[SOLVED] tpm2_import is modifying the keyid of my private key.

avertyr · 05-13-2022, 07:24 AM

Hello,

i am trying to use TPM 2.0 device and StrongSwan 5.9.6. I had to recompil StrongSwan to have desired options.

>> systemctl restart strongswan
May 13 11:51:39 00[LIB] loaded plugins: charon-systemd tpm aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs12 pgp dnskey sshkey pem pkcs8 fips-prf gmp curve25519 xcbc cmac hmac kdf drbg attr kernel-netlink resolve socket-default stroke vici updown xauth-generic counters
May 13 11:51:39 00[JOB] spawning 16 worker threads
May 13 11:51:39 01[PTS] TPM 2.0 via TSS2 v2 available
May 13 11:51:39 01[PTS] encryption algorithm is AES-CFB with 128 bits
May 13 11:51:39 01[CFG] loaded RSA private key from token
May 13 11:51:39 11[PTS] TPM 2.0 via TSS2 v2 available
May 13 11:51:39 11[LIB] loaded certificate from TPM NV index 0x01800004
May 13 11:51:39 11[CFG] id not specified, defaulting to cert subject 'C=FR, O=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, OU=0002 12000601000025, CN=poste-YYYYY'

>> swanctl --initiate --child host
[IKE] initiating Main Mode IKE_SA connection1[1] to 192.168.42.254
[IKE] no private key found for 'C=FR, O=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, OU=0002 12000601000025, CN=poste-YYYYY'
[CFG] configuration uses unsupported authentication
initiate failed: establishing CHILD_SA 'host' failed

>> swanctl --list-certs
List of X.509 End Entity Certificates

subject: "C=FR, O=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, OU=0002 12000601000025, CN=itineo-0334991"
issuer: "C=FAC_DEVNG_INFRASTRUCTURE/AC_DEVNG_INFRASTRUCTURER, O=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, CN=AC DEV INFRA,"
validity: not before Mar 24 13:44:22 2022, ok
not after Mar 24 13:44:22 2023, ok (expires in 315 days)
serial: 08:28
flags:
CRL URIs: http://www.google.fr/my.crl
certificatePolicies:
1.2.250.1.214.69.3.1.1.21.1
authkeyId: c4:52:c7:7c:40:41:b9:eb:ab:db:df:f4:b7:be:f7:b2:bf:61:57:a0
subjkeyId: f8:4e:a2:ae:5c:3a:1b:40:7a:6a:19:04:38:32:05:62:db:f0:d5:9e
pubkey: RSA 2048 bits
keyid: 42:e7:94:da:9b:07:40:01:8e:40:e5:51:35:fc:10:da:8f:2c:61:3b
subjkey: f8:4e:a2:ae:5c:3a:1b:40:7a:6a:19:04:38:32:05:62:db:f0:d5:9e

------------------------------------
The key id needed starts with 42:e7
------------------------------------

The private key was imported into the TPM 2.0 device :

>> tpm2_createprimary -Q -G rsa -g sha256 -C o -c parent.ctx
>> tpm2_import -G rsa -g sha256 -i ${PRIVATE_PEM} -C parent.ctx -u import_rsa_key.pub -r import_rsa_key.priv

When i look at the key stored :

>> pki --print --keyid 0x81000001 --type priv
TPM 2.0 via TSS2 v2 available
encryption algorithm is AES-CFB with 128 bits
privkey: RSA 2048 bits
keyid: b3:ca:e7:cf:c4:c3:f9:37:0f:d5:85:b1:44:8e:68:fb:6d:eb:bc:a3
subjkey: c1:d1:31:8c:fc:69:31:26:a2:73:21:d2:d0:d9:a1:f1:b5:e5:55:9d

key id starts with b3:ca ??

>> pki --print --type priv --in ${PRIVATE_PEM}
privkey: RSA 2048 bits
keyid: 42:e7:94:da:9b:07:40:01:8e:40:e5:51:35:fc:10:da:8f:2c:61:3b
subjkey: f8:4e:a2:ae:5c:3a:1b:40:7a:6a:19:04:38:32:05:62:db:f0:d5:9e

In the first case we saw a key with bad keyid. When key is taken from file the keyid is good and is equal to the certificate key id

I am surely doing something wrong. Any help will be appreciated.

Thx

ecdsa · 05-16-2022, 05:34 AM

Quote:

Originally Posted by avertyr

>> pki --print --keyid 0x81000001 --type priv
TPM 2.0 via TSS2 v2 available
encryption algorithm is AES-CFB with 128 bits
privkey: RSA 2048 bits
keyid: b3:ca:e7:cf:c4:c3:f9:37:0f:d5:85:b1:44:8e:68:fb:6d:eb:bc:a3
subjkey: c1:d1:31:8c:fc:69:31:26:a2:73:21:d2:d0:d9:a1:f1:b5:e5:55:9d

key id starts with b3:ca ??

I think 0x81000001 is the reserved handle for the SRK. Your imported key will be stored under a different handle. The strongSwan docs also feature a tutorial that uses persistent attestation keys generated directly on the TPM2 for authentication.

avertyr · 05-17-2022, 03:27 AM

Thank you ecdsa for reply.

