src: Get random authvalues locally instead of from the TPM

tgonzalezorlandoarm · tgonzalezorlandoarm · commit b9efab3a1bea · 2024-03-13T14:30:28.000Z
Currently, the TPM itself is the root of trust for randomness in
authvalues used for creating Primary Keys.
This is susceptible to physical attacks over the TPM bus.

 * Get authvalues via the 'getrandom' crate

getrandom retrieves random data from the (operating) system sources
and assumes "that the system always provides high-quality
cryptographically secure random data, ideally backed by hardware
entropy sources", so the administrator of the platfrom should take
this into account.

Note: This change may slow down the tests as accessing random values
from the OS instead of the TPM may be slower.

Signed-off-by: Tomás González &lt;tomasagustin.gonzalezorlando@arm.com&gt;
diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml
@@ -27,6 +27,7 @@ tss-esapi-sys = { path = "../tss-esapi-sys", version = "0.5.0" }
 oid = "0.2.1"
 picky-asn1 = "0.8.0"
 picky-asn1-x509 = "0.12.0"
+getrandom = "0.2.11"
 
 [dev-dependencies]
 env_logger = "0.10.0"
diff --git a/tss-esapi/src/abstraction/transient/mod.rs b/tss-esapi/src/abstraction/transient/mod.rs
@@ -137,6 +137,7 @@ impl TransientKeyContext {
     ///
     /// # Errors
     /// * if the authentication size is larger than 32 a `WrongParamSize` wrapper error is returned
+    /// * if there is an error when obtaining random numbers from the local machine
     pub fn create_key(
         &mut self,
         key_params: KeyParams,
@@ -147,8 +148,12 @@ impl TransientKeyContext {
         }
         let key_auth = if auth_size > 0 {
             self.set_session_attrs()?;
-            let random_bytes = self.context.get_random(auth_size)?;
-            Some(Auth::try_from(random_bytes.value().to_vec())?)
+            let mut random_bytes = vec![0u8; auth_size];
+            getrandom::getrandom(&mut random_bytes).map_err(|_| {
+                log::error!("Failed to obtain a random authvalue for key creation");
+                Error::WrapperError(ErrorKind::InternalError)
+            })?;
+            Some(Auth::try_from(random_bytes)?)
         } else {
             None
         };
@@ -637,7 +642,7 @@ impl TransientKeyContextBuilder {
     /// Bootstrap the TransientKeyContext.
     ///
     /// The root key is created as a primary key in the provided hierarchy and thus authentication is
-    /// needed for said hierarchy. The authentication valuei for the key is generated by the TPM itself,
+    /// needed for said hierarchy. The authentication value for the key is generated locally in the machine,
     /// with a configurable length, and never exposed outside the context.
     ///
     /// # Warning
@@ -650,9 +655,9 @@ impl TransientKeyContextBuilder {
     /// * `root_key_auth_size` must be at most 32
     ///
     /// # Errors
-    /// * errors are returned if any method calls return an error: `Context::get_random`,
-    /// `Context::start_auth_session`, `Context::create_primary`, `Context::flush_context`,
-    /// `Context::set_handle_auth`
+    /// * errors are returned if any method calls return an error: `Context::start_auth_session`
+    /// `Context::create_primary`, `Context::flush_context`, `Context::set_handle_auth`
+    /// or if an internal error occurs when getting random numbers from the local machine
     /// * if the root key authentication size is given greater than 32 or if the root key size is
     /// not 1024, 2048, 3072 or 4096, a `InvalidParam` wrapper error is returned
     pub fn build(mut self) -> Result<TransientKeyContext> {
@@ -665,8 +670,12 @@ impl TransientKeyContextBuilder {
         let mut context = Context::new(self.tcti_name_conf)?;
 
         let root_key_auth = if self.root_key_auth_size > 0 {
-            let random = context.get_random(self.root_key_auth_size)?;
-            Some(Auth::try_from(random.value().to_vec())?)
+            let mut random = vec![0u8; self.root_key_auth_size];
+            getrandom::getrandom(&mut random).map_err(|_| {
+                log::error!("Failed to obtain a random value for root key authentication");
+                Error::WrapperError(ErrorKind::InternalError)
+            })?;
+            Some(Auth::try_from(random)?)
         } else {
             None
         };
diff --git a/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs b/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs
@@ -131,8 +131,9 @@ impl Context {
     /// # context.tr_sess_set_attributes(session, session_attributes, session_attributes_mask)
     /// #     .expect("Failed to set attributes on session");
     /// # context.set_sessions((Some(session), None, None));
-    /// # let random_digest = context.get_random(16).unwrap();
-    /// # let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+    /// # let mut random_digest = vec![0u8; 16];
+    /// # getrandom::getrandom(&mut random_digest).unwrap();
+    /// # let key_auth = Auth::try_from(random_digest).unwrap();
     /// #
     /// // Create a key suitable for ECDH key generation
     /// let ecc_parms = PublicEccParametersBuilder::new()
@@ -268,8 +269,9 @@ impl Context {
     /// # context.tr_sess_set_attributes(session, session_attributes, session_attributes_mask)
     /// #     .expect("Failed to set attributes on session");
     /// # context.set_sessions((Some(session), None, None));
-    /// # let random_digest = context.get_random(16).unwrap();
-    /// # let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+    /// # let mut random_digest = vec![0u8; 16];
+    /// # getrandom::getrandom(&mut random_digest).unwrap();
+    /// # let key_auth = Auth::try_from(random_digest).unwrap();
     /// #
     /// // Create a key suitable for ECDH key generation
     /// let ecc_parms = PublicEccParametersBuilder::new()
diff --git a/tss-esapi/src/context/tpm_commands/context_management.rs b/tss-esapi/src/context/tpm_commands/context_management.rs
@@ -109,10 +109,9 @@ impl Context {
     ///
     /// // Execute context methods using the session
     /// context.execute_with_session(Some(session), |ctx| {
-    ///     let random_digest = ctx.get_random(16)
-    ///         .expect("Call to get_random failed");
-    ///     let key_auth = Auth::try_from(random_digest.value().to_vec())
-    ///         .expect("Failed to create Auth");
+    ///     let mut random_digest = vec![0u8; 16];
+    ///     getrandom::getrandom(&mut random_digest).expect("Call to getrandom failed");
+    ///     let key_auth = Auth::try_from(random_digest).expect("Failed to create Auth");
     ///     let key_handle = ctx
     ///         .create_primary(
     ///             Hierarchy::Owner,
diff --git a/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs b/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs
@@ -56,12 +56,10 @@ impl Context {
     /// #     .tr_set_auth(tss_esapi::interface_types::resource_handles::Hierarchy::Owner.into(), Auth::default())
     /// #     .expect("Failed to set auth to empty for owner");
     /// # // Create primary key auth
+    /// # let mut random_digest = vec![0u8; 16];
+    /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed");
     /// # let primary_key_auth = Auth::try_from(
-    /// #     context
-    /// #         .get_random(16)
-    /// #         .expect("get_rand call failed")
-    /// #         .value()
-    /// #         .to_vec(),
+    /// #     random_digest
     /// # )
     /// # .expect("Failed to create primary key auth");
     /// # // Create primary key
@@ -103,12 +101,10 @@ impl Context {
     /// #     .build()
     /// #     .expect("Failed to create public for symmetric key public");
     /// # // Create auth for the symmetric key
+    /// # let mut random_digest = vec![0u8; 16];
+    /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed");
     /// # let symmetric_key_auth = Auth::try_from(
-    /// #     context
-    /// #         .get_random(16)
-    /// #         .expect("get_rand call failed")
-    /// #         .value()
-    /// #         .to_vec(),
+    /// #     random_digest
     /// # )
     /// # .expect("Failed to create symmetric key auth");
     /// # // Create symmetric key data
diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs
@@ -503,8 +503,9 @@ fn ctx_migration_test() {
     // Create two key contexts using `Context`, one for an RSA keypair,
     // one for just the public part of the key
     let mut basic_ctx = crate::common::create_ctx_with_session();
-    let random_digest = basic_ctx.get_random(16).unwrap();
-    let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+    let mut random_digest = vec![0u8; 16];
+    getrandom::getrandom(&mut random_digest).unwrap();
+    let key_auth = Auth::try_from(random_digest).unwrap();
     let prim_key_handle = basic_ctx
         .create_primary(
             Hierarchy::Owner,
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs
@@ -19,8 +19,9 @@ mod test_rsa_encrypt_decrypt {
     #[test]
     fn test_encrypt_decrypt() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let key_handle = context
             .create_primary(
@@ -59,8 +60,9 @@ mod test_rsa_encrypt_decrypt {
     #[test]
     fn test_ecdh() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let ecc_parms = PublicEccParametersBuilder::new()
             .with_ecc_scheme(EccScheme::EcDh(HashScheme::new(HashingAlgorithm::Sha256)))
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs
@@ -8,8 +8,9 @@ mod test_ctx_save {
     #[test]
     fn test_ctx_save() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let key_handle = context
             .create_primary(
@@ -28,8 +29,9 @@ mod test_ctx_save {
     #[test]
     fn test_ctx_save_leaf() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let prim_key_handle = context
             .create_primary(
@@ -72,13 +74,14 @@ mod test_ctx_load {
     #[test]
     fn test_ctx_load() {
         let mut context = create_ctx_with_session();
-        let key_auth = context.get_random(16).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
 
         let prim_key_handle = context
             .create_primary(
                 Hierarchy::Owner,
                 decryption_key_pub(),
-                Some(Auth::try_from(key_auth.value().to_vec()).unwrap()),
+                Some(Auth::try_from(random_digest.clone()).unwrap()),
                 None,
                 None,
                 None,
@@ -90,7 +93,7 @@ mod test_ctx_load {
             .create(
                 prim_key_handle,
                 signing_key_pub(),
-                Some(Auth::try_from(key_auth.value().to_vec()).unwrap()),
+                Some(Auth::try_from(random_digest).unwrap()),
                 None,
                 None,
                 None,
@@ -115,8 +118,9 @@ mod test_flush_context {
     #[test]
     fn test_flush_ctx() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let key_handle = context
             .create_primary(
@@ -136,8 +140,9 @@ mod test_flush_context {
     #[test]
     fn test_flush_parent_ctx() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let prim_key_handle = context
             .create_primary(
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs
@@ -537,8 +537,9 @@ mod test_policy_authorize {
     #[test]
     fn test_policy_authorize() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let key_handle = context
             .create_primary(
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs
@@ -10,8 +10,9 @@ mod test_create_primary {
     #[test]
     fn test_create_primary() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let key_handle = context
             .create_primary(
@@ -95,8 +96,9 @@ mod test_change_auth {
             )
             .unwrap();
 
-        let random_digest = context.get_random(16).unwrap();
-        let new_key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let new_key_auth = Auth::try_from(random_digest).unwrap();
 
         let new_private = context
             .object_change_auth(loaded_key.into(), prim_key_handle.into(), new_key_auth)
@@ -110,8 +112,9 @@ mod test_change_auth {
     fn test_hierarchy_change_auth() {
         let mut context = create_ctx_with_session();
 
-        let random_digest = context.get_random(16).unwrap();
-        let new_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let new_auth = Auth::try_from(random_digest).unwrap();
 
         // NOTE: If this test failed on your system, you are probably running it against a
         //  real (hardware) TPM or one that is provisioned. This hierarchy is supposed to be
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs
@@ -8,8 +8,9 @@ mod test_create {
     #[test]
     fn test_create() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let prim_key_handle = context
             .create_primary(
@@ -44,8 +45,9 @@ mod test_load {
     #[test]
     fn test_load() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let prim_key_handle = context
             .create_primary(
@@ -239,8 +241,9 @@ mod test_read_public {
     #[test]
     fn test_read_public() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.value().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::try_from(random_digest).unwrap();
 
         let key_handle = context
             .create_primary(
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs
