commit openssl_tpm2_engine for openSUSE:Factory

25 Jul 2024

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package openssl_tpm2_engine for openSUSE:Factory checked in at 2024-07-25 15:38:43
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssl_tpm2_engine (Old)
 and      /work/SRC/openSUSE:Factory/.openssl_tpm2_engine.new.1882 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openssl_tpm2_engine"

Thu Jul 25 15:38:43 2024 rev:17 rq:1189275 version:4.2.0

Changes:
--------

--- /work/SRC/openSUSE:Factory/openssl_tpm2_engine/openssl_tpm2_engine.changes	2024-04-23 18:55:35.785432629 +0200
+++ /work/SRC/openSUSE:Factory/.openssl_tpm2_engine.new.1882/openssl_tpm2_engine.changes	2024-07-25 15:50:48.131137583 +0200
@@ -1,0 +2,9 @@
+Tue Jul 23 20:23:38 UTC 2024 - James Bottomley <James.Bottomley@HansenPartnership.com>
+
+- Update to version 4.2.0
+  * doc updates: typo fix, clarify boolean parsing rules and secret parameter
+  * fix bug with no visible effect in the handling of wrapped secrets
+  * SECURITY fix to salt all sessions
+  * add ability to import RSA wrapped keys and sealed objects
+
+-------------------------------------------------------------------

Old:
----
  openssl_tpm2_engine-4.1.2.tar.gz

New:
----
  openssl_tpm2_engine-4.2.0.tar.gz

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openssl_tpm2_engine.spec ++++++
--- /var/tmp/diff_new_pack.dpqafP/_old	2024-07-25 15:50:48.619157304 +0200
+++ /var/tmp/diff_new_pack.dpqafP/_new	2024-07-25 15:50:48.623157466 +0200
@@ -18,7 +18,7 @@
 
 
 Name:           openssl_tpm2_engine
-Version:        4.1.2
+Version:        4.2.0
 Release:        0
 Summary:        OpenSSL TPM 2.0 interface engine plugin
 License:        LGPL-2.1-only

++++++ openssl_tpm2_engine-4.1.2.tar.gz -> openssl_tpm2_engine-4.2.0.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/configure.ac new/openssl_tpm2_engine-4.2.0/configure.ac
--- old/openssl_tpm2_engine-4.1.2/configure.ac	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/configure.ac	2024-07-23 21:53:23.000000000 +0200
@@ -2,7 +2,7 @@
 # configure.in for the OpenSSL TPM engine project
 #
 
