Add AES-GCM encryption support. Move argon2 to new crypto package. Default dev and debug config to ECC certs

Author: jeremyhahn

configs/platform/config.debug.yaml

@@ -203,14 +203,16 @@ certificate-authority:
  # Supported schemes: RSA_PSS | RSA_PKCS1v15
  rsa-scheme: RSA_PSS
 
- # The default algorithm to use when creating keys and certificates
+ # The key algorithm used for the CA signing certificate
  # Supported algorithms: RSA, ECC
- key-algorithm: RSA
+ # key-algorithm: RSA
+ key-algorithm: ECC
 
  # The default signature algorithm
  # Any fully supported Go x509 SignatureAlgorithm:
  # https://pkg.go.dev/crypto/x509#SignatureAlgorithm
- signature-algorithm: SHA256WithRSA
+ # signature-algorithm: SHA256WithRSA
+ signature-algorithm: ECDSAWithSHA256
 
  # The Elliptical Curve Cryptography Curve
  # Supported curves: P224, P256, P384, P521

configs/platform/config.dev.yaml

@@ -197,12 +197,12 @@ certificate-authority:
 
  # The default algorithm to use when creating keys and certificates
  # Supported algorithms: RSA, ECC
- key-algorithm: RSA
+ key-algorithm: ECC
 
  # The default signature algorithm
  # Any fully supported Go x509 SignatureAlgorithm:
  # https://pkg.go.dev/crypto/x509#SignatureAlgorithm
- signature-algorithm: SHA256WithRSA
+ signature-algorithm: ECDSAWithSHA256
 
  # The Elliptical Curve Cryptography Curve
  # Supported curves: P224, P256, P384, P521

configs/platform/config.fips.yaml

@@ -2,7 +2,7 @@
 
 
 # Global platform configs
-debug: true
+debug: false
 debug-secrets: false
 platform-dir: trusted-data
 config-dir: trusted-data/etc
@@ -138,10 +138,10 @@ tpm:
  ek-cert: ../ECcert.bin
 
  # Use TPM Simulator instead of real TPM
- simulator: true
+ simulator: false
 
  # Automatically import EK Platform (Manufacturer) Certificate(s) into trust store
- auto-import-ek-certs: true
+ auto-import-ek-certs: false
 
  # PCRs to use for local attestation
  # https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/
@@ -169,7 +169,7 @@ certificate-authority:
  issued-valid: 365
 
  # Set to true to include "localhost" in SANS names
- sans-include-localhost: true
+ sans-include-localhost: false
 
  # Delete revoked certificates. They can be safely
  # discarded after revocation, but you may want them
@@ -217,7 +217,7 @@ certificate-authority:
 
  # The Certificate Authority identity
  identity:
- - key-size: 2048
+ - key-size: 4096
  # CA cert expiration (years)
  valid: 50
  subject:
@@ -309,4 +309,5 @@ argon2:
  iterations: 2
  parallelism: 1
  saltLen: 16
- keyLen: 32
+ keyLen: 32
+ 

