Calling MakeCredential without a TPM

[gaetanww]

In tpm2-tools, tpm2_makecredential can be called without a TPM.
Is there any way to call context.makecredential(...) without initializing a TCTI?

[ionut-arm]

Hi!

That's an interesting idea! The TL;DR is that we don't support this and as far as I can tell, it would be a bit of work to support in the first place.

I had to dig a bit around the specs/implementation of that tpm2_makecredential tool. It seems the TPM2_MakeCredential call (and by extension the ESYS one as well) just perform some convenience cryptographic operations that could be performed off-chip if you have the public part of the sealing key.

This command does not use any TPM secrets nor does it require authorization. It is a convenience function, using the TPM to perform cryptographic calculations that could be done externally.

So in the tool they have code to actually do that, here. I think in this crate's case if we want to do the same thing, we'd do it as an abstraction or maybe a utilty function - not on Context as those are strictly operations done directly involving a TPM.

Actually, come to think of it, this might be better suited for a separate (small) crate - separate folder in this repo - that pulls in only the FFI types and doesn't link with the TSS library, since you don't need to call it, you just need some of the types defined by it.

[puiterwijk]

I actually have an implementation of this for myself, which I planned to open source next week.
If we want, I can also just try to put it here, but otherwise I can send a link to my code once I published that.

[ionut-arm]

Sweet! Is this in Rust?

I'd be more than happy for it to be hosted here, unless you want to upstream it somewhere else - as long as there's an option out there!

[baloo]

I have a usecase that could use a non-TPM backed implementation of make_credentials. If you were willing to share @puiterwijk I'd love to try it out.

[wiktor-k]

I didn't try it but just recently by a random chance I found this: https://github.com/puiterwijk/tpmless-tpm2-rs/blob/main/src/credentials.rs#L62 :

pub fn make_credential<CVT, KT, ONT>(

From @puiterwijk's crate that's described as "Various TPM 2 related functions without the need of a live TPM".

Hopefully this will be relevant to you, if not sorry for the noise :)

[ionut-arm]

There are a couple of problems with that implementation - I was hoping to use it for Parsec testing as well, however:

• It relies on some openssl stuff that's only available on Red Hat distros, through a fork of the repo (mainly talking about the KDF functions)
• It doesn't actually implement the "making the credential" part - the function ends in a todo! after deriving the keys, so the actual credential encryption isn't done.

[wiktor-k]

🤦 I just connected dots that someone was asking about it and didn't read the implementation to the end that it ends with a todo! haha. Too bad that we don't have a Rust implementation (since the one in C from tpm2 would need to be ported just like I did for the Duplicate call).

Okay, it was a noise after all - sorry for the commotion! 🙇

[ionut-arm]

No, I think it's good to have an update on that here! I should've actually written something about it back when I was doing my key attestation work :)

I hope I'll have some time to actually implement the "missing" KDF functions in Rust (by reusing some other pure-Rust crypto crates), implement MakeCredential and then publish that for anyone's use, but I don't really have the bandwidth for that right now - maybe in a couple of months!

[baloo]

I got the make credentials crypto to work with openssl3 (afaik only openssl3 provides the required kdf methods) and custom patches for openssl-rs here: https://github.com/baloo/reproducibility-lab/blob/main/pkgs/pcr-eventlog-attestation/src/tpm/credential.rs

[ionut-arm]

Indeed, I saw that OpenSSL 3 provides the right tools, but there were no proper bindings in Rust, and I couldn't wait for the proper bindings to come out 😢 Glad to see it's been done, though!! Have you tried upstreaming/making the changes in the "official" openssl crate?

[baloo]

yeah, it has been closed because the author merged target branch and I haven't put the effort to rebase/resend the PR.
but if you'd like to, here was my PR: sfackler/rust-openssl#1426