Possible TPM uses in fprintd/libfprint
by Benjamin Berg
Hi,
I was wondering if someone has ideas about integrating the TPM with
Fingerprint readers.
Recently I started looking into supporting Secure Device Connection
Protocol (SDCP, [1]) in libfprint. The general idea is to verify that
the Fingerprint reader can be trusted, but I initially also imagined
that further use-cases like unsealing data in a TPM may be possible
(e.g. to retrieve disk encryption keys).
However, looking into it more, my current conclusion is that there is
little to no advantage to use the TPM. At least not unless one also has
a trusted (userspace) program which is capable of signing TPM
authorizations. One could easily offload the required parts into a
small helper, but that may require ensuring it runs in a trusted
execution environment.
Microsoft seems to run relevant parts as trustlets that are walled off
from the rest of the system. That seems sensible to me, but it also
means requiring all the infrastructure for execution and signing and I
doubt that is feasible currently.
Right now I'll probably go the way of not using the TPM at all. But I
am really not an expert for this. So should someone see scenarios where
a TPM is actually helpful in this context, then I would like to hear
about them.
Benjamin
PS: A quick summary of how SDCP works:
* Device has a private ECC key that signs the firmware and ephemeral
keys during boot (and is inaccessible afterwards)
* A certificate proofs that this key was provisioned in factory
* Device builds a shared secret with the host (s)
* Device sends id, HMAC_SHA256(s, "identify" || nonce || id)
when the finger "id" was presented.
* The HMAC proofs knowledge of the shared secret and authorizes the
print.
[1] https://github.com/microsoft/SecureDeviceConnectionProtocol/wiki/Secure-D...
1 week, 5 days
[RC] tpm2-pytss 1.0.0-rc1
by Roberts, William C
Hello,
I am pleased to announce the release of the tpm2-pytss (python bindings and utilities) version 1.0.0 RC 1 with the following CHANGELOG over RC0:
## [1.0.0-rc1] - 2022-01-10
### Fixed:
- Misspellings in Code on things like RuntimeError.
- Fix documentation of ESAPI methods and exceptions.
- Double ESAPI.Close call resulting in "Esys_Finalize() Finalizing NULL context."
- type hint for verify_signature was an int, should be a str.
- Parent cdata memory being freed when no parent reference. This causes sub-field references to parent cdata to
be invalid.
- in util method unwrap, fix variable `encdupsens` does not exist, it is `decsens` instead.
### Changed:
- Renamed ESAPI.set_auth to ESAPI.tr_set_auth for consistenency.
- Use None over 0 for default auth_handle.
### Added:
- Check for bad type enum type in ESAPI.load_blob.
- Support for deprecation of `TPM2_RH_PW` in tpm2-tss with proper TPM2_RS_PW attribute.
The release can be found here:
- https://pypi.org/project/tpm2-pytss/1.0.0rc1/
Sorry for the long delay on this RC period, we wanted to make sure we got as much bugs and broken things before the
1.0 release to help minimize breaking changes in the future.
Thanks,
Bill
1 week, 5 days
Calculating name of created AK- server side
by kuba.michal.n@gmail.com
Hello!
I would like to know if it is possible to calculate name of AK generated by host on a remote server? I have read about remote attestation. To ensure the AK matches EK we have to make credential using name of the AK. To achieve this we have to either:
a) calculate name of the AK on server
b) receive name of the AK from host and believe it's a name for a proper AK
Am I missing something?
I have searched for explanation in docs posted on TCG's site, but I just can't find anything useful for nameAlg.
I would be thankful for any help or advice :D
2 weeks, 1 day
[RELEASE CANDIDATE] tpm2-pytss 1.1.0-rc0
by Roberts, William C
Hello,
I would like to announce the release of tpm2-pytss version 1.1.0-rc0 which can be found on pypi at:
- https://pypi.org/project/tpm2-pytss/1.1.0rc0/
With the following CHANGELOG:
## 1.1.0-rc0 - 2022-03-14
### Fixed
- Spelling of "Enhanced" in CHANGELOG for 1.0.0 release.
