Support hardware security tokens for preshared key (PSK) rotation

[stv0g]

The general idea would be to use ECDH with a secret key backend on a hardware security token/HSM/TPM to generate a PSK which we either use directly or as an input to Rosenpass (see #53).

This PSK would be rotated every handshake using some sort of sequence no (handshake to be designed).

Existing work

• ssh-agent

• gpg-agent

  • no access to ECDH primitives?

• OpenPGP smartcard via PSCD

  • https://www.procustodibus.com/blog/2023/03/openpgpcard-wireguard-guide/
  • https://git.sr.ht/~arx10/openpgpcard-wireguard-go
  • https://git.sr.ht/~arx10/openpgpcard-x25519-agent

• Apple Secure Enclave

• PKCS11 / OpenSC

  • https://github.com/garnoth/pkclient
  • https://github.com/garnoth/wireguard-HSM

• TPM 2.0/1.1

  • https://linderud.dev/blog/golang-crypto/ecdh-and-the-tpm/

Protocol/curve support for ECDH

	OpenPGP Card (v3.4)12 via PC/SC3	OpenPGP via OpenSC4	Apple Secure Enclave5	PIV via PKCS/11 (YCKS6)	TPM (v1.2)	TPM (v2.0)
Curve255197	✅	✅	❌	❌	❌	?
Curve P-256	✅	✅	✅	✅	❌	✅
Curve P-384	✅	✅	✅	✅	❌	✅

Footnotes

1. Via OpenPGP application on ISO Smart Card Operating Systems ↩

2. https://en.wikipedia.org/wiki/OpenPGP_card ↩

3. https://pcsclite.apdu.fr/ ↩

4. https://github.com/OpenSC/OpenSC ↩

5. Apple's Secure Enclave developer docs ↩

6. Yubico's PKCS/11 module for Yubikeys: https://developers.yubico.com/yubico-piv-tool/YKCS11/ ↩

7. https://en.wikipedia.org/wiki/Curve25519 ↩

[stv0g]

FIDO2 support

• https://support.yubico.com/hc/en-us/articles/360016649319-YubiKey-5-2-Enhancements-to-FIDO-2-Support
• https://fidoalliance.org/specs/fido-v2.0-rd-20180702/fido-client-to-authenticator-protocol-v2.0-rd-20180702.html#sctn-hmac-secret-extension
• https://security.stackexchange.com/questions/270390/can-fido2-hardware-tokens-be-used-for-key-agreement-or-diffie-hellman