-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKCS11 no longer works in newer version #505
Comments
On what platform and on what capacity? It might be already support or not depending what you actually are looking for. E.g. https://github.com/tpm2-software/tpm2-openssl should already work with OpenVPN. |
I used tpm2-pkcs11 in old versions, but it does not work in the new version of OpenVPN. Would it be possible for you to explain step by step how I can use tpm2-openssl in OpenVPN or at least guide me. |
pkcs11 is should be supported in the old and new version. And also say what old and new version are. So if it doesn't work anymore that is a regression. But you need to provide more input here. Give us a log from the old version and the new version, so we can have an idea what is different. As for helping with tmp2-openssl, I never used that myself, so I cannot help there. But OpenSSL providers work in general, so that one should also work. |
I think the problem is not OpenVPN and tpm2-pkcs11 doesn't work with OpenSSL 3. The new version means the version of OpenVPN that has migrated to OpenSSL 3. openvpn --config ./openvpn.config --ca ./connection.crt --pkcs11-providers /usr/lib/x86_64-linux-gnu/libtpm2_pkcs11.so.1 --pkcs11-id "$URL" The question is, what command should I use in OpenVPN to use tpm2-openssl? Or with what command in general how to introduce TPM to OpenVPN? Even without PKCS11. |
As tpm2-openssl can encapsulate the key in a pem file with Here is a minimal example (untested)
PS: |
Thank @schwabe , @selvanair ,
|
Are you using TLS 1.3 ? While 222 bytes looks like a valid salt length (assuming 2048 bit key, sha256 hash, 222 bytes would be result from maximizing the salt length), but TLS 1.3 requires the salt length to be same as digest length. That said, I do not understand how this mismatch could happen unless TPM2 or tpm2-openssl on client-side is misbehaving -- I think OpenSSL on client will indicate appropriate salt length in the signature request -- is TPM ignoring that? Raise this in tpm2-openssl. |
I used
yes, I changed 2048 to 1024 and got the following error:
Any idea how to change 32? It seems very low! |
Googling brings up several reports on Windows about a similar TPM2/TLS1.3 interoperability issue. All due to a conflict between the TPM2 specs and TLS1.3. Old TPM2 standard did require salt length to be maximized, but the standard appears to have been amended[1] to be compliant with FIPS and TLS 1.3. You probably have an old firmware or OS version I tested on my ubuntu 22.04 laptop and it works for me. Both when used through OpenVPN via tpm2-openssl provider, or directly using tpm2_sign, signatures are generated with salt length = digest length. What OS are you using? If firmware/OS updates do not help or not available, your options are
TLS 1.2 also defaults to using RSAPSS though not mandatory unlike TLS 1.3. So you would need to do both the steps mentioned in (ii) above. [1] Annex B, page 264 of of https://trustedcomputinggroup.org/wp-content/uploads/TPM-2.0-1.83-Part-1-Architecture.pdf |
Sorry if this message is a bit offtopic as I found it while doing something else with TPM2 provider. I believe the problem might be related to the issue I reported above (tpm2-software/tpm2-openssl#115) - TPM2 provider seem to be ignoring when you set salt length and will use max length instead. On validation side you can simply use EVP_PKEY_CTX_set_rsa_pss_saltlen with RSA_PSS_SALTLEN_AUTO (or max) for signing that's problematic as I didn't find any way to workaround - it ignores both placeholder and explicit setting of length |
My environment:
@selvanair , thanks for the follow up, EC key worked. |
It should be possible to avoid PSS using
That said, downgrading to TLS 1.2 is not a good option.
Which version of OpenSSL 1? -- I think OpenSSL 1.1.1 should exhibit the same issue. Probably the version combination you were using earlier did not trigger PSS signatures. |
Everything was fine in this environment:
@selvanair , Thank you very much for helping me. |
OpenVPN's |
Does OpenVPN have a plan to support URI like @selvanair and @schwabe |
I'm not sure about this very non-standard and poorly named URI, but, in general, it looks useful to modernize our key/cert options to take URIs like @amin1best If you want to test, I have a draft implementation here. Specify the key as |
Hi,
Is there a plan to support Trusted Platform Module (TPM) in the next release?
Thanks.
The text was updated successfully, but these errors were encountered: