tpm2-tools
tpm2-tools copied to clipboard
tpm2-software
tss2_encrypt: ecc not yet supported
When I try to use my signing key for encryption it does not work.
[fansari@bat keys]$ tss2_encrypt -p /P_ECCP256SHA256/HS/SRK/mySigningKey -i data.txt -o data.enc
ERROR:fapi:src/tss2-fapi/api/Fapi_Encrypt.c:332:Fapi_Encrypt_Finish() ErrorCode (0x00060002) ECC Encryption not yet supported
ERROR:fapi:src/tss2-fapi/api/Fapi_Encrypt.c:126:Fapi_Encrypt() ErrorCode (0x00060002) Data_Encrypt
Fapi_Encrypt(0x60002) - fapi:If called functionality isn't implemented
My FAPI uses the ECC profile. How can I do encryption then?
Next test was to create a primary key with RSA and loaded it to the TPM.
But something like this also does not work:
tss2_encrypt -p 0x81000002 -i data.txt -o data.enc
[fansari@bat keys]$ tss2_encrypt -p 0x81000002 -i data.txt -o data.enc
ERROR:fapi:src/tss2-fapi/fapi_util.c:263:init_explicit_key_path() Hierarchy cannot be determined.
ERROR:fapi:src/tss2-fapi/fapi_util.c:556:get_explicit_key_path() init_explicit_key_path ErrorCode (0x0006001d)
ERROR:fapi:src/tss2-fapi/fapi_util.c:1614:ifapi_load_keys_async() Compute explicit path. ErrorCode (0x0006001d)
ERROR:fapi:src/tss2-fapi/api/Fapi_Encrypt.c:290:Fapi_Encrypt_Finish() Load keys. ErrorCode (0x0006001d)
ERROR:fapi:src/tss2-fapi/api/Fapi_Encrypt.c:126:Fapi_Encrypt() ErrorCode (0x0006001d) Data_Encrypt
Fapi_Encrypt(0x6001D) - fapi:The provided path is bad
Next try:
fansari@bat keys]$ tss2_createkey --path="/P_RSA2048SHA256/HS/SRK/myEncryptionKey" --type="noDa"
New password:
Re-enter new password:
ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:515:rel_path_to_abs_path() ErrorCode (0x00060034) FAPI not provisioned for path: P_RSA2048SHA256/HS/SRK/.
ERROR:fapi:src/tss2-fapi/ifapi_keystore.c:582:ifapi_keystore_load_async() ErrorCode (0x00060034) Object P_RSA2048SHA256/HS/SRK/ not found.
ERROR:fapi:src/tss2-fapi/fapi_util.c:1822:ifapi_load_key_finish() ErrorCode (0x00060034) Could not open: P_RSA2048SHA256/HS/SRK/
ERROR:fapi:src/tss2-fapi/fapi_util.c:3385:ifapi_key_create() LoadKey finish ErrorCode (0x00060034)
ERROR:fapi:src/tss2-fapi/api/Fapi_CreateKey.c:283:Fapi_CreateKey_Finish() Key create ErrorCode (0x00060034)
ERROR:fapi:src/tss2-fapi/api/Fapi_CreateKey.c:116:Fapi_CreateKey() ErrorCode (0x00060034) Key_Create
Fapi_CreateKey(0x60034) - fapi:Provisioning was not executed.
Yes - the FAPI is provisioned for ECC. But how can I work with RSA then?
As far as I understood the FAPI can only be provisioned with either ECC or RSA? Or can I somehow do both?
You could run a second provisioning with a rsa config file where the P_RSA2048SHA256 profile is used (The persistent handle in the P_RSA2048SHA256.json has to be adapted if there is already a persistent ecc primary). Example:
alias prsa='TSS2_FAPICONF=/usr/local/etc/tpm2-tss/fapi-config-rsa.json'
prsa tss2_provision
prsa tss2_createkey -p /SRK/mykey -t decrypt
echo secret |prsa tss2_encrypt -p /SRK/mykey -i- -o crypt
prsa tss2_decrypt -p /SRK/mykey -i crypt -o-
This does not work for some reason. I am asked for my endorsement key and if I enter it I get this error message:
[fansari@bat keys]$ ./provision-fapi-rsa.sh
Authorize /P_ECCP256SHA256/HE "Endorsement Hierarchy":
WARNING:esys:src/tss2-esys/api/Esys_EvictControl.c:330:Esys_EvictControl_Finish() Received TPM Error
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:1143:Fapi_Provision_Finish() Evict control failed ErrorCode (0x000009a2)
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:168:Fapi_Provision() ErrorCode (0x000009a2) Provision
Fapi_Provision(0x9A2) - tpm:session(1):authorization failure without DA implications
Why am I asked for a key for P_ECCP256SHA256 when I want to provision P_RSA2048SHA25?
The key is correct. I did several attempts to compare what happens when I enter something wrong:
[fansari@bat keys]$ ./provision-fapi-rsa.sh
Authorize /P_ECCP256SHA256/HE "Endorsement Hierarchy":
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
ERROR:fapi:src/tss2-fapi/fapi_util.c:761:ifapi_init_primary_finish() ErrorCode (0x000009a2) FAPI Provision
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:581:Fapi_Provision_Finish() Init primary finish ErrorCode (0x000009a2)
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:168:Fapi_Provision() ErrorCode (0x000009a2) Provision
Fapi_Provision(0x9A2) - tpm:session(1):authorization failure without DA implications
The result looks similar but in this case there is always one line more.
This is my fapi-config-rsa.json:
[fansari@bat keys]$ cat /usr/local/etc/tpm2-tss/fapi-config-rsa.json
{
"profile_name": "P_RSA2048SHA256",
"profile_dir": "/etc/tpm2-tss/fapi-profiles/",
"user_dir": "~/.local/share/tpm2-tss/user/keystore",
"system_dir": "/var/lib/tpm2-tss/system/keystore",
"tcti": "device:/dev/tpmrm0",
"system_pcrs" : [],
"log_dir" : "/run/tpm2-tss/eventlog/"
}
In /etc/tpm2-tss/fapi-profiles/P_RSA2048SHA256.json I have modified these lines:
"srk_template": "system,restricted,decrypt,0x81000002",
"ek_template": "system,restricted,decrypt,0x81010002",
provision-fapi-rsa.txt P_RSA2048SHA256.txt
@fansari Could you please attach your script ./provision-fapi-rsa.sh and /etc/tpm2-tss/fapi-profiles/P_RSA2048SHA256.json.
I have added them and changed the extensions to ".txt". Uploads with .sh and .json did not work.
@fansari Thank you for the scirpt. During the first provisioning you have assigned an auth value the Endorsement hierarchy. Both EKs (ECC and RSA) are keys under the endorsement hierarchy. /P_ECCP256SHA256/HE and /P_RSA2048SHA256 describe the same hierarchy. So for the creation of the RSA EK you need the auth value from the first provisioning with the ECC profile (--authValueEh) If you do not want do change the auth value you should not use --authValueEh in the second provisioning . Otherwise the new auth value will be needed also for the hierarchy /P_ECCP256SHA256/HE.
If I modify my script and remove these --authValue parameters it behaves same.
Authorize /P_ECCP256SHA256/HE "Endorsement Hierarchy":
WARNING:esys:src/tss2-esys/api/Esys_EvictControl.c:330:Esys_EvictControl_Finish() Received TPM Error
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:1143:Fapi_Provision_Finish() Evict control failed ErrorCode (0x000009a2)
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:168:Fapi_Provision() ErrorCode (0x000009a2) Provision
Fapi_Provision(0x9A2) - tpm:session(1):authorization failure without DA implications
@fansari I could reproduce your error and will create a fix for: https://github.com/tpm2-software/tpm2-tss/issues/2438
As a workaround you could execute the provisioning for the two profiles without auth values for the hierarchies. The auth values for the hierarchies could be changed afterwards.
Or if the auth values for the hierarchies are still used you could set the empty password for /HS:
tss2_changeauth -p /HS
Now the RSA provisioning should work.
`
I have used tss2_changeauth. After this I was able to do the provisioning and to create the RSA key.
But when I try to encrypt something I again get an error message regarding ECC.
