[TrouSerS-users] Verifying a signature using public key from X509 certificate

Discussion:

eye two are

2016-03-08 08:24:06 UTC

I am trying to verify a signature using a public key from an X509
certificate generated with the tpm engine.

What i tried to do is to load the cert from the certificate file into a
X509 type variable using PEM_read_bio_X509 and convert it into an EVP_PKEY
type using X509_get_pubkey.

How do i then convert the EVP_PKEY into a public key usable with the
signature verification function Tspi_Hash_VerifySignature?

This is what i am trying and it does not seem to be working:

UINT32 convertPubKeyToByte(tpmArgs tpm, EVP_PKEY* pkey, BYTE** pkeyByte) {
int modulusLen;
int exponentLen;

BYTE *modulus = malloc(256);
BYTE *exponent = malloc(256);
BYTE *pubKeyByte = NULL;

RSA* rsa;

TSS_HKEY hKey;
TSS_FLAG initFlags;
TSS_RESULT result;

UINT32 pubKeySize;

rsa = EVP_PKEY_get1_RSA(pkey);
modulusLen = BN_bn2bin(rsa->n, (unsigned char*)modulus);
exponentLen = BN_bn2bin(rsa->e, (unsigned char*)exponent);

initFlags = TSS_KEY_TYPE_LEGACY |
TSS_KEY_SIZE_2048 |
TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_MIGRATABLE;

result = Tspi_Context_CreateObject(tpm.hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags,
&hKey);
DBG("Create key object", result);

result = Tspi_SetAttribUint32(hKey,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
PADDING_SCHEME);
DBG("Set the key's padding type", result);

result = Tspi_SetAttribData(hKey,
TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT,
exponentLen,
exponent);
DBG("Set public key exponent", result);

result = Tspi_SetAttribData(hKey,
TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
modulusLen,
modulus);
DBG("Set public key modulus", result);

result = Tspi_Key_LoadKey(hKey, tpm.hSRK);
DBG("Load key into TPM", result);

result = Tspi_Key_GetPubKey(hKey, &pubKeySize, &pubKeyByte);
DBG("Get public key blob", result);

return pubKeySize;
}

The errors i got from the above code are:
Load key into TPM returned 0x00000028. Unsupported key parameters.
Get public key blob returned 0x0000310e. The addressed key is not currently
loaded.

Ken Goldman

2016-03-08 22:42:34 UTC

Permalink

Post by eye two are
I am trying to verify a signature using a public key from an X509
certificate generated with the tpm engine.

I'm not a trousers expert, but I will note that:

1 - TPM 1.2 cannot do signature verification.

2- With TPM 1.2, one cannot load a key unless you have both the public
and (wrapped) private part.

Could #2 be related to your problem?

Tadd Seiff

2016-03-08 23:29:46 UTC

Permalink

TPM 1.2 doesn't verify signatures, but TSS 1.2 does.

Trousers does all of the verification in software via openssl, it's not
using the hardware, so this does make sense.

That said, do you even need to load the key? Maybe you can just leverage
the software? As long as the key you are using meets the PKCSv1.5 criteria.

To address why your key won't load: I'm not sure you can just arbitrarily
create keys and load them, the key must be in the SRK hierarchy. In other
words, the TPM creates keys and TELLS YOU the RSA pub key, no the other way
around.

-Tadd

Post by Ken Goldman

Post by eye two are
I am trying to verify a signature using a public key from an X509
certificate generated with the tpm engine.

1 - TPM 1.2 cannot do signature verification.
2- With TPM 1.2, one cannot load a key unless you have both the public
and (wrapped) private part.
Could #2 be related to your problem?
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

David Challener

2016-03-09 03:19:12 UTC

Permalink

Actually TPM 1.2 *does* verify signatures - but it requires owner auth. You
use one of those CMK commands to do it.
And you *can* load in the public key without loading in the private key to
do it. I have some code around somewhere... I will try to find it
tomorrow....