-AC_INIT(openssl-tpm2-engine, 4.1.2, <openssl-tpm2-engine@groups.io>)
+AC_INIT(openssl-tpm2-engine, 4.2.0, <openssl-tpm2-engine@groups.io>)
 AM_INIT_AUTOMAKE([foreign 1.6.3])
 AC_CANONICAL_HOST
 AM_CONDITIONAL(NATIVE_BUILD, test "x$cross_compiling" = "xno")
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/doc/draft-bottomley-tpm2-keys.xml new/openssl_tpm2_engine-4.2.0/doc/draft-bottomley-tpm2-keys.xml
--- old/openssl_tpm2_engine-4.1.2/doc/draft-bottomley-tpm2-keys.xml	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/doc/draft-bottomley-tpm2-keys.xml	2024-07-23 21:53:23.000000000 +0200
@@ -65,8 +65,9 @@
 	  <dd>Abstract Syntax Notation defined in
 	  <xref target="X.680"/></dd>
 	  <dt>DER</dt>
-	  <dd>Distinguished Encoding Rules. Basically a defined binary
-	  representation for ASN.1</dd>
+	  <dd>Distinguished Encoding Rules defined in <xref
+	  target="X.690"/>. Basically a defined binary representation
+	  for ASN.1</dd>
 	  <dt>MSO</dt>
 	  <dd>Most Significant Octet (the highest order
 	  byte of an integer)</dd>
@@ -155,7 +156,7 @@
 	    TPM2_Load/Import/Unseal command whether it must also send
 	    down an authorization, so this parameter gives that
 	    indication.  emptyAuth MUST be true if authorization is
-	    NOT required and MUST BE either false or absent if
+	    NOT required and MUST be either false or absent if
 	    authorization is required.  Since this element has
 	    three states (one representing true and two representing
 	    false) it is RECOMMENDED that implementations emitting
@@ -174,19 +175,21 @@
 	</section>
 	<section title="secret">
 	  <t>
-	    This section describes the additional cryptographic
-	    secret used to specify the outer wrapping of an
-	    importable key.  It MUST be present for key type
-	    id-importablekey and MUST NOT be present for any other
-	    key type.
+	    This section describes the additional cryptographic secret
+	    used to specify the outer wrapping of an importable
+	    object.  For keys, it MUST be present for key type
+	    id-importablekey and MUST NOT be present for key type
+	    id-loadablekey.  For sealed data objects of type
+	    id-sealedkey, it MAY be present and if present indicates
+	    the object is importable.
 	  </t>
 	  <t>
-	    Importable keys (designed to be processed by TPM2_Import)
-	    MUST have an unencrypted inner wrapper (symmetricAlg MUST
-	    be TPM_ALG_NULL and encryptionKey MUST be empty) and an
-	    outer wrapper encrypted to the parent key using
-	    inSymSeed. The secret parameter is the fully marshalled
-	    TPM2B_ENCRYPTED_SECRET form of inSymSeed.
+	    Importable objects (designed to be processed by
+	    TPM2_Import) MUST have an unencrypted inner wrapper
+	    (symmetricAlg MUST be TPM_ALG_NULL and encryptionKey MUST
+	    be empty) and an outer wrapper encrypted to the parent key
+	    using inSymSeed. The secret parameter is the fully
+	    marshalled TPM2B_ENCRYPTED_SECRET form of inSymSeed.
 	  </t>
 	</section>
 	<section title="authPolicy">
@@ -611,6 +614,13 @@
 	Implementations SHOULD minimize the number of TPM2_Import
 	operations by caching the emitted TPM2B_PRIVATE.
       </t>
+      <t>
+	Some applications have broken DER encoding and emit values
+	other than the required 0xFF for BOOLEAN TRUE (see <xref
+	target="X.690"/> section 11.1 "Boolean values"). When parsing
+	DER encodings, implementations SHOULD accept any non-zero
+	octet as BOOLEAN TRUE.
+      </t>
     </section>
     <section anchor="security" title="Security Considerations">
       <t>
@@ -726,6 +736,18 @@
 	  <date year="2015" month="August"/>
 	</front>
       </reference>
+      <reference anchor="X.690" target="https://www.itu.int/rec/T-REC-X.690-202102-I">
+       <front>
+	 <title>
+	   ITU-T Recommendataion X.690,
+	   Information technology – ASN.1 encoding rules:
+	   Specification of Basic Encoding Rules (BER), Canonical
+	   Encoding Rules (CER) and Distinguished Encoding Rules
+	   (DER)</title>
+	 <author><organization>International Telecommunication Union</organization></author>
+	 <date year="2021" month="February"/>
+       </front>
+      </reference>
       <reference anchor="TCG-Provision" target="https://trustedcomputinggroup.org/resource/tcg-tpm-v2-0-provisioning-guidance/">
 	<front>
 	  <title>TCG TPM v2.0 Provisioning Guidance</title>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/src/include/ibm-tss.h new/openssl_tpm2_engine-4.2.0/src/include/ibm-tss.h
--- old/openssl_tpm2_engine-4.1.2/src/include/ibm-tss.h	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/src/include/ibm-tss.h	2024-07-23 21:53:23.000000000 +0200
@@ -661,7 +661,7 @@
 	/* need public area pulled in for nonce computation */
 	if ((authHandle >> 24) == TPM_HT_NV_INDEX)
 		tpm2_NV_ReadPublic(tssContext, authHandle, NULL);
-	else
+	else if ((authHandle >> 24) != TPM_HT_PERMANENT)
 		tpm2_ReadPublic(tssContext, authHandle, NULL, TPM_RH_NULL, NULL);
 
 	rc = tpm2_StartAuthSession(tssContext, TPM_RH_NULL, authHandle,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/src/include/intel-tss.h new/openssl_tpm2_engine-4.2.0/src/include/intel-tss.h
--- old/openssl_tpm2_engine-4.1.2/src/include/intel-tss.h	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/src/include/intel-tss.h	2024-07-23 21:53:23.000000000 +0200
@@ -90,6 +90,8 @@
 #define TPM_RC			TPM2_RC
 #define TPM_CC			TPM2_CC
 