[fansari@bat keys]$ ./encrypt-example.sh
ERROR:fapi:src/tss2-fapi/api/Fapi_Encrypt.c:332:Fapi_Encrypt_Finish() ErrorCode (0x00060002) ECC Encryption not yet supported
ERROR:fapi:src/tss2-fapi/api/Fapi_Encrypt.c:126:Fapi_Encrypt() ErrorCode (0x00060002) Data_Encrypt
Fapi_Encrypt(0x60002) - fapi:If called functionality isn't implemented
create-encryption-key.txt encrypt-example.txt
@fansari You should also set TSS2_FAPICONF='/usr/local/etc/tpm2-tss/fapi-config-rsa.json' in create-encryption-key.txt. (Will not be necessary after https://github.com/tpm2-software/tpm2-tss/pull/2435 is merged).
@fansari Did the encryption work after adding TSS2_FAPICONF='/usr/local/etc/tpm2-tss/fapi-config-rsa.json' to create-encryption-key.txt?
Yes - this is working now.
I did another test: I deleted the encryption key and recreated it.
Now I am no longer abe to decrypt the file.
Is this intended?
@fansari Yes that's intended. The private key is stored in the keystore. If you delete the key with tss2_delete the key is lost. Only the primary keys can be recreated.
I am just thinking about the following scenario: you encrypt a file. Now you completey wipe the TPM.
Will you ever be able to decrypt this file?
@fansari It depends on the hierarchy you are using. The storage primary seed of the SRK will be changed after tpm2_clear. So the SRK can't be recreated afterwards. The endorsement primary Seed (EPS) will not be changed by tpm2_clear. So tpm_clear can be used to ensure that no previously generated keys in the storage hierarchy may be used in the future. The endorsement key can be recreated but also keys created under the EK can't be recreated, because they are protected by ehProof which also will be changed when tpm2_clear is executed. The EPS seed will be changed by tpm2_changeeps where you need platform hierarchy authorization. But you should not use this command because the EK could not be recreated appropriate to the EK certificate afterwards. But after the recreation of the primary keys you still need the encrypted keys in the keystore to decypt your files. Example for using Keys after accidental deletion of the key store (requires jq):
echo secret |tss2_createseal -p /SRK/myseal -a "" -i-
user_key_store=$(tss2_getinfo -o-|jq -r ".fapi_config.user_dir")
mkdir /tmp/backup
rsync -uva $user_key_store/ /tmp/backup/
tss2_delete -p /
tss2_provision
rsync -uva /tmp/backup/ $user_key_store/
tss2_unseal -p /SRK/myseal -o-
I have tested this but when I try to reprovision I get error messages:
[fansari@bat setup]$ tss2_provision
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
Authorize /HE "Endorsement Hierarchy":
WARNING:esys:src/tss2-esys/api/Esys_EvictControl.c:330:Esys_EvictControl_Finish() Received TPM Error
@fansari Did you provide the correct password for the endorsement hierarchy? If the first trial for the creation of the EK fails with error BAD_AUTH, FAPI asks for the password of the endorsement hierarchy. The second trial then should work. Example:
$ tss2_delete -p /
$ tss2_provision
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:401:Esys_CreatePrimary_Finish() Received TPM Error
Authorize /HE "Endorsement Hierarchy":
$ tss2_list
/P_ECCP256SHA256/HE/EK:/P_ECCP256SHA256/HE:/P_ECCP256SHA256/LOCKOUT:.....
I have cleared the TPM and started again.
I have setup keys and also the RSA primary key as discussed.
Now trying to delete an reprovision:
tss2_delete -p /
tss2_provision --authValueEh=xxx --authValueSh=xxx --authValueLockout=xxx
WARNING:esys:src/tss2-esys/api/Esys_CreatePrimary.c:400:Esys_CreatePrimary_Finish() Received TPM Error
Authorize /HE "Endorsement Hierarchy":
WARNING:esys:src/tss2-esys/api/Esys_EvictControl.c:330:Esys_EvictControl_Finish() Received TPM Error
Authorize /HS "CreatePrimary":
ERROR:esys:src/tss2-esys/api/Esys_EvictControl.c:286:Esys_EvictControl_Finish() Esys called in bad sequence.
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:1116:Fapi_Provision_Finish() Evict control failed ErrorCode (0x00070007)
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:168:Fapi_Provision() ErrorCode (0x00070007) Provision
Fapi_Provision(0x70007) - esapi:Function called in the wrong order
I am asked for the "Endorsement Hirarchy" - so I enter the corresponding password.
Now there is a new error message regarding "wrong order".
@fansari Perhaps that's still the problem we already dicussed: https://github.com/tpm2-software/tpm2-tss/issues/2438 Did you still use a password for the owner hierarchy?
@fansari During experimenting with FAPI provisioning where trials with authentication are made it makes sense to increase the auth failed counter temporally to avoid coming into the lockout mode:
tpm2_dictionarylockout -Tdevice:/dev/tpmrm0 --setup-parameters --max-tries=9999 --clear-lockout` -p yout_auth_value
I have reprovisioned the TPM and now I try this command:
tpm2_dictionarylockout -Tdevice:/dev/tpmrm0 --setup-parameters --max-tries=9999 --clear-lockout
WARNING:esys:src/tss2-esys/api/Esys_DictionaryAttackLockReset.c:288:Esys_DictionaryAttackLockReset_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_DictionaryAttackLockReset.c:98:Esys_DictionaryAttackLockReset() Esys Finish ErrorCode (0x00000921)
ERROR: Esys_DictionaryAttackLockReset(0x921) - tpm:warn(2.0): authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode
ERROR: Failed DictionaryLockout Reset
WARNING:esys:src/tss2-esys/api/Esys_DictionaryAttackParameters.c:310:Esys_DictionaryAttackParameters_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_DictionaryAttackParameters.c:108:Esys_DictionaryAttackParameters() Esys Finish ErrorCode (0x00000921)
ERROR: Esys_DictionaryAttackParameters(0x921) - tpm:warn(2.0): authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode
ERROR: Failed DictionaryLockout Setup
ERROR: Unable to run tpm2_dictionarylockout
BTW: I noticed that I cannot run tpm2_clear after I have run a provisioning. I always have to do the clear with my BIOS. Can this be related to the error above?
tpm2_clear
WARNING:esys:src/tss2-esys/api/Esys_Clear.c:291:Esys_Clear_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Clear.c:97:Esys_Clear() Esys Finish ErrorCode (0x00000921)
ERROR: Esys_Clear(0x921) - tpm:warn(2.0): authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode
ERROR: Unable to run tpm2_clear
I think the answer is that I have to run this tpm2_dictionarylockout command before I do the provisioning. This works.
Now tpm2_clear gives a different error message:
[fansari@bat provision]$ tpm2_clear
WARNING:esys:src/tss2-esys/api/Esys_Clear.c:291:Esys_Clear_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Clear.c:97:Esys_Clear() Esys Finish ErrorCode (0x0000098e)
ERROR: Esys_Clear(0x98E) - tpm:session(1):the authorization HMAC check failed and DA counter incremented
ERROR: Unable to run tpm2_clear
Well, but after the first attempt I am in lockout mode:
fansari@bat provision]$ tpm2_clear
WARNING:esys:src/tss2-esys/api/Esys_Clear.c:291:Esys_Clear_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Clear.c:97:Esys_Clear() Esys Finish ErrorCode (0x00000921)
ERROR: Esys_Clear(0x921) - tpm:warn(2.0): authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode
ERROR: Unable to run tpm2_clear
@fansari After you have set the lockout auth value by tss2_provision --authValueLockout=xxx you must provide the lockout password: tpm2_clear xxx.
This seems to work - at least I get no error.
But what is the effect? I still see the key list with "tss2_list" and the entries in /var/lib/tpm2-tss are also still there.
When I try to reprovision I get this message:
[fansari@bat provision]$ ./provision-fapi-ecc.sh
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:240:Fapi_Provision_Async() ErrorCode (0x00060035) Profile P_ECCP256SHA256 was already provisioned.
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:151:Fapi_Provision() ErrorCode (0x00060035) Provision
Fapi_Provision(0x60035) - fapi:Already provisioned
I found out now: after a reboot the keys where not usable anymore and I had to reprovision.
So far I could not get around this "wrong order" error. Yes - I use separate passwords for owner, endorsement and lockout.
@fansari This problem should be fixed with https://github.com/tpm2-software/tpm2-tss/pull/2439. As a workaround before provisioning you could temporally clear the auth value of the owner hierarchy before provisioning.
tpm2_changeauth -c o -p your_pwd ""
tss2_provision --authValueSh=your_pwd .....
This has worked. To summarize this: as long as I have a backup of my user keystore I can recreate my keys.
But this is only true as long as I still have my primary keys which are generated when the TPM is privisioned.
