-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Parameter Encryption support #129
Conversation
@dgarske I wanted to make this PR a draft, but I see the option did not apply. Could you please make the change, because I do not have write permission to the wolfTPM repo? https://github.blog/changelog/2020-04-08-convert-pull-request-to-draft/ |
fa84692
to
d85e172
Compare
e856988
to
4267b1e
Compare
@dgarske now that I understand what do to you mean by something is missing here, it makes sense. If the data is not digest size, it would be unaligned and then this would result in improper marshaling(appending), thus the TPM_RC_SENSITVE error that we are now getting would make sense. Let's look at this together, because I really did get stuck with this KDFa issue. |
Pushed my latest changes to the keygen example. There might be something of value for resemblance between the keygen examples with and without parameter encryption #131 |
Opting out from unsalted-unbounded session in favor of salted-bounded session that adds more entropy. This also helps to simplify the KDFa. |
c35fff4
to
49ac89b
Compare
6b7e4ed
to
19d54f6
Compare
@dgarske Hi David, after all the fixes and debugging, this should now be working. There is one enhancement that I need to add in the tpm2.c for handling the different TPM2 commands. For the moment I have only created handling for TPM2_Create and TPM2_Load. Please review, so we can confirm this stage and then I would just add the enhancement. |
Found issue in the handling of authSessions when we have more than the default/minimum required by a command. Pushed DEBUG commit to demonstrate the issue. Will add helper to check the set sessions and provide session count that will be used in all TPM2_{Command} helpers. Once this is solved will check again if the keygen/keyload examples fail, as there could still be an issue with the inner/outer integrity check. |
7f6abff
to
dff540e
Compare
Intermediate status update - Today I added handling of the maximum possible number of TPM sessions. I tried using WOLFTPM2_SESSION and significantly change how auth sessions are handled in wolfTPM, but then I went with this much simpler and cleaner implementation. This solved the issue with not appending the correct number of auth sessions for TPM2_Create and TPM2_Load. And after this fix another auth session issue emerged for parameter encryption. I have been working on solving that new auth session issue and is still ongoing. Additionally, while working on this new issue I noticed that we use dev->session in wolfTPM2_CreateKey and wolfTPM2_LoadKey although everywhere else ctx->authCmd is used. For example, wolfTPM2_CreateKey manipulates dev->session while the later called TPM2_Create uses ctx->authCmd. Probably dev->ctx->authCmd is one way to go about this. |
status update: cause for the RC_BAD_AUTH is that the calculated HMAC over the parameter encryption session differs from what the TPM expects. investigating why the difference occurs, is it the sessionKey/KDFa or later packet marshaling. |
there is something strange happening with the HMAC calculation from the sessionKey on the TPM simulator side. The authValue prepared for the AIK key generation is compared with the HMAC resulting from the sessionKey. |
OK, I think I found the issue. Our implementation does not use TPM2_PolicyAuthValue and does not include the authValue for the sessionKey calculation. But at least one of these is expected from the TPM (simulator) side. So, when there is no PolicyAuthValue set and no authValue used for setting up parameter encryption, the check on TPM side operates under conditions that must not be and results in an error. Ken Goldman helped with pointing out this note in the spec: TCG Spec, Part 1, Chapter 21 Session-based encryption
I have read Chapter 21 from the spec so many times and somehow glimpsed over Note 1 ... |
While working the new issue, I came up with a simpler way of handling the maximum possible TPM sessions. I think that using authSession from active TPM context offloads the TPM2 Command wrappers and minimizes the room for error Therefore, I changed all TPM2 wrappers to be using new way of appending the authSession. Tested using the native_tests , all good for using the new TPM2_Packet_AppendAuthFromContext |
…xamples * Added key generation example with parameter encryption * Fixes and cleanups for KDFa * Added KDFa unit test (passes) * Added AES CFB support * Fix for nonceTPM * Added support for encrypted RSA salt and salted-unbounded session * Removed unsalted-unbounded specific code for authValueKDF from KDFa * Add innerWrap support * Add missing wolfcrypt header for AES CFB * Fixes for casting when calling KDFa for AES CFB parameter encryption * Add outerWrap support Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
…uterWrap Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
Signed-off-by: Dimitar Tomov <dimi@wolfssl.com>
I have tested and found the following issues:
once I solve (3.) I will fix the rest of the native tests |
I pushed my latest changes and all but two native tests should be now working I am investigating issues with (the native tests of) TPM2_LoadExternal and TPM2_ECDH_KeyGen |
Fixed TPM2_LoadExternal and HMAC native tests. I compared the command request of the previously working native tests with the current state and went down the rabbit whole debugging. The storage key auth is set even though it is not needed for TPM2_LoadExternal. Simply disabling the auth session for the TPM2_LoadExternal solved the problem.
