[tpm2] Re: Are there any help documents/sites on writing an ESAPI program.

[tpm2] Re: Are there any help documents/sites on writing an ESAPI program.

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 3394 bytes --]

The Esys integration tests are also super helpful:
https://github.com/tpm2-software/tpm2-tss/blob/master/test/integration/esys-ecdh-zgen.int.c


> -----Original Message-----
> From: Roberts, William C
> Sent: Thursday, April 30, 2020 10:44 AM
> To: 'Steven Clark' <davolfman(a)gmail.com>; tpm2 <tpm2(a)lists.01.org>
> Subject: RE: [tpm2] Are there any help documents/sites on writing an ESAPI
> program.
> 
> The tools themselves are real world examples.
> 
> You shouldn't go digging into the ESYS_CONTEXT or TCTI_CONTEXT but the
> structure parameters And returns to ESYS calls you can. Its set up where you can't
> go structure digging and compile with the include directory includes
> (https://github.com/tpm2-software/tpm2-tss/tree/master/include/tss2).
> If you add includes from the project that exist elsewhere you're doing it wrong.
> 
> Now for the ZGen code, we actually want to add it to tools. Its actually on the
> short list of commands To add, see bug: https://github.com/tpm2-
> software/tpm2-tools/issues/877
> 
> The reason we didn't add it yet, is we didn't know exactly how it works and to
> test it. Imran and I Actually have a meeting with someone way more
> knowledgeable on ECC to help us along. We would Love, even just sample code
> to help us out, or if you created the tool even better. Anything you can Share
> back is a win.
> 
> 
> Now for taking the training wheels off, Esys_Initialize(), you can leave off the tcti
> and abi pointers by passing NULL. That should just get you a context with the
> TPM and away you go. Here is a very simple program to start
> With:
> https://gist.github.com/williamcroberts/66a7dab3adfb973fbae3219954535009
> 
> You can alter that by changing the template and making an EC key to play with, or
> have it pass in blobs from tpm2_create tool. Tpm2_create tool has the output
> options -u and -r that you can pass along, and load those up by:
> 1. Desterilizing with libmu (offhand I think the calls will be
> Tss2_MU_TPM2B_PRIVATE_Unmarshal and
> Tss2_MU_TPM2B_PUBLIC_Unmarshal) 2. Calling Esys_Load() and getting the
> ESYS_TR handle to pass to the zgen routine
> 
> 
> 
> > -----Original Message-----
> > From: Steven Clark [mailto:davolfman(a)gmail.com]
> > Sent: Wednesday, April 29, 2020 7:51 PM
> > To: tpm2 <tpm2(a)lists.01.org>
> > Subject: [tpm2] Are there any help documents/sites on writing an ESAPI
> > program.
> >
> > I need to perform a command that doesn't have a tools executable yet
> > (TPM2_ECDH_ZGen) and on a persistent object handle that won't be
> > compatible with the on-disk key-databases of FAPI or PKCS#11.  So that
> > means I need to write my own code in C, and that code needs to use the ESAPI.
> >
> > I've had a lot of lead time to see this coming so I've done a few little
> experiments.
> > They have not improved my confidence in my understanding of the API.
> > For example I'm still not sure which structures I'm supposed to access
> > directly and which ones are supposed to be manipulated using functions.
> >
> > The Specs are either long and theoretical or dry and terse.  And both
> > the tests for TSS and the source files for Tools make use of internal
> > abstraction layers.  I'm having trouble getting a whole-process
> > picture.  Are there any resources out there to help me get my sea-legs on ESAPI
> code?

[tpm2] Re: Are there any help documents/sites on writing an ESAPI program.

[Steven Clark]

[-- Attachment #1: Type: text/plain, Size: 2940 bytes --]

OpenSSL splits ECC into the "ec" and "ecparam" commands as part of
dealing with the fact that there's not just one curve and you need to
know which curve to operate on, unlike RSA.  The "ecparam" can
generate a parameter structure and then a key that meets those
parameters from it, or "ecparam" can just generate a key on one of the
known curves and skip the extra step entirely.  Given that curve IDs
are used by the TPM this is probably the method you'd want to use to
generate a keypair anyway.

All I've really got is "because that's what the Internet told me" and
"because that's what OpenSSL does" however bad those reasons are.  The
32 bytes shared secret applies to ECDH with ECC-P256 and other curves
would have other lengths obviously.  The sources I read on the
operation said you "ECC multiplied" the private key by the public key
of the peer and took the X coordinate as the shared secret.  When
performing the -derive operation on P256 keys with OpenSSL the result
is a 32-byte stream that looks like it's high-entropy.  Also a
tpm2_readpublic of an ECC-p256 key shows a 32-byte X-coordinate so
this seems consistent.  When I run OpenSSL's derive operation with the
reverse pairing I also get the same number so the command does seem to
generate a shared secret.  I'm pretty sure this shared secret is some
sort of raw bitstream because it's not in an ASN.1 representation like
everything else OpenSSL reads or creates, and it's exactly the right
size to be a 256 bit symmetric key or other raw number.

Given the original output of the operation is a point on the curve the
command might also be one part of the process of creating an ephemeral
key.  With a second use case maybe there'd need to be -x and -y
arguments instead of -o?  Or maybe a -F for output format and pack it
into an ASN.1 public key package or TPMS (public?) if the other
format's selected, that way meta data about algorithm and curve ID is
available.
The ASN.1 format OpenSSL stores a public key in is something like
(you'll have to forgive my lack of ASN.1 plaintext notation):
SEQUENCE:
    SEQUENCE:
        OID:
            id-ecPublicKey
        OID:
            <curveID>
    BIT STRING:
            sec1 string format:
                0x00 for octet string
                0x04 for uncompressed
                <x coordinate>
                <y coordinate>



>
> > decode.  The tool should ideally have a -o option that's optional with pipe
> > detection to switch to binary like tpm2_getrandom, because the expected
> > output format is a 32-byte integer with no formatting.
>
> Is it? How do you know that (im curious)? Their's code to go from TPM2 data structures
> To openssl EC_POINT. I was trying to figure out what to do with it then. Openssl has
> The app ecparams that shows some PEM output of BEGIN EC PARAMS in scissor lines.
> I wasn't sure if we should go that route.
>
>

[tpm2] Re: Are there any help documents/sites on writing an ESAPI program.

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 9145 bytes --]



> -----Original Message-----
> From: Steven Clark [mailto:davolfman(a)gmail.com]
> Sent: Thursday, April 30, 2020 8:37 PM
> To: Roberts, William C <william.c.roberts(a)intel.com>
> Cc: tpm2 <tpm2(a)lists.01.org>
> Subject: Re: [tpm2] Are there any help documents/sites on writing an ESAPI
> program.
> 
> I'm remembering more about the last time I tried to write this code.  I got far
> enough to set up an ESYS_CONTEXT and use the TCTI defaulting behavior to use
> whatever the system was configured for.  Between the Doxygen pages and the
> ESAPI spec I managed to do that much.  I think the next part I ran into was that
> the ESAPI seemed to imply that ESYS_TRs were also opaque so I wasn't sure if I
> needed to use a function to get a handle that was already persisted.  I'll
> remember more questions as I look over my old code and get back into that
> mindset.  The problem of converting from OpenSSL to TSS key format should be
> only an annoyance now that I've taught myself to read DER in a hex editor for
> something else.
> 
> Now that I've read Robert's code, and done a little more research to go with it
> I've got ideas.  The tool is probably going to need a -u option which should
> probably have the ability to load a PEM public key (which I think is PKCS#8 but all I
> see on that says it's for private keys) in addition to the TSS structure like
> tpm2_loadexternal.  If the loadexternal behavior really is RSA only then it'll be a
> pain because ECC keys can come in a compressed form that takes math to

ECC support is present, tpm2_loadexternal calls tpm2_openssl_load_public() and will
Load a TPM2B_PUBLIC structure with the details.

> decode.  The tool should ideally have a -o option that's optional with pipe
> detection to switch to binary like tpm2_getrandom, because the expected
> output format is a 32-byte integer with no formatting.

Is it? How do you know that (im curious)? Their's code to go from TPM2 data structures
To openssl EC_POINT. I was trying to figure out what to do with it then. Openssl has
The app ecparams that shows some PEM output of BEGIN EC PARAMS in scissor lines.
I wasn't sure if we should go that route.

> 
> Creating an example input point isn't apparently as easy as just punching in an
> arbitrary number pair because the valid points for every curve only have one
> degree of freedom plus a bit: there are only two valid y coordinates for every x.
> That's why they can be compressed.  Also 0 might be a special identity, or maybe
> that's just for scalar multiplication.

Yeah this is where I get fuzzy and don't really know how to make this all work.

> 
> On Thu, Apr 30, 2020 at 11:29 AM Steven Clark <davolfman(a)gmail.com
> <mailto:davolfman(a)gmail.com> > wrote:
> 
> 
> 	If you're getting your Private and Public from the same keypair for an
> ECDH Zgen that's almost certainly why it's breaking.  As far as I know the inpoint
> should be the public key of the other side of the conversation, and the x
> coordinate of the output point should be the shared secret.  At least if the
> command does what I think it does.
> 	As I understand it if you want to double check your results you can derive
> the same shared secret from the other side of the channel, using their private
> key and the TPM key's public.  For example using openssl it would be:
> 	openssl pkeyutl -derive -inkey software.priv.pem -peerkey tpm.pub.pem
> -out shared.secret
> 	The shared secrets derived on both sides of the channel are the same but
> only public keys are exchanged and verified.  Hence why it's Elliptic Curve Diffie-
> Hellman.
> 
> 	The other ECDH commands are for less trivial cases involving more
> ephemeral keypairs and the like.
> 
> 	On Thu, Apr 30, 2020 at 9:27 AM Roberts, William C
> <william.c.roberts(a)intel.com <mailto:william.c.roberts(a)intel.com> > wrote:
> 
> 
> 		I took a few minutes and created a skeleton tool that calls ecdg
> zgen:
> 		https://github.com/williamcroberts/tpm2.0-tools/tree/zgen
> 
> 		If you build that branch you will see the tool tpm2_ecdhzgen. You
> can
> 		Call that command abd it will run, but has some errors, you need
> to
> 		Figure out what to do with in point and out point parameters.
> 
> 		    // Test setup
> 		    tpm2_createprimary -c primary.ctx
> 		    tpm2_create -C primary.ctx -G ecc256 -u ec.pub -r ec.priv
> 		    tpm2_load -C primary.ctx -u ec.pub -r ec.priv -c ec.ctx
> 
> 		    // Command fails...but runs!
> 		    tpm2_ecdhzgen -c ec.ctx
> 		    ERROR: Esys_RSA_Decrypt(0x1E7) - tpm:parameter(1):point is
> not on the required curve
> 
> 
> 		> -----Original Message-----
> 		> From: Roberts, William C
> 		> Sent: Thursday, April 30, 2020 10:59 AM
> 		> To: 'Steven Clark' <davolfman(a)gmail.com
> <mailto:davolfman(a)gmail.com> >; 'tpm2' <tpm2(a)lists.01.org
> <mailto:tpm2(a)lists.01.org> >
> 		> Subject: RE: [tpm2] Are there any help documents/sites on
> writing an ESAPI
> 		> program.
> 		>
> 		> The Esys integration tests are also super helpful:
> 		> https://github.com/tpm2-software/tpm2-
> 		> tss/blob/master/test/integration/esys-ecdh-zgen.int.c
> 		>
> 		>
> 		> > -----Original Message-----
> 		> > From: Roberts, William C
> 		> > Sent: Thursday, April 30, 2020 10:44 AM
> 		> > To: 'Steven Clark' <davolfman(a)gmail.com
> <mailto:davolfman(a)gmail.com> >; tpm2 <tpm2(a)lists.01.org
> <mailto:tpm2(a)lists.01.org> >
> 		> > Subject: RE: [tpm2] Are there any help documents/sites on
> writing an
> 		> > ESAPI program.
> 		> >
> 		> > The tools themselves are real world examples.
> 		> >
> 		> > You shouldn't go digging into the ESYS_CONTEXT or
> TCTI_CONTEXT but the
> 		> > structure parameters And returns to ESYS calls you can. Its set
> up
> 		> > where you can't go structure digging and compile with the
> include
> 		> > directory includes (https://github.com/tpm2-software/tpm2-
> 		> tss/tree/master/include/tss2).
> 		> > If you add includes from the project that exist elsewhere
> you're doing it wrong.
> 		> >
> 		> > Now for the ZGen code, we actually want to add it to tools. Its
> 		> > actually on the short list of commands To add, see bug:
> 		> > https://github.com/tpm2-
> 		> > software/tpm2-tools/issues/877
> 		> >
> 		> > The reason we didn't add it yet, is we didn't know exactly how
> it
> 		> > works and to test it. Imran and I Actually have a meeting with
> someone
> 		> > way more knowledgeable on ECC to help us along. We would
> Love, even
> 		> > just sample code to help us out, or if you created the tool
> even
> 		> > better. Anything you can Share back is a win.
> 		> >
> 		> >
> 		> > Now for taking the training wheels off, Esys_Initialize(), you
> can
> 		> > leave off the tcti and abi pointers by passing NULL. That
> should just
> 		> > get you a context with the TPM and away you go. Here is a
> very simple
> 		> > program to start
> 		> > With:
> 		> >
> https://gist.github.com/williamcroberts/66a7dab3adfb973fbae32199545350
> 		> > 09
> 		> >
> 		> > You can alter that by changing the template and making an EC
> key to
> 		> > play with, or have it pass in blobs from tpm2_create tool.
> Tpm2_create
> 		> > tool has the output options -u and -r that you can pass along,
> and load those up
> 		> by:
> 		> > 1. Desterilizing with libmu (offhand I think the calls will be
> 		> > Tss2_MU_TPM2B_PRIVATE_Unmarshal and
> 		> > Tss2_MU_TPM2B_PUBLIC_Unmarshal) 2. Calling Esys_Load()
> and getting the
> 		> > ESYS_TR handle to pass to the zgen routine
> 		> >
> 		> >
> 		> >
> 		> > > -----Original Message-----
> 		> > > From: Steven Clark [mailto:davolfman(a)gmail.com
> <mailto:davolfman(a)gmail.com> ]
> 		> > > Sent: Wednesday, April 29, 2020 7:51 PM
> 		> > > To: tpm2 <tpm2(a)lists.01.org <mailto:tpm2(a)lists.01.org> >
> 		> > > Subject: [tpm2] Are there any help documents/sites on
> writing an
> 		> > > ESAPI program.
> 		> > >
> 		> > > I need to perform a command that doesn't have a tools
> executable yet
> 		> > > (TPM2_ECDH_ZGen) and on a persistent object handle that
> won't be
> 		> > > compatible with the on-disk key-databases of FAPI or
> PKCS#11.  So
> 		> > > that means I need to write my own code in C, and that code
> needs to use the
> 		> ESAPI.
> 		> > >
> 		> > > I've had a lot of lead time to see this coming so I've done a
> few
> 		> > > little
> 		> > experiments.
> 		> > > They have not improved my confidence in my
> understanding of the API.
> 		> > > For example I'm still not sure which structures I'm supposed
> to
> 		> > > access directly and which ones are supposed to be
> manipulated using
> 		> functions.
> 		> > >
> 		> > > The Specs are either long and theoretical or dry and terse.
> And
> 		> > > both the tests for TSS and the source files for Tools make
> use of
> 		> > > internal abstraction layers.  I'm having trouble getting a
> 		> > > whole-process picture.  Are there any resources out there
> to help me
> 		> > > get my sea-legs on ESAPI
> 		> > code?
> 

[tpm2] Re: Are there any help documents/sites on writing an ESAPI program.

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 6579 bytes --]



> -----Original Message-----
> From: Steven Clark [mailto:davolfman(a)gmail.com]
> Sent: Thursday, April 30, 2020 1:29 PM
> To: Roberts, William C <william.c.roberts(a)intel.com>
> Cc: tpm2 <tpm2(a)lists.01.org>
> Subject: Re: [tpm2] Are there any help documents/sites on writing an ESAPI
> program.
> 
> If you're getting your Private and Public from the same keypair for an ECDH Zgen
> that's almost certainly why it's breaking.  As far as I know the inpoint should be
> the public key of the other side of the conversation, and the x coordinate of the
> output point should be the shared secret.  At least if the command does what I
> think it does.
> As I understand it if you want to double check your results you can derive the
> same shared secret from the other side of the channel, using their private key
> and the TPM key's public.  For example using openssl it would be:
> openssl pkeyutl -derive -inkey software.priv.pem -peerkey tpm.pub.pem -out
> shared.secret The shared secrets derived on both sides of the channel are the
> same but only public keys are exchanged and verified.  Hence why it's Elliptic
> Curve Diffie-Hellman.
> 
> The other ECDH commands are for less trivial cases involving more ephemeral
> keypairs and the like.

