Re: [tpm2] tpm2-tss-engine

Re: [tpm2] tpm2-tss-engine

[David Woodhouse]

[-- Attachment #1: Type: text/plain, Size: 1239 bytes --]

On Wed, 2019-04-10 at 17:44 +0000, Roberts, William C wrote:
> > - I'm not familiar with the engine concept of OpenSSL, is there a way to
> >    use the engine with a software that is not engine-aware? In my case
> >    the mosquitto message broker. Or would I have to modify the software?
> 
> I think engines can be loaded via the config file or environment variables.

The engine can be loaded simply by calling ENGINE_by_id("tpm2"). If
it's installed properly you shouldn't need to mess with config files
etc.

(We did fix the engine name to be consistent with the other
implementation, so that applications don't need to try both, didn't we?
Otherwise, apps need to try both "tpm2" and "tpm2-tss" engine names.)

For example applications using this, see OpenConnect:

http://git.infradead.org/users/dwmw2/openconnect.git/blob/HEAD:/openssl.c#l922

Or wpa_supplicant:

https://www.spinics.net/lists/hostap/msg05728.html


It isn't hard. Of course, OpenSSL should make it *easier*, and should
just Do The Right Thing when it sees a PEM file with the appropriate
-----BEGIN TSS2 PRIVATE KEY----- marker.... but that will take a while
to fix. Perhaps if the engine were to offer an ASN1_METHOD for it?





[-- Attachment #2: smime.p7s --]
[-- Type: application/x-pkcs7-signature, Size: 5174 bytes --]

Re: [tpm2] tpm2-tss-engine

[Ralf Schlatterbeck]

[-- Attachment #1: Type: text/plain, Size: 1545 bytes --]

On Thu, Apr 11, 2019 at 08:19:57PM +0000, Fuchs, Andreas wrote:
> - You need to somehow tell openssl to use "keyform = engine"
>   Unfortunately, I don't currently know how to do this using the openssl.cnf
> 
> Once we merge PR https://github.com/tpm2-software/tpm2-tss-engine/pull/89
> The loading of keys should work without the "keyform = engine" settings.
> Until then, I'm unsure how exactly this can be managed.

That looks promising. So can I asume that with keyform = engine an
existing client can use the engine without additional code changes? I'll
try to find out if I can set the keyform parameter in the ssl config.

> - The engine already support ECDSA. Have a look at the -alg parameter
> of tpm2tss-genkey

Oh. I was irritated by

root(a)sun8i:/etc/mosquitto# openssl engine -c -vvvv -t tpm2tss
(tpm2tss) TPM2-TSS engine for OpenSSL
 [RSA, RAND]
...
which indicates it does support only RSA?

> - An wrt documentation: I'd appreciate anything you seem fit.
>   Preferably as PullRequest or as Issue on github. Emails just allways
>   get lost.

OK I'll look into this but don't know enough yet about the tpm to
describe the key protection in more detail. But I think I can come up
with a note that hopefully would prevent the questions I asked for
someone coming later :-)

Thanks
Ralf
-- 
Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   http://www.runtux.com
Reichergasse 131, A-3411 Weidling       email: office(a)runtux.com

Re: [tpm2] tpm2-tss-engine

[Fuchs, Andreas]

[-- Attachment #1: Type: text/plain, Size: 4923 bytes --]

- You need to somehow tell openssl to use "keyform = engine"
  Unfortunately, I don't currently know how to do this using the openssl.cnf

Once we merge PR https://github.com/tpm2-software/tpm2-tss-engine/pull/89
The loading of keys should work without the "keyform = engine" settings.
Until then, I'm unsure how exactly this can be managed.

- The engine already support ECDSA. Have a look at the -alg parameter of tpm2tss-genkey

- An wrt documentation: I'd appreciate anything you seem fit. Preferably as PullRequest
or as Issue on github. Emails just allways get lost.

Cheers,
Andreas
________________________________________
From: tpm2 [tpm2-bounces(a)lists.01.org] on behalf of Ralf Schlatterbeck [rsc(a)runtux.com]
Sent: Thursday, April 11, 2019 17:43
To: tpm2(a)lists.01.org
Subject: Re: [tpm2] tpm2-tss-engine

On Wed, Apr 10, 2019 at 05:44:09PM +0000, Roberts, William C wrote:
> > -----Original Message-----
> > From: tpm2 On Behalf Of Ralf Schlatterbeck
> > I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon running on
> > - The key generation examples in the README.md create the private key in
> >   a file on the local filesystem. Isn't the purpose of a
> >   hw-security-module that the key stays inside the device and can't be
> >   extracted? Or am I missing something here?
>
> That blob of data that gets stored on disk is sealed to that TPM. So
> outside of DOS If someone deletes that keyblob, there's no real way to
> use it to extract the key material Directly from that blob unless they
> break the TPMs crypto mechanism used to protect it.

Thanks, the process of key generation looked too much like the normal
ssl key generation and I didn't look into the key file. It has "BEGIN
TSS2 PRIVATE KEY" which could have told me something had I looked :-)

Shouldn't that be documented in one or two sentences in the README.md?

> > - I'm not familiar with the engine concept of OpenSSL, is there a way to
> >   use the engine with a software that is not engine-aware? In my case
> >   the mosquitto message broker. Or would I have to modify the software?
>
> I think engines can be loaded via the config file or environment variables.

On Wed, Apr 10, 2019 at 06:54:19PM +0000, Fuchs, Andreas wrote:
> - You can define an openssl.cnf file and env variable. See
>   https://www.openssl.org/docs/man1.1.0/man5/config.html

On Thu, Apr 11, 2019 at 11:46:30AM +0300, David Woodhouse wrote:
>
> The engine can be loaded simply by calling ENGINE_by_id("tpm2"). If
> it's installed properly you shouldn't need to mess with config files
> etc.

OK I had hoped that simply plugging an engine into the openssl config
would do the trick for me: Openssl should be smart enough to figure out
via the key file that it can/should use an engine to do the work. Oh
well. My naive approach involved configuring the TSS2 PRIVATE KEY file
as the key-file in mosquitto and setting all the engine stuff (see
below). But this only gets me the
'Error: Unable to load server key file
"/etc/mosquitto/certs/server.key". Check keyfile.'

My current /etc/ssl/openssl.cnf looks as follows, so maybe this can be a
contribution for an example file:

openssl_conf = default_conf

[default_conf]
ssl_conf = ssl_sect
engines  = engine_section

[engine_section]

tpm = tpm_section

[tpm_section]

engine_id = tpm2
dynamic_path = /usr/lib/arm-linux-gnueabihf/engines-1.1/tpm2tss.so
SET_TCTI = device:/dev/tpmrm0


So I'm getting correct output:
root(a)sun8i:/# openssl engine -c -vvvv -t tpm2tss
(tpm2tss) TPM2-TSS engine for OpenSSL
 [RSA, RAND]
     [ available ]
     SET_OWNERAUTH: Set the password for the owner hierarchy (default none)
          (input flags): STRING
     SET_TCTI: Set the TCTI module and options (default none)
          (input flags): STRING


Just some questions here:
- I take away from this question that I need to modify sourcecode to
  make an engine work with openssl, is this really the case?
- My TPM 2.0 module from Infineon does support elliptic curves, is there
  a way to support this with the engine? Especially in the light of
  recent ROCA vulnerabilities of Infineon modules I'd like to use EC
  instead of RSA if possible. (see soon-to-come separate posting about ROCA)

Oh, and a note on performance: My singleboard "computer" is an OrangePi
zero, 256M RAM, 100M Ethernet, 5x5cm in size (but quad-core :-) so I'm
not worried about performance here, the goal is a proof-of-concept
implementation.

Thanks
Ralf Schlatterbeck
--
Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   http://www.runtux.com
Reichergasse 131, A-3411 Weidling       email: office(a)runtux.com
_______________________________________________
tpm2 mailing list
tpm2(a)lists.01.org
https://lists.01.org/mailman/listinfo/tpm2

Re: [tpm2] tpm2-tss-engine

[Fuchs, Andreas]

[-- Attachment #1: Type: text/plain, Size: 535 bytes --]

> The engine can be loaded simply by calling ENGINE_by_id("tpm2"). If
> it's installed properly you shouldn't need to mess with config files
> etc.
>
> (We did fix the engine name to be consistent with the other
> implementation, so that applications don't need to try both, didn't we?
> Otherwise, apps need to try both "tpm2" and "tpm2-tss" engine names.)

No we did not change the engine name. James never answered and I did
not want to just invade his namespace...
Thus we now have 2 names, tpm2-tss is the TCG-TSS one...

Re: [tpm2] tpm2-tss-engine

[Ralf Schlatterbeck]

[-- Attachment #1: Type: text/plain, Size: 3954 bytes --]

On Wed, Apr 10, 2019 at 05:44:09PM +0000, Roberts, William C wrote:
> > -----Original Message-----
> > From: tpm2 On Behalf Of Ralf Schlatterbeck
> > I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon running on
> > - The key generation examples in the README.md create the private key in
> >   a file on the local filesystem. Isn't the purpose of a
> >   hw-security-module that the key stays inside the device and can't be
> >   extracted? Or am I missing something here?
> 
> That blob of data that gets stored on disk is sealed to that TPM. So
> outside of DOS If someone deletes that keyblob, there's no real way to
> use it to extract the key material Directly from that blob unless they
> break the TPMs crypto mechanism used to protect it.

