OpenSSL engine and TPM usage.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenSSL engine and TPM usage.

Jayalakshmi bhat
Hi All,

Our device uses TPM to protect certificate private keys. We have written engine interface to integrate TPM functionality into OpenSSL. Thus TPM gets loaded as an engine instance.
Also we have mapped RSA operations to TPM APIS as  like encryption/decryption etc.

Now we are into few issues. there are few applications that wants to use application specific identity certificate. In such cases RSA APIs should not get mapped to TPM APIs.

I wanted to know when we use engine instance for encyrption/decryption operation, can it be done selectively?

Regards
Jayalakshmi

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL engine and TPM usage.

Jakob Bohm-7
On 25/10/2017 19:06, Jayalakshmi bhat wrote:

> Hi All,
>
> Our device uses TPM to protect certificate private keys. We have
> written engine interface to integrate TPM functionality into OpenSSL.
> Thus TPM gets loaded as an engine instance.
> Also we have mapped RSA operations to TPM APIS as  like
> encryption/decryption etc.
>
> Now we are into few issues. there are few applications that wants to
> use application specific identity certificate. In such cases RSA APIs
> should not get mapped to TPM APIs.
>
> I wanted to know when we use engine instance for encyrption/decryption
> operation, can it be done selectively?
>
Please beware that many TPM chips were recently discovered to contain a
broken
RSA key generation algorithm, so public/private key pairs keys to be
stored in the TPM should probably be generated off-chip (using the OpenSSL
software key generator) and imported into the chip, contrary to what would
have been best security practice without this firmware bug.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL engine and TPM usage.

Michael Richardson

Jakob Bohm <[hidden email]> wrote:
    >> I wanted to know when we use engine instance for encyrption/decryption
    >> operation, can it be done selectively?

    > Please beware that many TPM chips were recently discovered to contain a
    > broken RSA key generation algorithm, so public/private key pairs keys
    > to be stored in the TPM should probably be generated off-chip (using
    > the OpenSSL software key generator) and imported into the chip,
    > contrary to what would have been best security practice without this
    > firmware bug.

wow, further evidence that everything needs an upgrade path.

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     [hidden email]  http://www.sandelman.ca/        |   ruby on rails    [


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

signature.asc (497 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL engine and TPM usage.

Michael Ströder
Michael Richardson wrote:

>
> Jakob Bohm <[hidden email]> wrote:
>     >> I wanted to know when we use engine instance for encyrption/decryption
>     >> operation, can it be done selectively?
>
>     > Please beware that many TPM chips were recently discovered to contain a
>     > broken RSA key generation algorithm, so public/private key pairs keys
>     > to be stored in the TPM should probably be generated off-chip (using
>     > the OpenSSL software key generator) and imported into the chip,
>     > contrary to what would have been best security practice without this
>     > firmware bug.
>
> wow, further evidence that everything needs an upgrade path.
From the viewpoint of hardware vendors the upgrade path is selling new
hardware. It's simply like that. Not very sustainable...

Ciao, Michael.


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL engine and TPM usage.

Ken Goldman-2
On 10/26/2017 3:33 AM, Michael Ströder wrote:
> Michael Richardson wrote:
>>
>> Jakob Bohm <[hidden email]> wrote:
>>
>> wow, further evidence that everything needs an upgrade path.
>
>  From the viewpoint of hardware vendors the upgrade path is selling new
> hardware. It's simply like that. Not very sustainable...

All the TPMs I know of have the ability to do a "field upgrade".  They
can accept vendor signed firmware updates.  In fact, the newer ones can
switch between TPM 1.2 and the new TPM 2.0 API.

No need to touch the hardware.



--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: OpenSSL engine and TPM usage.

Michael Wojcik
In reply to this post by Michael Richardson
> From: openssl-users [mailto:[hidden email]] On Behalf
> Of Michael Richardson
> Sent: Wednesday, October 25, 2017 18:37
>
> Jakob Bohm <[hidden email]> wrote:
>
>     > Please beware that many TPM chips were recently discovered to contain a
>     > broken RSA key generation algorithm, so public/private key pairs keys
>     > to be stored in the TPM should probably be generated off-chip (using
>     > the OpenSSL software key generator) and imported into the chip,
>     > contrary to what would have been best security practice without this
>     > firmware bug.
>
> wow, further evidence that everything needs an upgrade path.

Specifically, it's devices using Infineon chips. AIUI, that includes most TPMs and many HSMs, but not, for example, the NitroKey HSM.

The researchers who documented the problem, which they've named ROCA, have a site for it:
https://crocs.fi.muni.cz/public/papers/rsa_ccs17

They aren't describing the exact nature of the issue yet (at least the last I checked), but it has something to do with the RSA primes having a structure that lets attackers greatly speed factoring. I can imagine a number of optimizations if you know enough about the structure of the primes.

They've provided a Python program that can identify problematic keys with high probability, and it's available as a web service, etc. The program doesn't reveal what the mystery structural issues are; it seems to be a Bloom filter that's been trained to identify vulnerable keys (which is pretty interesting in itself).

All that's just based on a pretty cursory look, though, so I may be wrong.

Michael Wojcik
Distinguished Engineer, Micro Focus


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users