No I didn't do anything but connect the plumbing and make the call.


> 
> On Thu, Apr 30, 2020 at 9:27 AM Roberts, William C <william.c.roberts(a)intel.com
> <mailto:william.c.roberts(a)intel.com> > wrote:
> 
> 
> 	I took a few minutes and created a skeleton tool that calls ecdg zgen:
> 	https://github.com/williamcroberts/tpm2.0-tools/tree/zgen
> 
> 	If you build that branch you will see the tool tpm2_ecdhzgen. You can
> 	Call that command abd it will run, but has some errors, you need to
> 	Figure out what to do with in point and out point parameters.
> 
> 	    // Test setup
> 	    tpm2_createprimary -c primary.ctx
> 	    tpm2_create -C primary.ctx -G ecc256 -u ec.pub -r ec.priv
> 	    tpm2_load -C primary.ctx -u ec.pub -r ec.priv -c ec.ctx
> 
> 	    // Command fails...but runs!
> 	    tpm2_ecdhzgen -c ec.ctx
> 	    ERROR: Esys_RSA_Decrypt(0x1E7) - tpm:parameter(1):point is not on
> the required curve
> 
> 
> 	> -----Original Message-----
> 	> From: Roberts, William C
> 	> Sent: Thursday, April 30, 2020 10:59 AM
> 	> To: 'Steven Clark' <davolfman(a)gmail.com
> <mailto:davolfman(a)gmail.com> >; 'tpm2' <tpm2(a)lists.01.org
> <mailto:tpm2(a)lists.01.org> >
> 	> Subject: RE: [tpm2] Are there any help documents/sites on writing an
> ESAPI
> 	> program.
> 	>
> 	> The Esys integration tests are also super helpful:
> 	> https://github.com/tpm2-software/tpm2-
> 	> tss/blob/master/test/integration/esys-ecdh-zgen.int.c
> 	>
> 	>
> 	> > -----Original Message-----
> 	> > From: Roberts, William C
> 	> > Sent: Thursday, April 30, 2020 10:44 AM
> 	> > To: 'Steven Clark' <davolfman(a)gmail.com
> <mailto:davolfman(a)gmail.com> >; tpm2 <tpm2(a)lists.01.org
> <mailto:tpm2(a)lists.01.org> >
> 	> > Subject: RE: [tpm2] Are there any help documents/sites on writing an
> 	> > ESAPI program.
> 	> >
> 	> > The tools themselves are real world examples.
> 	> >
> 	> > You shouldn't go digging into the ESYS_CONTEXT or TCTI_CONTEXT
> but the
> 	> > structure parameters And returns to ESYS calls you can. Its set up
> 	> > where you can't go structure digging and compile with the include
> 	> > directory includes (https://github.com/tpm2-software/tpm2-
> 	> tss/tree/master/include/tss2).
> 	> > If you add includes from the project that exist elsewhere you're doing
> it wrong.
> 	> >
> 	> > Now for the ZGen code, we actually want to add it to tools. Its
> 	> > actually on the short list of commands To add, see bug:
> 	> > https://github.com/tpm2-
> 	> > software/tpm2-tools/issues/877
> 	> >
> 	> > The reason we didn't add it yet, is we didn't know exactly how it
> 	> > works and to test it. Imran and I Actually have a meeting with
> someone
> 	> > way more knowledgeable on ECC to help us along. We would Love,
> even
> 	> > just sample code to help us out, or if you created the tool even
> 	> > better. Anything you can Share back is a win.
> 	> >
> 	> >
> 	> > Now for taking the training wheels off, Esys_Initialize(), you can
> 	> > leave off the tcti and abi pointers by passing NULL. That should just
> 	> > get you a context with the TPM and away you go. Here is a very
> simple
> 	> > program to start
> 	> > With:
> 	> >
> https://gist.github.com/williamcroberts/66a7dab3adfb973fbae32199545350
> 	> > 09
> 	> >
> 	> > You can alter that by changing the template and making an EC key to
> 	> > play with, or have it pass in blobs from tpm2_create tool.
> Tpm2_create
> 	> > tool has the output options -u and -r that you can pass along, and load
> those up
> 	> by:
> 	> > 1. Desterilizing with libmu (offhand I think the calls will be
> 	> > Tss2_MU_TPM2B_PRIVATE_Unmarshal and
> 	> > Tss2_MU_TPM2B_PUBLIC_Unmarshal) 2. Calling Esys_Load() and
> getting the
> 	> > ESYS_TR handle to pass to the zgen routine
> 	> >
> 	> >
> 	> >
> 	> > > -----Original Message-----
> 	> > > From: Steven Clark [mailto:davolfman(a)gmail.com
> <mailto:davolfman(a)gmail.com> ]
> 	> > > Sent: Wednesday, April 29, 2020 7:51 PM
> 	> > > To: tpm2 <tpm2(a)lists.01.org <mailto:tpm2(a)lists.01.org> >
> 	> > > Subject: [tpm2] Are there any help documents/sites on writing an
> 	> > > ESAPI program.
> 	> > >
> 	> > > I need to perform a command that doesn't have a tools executable
> yet
> 	> > > (TPM2_ECDH_ZGen) and on a persistent object handle that won't
> be
> 	> > > compatible with the on-disk key-databases of FAPI or PKCS#11.  So
> 	> > > that means I need to write my own code in C, and that code needs
> to use the
> 	> ESAPI.
> 	> > >
> 	> > > I've had a lot of lead time to see this coming so I've done a few
> 	> > > little
> 	> > experiments.
> 	> > > They have not improved my confidence in my understanding of the
> API.
> 	> > > For example I'm still not sure which structures I'm supposed to
> 	> > > access directly and which ones are supposed to be manipulated
> using
> 	> functions.
> 	> > >
> 	> > > The Specs are either long and theoretical or dry and terse.  And
> 	> > > both the tests for TSS and the source files for Tools make use of
> 	> > > internal abstraction layers.  I'm having trouble getting a
> 	> > > whole-process picture.  Are there any resources out there to help
> me
> 	> > > get my sea-legs on ESAPI
> 	> > code?
> 

