Topic: To store a key in NV on windows

Hello,
In order to better handle your lib, I compiled the provided exemples (a great source of inspiration).
But I'm blocking on the key storage in NV.
I this code (https://github.com/wolfSSL/wolfTPM/blob … eys.c#L268) :
I see that the call to wolfTPM2_NVStoreKey is disabled by the define WOLFTPM_WINAPI.
And when I re-enable it, it fails.
I there something I can do ? (I'm forced to re-create my storage key at each execution, which takes a while)

Thanks !
Hadrien

Share

Re: To store a key in NV on windows

Hi Hadrian,

Thank you for your interest in using wolfTPM! I am happy it has inspired you!

For Windows using their TBS interface the NV access is not permitted. I believe this is either because the TPM is started under a locality that does not allow it or the TBS blocks it. The NV storage on TPM's is very limited, which might be the reason.

The TPM is designed to return an encrypted blob on key creation that you can safely store on the disk and when needed load. The key used to encrypt the blob is only known by the TPM. When you load a key you get a transient handle to it, which can be used for signing and even encryption/decryption.

I believe this is documented in the WindowsTBS.md file here:
https://github.com/wolfSSL/wolfTPM/blob … ndowTBS.md

Thanks,
David Garske, wolfSSL

Share

Re: To store a key in NV on windows

Hello dgarske,
thanks for your answer, it gave me back some hope...

So, you say I can store a primary key in such a way only my TPM is able to re-load it.
This is exactly what I need !
It's even better than store it in NV, because it is safe from any kind of reset of the TPM...
(even if I don't know if a TPM may be reset)

But then the question is how to store a fresh primary key:
When I pause the execution just after primary key creation
(here https://github.com/wolfSSL/wolfTPM/blob … rap.c#L829)
I get a huge structure CreatePrimary_Out which looks like that (sorry, it's big!) :

    createPriOut
        objectHandle                        0x80ffffff
        outPublic                          
            size                            0x011a
            publicArea                     
                type                        0x0001
                nameAlg                     0x000b
                objectAttributes            0x00030472
                authPolicy                  {size=0x0000 buffer="" }
                parameters
                    rsaDetail
                        symmetric
                            algorithm       0x0006  
                            keyBits         {aes=0x0080 sym=0x0080 xorr=0x0080 }    
                            mode            {aes=0x0043 sym=0x0043 }    
                        scheme
                            scheme          0x0010  
                            details         {rsassa={hashAlg=0xcccc } rsapss={hashAlg=0xcccc } ...}
                        keyBits             0x0800  
                        exponent            0x00000000 
                unique  
                    rsa
                        size                0x0100  
                        buffer              "ÈŇ^Ì«\x11ÀÅst¼°6f‚Z‡uÁÐ…gÔºÄÐ5tH‘ïJŸ‚\tFÕ!ÖgK§..."
        creationData
            size                            0x0037  
            creationData
                pcrSelect
                    count                   0x00000000 
                    pcrSelections
                        [0]
                            hash            0xcccc  
                            sizeofSelect    0xcc 'Ì'
                            pcrSelect
                                [0]         0xcc 'Ì'
                                [1]         0xcc 'Ì'
                                [2]         0xcc 'Ì'
                        [1]
                            hash            0xcccc  
                            sizeofSelect    0xcc 'Ì'
                            pcrSelect
                                [0]         0xcc 'Ì'
                                [1]         0xcc 'Ì'
                                [2]         0xcc 'Ì'
                pcrDigest                   {size=0x0020 buffer="ã°ÄB˜ü\x1c\x14šûôÈ™o¹$'®Aäd›“L¤•™\x1bxR¸U" }  
                locality                    0x01 '\x1'  
                parentNameAlg               0x0010  
                parentName                  {size=0x0004 name="@" }  
                parentQualifiedName         {size=0x0004 name="@" }  
                outsideInfo                 {size=0x0000 buffer="..." } 
        creationHash                        {size=0x0020 buffer="] AºÀî15®»\fû¤—Æ¡‡®ƒ-ÓÑø÷¨q¸%èT" }  
        creationTicket
            tag                             0x8021  
            hierarchy                       0x40000001  
            digest                          {size=0x0020 buffer="£Ú\nOšBÛÞ\x1d¡\x1a“÷jáÝA«ˆñÈ\x1?:Êÿ¤\x10f5X" }   
        name                                {size=0x0022 name="" }   

What should I store among the whole stuff ?
(I didn't find any API function to export/serialize a primary key into a blob)
Let's assume that I know how to do it, then, how do I re-load it into a primary key ?

Thanks in advance !
Hadrien

PS : by the way, WindowsTBS.md seems almost empty...

Share

Re: To store a key in NV on windows

Hi Hadrien,

For primary keys you get back a handle. There is no encrypted private data returned. That handle will remain loaded until TPM2_FlushContext is called.

For normal key creation using `TPM2_Create` you get back a `TPM2B_PRIVATE outPrivate` which is the encrypted blob that you can store and load anytime using TPM2_Load.

For the key blob storage see this example:
https://github.com/wolfSSL/wolfTPM/blob … gen.c#L273

I've put up a PR with some additions and fixes in WindowsTBS.md here.
https://github.com/wolfSSL/wolfTPM/pull/163

Thanks,
David Garske, wolfSSL

Share

Re: To store a key in NV on windows

Thank you dgarske,
so since my primary key can't be exported as a blob (and save on disk) and can't be saved in NV (because of microsoft :-((), I will have to re-create it at each launch.
9 secs on my PC, I could have been worse...

Share

Re: To store a key in NV on windows

Hi Hadrien,

I can confirm everything that David explained.

The only extra suggestion I could make is to use ECC instead of RSA, because it is faster.

One detail: Although the TPM is not a cryptographic accelerator, all cryptographic operations for a primary key happen inside the TPM. Therefore, it depends on the TPM model/vendor what is the cryptographic performance. Your PC's performance is not to be blamed  wink

Cheers,
Dimi

Dimi Tomov,
wolfSSL Engineer and Founder of TPM.dev

Share