All of lore.kernel.org
 help / color / mirror / Atom feed
* [tpm2] Re: using Esys_Create() API creating a key with AES encryption
@ 2020-04-23  3:51 Muthukumar S
  0 siblings, 0 replies; 6+ messages in thread
From: Muthukumar S @ 2020-04-23  3:51 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 2494 bytes --]

Thanks Roberts William, I'll check the suggestion that you have shared.

BR,
Muthukumar

On Thu, Apr 23, 2020, 3:29 AM Roberts, William C <
william.c.roberts(a)intel.com wrote:

> You would save the tpm blobs serializing them with libmu:
>
> Marshal give you bytes you can use fopen() and fwrite() to send to disk and
> And Unmarshal variants take bytes from fopen() and fread() and five you
> back
> The structure.
>
> Those can then be passed to Esys_Load() to get the ESYS_TR handle back.
>
>
> https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h#L541
>
> https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h#L549
>
>
> https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h#L402
>
> https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h#L409
>
>
> > -----Original Message-----
> > From: Muthukumar S [mailto:muthu.smk(a)gmail.com]
> > Sent: Wednesday, April 22, 2020 1:13 PM
> > To: Roberts, William C <william.c.roberts(a)intel.com>
> > Cc: tpm2(a)lists.01.org
> > Subject: Re: [tpm2] Re: using Esys_Create() API creating a key with AES
> > encryption
> >
> > Hi William C,
> > Thanks for your support. Is it possible to write the "aes key in to a
> file" . Tried
> > saving the rsa key generated by using tpm2tss_rsa_genkey() API , sudo
> code
> > block shown below.
> >
> > TPM2_DATA tpm2Data;
> > ...
> > //generating rsa genkey:
> >     tpm2tss_rsa_genkey(rsa, opt.keysize, e, opt.password, opt.parent)
> >
> > //allocate memory for generated key to be get stored
> >
> >     TPM2_DATA *tpm2Data = calloc(1, sizeof(*tpm2Data));
> >
> > // copying the output rsa key to "tpm2data" data buffer
> >     mem=memcpy(tpm2Data, RSA_get_app_data(rsa), sizeof(*tpm2Data));
> >
> > // writing the key to disk (file)
> > char *filename = "rsa_key";
> >     tpm2tss_tpm2data_write(tpm2Data, filename)
> >
> > ...
> > using below API i tried to write that
> >         if (!tpm2tss_tpm2data_write(tpm2Data, rsa_filename)) {
> >              ERR("Error writing file\n");
> >              free(tpm2Data);
> >              return 1;
> >          }
> >
> >
> > Let me know , using above approach is correct or is there any way to
> save the
> > generated AES key in to a file.
>
> No, the majority of what y'all are doing looks wrong. Stop using internal
> API's and use the public
> APIs published in the include header files.
>
>

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 3845 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [tpm2] Re: using Esys_Create() API creating a key with AES encryption
@ 2020-04-22 21:59 Roberts, William C
  0 siblings, 0 replies; 6+ messages in thread
From: Roberts, William C @ 2020-04-22 21:59 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 2177 bytes --]

You would save the tpm blobs serializing them with libmu:

Marshal give you bytes you can use fopen() and fwrite() to send to disk and
And Unmarshal variants take bytes from fopen() and fread() and five you back
The structure.

Those can then be passed to Esys_Load() to get the ESYS_TR handle back.

https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h#L541
https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h#L549

https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h#L402
https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_mu.h#L409


> -----Original Message-----
> From: Muthukumar S [mailto:muthu.smk(a)gmail.com]
> Sent: Wednesday, April 22, 2020 1:13 PM
> To: Roberts, William C <william.c.roberts(a)intel.com>
> Cc: tpm2(a)lists.01.org
> Subject: Re: [tpm2] Re: using Esys_Create() API creating a key with AES
> encryption
> 
> Hi William C,
> Thanks for your support. Is it possible to write the "aes key in to a file" . Tried
> saving the rsa key generated by using tpm2tss_rsa_genkey() API , sudo code
> block shown below.
> 
> TPM2_DATA tpm2Data;
> ...
> //generating rsa genkey:
>     tpm2tss_rsa_genkey(rsa, opt.keysize, e, opt.password, opt.parent)
> 
> //allocate memory for generated key to be get stored
> 
>     TPM2_DATA *tpm2Data = calloc(1, sizeof(*tpm2Data));
> 
> // copying the output rsa key to "tpm2data" data buffer
>     mem=memcpy(tpm2Data, RSA_get_app_data(rsa), sizeof(*tpm2Data));
> 
> // writing the key to disk (file)
> char *filename = "rsa_key";
>     tpm2tss_tpm2data_write(tpm2Data, filename)
> 
> ...
> using below API i tried to write that
>         if (!tpm2tss_tpm2data_write(tpm2Data, rsa_filename)) {
>              ERR("Error writing file\n");
>              free(tpm2Data);
>              return 1;
>          }
> 
> 
> Let me know , using above approach is correct or is there any way to save the
> generated AES key in to a file.

No, the majority of what y'all are doing looks wrong. Stop using internal API's and use the public
APIs published in the include header files.


^ permalink raw reply	[flat|nested] 6+ messages in thread
* [tpm2] Re: using Esys_Create() API creating a key with AES encryption
@ 2020-04-22 18:13 Muthukumar S
  0 siblings, 0 replies; 6+ messages in thread
From: Muthukumar S @ 2020-04-22 18:13 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 1020 bytes --]

Hi William C,
Thanks for your support. Is it possible to write the "aes key in to a file"
. Tried saving the rsa key generated by using tpm2tss_rsa_genkey() API ,
sudo code block shown below.

