Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TPM sniffing attacks and session encryption #259

Open
zaolin opened this issue Jul 30, 2021 · 1 comment
Open

TPM sniffing attacks and session encryption #259

zaolin opened this issue Jul 30, 2021 · 1 comment
Assignees
@josephlr @chrisfenner
Labels
enhancement

Comments

@zaolin
Copy link
Collaborator

zaolin commented Jul 30, 2021
edited

Hey people,

I think we should look into session encryption based on ECDH in order to mitigate TPM 2.0 sniffing attacks.
I think go-tpm has no real mutual auth session encryption yet.

https://twitter.com/XMPPwocky/status/1420527243172868097

Any thoughts about it?
@chrisfenner
Copy link
Member

I'd sure love to see this added to go-tpm. The easiest way I can think of to do this is to create an io.Writer that wraps the TPM you get back from OpenTPM with a salted encryption session set up against the EKpub. Unfortunately, I don't have cycles to do this anytime soon.

@josephlr and I have some tentative plans to use Microsoft's TSSCodeGen tools to generate a complete Go TSS, with support for all of these types of features more natively, so you can just add a session to do whatever you want.

@chrisfenner chrisfenner mentioned this issue Dec 15, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@josephlr josephlr

@chrisfenner chrisfenner

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zaolin @josephlr @chrisfenner