Massimo Gaggiano
2015-02-24 00:22:34 UTC
Hello TrouSerS-users!
I'm running MyFunc_CreatePubKey() from "A practical guide to trusted
computing" with some issues.
I generated an RSA key with "openssl genpkey -algorithm RSA -out key.pem
-pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3".
Then, call openssl_read_key() (from
http://sourceforge.net/p/trousers/openssl_tpm_engine/ci/master/tree/create_tpm_key.c)
to create an RSA object.
Next MyFunc_CreatePubKey(), but the call Tspi_SetAttribData(*hKey,
TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, sizeN, n)
doesn't return and the program terminates with no more output.
CODE:
int main(int argc, char **argv){
RSA *rsa = openssl_read_key("key.pem");
TSS_HKEY hKey;
int padding = RSA_PKCS1_PADDING;
TSS_RESULT ret = MyFunc_CreatePubKey(rsa, padding, &hKey);
DBG("MyFunc_CreatePubKey", ret);
return 0;
}
TSS_RESULT MyFunc_CreatePubKey(RSA *rsa, int padding, TSS_HKEY *hKey){
TSS_FLAG keySize;
UINT32 encScheme, sizeN;
BYTE n[2048];
switch(padding){
case RSA_PKCS1_PADDING:
encScheme = TSS_ES_RSAESPKCSV15;
break;
case RSA_PKCS1_OAEP_PADDING:
encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
break;
case RSA_NO_PADDING:
encScheme = TSS_ES_NONE;
break;
default:
return TSS_E_INTERNAL_ERROR;
break;
}
keySize = get_tss_key_size(RSA_size(rsa)*8)) // 0x300 (TSS_KEY_SIZE_2048)
/* Create the TSS key object */
result=Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_LEGACY | keySize, hKey);
DBG("Create the TSS key object", result);
/* Get the public 'n' value from OpenSSL key */
sizeN = BN_bn2bin(rsa->n, n); // 256
printf("sizeN = BN_bn2bin(rsa->n, n): %d \n", sizeN);
printf("n[]: \n");
printf("-- "); for(int i=0; i < sizeN; i++){ ... printf("%02X ", n[i]);
...}
BN_ULONG value = BN_get_word(rsa->n);
printf("word(rsa->n): %ld \n", value); // -1 !!
/* Set the key's algorithm */
result=Tspi_SetAttribUint32(*hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ALGORITHM, TSS_ALG_RSA);
DBG("Tspi_SetAttribUint32 - key's algorithm", result);
/* Set the key's number of primes */
result=Tspi_SetAttribUint32(*hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_PRIMES, 2);
DBG("Tspi_SetAttribUint32 - key's number of primes", result);
/* Set the key's encryption scheme */
result=Tspi_SetAttribUint32(*hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME, encScheme);
DBG("Tspi_SetAttribUint32 - key's encryption scheme", result);
/* Set the public key data (n) in the TSS object */
result=Tspi_SetAttribData(*hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, sizeN, n);
DBG("Tspi_SetAttribData - 'n' value", result);
printf("RETURN");
return TSS_SUCCESS;
}
OUTPUT:
Success (line 50, MyFunc_CreatePubKey) Create the TSS key object,
returned 0x00000000.
sizeN = BN_bn2bin(rsa->n, n): 256
n[]:
-- D2 BD D6 DE 60 E4 15 D8 6D F9 A1 23 8B ED
31 31 13 9C 80 20 A1 33 A8 35 80 2F DE 17 C6
01 AE B4 9D 14 73 EA 21 23 FF 57 FD 0B 6C 68
4B 23 38 17 59 45 FF 4F 88 5C FE 45 99 72 6A
E6 35 86 63 C3 AB 0E 61 46 21 80 28 63 56 1D
43 C3 3C 6E 36 0F 95 D6 A9 7E D9 C0 91 C4 3A
52 F8 E5 F8 36 CD D9 71 9C E8 CA ED DD 78 D3
ED 34 97 CE B9 24 69 88 27 73 FC C3 8E 49 F0
FE 78 9B B6 C7 87 4F C1 28 2D C8 32 DA 6F 2E
AF 79 74 E3 91 B7 D6 9F 78 4F 12 0B FF 7E 24
DC 18 D4 8F 63 94 79 1D 9B FB CD 14 84 B2 FA
3D 38 B0 88 41 E3 CC E9 A8 A3 71 A0 9C 49 6F
1F 4A 2A F0 55 6A B0 E0 EB 55 B5 D4 84 99 9F
DD 15 2A 70 8E D3 36 7B 6B 5D 10 1F C3 78 5C
2E D6 E1 F5 AC 04 4A C5 6D C4 B5 CB 6C 83 CB
EF 40 C5 CC 5C A5 76 E4 36 F5 C8 0E 3B 37 4E
DE F9 6F 3A 82 28 22 4D 1A 93 C6 06 F0 FA AA
00 8F
word(rsa->n): -1
Success (line 96, MyFunc_CreatePubKey) Tspi_SetAttribUint32 - key's
algorithm, returned 0x00000000.
Success (line 104, MyFunc_CreatePubKey) Tspi_SetAttribUint32 - key's
number of primes, returned 0x00000000.
Success (line 112, MyFunc_CreatePubKey) Tspi_SetAttribUint32 - key's
encryption scheme, returned 0x00000000.
I have some questions:
1) Is 'padding' argument correct?
2) Why does BN_get_word(rsa->n) return -1?
3) Why does not Tspi_SetAttribData() return at all?
Thank you very much for any suggestions,
Max.
I'm running MyFunc_CreatePubKey() from "A practical guide to trusted
computing" with some issues.