[tpm2] Re: Are there any help documents/sites on writing an ESAPI program.

[Steven Clark]

[-- Attachment #1: Type: text/plain, Size: 7784 bytes --]

I'm remembering more about the last time I tried to write this code.  I got
far enough to set up an ESYS_CONTEXT and use the TCTI defaulting behavior
to use whatever the system was configured for.  Between the Doxygen pages
and the ESAPI spec I managed to do that much.  I think the next part I ran
into was that the ESAPI seemed to imply that ESYS_TRs were also opaque so I
wasn't sure if I needed to use a function to get a handle that was already
persisted.  I'll remember more questions as I look over my old code and get
back into that mindset.  The problem of converting from OpenSSL to TSS key
format should be only an annoyance now that I've taught myself to read DER
in a hex editor for something else.

Now that I've read Robert's code, and done a little more research to go
with it I've got ideas.  The tool is probably going to need a -u option
which should probably have the ability to load a PEM public key (which I
think is PKCS#8 but all I see on that says it's for private keys) in
addition to the TSS structure like tpm2_loadexternal.  If the
loadexternal behavior really is RSA only then it'll be a pain because ECC
keys can come in a compressed form that takes math to decode.  The tool
should ideally have a -o option that's optional with pipe detection to
switch to binary like tpm2_getrandom, because the expected output format is
a 32-byte integer with no formatting.

Creating an example input point isn't apparently as easy as just punching
in an arbitrary number pair because the valid points for every curve only
have one degree of freedom plus a bit: there are only two valid y
coordinates for every x.  That's why they can be compressed.  Also 0 might
be a special identity, or maybe that's just for scalar multiplication.

On Thu, Apr 30, 2020 at 11:29 AM Steven Clark <davolfman(a)gmail.com> wrote:

> If you're getting your Private and Public from the same keypair for an
> ECDH Zgen that's almost certainly why it's breaking.  As far as I know the
> inpoint should be the public key of the other side of the conversation, and
> the x coordinate of the output point should be the shared secret.  At least
> if the command does what I think it does.
> As I understand it if you want to double check your results you can derive
> the same shared secret from the other side of the channel, using their
> private key and the TPM key's public.  For example using openssl it would
> be:
> openssl pkeyutl -derive -inkey software.priv.pem -peerkey tpm.pub.pem -out
> shared.secret
> The shared secrets derived on both sides of the channel are the same but
> only public keys are exchanged and verified.  Hence why it's Elliptic Curve
> Diffie-Hellman.
>
> The other ECDH commands are for less trivial cases involving more
> ephemeral keypairs and the like.
>
> On Thu, Apr 30, 2020 at 9:27 AM Roberts, William C <
> william.c.roberts(a)intel.com> wrote:
>
>> I took a few minutes and created a skeleton tool that calls ecdg zgen:
>> https://github.com/williamcroberts/tpm2.0-tools/tree/zgen
>>
>> If you build that branch you will see the tool tpm2_ecdhzgen. You can
>> Call that command abd it will run, but has some errors, you need to
>> Figure out what to do with in point and out point parameters.
>>
>>     // Test setup
>>     tpm2_createprimary -c primary.ctx
>>     tpm2_create -C primary.ctx -G ecc256 -u ec.pub -r ec.priv
>>     tpm2_load -C primary.ctx -u ec.pub -r ec.priv -c ec.ctx
>>
>>     // Command fails...but runs!
>>     tpm2_ecdhzgen -c ec.ctx
>>     ERROR: Esys_RSA_Decrypt(0x1E7) - tpm:parameter(1):point is not on the
>> required curve
>>
>>
>> > -----Original Message-----
>> > From: Roberts, William C
>> > Sent: Thursday, April 30, 2020 10:59 AM
>> > To: 'Steven Clark' <davolfman(a)gmail.com>; 'tpm2' <tpm2(a)lists.01.org>
>> > Subject: RE: [tpm2] Are there any help documents/sites on writing an
>> ESAPI
>> > program.
>> >
>> > The Esys integration tests are also super helpful:
>> > https://github.com/tpm2-software/tpm2-
>> > tss/blob/master/test/integration/esys-ecdh-zgen.int.c
>> >
>> >
>> > > -----Original Message-----
>> > > From: Roberts, William C
>> > > Sent: Thursday, April 30, 2020 10:44 AM
>> > > To: 'Steven Clark' <davolfman(a)gmail.com>; tpm2 <tpm2(a)lists.01.org>
>> > > Subject: RE: [tpm2] Are there any help documents/sites on writing an
>> > > ESAPI program.
>> > >
>> > > The tools themselves are real world examples.
>> > >
>> > > You shouldn't go digging into the ESYS_CONTEXT or TCTI_CONTEXT but the
>> > > structure parameters And returns to ESYS calls you can. Its set up
>> > > where you can't go structure digging and compile with the include
>> > > directory includes (https://github.com/tpm2-software/tpm2-
>> > tss/tree/master/include/tss2).
>> > > If you add includes from the project that exist elsewhere you're
>> doing it wrong.
>> > >
>> > > Now for the ZGen code, we actually want to add it to tools. Its
>> > > actually on the short list of commands To add, see bug:
>> > > https://github.com/tpm2-
>> > > software/tpm2-tools/issues/877
>> > >
>> > > The reason we didn't add it yet, is we didn't know exactly how it
>> > > works and to test it. Imran and I Actually have a meeting with someone
>> > > way more knowledgeable on ECC to help us along. We would Love, even
>> > > just sample code to help us out, or if you created the tool even
>> > > better. Anything you can Share back is a win.
>> > >
>> > >
>> > > Now for taking the training wheels off, Esys_Initialize(), you can
>> > > leave off the tcti and abi pointers by passing NULL. That should just
>> > > get you a context with the TPM and away you go. Here is a very simple
>> > > program to start
>> > > With:
>> > >
>> https://gist.github.com/williamcroberts/66a7dab3adfb973fbae32199545350
>> > > 09
>> > >
>> > > You can alter that by changing the template and making an EC key to
>> > > play with, or have it pass in blobs from tpm2_create tool. Tpm2_create
>> > > tool has the output options -u and -r that you can pass along, and
>> load those up
>> > by:
>> > > 1. Desterilizing with libmu (offhand I think the calls will be
>> > > Tss2_MU_TPM2B_PRIVATE_Unmarshal and
>> > > Tss2_MU_TPM2B_PUBLIC_Unmarshal) 2. Calling Esys_Load() and getting the
>> > > ESYS_TR handle to pass to the zgen routine
>> > >
>> > >
>> > >
>> > > > -----Original Message-----
>> > > > From: Steven Clark [mailto:davolfman(a)gmail.com]
>> > > > Sent: Wednesday, April 29, 2020 7:51 PM
>> > > > To: tpm2 <tpm2(a)lists.01.org>
>> > > > Subject: [tpm2] Are there any help documents/sites on writing an
>> > > > ESAPI program.
>> > > >
>> > > > I need to perform a command that doesn't have a tools executable yet
>> > > > (TPM2_ECDH_ZGen) and on a persistent object handle that won't be
>> > > > compatible with the on-disk key-databases of FAPI or PKCS#11.  So
>> > > > that means I need to write my own code in C, and that code needs to
>> use the
>> > ESAPI.
>> > > >
>> > > > I've had a lot of lead time to see this coming so I've done a few
>> > > > little
>> > > experiments.
>> > > > They have not improved my confidence in my understanding of the API.
>> > > > For example I'm still not sure which structures I'm supposed to
>> > > > access directly and which ones are supposed to be manipulated using
>> > functions.
>> > > >
>> > > > The Specs are either long and theoretical or dry and terse.  And
>> > > > both the tests for TSS and the source files for Tools make use of
>> > > > internal abstraction layers.  I'm having trouble getting a
>> > > > whole-process picture.  Are there any resources out there to help me
>> > > > get my sea-legs on ESAPI
>> > > code?
>>
>

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 9884 bytes --]

[tpm2] Re: Are there any help documents/sites on writing an ESAPI program.

[Steven Clark]

[-- Attachment #1: Type: text/plain, Size: 5767 bytes --]

If you're getting your Private and Public from the same keypair for an ECDH
Zgen that's almost certainly why it's breaking.  As far as I know the
inpoint should be the public key of the other side of the conversation, and
the x coordinate of the output point should be the shared secret.  At least
if the command does what I think it does.
As I understand it if you want to double check your results you can derive
the same shared secret from the other side of the channel, using their
private key and the TPM key's public.  For example using openssl it would
be:
openssl pkeyutl -derive -inkey software.priv.pem -peerkey tpm.pub.pem -out
shared.secret
The shared secrets derived on both sides of the channel are the same but
only public keys are exchanged and verified.  Hence why it's Elliptic Curve
Diffie-Hellman.

The other ECDH commands are for less trivial cases involving more ephemeral
keypairs and the like.

On Thu, Apr 30, 2020 at 9:27 AM Roberts, William C <
william.c.roberts(a)intel.com> wrote:

