Re: [TrouSerS-tech] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

[Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>]

On Tue, Jan 03, 2017 at 03:22:56PM -0800, James Bottomley wrote:
> > I think it is very important to natively support the sign-only key
> > usage restriction. TPM1.2 goes so far as to declare keys that can be
> > used for arbitary decrypt as 'legacy do not use'.
> > 
> > IMHO the best way to do this is to look at the sign operation openssl
> > is trying to do and see if it can be sent down the sign path to the
> > TPM. Only if that fails should the decrypt path be used.
> 
> The problem is the MD5-SHA1 signature of SSL and TLS < v1.2.   This
> cannot be performed by the TPM because it's not listed as a supported
> signature, so the choice is either to deprecate these protocols (not
> really viable since they're in wide use in old websites) or use decrypt
> to do the signatures.  Once we get to the point of having to use
> decrypt, there's no reason to preserve the signing distinction since we
> never know when a key will be used to decrypt or sign.

I'm not disputing your analysis, just remarking that it seem very
undesirable to ban *all* sign-only keys just to support a single
legacy SSL configuration.

This is why I suggest looking at the sign being requested and using
the sign path if it is *possible*, otherwise requiring a key with the
broader key usage.

Not everything is SSL - openssh uses these routines too and it should
be able to use the sign only key type without a limitation?

Jason

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot