Discussion:
[TrouSerS-users] TPM's generated public key usage on openssl
Promila Jangra
2017-04-11 05:03:22 UTC
Permalink
Hello all

I am doing an activity based using TPM 1.2 and openssl.
First, I'll generate signature using TPM and after that verify the same
using opnssl.
But there is issue regarding the key compatibility between TPM and openssl.
I want to use TPM generated public key to verify the signature through
openssl.

Do anybody have an idea about the usage of TPM generated public key to
perform any operation on openssl
--
Thanks & Regards

Promila Jangra
Ken Goldman
2017-04-11 13:35:57 UTC
Permalink
Post by Promila Jangra
Hello all
I am doing an activity based using TPM 1.2 and openssl.
First, I'll generate signature using TPM and after that verify the same
using openssl.
But there is issue regarding the key compatibility between TPM and
openssl. I want to use TPM generated public key to verify the signature
through openssl.
Do anybody have an idea about the usage of TPM generated public key to
perform any operation on openssl
It's certainly possible, but a bit messy. You have to use the TPM
public key as a binary array, plus the default exponent, to construct an
openssl "RSA" key token.

It's a bit different for openssl 1.0 and 1.1, and for TPM 1.2 and TPM
2.0, but I can point you to sample code if this post isn't enough.
Promila Jangra
2017-04-12 08:46:13 UTC
Permalink
Hello Ken

Thank you for responding. I also implement the same and posting the code
below. But still I got wrong verification result. RSA_verify API return
zero for the same input signature verification. Please correct me if I am
doing something wrong. If you have sample code then share the same.

To get the TPM public key modulus and exponent-
result=Tspi_Key_CreateKey(hSigning_Key,hSRK,0);

result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &pubKeyModulusLen, &pubKeyModulus);

result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &pubKeyExponentLen, &pubKeyExponent);

To construct the RSA key pair using opnessl:
RSA *rsa = RSA_new();
rsa->e = BN_bin2bn(pubKeyExponent, pubKeyExponentLen, rsa->e);
rsa->n = BN_bin2bn(pubKeyModulus, pubKeyModulusLen, rsa->n);

SHA1(data, strlen(data)+1, hash);

ret = RSA_verify(NID_sha1, hash, SHA256_DIGEST_LENGTH,
signature,signatureLength, rsa);
Post by Ken Goldman
Post by Promila Jangra
Hello all
I am doing an activity based using TPM 1.2 and openssl.
First, I'll generate signature using TPM and after that verify the same
using openssl.
But there is issue regarding the key compatibility between TPM and
openssl. I want to use TPM generated public key to verify the signature
through openssl.
Do anybody have an idea about the usage of TPM generated public key to
perform any operation on openssl
It's certainly possible, but a bit messy. You have to use the TPM
public key as a binary array, plus the default exponent, to construct an
openssl "RSA" key token.
It's a bit different for openssl 1.0 and 1.1, and for TPM 1.2 and TPM
2.0, but I can point you to sample code if this post isn't enough.
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users
--
Thanks & Regards

Promila Jangra
Ken Goldman
2017-04-12 14:21:20 UTC
Permalink
A few inline comments. However, I am not a TSS expert. Does someone
have a better idea?

Also, if you're stuck, bisecting the problem helps debug.

Rather than use RSA_verify, do a raw public key encrypt. If you see
PKCS1 padding, the OID, and a hash, then the keys are correct but the
hash on the sign and verify don't match. If you see random numbers,
than the public and private keys don't match.
Post by Promila Jangra
Hello Ken
Thank you for responding. I also implement the same and posting the code
below. But still I got wrong verification result. RSA_verify API return
zero for the same input signature verification. Please correct me if I
am doing something wrong. If you have sample code then share the same.
To get the TPM public key modulus and exponent-
result=Tspi_Key_CreateKey(hSigning_Key,hSRK,0);
result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &pubKeyModulusLen, &pubKeyModulus);
I assume that this is correct. Perhaps check that the length is 256,
that it's bytes, not bits.
Post by Promila Jangra
result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &pubKeyExponentLen, &pubKeyExponent);
Does this return 0 (the TPM default) or 0x10001. You may have to map
from the default to the actual value.
Post by Promila Jangra
RSA *rsa = RSA_new();
rsa->e = BN_bin2bn(pubKeyExponent, pubKeyExponentLen, rsa->e);
rsa->n = BN_bin2bn(pubKeyModulus, pubKeyModulusLen, rsa->n);
I'm not sure that RSA_new allocates the e and n bignums. Perhaps try
passing in NULL to the BN-bin2bn functions.
Post by Promila Jangra
SHA1(data, strlen(data)+1, hash);
ret = RSA_verify(NID_sha1, hash, SHA256_DIGEST_LENGTH,
signature,signatureLength, rsa);
It is odd that you create a SHA-1 hash and then say its a SHA-256 length.
Promila Jangra
2017-04-21 06:34:00 UTC
Permalink
Hello

Thank you for inputs. Now its working properly. There was a problem due to
wrong hash length parameter. Mistakenly, I have used that.

Changes that I have done -
ret = RSA_verify(NID_sha1,hash, SHA_DIGEST_LENGTH,
signature,signatureLength, rsa);
A few inline comments. However, I am not a TSS expert. Does someone have
a better idea?
Also, if you're stuck, bisecting the problem helps debug.
Rather than use RSA_verify, do a raw public key encrypt. If you see
PKCS1 padding, the OID, and a hash, then the keys are correct but the hash
on the sign and verify don't match. If you see random numbers, than the
public and private keys don't match.
Post by Promila Jangra
Hello Ken
Thank you for responding. I also implement the same and posting the code
below. But still I got wrong verification result. RSA_verify API return
zero for the same input signature verification. Please correct me if I
am doing something wrong. If you have sample code then share the same.
To get the TPM public key modulus and exponent-
result=Tspi_Key_CreateKey(hSigning_Key,hSRK,0);
result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, &pubKeyModulusLen, &pubKeyModulus);
I assume that this is correct. Perhaps check that the length is 256, that
it's bytes, not bits.
result = Tspi_GetAttribData(hSigning_Key, TSS_TSPATTRIB_RSAKEY_INFO,
Post by Promila Jangra
TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT, &pubKeyExponentLen, &pubKeyExponent);
Does this return 0 (the TPM default) or 0x10001. You may have to map from
the default to the actual value.
Post by Promila Jangra
RSA *rsa = RSA_new();
rsa->e = BN_bin2bn(pubKeyExponent, pubKeyExponentLen, rsa->e);
rsa->n = BN_bin2bn(pubKeyModulus, pubKeyModulusLen, rsa->n);
I'm not sure that RSA_new allocates the e and n bignums. Perhaps try
passing in NULL to the BN-bin2bn functions.
SHA1(data, strlen(data)+1, hash);
Post by Promila Jangra
ret = RSA_verify(NID_sha1, hash, SHA256_DIGEST_LENGTH,
signature,signatureLength, rsa);
It is odd that you create a SHA-1 hash and then say its a SHA-256 length.
--
Thanks & Regards

Promila Jangra
James Bottomley
2017-04-12 14:57:58 UTC
Permalink
Post by Promila Jangra
Hello all
I am doing an activity based using TPM 1.2 and openssl.
First, I'll generate signature using TPM and after that verify the
same using opnssl.
But there is issue regarding the key compatibility between TPM and openssl.
I want to use TPM generated public key to verify the signature
through openssl.
Do anybody have an idea about the usage of TPM generated public key
to perform any operation on openssl
create_tpm_key from this repository does it:

https://sourceforge.net/p/trousers/openssl_tpm_engine/ci/master/tree/

I've verified (a year ago now) that the keys it creates are usable by
openssl (the public key decrypts what the private key encrypts).

James
Loading...