> I took a few minutes and created a skeleton tool that calls ecdg zgen:
> https://github.com/williamcroberts/tpm2.0-tools/tree/zgen
>
> If you build that branch you will see the tool tpm2_ecdhzgen. You can
> Call that command abd it will run, but has some errors, you need to
> Figure out what to do with in point and out point parameters.
>
>     // Test setup
>     tpm2_createprimary -c primary.ctx
>     tpm2_create -C primary.ctx -G ecc256 -u ec.pub -r ec.priv
>     tpm2_load -C primary.ctx -u ec.pub -r ec.priv -c ec.ctx
>
>     // Command fails...but runs!
>     tpm2_ecdhzgen -c ec.ctx
>     ERROR: Esys_RSA_Decrypt(0x1E7) - tpm:parameter(1):point is not on the
> required curve
>
>
> > -----Original Message-----
> > From: Roberts, William C
> > Sent: Thursday, April 30, 2020 10:59 AM
> > To: 'Steven Clark' <davolfman(a)gmail.com>; 'tpm2' <tpm2(a)lists.01.org>
> > Subject: RE: [tpm2] Are there any help documents/sites on writing an
> ESAPI
> > program.
> >
> > The Esys integration tests are also super helpful:
> > https://github.com/tpm2-software/tpm2-
> > tss/blob/master/test/integration/esys-ecdh-zgen.int.c
> >
> >
> > > -----Original Message-----
> > > From: Roberts, William C
> > > Sent: Thursday, April 30, 2020 10:44 AM
> > > To: 'Steven Clark' <davolfman(a)gmail.com>; tpm2 <tpm2(a)lists.01.org>
> > > Subject: RE: [tpm2] Are there any help documents/sites on writing an
> > > ESAPI program.
> > >
> > > The tools themselves are real world examples.
> > >
> > > You shouldn't go digging into the ESYS_CONTEXT or TCTI_CONTEXT but the
> > > structure parameters And returns to ESYS calls you can. Its set up
> > > where you can't go structure digging and compile with the include
> > > directory includes (https://github.com/tpm2-software/tpm2-
> > tss/tree/master/include/tss2).
> > > If you add includes from the project that exist elsewhere you're doing
> it wrong.
> > >
> > > Now for the ZGen code, we actually want to add it to tools. Its
> > > actually on the short list of commands To add, see bug:
> > > https://github.com/tpm2-
> > > software/tpm2-tools/issues/877
> > >
> > > The reason we didn't add it yet, is we didn't know exactly how it
> > > works and to test it. Imran and I Actually have a meeting with someone
> > > way more knowledgeable on ECC to help us along. We would Love, even
> > > just sample code to help us out, or if you created the tool even
> > > better. Anything you can Share back is a win.
> > >
> > >
> > > Now for taking the training wheels off, Esys_Initialize(), you can
> > > leave off the tcti and abi pointers by passing NULL. That should just
> > > get you a context with the TPM and away you go. Here is a very simple
> > > program to start
> > > With:
> > > https://gist.github.com/williamcroberts/66a7dab3adfb973fbae32199545350
> > > 09
> > >
> > > You can alter that by changing the template and making an EC key to
> > > play with, or have it pass in blobs from tpm2_create tool. Tpm2_create
> > > tool has the output options -u and -r that you can pass along, and
> load those up
> > by:
> > > 1. Desterilizing with libmu (offhand I think the calls will be
> > > Tss2_MU_TPM2B_PRIVATE_Unmarshal and
> > > Tss2_MU_TPM2B_PUBLIC_Unmarshal) 2. Calling Esys_Load() and getting the
> > > ESYS_TR handle to pass to the zgen routine
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Steven Clark [mailto:davolfman(a)gmail.com]
> > > > Sent: Wednesday, April 29, 2020 7:51 PM
> > > > To: tpm2 <tpm2(a)lists.01.org>
> > > > Subject: [tpm2] Are there any help documents/sites on writing an
> > > > ESAPI program.
> > > >
> > > > I need to perform a command that doesn't have a tools executable yet
> > > > (TPM2_ECDH_ZGen) and on a persistent object handle that won't be
> > > > compatible with the on-disk key-databases of FAPI or PKCS#11.  So
> > > > that means I need to write my own code in C, and that code needs to
> use the
> > ESAPI.
> > > >
> > > > I've had a lot of lead time to see this coming so I've done a few
> > > > little
> > > experiments.
> > > > They have not improved my confidence in my understanding of the API.
> > > > For example I'm still not sure which structures I'm supposed to
> > > > access directly and which ones are supposed to be manipulated using
> > functions.
> > > >
> > > > The Specs are either long and theoretical or dry and terse.  And
> > > > both the tests for TSS and the source files for Tools make use of
> > > > internal abstraction layers.  I'm having trouble getting a
> > > > whole-process picture.  Are there any resources out there to help me
> > > > get my sea-legs on ESAPI
> > > code?
>

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 7637 bytes --]

[tpm2] Re: Are there any help documents/sites on writing an ESAPI program.

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 4523 bytes --]

I took a few minutes and created a skeleton tool that calls ecdg zgen:
https://github.com/williamcroberts/tpm2.0-tools/tree/zgen

If you build that branch you will see the tool tpm2_ecdhzgen. You can
Call that command abd it will run, but has some errors, you need to
Figure out what to do with in point and out point parameters.

    // Test setup
    tpm2_createprimary -c primary.ctx
    tpm2_create -C primary.ctx -G ecc256 -u ec.pub -r ec.priv
    tpm2_load -C primary.ctx -u ec.pub -r ec.priv -c ec.ctx
    
    // Command fails...but runs!
    tpm2_ecdhzgen -c ec.ctx
    ERROR: Esys_RSA_Decrypt(0x1E7) - tpm:parameter(1):point is not on the required curve