+#define TPM_RS_PW		TPM2_RS_PW
+
 #define TPM_ALG_ID		TPM2_ALG_ID
 #define TPM_SE			TPM2_SE
 #define TPM_SE_HMAC		TPM2_SE_HMAC
@@ -185,10 +187,11 @@
 TSS_CONVERT_MARSHAL(UINT8, *)
 TSS_CONVERT_MARSHAL(UINT16, *)
 TSS_CONVERT_MARSHAL(TPMT_SENSITIVE, )
-TSS_CONVERT_MARSHAL(TPM2B_ECC_POINT, )
+TSS_CONVERT_MARSHAL(TPMS_ECC_POINT, )
 TSS_CONVERT_MARSHAL(TPM2B_DIGEST, )
 TSS_CONVERT_MARSHAL(TPM2B_NAME, )
 TSS_CONVERT_MARSHAL(TPM2B_PUBLIC, )
+TSS_CONVERT_MARSHAL(TPM2B_ENCRYPTED_SECRET, )
 TSS_CONVERT_MARSHAL(TPM2B_PRIVATE, )
 TSS_CONVERT_MARSHAL(TPML_PCR_SELECTION, )
 TSS_CONVERT_MARSHAL(TPMT_SIGNATURE, )
@@ -941,7 +944,10 @@
 	creationPcr.count = 0;
 
 	intel_auth_helper(tssContext, primaryHandle, authVal);
-	intel_sess_helper(tssContext, auth, TPMA_SESSION_DECRYPT);
+	if (auth == TPM_RS_PW)
+		auth = ESYS_TR_PASSWORD;
+	else
+		intel_sess_helper(tssContext, auth, TPMA_SESSION_DECRYPT);
 	rc = Esys_CreatePrimary(tssContext, primaryHandle, auth, ESYS_TR_NONE,
 				ESYS_TR_NONE, inSensitive, inPublic,
 				&outsideInfo, &creationPcr, objectHandle,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/src/include/tpm2-common.h new/openssl_tpm2_engine-4.2.0/src/include/tpm2-common.h
--- old/openssl_tpm2_engine-4.1.2/src/include/tpm2-common.h	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/src/include/tpm2-common.h	2024-07-23 21:53:23.000000000 +0200
@@ -120,6 +120,11 @@
 			      TSSAUTHPOLICY *ap, TPMT_HA *digest, int need_auth);
 TPM_RC tpm2_add_policy_secret(TSS_CONTEXT *tssContext, STACK_OF(TSSOPTPOLICY) *sk,
 			      TPM_HANDLE handle, TPMT_HA *digest);
+TPM_RC tpm2_hmacwrap(EVP_PKEY *parent,
+		     NAME_2B *name,
+		     const char *label,
+		     PRIVATE_2B *p, /* contains the to be encrypted data */
+		     ENCRYPTED_SECRET_2B *enc_secret);
 TPM_RC tpm2_outerwrap(EVP_PKEY *parent,
 		      TPMT_SENSITIVE *s,
 		      TPMT_PUBLIC *pub,
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/src/libcommon/tpm2-common.c new/openssl_tpm2_engine-4.2.0/src/libcommon/tpm2-common.c
--- old/openssl_tpm2_engine-4.1.2/src/libcommon/tpm2-common.c	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/src/libcommon/tpm2-common.c	2024-07-23 21:53:23.000000000 +0200
@@ -724,7 +724,7 @@
 	TPM_RC rc;
 	TPM2B_SENSITIVE_CREATE inSensitive;
 	TPM2B_PUBLIC inPublic;
-	TPM_HANDLE session;
+	TPM_HANDLE session = TPM_RS_PW;
 
 	if (auth) {
 		VAL_2B(inSensitive.sensitive.userAuth, size) = strlen(auth);
@@ -763,16 +763,19 @@
 
 	/* use a bound session here because we have no known key objects
 	 * to encrypt a salt to */
-	rc = tpm2_get_bound_handle(tssContext, &session, hierarchy, auth);
-	if (rc)
-		return rc;
+	if (auth) {
+		rc = tpm2_get_bound_handle(tssContext, &session, hierarchy, auth);
+		if (rc)
+			return rc;
+	}
 
 	rc = tpm2_CreatePrimary(tssContext, hierarchy, &inSensitive, &inPublic,
 				h, pub, session, auth);
 
 	if (rc) {
 		tpm2_error(rc, "TSS_CreatePrimary");
-		tpm2_flush_handle(tssContext, session);
+		if (session != TPM_RS_PW)
+			tpm2_flush_handle(tssContext, session);
 	}
 
 	return rc;
@@ -990,19 +993,27 @@
 		return tpm2_ReadPublic(tssContext, handle, NULL, TPM_RH_NULL, name);
 }
 
-TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
-			     TPM_HANDLE bind, const char *auth)
+static TPM_RC _get_session_internal(TSS_CONTEXT *tssContext,
+				    TPM_HANDLE *handle,
+				    TPM_HANDLE salt_key,
+				    TPM_HANDLE bind, TPM_SE sessionType,
+				    TPM_ALG_ID name_alg, const char *auth)
 {
 	TPM_RC rc;
 	TPMT_SYM_DEF symmetric;
+	TPM_HANDLE sh = salt_key;
 
 	symmetric.algorithm = TPM_ALG_AES;
 	symmetric.keyBits.aes = 128;
 	symmetric.mode.aes = TPM_ALG_CFB;
 
-	rc = tpm2_StartAuthSession(tssContext, TPM_RH_NULL, bind,
-				   TPM_SE_HMAC, &symmetric,
-				   TPM_ALG_SHA256, handle, auth);
+	if (sh == TPM_RH_NULL)
+		tpm2_load_srk(tssContext, &sh, NULL, NULL, sh, TPM2_LOADABLE);
+	rc = tpm2_StartAuthSession(tssContext, sh, bind,
+				   sessionType, &symmetric,
+				   name_alg, handle, auth);
+	if (sh != salt_key)
+		tpm2_FlushContext(tssContext, sh);
 	if (rc)
 		tpm2_error(rc, "TPM2_StartAuthSession");
 
@@ -1010,29 +1021,25 @@
 	return rc;
 }
 
+TPM_RC tpm2_get_bound_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
+			     TPM_HANDLE bind, const char *auth)
+{
+	return _get_session_internal(tssContext, handle, TPM_RH_NULL,
+				     bind, TPM_SE_HMAC, TPM_ALG_SHA256,
+				     auth);
+}
+
 TPM_RC tpm2_get_session_handle(TSS_CONTEXT *tssContext, TPM_HANDLE *handle,
 			       TPM_HANDLE salt_key, TPM_SE sessionType,
 			       TPM_ALG_ID name_alg)
 {
-	TPM_RC rc;
-	TPMT_SYM_DEF symmetric;
-
 	/* 0 means no key, which we express as TPM_RH_NULL to the TSS */
 	if (!salt_key)
 		salt_key = TPM_RH_NULL;
 
-	symmetric.algorithm = TPM_ALG_AES;
-	symmetric.keyBits.aes = 128;
-	symmetric.mode.aes = TPM_ALG_CFB;
-
-	rc = tpm2_StartAuthSession(tssContext, salt_key, TPM_RH_NULL,
-				   sessionType, &symmetric, name_alg,
-				   handle, NULL);
-
-	if (rc)
-		tpm2_error(rc, "TPM2_StartAuthSession");
-
-	return rc;
+	return _get_session_internal(tssContext, handle, salt_key,
+				     TPM_RH_NULL, sessionType, name_alg,
+				     NULL);
 }
 
 static TPM_RC tpm2_try_policy(TSS_CONTEXT *tssContext, TPM_HANDLE handle,
@@ -2247,9 +2254,14 @@
 		}
 
 		if (secret) {
+			BYTE buf[2048];
+			BYTE *buffer = buf;
+			INT32 size = sizeof(buf);
+			UINT16 written = 0;
+
+			TSS_TPM2B_ENCRYPTED_SECRET_Marshal((TPM2B_ENCRYPTED_SECRET *)secret, &written, &buffer, &size);
 			k.tpk.secret = ASN1_OCTET_STRING_new();
-			ASN1_STRING_set(k.tpk.secret, secret->secret,
-					secret->size);
+			ASN1_STRING_set(k.tpk.secret, buf, written);
 		}
 
 		/* standard requires true or not present */
@@ -3116,58 +3128,76 @@
 	return TPM_RC_ASYMMETRIC;
 }
 
-TPM_RC tpm2_outerwrap(EVP_PKEY *parent,
-		      TPMT_SENSITIVE *s,
-		      TPMT_PUBLIC *pub,
-		      PRIVATE_2B *p,
-		      ENCRYPTED_SECRET_2B *enc_secret)
+static TPM_RC tpm2_rsa_seed(EVP_PKEY *parent,
+			    const char *label,
+			    PRIVATE_2B *seed,
+			    ENCRYPTED_SECRET_2B *enc_secret)
 {
-	PRIVATE_2B secret, seed;
-	/*  amount of room in the buffer for the integrity TPM2B */
-	const int integrity_skip = SHA256_DIGEST_LENGTH + 2;
-	//	BYTE *integrity = p->buffer;
-	BYTE *sensitive = p->buffer + integrity_skip;
-	BYTE *buf;
-	TPM2B *t2b;
-	INT32 size;
-	size_t ssize;
-	UINT16 bsize, written = 0;
+	EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(parent, NULL);
+	char *dup_label;
+	size_t size;
+
+	if (!ctx)
+		goto openssl_err;
+
+	if (EVP_PKEY_encrypt_init(ctx) != 1)
+		goto openssl_err;
+
+	if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) != 1)
+		goto openssl_err;
+
+	dup_label = OPENSSL_strdup(label);
+	if (!label)
+		goto openssl_err;
+
+	if (EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, dup_label,
+					     strlen(dup_label) + 1) != 1) {
+		OPENSSL_free(dup_label);
+		goto openssl_err;
+	}
+
+	if(EVP_PKEY_CTX_set_rsa_oaep_md(ctx, EVP_sha256()) != 1)
+		goto openssl_err;
+
+	/* initialize the seed with a random string */
+	seed->size = SHA256_DIGEST_LENGTH;
+	RAND_bytes(seed->buffer, seed->size);
+
+	size = sizeof(enc_secret->secret);
+	if (EVP_PKEY_encrypt(ctx, enc_secret->secret, &size,
+			     seed->buffer, seed->size) != 1)
+		goto openssl_err;
+	enc_secret->size = size;
+	EVP_PKEY_CTX_free(ctx);
+
+	return 0;
+
+ openssl_err:
+	ERR_print_errors_fp(stderr);
+	if (ctx)
+		EVP_PKEY_CTX_free(ctx);
+	return TPM_RC_ASYMMETRIC;
+}
+
+static TPM_RC tpm2_ecc_seed(EVP_PKEY *parent,
+			    const char *label,
+			    PRIVATE_2B *seed,
+			    ENCRYPTED_SECRET_2B *enc_secret)
+{
+	PRIVATE_2B secret;
 	EVP_PKEY *ephemeral = NULL;
 	EVP_PKEY_CTX *ctx;
 	TPM2B_ECC_POINT pub_pt, ephemeral_pt;
 	EC_KEY *e_parent, *e_ephemeral;
 	const EC_GROUP *group;
-	unsigned char aeskey[T2_AES_KEY_BYTES];
-	/* hmac follows namealg, so set to max size */
-	KEY_2B hmackey;
-	TPMT_HA hmac;
-	NAME_2B name;
-	DIGEST_2B digest;
-	unsigned char null_iv[AES_128_BLOCK_SIZE_BYTES];
-	TPM2B null_2b;
-
-	null_2b.size = 0;
-
-	if (EVP_PKEY_type(EVP_PKEY_id(parent)) != EVP_PKEY_EC) {
-		printf("Can only currently wrap to EC parent\n");
-		return TPM_RC_ASYMMETRIC;
-	}
+	BYTE *buf;
+	INT32 size;
+	size_t ssize;
+	UINT16 written;
 
 	e_parent = EVP_PKEY_get1_EC_KEY(parent);
 	group = EC_KEY_get0_group(e_parent);
 
-	/* marshal the sensitive into a TPM2B */
-	t2b = (TPM2B *)sensitive;
-	buf = t2b->buffer;
-	size = sizeof(p->buffer) - integrity_skip;
-	bsize = 0;
-	TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
-	buf = (BYTE *)&t2b->size;
-	size = 2;
-	TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
-	/* set the total size of the private entity */
-	p->size = bsize + sizeof(UINT16) + integrity_skip;
-
 	/* compute the elliptic curve shared (and encrypted) secret */
 	ctx = EVP_PKEY_CTX_new(parent, NULL);
 	if (!ctx)
@@ -3211,33 +3241,79 @@
 	/* now pass the secret through KDFe to get the shared secret
 	 * The size is the size of the parent name algorithm which we
 	 * assume to be sha256 */
-	TSS_KDFE(seed.buffer, TPM_ALG_SHA256, (TPM2B *)&secret, "DUPLICATE",
+	TSS_KDFE(seed->buffer, TPM_ALG_SHA256, (TPM2B *)&secret, label,
 		 (TPM2B *)&ephemeral_pt.point.x, (TPM2B *)&pub_pt.point.x,
 		 SHA256_DIGEST_LENGTH*8);
-	seed.size = SHA256_DIGEST_LENGTH;
+	seed->size = SHA256_DIGEST_LENGTH;
+
+	/* OK the ephermeral public point is now the encrypted secret */
+	size = sizeof(ephemeral_pt);
+	written = 0;
+	buf = enc_secret->secret;
+	TSS_TPMS_ECC_POINT_Marshal(&ephemeral_pt.point, &written,
+				   &buf, &size);
+	enc_secret->size = written;
+	return 0;
+
+ openssl_err:
+	ERR_print_errors_fp(stderr);
+	return TPM_RC_ASYMMETRIC;
+}
+
+TPM_RC tpm2_hmacwrap(EVP_PKEY *parent,
+		     NAME_2B *name,
+		     const char *label,
+		     PRIVATE_2B *p, /* contains the to be encrypted data */
+		     ENCRYPTED_SECRET_2B *enc_secret)
+{
+	PRIVATE_2B seed;
+	/*  amount of room in the buffer for the integrity TPM2B */
+	const int integrity_skip = SHA256_DIGEST_LENGTH + 2;
+	BYTE *sensitive = p->buffer + integrity_skip;
+	BYTE *buf;
+	INT32 size;
+	UINT16 written = 0;
+	unsigned char aeskey[T2_AES_KEY_BYTES];
+	/* hmac follows namealg, so set to max size */
+	KEY_2B hmackey;
+	TPMT_HA hmac;
+	DIGEST_2B digest;
+	unsigned char null_iv[AES_128_BLOCK_SIZE_BYTES];
+	TPM2B null_2b;
+	TPM_RC rc;
+
+	null_2b.size = 0;
+	switch (EVP_PKEY_type(EVP_PKEY_id(parent))) {
+	case EVP_PKEY_EC:
+		rc = tpm2_ecc_seed(parent, label, &seed, enc_secret);
+		break;
+
+	case EVP_PKEY_RSA:
+		rc = tpm2_rsa_seed(parent, label, &seed, enc_secret);
+		break;
+
+	default:
+		printf("Can only currently wrap to EC parent\n");
+		rc = TPM_RC_ASYMMETRIC;
+		break;
+	}
+	if (rc)
+		return rc;
 
 	/* and finally through KDFa to get the aes symmetric encryption key */
-	tpm2_ObjectPublic_GetName(&name, pub);
 	TSS_KDFA(aeskey, TPM_ALG_SHA256, (TPM2B *)&seed, "STORAGE",
-		 (TPM2B *)&name, &null_2b, T2_AES_KEY_BITS);
+		 (TPM2B *)name, &null_2b, T2_AES_KEY_BITS);
 	/* and then the outer HMAC key */
 	hmackey.size = SHA256_DIGEST_LENGTH;
 	TSS_KDFA(hmackey.buffer, TPM_ALG_SHA256, (TPM2B *)&seed, "INTEGRITY",
 		 &null_2b, &null_2b, SHA256_DIGEST_LENGTH*8);
-	/* OK the ephermeral public point is now the encrypted secret */
-	size = sizeof(ephemeral_pt);
-	written = 0;
-	buf = enc_secret->secret;
-	TSS_TPM2B_ECC_POINT_Marshal(&ephemeral_pt, &written,
-				    &buf, &size);
-	enc_secret->size = written;
 	memset(null_iv, 0, sizeof(null_iv));
 	TSS_AES_EncryptCFB(sensitive, T2_AES_KEY_BITS, aeskey, null_iv,
 			   p->size - integrity_skip, sensitive);
 	hmac.hashAlg = TPM_ALG_SHA256;
 	TSS_HMAC_Generate(&hmac, (TPM2B_KEY *)&hmackey,
 			  p->size - integrity_skip, sensitive,
-			  name.size, name.name,
+			  name->size, name->name,
 			  0, NULL);
 	digest.size  = SHA256_DIGEST_LENGTH;
 	memcpy(digest.buffer, &hmac.digest, digest.size);
@@ -3245,10 +3321,38 @@
 	buf = p->buffer;
 	TSS_TPM2B_DIGEST_Marshal((TPM2B_DIGEST *)&digest, &written, &buf, &size);
 	return TPM_RC_SUCCESS;
+}
 
- openssl_err:
-	ERR_print_errors_fp(stderr);
-	return TPM_RC_ASYMMETRIC;
+TPM_RC tpm2_outerwrap(EVP_PKEY *parent,
+		      TPMT_SENSITIVE *s,
+		      TPMT_PUBLIC *pub,
+		      PRIVATE_2B *p,
+		      ENCRYPTED_SECRET_2B *enc_secret)
+{
+	/*  amount of room in the buffer for the integrity TPM2B */
+	const int integrity_skip = SHA256_DIGEST_LENGTH + 2;
+	BYTE *sensitive = p->buffer + integrity_skip;
+	BYTE *buf;
+	TPM2B *t2b;
+	INT32 size;
+	UINT16 bsize, written = 0;
+	NAME_2B name;
+
+	/* marshal the sensitive into a TPM2B */
+	t2b = (TPM2B *)sensitive;
+	buf = t2b->buffer;
+	size = sizeof(p->buffer) - integrity_skip;
+	bsize = 0;
+	TSS_TPMT_SENSITIVE_Marshal(s, &bsize, &buf, &size);
+	buf = (BYTE *)&t2b->size;
+	size = 2;
+	TSS_UINT16_Marshal(&bsize, &written, &buf, &size);
+	/* set the total size of the private entity */
+	p->size = bsize + sizeof(UINT16) + integrity_skip;
+
+	tpm2_ObjectPublic_GetName(&name, pub);
+
+	return tpm2_hmacwrap(parent, &name, "DUPLICATE", p, enc_secret);
 }
 
 void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/src/tools/create_tpm2_key.c new/openssl_tpm2_engine-4.2.0/src/tools/create_tpm2_key.c
--- old/openssl_tpm2_engine-4.1.2/src/tools/create_tpm2_key.c	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/src/tools/create_tpm2_key.c	2024-07-23 21:53:23.000000000 +0200
@@ -724,12 +724,6 @@
 			goto out_err;
 		}
 
-		/* FIXME: should do RSA as well, it's just more complex */
-		if (EVP_PKEY_type(EVP_PKEY_id(p_pkey)) != EVP_PKEY_EC) {
-			reason = "parent not EC key";
-			goto out_err;
-		}
-
 		rc = openssl_to_tpm_public(pub, pkey);
 		if (rc) {
 			reason = "openssl_to_tpm_public";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/tests/check_importable.sh new/openssl_tpm2_engine-4.2.0/tests/check_importable.sh
--- old/openssl_tpm2_engine-4.1.2/tests/check_importable.sh	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/tests/check_importable.sh	2024-07-23 21:53:23.000000000 +0200
@@ -1,9 +1,11 @@
 #!/bin/bash
 
 
-# export the parent key as a public key
+# export the parent key as a EC and RSA public key
 prim=$(tsscreateprimary -ecc nistp256 -hi o -opem srk.pub | sed 's/Handle //') || exit 1
 tssflushcontext -ha ${prim} || exit 1
+prim=$(tsscreateprimary -rsa 2048 -hi o -opem srkrsa.pub | sed 's/Handle //') || exit 1
+tssflushcontext -ha ${prim} || exit 1
 
 for n in sha1 sha256 sha384; do
     echo "Checking Name Hash $n"
@@ -32,5 +34,36 @@
     openssl req -new -x509 -subj '/CN=test/' -key key.tpm $ENGINE $KEYFORM -out tmp.crt && exit 1
     tsspcrextend -ha 16 -ic aaa
     openssl req -new -x509 -subj '/CN=test/' -key key.tpm $ENGINE $KEYFORM -out tmp.crt || exit 1
+    openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
+done
+
+echo "Checking RSA Import"
+for n in sha1 sha256 sha384; do
+    echo "Checking Name Hash $n"
+    if [ "$n" = "sha256" ]; then
+	POLICYFILE=${testdir}/policies/policy_pcr.txt
+    else
+	POLICYFILE=${testdir}/policies/policy_pcr${n}.txt
+    fi
+    # check an EC key with a cert and password
+    openssl genpkey -algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -out key.priv || exit 1
+    ${bindir}/create_tpm2_key -p 81000001 --import srkrsa.pub --wrap key.priv -n ${n} -a -k passw0rd key.tpm || exit 1
+    openssl req -new -x509 -subj '/CN=test/' -key key.tpm -passin pass:passw0rd $ENGINE $KEYFORM -out tmp.crt || exit 1
+    openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
+
+    # Check the loadability of an importable key
+    NV=81000201
+    ${bindir}/load_tpm2_key key.tpm ${NV} || exit 1
+    openssl req -new -x509 -subj '/CN=test/' -key //nvkey:${NV} -passin pass:passw0rd $ENGINE $KEYFORM -out tmp.crt || exit 1
+    openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
+    tssevictcontrol -hi o -ho ${NV} -hp ${NV}
+
+    #check an RSA key with a cert and policy
+    openssl genrsa 2048 > key.priv || exit 1
+    tsspcrreset -ha 16
+    ${bindir}/create_tpm2_key -p 81000001 --import srkrsa.pub -n ${n} --wrap key.priv -c ${POLICYFILE} key.tpm || exit 1
+    openssl req -new -x509 -subj '/CN=test/' -key key.tpm $ENGINE $KEYFORM -out tmp.crt && exit 1
+    tsspcrextend -ha 16 -ic aaa
+    openssl req -new -x509 -subj '/CN=test/' -key key.tpm $ENGINE $KEYFORM -out tmp.crt || exit 1
     openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
 done
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/tests/restricted_parent.sh new/openssl_tpm2_engine-4.2.0/tests/restricted_parent.sh
--- old/openssl_tpm2_engine-4.1.2/tests/restricted_parent.sh	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/tests/restricted_parent.sh	2024-07-23 21:53:23.000000000 +0200
@@ -78,4 +78,12 @@
     openssl verify -CAfile tmp.crt -check_ss_sig tmp.crt || exit 1
 done
 
-exit 0
+##
+# Now add back the RSA storage parent: clearing the TPM will have
+# changed the storage seed and flushed it and it is needed to verify
+# RSA importable keys
+##
+tssclear -hi p || exit 1
+key=$(tsscreateprimary -hi o -st -rsa|sed 's/Handle //') && \
+tssevictcontrol -hi o -ho ${key} -hp 81000001 && \
+tssflushcontext -ha ${key}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssl_tpm2_engine-4.1.2/tests/seal_unseal.sh new/openssl_tpm2_engine-4.2.0/tests/seal_unseal.sh
--- old/openssl_tpm2_engine-4.1.2/tests/seal_unseal.sh	2024-04-19 17:40:47.000000000 +0200
+++ new/openssl_tpm2_engine-4.2.0/tests/seal_unseal.sh	2024-07-23 21:53:23.000000000 +0200
@@ -59,6 +59,18 @@
     ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm && exit 1
     tsspcrextend -ha 16 -ic aaa
     ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
+    # check importable RSA (same data and policies)
+    prim=$(tsscreateprimary -hi o -st -rsa -opem srk.pub | sed 's/Handle //') || exit 1
+    tssflushcontext -ha $prim
+    TPM_INTERFACE_TYPE= echo $DATA | ${bindir}/seal_tpm2_data -n ${n} -a -k ${AUTH} --parent 81000001 --import srk.pub seal.tpm || exit 1;
+    ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
+    rm seal.tpm
+
+    TPM_INTERFACE_TYPE= echo $DATA | ${bindir}/seal_tpm2_data -n ${n} --import srk.pub --parent 81000001 --policy ${POLICYFILE} seal.tpm || exit 1;
+    tsspcrreset -ha 16
+    ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm && exit 1
+    tsspcrextend -ha 16 -ic aaa
+    ${bindir}/unseal_tpm2_data -k ${AUTH} seal.tpm | grep -q "${DATA}" || exit 1;
 done
 
 exit 0

    

Source-Sync

tags

participants (1)