add PIN support to KeyData #289
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chrisccoulson
force-pushed
the
add-pin-support
branch
11 times, most recently
from
e962462 to
df90496
Compare
chrisccoulson
force-pushed
the
add-pin-support
branch
2 times, most recently
from
80c464f to
c04178f
Compare
This adds PIN support to KeyData which is distinct from the existing passphrase support. Passphrases are used both for authentication with the hardware element (such as the TPM) and for additional encryption on the host CPU with a passphrase derived key, and are intended to use a memory hard key derivation. The intention here is that this configuration provides some additional protection in the event of a TPM compromise (eg, say a TPM manufacturer is coerced by a government agency to provide firmware that bypasses authentications), where sensitive data is able to be extracted without the usual authentication, because extracting the secret from the TPM will not be sufficient to obtain all of the key material necessary to unlock a device. PINs (in the literal sense) have a fairly low entropy - an 8 digit PIN only has an entropy of 26.5bits, so this additional encryption will provide little protection in the event of a TPM compromise - if sensitive data is obtained from the TPM, the 26.5bits of entropy won't provide a significant barrier to deriving the remaining key material necessary to unlock a device. We take advantage of this by implementing distinct PIN support that is only used for authentication. With this in mind, the memory hard key derivation does not provide a lot of benefit, so PINs only support PBKDF2, and it can be configured to run faster than the key derivation for passphrases. In that sense, PIN support is essentially just a faster and slightly weaker passphrase. As the PIN is a PIN in the literal sense, it is encoded as a length prefixed binary number before going through the key derivation. This only implements the support to KeyData for now - unlocking support will be added in another PR.
chrisccoulson
force-pushed
the
add-pin-support
branch
from
c04178f to
1d0d689
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
(Draft until #348 has landed and this PR has some unit tests).
This adds PIN support to KeyData which is distinct from the existing
passphrase support.
Passphrases are used both for authentication with the hardware element
(such as the TPM) and for additional encryption on the host CPU with a
passphrase derived key, and are intended to use a memory hard key
derivation. The intention here is that this configuration provides some
additional protection in the event of a TPM compromise (eg, say a TPM
manufacturer is coerced by a government agency to provide firmware that
bypasses authentications), where sensitive data is able to be extracted
without the usual authentication, because extracting the secret from the
TPM will not be sufficient to obtain all of the key material necessary
to unlock a device.
PINs (in the literal sense) have a fairly low entropy - an 8 digit PIN
only has an entropy of 26.5bits, so this additional encryption will
provide little protection in the event of a TPM compromise - if
sensitive data is obtained from the TPM, the 26.5bits of entropy won't
provide a significant barrier to deriving the remaining key material
necessary to unlock a device. We take advantage of this by implementing
distinct PIN support that is only used for authentication. With this in
mind, the memory hard key derivation does not provide a lot of benefit,
so PINs only support PBKDF2, and it can be configured to run faster
than the key derivation for passphrases. In that sense, PIN support is
essentially just a faster and slightly weaker passphrase.
As the PIN is a PIN in the literal sense, it is encoded as a length
prefixed binary number before going through the key derivation.
This only implements the support to KeyData for now - unlocking support
will be added in another PR.