If the TPM chip is cleared or defective or I buy a new motherboard with integrated TPM chip: then I cannot use my keys anymore regardless whether they were created under SRK or EK (at least this is what I understood from your comments).
Is it possible to create my own primary key which I can backup and use it for provisioning? Could this be used with a fapi template?
This has worked. To summarize this: as long as I have a backup of my user keystore I can recreate my keys.
But this is only true as long as I still have my primary keys which are generated when the TPM is privisioned.
Yes, as things like tpm2_clear will change the owner hierarchy seed and thus invalidate all keys as you won't be able to re-create the primary key used as the SRK.
If the TPM chip is cleared or defective or I buy a new motherboard with integrated TPM chip: then I cannot use my keys anymore regardless whether they were created under SRK or EK (at least this is what I understood from your comments).
The EK, for all intents and purposes, never changes. So any key under the Endorsement hierarchy continues to work.
Is it possible to create my own primary key which I can backup and use it for provisioning? Could this be used with a fapi template?
If you need keys to survive the lifetime of the SRK, it would be best to import them and back them up elsewhere. In theory, if you have the right attributes so a key can be exported (fixedtpm clear and I think fixedparent clear as well), you can use tpm2-pytss to export a tpm generated key in the clear. But that defeats the point of the TPM. Generally you would just generate a key external to the TPM and import to the TPM rather than generate on the TPM and export for a later import.
I am unsure how exactly this should be done. I found this:
https://github.com/tpm2-software/tpm2-tools/issues/1773
I did these steps:
openssl genrsa -out private.pem 2048
openssl rsa -in private.pem -outform pem -pubout -out public.pem
tpm2_createprimary -C o -g sha256 -G rsa -c primary.ctx
tpm2_import -C primary.ctx -G rsa -i private.pem -u key.pub -r key.priv
tpm2_load -C primary.ctx -u key.pub -r key.priv -c key.ctx
There were no errors up to this point.
Next I did:
tpm2_evictcontrol -C o -c key.ctx 0x81000003 -P xxx
This also worked.
Next I created /usr/local/etc/fapi-confg-rsa_2.json.
{
"profile_name": "P_RSA2048SHA256_2",
"profile_dir": "/etc/tpm2-tss/fapi-profiles/",
"user_dir": "~/.local/share/tpm2-tss/user/keystore",
"system_dir": "/var/lib/tpm2-tss/system/keystore",
"tcti": "device:/dev/tpmrm0",
"system_pcrs" : [],
"log_dir" : "/run/tpm2-tss/eventlog/"
}
In /etc/tpm2-tss/fapi-profiles/P_RSA2048SHA256_2.json I changed the SRK to
"srk_template": "system,restricted,decrypt,0x81000003",
"srk_description": "Storage root key SRK",
"srk_persistent": 1,
"ek_template": "",
"ek_description": "",
Then I tried provisioning the fapi with this:
export TSS2_FAPICONF='/usr/local/etc/tpm2-tss/fapi-config-rsa_2.json'
tss2_provision --authValueSh=xxx --authValueEh=xxx --authValueLockout=xxx
But this gives an error:
Authorize /P_ECCP256SHA256/HE "Endorsement Hierarchy":
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:798:Fapi_Provision_Finish() ErrorCode (0x00060025) No EK certificate found.
ERROR:esys:src/tss2-esys/esys_iutil.c:394:iesys_handle_to_tpm_handle() Error: Esys invalid ESAPI handle (ff).
ERROR:esys:src/tss2-esys/esys_iutil.c:1105:esys_GetResourceObject() Unknown ESYS handle. ErrorCode (0x0007000b)
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:138:Esys_FlushContext_Async() flushHandle unknown. ErrorCode (0x0007000b)
ERROR:esys:src/tss2-esys/api/Esys_FlushContext.c:66:Esys_FlushContext() Error in async function ErrorCode (0x0007000b)
ERROR:fapi:src/tss2-fapi/fapi_util.c:1138:ifapi_session_clean() Cleanup session failed.
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:168:Fapi_Provision() ErrorCode (0x00060025) Provision
Fapi_Provision(0x60025) - fapi:No certificate
@fansari I'm assuming this is an actual TPM and not the simulator right?
@JuergenReppSIT or @AndreasFuchsTPM any ideas on why its complaining on EK cert?