Re: [tpm2] OpenSSL Compatibility in tpm2_MakeCredential

Re: [tpm2] OpenSSL Compatibility in tpm2_MakeCredential

[Matthew Dempsky]

[-- Attachment #1: Type: text/plain, Size: 1707 bytes --]

On Fri, Aug 16, 2019 at 2:04 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
wrote:

> I copied the code on my server but it seems that mine supports 1.0.2n and
> my manager said that they will not upgrade to newer versions until next
> year.
>

It's unclear to me exactly what code you're referring to here. For example,
your compiler logs below mention "tpm2_common.c", but as far as I can tell,
no such file has ever existed within the tpm2-tools Git repo.

*tpm2_common.c:894:5: warning: implicit declaration of function
> ‘RSA_padding_add_PKCS1_OAEP_mgf1’ [-Wimplicit-function-declaration]*
> *tpm2_common.c:1194:5: warning: implicit declaration of function
> ‘tpm_alg_to_ossl’ [-Wimplicit-function-declaration]*
>

These two warnings are about static functions that are declared within
lib/tpm2_identity_util.c. Are you maybe trying to just concatenate
tpm2-tools's source files into a single compilation unit?

*tpm2_common.c:1441:5: error: incompatible type for argument 1 of
> ‘EVP_DigestUpdate’*
> *     return EVP_DigestUpdate(ctx->md_ctx, data, len);*
> *     ^*
>

The string "md_ctx" doesn't appear anywhere in the tpm2-tools Git repo
either, as far as I can tell.

Is this a line of code that you wrote? If so, it should probably be
"&ctx->md_ctx" instead of just "ctx->md_ctx".


> 1.0.2 does not seem to have it or arguments are different!
>

I don't think EVP_DigestUpdate or EVP_DigestFinal_ex have changed in a long
time. For example, here's the OpenBSD man page from 2004, which shows them
taking an "EVP_MD_CTX*" parameter:
http://man.openbsd.org/OpenBSD-3.6/EVP_DigestUpdate

I think your problem is unrelated to OpenSSL version.

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 3188 bytes --]

Re: [tpm2] OpenSSL Compatibility in tpm2_MakeCredential

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 2864 bytes --]

Thanks for the response.
Yes, after searching around I made 2 mistakes:
1. Didn't use the tpm2_openssl.c functions
2. I need to place the ssl library after the -o option and before crypto
lib, otherwise i would get linker issues.
 Now, it compiles, but i need to see if it works :)  I'm guessing it should
since tpm2_makecredential -T none ... works

On Fri, Aug 23, 2019 at 10:07 AM Roberts, William C <
william.c.roberts(a)intel.com> wrote:

> The current master and 4.0 release can use >= 1.0.2g. However, there is a
> compat layer
> In lib/tpm2_openssl.c and it's respective header file as well.
>
> > -----Original Message-----
> > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Rahul
> Hardikar
> > Sent: Friday, August 16, 2019 4:04 PM
> > To: tpm2(a)lists.01.org
> > Subject: [tpm2] OpenSSL Compatibility in tpm2_MakeCredential
> >
> > Hello Experts,
> >
> > What is OpenSSL version being used to implement the TPM_MakeCredential
> off
> > the TPM chip? (i'm talking about the tpm2_makecredential.c code in
> > tpm2_tools/, that has 2 implementations, one using TPM chip and one using
> > OpenSSL)
> >
> > I copied the code on my server but it seems that mine supports 1.0.2n
> and my
> > manager said that they will not upgrade to newer versions until next
> year.
> >
> > How can I compile this ? How do I make it compatible with 1.0.2n are
> there ways
> > to copy code present in  the  OpenSSL version used in tpm2_tools?
> >  This is a snippet of the compiler errors I get in my local file:
> > tpm2_common.c: In function ‘encrypt_seed_with_rsa_public_key’:
> > tpm2_common.c:894:5: warning: implicit declaration of function
> > ‘RSA_padding_add_PKCS1_OAEP_mgf1’ [-Wimplicit-function-declaration]
> >      int return_code = RSA_padding_add_PKCS1_OAEP_mgf1(encoded,
> >      ^
> > tpm2_common.c: In function ‘aes_encrypt_buffers’:
> > tpm2_common.c:1194:5: warning: implicit declaration of function
> > ‘tpm_alg_to_ossl’ [-Wimplicit-function-declaration]
> >      const EVP_CIPHER *cipher = tpm_alg_to_ossl(sym); ...
> > tpm2_common.c:1441:5: error: incompatible type for argument 1 of
> > ‘EVP_DigestUpdate’
> >      return EVP_DigestUpdate(ctx->md_ctx, data, len);
> >      ^
> > In file included from tpm2_common.c:11:0:
> > /usr/include/node/openssl/evp.h:573:5: note: expected ‘struct EVP_MD_CTX
> *’
> > but argument is of type ‘EVP_MD_CTX’
> >  int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
> >      ^
> > tpm2_common.c: In function ‘HMAC_Final’:
> > tpm2_common.c:1452:5: error: incompatible type for argument 1 of
> > ‘EVP_DigestFinal_ex’
> >      if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
> >
> > 1.0.2 does not seem to have it or arguments are different!
> >
> > Thanks,
> > Rahul
> >      ^
>
>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 3569 bytes --]

