<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7652.24">
<TITLE>RE: [PATCH] enhanced smartcard support</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<BR>
<P><TT><FONT SIZE=2>Hi,<BR>
<BR>
David is right, a third way to use the TPM for certification is to generate "normal" RSA keys and sign the public key as always. My ways make use of the full certificate infrastructure provides and allow to have a certification process, that does not need user intervention (well beside typing some password). Davids idea includes identifying the user at the CA as always (using the ID card or something less secure for less secure certificates). My idea was to do everything without the user since many users are not able to request their own certificate, but I did not want to have less security. That's why I use the TPM identities which identify the TPM and allow to request secure certificate without user intervention. A detailed description can be found here: <A HREF="http://diuf.unifr.ch/people/latzec/SoftCOM07.pdf">http://diuf.unifr.ch/people/latzec/SoftCOM07.pdf</A><BR>
<BR>
I think, all those three ways are possible and suitable for their applications.<BR>
<BR>
Regards<BR>
Carolin<BR>
<BR>
-----Original Message-----<BR>
From: hostap-bounces@lists.shmoo.com on behalf of David Smith<BR>
Sent: Fri 23.05.2008 21:32<BR>
To: hostap@lists.shmoo.com<BR>
Subject: Re: [PATCH] enhanced smartcard support<BR>
<BR>
OK, I'll try to provide a bit of a howto and answer a few things that<BR>
are kind of strange at first.<BR>
<BR>
Jouni Malinen <j@w1.fi> writes:<BR>
<BR>
> On Fri, May 23, 2008 at 11:47:28AM +0300, Jouni Malinen wrote:<BR>
><BR>
>> My ThinkPad T43 should have TPM, but getting it working was not exactly<BR>
>> trivial and I don't know whether the security chip is now more or less<BR>
>> completely locked or what it is doing since it does not likely any<BR>
>> passwords/PINs..<BR>
><BR>
> I finally found a way to clear the security chip state through BIOS<BR>
> (after some odd magic to get the BIOS setup to show the option for doing<BR>
> this) and I tried again.<BR>
<BR>
In order to get the BIOS to show the 'clear the TPM chip option' in the<BR>
Security settings, you need to do a cold powerdown and then enter the<BR>
BIOS on the first boot. A regular reboot will not suffice. This is<BR>
because it is written in the TCG specification for the PC platform, in a<BR>
normal computer doing a cold power-off and power-on is the only way to<BR>
assert physical presence, and physical presence is required to clear the<BR>
chip. If you think about it a bit, this makes sense, e.g. if the machine<BR>
was on something like a cyclades hydra that allowed accessing the BIOS<BR>
remotely after a normal reboot. Though, it is of course not perfect,<BR>
because again the cyclades hydra case, some models allow you to control<BR>
the power strip the machine is using and force a cold power-cycle<BR>
operation remotely. But, in most cases, a cold power-cycle is a<BR>
reasonably good approximation of physical access to the machine, and you<BR>
want to make sure the TPM does not get reset without you physically<BR>
doing it. In other words, it is completely impossible to clear the TPM<BR>
chip after you boot your operating system, no matter what operating it<BR>
is, because the last thing the BIOS does before starting the boot-loader<BR>
in a TPM-based system is disable the assertion of physical presence.<BR>
<BR>
> This time, I just used a simple password/pin for every possible<BR>
> location to avoid any possible issue and tpm_takeownership and<BR>
> tpmtoken_init were able to complete their tasks.<BR>
<BR>
OK, but in order to use the TPM chip as a smart card, you must set the<BR>
SRK password for tpm_takeownership to nothing, just hit enter at the<BR>
password prompts for the SRK password. Set your owner password to<BR>
whatever you like. You have to run tpm_takeownership once and *only*<BR>
once after clearing your TPM chip in the BIOS but you can, after that,<BR>
clear the token created on the thip as many times as you like from<BR>
software. The token, as created with tpmtoken_init, is a<BR>
software-emulated smartcard that is backed by a private key that lives<BR>
inside the TPM. All of the keys used with that smartcard are wrapped<BR>
with the private key inside of the TPM. Since they are wrapped<BR>
(i.e. encrypted) with a private key that you can't get access to, they<BR>
are safe to store on disk and in fact this is how it is done, in a<BR>
relatively simple binary database in /var/lib/opencryptoki/tpm.<BR>
<BR>
Regarding tpmtoken_init, I've only used it briefly and found it limiting<BR>
in functionality and unreliable, though I've yet to find a really good<BR>
generic pkcs11 swiss-army-chainsaw and intend to make one ... one of<BR>
these days. Instead, I use pkcs11-tool from the OpenSC package and<BR>
pkcsconf from the openCryptoki package together. Note that tpmtoken_init<BR>
comes from the tpm-tools package, a part of the trousers suite.<BR>
<BR>
Below is a shell fragment that is based on a program I use for<BR>
initializing the TPM chip. I've taken out a few bits of user-interface<BR>
and integration with my CA environment for attaining a signed<BR>
certificate from a CSR and just left the basics of the TPM<BR>
initialization, assuming you have a certificate and private key ready to<BR>
be imported. Specify the certificate and private key at the top of the<BR>
script. I don't suggest running the script without reading it completely<BR>
first.<BR>
<BR>
<BR>
#!/bin/sh<BR>
cert=/path/to/your/certificate.der<BR>
# CERTIFICATE MUST BE IN DER FORMAT, convert before running this script<BR>
privkey=/path/to/your/private.key.der<BR>
# PRIVATE KEY MUST BE IN DER FORMAT, convert before running this script.<BR>
cat <<EOF<BR>
<BR>
You will be prompted for two passwords, one called the owner<BR>
password and the next called the SRK password.<BR>
<BR>
For the owner password, use whatever you like. This password is<BR>
yours for controlling the TPM chip.<BR>
<BR>
For the SRK password, please hit enter twice. This password<BR>
must be empty in order for software to make use of the TPM<BR>
chip.<BR>
EOF<BR>
sudo tpm_takeownership<BR>
<BR>
label="IBM PKCS#11 TPM Token"<BR>
module="--module /usr/lib/opencryptoki/libopencryptoki.so.0"<BR>
<BR>
echo "Showing slot information"<BR>
sudo pkcs11-tool $module --list-slots<BR>
<BR>
echo "You should see a TPM token listed as a possible slot above."<BR>
echo "Continuing..."<BR>
echo "Initializing token"<BR>
sudo pkcs11-tool $module --init-token --label $label --so-pin 87654321<BR>
<BR>
echo "Setting SO PIN to 111111"<BR>
sudo pkcsconf -c 0 -P -S 87654321 -n 111111<BR>
<BR>
echo "Setting User PIN to 000000"<BR>
sudo pkcsconf -c 0 -p -U 12345678 -n 000000<BR>
<BR>
auth="--pin 000000 --so-pin 111111"<BR>
echo "Installing certificate object"<BR>
sudo pkcs11-tool $module $auth --write-object $cert --type cert --id 1 --label "certificate" --attr-from $cert<BR>
<BR>
echo "Installing key object"<BR>
sudo pkcs11-tool $module $auth --write-object $key --type privkey --id 1 --label "priate key" --attr-from $cert<BR>
<BR>
echo "Showing object information"<BR>
sudo pkcs11-tool $module $auth --list-objects<BR>
<BR>
echo "You should see a ceritifcate and private key listed as installed in the smartcard"<BR>
<BR>
><BR>
> For the first test, I just imported couple of certificates and a private<BR>
> key to the TPM token with pkcs11-tool. This does not sound like the best<BR>
> way of using TPM since I would prefer not to see the private key ever<BR>
> exit the security chip, but for the time being, importing existing keys<BR>
> seemed simpler. Should probably try to generate a certificate request<BR>
> with TPM engine to avoid the private key being exposed.<BR>
<BR>
Certificates are by definition public information so they can be<BR>
exported again after importing with pkcs11-tool, but private keys<BR>
cannot. Only the object information can be attained, but assuming RSA<BR>
keys which is almost always the case, the modulii, exponents, or bases<BR>
of the keys can not be recovered nor can any other actual private<BR>
information. For added security, before importing with pkcs11-tool,<BR>
create the certificate request, get it signed, and run pkcs11-tool on it<BR>
all from a ramfs and add traps to delete the files from the ramfs and<BR>
unmount it as traps in the shell script.<BR>
<BR>
> I tried configuring the private key, user certificate, and CA<BR>
> certificate from the OpenSSL engine and that seemed to work and I was<BR>
> able to complete EAP-TLS authentication successfully.<BR>
<BR>
That's very encouraging.<BR>
<BR>
> For some reason, this is painfully slow and I needed to increase the<BR>
> authentication timeout in eapol_test from the default 30 to couple of<BR>
> minutes to avoid timeouts.. I don't understand why it would need that<BR>
> much time, but well, it did. Anyway, at least the mechanism of<BR>
> fetching certificates from tpm/pkcs11 token seemed to work fine.<BR>
<BR>
I have not seen that behavior and, for now, doubt it is due to the TPM<BR>
chip, because someone else was complaining about a very similar issue<BR>
with a different model smartcard being used with OpenSC and an earlier<BR>
version of wpa_supplicant. Additionally, I don't, for now, see a<BR>
connection between that kind of behavior and the functionality added by<BR>
this latest patch, which should only be for exporting certificates out<BR>
of the smartcard and serving them from memory when requested by the<BR>
authenticator. [/me searches his mail...] Ah, David Mattes, he even<BR>
offered me one of his smartcards to test with to debug this<BR>
problem. Unfortunately, I haven't found the time yet to invest in taking<BR>
him up on the offer. I've added him to the CC on this mail and hopefully<BR>
he can shed some light on this issue.<BR>
<BR>
Cheers,<BR>
dds<BR>
<BR>
<#secure method=pgpmime mode=sign><BR>
_______________________________________________<BR>
HostAP mailing list<BR>
HostAP@lists.shmoo.com<BR>
<A HREF="http://lists.shmoo.com/mailman/listinfo/hostap">http://lists.shmoo.com/mailman/listinfo/hostap</A><BR>
<BR>
</FONT></TT>
</P>
</BODY>
</HTML>