TPM2: ECC Support (won't merge here)

[reneme]

This is just for self-review. The branch will be squashed and incorporated into randombit#4337 later.

[reneme]

@atreiber94 looks really good to me. A noted a few things and nits below.

[reneme]

We might have to explicitly support TPM2_ALG_SM2 here, when we're dealing with a SM2 keys.

[atreiber94]

True, actually supporting SM2 still requires some changes but I'd say the scope here is only ECDSA

[atreiber94]

13ba56d includes now the EC(DH) Crypto Backend. In this case we require an RNG on our part as Alice and should check what RNG we should use.

[reneme]

Not sure, but I believe this could also be TPM2_ALG_SM2 if we deal with an SM2 key... We should figure out a way to test this.

[atreiber94]

Actually, type = TPM2_ALG_ECC for all SM2/ECDSA/ECDH keys. scheme will be different if the TPM key is restricted to a certain scheme like SM2/ECDSA/ECDH.

Starting a session with an explicit ECDH key works since the decrypt flag can be set for this scheme. However, if we restrict the scheme to SM2 or ECDSA, tpm2-toolsdoes not allow to set the decrypt flag since these are signature schemes.

=> The assert is fine, however we cannot test the backend with SM2 since we currently require our sessions to require the decrypt key object attribute. We could have a look at that.

I removed this assert because it's already made when loading the key as a Botan::TPM2::EC_PublicKey.

[reneme]

As far as I remember, BigInt::bytes() does not take zero-bytes into account. So if the coordinate has a zero byte by chance, <= might actually be better here, as you probably imply in the TODO.

[atreiber94]

This check is actually performed in BigInt::serialize(curve_order_byte_size) so I removed it

[reneme]

Somewhat nitty, but would safe a copy:

const auto tpm_sw_pubkey = [&] {
   auto tpm_pub_inputs = Botan::TPM2::ecc_pubkey_from_tss2_public(key);
   return Botan::ECDH_PublicKey(std::move(tpm_pub_inputs.first), std::move(tpm_pub_inputs.second));
}();

[atreiber94]

clang gives a hiccup-move-const-arg for this because ECDH_PublicKey takes const refs as inputs

[reneme]

Perhaps it is worth considering to let curve_id_tss2_to_botan() perform the transformation into an EC_Group as well. I believe in the ECC code we also just transform the curve name into an EC_Group right away.

[atreiber94]

We can actually get the EC_Group if we load the TPM EC PK first - exactly the same operation is performed there. Then, there's no redundant transformation code.
(Additionally, that way all methods in tpm2_algo_mappings.h consistently remain mappings between algo strings/ids which makes me slightly happier than introducing methods that create instances of the algos).

[reneme]

... If curve_id_tss2_to_botan() were to return an EC_Group, this could then just take domain.get_p_bytes() and we don't even need this extra mapping.

[atreiber94]

With loading the TPM PK first, we can just use get_p_bytes() of the TPM PK's domain (see #14 (comment)).

[reneme]

On a more general note (regarding RSA and ECC support in the crypto backend): I think we should consider disentangling the availability of the tpm2_rsa and tpm2_ecc modules from support for the respective key exchanges in the crypto backend. I.e. a build configuration with --enable-modules=tpm2_crypto_backend,rsa,ecdh --disable-modules=tpm2_rsa,tpm2_ecc should probably still be able to do RSA and ECDH exchanges.

As far as I could see, we just need the public_key_from_tpm2_public() methods from the respective adapters. We could put those more centrally and guard them with #if defined(BOTAN_HAS_RSA) and #if defined(BOTAN_HAS_ECDSA) || defined(BOTAN_HAS_ECDH).

What do you think?

[atreiber94]

On a more general note (regarding RSA and ECC support in the crypto backend): I think we should consider disentangling the availability of the tpm2_rsa and tpm2_ecc modules from support for the respective key exchanges in the crypto backend. I.e. a build configuration with --enable-modules=tpm2_crypto_backend,rsa,ecdh --disable-modules=tpm2_rsa,tpm2_ecc should probably still be able to do RSA and ECDH exchanges.

As far as I could see, we just need the public_key_from_tpm2_public() methods from the respective adapters. We could put those more centrally and guard them with #if defined(BOTAN_HAS_RSA) and #if defined(BOTAN_HAS_ECDSA) || defined(BOTAN_HAS_ECDH).

What do you think?

I agree that we should disentangle TPM2_{ECC/RSA}_ADAPTER and RSA/ECC and implemented the suggestion in 46f063c.

That way, all kinds of build configurations work, e.g., you could do EC key exchange in the crypto backend (if BOTAN_HAS_ECDH; otherwise it fails) without having TPM2_ECC_ADAPTER.

However, I'm not sure someone would ever want to do this: If you want to establish an authenticated session with an RSA resp. ECC key, then you need tpm2_rsa resp. tpm2_ecc to load the key as input to the authenticated session. So to me it seems that having the tpm2 adapter is functionally necessary to use the corresponding backend key exchange and therefore I don't see a functional benefit. (One could further disentangle this for just using the keys as parents / for sessions vs. sign/encrypt operations but this would become very complicated. Or do you think we should strive for this kind of configurability?)

Still, I like the suggested disentanglement because it provides a much clearer distinction on dependencies (the crypto backends only require the Botan RSA/EC components and the TPM2 RSA/EC components separately provide RSA/EC functionalities based on TPM keys).

I made sure that the tests works for the different kinds of minimized builds but the coverage is not complete because sometimes the SRK is loaded, which is RSA in our case.

In a minimized build, one also needs to ensure modules necessary for the backend are present: aes,cfb,sha1,sha2_64,aead,hmac ,rsa,eme_pkcs1,eme_oaep to enable RSA key exchange, and ecdh for EC key exchange. We should discuss which modes should be required by the crypto backend module and which should not be a requirement. I'd favor requiring everything except the key exchange modules because these may not be necessary when using crypto callbacks.

[reneme]

We should discuss which modes should be required by the crypto backend module and which should not be a requirement.

The minimalist's answer would be: only the base modules whose headers are included directly (e.g. hash,mac, ...) should be hard requirements. Then the user is in charge (and has maximum flexibility) which concrete algorithms should be available (e.g. sha1 yay/nay?). On the other hand this requires the user to "know" which algorithms are necessary and perhaps wade through several "not implemented" errors to find a working module set.

Side note: It would perhaps be nice to have a list of "recommended module dependencies" to provide a reasonable default that is only pulled in as dependencies when configuring --with-recommendations --enable-modules=tpm2_rsa.

[reneme]

A few more suggestions.

[atreiber94]

Thanks! Applied the suggestions. Regarding the modules: Let's go with the minimalist view and only require the algos/modules that are "hard-coded" in the spec. That's actually what we already had - if a session with a specific algo/mode then the user needs a build supporting the corresponding module.

[reneme]

ECC implementation and internal review done. @atreiber94 will open a PR in randombit/botan. Closing....