diff options
| author | William Roberts <william.c.roberts@intel.com> | 2023-01-18 08:45:53 -0600 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2023-01-18 21:58:33 +0000 |
| commit | aae6eb96117acd54ce5ac572aac6a11b34c4ad99 (patch) | |
| tree | 82c3781c1d15e1c3bf2c50abbd5f94eab782c879 /src/cryptenroll | |
| parent | f2af682cd6308f9b26035b83063e6aa8593e468c (diff) | |
| download | systemd-aae6eb96117acd54ce5ac572aac6a11b34c4ad99.tar.gz | |
tpm2: add salt to pin
Add a salt to the pin and store it in the TPM2 LUKS header for future
this. This adds entropy to user supplied pins and helps brute forcing
the passphrase on the key residing in the TPM or brute forcing bind key
encrypted sessions with low entropy passphrases.
Signed-off-by: malikabhi05 <abhishek.malik@intel.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
Diffstat (limited to 'src/cryptenroll')
| -rw-r--r-- | src/cryptenroll/cryptenroll-tpm2.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/src/cryptenroll/cryptenroll-tpm2.c b/src/cryptenroll/cryptenroll-tpm2.c index 96d5fc0695..3098b2e7ac 100644 --- a/src/cryptenroll/cryptenroll-tpm2.c +++ b/src/cryptenroll/cryptenroll-tpm2.c @@ -8,6 +8,8 @@ #include "hexdecoct.h" #include "json.h" #include "memory-util.h" +#include "random-util.h" +#include "sha256.h" #include "tpm2-util.h" static int search_policy_hash( @@ -148,6 +150,14 @@ int enroll_tpm2(struct crypt_device *cd, ssize_t base64_encoded_size; int r, keyslot; TPM2Flags flags = 0; + uint8_t binary_salt[SHA256_DIGEST_SIZE] = {}; + /* + * erase the salt, we'd rather attempt to not have this in a coredump + * as an attacker would have all the parameters but pin used to create + * the session key. This problem goes away when we move to a trusted + * primary key, aka the SRK. + */ + CLEANUP_ERASE(binary_salt); assert(cd); assert(volume_key); @@ -161,6 +171,22 @@ int enroll_tpm2(struct crypt_device *cd, r = get_pin(&pin_str, &flags); if (r < 0) return r; + + r = crypto_random_bytes(binary_salt, sizeof(binary_salt)); + if (r < 0) + return log_error_errno(r, "Failed to acquire random salt: %m"); + + uint8_t salted_pin[SHA256_DIGEST_SIZE] = {}; + CLEANUP_ERASE(salted_pin); + r = tpm2_util_pbkdf2_hmac_sha256(pin_str, strlen(pin_str), binary_salt, sizeof(binary_salt), salted_pin); + if (r < 0) + return log_error_errno(r, "Failed to perform PBKDF2: %m"); + + pin_str = erase_and_free(pin_str); + /* re-stringify pin_str */ + base64_encoded_size = base64mem(salted_pin, sizeof(salted_pin), &pin_str); + if (base64_encoded_size < 0) + return log_error_errno(base64_encoded_size, "Failed to base64 encode salted pin: %m"); } r = tpm2_load_pcr_public_key(pubkey_path, &pubkey, &pubkey_size); @@ -258,6 +284,8 @@ int enroll_tpm2(struct crypt_device *cd, primary_alg, blob, blob_size, hash, hash_size, + use_pin ? binary_salt : NULL, + use_pin ? sizeof(binary_salt) : 0, flags, &v); if (r < 0) |