Re: [tpm2] Using TPM to protect private key

Re: [tpm2] Using TPM to protect private key

[Ashok Kumar]

[-- Attachment #1: Type: text/plain, Size: 706 bytes --]

Thanks for the info! Ours is not open source. We are working on supporting
tpm 2.0
for an existing software.

Thanks,
Ashok Kumar


On Thu, Sep 12, 2019 at 5:53 PM David Woodhouse <dwmw2(a)infradead.org> wrote:

>
>
> > Thanks for the reference. Yes, we plan to use tpm2.0 for existing IPsec
> > vpn
> > which supports both psk and certificate based authentication.
>
>
> Is this an open source implementation?
>
> FWIW my definition of "well behaved", which covers software key files,
> PKCS#11 and TPM (but needs updating now that we have a standard way to
> store TPMv2 wrapped keys) is at
> http://david.woodhou.se/draft-woodhouse-cert-best-practice.html
>
> --
> dwmw2
>
>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1375 bytes --]

Re: [tpm2] Using TPM to protect private key

[David Woodhouse]

[-- Attachment #1: Type: text/plain, Size: 455 bytes --]



> Thanks for the reference. Yes, we plan to use tpm2.0 for existing IPsec
> vpn
> which supports both psk and certificate based authentication.


Is this an open source implementation?

FWIW my definition of "well behaved", which covers software key files,
PKCS#11 and TPM (but needs updating now that we have a standard way to
store TPMv2 wrapped keys) is at
http://david.woodhou.se/draft-woodhouse-cert-best-practice.html

-- 
dwmw2

Re: [tpm2] Using TPM to protect private key

[Ashok Kumar]

[-- Attachment #1: Type: text/plain, Size: 943 bytes --]

Thanks for the reference. Yes, we plan to use tpm2.0 for existing IPsec vpn
which supports both psk and certificate based authentication.

Regards,
Ashok Kumar

On Thu 12 Sep, 2019, 17:18 David Woodhouse, <dwmw2(a)infradead.org> wrote:

>
> > We intent to use this certificate in IPSec VPN.
>
> I see. What application or tools will you use with this VPN? Do you
> already have it working with software certificates (not in the TPM)?
>
> >> There is about one "well-behaved" application in the world according to
> >> this definition, and I wrote it. But we're working on fixing the rest,
> >> and fixing the crypto libraries like OpenSSL and GnuTLS to make it easy
> >> for applications to get it right.
> >>
> >> [ashoka]
> > Can you please provide a pointer to your application (if  that is
> publicly
> > available)?
>
> http://www.infradead.org/openconnect/tpm.html
>
> It does IPsec :)
>
> --
> dwmw2
>
>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1495 bytes --]

Re: [tpm2] Using TPM to protect private key

[David Woodhouse]

[-- Attachment #1: Type: text/plain, Size: 656 bytes --]


> We intent to use this certificate in IPSec VPN.

I see. What application or tools will you use with this VPN? Do you
already have it working with software certificates (not in the TPM)?

>> There is about one "well-behaved" application in the world according to
>> this definition, and I wrote it. But we're working on fixing the rest,
>> and fixing the crypto libraries like OpenSSL and GnuTLS to make it easy
>> for applications to get it right.
>>
>> [ashoka]
> Can you please provide a pointer to your application (if  that is publicly
> available)?

http://www.infradead.org/openconnect/tpm.html

It does IPsec :)

-- 
dwmw2

Re: [tpm2] Using TPM to protect private key

[Ashok Kumar]

[-- Attachment #1: Type: text/plain, Size: 4295 bytes --]

Thanks for your response. Please see inline... [ashoka]

Regards,
Ashok Kumar

On Wed, Sep 11, 2019 at 10:15 PM Desai, Imran <imran.desai(a)intel.com> wrote:

> Ashok, for what you are doing, tpm2-tss-engine may be more suitable. It is
> available here: https://github.com/tpm2-software/tpm2-tss-engine.
> The readme has an example of how to create a self signed certificate with
> the private key generated and protected by the TPM.
>

[ashoka]
Sure, going through the code now.


> If you are planning to do it the tpm2-tools way instead, There are two
> ways the key can reside as a TPM2 object.
> 1. Create the key using the tpm2_create command
> 2. Import an existing key to the TPM2 using tpm2_import or
> tpm2_loadexternal. (Existing key may be generated with openssl etc.)
>

[ashoka]
In our case, it is the option #2. The key is already generated or will be
imported. Going forward,
we may support option #1 as well.


>
> In general there is an auth/ passphrase associated with the key. Being
> root does not give you exclusive access to the tpm2 key. So long as the
> passphrase or auth is satisfied the key is accessible.
>

[ashoka]
As there is no manual intervention, I thought of using NULL passphrase.
Even if we use passphrase,
we may have to hard-code that passphrase in the app. right?


>
> Man pages for the tools is the best place to find examples and
> explanations for the tools.

All the necessary packages and dependencies information can be found here
> https://github.com/tpm2-software/tpm2-tools/wiki/Dependency-Matrix
>
> Yes we use the IBM simulator for the testing.
>
> You may choose any distribution and install the necessary dependencies.
> All projects tpm2-software are built with autotools which will hint you on
> missing dependencies for your distribution/ installation.
>
>
[ashoka]
Sure, thanks!

 ------------------------------

>
> Message: 4
> Date: Wed, 11 Sep 2019 17:04:18 +0530
> From: Ashok Kumar <ashokar.1980(a)gmail.com>
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Using TPM to protect private key
> Message-ID:
>         <
> CAE8e83SGvJDQhGuHuSUH-ngVk4GkbergqfP-qA3z8roptkZW7w(a)mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> We are planning to use TPM2.0 to protect private key for the certificate.
> Need your help to understand/clarify the following.
>
> 1) What is the proper way to protect the private key using TPM?
>
> 2) Shall we just encrypt the private-key using the TPM? In that case,
>      if somebody has root access, then they can execute a tool which can
> send
>      command to TPM in order to decrypt the private-key. That is still
> vulnerable.
>      Am I missing something?
>
> 3) Are there any abstract API which would work for both TPM1.2 or TPM2.0?
>     Or, application (or wrapper API) needs to call hardware specific
> library functions?
>
> 4) If there are any good document or write-ups about things-to-do to make
> use of
>     TPM2 functionality in application code (especially to protect private
> keys),
>      that will be very helpful.
>
> 5) We are using Ubuntu 18.04 LTS. What are all the packages (and
> dependencies)
>      we need to install?
>
>      I see that tss2 package is available in 18.04. But not sure which
> package has
>      the resource manager. Also, if I want to test with simulator, should
> we use
>      the one provided by IBM?
>      Another TPM2 stack (from Intel) is available in github (tpm2-tss).
> Which one
>      is better to use in Ubuntu 18.04 LTS.
>
> Regards,
> Ashok Kumar
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.01.org/pipermail/tpm2/attachments/20190911/ae5aca46/attachment.html
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2
>
>
> ------------------------------
>
> End of tpm2 Digest, Vol 27, Issue 10
> ************************************
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2
>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 6578 bytes --]

Re: [tpm2] Using TPM to protect private key

[Ashok Kumar]

[-- Attachment #1: Type: text/plain, Size: 3798 bytes --]

Thanks for your response. Please see inline ... [ashoka]

Regards,
Ashok Kumar


On Wed, Sep 11, 2019 at 5:19 PM David Woodhouse <dwmw2(a)infradead.org> wrote:

> On Wed, 2019-09-11 at 17:04 +0530, Ashok Kumar wrote:
> > Hi,
> >
> > We are planning to use TPM2.0 to protect private key for the certificate.
> > Need your help to understand/clarify the following.
>
> In what application are you intending to use this certificate?
>

[ashoka]
We intent to use this certificate in IPSec VPN.


> > 1) What is the proper way to protect the private key using TPM?
> >
> > 2) Shall we just encrypt the private-key using the TPM? In that case,
> >      if somebody has root access, then they can execute a tool which can
> send
> >      command to TPM in order to decrypt the private-key. That is still
> vulnerable.
> >      Am I missing something?
>
> I would suggest you look at the OpenSSL engine. You end up with a PEM
> file containing a key which is "wrapped" by the TPM. Only the TPM can
> decrypt it but it will only do so internally, and won't hand it back
> out again.
>

[ashoka]
Sure, will go over it. That sounds good for the case where the
certificate's private key
is generated by the TPM.


> If you have an existing key I think you need to use the
> openssl_tpm2_engine based on the IBM TSS, as the TCG tpm2-tss-engine
> isn't yet capable of that. It can only create *new* keys (for which you
> can then create a CSR and get a certificate issued).
>

[ashoka]
Got it. Will refer openssl_tpm2_engine.


> > 3) Are there any abstract API which would work for both TPM1.2 or TPM2.0?
> >     Or, application (or wrapper API) needs to call hardware specific
> library functions?
>
> With a well-behaved application, you should simply be able to use the
> appropriate PEM file. The application will see that it contains a TPM
> (v1.2 or v2.0) wrapped key instead of a bare private key, and will do
> the right thing accordingly.
>
> There is about one "well-behaved" application in the world according to
> this definition, and I wrote it. But we're working on fixing the rest,
> and fixing the crypto libraries like OpenSSL and GnuTLS to make it easy
> for applications to get it right.
>
> [ashoka]
Can you please provide a pointer to your application (if  that is publicly
available)?


> > 4) If there are any good document or write-ups about things-to-do to
> make use of
> >     TPM2 functionality in application code (especially to protect
> private keys),
> >      that will be very helpful.
>
> Take your private key. Use the '-w' argument to the create_tpm2_key
> tool which is part of openssl_tpm2_engine to create a TPM-wrapped
> 'copy' of that key, which will be a PEM file containing the header
> '-----BEGIN TSS2 PRIVATE KEY-----'
>
> Now you can just use that in the '-k' argument to the OpenConnect VPN
> client, for example. File bugs in Fedora against anything that
> *doesn't* work with it.
>

[ashoka]
Sure, will try.


>
>
> > 5) We are using Ubuntu 18.04 LTS. What are all the packages (and
> dependencies)
> >      we need to install?
> >
> >      I see that tss2 package is available in 18.04. But not sure which
> package has
> >      the resource manager. Also, if I want to test with simulator,
> should we use
> >      the one provided by IBM?
> >      Another TPM2 stack (from Intel) is available in github (tpm2-tss).
> Which one
> >      is better to use in Ubuntu 18.04 LTS.
>
> This depends on what application you actually want to use in the end.
> OpenConnect will work with either TSS stack, and OpenSSL engines exist
> for both so wpa_supplicant and other things can work with either.
>

[ashoka]
We plan to use in IPSec VPN authentication.

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 5413 bytes --]

Re: [tpm2] Using TPM to protect private key

[Desai, Imran]

[-- Attachment #1: Type: text/plain, Size: 4778 bytes --]

Ashok, for what you are doing, tpm2-tss-engine may be more suitable. It is available here: https://github.com/tpm2-software/tpm2-tss-engine.
The readme has an example of how to create a self signed certificate with the private key generated and protected by the TPM.

If you are planning to do it the tpm2-tools way instead, There are two ways the key can reside as a TPM2 object.
1. Create the key using the tpm2_create command
2. Import an existing key to the TPM2 using tpm2_import or tpm2_loadexternal. (Existing key may be generated with openssl etc.)

In general there is an auth/ passphrase associated with the key. Being root does not give you exclusive access to the tpm2 key. So long as the passphrase or auth is satisfied the key is accessible.

Man pages for the tools is the best place to find examples and explanations for the tools.

