This repository has been archived by the owner on Feb 3, 2022. It is now read-only.
forked from globalsign/est
/
make_cred.go
418 lines (343 loc) · 13 KB
/
make_cred.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
/*
Copyright (c) 2020 GMO GlobalSign, Inc.
Licensed under the MIT License (the "License"); you may not use this file except
in compliance with the License. You may obtain a copy of the License at
https://opensource.org/licenses/MIT
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package tpm
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/ecdsa"
"crypto/hmac"
"crypto/rand"
"crypto/rsa"
"crypto/sha1"
"crypto/sha256"
"crypto/sha512"
"encoding/binary"
"errors"
"fmt"
"hash"
"io"
"github.com/google/go-tpm/tpm2"
"github.com/google/go-tpm/tpmutil"
)
const (
labelIdentity = "IDENTITY"
labelIntegrity = "INTEGRITY"
labelStorage = "STORAGE"
sizeFieldLen = 2
)
// MakeCredential makes a credential for the object with the public area
// akPublic, to be activated by the object with the public area ekPublic.
// The credential blob and the encrypted seed are returned.
func MakeCredential(cred, ekPublic, akPublic []byte) ([]byte, []byte, error) {
// Decode endorsement and attestation key public areas.
ekPub, err := tpm2.DecodePublic(ekPublic)
if err != nil {
return nil, nil, fmt.Errorf("failed to decode endorsement key public area: %w", err)
}
akPub, err := tpm2.DecodePublic(akPublic)
if err != nil {
return nil, nil, fmt.Errorf("failed to decode attestation key public area: %w", err)
}
// Generate seed and EK-encrypted seed.
seed, encSeed, err := generateSeed(ekPub)
if err != nil {
return nil, nil, fmt.Errorf("failed to generate seed: %w", err)
}
// Generate credential blob.
blob, err := generateCredentialBlob(ekPub, akPub, cred, seed)
if err != nil {
return nil, nil, fmt.Errorf("failed to generate credential blob: %w", err)
}
return blob, encSeed, nil
}
// ExtractCredential extracts a credential from a credential blob and encrypted
// seed created by MakeCredential. This function is primarily for testing and
// demonstration purposes, since in practice the private key corresponding to
// the TPM endorsement key public area will not be available.
func ExtractCredential(key interface{}, blob, encSeed, ekPublic, akPublic []byte) ([]byte, error) {
// Decode endorsement and attestation key public areas.
ekPub, err := tpm2.DecodePublic(ekPublic)
if err != nil {
return nil, fmt.Errorf("failed to decode endorsement key public area: %w", err)
}
akPub, err := tpm2.DecodePublic(akPublic)
if err != nil {
return nil, fmt.Errorf("failed to decode attestation key public area: %w", err)
}
// Decrypt seed.
seed, err := decryptSeed(key, ekPub, encSeed)
if err != nil {
return nil, fmt.Errorf("failed to decrypt seed: %w", err)
}
// Extract credential.
cred, err := decryptCredentialBlob(blob, ekPub, akPub, seed)
if err != nil {
return nil, fmt.Errorf("failed to extract credential: %w", err)
}
return cred, nil
}
// generateSeed generates a seed value and encrypts it using the public key
// in the specified public area per TPM Library specification Section 24.
func generateSeed(ekPub tpm2.Public) ([]byte, []byte, error) {
// Extract the name algorithm from the public area.
newHash, err := nameAlgHashFromPublic(ekPub)
if err != nil {
return nil, nil, fmt.Errorf("failed to determine EK name hash algorithm: %w", err)
}
// Generate a random seed value. Per TPM Library spec Appendix B.10.3, for
// RSA keys the seed size will be the size of a digest produced by the OAEP
// hash algorithm of the endorsement key, and per TPM Library spec Appendix
// C.6.1, for ECC keys the seed size will be the size of a digest produced
// by the name algorithm for the endorsement key. In both cases, this
// equates to the size of the digest of the EK's name algorithm, so we
// generate a random seed of that size.
h := newHash()
seedSize := h.Size()
seed := make([]byte, seedSize)
if n, err := io.ReadFull(rand.Reader, seed); err != nil {
return nil, nil, fmt.Errorf("failed to generate random bytes: %w", err)
} else if n != seedSize {
return nil, nil, fmt.Errorf("generated %d random bytes, expected %d", n, seedSize)
}
// Encrypt the seed according to the type of the EK public key.
pubKey, err := ekPub.Key()
if err != nil {
return nil, nil, fmt.Errorf("failed to extract EK public key: %w", err)
}
var encSeed []byte
switch k := pubKey.(type) {
case *rsa.PublicKey:
// Per TPM Library spec Appendix B.10.4, the seed value will be OAEP
// encrypted to the EK public key using "IDENTITY" as the label
// (including the terminaing null octet per Appendix B.4.)
encSeed, err = rsa.EncryptOAEP(h, rand.Reader, k, seed, append([]byte(labelIdentity), 0))
if err != nil {
return nil, nil, fmt.Errorf("failed to RSA encrypt: %w", err)
}
case *ecdsa.PublicKey:
// Per TPM Library spec Appendix C.6.4, the One-Pass Diffie-Hellman,
// C(1, 1, ECC CDH) method from SP800-56A shall be used.
return nil, nil, errors.New("ECC keys not yet supported for seed encryption")
default:
return nil, nil, fmt.Errorf("unsupported public key type: %T", k)
}
return seed, encSeed, nil
}
// decryptSeed decrypts an encrypted seed created by generateSeed. In practice
// the decryption private key will not be available, so this function is provided
// primarily for testing and verification.
func decryptSeed(key interface{}, ekPub tpm2.Public, encSeed []byte) ([]byte, error) {
// Extract the name algorithm from the public area.
h, err := nameAlgHashFromPublic(ekPub)
if err != nil {
return nil, err
}
// Decrypt the seed based on the type of key. See comments to
// generateSeed.
var got []byte
switch k := key.(type) {
case *rsa.PrivateKey:
got, err = rsa.DecryptOAEP(h(), rand.Reader, k, encSeed, append([]byte(labelIdentity), 0))
if err != nil {
return nil, fmt.Errorf("failed to RSA decrypt: %w", err)
}
case *ecdsa.PrivateKey:
return nil, errors.New("ECC keys not yet supported for seed decryption")
default:
return nil, fmt.Errorf("unsupported public key type: %T", k)
}
return got, nil
}
// generateCredentialBlob generates an encrypted credential and HMAC per
// TPM Library spec Section 24.
func generateCredentialBlob(ekPub, akPub tpm2.Public, cred, seed []byte) ([]byte, error) {
// Compute AK name.
name, err := computeName(akPub)
if err != nil {
return nil, err
}
// Extract the name algorithm from the public area.
newHash, err := nameAlgHashFromPublic(ekPub)
if err != nil {
return nil, fmt.Errorf("failed to determine EK name hash algorithm: %w", err)
}
// Encrypt credential.
encIdentity, err := encryptCredential(ekPub, newHash, cred, seed, name)
if err != nil {
return nil, fmt.Errorf("failed to encrypt credential value: %w", err)
}
// Compute the HMAC key. Per TPM Library spec Section 24.5, the number of
// bytes in the key should be equal to the size of the digest produced
// by the hash algorithm used.
macKey, err := KDFa(newHash, seed, labelIntegrity, nil, newHash().Size())
if err != nil {
return nil, fmt.Errorf("failed to derive integrity key: %w", err)
}
// Compute the HMAC
mac := hmac.New(newHash, macKey)
mac.Write(encIdentity)
mac.Write(name)
macSum := mac.Sum(nil)
// Create and return the credential blob.
return tpmutil.Pack(tpmutil.U16Bytes(macSum), encIdentity)
}
// decryptCredentialBlob verifies the HMAC and decrypts the credential in a
// credential blob.
func decryptCredentialBlob(blob []byte, ekPub, akPub tpm2.Public, seed []byte) ([]byte, error) {
// Compute AK name.
name, err := computeName(akPub)
if err != nil {
return nil, err
}
// Extract the name algorithm from the public area.
newHash, err := nameAlgHashFromPublic(ekPub)
if err != nil {
return nil, fmt.Errorf("failed to determine EK name hash algorithm: %w", err)
}
// Separate HMAC and encrypted identity from credentials blob, first
// ensuring that the blob is large enough to contain at least one 2-octet
// size field.
if len(blob) < 2 {
return nil, errors.New("incorrect size for credential blob")
}
// Decode the leading 2-octet size field of the HMAC and verify that it's
// appropriate for the hash algorithm.
hashSize := newHash().Size()
if gotSize := int(binary.BigEndian.Uint16(blob)); gotSize != hashSize {
return nil, errors.New("incorrect size for credential blob")
}
// Size of the credential blob should be at least the length of the HMAC,
// plus 2 for the HMAC size field, plus another 2 for the (encrypted)
// credential size field, plus 1 for a non-empty credential. Since the
// credential size field is encrypted, we'll have to defer checking it
// until after we've decrypted the credential.
if len(blob) < (hashSize + 5) {
return nil, errors.New("incorrect size for credential blob")
}
gotHMAC := blob[2 : hashSize+2]
encIdentity := blob[hashSize+2:]
// Verify the HMAC.
macKey, err := KDFa(newHash, seed, labelIntegrity, nil, hashSize)
if err != nil {
return nil, fmt.Errorf("failed to derive integrity key: %w", err)
}
mac := hmac.New(newHash, macKey)
mac.Write(encIdentity)
mac.Write(name)
if !bytes.Equal(gotHMAC, mac.Sum(nil)) {
return nil, errors.New("failed to verify HMAC")
}
// Decrypt credential.
cred, err := decryptCredential(encIdentity, ekPub, newHash, seed, name)
if err != nil {
return nil, fmt.Errorf("failed to decrypt credential: %w", err)
}
return cred, nil
}
// encryptCredential encrypts a credential using the appropriate symmetric
// algorithm specified in a public area.
func encryptCredential(pub tpm2.Public, h func() hash.Hash, cred, seed, name []byte) ([]byte, error) {
// Create an appropriate symmetric cipher.
cphr, err := cipherFromPublic(pub, h, seed, name)
if err != nil {
return nil, err
}
// Prepend a 2-octet size field to the credential prior to encryption.
plain, err := tpmutil.Pack(tpmutil.U16Bytes(cred))
if err != nil {
return nil, err
}
// Encrypt and return. Per TPM Library spec Part 1 24.4, the encryption of the
// credential uses the symmetric algorithm specified by the EK in CFB
// mode with a zero IV.
enc := make([]byte, len(plain))
cipher.NewCFBEncrypter(cphr, make([]byte, cphr.BlockSize())).XORKeyStream(enc, plain)
return enc, nil
}
// decryptCredential decrypts a credential using the appropriate symmetric
// algorithm specified in a public area.
func decryptCredential(encIdentity []byte, ekPub tpm2.Public, h func() hash.Hash, seed, name []byte) ([]byte, error) {
// Create an appropriate symmetric cipher.
cphr, err := cipherFromPublic(ekPub, h, seed, name)
if err != nil {
return nil, err
}
// Decrypt. Per TPM Library spec Part 1 24.4, the encryption of the credential
// uses the symmetric algorithm specified by the EK in CFB mode with a
// zero IV.
dec := make([]byte, len(encIdentity))
cipher.NewCFBDecrypter(cphr, make([]byte, cphr.BlockSize())).XORKeyStream(dec, encIdentity)
// Verify leading 2-octet size field, then strip it from the returned
// credential.
if int(binary.BigEndian.Uint16(dec)) != len(encIdentity)-2 {
return nil, errors.New("incorrect size for encIdentity")
}
return dec[2:], nil
}
// cipherFromPublic returns a block cipher appropriate for a given storage key.
func cipherFromPublic(pub tpm2.Public, h func() hash.Hash, seed, name []byte) (cipher.Block, error) {
// Extract symmetric encryption scheme from public area.
var sym *tpm2.SymScheme
switch {
case pub.RSAParameters != nil && pub.RSAParameters.Symmetric != nil:
sym = pub.RSAParameters.Symmetric
case pub.ECCParameters != nil && pub.ECCParameters.Symmetric != nil:
sym = pub.ECCParameters.Symmetric
default:
return nil, fmt.Errorf("failed to identify symmetric algorithm")
}
// Generate symmetric key and create block cipher.
var cphr cipher.Block
switch sym.Alg {
case tpm2.AlgAES:
symKey, err := KDFa(h, seed, labelStorage, name, int(sym.KeyBits/8))
if err != nil {
return nil, fmt.Errorf("failed to derive storage key: %w", err)
}
cphr, err = aes.NewCipher(symKey)
if err != nil {
return nil, fmt.Errorf("couldn't create new AES cipher: %w", err)
}
default:
return nil, fmt.Errorf("unsupported symmetric algorithm: %d", sym.Alg)
}
return cphr, nil
}
// nameAlgHashFromPublic extracts the name algorithm from a public area and
// returns a function to generate a new hash.Hash implementing that algorithm.
func nameAlgHashFromPublic(pub tpm2.Public) (func() hash.Hash, error) {
switch pub.NameAlg {
case tpm2.AlgSHA1:
return sha1.New, nil
case tpm2.AlgSHA256:
return sha256.New, nil
case tpm2.AlgSHA384:
return sha512.New384, nil
case tpm2.AlgSHA512:
return sha512.New, nil
}
return nil, fmt.Errorf("unsupported hash algorithm: %d", pub.NameAlg)
}
// computeName computes and encodes the name of a public area, without the
// leading size field.
func computeName(pub tpm2.Public) ([]byte, error) {
name, err := pub.Name()
if err != nil {
return nil, fmt.Errorf("failed to compute public area name: %w", err)
}
nameBytes, err := name.Encode()
if err != nil {
return nil, fmt.Errorf("failed to encode public area name: %w", err)
}
return nameBytes[sizeFieldLen:], nil
}