Add support for 256 bit AES block size encryption

RSA 3072, RSA 4096, ECDSA P384 and ECDSA P512 EKs use a different
AES block size for credential activation.

Author: hslatman

attest/activation.go

@@ -23,9 +23,9 @@ const (
 	// activationSecretLen is the size in bytes of the generated secret
 	// which is generated for credential activation.
 	activationSecretLen = 32
-	// symBlockSize is the block size used for symmetric ciphers used
-	// when generating the credential activation challenge.
-	symBlockSize = 16
+	// defaultSymBlockSize is the block size used for symmetric ciphers
+	// used when generating the credential activation challenge.
+	defaultSymBlockSize = 16
 	// tpm20GeneratedMagic is a magic tag when can only be present on a
 	// TPM structure if the structure was generated wholly by the TPM.
 	tpm20GeneratedMagic = 0xff544347
@@ -239,7 +239,8 @@ func (p *ActivationParameters) generateChallengeTPM20(secret []byte) (*Encrypted
 	if att.AttestedCreationInfo.Name.Digest == nil {
 		return nil, fmt.Errorf("attestation creation info name has no digest")
 	}
-	cred, encSecret, err := credactivation.Generate(att.AttestedCreationInfo.Name.Digest, p.EK, symBlockSize, secret)
+
+	cred, encSecret, err := credactivation.Generate(att.AttestedCreationInfo.Name.Digest, p.EK, symBlockSizeForEK(p.EK), secret)
 	if err != nil {
 		return nil, fmt.Errorf("credactivation.Generate() failed: %v", err)
 	}

attest/certification.go

@@ -17,6 +17,8 @@ package attest
 import (
 	"bytes"
 	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
 	"errors"
@@ -191,6 +193,23 @@ func (p *CertificationParameters) Verify(opts VerifyOpts) error {
 	return nil
 }
 
+func symBlockSizeForEK(ek crypto.PublicKey) int {
+	// see TCG EK Credential Profile Version 2.6, December 4, 2024, B.4.4 Storage EK Template
+	symBlockSize := defaultSymBlockSize // default to 16 bytes; 128 bits
+	switch pk := ek.(type) {
+	case *rsa.PublicKey:
+		if pk.Size() >= 384 { // RSA 3072, RSA 4096
+			symBlockSize = 32 // 32 bytes; 256 bits
+		}
+	case *ecdsa.PublicKey:
+		if pk.Curve == elliptic.P384() || pk.Curve == elliptic.P521() {
+			symBlockSize = 32 // 32 bytes; 256 bits
+		}
+	}
+
+	return symBlockSize
+}
+
 // Generate returns a credential activation challenge, which can be provided
 // to the TPM to verify the AK parameters given are authentic & the AK
 // is present on the same TPM as the EK.
@@ -225,7 +244,7 @@ func (p *CertificationParameters) Generate(rnd io.Reader, verifyOpts VerifyOpts,
 		return nil, nil, fmt.Errorf("attestation does not apply to certify data, got %x", att.Type)
 	}
 
-	cred, encSecret, err := credactivation.Generate(activateOpts.VerifierKeyNameDigest, activateOpts.EK, symBlockSize, secret)
+	cred, encSecret, err := credactivation.Generate(activateOpts.VerifierKeyNameDigest, activateOpts.EK, symBlockSizeForEK(activateOpts.EK), secret)
 	if err != nil {
 		return nil, nil, fmt.Errorf("credactivation.Generate() failed: %v", err)
 	}

attest/certification_test.go

@@ -22,6 +22,8 @@ package attest
 import (
 	"bytes"
 	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/rsa"
 	"testing"
@@ -397,3 +399,91 @@ func TestKeyActivationTPM20(t *testing.T) {
 		})
 	}
 }
+
+func Test_symBlockSizeForEK(t *testing.T) {
+	t.Parallel()
+
+	t.Run("rsa-2048", func(t *testing.T) {
+		t.Parallel()
+
+		k, err := rsa.GenerateKey(rand.Reader, 2048)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		symBlockSize := symBlockSizeForEK(k.Public())
+		if symBlockSize != 16 {
+			t.Errorf("unexpected symBlockSize %d; expected 16", symBlockSize)
+		}
+	})
+
+	t.Run("rsa-3072", func(t *testing.T) {
+		t.Parallel()
+
+		k, err := rsa.GenerateKey(rand.Reader, 3072)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		symBlockSize := symBlockSizeForEK(k.Public())
+		if symBlockSize != 32 {
+			t.Errorf("unexpected symBlockSize %d; expected 32", symBlockSize)
+		}
+	})
+
+	t.Run("rsa-4096", func(t *testing.T) {
+		t.Parallel()
+
+		k, err := rsa.GenerateKey(rand.Reader, 4096)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		symBlockSize := symBlockSizeForEK(k.Public())
+		if symBlockSize != 32 {
+			t.Errorf("unexpected symBlockSize %d; expected 32", symBlockSize)
+		}
+	})
+
+	t.Run("ecdsa-P256", func(t *testing.T) {
+		t.Parallel()
+
+		k, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		symBlockSize := symBlockSizeForEK(k.Public())
+		if symBlockSize != 16 {
+			t.Errorf("unexpected symBlockSize %d; expected 16", symBlockSize)
+		}
+	})
+
+	t.Run("ecdsa-P384", func(t *testing.T) {
+		t.Parallel()
+
+		k, err := ecdsa.GenerateKey(elliptic.P384(), rand.Reader)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		symBlockSize := symBlockSizeForEK(k.Public())
+		if symBlockSize != 32 {
+			t.Errorf("unexpected symBlockSize %d; expected 32", symBlockSize)
+		}
+	})
+
+	t.Run("ecdsa-P521", func(t *testing.T) {
+		t.Parallel()
+
+		k, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
+		if err != nil {
+			t.Fatalf("unexpected error: %v", err)
+		}
+
+		symBlockSize := symBlockSizeForEK(k.Public())
+		if symBlockSize != 32 {
+			t.Errorf("unexpected symBlockSize %d; expected 32", symBlockSize)
+		}
+	})
+}