AWS NitroTPM: Able to create keys, but cannot use them tpm:parameter(2):value is out of range or is not correct for the context
RS-Credentive opened this issue · 14 comments
Hello, I am attempting to use a NitroTPM for private key protection, leveraging tpm2-tss -> tpm2-pkcs11 -> openssl.
I am able to create a key, but I am unable to use the key due to an authentication error. I suspect that there is a bug in the NitroTPM software (NitroTPM is a TPM emulator backed by the Nitro cryto accelerator), but would like to prove that before approaching Amazon if possible.
I am receiving the following error when trying to access the generated key on the TPM:
ERROR: Esys_StartAuthSession: tpm:parameter(2):value is out of range or is not correct for the context
Here are the versions of the pkgs installed (RHEL 8.9)
$ dnf list installed | grep openssl
openssl.x86_64 1:1.1.1k-12.el8_9
openssl-libs.i686 1:1.1.1k-12.el8_9
openssl-libs.x86_64 1:1.1.1k-12.el8_9
openssl-pkcs11.i686 0.4.10-3.el8
openssl-pkcs11.x86_64 0.4.10-3.el8
$ dnf list installed | grep tss
tpm2-tss.x86_64 2.3.2-5.el8
tss2.x86_64 1:1.6.0-1.el8
$ dnf list installed | grep tpm2
tpm2-pkcs11.x86_64 1.6.0-1.el8
tpm2-pkcs11-tools.x86_64 1.6.0-1.el8
tpm2-tools.x86_64 4.1.1-5.el8
tpm2-tss.x86_64 2.3.2-5.el8
I am able to create the key normally with the following commands:
tpm2_ptool init --primary-auth=mypobjpin
tpm2_ptool addtoken --pid=1 --sopin=mysopin --userpin=myuserpin --label=label
tpm2_ptool addkey --algorithm=rsa2048 --label="label" --key-label="rsa" --userpin=myuserpin
tpm2_ptool addkey --algorithm=rsa2048 --label="label" --userpin=myuserpin --attr-always-authenticate
The following command fails:
openssl req -new -x509 -days 365 -subj '/CN=my key/' -sha256 -engine pkcs11 -keyform engine -key slot_1-label_rsa -out "cert.rsa" -config ossl.cnf
I receive the following error:
WARNING:esys:src/tss2-esys/api/Esys_TestParms.c:269:Esys_TestParms_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_TestParms.c:95:Esys_TestParms() Esys Finish ErrorCode (0x000001c4)
WARNING:esys:src/tss2-esys/api/Esys_StartAuthSession.c:390:Esys_StartAuthSession_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_StartAuthSession.c:136:Esys_StartAuthSession() Esys Finish ErrorCode (0x000002c4)
ERROR: Esys_StartAuthSession: tpm:parameter(2):value is out of range or is not correct for the context
ERROR: Could not start Auth Session with the TPM.
ERROR: Error unsealing wrapping key
Login failed
Login to token failed, returning NULL...
PKCS11_get_private_key returned NULL
cannot load Private Key from engine
140398189541184:error:82074005:PKCS#11 module:pkcs11_login:General Error:p11_slot.c:240:
140398189541184:error:26096080:engine routines:ENGINE_load_private_key:failed loading private key:crypto/engine/eng_pkey.c:78:
unable to load Private Key
This same sequence of commands works with a TPM simulator using the same versions of the library, but on a different machine.
Looking at this issue on tpm2-pkcs11, @williamcroberts recommends running these commands to determine whether the TPM is the issue, or whether there is an openssl issue.
tpm2_createprimary -c primary.ctx
tpm2_startauthsession -c primary.ctx --policy-session -S session.ctx
These commands fail with the same error -
ERROR: Esys_StartAuthSession: tpm:parameter(2):value is out of range or is not correct for the context.
Are there any other tests I can run that would allow me to determine whether this is a TPM bug? I have turned on DEBUG logging and will post the results in a comment, since this is already way to long :)
EDIT: The issue I am trying to highlight below is that the request appears correct to me. The second parameter is supposed to be a TPM2B_ENCRYPTED_SECRET and it is. Of course, I don't know how to decrypt it, so I'm not sure if the contents are incorrect, but the request appears to be formatted correctly, and so I'm not sure why I am receiving an error, except that there's a bug in the implementation. /EDIT
This is the response to the command openssl req -new -x509 -days 365 -subj '/CN=my key/' -sha256 -engine pkcs11 -keyform engine -key slot_1-label_rsa -out "cert.rsa" -config ossl.cnf
The full output of the command is attached to this comment - the specific parts with the error are below
Command:
8001 TPM_ST_NO_SESSIONS(tag)
0000013f UINT32(size) 319
00000176 TPM_CC_StartAuthSession
81000001 TPMI_DH_OBJECT key handle
81000001 TPMI_DH_ENTITY (persistent key handle)
TPM2B_NONCE(TPM2B_DIGEST)
0020 Size (UINT16) 32 bytes
5f 1b e9 a2 84 7c 57 ba
42 25 56 2d f7 1a 28 34
8c 12 de 23 25 d3 56 df
e4 72 45 04 4b 13 bb 98 (DIGEST – 32 bytes)
TPM2B_ENCRYPTED_SECRET
0100 Size (UINT16) 256 bytes
47 59 dc 7f 33 c1 e4 bb 10 5c d8 64 18 e1 01 00 (16)
a6 bb a6 cd 85 e7 e5 37 45 fc 74 dd dc ad 92 f1 (32)
f4 82 b9 03 e6 2f e8 bf 38 b1 16 a8 d8 14 2f 9c (48)
83 41 9e c7 99 bd 33 5b 32 4a 3a 30 80 0a 38 7e (64)
29 72 54 d4 5d bb 15 81 d4 6c 9d 6d af a3 3e 17 (80)
69 a8 c4 06 b0 d3 71 2b 7c 44 56 b9 80 83 d8 19 (96)
8d 9a 75 6a f4 2c 7c f9 74 98 a9 21 42 f9 be 45 (112)
31 90 76 86 d6 59 95 54 bd 0b 9f 6e db e4 b1 25 (128)
61 c9 c8 26 f9 2e c8 ff 9b 64 2e fc 05 21 ce 3e (144)
e9 19 64 a3 da 84 4d 25 72 44 1e 25 9c 33 6c 04 (160)
25 24 95 c9 87 1a c0 76 55 ef 72 13 e8 15 57 de (176)
f7 2b c5 fa de 19 0a 79 1a 59 a5 e8 70 96 80 62 (192)
33 a9 a7 24 a1 e3 09 36 1f c3 4b d6 04 57 d0 6c (208)
d7 15 cd c9 8b be 35 55 57 b9 3e e0 b7 d2 a6 43 (224)
58 21 c6 3b 27 a2 67 7f d8 6a e5 08 9f 9b b4 26 (240)
83 4a 65 88 c7 f3 25 65 01 60 19 a6 ec a6 f0 10 (256)
00 TPM_SE (TPM_SE_HMAC)
TPMT_SYM_DEF
0006 TPM_ALG_AES
0080 TPMU_SYM_KEY_BITS (128)
0043 TPMU_SYM_MODE (TPM_ALG_CFB)
000b TPMI_ALG_HASH (TPM_ALG_SHA256)
Response:
8001 TPM_ST_NO_SESSIONS (tag)
0000 000a (Size) 10
000002c4 RESPONSE_CODE
Low-order 12 bits
2 c 4
0010 1100 0100
NNNN FPEE EEEE
N – (2)
F – format (1)
P (1)
E – Error (0x004)
Command output:
debug:tcti:src/tss2-tcti/tcti-device.c:114:tcti_device_transmit() sending 319 byte command buffer: (size=319):
80010000013f0000
0176810000018100
000100205ac9d2d2
9c22a8cbd644cdc7
7f192fba8dab3a9e
e0caebbe0eab2a5f
ec747b4d01003e8e
d44428126fa64c41
2e85a4572dd98929
c04b6e0fde4f7607
6ecef3f62b7a41a3
dc26cea448e46d43
cfb3ef15fe559cb3
2ed98531dbaa7dfd
bb2dda8b39a4ed55
ae03a9b8748dffc8
703678fec55b0c28
977ef22bd209b92c
8b9925afc6ced529
ba25c695656419e3
64a555899cb29a6e
443ab852463ade03
de7b34d813737b9c
6bceb67e38ce5c50
c11f4ae29c24c333
87f6451f38bcf48a
e50c761dbb2eb6ef
6b65d69852c2797f
9d83905cac1da6a5
3871b75d52347a8c
7cee112ec637e7a9
070019a06578c77f
cde31747f665ed3c
05f999cf0067052f
007970bf3b974b1c
52620f3f4575fc47
141784782997bb64
e13aa9f4a1a5350c
52e506f1ca420000
0600800043000b
debug:tcti:src/util/io.c:89:write_all() writing 319 bytes starting at 0x560e8c748e40 to fd 4
debug:tcti:src/util/io.c:100:write_all() wrote 319 bytes to fd 4
debug:tcti:src/tss2-tcti/tcti-device.c:297:tcti_device_receive() Response Received (size=10):
80010000000a0000
02c4
tpm2_createprimary -c primary.ctx
tpm2_startauthsession -c primary.ctx --policy-session -S session.ctx
These commands, where you got an error, worked with tss 2.3.2 and tools 4.1 with an AMD firmware TPM and an also with an Infineon TPM without problems. Maybe tpm2_getcap algorithms
will give an idea what's the difference is between swtpm and NitroTPM.
@JuergenReppSIT Comparing the output from the two TPMs, I see two differences:
- the NitroTPM supports some additional algorithms (which I assume I can ignore),
- the algorithm attribute response (TPMA_ALGORITHM) of ECDSA is different - on the SWTPM, the METHOD bit is set, but on NitroTPM it is not.
I'm not sure if that explains anything related to my problem. It looks like the only algorithms in use in that exchange are AES128 and SHA256, so I assume ECDSA differences are not relevant. Please let me know if I am mistaken.
I will continue investigating, but please let me know if this is relevant to the issue I am seeing.
@RS-Credentive yes I agree these differences should not have an impact.
You have edited the tcti trace. One hint: you can analyse the tcti output on: https://joholl.github.io/tpmstream-web/
Just copy the tcti transmit or receive data to the web page.
One question: do the following commands also produce an errror:
tpm2_createprimary -G ecc -c primary.ctx
tpm2_startauthsession -c primary.ctx --policy-session -S session.ctx
@JuergenReppSIT, thanks so much for the link. That is going to save me so much time!
I'm glad I parsed it by hand the first time, because I learned a lot, but that doesn't mean I want to do it that way every time! 😅
tpm2_createprimary -G ecc -c primary.ctx
tpm2_startauthsession -c primary.ctx --policy-session -S session.ctx
These commands do not produce an error on NitroTPM
I am trying to see if I can get ECC working in tpm_pkcs11 on the NitroTPM
The OpenSSL command that failed before with RSA appears to still fail with ECC. The same error is returned:
ERROR: Esys_StartAuthSession: tpm:parameter(2):value is out of range or is not correct for the context.
In the tcti trace you did analyse the handle 0x81000001 was used for the tpmkey and the bindkey. Is this handle still used and does it correspond to an ecc key. You can check it with:
tpm2_readpublic -c 0x81000001
I am grabbing the debug info for the latest openssl command, I will see if there's anything obvious there.
0x81000001 refers to an RSA key, according to tpm2_readpublic. Let me step back and see if I can use ECC keys instead of RSA for the pkcs11 emulation layer. If ECC is working, that might allow my project to move forward while I follow up with Amazon. This is a good suggestion - thank you!
@JuergenReppSIT, it appears to work perfectly when using ECC keys. I plan to open a ticket with Amazon regarding the issue, because the behavior with RSA keys is clearly an error, but I wanted to thank you for suggesting ECC as a workaround. I am closing the ticket and I hope anyone else with this issue on AWS finds this discussion useful.
@RS-Credentive Thank you for testing TSS with NitroTPM. It would be nice if you could tell us what Amazon has to say about it.
@JuergenReppSIT I finished a call with Amazon - it appears that the TPM works on other RHEL instances in AWS, so it's some issue in our kernels or libraries. We have enabled FIPS mode during installation, so I wonder whether that could be one of the issues. More testing is required. Have you all seen any issues with RHEL 8.9 in FIPS mode? It disables some algorithms, so that could be an issue.
. Have you all seen any issues with RHEL 8.9 in FIPS mode? It disables some algorithms, so that could be an issue.
@RS-Credentive no I have not seen any issues related to this topic.