Hi Nelson, we have these patches as well as others queued up for inclusion in the next release.
Kent On Fri, Mar 4, 2011 at 5:47 PM, Nelson Araujo <[email protected]> wrote: > Kent, > We exercised the latest patch and everything looks great. We believe this > latest patch works fine. What is the process for committing it into the > tree? > Regards, > Nelson Araujo > Software Engineer > Google > > > On Wed, Mar 2, 2011 at 11:55 AM, Nelson Araujo <[email protected]> > wrote: >> >> Sorry for the delayed response. We will be testing the patch no later than >> this weekend and get back if it works in all scenarios. >> >> Best regards, >> -- Nelson >> >> >> On Thu, Jan 20, 2011 at 1:56 PM, Kent Yoder <[email protected]> wrote: >>> >>> On Thu, 2011-01-20 at 13:45 -0800, Nelson Araujo wrote: >>> > Sounds like a good plan to me. >>> > >>> > >>> > Is there any reason you have an extra byte "0" in the public exponent >>> > array? If you don't I suggest removing as for 65537 exponent a buffer >>> > with 3 bytes would be enough (if the app knows what's dealing with) >>> > and having it with 4 will fail with buffer too small. >>> >>> Nope, no reason, I can change that. >>> >>> Kent >>> >>> > >>> > Best regards, >>> > -- Nelson >>> > >>> > >>> > On Thu, Jan 20, 2011 at 1:18 PM, Kent Yoder <[email protected]> >>> > wrote: >>> > On Wed, 2011-01-19 at 15:48 -0800, Nelson Araujo wrote: >>> > > Forgot to mention that you need to change "111111" in the >>> > sample below >>> > > with your actual TPM user PIN for the change to work. >>> > >>> > >>> > Thanks Nelson, I was able to reproduce the issue. >>> > >>> > It looks like opencryptoki by default creates an empty public >>> > exponent >>> > attribute for all rsa private keys, but then doesn't fill that >>> > attribute >>> > in with its correct value. This probably hasn't come up >>> > before since >>> > most software will query the public exponent from the public >>> > key object, >>> > where its a required attribute, as opposed to the private key >>> > object, >>> > where its not required. >>> > >>> > Right now, opencryptoki and the caller are both doing the >>> > "correct" >>> > thing in the use of C_GetAttributeValue -- the app queries the >>> > public >>> > exponent attribute, opencryptoki sees its a valid attribute >>> > and returns >>> > its length (since the app passed in NULL as the pValue >>> > pointer) but >>> > opencryptoki is operating on an incorrectly filled out >>> > template it >>> > created. >>> > >>> > When using your patch, the checking of the real attribute >>> > value will >>> > be bypassed, which is really just covering for the fact that >>> > opencryptoki created an invalid attribute for that object. >>> > >>> > I think the right solution here will be to add code to >>> > opencryptoki's >>> > tokens to correctly fill out the private key object's public >>> > exponent >>> > attribute, then all should work correctly. Below is a patch >>> > that does >>> > this for the TPM token. Let me know if it works for you. It >>> > did fix >>> > the public exponent value in the generated cert for me, >>> > although openssl >>> > verify passed on all of the certs I generated (even when >>> > public exponent >>> > was 0). >>> > >>> > Thanks, >>> > Kent >>> > >>> > diff --git a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c >>> > b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c >>> > index d5708c3..b31a861 100644 >>> > --- a/usr/lib/pkcs11/tpm_stdll/tpm_specific.c >>> > +++ b/usr/lib/pkcs11/tpm_stdll/tpm_specific.c >>> > @@ -2374,6 +2374,7 @@ >>> > token_specific_rsa_generate_keypair( TEMPLATE * >>> > publ_tmpl, >>> > CK_ULONG mod_bits = 0; >>> > CK_BBOOL flag; >>> > CK_RV rc; >>> > + CK_BYTE tpm_pubexp[] = { 0, 1, 0, 1 }; >>> > >>> > TSS_FLAG initFlags = 0; >>> > BYTE authHash[SHA1_HASH_SIZE]; >>> > @@ -2490,6 +2491,13 @@ >>> > token_specific_rsa_generate_keypair( TEMPLATE * >>> > publ_tmpl, >>> > template_update_attribute( priv_tmpl, attr ); >>> > Tspi_Context_FreeMemory(tspContext, rgbBlob); >>> > >>> > + /* put the public exponent into the private key object >>> > */ >>> > + if ((rc = build_attribute(CKA_PUBLIC_EXPONENT, >>> > tpm_pubexp, >>> > sizeof(tpm_pubexp), &attr))) { >>> > + st_err_log(84, __FILE__, __LINE__); >>> > + return rc; >>> > + } >>> > + template_update_attribute( priv_tmpl, attr ); >>> > + >>> > /* wrap the authdata and put it into an object */ >>> > if (authData != NULL) { >>> > if ((rc = token_wrap_auth_data(authData, >>> > publ_tmpl, priv_tmpl))) { >>> > >>> > >>> > >>> > >>> > > Best regards, >>> > > -- Nelson >>> > > >>> > > >>> > > "Education is the antidote to war." >>> > > -- Scott Adams >>> > > >>> > > >>> > > >>> > > On Wed, Jan 19, 2011 at 3:45 PM, Nelson Araujo >>> > > <[email protected]> wrote: >>> > > >>> > > On Wed, Jan 19, 2011 at 1:42 PM, Kent Yoder >>> > > <[email protected]> wrote: >>> > > >>> > > > a) OpenSC package >>> > > > b) OpenSSL package >>> > > > c) TPM hardware (e.g. Thinkpad T400 >>> > laptop) >>> > > > d) Both OpenSC and OpenSSL configured to >>> > use >>> > > openCryptoki >>> > > >>> > > Thanks Nelson. Which gateway from openssl >>> > -> pkcs11 >>> > > are you using? One >>> > > of the engines? >>> > > >>> > > >>> > > I am using engine_pkcs11.so. To pair OpenSSL => >>> > pkcs11 I am >>> > > using the following config patch (apply to >>> > > your /etc/<your-dist>/openssl.cnf): >>> > > >>> > > >>> > > --- apps/openssl.cnf.ORG 2010-12-07 >>> > > 09:24:50.000000000 -0800 >>> > > +++ apps/openssl.cnf 2010-12-07 >>> > 09:25:42.000000000 >>> > > -0800 >>> > > @@ -12,6 +12,21 @@ >>> > > #oid_file = $ENV::HOME/.oid >>> > > oid_section = new_oids >>> > > >>> > > >>> > > +openssl_conf = openssl_def >>> > > + >>> > > +[openssl_def] >>> > > +engines = engine_section >>> > > + >>> > > +[engine_section] >>> > > +pkcs11 = pkcs11_section >>> > > + >>> > > +[pkcs11_section] >>> > > +engine_id = pkcs11 >>> > > +dynamic_path >>> > = /usr/lib/engines/engine_pkcs11.so >>> > > +MODULE_PATH >>> > > = /usr/lib/opencryptoki/libopencryptoki.so.0 >>> > > +PIN = 111111 >>> > > +init = 0 >>> > > + >>> > > # To use this configuration file with the >>> > "-extfile" >>> > > option of the >>> > > # "openssl x509" utility, name here the >>> > section >>> > > containing the >>> > > # X.509v3 extensions to use: >>> > > >>> > > >>> > > Best regards, >>> > > -- Nelson >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > Kent >>> > > >>> > > >>> > > > e) openCryptoki configured to use TPM >>> > device >>> > > > >>> > > > >>> > > > To reproduce the issue, do: >>> > > > >>> > > > >>> > > > 1) Create a private key using OpenSC >>> > > > 2) Create a X.509 request using OpenSSL >>> > > > 3) Verify the request is malformed >>> > > > 3.1) Extract the public key from >>> > request in #2 >>> > > (pubexp = 0!) >>> > > > 3.2) Verify the request using OpenSSL >>> > (verify >>> > > failure) >>> > > > >>> > > > >>> > > > You will notice that the public exponent >>> > of the >>> > > public key output >>> > > > without the patch is 0 (incorrect) and >>> > therefore the >>> > > X.509 certificate >>> > > > request is invalid. Applying the patch it >>> > will >>> > > return the correct >>> > > > exponent (65537) and request is now >>> > correct. >>> > > > >>> > > > >>> > > > > That's correct. This code does >>> > not process >>> > > attributes. It >>> > > > keeps the >>> > > > > original call (which does the >>> > processing) >>> > > and fixes the >>> > > > public >>> > > > > exponent, if appropriate. No >>> > other >>> > > behavior should change >>> > > > other than >>> > > > > that. The only attribute >>> > targeted here is >>> > > the public >>> > > > exponent (all >>> > > > > others are responsibility of the >>> > same >>> > > players as before the >>> > > > patch.) >>> > > > > >>> > > > > >>> > > > > Can you be more specific >>> > to what >>> > > issue you're seeing >>> > > > here? >>> > > > > >>> > > > > >>> > > > > >>> > > > > Sure. The idea is the following: >>> > > > > >>> > > > > >>> > > > > 1) we need to check and return >>> > buffer too >>> > > small upfront, >>> > > > because the >>> > > > > underlying functions will return >>> > generic >>> > > errors if the >>> > > > buffer is >>> > > > > actually too small and there is >>> > no way >>> > > from this level (and >>> > > > above) to >>> > > > > tell the difference. the only >>> > reason for >>> > > the first check is >>> > > > to return >>> > > > > a