|
All native tests fixed, but I noticed this diff when comparing the tests output @dgarske I will take a closer look and let's sync Now
Before
|
I finished testing the parameter encryption examples. They all seem to work flawlessly with just one detail. I noticed that for keyimport the EncSz is 0 and yet param enc is set and our implementation is executed. I digged into the TCG Spec and found that for TPM2_Import the first TPM2B parameter is optional. And we are not using it, therefore our keyimport example does not demonstrate in reality parameter encryption when option '-e' is enabled.
Awesome work @dgarske I am glad you approve changing core design choices of wolfTPM to get param encryption. We also now have the handling for the maximum auth sessions that opens all doors to enhanced authorization! Just awesome 💯 |
…encrypt" or "decrypt" if command doesn't allow it. Updated documentation.
b3d511f
to
4b0b708
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved. Going to assign to @elms for review.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wow, this is a great addition! Couple minor changes. Also, seeing failure on make check
(could be my config).
examples/tls/tls_common.h
Outdated
@@ -60,7 +60,7 @@ | |||
/* force use of a TLS cipher suite */ | |||
#if 0 | |||
#ifndef TLS_CIPHER_SUITE | |||
#define TLS_CIPHER_SUITE "ECDHE-RSA-AES128-SHA256" | |||
#define TLS_CIPHER_SUITE "ECDHE-rsa-AES128-SHA256" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was this intentional?
examples/tls/tls_server.c
Outdated
@@ -319,7 +374,7 @@ int TPM2_TLS_Server(void* userCtx) | |||
|
|||
#if 0 | |||
/* Optionally choose the cipher suite */ | |||
rc = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256"); | |||
rc = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-rsa-AES128-GCM-SHA256"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was this intentional?
rc = TPM2_KDFa(TPM_ALG_SHA256, &keyIn, label, &contextU, &contextV, key, keyIn.size); | ||
AssertIntEQ(sizeof(keyExp), rc); | ||
|
||
AssertIntEQ(XMEMCMP(key, keyExp, sizeof(keyExp)), 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This assert is failing when I run make check
.
./configure --enable-debug=verbose
make && make check
src/tpm2_param_enc.c
Outdated
* 'keyStream' points to the buffer storing the generated session key, and | ||
* 'keyStream' can not be NULL. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
keystream
param was removed
src/tpm2_param_enc.c
Outdated
return BAD_FUNC_ARG; | ||
|
||
if (doOnce != 0 && (sizeInBits & 7) != 0) | ||
if (key == NULL || keyStream == NULL) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Check either, not both
…M Simulator for make check (does not build out of the box on all platforms). Make dist was not including the new tpm2_socket.h.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent work, Dimi and David!
…t. Allow NULL key for the HmacSetKey (for unsalted / unbound).
Testing with
CSR
wrap
|
@elms : On the winapi test of the param enc PR. The wrapper is trying to use TPM2_EvictControl, which is not allowed on winapi... That is an easy fix. For the csr one I would need verbose logs to debug cause (--enable-debug=verbose). |
oops I had used
Works on head of tree although the keyblobs didn't seem compatible, failed integrity check. Is that expected? Maybe an issue with unexpected auth change? |
…h/rpHash calculation). Fix for sessionAttributes when command / response doesn't support it. Fixes for the TLS client / server examples. Added back the useful param enc / hmac debugging enabled with `--enable-debug=verbose`.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added AES CFB parameter support, salted unbound TPM session
getPrimaryStoragekey
to allow persisting if notWOLFTPM_WINAPI
.AES_ENCRYPTION
on SetKey).