"I think 0x81000001 is the reserved handle for the SRK. Your imported key will be stored under a different handle."

Have you any idea where i can find the handle if 0x81000001 is not the correct handle

For your information i have to use a certificate and a private key computed outside de TPM 2.0 device

Thanks

ecdsa · 05-17-2022, 04:12 AM

Quote:

Originally Posted by avertyr

Have you any idea where i can find the handle if 0x81000001 is not the correct handle

You might actually have to use tp2m_load and tpm2_evictcontrol to load the key into the TPM and make the object persistent under a specific handle. Something like this:

Code:

tpm2_load -C primary.ctx -u import_rsa_key.pub -r import_rsa_key.priv -c key.ctx
tpm2_evictcontrol -C o -c key.ctx -

With - the first available handle should get used (not sure if the command prints it or you have to get it via tpm2_getcap handles-persistent), a specific handle, like 0x81010002, could be used too.

avertyr · 05-18-2022, 02:47 AM

Hello ecdsa,

i try :
tpm2_load -V -C primary.ctx -u ${PUBLIC_DER} -r ${PRIVATE_DER} -c key.ctx
tpm2_evictcontrol -C o -c key.ctx -

got :
ERROR on line: "143" in file: "lib/files.c": File "keys/0334991.cert.der" size is larger than buffer, got 1345 expected less than or equal to 616
ERROR on line: "259" in file: "tools/tpm2_tool.c": Unable to run tpm2_load
ERROR: Incorrect handle value, got: "key.ctx", expected expected [o|p|e|n|l] or a handle number
ERROR: Cannot make sense of object context "key.ctx"
ERROR:esys:src/tss2-esys/esys_tr.c:356:Esys_TR_Close() Error: Esys handle does not exist (70018).
ERROR: Esys_TR_Close(0x70018) - esapi:The ESYS_TR resource object is bad
ERROR: Unable to run tpm2_evictcontrol

Is there a problem with my keys format ?

keys/0334991.cert.der which i use as pub key is 1345
the private key is 1192 in der format

Thank you for help

ecdsa · 05-18-2022, 03:19 AM

Quote:

Originally Posted by avertyr

Is there a problem with my keys format ?

keys/0334991.cert.der which i use as pub key is 1345
the private key is 1192 in der format

Did you run the other two commands, too? Are the keys you passed to tpm2_load the ones generated by tpm2_import?

avertyr · 05-18-2022, 04:23 AM

ecdsa,

no didn't pass the result to tpm2_load.

Now i do it, and it seems to work.

My StrongSwan is retreiving key.

Got other problem with my swanctl.conf....

Thank you so much !!

avertyr · 05-18-2022, 07:05 AM

The solution :
tpm2_createprimary -Q -G rsa -g sha256 -C o -c parent.ctx
tpm2_import -G rsa -g sha256 -i ${PRIVATE_PEM} -C parent.ctx -u import_rsa_key.pub -r import_rsa_key.priv
tpm2_load -V -C parent.ctx -u import_rsa_key.pub -r import_rsa_key.priv -c key.ctx
tpm2_evictcontrol -C o -c key.ctx 0x81000002

avertyr · 05-18-2022, 08:22 AM

Ecdsa,

please can you have a look at :

After creating the key as you show me, and launching StrongSwan i have this message during loading of private key :

May 18 15:10:34 15[PTS] TPM 2.0 via TSS2 v2 available
May 18 15:10:34 15[PTS] signature algorithm is NULL with ERROR hash
May 18 15:10:34 15[PTS] encryption algorithm is NULL-ERROR with 0 bits
May 18 15:10:34 15[CFG] loaded RSA private key from token
May 18 15:10:35 07[PTS] TPM 2.0 via TSS2 v2 available
May 18 15:10:35 07[LIB] loaded certificate from TPM NV index 0x01800004

And during the IKE negociation, i have :

TPM 2.0 - unknown hash algorithm not supported by TPM

... then failed.

Have you got any idea ?

Thanks

ecdsa · 05-18-2022, 08:59 AM

Quote:

Originally Posted by avertyr

May 18 15:10:34 15[PTS] signature algorithm is NULL with ERROR hash

AFAIK, the signature key must be associated with a signature scheme explicitly (e.g. RSASSA with SHA256). Try using -G rsa2048:rsassa-sha256 for tpm2_import instead of just rsa.

avertyr · 05-19-2022, 01:53 AM

Hello,

I tried :
tpm2_createprimary -Q -G rsa2048 -g sha256 -C o -c parent.ctx

this first command is OK

then :
tpm2_import -G rsa2048:rsassa-sha256 -i ${PRIVATE_PEM} -C parent.ctx -u import_rsa_key.pub -r import_rsa_key.priv

that command return :
ERROR: Unsupported key type

I tried many combination with no luck. Is there some special parameters to set at tpm2_createprimary. Maybe i had to set some attributes at tpm2_import ?

Regards

ecdsa · 05-19-2022, 03:09 AM

Quote:

Originally Posted by avertyr

Is there some special parameters to set at tpm2_createprimary.

I guess you could try the same syntax with that command.

Quote:

Originally Posted by avertyr

Maybe i had to set some attributes at tpm2_import ?

That's what the previous suggestion intended. Unlike tpm2_createak the tpm2_import command does not have a --signing-algorithm argument. I hoped it was possible to use the above syntax as a workaround. Not sure if that's a limitation of the command or of the underlying TPM2 specs. But it probably means you can currently use strongSwan only with AKs generated directly on the TPM (see the tutorial I linked before).

avertyr · 05-19-2022, 03:44 AM

I upgraded my tpm2-tools to 5.2

And the command succeeded

But when I start StrongSwan (and initiate) i saw again :

TPM 2.0 via TSS2 v2 available
May 19 10:18:51 01[PTS] signature algorithm is NULL with ERROR hash
May 19 10:18:51 01[CFG] loaded RSA private key from token
May 19 10:18:51 07[PTS] TPM 2.0 via TSS2 v2 available
May 19 10:18:51 07[LIB] loaded certificate from TPM NV index 0x01800004
<.....>
May 19 10:20:17 10[PTS] <clientXXXXXX|2> TPM 2.0 - unknown hash algorithm not supported by TPM
May 19 10:20:17 10[IKE] <clientXXXXXX|2> authentication of 'C=FR, O=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, OU=0002 12000601000025, CN=poste-XXXXXX' (myself) failed
May 19 10:20:17 10[ENC] <clientXXXXXX|2> generating INFORMATIONAL_V1 request 829531216 [ HASH N(AUTH_FAILED) ]
May 19 10:20:17 10[NET] <clientXXXXXX|2> sending packet: from 172.16.40.134[4500] to 192.168.42.254[4500] (108 bytes)

>> pki --print --type priv --keyid 0x81000002

TPM 2.0 via TSS2 v2 available
signature algorithm is NULL with ERROR hash
privkey: RSA 2048 bits
keyid: 42:e7:94:da:9b:07:40:01:8e:40:e5:51:35:fc:10:da:8f:2c:61:3b
subjkey: f8:4e:a2:ae:5c:3a:1b:40:7a:6a:19:04:38:32:05:62:db:f0:d5:9e

Regards

ecdsa · 05-19-2022, 04:08 AM

Quote:

Originally Posted by avertyr

I upgraded my tpm2-tools to 5.2

And the command succeeded

Which command are you referring to? It doesn't look like the signature algorithm was actually set (the authentication will not work until pki --print reports a signature scheme, see the output here). Did you remove the old key before running all the commands again?

avertyr · 05-19-2022, 04:21 AM

Currently commands are :

>> tpm2_createprimary -Q -G rsa2048 -g sha256 -C o -c parent.ctx
--> no error msg

>> tpm2_import -G rsa2048:rsassa-sha256 -g sha256 -i ${PRIVATE_PEM} -C parent.ctx -u import_rsa_key.pub -r import_rsa_key.priv
-->
name-alg:
value: sha256
raw: 0xb
attributes:
value: userwithauth|sign
raw: 0x40040
type:
value: rsa
raw: 0x1
exponent: 65537
bits: 2048
scheme:
value: null
raw: 0x10
scheme-halg:
value: null
raw: 0x10
sym-alg:
value: null
raw: 0x10
sym-mode:
value: null
raw: 0x10
sym-keybits: 0
rsa: a9736ca8d04e2ace23d48c5deedf243226920eb862f32b35cc72e005eb4c65dfc1c03a8c201d6526ebd7fba705624d9b8a4d 8d2b6850762ff1f9e4005aaa60b512c01a6b2bfeec915cabf840ba6944a0a5d80d822dfcd3f86ac27032878bd029f669c446 1c70713d87c420fa3dea5bb2b8f9cedd2802ce98cf7b5fc1dab7b46feb6b723af292c9fe4cef04844869cfde8352a9b06272 a3040e2340535d50428ab5d515b6465a0c8c82c83560f901edb0a62053f4d8db5c361e828b6ec9a6491382106a2ec08381f1 2c23bd5fa837f4031f36c6958449f7e47643c83059e80682d8022a5e454c104fc9d3a24cea44bd31e1c3e7d0fa42a9abcb1d 684381cf39e5

>>tpm2_load -C parent.ctx -u import_rsa_key.pub -r import_rsa_key.priv -c key.ctx
--> name: 000b8127ce5ee0fc29441054465aa2a75cff09105ea66eba81b55a8b4f83d23368cd

tpm2_evictcontrol -C o -c key.ctx 0x81000002
--> persistent-handle: 0x81000002
action: persisted

So no execution errors

but when i try pki --print --type priv --keyid 0x81000002
-->
TPM 2.0 via TSS2 v2 available
signature algorithm is NULL with ERROR hash
privkey: RSA 2048 bits
keyid: 42:e7:94:da:9b:07:40:01:8e:40:e5:51:35:fc:10:da:8f:2c:61:3b
subjkey: f8:4e:a2:ae:5c:3a:1b:40:7a:6a:19:04:38:32:05:62:db:f0:d5:9e

Regards