From: Joseph Lee (ZeronsoftN) <joseph at zeronsoftn.com>
To: tpm2@lists.01.org
Subject: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?
Date: Mon, 02 Aug 2021 03:33:27 +0000 [thread overview]
Message-ID: <em88323757-8498-4647-824b-92f556741c1a@desktop-hihridj> (raw)
In-Reply-To: embc50f58e-9f9d-4b11-8f71-8ebc3d052ec0@desktop-hihridj
[-- Attachment #1: Type: text/plain, Size: 4482 bytes --]
Hi Dimi,
Sorry to bother you. By installing the latest version of tpm2-tools,
encrypted communication is possible.
Seal/unseal was possible as shown below.
But I have one question. How can I detect if a MITM attack occurs during
the seal/unseal process? After establishing a session, is there any way
to get the EK certificate of that session?
It seems that the tpm2_getekcertificate command can only get
certificates created via the createek command. I'd like to know if the
TPM I've made a session with is genuine.
Seal:
> tpm2_createprimary -c prim.ctx
> tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
> tpm2_create -Q -g sha256 -u seal.pub -r seal.priv -i temp.key -C
prim.ctx -S sess.ctx
> tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
seal.ctx
> tpm2_evictcontrol -C o -c seal.ctx 0x81010001
> tpm2_flushcontext sess.ctx
Unseal:
> tpm2_startauthsession --hmac-session -c prim.ctx -S sess.ctx
> tpm2_unseal -c seal.ctx -S sess.ctx -o out.key
> tpm2_flushcontext sess.ctx
Thanks & Regards,
Joseph
------ Original Message ------
보낸 사람: "Joseph Lee (ZeronsoftN)" <joseph(a)zeronsoftn.com>
받는 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>; "tpm2(a)lists.01.org"
<tpm2(a)lists.01.org>
보낸 날짜: 2021-08-02 오전 6:27:36
제목: [tpm2] Re: Is the tpm2_create command safe against sniffing attacks?
>Hi Dimi,
>
>Thank you for your kind answer. Looking at the link you gave, I think I
>can get more ideas.
>
>I've been trying session encryption via tpm2-tools all weekend.
>But I haven't found a way to create an encrypted session in tpm2-tools
>yet. Maybe tpm2-tools doesn't support encrypted sessions?
>
>If this is clear, I will implement parameter encryption through
>tpm2-tools with referring to wolfTPM.
>
>Thanks & Regards,
>Joseph
>
>------ Original Message ------
>보낸 사람: "Dimitar Tomov" <dimi(a)designfirst.ee>
>받는 사람: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>; "Joseph Lee
>(ZeronsoftN)" <joseph(a)zeronsoftn.com>
>보낸 날짜: 2021-08-02 오전 4:33:02
>제목: [tpm2] Re: Is the tpm2_create command safe against sniffing
>attacks?
>
>>Hi Joseph,
>>
>>TPM 2.0 offers Parameter Encryption capability and HMAC sessions as
>>measures against Man-in-the-middle attacks
>>
>>Examples in wolfTPM demonstrate how to enable Parameter Encryption
>>
>>
>>https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>>
>>There is also Keygen , Key import and Key loading examples with
>>Parameter Encryption
>>
>>https://github.com/wolfSSL/wolfTPM/blob/b0a65e44b8a25be88b2f9ff4e35fbf08360e5d01/examples/nvram/store.c#L121
>>
>>Last week we discussed the Dolos Group story about a stolen laptop
>>with TPM https://developers.tpm.dev/posts/15883726
>>
>>If Parameter Encryption and HMAC session have been used, this story
>>would have developed differently.
>>
>>Hope this helps.
>>
>>Dimi
>>--
>>Founder of TPM.dev
>>
>>--------------------------------------------------------------------------------
>>From: Joseph Lee (ZeronsoftN) <joseph(a)zeronsoftncom
>><mailto:joseph(a)zeronsoftn.com>>
>>Sent: Saturday, July 31, 2021 2:09 AM
>>To:tpm2(a)lists.01.org <tpm2(a)lists.01.org>
>>Subject: [tpm2] Is the tpm2_create command safe against sniffing
>>attacks?
>>
>>Hello,
>>
>>https://pulsesecurity.co.nz/articles/TPM-sniffing
>>In this article, can see that communication with the TPM is vulnerable
>>to sniffing if not careful.
>>
>>https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
>>Is the disk encryption described in tpm2-software's blog safe against
>>these attacks?
>>
>>tpm2_createprimary -Q -C o -c prim.ctx
>>dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g
>>sha256 -u seal.pub -r seal.priv -i- -C prim.ctx
>>tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
>>seal.ctx
>>tpm2_evictcontrol -C o -c seal.ctx 0x81010001
>>
>>My question is:
>> 1. Is there a tool in linux that can sniff communication with the
>>current system's TPM?
>> 2. How to encrypt communications if the methods described above
>>are not secure?
>> It seems that encryption is possible through
>>tpm2_startauthsession , but I do not know how to apply it to
>>tpm2_create . (The -S option simply did not work.)
>>
>>Thank you.
>>
>>
>>
>>
>
>
>
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 13019 bytes --]
next reply other threads:[~2021-08-02 3:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-02 3:33 Joseph Lee [this message]
-- strict thread matches above, loose matches on Subject: below --
2021-08-02 22:41 [tpm2] Re: Is the tpm2_create command safe against sniffing attacks? joseph
2021-08-02 18:58 Kenneth Goldman
2021-08-02 17:26 Steven Clark
2021-08-01 21:27 Joseph Lee
2021-08-01 19:33 Dimitar Tomov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=em88323757-8498-4647-824b-92f556741c1a@desktop-hihridj \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.