[Bug 1983160] Re: Starting a salted session fails when using an RSA key in FIPS mode

Ivan Kapelyukhin 1983160 at bugs.launchpad.net
Fri Sep 2 09:37:36 UTC 2022 

@racb, /usr/local does apply: libtpm2-pkcs11 package is available only
for Jammy. On Focal users are building it from source. The bug was fixed
in libtss2-esys0, it's being installed from the package.

Here's the revised test plan:

1. Create an instance with vTPM:

gcloud compute instances create ivan-test \
--machine-type "n2d-standard-2" \
--zone "europe-west1-d" \
--maintenance-policy=TERMINATE \
--image-project=ubuntu-os-pro-cloud \
--image-family=ubuntu-pro-2004-lts \
--service-account GCE_SERVICE_ACCOUNT \
--shielded-integrity-monitoring \
--shielded-secure-boot

2. [Optionally, depending on what we are testing] Enable FIPS:

sudo ua auto-attach
sudo ua enable fips
sudo reboot

3. Build `tpm2-pkcs11` from source:

sudo apt-get update
sudo apt install -y \
    build-essential git \
    autoconf automake doxygen libtool \
    libcurl4-openssl-dev libdbus-1-dev libgcrypt-dev \
    libglib2.0-dev libjson-c-dev libsqlite3-dev libssl-dev \
    python3-cryptography python3-pyasn1-modules python3-yaml \
    uuid-dev libyaml-dev tpm2-tools libtss2-dev

mkdir -p ~/src
cd ~/src

wget https://github.com/autoconf-archive/autoconf-archive/archive/v2019.01.06.tar.gz
wget https://github.com/tpm2-software/tpm2-pkcs11/releases/download/1.7.0/tpm2-pkcs11-1.7.0.tar.gz

tar xf v2019.01.06.tar.gz
tar xf tpm2-pkcs11-1.7.0.tar.gz

cd ~/src/tpm2-pkcs11-1.7.0/tools
sudo python3 setup.py install

cp -R ~/src/autoconf-archive-2019.01.06/m4 ~/src/tpm2-pkcs11-1.7.0/
cd ~/src/tpm2-pkcs11-1.7.0/
./configure
make "-j$(nproc)"
sudo make install

4. Setup the SSH key with `libtpm2_pkcs11`:

sudo usermod -a -G tss $USER
exec sudo su -l $USER
tpm2_ptool init
tpm2_ptool addtoken --pid=1 --label=ssh --userpin=MySecretPassword --sopin=MyRecoveryPassword
tpm2_ptool addkey --label=ssh --userpin=MySecretPassword --algorithm=rsa2048
ssh-keygen -D /usr/local/lib/libtpm2_pkcs11.so 2>/dev/null | sudo tee -a /root/.ssh/authorized_keys

5. Try to use it:

ssh -I /usr/local/lib/libtpm2_pkcs11.so root at localhost

6. Enable proposed repos:

sudo tee "/etc/apt/sources.list.d/proposed.list" <<EOF
deb http://archive.ubuntu.com/ubuntu focal-proposed main restricted universe
EOF

sudo apt-get update
sudo apt-get install libtss2-esys0

7. Try to use the SSH key again:

ssh -I /usr/local/lib/libtpm2_pkcs11.so root at localhost

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to tpm2-tss in Ubuntu.
https://bugs.launchpad.net/bugs/1983160

Title:
  Starting a salted session fails when using an RSA key in FIPS mode

Status in tpm2-tss package in Ubuntu:
  Fix Released
Status in tpm2-tss source package in Focal:
  Fix Committed
Status in tpm2-tss source package in Jammy:
  Fix Released

Bug description:
  When configuring SSH to use a TPM protected key for authentication
  using tpm2-pkcs11 following the steps documented in
  https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/SSH.md,
  it fails when trying to login on a system that is running in FIPS
  mode, with the following error message:

  WARNING:esys:src/tss2-esys/api/Esys_StartAuthSession.c:383:Esys_StartAuthSession_Finish() Received TPM Error
  ERROR:esys:src/tss2-esys/api/Esys_StartAuthSession.c:136:Esys_StartAuthSession() Esys Finish ErrorCode (0x000002c4)
  ERROR: Esys_StartAuthSession: tpm:parameter(2):value is out of range or is not correct for the context
  ERROR: Could not start Auth Session with the TPM.
  ERROR: Error unsealing wrapping key
  C_Login failed: 5
  login failed
  pkcs11_get_key failed
  sign_and_send_pubkey: signing failed for RSA "": error in libcrypto

  Parameter 2 in this case is the encrypted salt supplied to the
  TPM2_StartAuthSession command. tpm2-pkcs11 is creating a session that
  is salted with a value which is encrypted with the public part of a
  TPM protected RSA key before being sent to the TPM.

  This encryption happens in iesys_cryptossl_pk_encrypt which has a bug
  in the version in focal that was fixed accidentally in
  https://github.com/tpm2-software/tpm2-tss/commit/362fda1daa398da2944e76013c215500761d46a5.

  In focal, iesys_cryptossl_pk_encrypt generates a RSA key using openssl
  and then overwrites the public modulus with the one associated with
  the TPM key. This fails when running a FIPS certified version of
  openssl in FIPS mode because openssl performs a test on the generated
  key, which results in the Montgomery value associated with the
  generated public modulus being cached. The cached value isn't updated
  when the public modulus is changed, and the incorrect value is used in
  the subsequent encryption operation.

  [Impact]
  It's not possible to use tpm2-pkcs11 on a system that is running in FIPS mode with the version of tpm2-tss in focal.

  This is fixed by partially backporting
  https://github.com/tpm2-software/tpm2-tss/commit/362fda1daa398da2944e76013c215500761d46a5
  so that iesys_cryptossl_pk_encrypt does not perform an unnecessary key
  generation.

  [Test plan]

  [racb: pending amendment - see comment 3 below]

  Follow the instructions detailed in
  https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/SSH.md
  and verify that it is possible to login to localhost with the TPM
  protected key. Or is the tiny reproducer meanwhile:

  ```
  # Add the key

  ```
  sudo usermod -a -G tss $USER
  tpm2_ptool init
  tpm2_ptool addtoken --pid=1 --label=ssh --userpin=MySecretPassword --sopin=MyRecoveryPassword
  tpm2_ptool addkey --label=ssh --userpin=MySecretPassword --algorithm=rsa2048
  ```

  # List the public SSH keys

  ```
  ssh-keygen -D /usr/local/lib/libtpm2_pkcs11.so 2>/dev/null
  ```

  Those warnings/errors are displayed, but can be ignored from what I
  can understand (see
  https://github.com/tpm2-software/tpm2-pkcs11/issues/655):

  ```
  WARNING:fapi:src/tss2-fapi/api/Fapi_List.c:226:Fapi_List_Finish() Profile of path not provisioned: /HS/SRK
  ERROR:fapi:src/tss2-fapi/api/Fapi_List.c:81:Fapi_List() ErrorCode (0x00060034) Entities_List
  ERROR: Listing FAPI token objects failed.
  ```

  # Add the SSH key authorized_keys

  Add this key to root's authorized keys:

  ```
  ssh-keygen -D /usr/local/lib/libtpm2_pkcs11.so 2>/dev/null | sudo tee -a /root/.ssh/authorized_keys
  ```

  # SSH as root

  Pin is `MySecretPassword`:

  ```
  ssh -I /usr/local/lib/libtpm2_pkcs11.so root at localhost
  ```

  Observe the error.
  ```

  [Regression potential]
  This is minimal - iesys_cryptossl_pk_encrypt is implemented this way already in releases after focal. It's also only used by StartAuthSession when called with a TPM key, which isn't that usual.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tpm2-tss/+bug/1983160/+subscriptions

More information about the foundations-bugs mailing list