tpm2-openssl icon indicating copy to clipboard operation
tpm2-openssl copied to clipboard

Published 20 hours ago verified publisher icon tpm2-software

Support description field

Open salrashid123 opened this issue 7 months ago • 0 comments

if the specs alteast here mentions a "description" field which can get encoded into PEM tpm keys:

  • https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html#name-description

However, it looks like that if the key contains that field, the provider fails outright.

this bug is to support reading in keys with that field:

$ openssl version
    OpenSSL 3.0.13 30 Jan 2024 (Library: OpenSSL 3.0.13 30 Jan 2024)

$ cat private.pem 
-----BEGIN TSS2 PRIVATE KEY-----
MIICHAYGZ4EFCgEDoAMBAf+kBgwEZm9vbwIEQAAAAQSCARoBGAABAAsABAByAAAA
EAAUAAsIAAABAAEBAMM+R7HEMaRrnv2Ekhe15UN63VTk4Uvo4uHLumS6sIKM0/l2
0WcJLDvh53zVCx1wYdOgQbGAR/wlU82E5BhFzeMotc03KVeIFffQ2+Aj2qYPSA1X
6kEZ3yGgQnPE/wNQP0gxFh8ZDfSJiSocPLuPMXxOrmuBzKRgqJ+HNe9XFZFx02Sc
cM1A8lH5XvvqxAWvgT+pBEZIjjEf+AlkXS+LdyaSYxRBwriS65UTfYbu5PdDa5ip
/EMZKSpnu+8k8fip5T1K5bbSGGXkt6F3bz7ScO3DUF1p2xPtxRDOG8L2pgeecteu
YwrGsT+PUAQFcg2iSefX7RcwiwEFPWjpbQ/AN0MEgeAA3gAgxm9uFbP9VM3hmiwb
pC0uaZq0/C3raGyPSZkaAJb0LLwAEKxk5HjUkkmnFOZO0t/MqOnYl+9xz1txLT87
pDvUCR6sf3FbQBGvHMV//iu2Nqu7D6+P5hgQiWvqsfxXcX8P9Fz6/2RbrPTLxYB4
jRw4lv8In/kzpTJavgK+CLlgWd5IxVS2lxY6yg8GYKh/7MTNfdwzq2S9jRZoWv8/
e1fthed2sDYTFhTtrWVXbAMCuy2D0NV7gF25jTFs6CLAhL63FI6XHY8cqaV0vOv1
H5TmuZ4cWdKyOagdW/Z+6A==
-----END TSS2 PRIVATE KEY-----

$ openssl asn1parse -inform PEM -in private.pem
    0:d=0  hl=4 l= 540 cons: SEQUENCE          
    4:d=1  hl=2 l=   6 prim: OBJECT            :2.23.133.10.1.3
   12:d=1  hl=2 l=   3 cons: cont [ 0 ]        
   14:d=2  hl=2 l=   1 prim: BOOLEAN           :255
   17:d=1  hl=2 l=   6 cons: cont [ 4 ]        
   19:d=2  hl=2 l=   4 prim: UTF8STRING        :fooo        <<<<<<<<<<<<<<<<<<<<<<<<<<<<<
   25:d=1  hl=2 l=   4 prim: INTEGER           :40000001
   31:d=1  hl=4 l= 282 prim: OCTET STRING      [HEX DUMP]

if you try to read in the key, you'll see

$ openssl rsa -provider tpm2  -provider default -in private.pem --text
Could not read private key from private.pem
40C7EFD7647D0000:error:1608010C:STORE routines:ossl_store_handle_load_result:unsupported:../crypto/store/store_result.c:151:

if you want to generate a new key, i wroteup a small analog for tpm2tss-genkey here in go

salrashid123 avatar Jul 23 '24 09:07 salrashid123