Re: [tpm2] OpenSSL Compatibility in tpm2_MakeCredential

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 2291 bytes --]

The current master and 4.0 release can use >= 1.0.2g. However, there is a compat layer
In lib/tpm2_openssl.c and it's respective header file as well.

> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Rahul Hardikar
> Sent: Friday, August 16, 2019 4:04 PM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] OpenSSL Compatibility in tpm2_MakeCredential
> 
> Hello Experts,
> 
> What is OpenSSL version being used to implement the TPM_MakeCredential off
> the TPM chip? (i'm talking about the tpm2_makecredential.c code in
> tpm2_tools/, that has 2 implementations, one using TPM chip and one using
> OpenSSL)
> 
> I copied the code on my server but it seems that mine supports 1.0.2n and my
> manager said that they will not upgrade to newer versions until next year.
> 
> How can I compile this ? How do I make it compatible with 1.0.2n are there ways
> to copy code present in  the  OpenSSL version used in tpm2_tools?
>  This is a snippet of the compiler errors I get in my local file:
> tpm2_common.c: In function ‘encrypt_seed_with_rsa_public_key’:
> tpm2_common.c:894:5: warning: implicit declaration of function
> ‘RSA_padding_add_PKCS1_OAEP_mgf1’ [-Wimplicit-function-declaration]
>      int return_code = RSA_padding_add_PKCS1_OAEP_mgf1(encoded,
>      ^
> tpm2_common.c: In function ‘aes_encrypt_buffers’:
> tpm2_common.c:1194:5: warning: implicit declaration of function
> ‘tpm_alg_to_ossl’ [-Wimplicit-function-declaration]
>      const EVP_CIPHER *cipher = tpm_alg_to_ossl(sym); ...
> tpm2_common.c:1441:5: error: incompatible type for argument 1 of
> ‘EVP_DigestUpdate’
>      return EVP_DigestUpdate(ctx->md_ctx, data, len);
>      ^
> In file included from tpm2_common.c:11:0:
> /usr/include/node/openssl/evp.h:573:5: note: expected ‘struct EVP_MD_CTX *’
> but argument is of type ‘EVP_MD_CTX’
>  int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
>      ^
> tpm2_common.c: In function ‘HMAC_Final’:
> tpm2_common.c:1452:5: error: incompatible type for argument 1 of
> ‘EVP_DigestFinal_ex’
>      if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))
> 
> 1.0.2 does not seem to have it or arguments are different!
> 
> Thanks,
> Rahul
>      ^

Re: [tpm2] OpenSSL Compatibility in tpm2_MakeCredential

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 2521 bytes --]

Thanks for the response, Matthew.
I copied the external make credential into another file to be run on
another server w/o a tpm chip and I didn't want any confusion of filenames.

I don't see this definition "RSA_padding_add_PKCS1_OAEP_mgf1’" or
"RSA_set0_key" *in 1.0.2n , *would I need to bring in these API definitions
in my local file in order to compile?

By sending all the logs may be I added more confusion, basically my
question is,  what should I do If i use the tpm2_makecredential.c but have
only OpenSSL 1.0.2 to work with ? Is there a 1.0.2 version of this function
make_external_credential_and_save(void) ?

Thanks again,
Rahul



On Fri, Aug 16, 2019 at 2:35 PM Matthew Dempsky <matthew(a)dempsky.org> wrote:

> On Fri, Aug 16, 2019 at 2:04 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
> wrote:
>
>> I copied the code on my server but it seems that mine supports 1.0.2n and
>> my manager said that they will not upgrade to newer versions until next
>> year.
>>
>
> It's unclear to me exactly what code you're referring to here. For
> example, your compiler logs below mention "tpm2_common.c", but as far as I
> can tell, no such file has ever existed within the tpm2-tools Git repo.
>
> *tpm2_common.c:894:5: warning: implicit declaration of function
>> ‘RSA_padding_add_PKCS1_OAEP_mgf1’ [-Wimplicit-function-declaration]*
>> *tpm2_common.c:1194:5: warning: implicit declaration of function
>> ‘tpm_alg_to_ossl’ [-Wimplicit-function-declaration]*
>>
>
> These two warnings are about static functions that are declared within
> lib/tpm2_identity_util.c. Are you maybe trying to just concatenate
> tpm2-tools's source files into a single compilation unit?
>
> *tpm2_common.c:1441:5: error: incompatible type for argument 1 of
>> ‘EVP_DigestUpdate’*
>> *     return EVP_DigestUpdate(ctx->md_ctx, data, len);*
>> *     ^*
>>
>
> The string "md_ctx" doesn't appear anywhere in the tpm2-tools Git repo
> either, as far as I can tell.
>
> Is this a line of code that you wrote? If so, it should probably be
> "&ctx->md_ctx" instead of just "ctx->md_ctx".
>
>
>> 1.0.2 does not seem to have it or arguments are different!
>>
>
> I don't think EVP_DigestUpdate or EVP_DigestFinal_ex have changed in a
> long time. For example, here's the OpenBSD man page from 2004, which shows
> them taking an "EVP_MD_CTX*" parameter:
> http://man.openbsd.org/OpenBSD-3.6/EVP_DigestUpdate
>
> I think your problem is unrelated to OpenSSL version.
>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 6121 bytes --]

[tpm2] OpenSSL Compatibility in tpm2_MakeCredential

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 1848 bytes --]

Hello Experts,

What is OpenSSL version being used to implement the TPM_MakeCredential off
the TPM chip? (i'm talking about the tpm2_makecredential.c code in
tpm2_tools/, that has 2 implementations, one using TPM chip and one using
OpenSSL)

I copied the code on my server but it seems that mine supports 1.0.2n and
my manager said that they will not upgrade to newer versions until next
year.

How can I compile this ? How do I make it compatible with 1.0.2n are there
ways to copy code present in  the  OpenSSL version used in tpm2_tools?
* This is a snippet of the compiler errors I get in my local file:*
*tpm2_common.c: In function ‘encrypt_seed_with_rsa_public_key’:*
*tpm2_common.c:894:5: warning: implicit declaration of function
‘RSA_padding_add_PKCS1_OAEP_mgf1’ [-Wimplicit-function-declaration]*
*     int return_code = RSA_padding_add_PKCS1_OAEP_mgf1(encoded,*
*     ^*
*tpm2_common.c: In function ‘aes_encrypt_buffers’:*
*tpm2_common.c:1194:5: warning: implicit declaration of function
‘tpm_alg_to_ossl’ [-Wimplicit-function-declaration]*
*     const EVP_CIPHER *cipher = tpm_alg_to_ossl(sym);*
*...*
*tpm2_common.c:1441:5: error: incompatible type for argument 1 of
‘EVP_DigestUpdate’*
*     return EVP_DigestUpdate(ctx->md_ctx, data, len);*
*     ^*
*In file included from tpm2_common.c:11:0:*
*/usr/include/node/openssl/evp.h:573:5: note: expected ‘struct EVP_MD_CTX
*’ but argument is of type ‘EVP_MD_CTX’*
* int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);*
*     ^*
*tpm2_common.c: In function ‘HMAC_Final’:*
*tpm2_common.c:1452:5: error: incompatible type for argument 1 of
‘EVP_DigestFinal_ex’*
*     if (!EVP_DigestFinal_ex(ctx->md_ctx, buf, &i))*

1.0.2 does not seem to have it or arguments are different!

Thanks,
Rahul
     ^

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 2901 bytes --]