> -----Original Message-----
> From: Roberts, William C
> Sent: Thursday, April 30, 2020 10:59 AM
> To: 'Steven Clark' <davolfman(a)gmail.com>; 'tpm2' <tpm2(a)lists.01.org>
> Subject: RE: [tpm2] Are there any help documents/sites on writing an ESAPI
> program.
> 
> The Esys integration tests are also super helpful:
> https://github.com/tpm2-software/tpm2-
> tss/blob/master/test/integration/esys-ecdh-zgen.int.c
> 
> 
> > -----Original Message-----
> > From: Roberts, William C
> > Sent: Thursday, April 30, 2020 10:44 AM
> > To: 'Steven Clark' <davolfman(a)gmail.com>; tpm2 <tpm2(a)lists.01.org>
> > Subject: RE: [tpm2] Are there any help documents/sites on writing an
> > ESAPI program.
> >
> > The tools themselves are real world examples.
> >
> > You shouldn't go digging into the ESYS_CONTEXT or TCTI_CONTEXT but the
> > structure parameters And returns to ESYS calls you can. Its set up
> > where you can't go structure digging and compile with the include
> > directory includes (https://github.com/tpm2-software/tpm2-
> tss/tree/master/include/tss2).
> > If you add includes from the project that exist elsewhere you're doing it wrong.
> >
> > Now for the ZGen code, we actually want to add it to tools. Its
> > actually on the short list of commands To add, see bug:
> > https://github.com/tpm2-
> > software/tpm2-tools/issues/877
> >
> > The reason we didn't add it yet, is we didn't know exactly how it
> > works and to test it. Imran and I Actually have a meeting with someone
> > way more knowledgeable on ECC to help us along. We would Love, even
> > just sample code to help us out, or if you created the tool even
> > better. Anything you can Share back is a win.
> >
> >
> > Now for taking the training wheels off, Esys_Initialize(), you can
> > leave off the tcti and abi pointers by passing NULL. That should just
> > get you a context with the TPM and away you go. Here is a very simple
> > program to start
> > With:
> > https://gist.github.com/williamcroberts/66a7dab3adfb973fbae32199545350
> > 09
> >
> > You can alter that by changing the template and making an EC key to
> > play with, or have it pass in blobs from tpm2_create tool. Tpm2_create
> > tool has the output options -u and -r that you can pass along, and load those up
> by:
> > 1. Desterilizing with libmu (offhand I think the calls will be
> > Tss2_MU_TPM2B_PRIVATE_Unmarshal and
> > Tss2_MU_TPM2B_PUBLIC_Unmarshal) 2. Calling Esys_Load() and getting the
> > ESYS_TR handle to pass to the zgen routine
> >
> >
> >
> > > -----Original Message-----
> > > From: Steven Clark [mailto:davolfman(a)gmail.com]
> > > Sent: Wednesday, April 29, 2020 7:51 PM
> > > To: tpm2 <tpm2(a)lists.01.org>
> > > Subject: [tpm2] Are there any help documents/sites on writing an
> > > ESAPI program.
> > >
> > > I need to perform a command that doesn't have a tools executable yet
> > > (TPM2_ECDH_ZGen) and on a persistent object handle that won't be
> > > compatible with the on-disk key-databases of FAPI or PKCS#11.  So
> > > that means I need to write my own code in C, and that code needs to use the
> ESAPI.
> > >
> > > I've had a lot of lead time to see this coming so I've done a few
> > > little
> > experiments.
> > > They have not improved my confidence in my understanding of the API.
> > > For example I'm still not sure which structures I'm supposed to
> > > access directly and which ones are supposed to be manipulated using
> functions.
> > >
> > > The Specs are either long and theoretical or dry and terse.  And
> > > both the tests for TSS and the source files for Tools make use of
> > > internal abstraction layers.  I'm having trouble getting a
> > > whole-process picture.  Are there any resources out there to help me
> > > get my sea-legs on ESAPI
> > code?

[tpm2] Re: Are there any help documents/sites on writing an ESAPI program.

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 2854 bytes --]

The tools themselves are real world examples.

You shouldn't go digging into the ESYS_CONTEXT or TCTI_CONTEXT but the structure parameters
And returns to ESYS calls you can. Its set up where you can't go structure digging and compile with
the include directory includes (https://github.com/tpm2-software/tpm2-tss/tree/master/include/tss2).
If you add includes from the project that exist elsewhere you're doing it wrong.

Now for the ZGen code, we actually want to add it to tools. Its actually on the short list of commands
To add, see bug: https://github.com/tpm2-software/tpm2-tools/issues/877

The reason we didn't add it yet, is we didn't know exactly how it works and to test it. Imran and I
Actually have a meeting with someone way more knowledgeable on ECC to help us along. We would
Love, even just sample code to help us out, or if you created the tool even better. Anything you can
Share back is a win.


Now for taking the training wheels off, Esys_Initialize(), you can leave off the tcti and abi pointers by passing
NULL. That should just get you a context with the TPM and away you go. Here is a very simple program to start
With:
https://gist.github.com/williamcroberts/66a7dab3adfb973fbae3219954535009

You can alter that by changing the template and making an EC key to play with, or have it pass in blobs from
tpm2_create tool. Tpm2_create tool has the output options -u and -r that you can pass along, and load those up by:
1. Desterilizing with libmu (offhand I think the calls will be Tss2_MU_TPM2B_PRIVATE_Unmarshal and Tss2_MU_TPM2B_PUBLIC_Unmarshal)
2. Calling Esys_Load() and getting the ESYS_TR handle to pass to the zgen routine



> -----Original Message-----
> From: Steven Clark [mailto:davolfman(a)gmail.com]
> Sent: Wednesday, April 29, 2020 7:51 PM
> To: tpm2 <tpm2(a)lists.01.org>
> Subject: [tpm2] Are there any help documents/sites on writing an ESAPI
> program.
> 
> I need to perform a command that doesn't have a tools executable yet
> (TPM2_ECDH_ZGen) and on a persistent object handle that won't be compatible
> with the on-disk key-databases of FAPI or PKCS#11.  So that means I need to
> write my own code in C, and that code needs to use the ESAPI.
> 
> I've had a lot of lead time to see this coming so I've done a few little experiments.
> They have not improved my confidence in my understanding of the API.  For
> example I'm still not sure which structures I'm supposed to access directly and
> which ones are supposed to be manipulated using functions.
> 
> The Specs are either long and theoretical or dry and terse.  And both the tests for
> TSS and the source files for Tools make use of internal abstraction layers.  I'm
> having trouble getting a whole-process picture.  Are there any resources out
> there to help me get my sea-legs on ESAPI code?