From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: trousers-tech@lists.sourceforge.net,
tpmdd-devel@lists.sourceforge.net,
ibmtpm20tss-users@lists.sourceforge.net, openssl-dev@openssl.org
Subject: Re: [tpmdd-devel] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine
Date: Tue, 3 Jan 2017 16:11:26 -0700 [thread overview]
Message-ID: <20170103231126.GE29656@obsidianresearch.com> (raw)
In-Reply-To: <1483224763.2518.24.camel@HansenPartnership.com>
On Sat, Dec 31, 2016 at 02:52:43PM -0800, James Bottomley wrote:
> This patch adds RSA signing for TPM2 keys. There's a limitation to the
> way TPM2 does signing: it must recognise the OID for the signature.
> That fails for the MD5-SHA1 signatures of the TLS/SSL certificate
> verification protocol, so I'm using RSA_Decrypt for both signing
> (encryption) and decryption ... meaning that this only works with TPM
> decryption keys. It is possible to use the prior code, which preserved
> the distinction of signing and decryption keys, but only at the expense
> of not being able to support SSL or TLS lower than 1.2
[Note, I haven't looked closely at TPM2, but TPM1.2 has a concept of
key usage, and I assume that is carried over in the below comments]
I think it is very important to natively support the sign-only key
usage restriction. TPM1.2 goes so far as to declare keys that can be
used for arbitary decrypt as 'legacy do not use'.
IMHO the best way to do this is to look at the sign operation openssl
is trying to do and see if it can be sent down the sign path to the
TPM. Only if that fails should the decrypt path be used.
For TPM1.2 you could create a sign-only key with the
TPM_SS_RSASSAPKCS1v15_DER mode and feed it arbitary NIDs - the TPM did
not check the data to sign, AFAIK.
Ideally the user should be able to setup a sign-only key and the
correct SSL negotiation parameters and have a working system, eg a
sign-only key used with TLS 1.3 and ephemeral keyx should work.
> + /* this is slightly paradoxical that we're doing a Decrypt
> + * operation: the only material difference between decrypt and
> + * encrypt is where the padding is applied or checked, so if
> + * you apply your own padding up to the RSA block size and use
> + * TPM_ALG_NULL, which means no padding check, a decrypt
> + * operation effectively becomes an encrypt */
IIRC this duality is exactly why key usage exists, and why good crypto
practice has been to forbid decrypt/encrypt on the same key.
Jason
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
next prev parent reply other threads:[~2017-01-03 23:11 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-31 22:48 [PATCH 0/1] TPM2 engine support for openssl James Bottomley
2016-12-31 22:52 ` [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine James Bottomley
2017-01-03 23:11 ` Jason Gunthorpe [this message]
[not found] ` <20170103231126.GE29656-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-01-03 23:19 ` Andrey Pronin
2017-01-03 23:22 ` [TrouSerS-tech] " James Bottomley
[not found] ` <1483485776.2464.50.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-03 23:40 ` Jason Gunthorpe
[not found] ` <20170103234053.GA32185-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-01-04 0:17 ` James Bottomley
[not found] ` <1483489026.2464.76.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-04 0:42 ` Jason Gunthorpe
[not found] ` <20170104004217.GA390-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-01-04 18:48 ` add TPM2 version of create_tpm2_key and libtpm2.so engine -> Hash algoritms Kenneth Goldman
[not found] ` <OF69E51003.6475FD35-ON8525809E.00669529-8525809E.0067575C-8eTO7WVQ4XIsd+ienQ86orlN3bxYEBpz@public.gmane.org>
2017-01-04 18:54 ` Jason Gunthorpe
2017-01-04 19:45 ` [Ibmtpm20tss-users] [tpmdd-devel] " James Bottomley
[not found] ` <1483559121.2561.67.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-01-04 20:58 ` [Ibmtpm20tss-users] " Kenneth Goldman
[not found] ` <20170104185434.GA12614-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-01-04 20:55 ` Kenneth Goldman
2017-01-04 12:25 ` [tpmdd-devel] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine Jarkko Sakkinen
2017-01-04 18:05 ` [Ibmtpm20tss-users] [TrouSerS-tech] " Kenneth Goldman
2017-01-10 19:38 ` Ken Goldman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170103231126.GE29656@obsidianresearch.com \
--to=jgunthorpe@obsidianresearch.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ibmtpm20tss-users@lists.sourceforge.net \
--cc=openssl-dev@openssl.org \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=trousers-tech@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.