Re: [tpm2] Creating a TPM EK Public object at the server

Re: [tpm2] Creating a TPM EK Public object at the server

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 3884 bytes --]

Thanks for the replies.
So, is it okay to send the Public Object over Internet? I thought we should
only send the EK Certificate!  So there is no harm in sending TPM2B_PUBLIC
generated from createEk??

This will make life so much easier for me.

On Tue, Aug 27, 2019 at 12:40 PM Roberts, William C <
william.c.roberts(a)intel.com> wrote:

>
>
> > -----Original Message-----
> > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Roberts,
> William C
> > Sent: Tuesday, August 27, 2019 2:24 PM
> > To: Matthew Dempsky <matthew(a)dempsky.org>; Rahul Hardikar
> > <rahulhardikar(a)gmail.com>
> > Cc: tpm2(a)lists.01.org
> > Subject: Re: [tpm2] Creating a TPM EK Public object at the server
> >
> >
> >
> > > -----Original Message-----
> > > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Matthew
> > > Dempsky
> > > Sent: Tuesday, August 27, 2019 1:21 PM
> > > To: Rahul Hardikar <rahulhardikar(a)gmail.com>
> > > Cc: tpm2(a)lists.01.org
> > > Subject: Re: [tpm2] Creating a TPM EK Public object at the server
> > >
> > > On Tue, Aug 27, 2019, 11:01 AM Rahul Hardikar <rahulhardikar(a)gmail.com
> > > <mailto:rahulhardikar(a)gmail.com> > wrote:
> > >
> > >     1. Do we need to also copy the standard AuthPolicy digest into the
> > > structure too? This is definitely needed in TPM to recreate the EK but
> > > do we need it for make_credential_external?
> > >
> > >
> > > Conceptually, the "Make Credential" operation just needs to know the
> > > EK's public key and encryption scheme details (eg, SHA256 and
> AES-128-OFB).
> > >
> > > It's assumed that the auth policy is appropriate, since the TPM
> > > manufacturer certified the public key (and like you said, the EK can't
> > > be regenerated with a different policy); and you can assume the policy
> > > is satisfiable, because otherwise the EK can't be used to decrypt the
> credential
> > blob.
> > >
> > > The tpm2_makecredential tool takes the EK's "public" structure as
> > > input (which does include auth policy) though because it's an easy way
> > > to get the public key and encryption scheme details all in one package.
> > >
> > > See usage example at https://github.com/tpm2-software/tpm2-
> > > tools/blob/master/man/tpm2_activatecredential.1.md#examples
> > >
> > >
> > >     2. The EKCert is in ASN.1 DER format which i convert to PEM, is it
> > > okay to copy it directly or do I need to convert it to some other
> > > format and then copy the ek public key?
> > >
> > >
> > > tpm2_makecredential doesn't use the EK certificate. It's expected that
> > > you validate that separately, and then match it against the public key
> > > contained in the EK's "pubic" data.
> >
> > You're manufacturer should provide, somehow, the template used for
> > createprimary.
> > I think some manufacturers plop this stuff in NV indices. I'm not sure
> offhand if
> > this is part of PC client specification. But the tpm2_createek command
> goes after
> > NV Indices to get the template.
> > https://github.com/tpm2-software/tpm2-
> > tools/blob/master/tools/tpm2_createek.c#L106
>
> Missed "on server side". You would need that template + the public key
> from the
> cert to create a public TSS structure and call makecredential. Which as
> matt points out,
>  The TSS format is obviously not ideal for that. make credential could be
> modified
> also take a template and a cert. But why not just ask the client for the
> TSS pub and
> verify it? Part 24.2 of the architecture spec says the initiator provides
> the public portion
> of the object.
>
>
> https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf
>
>
> >
> > _______________________________________________
> > tpm2 mailing list
> > tpm2(a)lists.01.org
> > https://lists.01.org/mailman/listinfo/tpm2
>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 5815 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 2101 bytes --]

Hi Matthew,
It does but on the server side (no TPM access) I also have a file of all
pairs of hardware serial number and TPM EK certificate serial number, so I
know that they match but i need to validate it, it is more of allowing my
client on that device to get into the secure circle of communication , i.e.
server is talking to a legit device, once that's done the server-client
continue with other operations

Thanks,
Rahul

On Wed, Sep 11, 2019 at 12:26 AM Matthew Dempsky <matthew(a)dempsky.org>
wrote:

> On Tue, Sep 10, 2019 at 11:52 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
> wrote:
>
>> My confusion is , since my goal is to make sure the (a) TPM is genuine
>> and (b) the platform actually owns the TPM , technically I don't need the
>> AK Certificate Signing Request i.e I'm not doing the whole attestation CA
>> since i don't have any use for the AK Certificate, but my server
>> application  is going to run the challenge-response protocol to confirm the
>> client indeed owns the TPM, i.e the platform hardware is legit.
>> With this in mind, I didn't think it was necessary to send the AK
>> credentials at all , I just send the AK name to the server so that it can
>> run Make Credential!  Is that enough? Or am I expected to send AK Public
>> Object and the server will create AK name by hashing it and then use that
>> for Make Credential?
>>
>
> If I understand you correctly, you're saying all you care about is (1)
> that the client has a genuine TPM and (2) that they're able to demonstrate
> that they're able to use it? In particular, it sounds like you *don't* care
> about the client using an AK to attest anything (e.g., you don't plan on
> validating signatures generated by TPM2_Certify, TPM2_Quote, etc.)?
>
> That sounds unusual to me. But if that accurately describes your use case,
> then it sounds like sending just the "AK" name might be sufficient. You can
> use TPM2_MakeCredential to encrypt 32 bytes of data to a certified EK, and
> be confident those 32 bytes can only be decrypted by the corresponding TPM.
>
>>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 4278 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Matthew Dempsky]

[-- Attachment #1: Type: text/plain, Size: 1538 bytes --]

On Tue, Sep 10, 2019 at 11:52 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
wrote:

> My confusion is , since my goal is to make sure the (a) TPM is genuine and
> (b) the platform actually owns the TPM , technically I don't need the AK
> Certificate Signing Request i.e I'm not doing the whole attestation CA
> since i don't have any use for the AK Certificate, but my server
> application  is going to run the challenge-response protocol to confirm the
> client indeed owns the TPM, i.e the platform hardware is legit.
> With this in mind, I didn't think it was necessary to send the AK
> credentials at all , I just send the AK name to the server so that it can
> run Make Credential!  Is that enough? Or am I expected to send AK Public
> Object and the server will create AK name by hashing it and then use that
> for Make Credential?
>

If I understand you correctly, you're saying all you care about is (1) that
the client has a genuine TPM and (2) that they're able to demonstrate that
they're able to use it? In particular, it sounds like you *don't* care
about the client using an AK to attest anything (e.g., you don't plan on
validating signatures generated by TPM2_Certify, TPM2_Quote, etc.)?

That sounds unusual to me. But if that accurately describes your use case,
then it sounds like sending just the "AK" name might be sufficient. You can
use TPM2_MakeCredential to encrypt 32 bytes of data to a certified EK, and
be confident those 32 bytes can only be decrypted by the corresponding TPM.

>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 3049 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 1944 bytes --]

My confusion is , since my goal is to make sure the (a) TPM is genuine and
(b) the platform actually owns the TPM , technically I don't need the AK
Certificate Signing Request i.e I'm not doing the whole attestation CA
since i don't have any use for the AK Certificate, but my server
application  is going to run the challenge-response protocol to confirm the
client indeed owns the TPM, i.e the platform hardware is legit.
With this in mind, I didn't think it was necessary to send the AK
credentials at all , I just send the AK name to the server so that it can
run Make Credential!  Is that enough? Or am I expected to send AK Public
Object and the server will create AK name by hashing it and then use that
for Make Credential?

Thanks,
Rahul


On Tue, Sep 10, 2019 at 10:17 PM Matthew Dempsky <matthew(a)dempsky.org>
wrote:

> On Tue, Sep 10, 2019 at 9:33 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
> wrote:
>
>> In TPM2.0, do we have to do the same, i.e.
>> - send AK public object along with the AK Cert signed  or
>>
>
> Do you mean "AK certificate signing request" here? If so, yes, this is
> probably the best option.
>
>
>> - would sending the AK name suffice since it is cryptographically linked
>> to EK or
>>
>
> TPM2_ActivateCredential doesn't care what sort of object "name" refers to,
> as long as the TPM has a secret area loaded for it.
>
> So sending the AK name is not sufficient. The server should check the AK's
> public data for suitability as an AK. E.g., you probably want to verify
> that "restricted", "fixedTPM", "fixedParent", "sensitiveDataOrigin", and
> "sign" are set, and "decrypt" is clear.
>
> - do we just send back the credential blob and secret that Make_credential
>> created and since we already have the EK and AK keys loaded in the TPM, we
>> don't have to do anything else other than pass the 2 outputs of
>> MakeCredential?
>>
>
> Correct.
>
>>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 4257 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Matthew Dempsky]

[-- Attachment #1: Type: text/plain, Size: 1051 bytes --]

On Tue, Sep 10, 2019 at 9:33 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
wrote:

> In TPM2.0, do we have to do the same, i.e.
> - send AK public object along with the AK Cert signed  or
>

Do you mean "AK certificate signing request" here? If so, yes, this is
probably the best option.


> - would sending the AK name suffice since it is cryptographically linked
> to EK or
>

TPM2_ActivateCredential doesn't care what sort of object "name" refers to,
as long as the TPM has a secret area loaded for it.

So sending the AK name is not sufficient. The server should check the AK's
public data for suitability as an AK. E.g., you probably want to verify
that "restricted", "fixedTPM", "fixedParent", "sensitiveDataOrigin", and
"sign" are set, and "decrypt" is clear.

- do we just send back the credential blob and secret that Make_credential
> created and since we already have the EK and AK keys loaded in the TPM, we
> don't have to do anything else other than pass the 2 outputs of
> MakeCredential?
>

Correct.

>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 2675 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 2443 bytes --]

HI All,
So I got the Make Credential to compile and work, I have some questions
about the remote attestation with privacy CA

In TPM1.2, the privacy CA would send back the  AIK public object (as blob
2) along with the AIK Certificate (as a blob1 )that it signed and the TPM
would compare if AIK is same before giving the session key to get the AIk
Cert.
In TPM2.0, do we have to do the same, i.e.
- send AK public object along with the AK Cert signed  or
- would sending the AK name suffice since it is cryptographically linked to
EK or
- do we just send back the credential blob and secret that Make_credential
created and since we already have the EK and AK keys loaded in the TPM, we
don't have to do anything else other than pass the 2 outputs of
MakeCredential?

Thanks,
Rahul

Thanks,
Rahul

On Wed, Aug 28, 2019 at 11:33 AM Rahul Hardikar <rahulhardikar(a)gmail.com>
wrote:

> Thanks Matthew for the suggestion. Let's see if it all works out, haven't
> tested the make_external_credential yet!
>
> On Tue, Aug 27, 2019 at 4:16 PM Matthew Dempsky <matthew(a)dempsky.org>
> wrote:
>
>> On Tue, Aug 27, 2019 at 3:07 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
>> wrote:
>>
>>> But would I still need to verify the public key in the object is same as
>>> the public key in the certificate on the *server* side?
>>>
>>
>> Yes, if the client sends to the server both the TPM2B_PUBLIC (for
>> tpm2_makecredential) and the EK certificate (for X.509 validation), then
>> the server needs to make sure they both refer to the same public key.
>>
>> Currently, I validate the ek certificate to the root CA and I use the
>>> make_credential/activate_credential to prove genuine tpm,  and  also check
>>> if the certificate's Key Usage is keyEncipherment (since i use RSA),
>>> wondering if this is sufficient?
>>>
>>
>> Assuming you're making sure Make Credential is using the same public key
>> that was validated against the root CA (e.g., by checking that it matches
>> the TPM2B_PUBLIC that you pass to tpm2_makecredential as suggested above),
>> then yes, this sounds reasonable to me.
>>
>> Beyond checking keyEncipherment, you might check section 3 of
>> https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_Credential_Profile_EK_V2.1_R13.pdf.
>> There are a few other TCG-specified attributes that EK certificates "MUST"
>> have, which you could try checking for.
>>
>>>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 4293 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 1496 bytes --]

Thanks Matthew for the suggestion. Let's see if it all works out, haven't
tested the make_external_credential yet!

