-
Notifications
You must be signed in to change notification settings - Fork 17
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This adds PIN support to KeyData which is distinct from the existing passphrase support. Passphrases are used both for authentication with the hardware element (such as the TPM) and for additional encryption on the host CPU with a passphrase derived key, and are intended to use a memory hard key derivation. The intention here is that this configuration provides some additional protection in the event of a TPM compromise (eg, say a TPM manufacturer is coerced by a government agency to provide firmware that bypasses authentications), where sensitive data is able to be extracted without the usual authentication, because extracting the secret from the TPM will not be sufficient to obtain all of the key material necessary to unlock a device. PINs (in the literal sense) have a fairly low entropy - an 8 digit PIN only has an entropy of 26.5bits, so this additional encryption will provide little protection in the event of a TPM compromise - if sensitive data is obtained from the TPM, the 26.5bits of entropy won't provide a significant barrier to deriving the remaining key material necessary to unlock a device. We take advantage of this by implementing distinct PIN support that is only used for authentication. With this in mind, the memory hard key derivation does not provide a lot of benefit, so PINs only support PBKDF2, and it can be configured to run faster than the key derivation for passphrases. In that sense, PIN support is essentially just a faster and slightly weaker passphrase. As the PIN is a PIN in the literal sense, it is encoded as a length prefixed binary number before going through the key derivation. This only implements the support to KeyData for now - unlocking support will be added in another PR.
- Loading branch information
1 parent
6c6eebf
commit e962462
Showing
10 changed files
with
353 additions
and
44 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.