diff options
| author | Louis Collard <louiscollard@chromium.org> | 2019-02-20 18:20:39 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2019-02-27 13:43:51 -0800 |
| commit | 123d910ed128f25569ab7e3fb4b886a73026d48f (patch) | |
| tree | 31bfeb07daba78f0a46b84db0fa28dec8773919e | |
| parent | 161d43aa085c5f83f58da708804425e1f4e2eaa9 (diff) | |
| download | chrome-ec-123d910ed128f25569ab7e3fb4b886a73026d48f.tar.gz | |
cr50: Update U2F key generation to meet FIPS requirements.
This change adds a new random salt generated and persisted
during first use of U2F to DRBG initialization.
Also marks the key handle as 'additional input' rather than
including in initial inialization value.
BUG=b:112603199
BRANCH=none
TEST=test firmware_Cr50U2fCommands
Change-Id: Ied2d994dc2e3ed2741188fd8039ae8c255218e67
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1478536
Reviewed-by: Andrey Pronin <apronin@chromium.org>
| -rw-r--r-- | board/cr50/tpm_nvmem_ops.h | 3 | ||||
| -rw-r--r-- | board/cr50/u2f.c | 23 |
2 files changed, 23 insertions, 3 deletions
diff --git a/board/cr50/tpm_nvmem_ops.h b/board/cr50/tpm_nvmem_ops.h index d01c804c4e..d12eb1bb5f 100644 --- a/board/cr50/tpm_nvmem_ops.h +++ b/board/cr50/tpm_nvmem_ops.h @@ -20,7 +20,8 @@ enum tpm_write_rv { }; enum tpm_nv_hidden_object { - TPM_HIDDEN_U2F_KEK + TPM_HIDDEN_U2F_KEK, + TPM_HIDDEN_U2F_KH_SALT, }; enum tpm_read_rv read_tpm_nvmem(uint16_t object_index, diff --git a/board/cr50/u2f.c b/board/cr50/u2f.c index 16960812ea..d9cc8c7989 100644 --- a/board/cr50/u2f.c +++ b/board/cr50/u2f.c @@ -70,6 +70,7 @@ enum u2f_mode { static uint32_t salt[8]; static uint32_t salt_kek[8]; +static uint32_t salt_kh[8]; static uint8_t u2f_mode = MODE_UNSET; static const uint8_t k_salt = NVMEM_VAR_U2F_SALT; @@ -123,6 +124,24 @@ static int load_state(void) return 0; } + if (read_tpm_nvmem_hidden( + TPM_HIDDEN_U2F_KH_SALT, + sizeof(salt_kh), salt_kh) == + tpm_read_not_found) { + /* + * We have never used u2f before - generate + * new seed. + */ + if (!DCRYPTO_ladder_random(salt_kh)) + return 0; + + if (write_tpm_nvmem_hidden( + TPM_HIDDEN_U2F_KH_SALT, + sizeof(salt_kh), salt_kh, 1 /* commit */) != + tpm_write_created) + return 0; + } + return 1; } @@ -242,13 +261,13 @@ int u2f_origin_user_keypair(const uint8_t *key_handle, return EC_ERROR_UNKNOWN; hmac_drbg_init(&drbg, + salt_kh, P256_NBYTES, dev_salt, P256_NBYTES, - key_handle, P256_NBYTES * 2, NULL, 0); hmac_drbg_generate(&drbg, key_seed, sizeof(key_seed), - NULL, 0); + key_handle, P256_NBYTES * 2); return DCRYPTO_p256_key_from_bytes( pk_x, pk_y, d, key_seed) == 0; |