2019-12-06 17:52 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 1079 bytes --]

On Friday, December 6, 2019, Roberts, William C:


> Import essentially creates blobs that can be loaded into the tpm (key.pub
> and key.priv)
> These can be loaded via tpm2_load
>
> tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx
>


Thank you, I finally got it working. I can load the RSA keypair into the
device in the factory, and from that point forward, I can use 0x81000000 to
validate signatures.

I came up with a trick to scramble the private key. I take the entire key
which is 608 bytes in raw binary form, and then I iterate through each of
the bytes trying to set each byte to zero. I try to feed the altered key
into the TMP2 and see if I get an error (e.g. it might fail and say
"private and public portions are not cryptographically bound"). I was able
to zero out 64% of the RSA keypair and still load it into the TPM2 to use
the public key to validate signatures. This way the private key never has
to leave the office (i.e. it doesn't need to go on a disk that's used in
the factory). Only the public key leaves the office.

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1319 bytes --]

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-12-10  8:16 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-12-06 14:28 [tpm2] Re: Generate keypair using OpenSSL, then load into TPM2 Roberts, William C
2019-12-06 17:52 Frederick Gotham
2019-12-09 20:48 Steven Clark
2019-12-10  8:16 Frederick Gotham

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.