m/p/tpm: use secretbox with seal/unseal for larger payloads
Natively the Seal/Unseal operation in the TPM 2.0 specification only
supports up to 128 bytes of payload. If you need to seal more than that
the specification tells you to generate and seal a key and use that to
encrypt and authenticate the rest of the data. This CL implements said
mechanism transparently as part of the Seal and Unseal functions using
a nacl-compatible secretbox as the authenticated encryption primitive.
Change-Id: I0a724b12aae5e5151d103b52ed13b71c864076ab
Reviewed-on: https://review.monogon.dev/c/monogon/+/626
Reviewed-by: Sergiusz Bazanski <serge@monogon.tech>
diff --git a/metropolis/pkg/tpm/proto/tpm.proto b/metropolis/pkg/tpm/proto/tpm.proto
new file mode 100644
index 0000000..29b74aa
--- /dev/null
+++ b/metropolis/pkg/tpm/proto/tpm.proto
@@ -0,0 +1,16 @@
+syntax = "proto3";
+option go_package = "source.monogon.dev/metropolis/pkg/tpm/proto";
+package metropolis.pkg.tpm;
+
+import "proto/tpm.proto";
+
+// ExtendedSealedBytes contains data sealed by a TPM2 via an indirection to
+// allow for more than 128 bytes of payload. It seals an ephemeral key for
+// a nacl secretbox in the TPM and stores the encrypted box next to the sealed
+// key.
+message ExtendedSealedBytes {
+ // The secretbox key, as sealed by the TPM.
+ .proto.SealedBytes sealed_key = 1;
+ // The encrypted box contents.
+ bytes encrypted_payload = 2;
+}
\ No newline at end of file