src: Get random authvalues locally instead of from the TPM

tgonzalezorlandoarm · tgonzalezorlandoarm · commit acb2799e40a1 · 2024-03-13T17:09:22.000Z
Currently, the TPM itself is the root of trust for randomness in
authvalues used for creating Primary Keys.
This is susceptible to physical attacks over the TPM bus.

 * Get authvalues via the 'getrandom' crate

getrandom retrieves random data from the (operating) system sources
and assumes "that the system always provides high-quality
cryptographically secure random data, ideally backed by hardware
entropy sources", so the administrator of the platfrom should take
this into account.

Note: This change may slow down the tests as accessing random values
from the OS instead of the TPM may be slower.

Signed-off-by: Tomás González &lt;tomasagustin.gonzalezorlando@arm.com&gt;
diff --git a/tss-esapi/Cargo.toml b/tss-esapi/Cargo.toml
@@ -34,6 +34,7 @@ cfg-if = "1.0.0"
 strum = { version = "0.25.0", optional = true }
 strum_macros = { version = "0.25.0", optional = true }
 paste = "1.0.14"
+getrandom = "0.2.11"
 
 [dev-dependencies]
 env_logger = "0.9.0"
diff --git a/tss-esapi/src/abstraction/transient/mod.rs b/tss-esapi/src/abstraction/transient/mod.rs
@@ -137,6 +137,7 @@ impl TransientKeyContext {
     ///
     /// # Errors
     /// * if the authentication size is larger than 32 a `WrongParamSize` wrapper error is returned
+    /// * if there is an error when obtaining random numbers from the local machine
     pub fn create_key(
         &mut self,
         key_params: KeyParams,
@@ -147,8 +148,12 @@ impl TransientKeyContext {
         }
         let key_auth = if auth_size > 0 {
             self.set_session_attrs()?;
-            let random_bytes = self.context.get_random(auth_size)?;
-            Some(Auth::from_bytes(random_bytes.as_bytes())?)
+            let mut random_bytes = vec![0u8; auth_size];
+            getrandom::getrandom(&mut random_bytes).map_err(|_| {
+                log::error!("Failed to obtain a random authvalue for key creation");
+                Error::WrapperError(ErrorKind::InternalError)
+            })?;
+            Some(Auth::from_bytes(random_bytes.as_slice())?)
         } else {
             None
         };
@@ -630,7 +635,7 @@ impl TransientKeyContextBuilder {
     /// Bootstrap the TransientKeyContext.
     ///
     /// The root key is created as a primary key in the provided hierarchy and thus authentication is
-    /// needed for said hierarchy. The authentication value for the key is generated by the TPM itself,
+    /// needed for said hierarchy. The authentication value for the key is generated locally in the machine,
     /// with a configurable length, and never exposed outside the context.
     ///
     /// # Warning
@@ -643,9 +648,9 @@ impl TransientKeyContextBuilder {
     /// * `root_key_auth_size` must be at most 32
     ///
     /// # Errors
-    /// * errors are returned if any method calls return an error: `Context::get_random`,
-    /// `Context::start_auth_session`, `Context::create_primary`, `Context::flush_context`,
-    /// `Context::set_handle_auth`
+    /// * errors are returned if any method calls return an error: `Context::start_auth_session`
+    /// `Context::create_primary`, `Context::flush_context`, `Context::set_handle_auth`
+    /// or if an internal error occurs when getting random numbers from the local machine
     /// * if the root key authentication size is given greater than 32 or if the root key size is
     /// not 1024, 2048, 3072 or 4096, a `InvalidParam` wrapper error is returned
     pub fn build(mut self) -> Result<TransientKeyContext> {
@@ -658,8 +663,12 @@ impl TransientKeyContextBuilder {
         let mut context = Context::new(self.tcti_name_conf)?;
 
         let root_key_auth = if self.root_key_auth_size > 0 {
-            let random = context.get_random(self.root_key_auth_size)?;
-            Some(Auth::from_bytes(random.as_bytes())?)
+            let mut random = vec![0u8; self.root_key_auth_size];
+            getrandom::getrandom(&mut random).map_err(|_| {
+                log::error!("Failed to obtain a random value for root key authentication");
+                Error::WrapperError(ErrorKind::InternalError)
+            })?;
+            Some(Auth::from_bytes(random.as_slice())?)
         } else {
             None
         };
diff --git a/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs b/tss-esapi/src/context/tpm_commands/asymmetric_primitives.rs
@@ -127,8 +127,9 @@ impl Context {
     /// # context.tr_sess_set_attributes(session, session_attributes, session_attributes_mask)
     /// #     .expect("Failed to set attributes on session");
     /// # context.set_sessions((Some(session), None, None));
-    /// # let random_digest = context.get_random(16).unwrap();
-    /// # let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+    /// # let mut random_digest = vec![0u8; 16];
+    /// # getrandom::getrandom(&mut random_digest).unwrap();
+    /// # let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
     /// #
     /// // Create a key suitable for ECDH key generation
     /// let ecc_parms = PublicEccParametersBuilder::new()
@@ -262,8 +263,9 @@ impl Context {
     /// # context.tr_sess_set_attributes(session, session_attributes, session_attributes_mask)
     /// #     .expect("Failed to set attributes on session");
     /// # context.set_sessions((Some(session), None, None));
-    /// # let random_digest = context.get_random(16).unwrap();
-    /// # let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+    /// # let mut random_digest = vec![0u8; 16];
+    /// # getrandom::getrandom(&mut random_digest).unwrap();
+    /// # let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
     /// #
     /// // Create a key suitable for ECDH key generation
     /// let ecc_parms = PublicEccParametersBuilder::new()
diff --git a/tss-esapi/src/context/tpm_commands/context_management.rs b/tss-esapi/src/context/tpm_commands/context_management.rs
@@ -112,10 +112,9 @@ impl Context {
     ///
     /// // Execute context methods using the session
     /// context.execute_with_session(Some(session), |ctx| {
-    ///     let random_digest = ctx.get_random(16)
-    ///         .expect("Call to get_random failed");
-    ///     let key_auth = Auth::from_bytes(random_digest.as_bytes())
-    ///         .expect("Failed to create Auth");
+    ///     let mut random_digest = vec![0u8; 16];
+    ///     getrandom::getrandom(&mut random_digest).expect("Call to getrandom failed");
+    ///     let key_auth = Auth::from_bytes(random_digest.as_slice()).expect("Failed to create Auth");
     ///     let key_handle = ctx
     ///         .create_primary(
     ///             Hierarchy::Owner,
diff --git a/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs b/tss-esapi/src/context/tpm_commands/symmetric_primitives.rs
@@ -56,12 +56,11 @@ impl Context {
     /// #     .tr_set_auth(tss_esapi::interface_types::reserved_handles::Hierarchy::Owner.into(), Auth::default())
     /// #     .expect("Failed to set auth to empty for owner");
     /// # // Create primary key auth
-    /// # let primary_key_auth = Auth::try_from(
-    /// #     context
-    /// #         .get_random(16)
-    /// #         .expect("get_rand call failed")
-    /// #         .as_bytes()
-    /// #         .to_vec(),
+    /// # let mut random_digest = vec![0u8; 16];
+    /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed");
+    /// # let primary_key_auth = Auth::from_bytes(
+    /// #     random_digest
+    /// #         .as_slice()
     /// # )
     /// # .expect("Failed to create primary key auth");
     /// # // Create primary key
@@ -103,12 +102,11 @@ impl Context {
     /// #     .build()
     /// #     .expect("Failed to create public for symmetric key public");
     /// # // Create auth for the symmetric key
-    /// # let symmetric_key_auth = Auth::try_from(
-    /// #     context
-    /// #         .get_random(16)
-    /// #         .expect("get_rand call failed")
-    /// #         .as_bytes()
-    /// #         .to_vec(),
+    /// # let mut random_digest = vec![0u8; 16];
+    /// # getrandom::getrandom(&mut random_digest).expect("get_rand call failed");
+    /// # let symmetric_key_auth = Auth::from_bytes(
+    /// #     random_digest
+    /// #         .as_slice()
     /// # )
     /// # .expect("Failed to create symmetric key auth");
     /// # // Create symmetric key data
diff --git a/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs b/tss-esapi/tests/integration_tests/abstraction_tests/transient_key_context_tests.rs
@@ -502,8 +502,9 @@ fn ctx_migration_test() {
     // Create two key contexts using `Context`, one for an RSA keypair,
     // one for just the public part of the key
     let mut basic_ctx = crate::common::create_ctx_with_session();
-    let random_digest = basic_ctx.get_random(16).unwrap();
-    let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+    let mut random_digest = vec![0u8; 16];
+    getrandom::getrandom(&mut random_digest).unwrap();
+    let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
     let prim_key_handle = basic_ctx
         .create_primary(
             Hierarchy::Owner,
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/asymmetric_primitives_tests.rs
@@ -19,8 +19,9 @@ mod test_rsa_encrypt_decrypt {
     #[test]
     fn test_encrypt_decrypt() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let key_handle = context
             .create_primary(
@@ -59,8 +60,9 @@ mod test_rsa_encrypt_decrypt {
     #[test]
     fn test_ecdh() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let ecc_parms = PublicEccParametersBuilder::new()
             .with_ecc_scheme(EccScheme::EcDh(HashScheme::new(HashingAlgorithm::Sha256)))
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/context_management_tests.rs
@@ -7,8 +7,9 @@ mod test_ctx_save {
     #[test]
     fn test_ctx_save() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let key_handle = context
             .create_primary(
@@ -27,8 +28,9 @@ mod test_ctx_save {
     #[test]
     fn test_ctx_save_leaf() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let prim_key_handle = context
             .create_primary(
@@ -70,13 +72,14 @@ mod test_ctx_load {
     #[test]
     fn test_ctx_load() {
         let mut context = create_ctx_with_session();
-        let key_auth = context.get_random(16).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
 
         let prim_key_handle = context
             .create_primary(
                 Hierarchy::Owner,
                 decryption_key_pub(),
-                Some(Auth::from_bytes(key_auth.as_bytes()).unwrap()),
+                Some(Auth::from_bytes(random_digest.as_slice()).unwrap()),
                 None,
                 None,
                 None,
@@ -88,7 +91,7 @@ mod test_ctx_load {
             .create(
                 prim_key_handle,
                 signing_key_pub(),
-                Some(Auth::from_bytes(key_auth.as_bytes()).unwrap()),
+                Some(Auth::from_bytes(random_digest.as_slice()).unwrap()),
                 None,
                 None,
                 None,
@@ -112,8 +115,9 @@ mod test_flush_context {
     #[test]
     fn test_flush_ctx() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let key_handle = context
             .create_primary(
@@ -133,8 +137,9 @@ mod test_flush_context {
     #[test]
     fn test_flush_parent_ctx() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let prim_key_handle = context
             .create_primary(
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/enhanced_authorization_ea_commands_tests.rs
@@ -536,8 +536,9 @@ mod test_policy_authorize {
     #[test]
     fn test_policy_authorize() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let key_handle = context
             .create_primary(
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/hierarchy_commands_tests.rs
@@ -9,8 +9,9 @@ mod test_create_primary {
     #[test]
     fn test_create_primary() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let key_handle = context
             .create_primary(
@@ -93,8 +94,9 @@ mod test_change_auth {
             )
             .unwrap();
 
-        let random_digest = context.get_random(16).unwrap();
-        let new_key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let new_key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let new_private = context
             .object_change_auth(loaded_key.into(), prim_key_handle.into(), new_key_auth)
@@ -108,8 +110,9 @@ mod test_change_auth {
     fn test_hierarchy_change_auth() {
         let mut context = create_ctx_with_session();
 
-        let random_digest = context.get_random(16).unwrap();
-        let new_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let new_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         // NOTE: If this test failed on your system, you are probably running it against a
         //  real (hardware) TPM or one that is provisioned. This hierarchy is supposed to be
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/object_commands_tests.rs
@@ -2,14 +2,14 @@
 // SPDX-License-Identifier: Apache-2.0
 mod test_create {
     use crate::common::{create_ctx_with_session, decryption_key_pub};
-    use std::convert::TryFrom;
     use tss_esapi::{interface_types::reserved_handles::Hierarchy, structures::Auth};
 
     #[test]
     fn test_create() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.as_bytes().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let prim_key_handle = context
             .create_primary(
@@ -38,14 +38,14 @@ mod test_create {
 
 mod test_load {
     use crate::common::{create_ctx_with_session, decryption_key_pub, signing_key_pub};
-    use std::convert::TryFrom;
     use tss_esapi::{interface_types::reserved_handles::Hierarchy, structures::Auth};
 
     #[test]
     fn test_load() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::try_from(random_digest.as_bytes().to_vec()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let prim_key_handle = context
             .create_primary(
@@ -237,8 +237,9 @@ mod test_read_public {
     #[test]
     fn test_read_public() {
         let mut context = create_ctx_with_session();
-        let random_digest = context.get_random(16).unwrap();
-        let key_auth = Auth::from_bytes(random_digest.as_bytes()).unwrap();
+        let mut random_digest = vec![0u8; 16];
+        getrandom::getrandom(&mut random_digest).unwrap();
+        let key_auth = Auth::from_bytes(random_digest.as_slice()).unwrap();
 
         let key_handle = context
             .create_primary(
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/signing_and_signature_verification_tests.rs
diff --git a/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs b/tss-esapi/tests/integration_tests/context_tests/tpm_commands/symmetric_primitives_tests.rs