- Ensure that TPM2_GENERATED.VALUE is encoded the same way as other constants.
- Add support to unmarshal simple TPM2B types (such as TPM2B_ATTEST and TPM2B_NAME) directly using the
unmarshal method
### Changed
- Drop pkgconfig from runtime dependencies, thus no longer need dev packages of built bindings at runtime.
- NOTE: Version information is cached, a change in the TSS libraries requires a rebuild of the bindings.
### Added
- Support session contexts from tpm2-tools as well as function to marshal context to tpm2-tools format.
- Support two new encoding/decoding classes to go to/from hex or json representation of objects.
- Support for creating EK from templates and optionally NV index based templates.
- Binding to `Esys_TR_GetTpmHandle` as `ESAPI` method `tr_get_tpm_handle`.
Thanks,
Bill
1 month
Re: {External} Re: OpenSSL 3 and tpm2 provider... / openssl cms
by Petr Gotthard
Thanks. The issue is related to the KDF parameters. The CMS wants to get/set a number of KDF related parameters, which are not (yet) supported by the tpm2-provider. I will try to fix this in the coming days.
Petr
______________________________________________________________
> Od: "Sievert, James" <james.sievert(a)bsci.com>
> Komu: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
> Datum: 28.04.2022 18:34
> Předmět: [tpm2] Re: {External} Re: OpenSSL 3 and tpm2 provider... / openssl cms
>
>> Could you please build tpm2-openssl with "./configure --enable-debug"?
>
>Here ya go:
>
>$ openssl cms -encrypt -provider tpm2 -provider default -in file.txt -recip signer.pem -aes128
>PROVIDER INIT
>RAND NEW
>RAND NEW
>RAND GET_CTX_PARAMS [ max_request ]
>RAND GENERATE
>EC NEW
>EC IMPORT [ point-format encoding group pub priv point-format group-check use-cofactor-flag ]
>KEYEXCH NEW
>KEYEXCH INIT
>RAND NEW
>RAND GET_CTX_PARAMS [ max_request ]
>RAND GENERATE
>RAND GET_CTX_PARAMS [ max_request ]
>RAND GENERATE
>400CF680FA7F0000:error:17000074:CMS routines:cms_EnvelopedData_Encryption_init_bio:error setting recipientinfo:../crypto/cms/cms_env.c:1142:
>400CF680FA7F0000:error:17000068:CMS routines:CMS_final:cms lib:../crypto/cms/cms_smime.c:881:
>KEYEXCH FREE
>EC FREE
>RAND FREE
>RAND FREE
>RAND FREE
>PROVIDER TEARDOWN
2 months
Re: {External} Re: OpenSSL 3 and tpm2 provider... / openssl cms
by Petr Gotthard
I have no idea, unfortunately. I don't think the tpm was invoked, because there is no error message from the tpm libraries. It feels more like if openssl had not the right fields populated.
Could you please build tpm2-openssl with "./configure --enable-debug"? The openssl commands will then print tracing information about TPM functions being called. This could give us some indication on what could be wrong.
Another idea: Could you send me (privately) the "signer.pem"? If it fails on my machine as well it will be easier to track and fix.
Petr
______________________________________________________________
> Od: "Sievert, James" <james.sievert(a)bsci.com>
> Komu: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
> Datum: 28.04.2022 17:46
> Předmět: [tpm2] Re: {External} Re: OpenSSL 3 and tpm2 provider... / openssl cms
>
>Actually here the error is different:
>
>bsci@ip-10-132-42-225:~$ openssl cms -encrypt -provider tpm2 -provider default -in file.txt -recip handle:0x01000013 -aes128
>409CFA23377F0000:error:17000074:CMS routines:cms_EnvelopedData_Encryption_init_bio:error setting recipientinfo:../crypto/cms/cms_env.c:1142:
>409CFA23377F0000:error:17000068:CMS routines:CMS_final:cms lib:../crypto/cms/cms_smime.c:881:
>
>I was thinking that perhaps the cert. didn't permit encryption, so I read handle 0x01000013 into a file -- signer.pem and took the tpm2 provider completely out of the picture:
>
>$ openssl cms -encrypt -in file.txt -recip signer.pem -aes128 -out file.cipher -outform der
>
>This works. So, it doesn't seem to be a problem with the recipient certificate. I also tried this essentially making no _explicit_ use of the tpm2, but specifying the provider anyway:
>
>$ openssl cms -encrypt -provider tpm2 -provider default -in file.txt -recip signer.pem -aes128
>40BCDCB85F7F0000:error:17000074:CMS routines:cms_EnvelopedData_Encryption_init_bio:error setting recipientinfo:../crypto/cms/cms_env.c:1142:
>40BCDCB85F7F0000:error:17000068:CMS routines:CMS_final:cms lib:../crypto/cms/cms_smime.c:881:
>
>For this encryption, there's a DH operation taking place under the covers to come up with an encryption key. I'm thinking the TPM might be coming into play for that?
>
>-----Original Message-----
>From: Petr Gotthard <petr.gotthard(a)centrum.cz>
>Sent: Thursday, April 28, 2022 11:11 AM
>To: Sievert, James <james.sievert(a)bsci.com>; tpm2(a)lists.01.org
>Subject: Re: [tpm2] Re: {External} Re: OpenSSL 3 and tpm2 provider... / openssl cms
>
>>I also tried this:
>>
>>openssl cms -encrypt -provider tpm2 -provider base -propquery ?provider=tpm2,tpm2.cipher!=yes -in file.txt -recip handle:0x01000013 -aes128
>>
>>Same result...
>
>That should work as well. Have you tried "-provider default" instead of "-provider base"?
>
>Openssl should be able to combine algorithms from different providers and the tpm2-openssl provider announces to openssl only those algorithms that are supported by the tpm2 chip itself. The only tricky bit is when the same algorithm is implemented twice, which is not your case... yet ;-).
>
>
>Petr
>_______________________________________________
>tpm2 mailing list -- tpm2(a)lists.01.org
>To unsubscribe send an email to tpm2-leave(a)lists.01.org
>%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
>
>
2 months
Re: {External} Re: OpenSSL 3 and tpm2 provider... / openssl cms
by Petr Gotthard
>I also tried this:
>
>openssl cms -encrypt -provider tpm2 -provider base -propquery ?provider=tpm2,tpm2.cipher!=yes -in file.txt -recip handle:0x01000013 -aes128
>
>Same result...
That should work as well. Have you tried "-provider default" instead of "-provider base"?
Openssl should be able to combine algorithms from different providers and the tpm2-openssl provider announces to openssl only those algorithms that are supported by the tpm2 chip itself. The only tricky bit is when the same algorithm is implemented twice, which is not your case... yet ;-).
Petr
2 months
Re: {External} Re: OpenSSL 3 and tpm2 provider... / openssl cms
by Petr Gotthard
>CMS encryption fails as follows:
>
>$ openssl cms -encrypt -provider tpm2 -provider base -in file.txt -recip handle:0x01000013
>WARNING:esys:src/tss2-esys/api/Esys_CreateLoaded.c:368:Esys_CreateLoaded_Finish() Received TPM Error
>ERROR:esys:src/tss2-esys/api/Esys_CreateLoaded.c:129:Esys_CreateLoaded() Esys Finish ErrorCode (0x000b0143)
>40FCFCC0017F0000:error:4000000B:tpm2::cannot create key::-1:721219 rmt:error(2.0): command code not supported
>
>This looks like https://github.com/tpm2-software/tpm2-openssl/issues/29.
> For my use case, support for TPMs without the CreateLoaded command will be essential. My machines have an OPTIGA TPM2.
The CreateLoaded issue should be fixed now (in the latest master branch).
Petr
2 months
Re: {External} Re: OpenSSL 3 and TPM 2 vendor certs in NVRAM...
by Petr Gotthard
James,
there were some bugs in the NV processing and certificate parsing. Thank you for reporting them.
Everything should be fixed in the latest master branch. Please check if there are any issues.
Petr
______________________________________________________________
> Od: "Sievert, James" <james.sievert(a)bsci.com>
> Komu: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
> Datum: 27.04.2022 19:33
> Předmět: [tpm2] Re: {External} Re: OpenSSL 3 and TPM 2 vendor certs in NVRAM...
>
>They are DER format.
>
>-----Original Message-----
>From: Petr Gotthard <petr.gotthard(a)centrum.cz>
>Sent: Wednesday, April 27, 2022 1:31 PM
>To: tpm2(a)lists.01.org
>Subject: {External} [tpm2] Re: OpenSSL 3 and TPM 2 vendor certs in NVRAM...
>
>Hi James,
>
>Loading certs from NV was also not tested and apparently doesn't work either.
>https://github.com/tpm2-software/tpm2-openssl/issues/35
>
>Please-- could you retrieve your cert from the NV and let me know whether it is DER (binary) or PEM (textual with -----BEGIN CERTIFICATE----- lines)?
>
>
>Petr
>______________________________________________________________
>> Od: "Sievert, James" <james.sievert(a)bsci.com>
>> Komu: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
>> Datum: 26.04.2022 15:18
>> Předmět: [tpm2] OpenSSL 3 and TPM 2 vendor certs in NVRAM...
>>
>>Hi,
>>
>>
>>The TPM vendor has internal certificates stored at 0x1c0000a and 0x1c00002:
>>
>>
>>0x1c00002:
>>
>> name:
>> 000bec00c657a4e2724101954c2c9d51ddd45c825c3997ec0786c3afeb0f7fca3ec7
>> hash algorithm:
>> friendly: sha256
>> value: 0xB
>> attributes:
>> friendly: ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
>> value: 0x1200762
>> size: 1177
>>
>>0x1c0000a:
>> name:
>>000b2571404112c8aae1cde797c438d921093fc89b74d44564c25c296aaa26a6f041
>> hash algorithm:
>> friendly: sha256
>> value: 0xB
>> attributes:
>> friendly: ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
>> value: 0x1200762
>> size: 781
>>
>>I cannot retrieve them using openssl x509:
>>
>>$ openssl x509 -provider tpm2 -provider default -in handle:0x1c0000a
>>WARNING:esys:src/tss2-esys/api/Esys_NV_Read.c:315:Esys_NV_Read_Finish()
>>Received TPM Error
>>ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:105:Esys_NV_Read() Esys
>>Finish ErrorCode (0x00000095) Could not read certificate from
>>handle:0x1c0000a 405C04A14E7F0000:error:4000000C:tpm2::cannot load
>>key::-1:149 tpm:handle(unk):structure is the wrong size Unable to load
>>certificate
>>
>>$ openssl x509 -provider tpm2 -provider default -in handle:0x1c00002
>>WARNING:esys:src/tss2-esys/api/Esys_NV_Read.c:315:Esys_NV_Read_Finish()
>>Received TPM Error
>>ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:105:Esys_NV_Read() Esys
>>Finish ErrorCode (0x00000095) Could not read certificate from
>>handle:0x1c00002 40DC7060527F0000:error:4000000C:tpm2::cannot load
>>key::-1:149 tpm:handle(unk):structure is the wrong size Unable to load
>>certificate
>>
>>This does work; however:
>>
>>bsci@ip-10-132-42-225:~/test$ tpm2_nvread -C p -s 781 0x1c0000a
>>|openssl x509 -in /dev/stdin -inform der -noout -text
>>Certificate:
>> Data:
>> Version: 3 (0x2)
>> Serial Number: 756297432 (0x2d142ed8)
>> Signature Algorithm: ecdsa-with-SHA256
>> Issuer: C = DE, O = Infineon Technologies AG, OU = OPTIGA(TM) TPM2.0, CN = Infineon OPTIGA(TM) ECC Manufacturing CA 029
>> Validity
>> Not Before: Sep 29 02:49:58 2021 GMT
>> Not After : Sep 29 02:49:58 2036 GMT
>> ...
>>
>>
>>Thanks.
2 months
Re: OpenSSL 3 and TPM 2 vendor certs in NVRAM...
by Petr Gotthard
Hi James,
Loading certs from NV was also not tested and apparently doesn't work either.
https://github.com/tpm2-software/tpm2-openssl/issues/35
Please-- could you retrieve your cert from the NV and let me know whether it is DER (binary) or PEM (textual with -----BEGIN CERTIFICATE----- lines)?
Petr
______________________________________________________________
> Od: "Sievert, James" <james.sievert(a)bsci.com>
> Komu: "tpm2(a)lists.01.org" <tpm2(a)lists.01.org>
> Datum: 26.04.2022 15:18
> Předmět: [tpm2] OpenSSL 3 and TPM 2 vendor certs in NVRAM...
>
>Hi,
>
>
>The TPM vendor has internal certificates stored at 0x1c0000a and 0x1c00002:
>
>
>0x1c00002:
>
> name: 000bec00c657a4e2724101954c2c9d51ddd45c825c3997ec0786c3afeb0f7fca3ec7
> hash algorithm:
> friendly: sha256
> value: 0xB
> attributes:
> friendly: ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
> value: 0x1200762
> size: 1177
>
>0x1c0000a:
> name: 000b2571404112c8aae1cde797c438d921093fc89b74d44564c25c296aaa26a6f041
> hash algorithm:
> friendly: sha256
> value: 0xB
> attributes:
> friendly: ppwrite|writedefine|ppread|ownerread|authread|no_da|written|platformcreate
> value: 0x1200762
> size: 781
>
>I cannot retrieve them using openssl x509:
>
>$ openssl x509 -provider tpm2 -provider default -in handle:0x1c0000a
>WARNING:esys:src/tss2-esys/api/Esys_NV_Read.c:315:Esys_NV_Read_Finish() Received TPM Error
>ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:105:Esys_NV_Read() Esys Finish ErrorCode (0x00000095)
>Could not read certificate from handle:0x1c0000a
>405C04A14E7F0000:error:4000000C:tpm2::cannot load key::-1:149 tpm:handle(unk):structure is the wrong size
>Unable to load certificate
>
>$ openssl x509 -provider tpm2 -provider default -in handle:0x1c00002
>WARNING:esys:src/tss2-esys/api/Esys_NV_Read.c:315:Esys_NV_Read_Finish() Received TPM Error
>ERROR:esys:src/tss2-esys/api/Esys_NV_Read.c:105:Esys_NV_Read() Esys Finish ErrorCode (0x00000095)
>Could not read certificate from handle:0x1c00002
>40DC7060527F0000:error:4000000C:tpm2::cannot load key::-1:149 tpm:handle(unk):structure is the wrong size
>Unable to load certificate
>
>This does work; however:
>
>bsci@ip-10-132-42-225:~/test$ tpm2_nvread -C p -s 781 0x1c0000a |openssl x509 -in /dev/stdin -inform der -noout -text
>Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number: 756297432 (0x2d142ed8)
> Signature Algorithm: ecdsa-with-SHA256
> Issuer: C = DE, O = Infineon Technologies AG, OU = OPTIGA(TM) TPM2.0, CN = Infineon OPTIGA(TM) ECC Manufacturing CA 029
> Validity
> Not Before: Sep 29 02:49:58 2021 GMT
> Not After : Sep 29 02:49:58 2036 GMT
> ...
>
>
>Thanks.
>
>
>----------
>
>_______________________________________________
>tpm2 mailing list -- tpm2(a)lists.01.org
>To unsubscribe send an email to tpm2-leave(a)lists.01.org
>%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
>
>
2 months, 1 week