pkg/app/app.go

@@ -17,7 +17,7 @@ import (
 
 "github.com/jeremyhahn/go-trusted-platform/pkg/ca"
 "github.com/jeremyhahn/go-trusted-platform/pkg/config"
-"github.com/jeremyhahn/go-trusted-platform/pkg/hash"
+"github.com/jeremyhahn/go-trusted-platform/pkg/crypto/argon2"
 "github.com/jeremyhahn/go-trusted-platform/pkg/pkcs11"
 "github.com/jeremyhahn/go-trusted-platform/pkg/platform/auth"
 "github.com/jeremyhahn/go-trusted-platform/pkg/platform/setup"
@@ -35,25 +35,25 @@ type App struct {
 CA ca.CertificateAuthority `yaml:"-" json:"-" mapstructure:"-"`
 TPM tpm2.TrustedPlatformModule2 `yaml:"-" json:"-" mapstructure:"-"`
 PKCS11 pkcs11.PKCS11
-CAConfig ca.Config `yaml:"certificate-authority" json:"certificate_authority" mapstructure:"certificate-authority"`
-TPMConfig tpm2.Config `yaml:"tpm" json:"tpm" mapstructure:"tpm"`
-PKCS11Config pkcs11.Config `yaml:"pkcs11" json:"pkcs11" mapstructure:"pkcs11"`
-AttestationConfig config.Attestation `yaml:"attestation" json:"attestation" mapstructure:"attestation"`
-DebugFlag bool `yaml:"debug" json:"debug" mapstructure:"debug"`
-DebugSecretsFlag bool `yaml:"debug-secrets" json:"debug-secrets" mapstructure:"debug-secrets"`
-PlatformDir string `yaml:"platform-dir" json:"platform_dir" mapstructure:"platform-dir"`
-ConfigDir string `yaml:"config-dir" json:"config_dir" mapstructure:"config-dir"`
-LogDir string `yaml:"log-dir" json:"log_dir" mapstructure:"log-dir"`
-Logger *logging.Logger `yaml:"-" json:"-" mapstructure:"-"`
-RuntimeUser string `yaml:"runtime-user" json:"runtime_user" mapstructure:"runtime-user"`
-Argon2 hash.Argon2Params  `yaml:"argon2" json:"argon2" mapstructure:"argon2"`
-WebService config.WebService `yaml:"webservice" json:"webservice" mapstructure:"webservice"`
-PasswordPolicy string `yaml:"password-policy" json:"password-policy" mapstructure:"password-policy"`
-RootPassword string `yaml:"root-password" json:"root_password" mapstructure:"root-password"`
-IntermediatePassword string `yaml:"intermediate-password" json:"intermediate_password" mapstructure:"intermediate-password"`
-ServerPassword string `yaml:"server-password" json:"server_password" mapstructure:"server-password"`
-EKAuth string `yaml:"ek-auth" json:"ek_auth mapstructure:"ek-auth"`
-SRKAuth string `yaml:"srk-auth" json:"srk_auth mapstructure:"srk-auth"`
+CAConfig ca.Config  `yaml:"certificate-authority" json:"certificate_authority" mapstructure:"certificate-authority"`
+TPMConfig tpm2.Config  `yaml:"tpm" json:"tpm" mapstructure:"tpm"`
+PKCS11Config pkcs11.Config  `yaml:"pkcs11" json:"pkcs11" mapstructure:"pkcs11"`
+AttestationConfig config.Attestation  `yaml:"attestation" json:"attestation" mapstructure:"attestation"`
+DebugFlag bool  `yaml:"debug" json:"debug" mapstructure:"debug"`
+DebugSecretsFlag bool  `yaml:"debug-secrets" json:"debug-secrets" mapstructure:"debug-secrets"`
+PlatformDir string  `yaml:"platform-dir" json:"platform_dir" mapstructure:"platform-dir"`
+ConfigDir string  `yaml:"config-dir" json:"config_dir" mapstructure:"config-dir"`
+LogDir string  `yaml:"log-dir" json:"log_dir" mapstructure:"log-dir"`
+Logger *logging.Logger  `yaml:"-" json:"-" mapstructure:"-"`
+RuntimeUser string  `yaml:"runtime-user" json:"runtime_user" mapstructure:"runtime-user"`
+Argon2 argon2.Argon2Params `yaml:"argon2" json:"argon2" mapstructure:"argon2"`
+WebService config.WebService  `yaml:"webservice" json:"webservice" mapstructure:"webservice"`
+PasswordPolicy string  `yaml:"password-policy" json:"password-policy" mapstructure:"password-policy"`
+RootPassword string  `yaml:"root-password" json:"root_password" mapstructure:"root-password"`
+IntermediatePassword string  `yaml:"intermediate-password" json:"intermediate_password" mapstructure:"intermediate-password"`
+ServerPassword string  `yaml:"server-password" json:"server_password" mapstructure:"server-password"`
+EKAuth string  `yaml:"ek-auth" json:"ek_auth mapstructure:"ek-auth"`
+SRKAuth string  `yaml:"srk-auth" json:"srk_auth mapstructure:"srk-auth"`
 cAPassword string
 }
 

pkg/config.yaml

@@ -203,14 +203,16 @@ certificate-authority:
  # Supported schemes: RSA_PSS | RSA_PKCS1v15
  rsa-scheme: RSA_PSS
 
- # The default algorithm to use when creating keys and certificates
+ # The key algorithm used for the CA signing certificate
  # Supported algorithms: RSA, ECC
- key-algorithm: RSA
+ # key-algorithm: RSA
+ key-algorithm: ECC
 
  # The default signature algorithm
  # Any fully supported Go x509 SignatureAlgorithm:
  # https://pkg.go.dev/crypto/x509#SignatureAlgorithm
- signature-algorithm: SHA256WithRSA
+ # signature-algorithm: SHA256WithRSA
+ signature-algorithm: ECDSAWithSHA256
 
  # The Elliptical Curve Cryptography Curve
  # Supported curves: P224, P256, P384, P521

pkg/crypto/aesgcm/aesgcm.go

@@ -0,0 +1,117 @@
+package aesgcm
+
+import (
+"crypto/aes"
+"crypto/cipher"
+"crypto/rand"
+"errors"
+"fmt"
+"io"
+
+"github.com/op/go-logging"
+)
+
+var (
+ErrInvalidNonce = errors.New("crypto/cipher: incorrect nonce length given to GCM")
+ErrMessageTooLarge = errors.New("crypto/cipher: message too large for GCM")
+ErrInvalidBufferOverlap = errors.New("crypto/cipher: invalid buffer overlap")
+)
+
+type AESGCM struct {
+logger *logging.Logger
+debugSecrets bool
+random io.Reader
+}
+
+// AES CGM encrypter / decrypter. Accepts a logger and optional source of
+// entropy, such as the TPM or an HSM. A randomly generated nonce, not exceeding
+// 96 bits, is automatically generated to add nonce misuse-resistance.
+//
+// In addition, this code wraps the panic that the Golang runtime throws
+// when a nonce is incorrect, a message is too large, or a buffer overlap is
+// detected, and returns a recoverable error instead of allowing it to crash
+// servers.
+// https://pkg.go.dev/crypto/cipher
+// https://datatracker.ietf.org/doc/html/rfc8452
+func NewAESGCM(
+logger *logging.Logger,
+debugSecrets bool,
+random io.Reader) AESGCM {
+
+if random == nil {
+random = rand.Reader
+}
+return AESGCM{
+logger: logger,
+debugSecrets: debugSecrets,
+random: random,
+}
+}
+
+// Seal the provided plain-test and "additional data" data
+// with the specified encryption key, using AES256 in GCM mode,
+// which provides authenticated encryption. Returns the ciphertext
+// and a nonce, used as the Initialization Vector for the AES
+// counter mode.
+func (this AESGCM) Seal(key, data, additionalData []byte) ([]byte, []byte, error) {
+
+block, err := aes.NewCipher(key)
+if err != nil {
+return nil, nil, err
+}
+
+// IV's longer than 96 bits require additional calcuations
+// https://crypto.stackexchange.com/questions/41601/aes-gcm-recommended-iv-size-why-12-bytes
+nonce := make([]byte, 12)
+if _, err := io.ReadFull(this.random, nonce); err != nil {
+return nil, nil, err
+}
+
+aesgcm, err := cipher.NewGCM(block)
+if err != nil {
+return nil, nil, err
+}
+
+ciphertext := aesgcm.Seal(nil, nonce, data, additionalData)
+
+if this.debugSecrets {
+this.logger.Debugf("aesgcm/Seal: key: %s", string(key))
+this.logger.Debugf("aesgcm/Seal: data: %s", string(data))
+this.logger.Debugf("aesgcm/Seal: additionalData: %s", string(data))
+}
+
+this.logger.Debugf("aesgcm/Seal: ciphtertext: %x\n", ciphertext)
+this.logger.Debugf("aesgcm/Seal: nonce: %x\n", nonce)
+
+return ciphertext, nonce, nil
+}
+
+// Seal encrypts and authenticates plaintext, authenticates the
+// additional data and
+func (this AESGCM) Open(key, ciphertext, nonce, additionalData []byte) (plaintext []byte, err error) {
+block, err := aes.NewCipher(key)
+if err != nil {
+this.logger.Error(err)
+return nil, err
+}
+aesgcm, err := cipher.NewGCM(block)
+if err != nil {
+this.logger.Error(err)
+return nil, err
+}
+defer func() error {
+// Recover from panic to keep prevent servers from crashing
+if r := recover(); r != nil {
+this.logger.Debugf("aesgcm/Open: panic: %s", r)
+err = fmt.Errorf("%s", r)
+}
+return nil
+}()
+plaintext, err = aesgcm.Open(nil, nonce, ciphertext, additionalData)
+if err != nil {
+this.logger.Error(err)
+return nil, err
+}
+
+return plaintext, nil
+}