TPM2_DATA tpm2Data;
...
//generating rsa genkey:
    tpm2tss_rsa_genkey(rsa, opt.keysize, e, opt.password, opt.parent)
//allocate memory for generated key to be get stored
    TPM2_DATA *tpm2Data = calloc(1, sizeof(*tpm2Data));
// copying the output rsa key to "tpm2data" data buffer
    mem=memcpy(tpm2Data, RSA_get_app_data(rsa), sizeof(*tpm2Data));
// writing the key to disk (file)
char *filename = "rsa_key";
    tpm2tss_tpm2data_write(tpm2Data, filename)
...
using below API i tried to write that
        if (!tpm2tss_tpm2data_write(tpm2Data, rsa_filename)) {
             ERR("Error writing file\n");
             free(tpm2Data);
             return 1;
         }

Let me know , using above approach is correct or is there any way to save
the generated AES key in to a file.

BR,
Muthukumar

[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 1357 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [tpm2] Re: using Esys_Create() API creating a key with AES encryption
@ 2020-04-21 17:37 Roberts, William C
  0 siblings, 0 replies; 6+ messages in thread
From: Roberts, William C @ 2020-04-21 17:37 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 654 bytes --]

Full example:
https://gist.github.com/williamcroberts/66a7dab3adfb973fbae3219954535009


> -----Original Message-----
> From: muthu.smk(a)gmail.com [mailto:muthu.smk(a)gmail.com]
> Sent: Tuesday, April 21, 2020 6:34 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Re: using Esys_Create() API creating a key with AES encryption
> 
> Hi @William Roberts
> Can you please give me any guidance on this request.
> 
> BR,
> Muthukumar
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [tpm2] Re: using Esys_Create() API creating a key with AES encryption
@ 2020-04-21 11:34 muthu.smk
  0 siblings, 0 replies; 6+ messages in thread
From: muthu.smk @ 2020-04-21 11:34 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 93 bytes --]

Hi @William Roberts 
Can you please give me any guidance on this request.

BR,
Muthukumar

^ permalink raw reply	[flat|nested] 6+ messages in thread
* [tpm2] Re: using Esys_Create() API creating a key with AES encryption
@ 2020-04-14  7:51 Fuchs, Andreas
  0 siblings, 0 replies; 6+ messages in thread
From: Fuchs, Andreas @ 2020-04-14  7:51 UTC (permalink / raw)
  To: tpm2

[-- Attachment #1: Type: text/plain, Size: 3117 bytes --]

Just keep in mind that 99.9% of TPMs do not support AES keys.
This is due to export / import restrictions of most countries in the world.
Just be sure that your TPM supports AES keys; otherwise your code will fail.

Your inPublic must be of type SYMCIPHER and then the algorithm would be
AES. Have a look at the "TPM library specification Part 2" and look for the
descriptions of TPMT_PUBLIC and which type yields which union-selection
to figure out the details.

The lack of examples comes from the aforementioned reason.

________________________________________
From: muthu.smk(a)gmail.com [muthu.smk(a)gmail.com]
Sent: Tuesday, April 14, 2020 09:38
To: tpm2(a)lists.01.org
Subject: [tpm2] using Esys_Create() API creating a key with AES encryption

Hi @williams
As suggested by you creating this request in the emailing list

I just want to create a "AES key" using TPM , i could find the below sample of RSA key generation using tpm2tss_rsa_genkey() API . Could you help me on sharing the API or sample code block that helps me to generate "AES based key" using TPM ?

rsa = RSA_new();
if (!rsa) {
ERR("out of memory\n");
BN_free(e);
return NULL;
}
if (!tpm2tss_rsa_genkey(rsa, opt.keysize, e, opt.password, opt.parent)) {
BN_free(e);
RSA_free(rsa);
ERR("Error: Generating key failed\n");
return NULL;
}

You have suggested to use - Esys_Create, with the public template filled in for an AES key.
I have found the sample of the same in https://github.com/tpm2-software/tpm2-tss/blob/master/test/integration/esys-encrypt-decrypt.int.c

And the below code block/structure that enable "AES" based key generation was  shared below. Can you please confirm whether am i going in correct direction to achieve my requirement . It would be great if you have any sample code to be shared with me on this front.
...
..
 TPM2B_PUBLIC inPublic2 = {
..
..
.parameters.rsaDetail = {
                 .symmetric = {
                     .algorithm = TPM2_ALG_AES,
                     .keyBits.aes = 128,
                     .mode.aes = TPM2_ALG_CFB},
                 .scheme = {
                      .scheme = TPM2_ALG_NULL
                  },
                 .keyBits = 2048,
                 .exponent = 0,
             },

...
...
}

/* Esys_Create API , which will take above struct inputs filled by user as
  r = Esys_Create(esys_context,
                    primaryHandle,
                    ESYS_TR_PASSWORD, ESYS_TR_NONE, ESYS_TR_NONE,
                    &inSensitive2,
                    &inPublic2,    /* in this struct we are filling that we required AES based input key gen */
                    &outsideInfo2,
                    &creationPCR2,
                    &outPrivate2,
                    &outPublic2,
                    &creationData2, &creationHash2, &creationTicket2);
                           &creationTicket);
_______________________________________________
tpm2 mailing list -- tpm2(a)lists.01.org
To unsubscribe send an email to tpm2-leave(a)lists.01.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2020-04-23  3:51 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-23  3:51 [tpm2] Re: using Esys_Create() API creating a key with AES encryption Muthukumar S
  -- strict thread matches above, loose matches on Subject: below --
2020-04-22 21:59 Roberts, William C
2020-04-22 18:13 Muthukumar S
2020-04-21 17:37 Roberts, William C
2020-04-21 11:34 muthu.smk
2020-04-14  7:51 Fuchs, Andreas

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.