I generated an RSA key with "openssl genpkey -algorithm RSA -out key.pem
-pkeyopt rsa_keygen_bits:2048 -pkeyopt rsa_keygen_pubexp:3".
Then, call openssl_read_key() (from
http://sourceforge.net/p/trousers/openssl_tpm_engine/ci/master/tree/create_tpm_key.c)
to create an RSA object.
Next MyFunc_CreatePubKey(), but the call Tspi_SetAttribData(*hKey,
TSS_TSPATTRIB_KEY_BLOB, TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, sizeN, n)
doesn't return and the program terminates with no more output.
CODE:
int main(int argc, char **argv){
RSA *rsa = openssl_read_key("key.pem");
TSS_HKEY hKey;
int padding = RSA_PKCS1_PADDING;
TSS_RESULT ret = MyFunc_CreatePubKey(rsa, padding, &hKey);
DBG("MyFunc_CreatePubKey", ret);
return 0;
}
TSS_RESULT MyFunc_CreatePubKey(RSA *rsa, int padding, TSS_HKEY *hKey){
TSS_FLAG keySize;
UINT32 encScheme, sizeN;
BYTE n[2048];
switch(padding){
case RSA_PKCS1_PADDING:
encScheme = TSS_ES_RSAESPKCSV15;
break;
case RSA_PKCS1_OAEP_PADDING:
encScheme = TSS_ES_RSAESOAEP_SHA1_MGF1;
break;
case RSA_NO_PADDING:
encScheme = TSS_ES_NONE;
break;
default:
return TSS_E_INTERNAL_ERROR;
break;
}
keySize = get_tss_key_size(RSA_size(rsa)*8)) // 0x300 (TSS_KEY_SIZE_2048)
/* Create the TSS key object */
result=Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY,
TSS_KEY_TYPE_LEGACY | keySize, hKey);
DBG("Create the TSS key object", result);
/* Get the public 'n' value from OpenSSL key */
sizeN = BN_bn2bin(rsa->n, n); // 256
printf("sizeN = BN_bn2bin(rsa->n, n): %d \n", sizeN);
printf("n[]: \n");
printf("-- "); for(int i=0; i < sizeN; i++){ ... printf("%02X ", n[i]);
...}
BN_ULONG value = BN_get_word(rsa->n);
printf("word(rsa->n): %ld \n", value); // -1 !!
/* Set the key's algorithm */
result=Tspi_SetAttribUint32(*hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ALGORITHM, TSS_ALG_RSA);
DBG("Tspi_SetAttribUint32 - key's algorithm", result);
/* Set the key's number of primes */
result=Tspi_SetAttribUint32(*hKey, TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_PRIMES, 2);
DBG("Tspi_SetAttribUint32 - key's number of primes", result);
/* Set the key's encryption scheme */
result=Tspi_SetAttribUint32(*hKey, TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_ENCSCHEME, encScheme);
DBG("Tspi_SetAttribUint32 - key's encryption scheme", result);
/* Set the public key data (n) in the TSS object */
result=Tspi_SetAttribData(*hKey, TSS_TSPATTRIB_KEY_BLOB,
TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, sizeN, n);
DBG("Tspi_SetAttribData - 'n' value", result);
printf("RETURN");
return TSS_SUCCESS;
}
OUTPUT:
Success (line 50, MyFunc_CreatePubKey) Create the TSS key object,
returned 0x00000000.
sizeN = BN_bn2bin(rsa->n, n): 256
n[]:
-- D2 BD D6 DE 60 E4 15 D8 6D F9 A1 23 8B ED
31 31 13 9C 80 20 A1 33 A8 35 80 2F DE 17 C6
01 AE B4 9D 14 73 EA 21 23 FF 57 FD 0B 6C 68
4B 23 38 17 59 45 FF 4F 88 5C FE 45 99 72 6A
E6 35 86 63 C3 AB 0E 61 46 21 80 28 63 56 1D
43 C3 3C 6E 36 0F 95 D6 A9 7E D9 C0 91 C4 3A
52 F8 E5 F8 36 CD D9 71 9C E8 CA ED DD 78 D3
ED 34 97 CE B9 24 69 88 27 73 FC C3 8E 49 F0
FE 78 9B B6 C7 87 4F C1 28 2D C8 32 DA 6F 2E
AF 79 74 E3 91 B7 D6 9F 78 4F 12 0B FF 7E 24
DC 18 D4 8F 63 94 79 1D 9B FB CD 14 84 B2 FA
3D 38 B0 88 41 E3 CC E9 A8 A3 71 A0 9C 49 6F
1F 4A 2A F0 55 6A B0 E0 EB 55 B5 D4 84 99 9F
DD 15 2A 70 8E D3 36 7B 6B 5D 10 1F C3 78 5C
2E D6 E1 F5 AC 04 4A C5 6D C4 B5 CB 6C 83 CB
EF 40 C5 CC 5C A5 76 E4 36 F5 C8 0E 3B 37 4E
DE F9 6F 3A 82 28 22 4D 1A 93 C6 06 F0 FA AA
00 8F
word(rsa->n): -1
Success (line 96, MyFunc_CreatePubKey) Tspi_SetAttribUint32 - key's
algorithm, returned 0x00000000.
Success (line 104, MyFunc_CreatePubKey) Tspi_SetAttribUint32 - key's
number of primes, returned 0x00000000.
Success (line 112, MyFunc_CreatePubKey) Tspi_SetAttribUint32 - key's
encryption scheme, returned 0x00000000.
I have some questions:
1) Is 'padding' argument correct?
2) Why does BN_get_word(rsa->n) return -1?
3) Why does not Tspi_SetAttribData() return at all?
Thank you very much for any suggestions,
Max.