Thanks, the process of key generation looked too much like the normal
ssl key generation and I didn't look into the key file. It has "BEGIN
TSS2 PRIVATE KEY" which could have told me something had I looked :-)

Shouldn't that be documented in one or two sentences in the README.md?

> > - I'm not familiar with the engine concept of OpenSSL, is there a way to
> >   use the engine with a software that is not engine-aware? In my case
> >   the mosquitto message broker. Or would I have to modify the software?
> 
> I think engines can be loaded via the config file or environment variables.

On Wed, Apr 10, 2019 at 06:54:19PM +0000, Fuchs, Andreas wrote:
> - You can define an openssl.cnf file and env variable. See
>   https://www.openssl.org/docs/man1.1.0/man5/config.html

On Thu, Apr 11, 2019 at 11:46:30AM +0300, David Woodhouse wrote:
> 
> The engine can be loaded simply by calling ENGINE_by_id("tpm2"). If
> it's installed properly you shouldn't need to mess with config files
> etc.

OK I had hoped that simply plugging an engine into the openssl config
would do the trick for me: Openssl should be smart enough to figure out
via the key file that it can/should use an engine to do the work. Oh
well. My naive approach involved configuring the TSS2 PRIVATE KEY file
as the key-file in mosquitto and setting all the engine stuff (see
below). But this only gets me the 
'Error: Unable to load server key file
"/etc/mosquitto/certs/server.key". Check keyfile.'

My current /etc/ssl/openssl.cnf looks as follows, so maybe this can be a
contribution for an example file:

openssl_conf = default_conf

[default_conf]
ssl_conf = ssl_sect
engines  = engine_section

[engine_section]

tpm = tpm_section

[tpm_section]

engine_id = tpm2
dynamic_path = /usr/lib/arm-linux-gnueabihf/engines-1.1/tpm2tss.so
SET_TCTI = device:/dev/tpmrm0


So I'm getting correct output:
root(a)sun8i:/# openssl engine -c -vvvv -t tpm2tss
(tpm2tss) TPM2-TSS engine for OpenSSL
 [RSA, RAND]
     [ available ]
     SET_OWNERAUTH: Set the password for the owner hierarchy (default none)
          (input flags): STRING
     SET_TCTI: Set the TCTI module and options (default none)
          (input flags): STRING


Just some questions here:
- I take away from this question that I need to modify sourcecode to
  make an engine work with openssl, is this really the case?
- My TPM 2.0 module from Infineon does support elliptic curves, is there
  a way to support this with the engine? Especially in the light of
  recent ROCA vulnerabilities of Infineon modules I'd like to use EC
  instead of RSA if possible. (see soon-to-come separate posting about ROCA)

Oh, and a note on performance: My singleboard "computer" is an OrangePi
zero, 256M RAM, 100M Ethernet, 5x5cm in size (but quad-core :-) so I'm
not worried about performance here, the goal is a proof-of-concept
implementation.

Thanks
Ralf Schlatterbeck
-- 
Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   http://www.runtux.com
Reichergasse 131, A-3411 Weidling       email: office(a)runtux.com

Re: [tpm2] tpm2-tss-engine

[Fuchs, Andreas]

[-- Attachment #1: Type: text/plain, Size: 2011 bytes --]

As Bill already said:
- The keys are only known to the TPM and will never be known outside, so they cannot be "stolen" or copied.
   Think of heartbleed or any other hacker break into your system
- You can define an openssl.cnf file and env variable. See https://www.openssl.org/docs/man1.1.0/man5/config.html

P.S. The TPM is much slower than software. So it's not suited for high-load servers, but low-load servers or clients.
(yes, works with client authentication as well)

I now remember that I wanted to provide a openssl.cnf.sample file.
Will add a bug for this.

Cheers,
Andreas
________________________________________
From: tpm2 [tpm2-bounces(a)lists.01.org] on behalf of Ralf Schlatterbeck [rsc(a)runtux.com]
Sent: Wednesday, April 10, 2019 18:27
To: tpm2(a)lists.01.org
Subject: [tpm2] tpm2-tss-engine

I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon
running on an Orange-Pi zero (also a single-board computer a little
smaller than the raspi).
I've successfully built tpm2-tss-engine and have the following questions:
- The key generation examples in the README.md create the private key in
  a file on the local filesystem. Isn't the purpose of a
  hw-security-module that the key stays inside the device and can't be
  extracted? Or am I missing something here? Is there a way to create a
  protected key inside the device in a way that it cannot be extracted?
- I'm not familiar with the engine concept of OpenSSL, is there a way to
  use the engine with a software that is not engine-aware? In my case
  the mosquitto message broker. Or would I have to modify the software?

Thanks
Ralf Schlatterbeck
--
Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   http://www.runtux.com
Reichergasse 131, A-3411 Weidling       email: office(a)runtux.com
_______________________________________________
tpm2 mailing list
tpm2(a)lists.01.org
https://lists.01.org/mailman/listinfo/tpm2

Re: [tpm2] tpm2-tss-engine

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 3448 bytes --]



> -----Original Message-----
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Ralf Schlatterbeck
> Sent: Wednesday, April 10, 2019 9:27 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] tpm2-tss-engine
> 
> I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon running on
> an Orange-Pi zero (also a single-board computer a little smaller than the raspi).
> I've successfully built tpm2-tss-engine and have the following questions:
> - The key generation examples in the README.md create the private key in
>   a file on the local filesystem. Isn't the purpose of a
>   hw-security-module that the key stays inside the device and can't be
>   extracted? Or am I missing something here?

That blob of data that gets stored on disk is sealed to that TPM. So outside of DOS
If someone deletes that keyblob, there's no real way to use it to extract the key material
Directly from that blob unless they break the TPMs crypto mechanism used to protect it.

They could load it if they access to the parent objects authorization value, but wouldn't be
able to use the object without satisfying it's authorization value, but the TPM has dictionary
attack prevention to prevent brute force guessing, so that helps. TPM DA protection requires
the object be created with noDA attribute clear.

Theirs other attributes when creating the object that indicate whether or not the
key can ever be exported from the TPM, not sure if those are being set.

 Is there a way to create a
>   protected key inside the device in a way that it cannot be extracted?

I think you want fixedtpm and fixedparent.

If we look at the ECC key, we see these being set:
        .objectAttributes = (TPMA_OBJECT_USERWITHAUTH |
                             TPMA_OBJECT_SIGN_ENCRYPT |
                             TPMA_OBJECT_FIXEDTPM |
                             TPMA_OBJECT_FIXEDPARENT |
                             TPMA_OBJECT_SENSITIVEDATAORIGIN |
                             TPMA_OBJECT_NODA),
https://github.com/tpm2-software/tpm2-tss-engine/blob/master/src/tpm2-tss-engine-ecc.c#L66

The code is setting NODA which means someone can load up that object, and very slowly brute force
the auth value.

The auth value seems to be the password directly:
src/tpm2-tss-engine-ecc.c:463:        tpm2Data->userauth.size = strlen(password);
src/tpm2-tss-engine-ecc.c:464:        memcpy(&tpm2Data->userauth.buffer[0], password,
src/tpm2-tss-engine-ecc.c:465:               tpm2Data->userauth.size);
https://github.com/tpm2-software/tpm2-tss-engine/blob/master/src/tpm2-tss-engine-common.c#L545

So pick a strong one, not sure why they're not embedding a salt/iters in the PEM file and using a pbkdf routine.

> - I'm not familiar with the engine concept of OpenSSL, is there a way to
>   use the engine with a software that is not engine-aware? In my case
>   the mosquitto message broker. Or would I have to modify the software?

I think engines can be loaded via the config file or environment variables.

> 
> Thanks
> Ralf Schlatterbeck
> --
> Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
> Open Source Consulting                  www:   http://www.runtux.com
> Reichergasse 131, A-3411 Weidling       email: office(a)runtux.com
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2

[tpm2] tpm2-tss-engine

[Ralf Schlatterbeck]

[-- Attachment #1: Type: text/plain, Size: 1045 bytes --]

I'm testing with a TPM-2 module for the Raspberry-Pi from Infineon
running on an Orange-Pi zero (also a single-board computer a little
smaller than the raspi).
I've successfully built tpm2-tss-engine and have the following questions:
- The key generation examples in the README.md create the private key in
  a file on the local filesystem. Isn't the purpose of a
  hw-security-module that the key stays inside the device and can't be
  extracted? Or am I missing something here? Is there a way to create a
  protected key inside the device in a way that it cannot be extracted?
- I'm not familiar with the engine concept of OpenSSL, is there a way to
  use the engine with a software that is not engine-aware? In my case
  the mosquitto message broker. Or would I have to modify the software?

Thanks
Ralf Schlatterbeck
-- 
Dr. Ralf Schlatterbeck                  Tel:   +43/2243/26465-16
Open Source Consulting                  www:   http://www.runtux.com
Reichergasse 131, A-3411 Weidling       email: office(a)runtux.com