Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: ECC Support in TPM2 #4357

Merged
merged 8 commits into from
Oct 10, 2024
Merged

Feature: ECC Support in TPM2 #4357

merged 8 commits into from
Oct 10, 2024

Conversation

atreiber94
Copy link
Collaborator

@atreiber94 atreiber94 commented Oct 8, 2024
edited
Loading

This PR extends #4337 to include ECC*, which checks another box of the ToDos in #3877.

Changes and Additions

  • Adjust copyrights for funding attribution (that's why so many files are changed...).
  • Analogously to RSA, an EC Adapter module is added which allows to manage, load and use* TPM2 EC Keys.
  • Redundant logic of the RSA Adapter also used by the EC Adapter is generalized to TPM2::Signature_Operation and TPM2::Verification_Operation in tpm2_pkops.h.
  • Augmentation of the TPM2 Crypto Backend to support ECDH key exchange in order to allow for authenticated sessions with TPM2 EC keys.
  • Disentanglement of the Crypto Backend from the Adapters: Before, the Backend required the TPM2 RSA Adapter to establish a session via a TPM2 RSA key. Now, the backend RSA/ECDH functionalities require only the corresponding Botan software RSA/ECDH modules. (These are not requirements of the backend module though - they are only required if one wants to establish a session with a key of the respective type).
  • More defensive input checks in Crypto Backend.
* Fine Print: Limitations
  • As PK Ops of EC keys this PR only supports ECDSA Signing/Verification. Other types such as ECSchnorr and SM2 are not supported.
  • Particularly, ECDH Key Agreement in Botan with a TPM2 EC key is not yet supported. This is more involved since a TPM EC key may be used for ECDSA/ECDH/..., which is more of an operation as opposed to a key (ECDSA or ECDH ) in Botan. Note that this is not to be confused with ECDH for the Crypto Backend used for the sessions with any EC TPM2 key, which is supported (see above).
  • Only NIST curves are supported since 25519/448 and Brainpool are not yet supported by tpm2-tss.

@atreiber94 atreiber94 added the enhancement Enhancement or new feature label Oct 8, 2024
@atreiber94 atreiber94 added this to the Botan 3.6.0 milestone Oct 8, 2024
@reneme reneme mentioned this pull request Oct 8, 2024
Open
@reneme reneme force-pushed the feature/tpm2_ecc branch 2 times, most recently from 4c963f6 to d86ffe9 Compare October 8, 2024 12:41
@reneme reneme force-pushed the feature/tpm2_ecc branch 2 times, most recently from 6286c1f to 9e1439e Compare October 8, 2024 13:58
atreiber94 and others added 6 commits October 8, 2024 16:54
@atreiber94 @reneme
Add TPM2 ECC Adapter to support ECDSA TPM2 keys
7899203 
To add ECDH support, different TPM2-TSS methods need to be incorporated
into Key Agreement PK operations. The class hierarchy of Botan's
EC keys currently makes this hard since a TPM2 EC key may not be
restricted to just ECDH or ECDSA.
@atreiber94 @reneme
Add ECDH Support to TPM2 Crypto Backend
b2a3e5b 
This includes disentangling the TPM2 Crypto Backend from the availability of the
TPM2 RSA Adapter module. Instead, it now only depends on the software
RSA/EC implementation of Botan.
@reneme @atreiber94
Be defensive with the input parameters in the crypto backend
933155c 
Co-Authored-By: Amos Treiber <[email protected]>
@atreiber94 @reneme
CI and Test infrastructure for TPM2 ECC support
9526e89
@atreiber94 @reneme
Add TPM2 ECC Documentation
ebea820
@atreiber94 @reneme
Add attribution to funding provider LANCOM
485d1f4
reneme
reneme approved these changes Oct 8, 2024
View reviewed changes
Copy link
Collaborator

@reneme reneme left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was closely involved with the implementation, so this is really more of a self-review. The CI failures seem to be inherited from master.

randombit
randombit reviewed Oct 8, 2024
View reviewed changes
Copy link
Owner

@randombit randombit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. If possible I'd like to avoid introducing new public APIs that use EC_Point since ideally that type goes away in Botan4, and using EC_AffinePoint from the outset avoids API breakage.

src/lib/prov/tpm2/tpm2_rsa/tpm2_rsa.cpp
} else if(signature->sigAlg == TPM2_ALG_RSAPSS) {
return signature->signature.rsapss;
std::vector<uint8_t> marshal_signature(const TPMT_SIGNATURE& signature) const override {
const auto& sig = [&] {
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The if/else if formulation originally used seems cleaner to me tbh

src/lib/prov/tpm2/tpm2_key.cpp Outdated
}

auto curve = Botan::EC_Group::from_name(curve_name.value());
auto point = curve.point(BigInt(as_span(public_blob->publicArea.unique.ecc.x)),
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to move the EC interfaces away from BigInt in general I'd suggest instead concatenating x and y as bytestrings with 04 prefix and deserializing.

src/lib/prov/tpm2/tpm2_ecc/tpm2_ecc.h Outdated
friend class TPM2::PublicKey;

EC_PublicKey(Object handle, SessionBundle sessions, const TPM2B_PUBLIC* public_blob);
EC_PublicKey(Object handle, SessionBundle sessions, std::pair<EC_Group, EC_Point> public_key);
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a specific reason to use EC_Point here vs EC_AffinePoint? (Likewise elsewhere in this module.) I'd like to transition the entire library eventually to EC_AffinePoint only, where EC_Point basically becomes an implementation detail that isn't exposed. So if we can avoid introducing new uses that would be a plus from my view.

@atreiber94
Address review comments:
1653ce0 
- sigAlg cases via if/else in tpm2_rsa.cpp
- Avoid BigInt and EC_Point
@atreiber94
Copy link
Collaborator Author

atreiber94 commented Oct 9, 2024
edited
Loading

Thanks for the review!

I transitioned the public interface TPM2::ecc_pubkey_from_tss2_public from using EC_Point to EC_AffinePoint.

The Crypto Backend still uses EC_AffinePoint::to_legacy_point() because ECDH does not seem transitioned yet, but at least now EC_Point does not appear in the public API.

randombit
randombit approved these changes Oct 10, 2024
View reviewed changes
Copy link
Owner

@randombit randombit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks

@atreiber94 atreiber94 merged commit 45aba2c into randombit:master Oct 10, 2024
38 checks passed
@atreiber94 atreiber94 deleted the feature/tpm2_ecc branch October 10, 2024 07:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@reneme reneme reneme approved these changes

@randombit randombit randombit approved these changes

Assignees
No one assigned
Labels
enhancement Enhancement or new feature
Projects
None yet
Milestone
Botan 3.6.0
Development

Successfully merging this pull request may close these issues.
3 participants
@atreiber94 @randombit @reneme