pkg/crypto/aesgcm/aesgcm_test.go

@@ -0,0 +1,85 @@
+package aesgcm
+
+import (
+"crypto/rand"
+"io"
+"os"
+"testing"
+
+"github.com/op/go-logging"
+"github.com/stretchr/testify/assert"
+)
+
+func TestSealWithoutAdditionalData(t *testing.T) {
+
+logger := createLogger()
+
+// Use rand.Reader for entropy
+aesgcm := NewAESGCM(logger, true, nil)
+
+// Generate a key
+key := make([]byte, 32)
+_, err := io.ReadFull(rand.Reader, key)
+assert.Nil(t, err)
+
+// Seal the data and get back the cipher-text and nonce
+secret := []byte("my-secret")
+ciphertext, nonce, err := aesgcm.Seal(key, secret, nil)
+
+// Open the cipher-text using the nonce returned from Seal
+decrypted, err := aesgcm.Open(key, ciphertext, nonce, nil)
+assert.Nil(t, err)
+assert.Equal(t, secret, decrypted)
+
+// Ensure failure with a bad nonce
+_, err = aesgcm.Open(key, ciphertext, []byte("foo"), nil)
+assert.NotNil(t, err)
+assert.Equal(t, ErrInvalidNonce, err)
+}
+
+func TestSealWithAdditionalData(t *testing.T) {
+
+logger := createLogger()
+
+// Use rand.Reader for entropy
+aesgcm := NewAESGCM(logger, true, nil)
+
+// Generate a key
+key := make([]byte, 32)
+_, err := io.ReadFull(rand.Reader, key)
+assert.Nil(t, err)
+
+// Create "additional data". The Open operation will fail
+// if the additional data does not match the same data
+// that was passed to Seal.
+additionalData := []byte("some authorization data")
+
+// Seal the data and get back the cipher-text and nonce
+secret := []byte("my-secret")
+ciphertext, nonce, err := aesgcm.Seal(key, secret, additionalData)
+
+// Open the cipher-text using the nonce returned from Seal
+decrypted, err := aesgcm.Open(key, ciphertext, nonce, additionalData)
+assert.Nil(t, err)
+assert.Equal(t, secret, decrypted)
+
+// Ensure failure when additional data doesnt match
+_, err = aesgcm.Open(key, ciphertext, nonce, []byte("foo"))
+assert.NotNil(t, err)
+}
+
+// Create a logger for the tests
+func createLogger() *logging.Logger {
+stdout := logging.NewLogBackend(os.Stdout, "", 0)
+logging.SetBackend(stdout)
+logger := logging.MustGetLogger("tpm")
+
+logFormat := logging.MustStringFormatter(
+`%{color}%{time:15:04:05.000} %{shortpkg}.%{shortfunc} %{level:.4s} %{id:03x}%{color:reset} %{message}`,
+)
+logFormatter := logging.NewBackendFormatter(stdout, logFormat)
+backends := logging.MultiLogger(stdout, logFormatter)
+logging.SetBackend(backends)
+
+return logger
+}

pkg/hash/argon2.go renamed to pkg/crypto/argon2/argon2id.go

@@ -1,4 +1,4 @@
-package hash
+package argon2
 
 import (
 "crypto/subtle"
@@ -12,23 +12,10 @@ import (
 )
 
 var (
-ErrInvalidHash = errors.New("argon2di: invalid format")
-ErrIncompatibleVersion = errors.New("argon2di: version incompatible")
+ErrInvalidHash = errors.New("argon2id: invalid format")
+ErrIncompatibleVersion = errors.New("argon2id: version incompatible")
 )
 
-type Argon2Params struct {
-Memory uint32 `yaml:"memory" json:"memory" mapstructure:"memory"`
-Iterations uint32 `yaml:"iterations" json:"iterations" mapstructure:"iterations"`
-Parallelism uint8 `yaml:"parallelism" json:"parallelism" mapstructure:"parallelism"`
-SaltLength uint32 `yaml:"saltLen" json:"saltLen" mapstructure:"saltLen"`
-KeyLength uint32 `yaml:"keyLen" json:"keyLen" mapstructure:"keyLen"`
-}
-
-type Argon2 interface {
-Hash(password string) (string, error)
-Compare(password, hash string) (match bool, err error)
-}
-
 type Argon2Hasher struct {
 random io.Reader
 params Argon2Params

pkg/hash/argon2_test.go renamed to pkg/crypto/argon2/argon2id_test.go

@@ -1,4 +1,4 @@
-package hash
+package argon2
 
 import (
 "crypto/rand"