diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-17 08:22:31 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-09-17 20:48:59 +0000 |
| commit | 339b2361910e02d2522021d4895b7aa501fdf36c (patch) | |
| tree | e51e1d4fe029aeea91266f9a2fdf2688ce596363 | |
| parent | 469a4055e4b71bf2a8550e837401c255a8f06416 (diff) | |
| download | chrome-ec-339b2361910e02d2522021d4895b7aa501fdf36c.tar.gz | |
cr50: block access to U2F functions in case of FIPS errors
All public functionality of FIPS module should be disabled in case
of FIPS errors.
BUG=b:197893750
TEST=make BOARD=cr50 CRYPTO_TEST=1;
ccd:
fips sha
fips test
u2f_test - should fail
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ice8a0ab6535fcb0bd426ebbe969db1859cbd3ae8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3169097
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
| -rw-r--r-- | board/cr50/dcrypto/u2f.c | 11 | ||||
| -rw-r--r-- | board/host/dcrypto.h | 2 | ||||
| -rw-r--r-- | test/u2f.c | 5 |
3 files changed, 18 insertions, 0 deletions
diff --git a/board/cr50/dcrypto/u2f.c b/board/cr50/dcrypto/u2f.c index 92b74b002f..21997f07fc 100644 --- a/board/cr50/dcrypto/u2f.c +++ b/board/cr50/dcrypto/u2f.c @@ -8,6 +8,7 @@ #endif #include "dcrypto.h" +#include "fips.h" #include "fips_rand.h" #include "u2f_cmds.h" @@ -233,6 +234,9 @@ enum ec_error_list u2f_generate(const struct u2f_state *state, /* Generated public keys associated with key handle. */ p256_int opk_x, opk_y; + if (!fips_crypto_allowed()) + return EC_ERROR_HW_INTERNAL; + /* Compute constants for request key handler version. */ if (kh_version == 0) { kh_hmac = kh->v0.hmac; @@ -298,6 +302,9 @@ enum ec_error_list u2f_authorize_keyhandle( const uint8_t *origin_seed, *kh_hmac; int result = 0; + if (!fips_crypto_allowed()) + return EC_ERROR_HW_INTERNAL; + /* * Re-create the key handle and compare against that which * was provided. This allows us to verify that the key handle @@ -392,6 +399,7 @@ enum ec_error_list u2f_sign(const struct u2f_state *state, struct drbg_ctx ctx; enum ec_error_list result; + /* u2f_authorize_keyhandle() checks for FIPS errors. */ result = u2f_authorize_keyhandle(state, kh, kh_version, user, origin, authTimeSecretHash); @@ -519,6 +527,9 @@ enum ec_error_list u2f_attest(const struct u2f_state *state, enum ec_error_list result; + if (!fips_crypto_allowed()) + return EC_ERROR_HW_INTERNAL; + result = u2f_attest_keyhandle_pubkey(state, kh, kh_version, user, origin, authTimeSecretHash, public_key); diff --git a/board/host/dcrypto.h b/board/host/dcrypto.h index 6950740f93..481d724986 100644 --- a/board/host/dcrypto.h +++ b/board/host/dcrypto.h @@ -82,6 +82,8 @@ void hmac_drbg_init_rfc6979(struct drbg_ctx *ctx, const p256_int *key, bool fips_rand_bytes(void *buffer, size_t len); +bool fips_crypto_allowed(void); + #endif /* CONFIG_DCRYPTO_MOCK */ #endif /* __CROS_EC_HOST_DCRYPTO_H */ diff --git a/test/u2f.c b/test/u2f.c index 0ef0d55f42..ddaba0e8dd 100644 --- a/test/u2f.c +++ b/test/u2f.c @@ -38,6 +38,11 @@ bool fips_trng_bytes(void *buffer, size_t len) return true; } +bool fips_crypto_allowed(void) +{ + return true; +} + int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x, const p256_int *pk_y, const p256_int *serial, const char *name, uint8_t *cert, const int n) |