Post by Tadd Seiff
TPM 1.2 doesn't verify signatures, but TSS 1.2 does.
Trousers does all of the verification in software via openssl, it's not
using the hardware, so this does make sense.
That said, do you even need to load the key? Maybe you can just leverage
the software? As long as the key you are using meets the PKCSv1.5 criteria.
To address why your key won't load: I'm not sure you can just arbitrarily
create keys and load them, the key must be in the SRK hierarchy. In other
words, the TPM creates keys and TELLS YOU the RSA pub key, no the other way
around.
-Tadd

Post by Ken Goldman

Post by eye two are
I am trying to verify a signature using a public key from an X509
certificate generated with the tpm engine.

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

eye two are

2016-03-11 04:27:30 UTC

Permalink

I am not trying to verify the certificate though. I am trying to verify a
message that was signed using the tpm with the private key generated for
the certificate. Is that possible? If so what are the steps required to
verify the message using the certificate?

On Wed, Mar 9, 2016 at 11:19 AM, David Challener <

Post by David Challener
Actually TPM 1.2 *does* verify signatures - but it requires owner auth.
You use one of those CMK commands to do it.
And you *can* load in the public key without loading in the private key to
do it. I have some code around somewhere... I will try to find it
tomorrow....

Post by Ken Goldman

Post by eye two are
I am trying to verify a signature using a public key from an X509
certificate generated with the tpm engine.

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

Dmitri Toubelis

2016-03-11 04:47:56 UTC

Permalink

Same thing - you just extract public key from the certificate and use it to verify signature. You don't need TPM to validate signature and you don't even need TSS - everything can be done in OpenSSL. The key thing to keep in mind is that "verify" == "decrypt_with_public_key" . Here is working example:

gboolean
ak_crypto_verify_sha1_with_rsa (RSA *rsa, gpointer data, gsize data_len, gpointer sig, gsize sig_len)
{
g_return_val_if_fail (rsa != NULL, FALSE);
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (data_len > 0, FALSE);
g_return_val_if_fail (sig != NULL, FALSE);
g_return_val_if_fail (sig_len == 256, FALSE);

gboolean ret = FALSE;

gsize msg_buf_size = 512;
gchar msg_buf[msg_buf_size];

/* calculated digest of the provided data */
guint8 digest_info_der[35] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
SHA1 (data, data_len, &digest_info_der[15]);

/* decrypt signature and remove PKCS#1 v1.5 padding */
guint8 digest[256];
gsize digest_size = RSA_public_decrypt (sig_len, sig, digest, rsa, RSA_PKCS1_PADDING);
if (digest_size == -1) {
ERR_error_string_n (ERR_get_error (), msg_buf, sizeof (msg_buf));
g_critical (G_STRLOC ": %s", msg_buf);
goto done;
}

if (digest_size == sizeof(digest_info_der) && memcmp (digest_info_der, digest, digest_size) == 0) {
ret = TRUE;
}

done:

return ret;
}

----- Original Message -----

Sent: Thursday, March 10, 2016 11:27:30 PM
Subject: Re: [TrouSerS-users] Verifying a signature using public key
from X509 certificate
I am not trying to verify the certificate though. I am trying to
verify a message that was signed using the tpm with the private key
generated for the certificate. Is that possible? If so what are the
steps required to verify the message using the certificate?
On Wed, Mar 9, 2016 at 11:19 AM, David Challener <

Post by David Challener
Actually TPM 1.2 *does* verify signatures - but it requires owner
auth. You use one of those CMK commands to do it.
And you *can* load in the public key without loading in the private
key to do it. I have some code around somewhere... I will try to
find it tomorrow....

Post by Tadd Seiff
TPM 1.2 doesn't verify signatures, but TSS 1.2 does.
Trousers does all of the verification in software via openssl,
it's
not using the hardware, so this does make sense.
That said, do you even need to load the key? Maybe you can just
leverage the software? As long as the key you are using meets the
PKCSv1.5 criteria.
To address why your key won't load: I'm not sure you can just
arbitrarily create keys and load them, the key must be in the SRK
hierarchy. In other words, the TPM creates keys and TELLS YOU the
RSA pub key, no the other way around.
-Tadd

Post by Ken Goldman

Post by eye two are
I am trying to verify a signature using a public key from an X509
certificate generated with the tpm engine.