All the necessary packages and dependencies information can be found here https://github.com/tpm2-software/tpm2-tools/wiki/Dependency-Matrix

Yes we use the IBM simulator for the testing.

You may choose any distribution and install the necessary dependencies. All projects tpm2-software are built with autotools which will hint you on missing dependencies for your distribution/ installation.

From: tpm2 [tpm2-bounces(a)lists.01.org] on behalf of tpm2-request(a)lists.01.org [tpm2-request(a)lists.01.org]
Sent: Wednesday, September 11, 2019 4:34 AM
To: tpm2(a)lists.01.org
Subject: tpm2 Digest, Vol 27, Issue 10

Send tpm2 mailing list submissions to
        tpm2(a)lists.01.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.01.org/mailman/listinfo/tpm2
or, via email, send a message with subject or body 'help' to
        tpm2-request(a)lists.01.org

You can reach the person managing the list at
        tpm2-owner(a)lists.01.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of tpm2 digest..."


Today's Topics:

   1. Re: Creating a TPM EK Public object at the server (Rahul Hardikar)
   2. Re: Creating a TPM EK Public object at the server
      (Matthew Dempsky)
   3. Re: Windows Visual Studio 2017: Trying to use
      Tss2_TctiLdr_Initialize (Philip Tricca)
   4. Using TPM to protect private key (Ashok Kumar)


----------------------------------------------------------------------

Message: 1
Date: Tue, 10 Sep 2019 23:51:57 -0700
From: Rahul Hardikar <rahulhardikar(a)gmail.com>
To: Matthew Dempsky <matthew(a)dempsky.org>
Cc: "Roberts, William C" <william.c.roberts(a)intel.com>,
        "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
Subject: Re: [tpm2] Creating a TPM EK Public object at the server
Message-ID:
        <CAP3jAwQc2rJEbD8oBfcW38vG1oFay_B1m8TBd2VsLO+QTs97Kw(a)mail.gmail.com>
Content-Type: text/plain; charset="utf-8"

My confusion is , since my goal is to make sure the (a) TPM is genuine and
(b) the platform actually owns the TPM , technically I don't need the AK
Certificate Signing Request i.e I'm not doing the whole attestation CA
since i don't have any use for the AK Certificate, but my server
application  is going to run the challenge-response protocol to confirm the
client indeed owns the TPM, i.e the platform hardware is legit.
With this in mind, I didn't think it was necessary to send the AK
credentials at all , I just send the AK name to the server so that it can
run Make Credential!  Is that enough? Or am I expected to send AK Public
Object and the server will create AK name by hashing it and then use that
for Make Credential?

Thanks,
Rahul


On Tue, Sep 10, 2019 at 10:17 PM Matthew Dempsky <matthew(a)dempsky.org>
wrote:

> On Tue, Sep 10, 2019 at 9:33 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
> wrote:
>
>> In TPM2.0, do we have to do the same, i.e.
>> - send AK public object along with the AK Cert signed  or
>>
>
> Do you mean "AK certificate signing request" here? If so, yes, this is
> probably the best option.
>
>
>> - would sending the AK name suffice since it is cryptographically linked
>> to EK or
>>
>
> TPM2_ActivateCredential doesn't care what sort of object "name" refers to,
> as long as the TPM has a secret area loaded for it.
>
> So sending the AK name is not sufficient. The server should check the AK's
> public data for suitability as an AK. E.g., you probably want to verify
> that "restricted", "fixedTPM", "fixedParent", "sensitiveDataOrigin", and
> "sign" are set, and "decrypt" is clear.
>
> - do we just send back the credential blob and secret that Make_credential
>> created and since we already have the EK and AK keys loaded in the TPM, we
>> don't have to do anything else other than pass the 2 outputs of
>> MakeCredential?
>>
>
> Correct.
>
>>

Re: [tpm2] Using TPM to protect private key

[David Woodhouse]

[-- Attachment #1: Type: text/plain, Size: 3041 bytes --]

On Wed, 2019-09-11 at 17:04 +0530, Ashok Kumar wrote:
> Hi,
> 
> We are planning to use TPM2.0 to protect private key for the certificate.
> Need your help to understand/clarify the following.

In what application are you intending to use this certificate? 


> 1) What is the proper way to protect the private key using TPM?
> 
> 2) Shall we just encrypt the private-key using the TPM? In that case,
>      if somebody has root access, then they can execute a tool which can send
>      command to TPM in order to decrypt the private-key. That is still vulnerable.
>      Am I missing something?

I would suggest you look at the OpenSSL engine. You end up with a PEM
file containing a key which is "wrapped" by the TPM. Only the TPM can
decrypt it but it will only do so internally, and won't hand it back
out again.

If you have an existing key I think you need to use the
openssl_tpm2_engine based on the IBM TSS, as the TCG tpm2-tss-engine
isn't yet capable of that. It can only create *new* keys (for which you
can then create a CSR and get a certificate issued).

> 3) Are there any abstract API which would work for both TPM1.2 or TPM2.0?
>     Or, application (or wrapper API) needs to call hardware specific library functions?

With a well-behaved application, you should simply be able to use the
appropriate PEM file. The application will see that it contains a TPM
(v1.2 or v2.0) wrapped key instead of a bare private key, and will do
the right thing accordingly.

There is about one "well-behaved" application in the world according to
this definition, and I wrote it. But we're working on fixing the rest,
and fixing the crypto libraries like OpenSSL and GnuTLS to make it easy
for applications to get it right.

> 4) If there are any good document or write-ups about things-to-do to make use of
>     TPM2 functionality in application code (especially to protect private keys),
>      that will be very helpful. 

Take your private key. Use the '-w' argument to the create_tpm2_key
tool which is part of openssl_tpm2_engine to create a TPM-wrapped
'copy' of that key, which will be a PEM file containing the header 
'-----BEGIN TSS2 PRIVATE KEY-----'

Now you can just use that in the '-k' argument to the OpenConnect VPN
client, for example. File bugs in Fedora against anything that
*doesn't* work with it.


> 5) We are using Ubuntu 18.04 LTS. What are all the packages (and dependencies)
>      we need to install?
> 
>      I see that tss2 package is available in 18.04. But not sure which package has
>      the resource manager. Also, if I want to test with simulator, should we use
>      the one provided by IBM?
>      Another TPM2 stack (from Intel) is available in github (tpm2-tss). Which one
>      is better to use in Ubuntu 18.04 LTS.

This depends on what application you actually want to use in the end.
OpenConnect will work with either TSS stack, and OpenSSL engines exist
for both so wpa_supplicant and other things can work with either.


[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5174 bytes --]

[tpm2] Using TPM to protect private key

[Ashok Kumar]

[-- Attachment #1: Type: text/plain, Size: 1301 bytes --]

Hi,

We are planning to use TPM2.0 to protect private key for the certificate.
Need your help to understand/clarify the following.

1) What is the proper way to protect the private key using TPM?

2) Shall we just encrypt the private-key using the TPM? In that case,
     if somebody has root access, then they can execute a tool which can
send
     command to TPM in order to decrypt the private-key. That is still
vulnerable.
     Am I missing something?

3) Are there any abstract API which would work for both TPM1.2 or TPM2.0?
    Or, application (or wrapper API) needs to call hardware specific
library functions?

4) If there are any good document or write-ups about things-to-do to make
use of
    TPM2 functionality in application code (especially to protect private
keys),
     that will be very helpful.

5) We are using Ubuntu 18.04 LTS. What are all the packages (and
dependencies)
     we need to install?

     I see that tss2 package is available in 18.04. But not sure which
package has
     the resource manager. Also, if I want to test with simulator, should
we use
     the one provided by IBM?
     Another TPM2 stack (from Intel) is available in github (tpm2-tss).
Which one
     is better to use in Ubuntu 18.04 LTS.

Regards,
Ashok Kumar

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1752 bytes --]