On Tue, Aug 27, 2019 at 4:16 PM Matthew Dempsky <matthew(a)dempsky.org> wrote:

> On Tue, Aug 27, 2019 at 3:07 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
> wrote:
>
>> But would I still need to verify the public key in the object is same as
>> the public key in the certificate on the *server* side?
>>
>
> Yes, if the client sends to the server both the TPM2B_PUBLIC (for
> tpm2_makecredential) and the EK certificate (for X.509 validation), then
> the server needs to make sure they both refer to the same public key.
>
> Currently, I validate the ek certificate to the root CA and I use the
>> make_credential/activate_credential to prove genuine tpm,  and  also check
>> if the certificate's Key Usage is keyEncipherment (since i use RSA),
>> wondering if this is sufficient?
>>
>
> Assuming you're making sure Make Credential is using the same public key
> that was validated against the root CA (e.g., by checking that it matches
> the TPM2B_PUBLIC that you pass to tpm2_makecredential as suggested above),
> then yes, this sounds reasonable to me.
>
> Beyond checking keyEncipherment, you might check section 3 of
> https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_Credential_Profile_EK_V2.1_R13.pdf.
> There are a few other TCG-specified attributes that EK certificates "MUST"
> have, which you could try checking for.
>
>>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 2920 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Matthew Dempsky]

[-- Attachment #1: Type: text/plain, Size: 1253 bytes --]

On Tue, Aug 27, 2019 at 3:07 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
wrote:

> But would I still need to verify the public key in the object is same as
> the public key in the certificate on the *server* side?
>

Yes, if the client sends to the server both the TPM2B_PUBLIC (for
tpm2_makecredential) and the EK certificate (for X.509 validation), then
the server needs to make sure they both refer to the same public key.

Currently, I validate the ek certificate to the root CA and I use the
> make_credential/activate_credential to prove genuine tpm,  and  also check
> if the certificate's Key Usage is keyEncipherment (since i use RSA),
> wondering if this is sufficient?
>

Assuming you're making sure Make Credential is using the same public key
that was validated against the root CA (e.g., by checking that it matches
the TPM2B_PUBLIC that you pass to tpm2_makecredential as suggested above),
then yes, this sounds reasonable to me.

Beyond checking keyEncipherment, you might check section 3 of
https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_Credential_Profile_EK_V2.1_R13.pdf.
There are a few other TCG-specified attributes that EK certificates "MUST"
have, which you could try checking for.

>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 2197 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 1235 bytes --]

Thats awesome! Don't know why i was breaking my head in creating a TPM
object on the server using all those crazy OpenSSL commands to extract the
public key.
But would I still need to verify the public key in the object is same as
the public key in the certificate on the *server* side? I do have a DTLS
connection between the client and server established but that could also be
with a rogue client. Trying to understand what steps I need to take in
order to prevent man-in-the-middle attacks.
Currently, I validate the ek certificate to the root CA and I use the
make_credential/activate_credential to prove genuine tpm,  and  also check
if the certificate's Key Usage is keyEncipherment (since i use RSA),
wondering if this is sufficient?
Thanks,
Rahul

On Tue, Aug 27, 2019 at 2:49 PM Matthew Dempsky <matthew(a)dempsky.org> wrote:

> On Tue, Aug 27, 2019 at 2:38 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
> wrote:
>
>> So, is it okay to send the Public Object over Internet? I thought we
>> should only send the EK Certificate!  So there is no harm in sending
>> TPM2B_PUBLIC generated from createEk??
>>
>
> Yes, it's fine for you to share tpm2_createek's TPM2B_PUBLIC output with
> the server.
>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1969 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Matthew Dempsky]

[-- Attachment #1: Type: text/plain, Size: 364 bytes --]

On Tue, Aug 27, 2019 at 2:38 PM Rahul Hardikar <rahulhardikar(a)gmail.com>
wrote:

> So, is it okay to send the Public Object over Internet? I thought we
> should only send the EK Certificate!  So there is no harm in sending
> TPM2B_PUBLIC generated from createEk??
>

Yes, it's fine for you to share tpm2_createek's TPM2B_PUBLIC output with
the server.

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 692 bytes --]

Re: [tpm2] Creating a TPM EK Public object at the server

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 3350 bytes --]



> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Roberts, William C
> Sent: Tuesday, August 27, 2019 2:24 PM
> To: Matthew Dempsky <matthew(a)dempsky.org>; Rahul Hardikar
> <rahulhardikar(a)gmail.com>
> Cc: tpm2(a)lists.01.org
> Subject: Re: [tpm2] Creating a TPM EK Public object at the server
> 
> 
> 
> > -----Original Message-----
> > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Matthew
> > Dempsky
> > Sent: Tuesday, August 27, 2019 1:21 PM
> > To: Rahul Hardikar <rahulhardikar(a)gmail.com>
> > Cc: tpm2(a)lists.01.org
> > Subject: Re: [tpm2] Creating a TPM EK Public object at the server
> >
> > On Tue, Aug 27, 2019, 11:01 AM Rahul Hardikar <rahulhardikar(a)gmail.com
> > <mailto:rahulhardikar(a)gmail.com> > wrote:
> >
> > 	1. Do we need to also copy the standard AuthPolicy digest into the
> > structure too? This is definitely needed in TPM to recreate the EK but
> > do we need it for make_credential_external?
> >
> >
> > Conceptually, the "Make Credential" operation just needs to know the
> > EK's public key and encryption scheme details (eg, SHA256 and AES-128-OFB).
> >
> > It's assumed that the auth policy is appropriate, since the TPM
> > manufacturer certified the public key (and like you said, the EK can't
> > be regenerated with a different policy); and you can assume the policy
> > is satisfiable, because otherwise the EK can't be used to decrypt the credential
> blob.
> >
> > The tpm2_makecredential tool takes the EK's "public" structure as
> > input (which does include auth policy) though because it's an easy way
> > to get the public key and encryption scheme details all in one package.
> >
> > See usage example at https://github.com/tpm2-software/tpm2-
> > tools/blob/master/man/tpm2_activatecredential.1.md#examples
> >
> >
> > 	2. The EKCert is in ASN.1 DER format which i convert to PEM, is it
> > okay to copy it directly or do I need to convert it to some other
> > format and then copy the ek public key?
> >
> >
> > tpm2_makecredential doesn't use the EK certificate. It's expected that
> > you validate that separately, and then match it against the public key
> > contained in the EK's "pubic" data.
> 
> You're manufacturer should provide, somehow, the template used for
> createprimary.
> I think some manufacturers plop this stuff in NV indices. I'm not sure offhand if
> this is part of PC client specification. But the tpm2_createek command goes after
> NV Indices to get the template.
> https://github.com/tpm2-software/tpm2-
> tools/blob/master/tools/tpm2_createek.c#L106

Missed "on server side". You would need that template + the public key from the
cert to create a public TSS structure and call makecredential. Which as matt points out,
 The TSS format is obviously not ideal for that. make credential could be modified
also take a template and a cert. But why not just ask the client for the TSS pub and
verify it? Part 24.2 of the architecture spec says the initiator provides the public portion
of the object.

https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf


> 
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2

Re: [tpm2] Creating a TPM EK Public object at the server

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 2201 bytes --]



> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Matthew Dempsky
> Sent: Tuesday, August 27, 2019 1:21 PM
> To: Rahul Hardikar <rahulhardikar(a)gmail.com>
> Cc: tpm2(a)lists.01.org
> Subject: Re: [tpm2] Creating a TPM EK Public object at the server
> 
> On Tue, Aug 27, 2019, 11:01 AM Rahul Hardikar <rahulhardikar(a)gmail.com
> <mailto:rahulhardikar(a)gmail.com> > wrote:
> 
> 	1. Do we need to also copy the standard AuthPolicy digest into the
> structure too? This is definitely needed in TPM to recreate the EK but do we need
> it for make_credential_external?
> 
> 
> Conceptually, the "Make Credential" operation just needs to know the EK's public
> key and encryption scheme details (eg, SHA256 and AES-128-OFB).
> 
> It's assumed that the auth policy is appropriate, since the TPM manufacturer
> certified the public key (and like you said, the EK can't be regenerated with a
> different policy); and you can assume the policy is satisfiable, because otherwise
> the EK can't be used to decrypt the credential blob.
> 
> The tpm2_makecredential tool takes the EK's "public" structure as input (which
> does include auth policy) though because it's an easy way to get the public key
> and encryption scheme details all in one package.
> 
> See usage example at https://github.com/tpm2-software/tpm2-
> tools/blob/master/man/tpm2_activatecredential.1.md#examples
> 
> 
> 	2. The EKCert is in ASN.1 DER format which i convert to PEM, is it okay to
> copy it directly or do I need to convert it to some other format and then copy the
> ek public key?
> 
> 
> tpm2_makecredential doesn't use the EK certificate. It's expected that you
> validate that separately, and then match it against the public key contained in the
> EK's "pubic" data.

You're manufacturer should provide, somehow, the template used for createprimary.
I think some manufacturers plop this stuff in NV indices. I'm not sure offhand if this
is part of PC client specification. But the tpm2_createek command goes after NV
Indices to get the template.
https://github.com/tpm2-software/tpm2-tools/blob/master/tools/tpm2_createek.c#L106

Re: [tpm2] Creating a TPM EK Public object at the server

[Matthew Dempsky]

[-- Attachment #1: Type: text/plain, Size: 1438 bytes --]

On Tue, Aug 27, 2019, 11:01 AM Rahul Hardikar <rahulhardikar(a)gmail.com>
wrote:

> 1. Do we need to also copy the standard AuthPolicy digest into the
> structure too? This is definitely needed in TPM to recreate the EK but do
> we need it for make_credential_external?
>

Conceptually, the "Make Credential" operation just needs to know the EK's
public key and encryption scheme details (eg, SHA256 and AES-128-OFB).

It's assumed that the auth policy is appropriate, since the TPM
manufacturer certified the public key (and like you said, the EK can't be
regenerated with a different policy); and you can assume the policy is
satisfiable, because otherwise the EK can't be used to decrypt the
credential blob.

The tpm2_makecredential tool takes the EK's "public" structure as input
(which does include auth policy) though because it's an easy way to get the
public key and encryption scheme details all in one package.

See usage example at
https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_activatecredential.1.md#examples

2. The EKCert is in ASN.1 DER format which i convert to PEM, is it okay to
> copy it directly or do I need to convert it to some other format and then
> copy the ek public key?
>

tpm2_makecredential doesn't use the EK certificate. It's expected that you
validate that separately, and then match it against the public key
contained in the EK's "pubic" data.

>

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 2465 bytes --]

[tpm2] Creating a TPM EK Public object at the server

[Rahul Hardikar]

[-- Attachment #1: Type: text/plain, Size: 895 bytes --]

Hi All,
Now that the make_external_credential is compiling I wanted to understand
what should the EK Pub object look like to pass to the
make_external_credential.
Since it is done off tpm chip and client only sends the EK certificate (and
ak_name) so in order to create a TPM2B_PUBLIC structure,
1. I fill the standard template to create EK Key (parameters like nameAlg,
object attributes, RSA symmetric details)
2. Extract the EKPUB key and copy it to the unique field in this structure

My question is:
1. Do we need to also copy the standard AuthPolicy digest into the
structure too? This is definitely needed in TPM to recreate the EK but do
we need it for make_credential_external?
2. The EKCert is in ASN.1 DER format which i convert to PEM, is it okay to
copy it directly or do I need to convert it to some other format and then
copy the ek public key?

Thanks,
Rahul

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1035 bytes --]