more appropriate, and >>> > actionable, error >>> > > code to the caller >>> > > > >>> > > > >>> > > > I'm not seeing which generic >>> > errors you're >>> > > referring to, can >>> > > > you give >>> > > > file/line #? >>> > > > >>> > > > >>> > > > >>> > > > If you run the test case above you will >>> > notice the >>> > > issues outlined, >>> > > > especially the return code from original >>> > call >>> > > > to object_mgr_get_attribute_values (the >>> > call in >>> > > between the patch 2 >>> > > > sections). If you want to get the generic >>> > error >>> > > failure (which the >>> > > > first test in the patch attempts to >>> > address), you >>> > > will need an >>> > > > application that passes a template with >>> > > PUBLIC_EXPONENT defined and a >>> > > > buffer that is <3 bytes in size. >>> > > > >>> > > > Thanks, >>> > > > Kent >>> > > > >>> > > > > 2) if you have a buffer large >>> > enough for >>> > > the exponent, we >>> > > > allow the >>> > > > > call to proceed. then: >>> > > > > >>> > > > > >>> > > > > 3) when it returns, we check if >>> > the >>> > > exponent was filled by >>> > > > the >>> > > > > underlying layers. we noticed >>> > that 2 cases >>> > > can happen: >>> > > > > a) the exponent is filled by >>> > the callee >>> > > (which happened if >>> > > > we >>> > > > > imported the private key into >>> > the TPM) and >>> > > > > b) the exponent is not filled >>> > (which >>> > > happened if we >>> > > > generated the >>> > > > > private key inside the TPM >>> > > > > >>> > > > > In (3a) I assume that happens >>> > because when >>> > > I import the key >>> > > > it is >>> > > > > being stored "as is" and we pass >>> > the >>> > > exponent as part of the >>> > > > private >>> > > > > key structure. Anyway, the if() >>> > check is >>> > > prevent overwriting >>> > > > something >>> > > > > the callee already filled, and >>> > also does >>> > > not make sense to >>> > > > copy over >>> > > > > the same data, and per the >>> > existing checks >>> > > in place ensure >>> > > > the number >>> > > > > has to be 65537. >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > -Klaus >>> > > > > >>> > > > > >>> > > > > -- >>> > > > > Klaus Heinrich Kiwi | >>> > > [email protected] | >>> > > > > >>> > http://blog.klauskiwi.com >>> > > > > Open Source Security >>> > blog : >>> > > > http://www.ratliff.net/blog >>> > > > > IBM Linux Technology >>> > Center : >>> > > > http://www.ibm.com/linux/ltc >>> > > > > >>> > > > > >>> > > > >>> > > > > >>> > > > >>> > > >>> > >>> > ------------------------------------------------------------------------------ >>> > > > > Protect Your Site and Customers >>> > from >>> > > Malware Attacks >>> > > > > Learn about various malware >>> > tactics and >>> > > how to avoid them. >>> > > > Understand >>> > > > > malware threats, the impact they >>> > can have >>> > > on your business, >>> > > > and how you >>> > > > > can protect your company and >>> > customers by >>> > > using code >>> > > > signing. >>> > > > > >>> > http://p.sf.net/sfu/oracle-sfdevnl >>> > > > > >>> > > >>> > _______________________________________________ >>> > > > Opencryptoki-tech mailing list >>> > > > >>> > [email protected] >>> > > > >>> > > >>> > https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech >>> > > > >>> > > > >>> > > > >>> > > >>> > > >>> > > >>> > > >>> > >>> > ------------------------------------------------------------------------------ >>> > > Protect Your Site and Customers from Malware >>> > Attacks >>> > > Learn about various malware tactics and how >>> > to avoid >>> > > them. Understand >>> > > malware threats, the impact they can have on >>> > your >>> > > business, and how you >>> > > can protect your company and customers by >>> > using code >>> > > signing. >>> > > http://p.sf.net/sfu/oracle-sfdevnl >>> > > >>> > _______________________________________________ >>> > > Opencryptoki-tech mailing list >>> > > [email protected] >>> > > >>> > https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech >>> > > >>> > > >>> > >>> > >>> > >>> > >>> > >>> >>> >> > > ------------------------------------------------------------------------------ What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