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

eye two are

2016-03-11 05:24:06 UTC

Permalink

Will it work even if i use Tspi_Hash_Sign to sign my message?

On Fri, Mar 11, 2016 at 12:47 PM, Dmitri Toubelis <

Post by Dmitri Toubelis
Same thing - you just extract public key from the certificate and use it
to verify signature. You don't need TPM to validate signature and you don't
even need TSS - everything can be done in OpenSSL. The key thing to keep in
mind is that "verify" == "decrypt_with_public_key" . Here is working
gboolean
ak_crypto_verify_sha1_with_rsa (RSA *rsa, gpointer data, gsize data_len,
gpointer sig, gsize sig_len)
{
g_return_val_if_fail (rsa != NULL, FALSE);
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (data_len > 0, FALSE);
g_return_val_if_fail (sig != NULL, FALSE);
g_return_val_if_fail (sig_len == 256, FALSE);
gboolean ret = FALSE;
gsize msg_buf_size = 512;
gchar msg_buf[msg_buf_size];
/* calculated digest of the provided data */
guint8 digest_info_der[35] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
SHA1 (data, data_len, &digest_info_der[15]);
/* decrypt signature and remove PKCS#1 v1.5 padding */
guint8 digest[256];
gsize digest_size = RSA_public_decrypt (sig_len, sig, digest, rsa, RSA_PKCS1_PADDING);
if (digest_size == -1) {
ERR_error_string_n (ERR_get_error (), msg_buf, sizeof (msg_buf));
g_critical (G_STRLOC ": %s", msg_buf);
goto done;
}
if (digest_size == sizeof(digest_info_der) && memcmp (digest_info_der,
digest, digest_size) == 0) {
ret = TRUE;
}
return ret;
}
------------------------------
*Sent: *Thursday, March 10, 2016 11:27:30 PM
*Subject: *Re: [TrouSerS-users] Verifying a signature using public key
from X509 certificate
I am not trying to verify the certificate though. I am trying to verify a
message that was signed using the tpm with the private key generated for
the certificate. Is that possible? If so what are the steps required to
verify the message using the certificate?
On Wed, Mar 9, 2016 at 11:19 AM, David Challener <

Post by David Challener
Actually TPM 1.2 *does* verify signatures - but it requires owner auth.
You use one of those CMK commands to do it.
And you *can* load in the public key without loading in the private key
to do it. I have some code around somewhere... I will try to find it
tomorrow....

Post by Tadd Seiff
TPM 1.2 doesn't verify signatures, but TSS 1.2 does.
Trousers does all of the verification in software via openssl, it's not
using the hardware, so this does make sense.
That said, do you even need to load the key? Maybe you can just
leverage the software? As long as the key you are using meets the PKCSv1.5
criteria.
To address why your key won't load: I'm not sure you can just
arbitrarily create keys and load them, the key must be in the SRK
hierarchy. In other words, the TPM creates keys and TELLS YOU the RSA pub
key, no the other way around.
-Tadd

Post by Ken Goldman

Post by eye two are
I am trying to verify a signature using a public key from an X509
certificate generated with the tpm engine.

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

Dmitri Toubelis

2016-03-11 08:22:51 UTC

Permalink

That is the entire purpose of this code - to validate signatures created with TPM on a host that does not have TSS libraries installed. Just make sure that you use consistent padding.

----- Original Message -----

Sent: Friday, March 11, 2016 12:24:06 AM
Subject: Re: [TrouSerS-users] Verifying a signature using public key
from X509 certificate
Will it work even if i use Tspi_Hash_Sign to sign my message?
On Fri, Mar 11, 2016 at 12:47 PM, Dmitri Toubelis <

Post by Dmitri Toubelis
Same thing - you just extract public key from the certificate and
use
it to verify signature. You don't need TPM to validate signature
and
you don't even need TSS - everything can be done in OpenSSL. The
key
thing to keep in mind is that "verify" == "decrypt_with_public_key"
gboolean
ak_crypto_verify_sha1_with_rsa (RSA *rsa, gpointer data, gsize
data_len, gpointer sig, gsize sig_len)
{
g_return_val_if_fail (rsa != NULL, FALSE);
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (data_len > 0, FALSE);
g_return_val_if_fail (sig != NULL, FALSE);
g_return_val_if_fail (sig_len == 256, FALSE);
gboolean ret = FALSE;
gsize msg_buf_size = 512;
gchar msg_buf[msg_buf_size];
/* calculated digest of the provided data */
guint8 digest_info_der[35] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
SHA1 (data, data_len, &digest_info_der[15]);
/* decrypt signature and remove PKCS#1 v1.5 padding */
guint8 digest[256];
gsize digest_size = RSA_public_decrypt (sig_len, sig, digest, rsa, RSA_PKCS1_PADDING);
if (digest_size == -1) {
ERR_error_string_n (ERR_get_error (), msg_buf, sizeof (msg_buf));
g_critical (G_STRLOC ": %s", msg_buf);
goto done;
}
if (digest_size == sizeof(digest_info_der) && memcmp
(digest_info_der, digest, digest_size) == 0) {
ret = TRUE;
}
return ret;
}

Post by David Challener
Actually TPM 1.2 *does* verify signatures - but it requires owner
auth. You use one of those CMK commands to do it.
And you *can* load in the public key without loading in the private
key to do it. I have some code around somewhere... I will try to
find it tomorrow....
On Tue, Mar 8, 2016 at 6:29 PM, Tadd Seiff <

Post by Tadd Seiff
TPM 1.2 doesn't verify signatures, but TSS 1.2 does.
Trousers does all of the verification in software via
openssl,
it's
not using the hardware, so this does make sense.
That said, do you even need to load the key? Maybe you can just
leverage the software? As long as the key you are using meets the
PKCSv1.5 criteria.
To address why your key won't load: I'm not sure you can just
arbitrarily create keys and load them, the key must be in the SRK
hierarchy. In other words, the TPM creates keys and TELLS YOU the
RSA pub key, no the other way around.
-Tadd
On Tue, Mar 8, 2016 at 2:43 PM Ken Goldman <

Post by Ken Goldman

Post by eye two are
I am trying to verify a signature using a public key from
an
X509
certificate generated with the tpm engine.

1 - TPM 1.2 cannot do signature verification.
2- With TPM 1.2, one cannot load a key unless you have both
the
public
and (wrapped) private part.
Could #2 be related to your problem?
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

eye two are

2016-03-11 08:36:23 UTC

Permalink

Alright, i got the verification function to work after changing

guint8 digest_info_der[35] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b,
0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
SHA1 (data, data_len, &digest_info_der[15]);

to

guint8 digest_info_der[20];
SHA1 (data, data_len, &digest_info_der[0]);

However, now i am faced with another issue. Is there a way to use
the Tspi_Data_Bind function using the public key from the certificate?

On Fri, Mar 11, 2016 at 4:22 PM, Dmitri Toubelis <

Post by Dmitri Toubelis
That is the entire purpose of this code - to validate signatures created
with TPM on a host that does not have TSS libraries installed. Just make
sure that you use consistent padding.
------------------------------
*Sent: *Friday, March 11, 2016 12:24:06 AM
*Subject: *Re: [TrouSerS-users] Verifying a signature using public key
from X509 certificate
Will it work even if i use Tspi_Hash_Sign to sign my message?
On Fri, Mar 11, 2016 at 12:47 PM, Dmitri Toubelis <

Post by Dmitri Toubelis
Same thing - you just extract public key from the certificate and use it
to verify signature. You don't need TPM to validate signature and you don't
even need TSS - everything can be done in OpenSSL. The key thing to keep in
mind is that "verify" == "decrypt_with_public_key" . Here is working
gboolean
ak_crypto_verify_sha1_with_rsa (RSA *rsa, gpointer data, gsize data_len,
gpointer sig, gsize sig_len)
{
g_return_val_if_fail (rsa != NULL, FALSE);
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (data_len > 0, FALSE);
g_return_val_if_fail (sig != NULL, FALSE);
g_return_val_if_fail (sig_len == 256, FALSE);
gboolean ret = FALSE;
gsize msg_buf_size = 512;
gchar msg_buf[msg_buf_size];
/* calculated digest of the provided data */
guint8 digest_info_der[35] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
SHA1 (data, data_len, &digest_info_der[15]);
/* decrypt signature and remove PKCS#1 v1.5 padding */
guint8 digest[256];
gsize digest_size = RSA_public_decrypt (sig_len, sig, digest, rsa,
RSA_PKCS1_PADDING);
if (digest_size == -1) {
ERR_error_string_n (ERR_get_error (), msg_buf, sizeof (msg_buf));
g_critical (G_STRLOC ": %s", msg_buf);
goto done;
}
if (digest_size == sizeof(digest_info_der) && memcmp
(digest_info_der, digest, digest_size) == 0) {
ret = TRUE;
}
return ret;
}
------------------------------
*Sent: *Thursday, March 10, 2016 11:27:30 PM
*Subject: *Re: [TrouSerS-users] Verifying a signature using public key
from X509 certificate
I am not trying to verify the certificate though. I am trying to verify a
message that was signed using the tpm with the private key generated for
the certificate. Is that possible? If so what are the steps required to
verify the message using the certificate?
On Wed, Mar 9, 2016 at 11:19 AM, David Challener <

Post by David Challener
Actually TPM 1.2 *does* verify signatures - but it requires owner auth.
You use one of those CMK commands to do it.
And you *can* load in the public key without loading in the private key
to do it. I have some code around somewhere... I will try to find it
tomorrow....

Post by Tadd Seiff
TPM 1.2 doesn't verify signatures, but TSS 1.2 does.
Trousers does all of the verification in software via openssl, it's not
using the hardware, so this does make sense.
That said, do you even need to load the key? Maybe you can just
leverage the software? As long as the key you are using meets the PKCSv1.5
criteria.
To address why your key won't load: I'm not sure you can just
arbitrarily create keys and load them, the key must be in the SRK
hierarchy. In other words, the TPM creates keys and TELLS YOU the RSA pub
key, no the other way around.
-Tadd

Post by Ken Goldman

Post by eye two are
I am trying to verify a signature using a public key from an X509
certificate generated with the tpm engine.

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

Dmitri Toubelis

2016-03-11 14:42:01 UTC

Permalink

Adding this prefix to digest_info_der is required if you are using RSA_PKCS1_PADDING for signature padding. It is just binary representation of ASN.1 encoded values for "SHA1WithRSA" signing algorithm, so if you are not using RSA_PKCS1_PADDING padding for signature then it looks like you don't need this prefix.

----- Original Message -----

Sent: Friday, March 11, 2016 3:36:23 AM
Subject: Re: [TrouSerS-users] Verifying a signature using public key
from X509 certificate
Alright, i got the verification function to work after changing
guint8 digest_info_der[35] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
SHA1 (data, data_len, &digest_info_der[15]);
to
guint8 digest_info_der[20];
SHA1 (data, data_len, &digest_info_der[0]);
However, now i am faced with another issue. Is there a way to use the
Tspi_Data_Bind function using the public key from the certificate?
On Fri, Mar 11, 2016 at 4:22 PM, Dmitri Toubelis <

Post by Dmitri Toubelis
Same thing - you just extract public key from the certificate and
use
it to verify signature. You don't need TPM to validate
signature
and
you don't even need TSS - everything can be done in OpenSSL. The
key
thing to keep in mind is that "verify" ==
"decrypt_with_public_key"
gboolean
ak_crypto_verify_sha1_with_rsa (RSA *rsa, gpointer data, gsize
data_len, gpointer sig, gsize sig_len)
{
g_return_val_if_fail (rsa != NULL, FALSE);
g_return_val_if_fail (data != NULL, FALSE);
g_return_val_if_fail (data_len > 0, FALSE);
g_return_val_if_fail (sig != NULL, FALSE);
g_return_val_if_fail (sig_len == 256, FALSE);
gboolean ret = FALSE;
gsize msg_buf_size = 512;
gchar msg_buf[msg_buf_size];
/* calculated digest of the provided data */
guint8 digest_info_der[35] = {0x30, 0x21, 0x30, 0x09, 0x06, 0x05,
0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14};
SHA1 (data, data_len, &digest_info_der[15]);
/* decrypt signature and remove PKCS#1 v1.5 padding */
guint8 digest[256];
gsize digest_size = RSA_public_decrypt (sig_len, sig, digest, rsa,
RSA_PKCS1_PADDING);
if (digest_size == -1) {
ERR_error_string_n (ERR_get_error (), msg_buf, sizeof
(msg_buf));
g_critical (G_STRLOC ": %s", msg_buf);
goto done;
}
if (digest_size == sizeof(digest_info_der) && memcmp
(digest_info_der, digest, digest_size) == 0) {
ret = TRUE;
}
return ret;
}

Sent: Thursday, March 10, 2016 11:27:30 PM
Subject: Re: [TrouSerS-users] Verifying a signature using
public
key
from X509 certificate
I am not trying to verify the certificate though. I am trying to
verify a message that was signed using the tpm with the
private
key
generated for the certificate. Is that possible? If so what
are
the
steps required to verify the message using the certificate?
On Wed, Mar 9, 2016 at 11:19 AM, David Challener <

Post by David Challener
Actually TPM 1.2 *does* verify signatures - but it requires owner
auth. You use one of those CMK commands to do it.
And you *can* load in the public key without loading in the private
key to do it. I have some code around somewhere... I will
try
to
find it tomorrow....
On Tue, Mar 8, 2016 at 6:29 PM, Tadd Seiff <

Post by Tadd Seiff
TPM 1.2 doesn't verify signatures, but TSS 1.2 does.
Trousers does all of the verification in software via openssl,
it's
not using the hardware, so this does make sense.
That said, do you even need to load the key? Maybe you
can
just
leverage the software? As long as the key you are using
meets
the
PKCSv1.5 criteria.
To address why your key won't load: I'm not sure you can just
arbitrarily create keys and load them, the key must be in
the
SRK
hierarchy. In other words, the TPM creates keys and TELLS
YOU
the
RSA pub key, no the other way around.
-Tadd
On Tue, Mar 8, 2016 at 2:43 PM Ken Goldman <

Post by Ken Goldman

Post by eye two are
I am trying to verify a signature using a public key from
an
X509
certificate generated with the tpm engine.

1 - TPM 1.2 cannot do signature verification.
2- With TPM 1.2, one cannot load a key unless you have both
the
public
and (wrapped) private part.
Could #2 be related to your problem?
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

Ken Goldman

2016-03-11 14:33:07 UTC

Permalink

If you're signing using the standard padding and OID, that low level
code can be replaced by:

int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

Ken Goldman

2016-03-09 14:11:37 UTC

Permalink

I'm not sure you can just arbitrarily create keys and load them, the
key must be in the SRK hierarchy. In other words, the TPM creates
keys and TELLS YOU the RSA pub key, no the other way around.

You can create keys externally and load them. You have to wrap/encrypt
the private part with the parent (e.g. SRK) public key.

I don't know if trousers supports it.

Dmitri Toubelis

2016-03-09 00:49:46 UTC

Permalink

You don't need access to TPM at all in order to verify the signature or encrypt. Everything can be done by OpenSSL alone and you only require TPM to sign and decrypt. I think even internally trousers uses OpenSSL when verifying signatures. So, just treat the certificate signed with TPM engine as any other certificate. Here is snippet from one of my libraries:

static gboolean
_verify (AkCryptoX509Ctx *ctx, X509 *cert, gchar *expected_subject_ou, gpointer pub_key, gsize *pub_key_size)
{
gboolean ret = FALSE;

X509_STORE_CTX *store_ctx = NULL;
EVP_PKEY *evp_pkey;
RSA *rsa;
gint x;

gint crit;
gint ext_idx;

store_ctx = X509_STORE_CTX_new ();
if (!store_ctx) {
g_critical (G_STRLOC ": Failed to create a certificate store context.");
goto done;
}

if (!X509_STORE_CTX_init (store_ctx, ctx->x509_store, cert, 0)) {
g_critical (G_STRLOC ": Failed to initialize a certificate store context.");
goto done;
}

/* verify the certificate */
x = X509_verify_cert (store_ctx);

/* cleanup as soon as possible */
X509_STORE_CTX_cleanup (store_ctx);

if (x <= 0) {
g_critical (G_STRLOC ": %s", X509_verify_cert_error_string (store_ctx->error));
goto done;
}

...

after that point I verify specific certificate attributes but as certificate validation concerns - you are done.

----- Original Message -----

Sent: Tuesday, March 8, 2016 3:24:06 AM
Subject: [TrouSerS-users] Verifying a signature using public key from
X509 certificate
I am trying to verify a signature using a public key from an X509
certificate generated with the tpm engine.
What i tried to do is to load the cert from the certificate file into
a X509 type variable using PEM_read_bio_X509 and convert it into an
EVP_PKEY type using X509_get_pubkey.
How do i then convert the EVP_PKEY into a public key usable with the
signature verification function Tspi_Hash_VerifySignature?
UINT32 convertPubKeyToByte(tpmArgs tpm, EVP_PKEY* pkey, BYTE**
pkeyByte) {
int modulusLen;
int exponentLen;
BYTE *modulus = malloc(256);
BYTE *exponent = malloc(256);
BYTE *pubKeyByte = NULL;
RSA* rsa;
TSS_HKEY hKey;
TSS_FLAG initFlags;
TSS_RESULT result;
UINT32 pubKeySize;
rsa = EVP_PKEY_get1_RSA(pkey);
modulusLen = BN_bn2bin(rsa->n, (unsigned char*)modulus);
exponentLen = BN_bn2bin(rsa->e, (unsigned char*)exponent);
initFlags = TSS_KEY_TYPE_LEGACY |
TSS_KEY_SIZE_2048 |
TSS_KEY_NO_AUTHORIZATION |
TSS_KEY_MIGRATABLE;
result = Tspi_Context_CreateObject(tpm.hContext,
TSS_OBJECT_TYPE_RSAKEY,
initFlags,
&hKey);
DBG("Create key object", result);
result = Tspi_SetAttribUint32(hKey,
TSS_TSPATTRIB_KEY_INFO,
TSS_TSPATTRIB_KEYINFO_SIGSCHEME,
PADDING_SCHEME);
DBG("Set the key's padding type", result);
result = Tspi_SetAttribData(hKey,
TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_EXPONENT,
exponentLen,
exponent);
DBG("Set public key exponent", result);
result = Tspi_SetAttribData(hKey,
TSS_TSPATTRIB_RSAKEY_INFO,
TSS_TSPATTRIB_KEYINFO_RSA_MODULUS,
modulusLen,
modulus);
DBG("Set public key modulus", result);
result = Tspi_Key_LoadKey(hKey, tpm.hSRK);
DBG("Load key into TPM", result);
result = Tspi_Key_GetPubKey(hKey, &pubKeySize, &pubKeyByte);
DBG("Get public key blob", result);
return pubKeySize;
}
Load key into TPM returned 0x00000028. Unsupported key parameters.
Get public key blob returned 0x0000310e. The addressed key is not
currently loaded.
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
TrouSerS-users mailing list
https://lists.sourceforge.net/lists/listinfo/trousers-users

Continue reading on narkive:

Search results for '[TrouSerS-users] Verifying a signature using public key from X509 certificate' (Questions and Answers)

replies

what is an SSL certificate and what is it used for?

started 2008-05-21 08:59:23 UTC

security

replies

What is the difference between digital signature and digital certificate?

started 2007-11-18 04:38:22 UTC

security

replies

What is the difference between an SSL and a digital certificate?