rust-tss-esapi icon indicating copy to clipboard operation
rust-tss-esapi copied to clipboard

Published 20 hours ago verified publisher icon parallaxsecond

Calling MakeCredential without a TPM

Open gaetanww opened this issue 4 years ago • 14 comments

In tpm2-tools, tpm2_makecredential can be called without a TPM. Is there any way to call context.makecredential(...) without initializing a TCTI?

gaetanww avatar Dec 10 '20 10:12 gaetanww

Hi!

That's an interesting idea! The TL;DR is that we don't support this and as far as I can tell, it would be a bit of work to support in the first place.

I had to dig a bit around the specs/implementation of that tpm2_makecredential tool. It seems the TPM2_MakeCredential call (and by extension the ESYS one as well) just perform some convenience cryptographic operations that could be performed off-chip if you have the public part of the sealing key.

This command does not use any TPM secrets nor does it require authorization. It is a convenience function, using the TPM to perform cryptographic calculations that could be done externally.

So in the tool they have code to actually do that, here. I think in this crate's case if we want to do the same thing, we'd do it as an abstraction or maybe a utilty function - not on Context as those are strictly operations done directly involving a TPM.

Actually, come to think of it, this might be better suited for a separate (small) crate - separate folder in this repo - that pulls in only the FFI types and doesn't link with the TSS library, since you don't need to call it, you just need some of the types defined by it.

ionut-arm avatar Dec 10 '20 11:12 ionut-arm

I actually have an implementation of this for myself, which I planned to open source next week. If we want, I can also just try to put it here, but otherwise I can send a link to my code once I published that.

puiterwijk avatar Dec 10 '20 20:12 puiterwijk

Sweet! Is this in Rust?

I'd be more than happy for it to be hosted here, unless you want to upstream it somewhere else - as long as there's an option out there!

ionut-arm avatar Dec 10 '20 20:12 ionut-arm

I have a usecase that could use a non-TPM backed implementation of make_credentials. If you were willing to share @puiterwijk I'd love to try it out.

baloo avatar Feb 27 '21 04:02 baloo

I didn't try it but just recently by a random chance I found this: https://github.com/puiterwijk/tpmless-tpm2-rs/blob/main/src/credentials.rs#L62 :

pub fn make_credential<CVT, KT, ONT>(

From @puiterwijk's crate that's described as "Various TPM 2 related functions without the need of a live TPM".

Hopefully this will be relevant to you, if not sorry for the noise :)

wiktor-k avatar Feb 10 '22 10:02 wiktor-k

There are a couple of problems with that implementation - I was hoping to use it for Parsec testing as well, however:

  • It relies on some openssl stuff that's only available on Red Hat distros, through a fork of the repo (mainly talking about the KDF functions)
  • It doesn't actually implement the "making the credential" part - the function ends in a todo! after deriving the keys, so the actual credential encryption isn't done.

ionut-arm avatar Feb 10 '22 12:02 ionut-arm

:facepalm: I just connected dots that someone was asking about it and didn't read the implementation to the end that it ends with a todo! haha. Too bad that we don't have a Rust implementation (since the one in C from tpm2 would need to be ported just like I did for the Duplicate call).

Okay, it was a noise after all - sorry for the commotion! :bow:

wiktor-k avatar Feb 10 '22 12:02 wiktor-k

No, I think it's good to have an update on that here! I should've actually written something about it back when I was doing my key attestation work :)

I hope I'll have some time to actually implement the "missing" KDF functions in Rust (by reusing some other pure-Rust crypto crates), implement MakeCredential and then publish that for anyone's use, but I don't really have the bandwidth for that right now - maybe in a couple of months!

ionut-arm avatar Feb 10 '22 14:02 ionut-arm

I got the make credentials crypto to work with openssl3 (afaik only openssl3 provides the required kdf methods) and custom patches for openssl-rs here: https://github.com/baloo/reproducibility-lab/blob/main/pkgs/pcr-eventlog-attestation/src/tpm/credential.rs

baloo avatar Feb 10 '22 16:02 baloo

Indeed, I saw that OpenSSL 3 provides the right tools, but there were no proper bindings in Rust, and I couldn't wait for the proper bindings to come out 😢 Glad to see it's been done, though!! Have you tried upstreaming/making the changes in the "official" openssl crate?

ionut-arm avatar Feb 10 '22 16:02 ionut-arm

yeah, it has been closed because the author merged target branch and I haven't put the effort to rebase/resend the PR. but if you'd like to, here was my PR: https://github.com/sfackler/rust-openssl/pull/1426

baloo avatar Feb 10 '22 16:02 baloo

yeah, it has been closed because the author merged target branch and I haven't put the effort to rebase/resend the PR. but if you'd like to, here was my PR: sfackler/rust-openssl#1426

It's been really hard to get traction with sfackler on anything, it may be worth using the RustCrypto ecosystem https://github.com/RustCrypto/

Firstyear avatar Jul 22 '24 02:07 Firstyear

That is my plan. it mostly needs an implementation of kbkdf for RSA support (https://github.com/RustCrypto/KDFs/pull/87). I don't remember which KDF is required for EC, but it is also missing.

baloo avatar Jul 22 '24 02:07 baloo

Yep, I'm planning similar for does some improved aes examples and maybe even x509. Would been keen to see and review any prs :)

Firstyear avatar Jul 22 '24 02:07 Firstyear