diff options
author | nagendra modadugu <ngm@google.com> | 2016-07-14 15:49:34 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-07-21 17:32:20 -0700 |
commit | 68244c3f4e67a5dd620ac186c9ad72ab712cc6e7 (patch) | |
tree | 666774a31608222c2f7e725e2cb3baccec34104e | |
parent | b1c3aa2080f6edefa51c7c0b99c4d6c6b10303d1 (diff) | |
download | chrome-ec-68244c3f4e67a5dd620ac186c9ad72ab712cc6e7.tar.gz |
CR50: match private key against certs on endorsement
This change updates the ecc and rsa key generation templates.
Due to crosbug.com/p/55260 in which the TPMT_PUBLIC template is
truncated during personalization, ecc generation requires a
workaround.
For RSA, allow the standard template to be used even on development
builds.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
BUG=chrome-os-partner:50115,chrome-os-partner:55260
TEST=test full personalize + cros_ack verify cert flow
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/360441
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit db5a1ca8a40be9bf7e741637cd8d7f15f520ab11)
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit b6620239bb7c4f5900051677f40f161c0a853a94)
Change-Id: I1af83f1ec86e7ee4d325a4b7aabe03ce08c4108b
Reviewed-on: https://chromium-review.googlesource.com/362142
Reviewed-by: Nagendra Modadugu <ngm@google.com>
-rw-r--r-- | board/cr50/tpm2/ecc.c | 26 | ||||
-rw-r--r-- | board/cr50/tpm2/rsa.c | 29 |
2 files changed, 42 insertions, 13 deletions
diff --git a/board/cr50/tpm2/ecc.c b/board/cr50/tpm2/ecc.c index d6f73c0cf1..a35f974ce2 100644 --- a/board/cr50/tpm2/ecc.c +++ b/board/cr50/tpm2/ecc.c @@ -128,6 +128,16 @@ CRYPT_RESULT _cpri__EccPointMultiply( } } +static const TPM2B_32_BYTE_VALUE ECC_TEMPLATE_EK_EXTRA = { + .t = {32, { + 0xC2, 0xE0, 0x31, 0x93, 0x40, 0xFB, 0x48, 0xF1, + 0x02, 0x53, 0x9E, 0xA9, 0x83, 0x63, 0xF8, 0x1E, + 0x2D, 0x30, 0x6E, 0x91, 0x8D, 0xD7, 0x78, 0xAB, + 0xF0, 0x54, 0x73, 0xA2, 0xA6, 0x0D, 0xAE, 0x09, + } + } +}; + /* Key generation based on FIPS-186.4 section B.1.2 (Key Generation by * Testing Candidates) */ CRYPT_RESULT _cpri__GenerateKeyEcc( @@ -137,6 +147,8 @@ CRYPT_RESULT _cpri__GenerateKeyEcc( { TPM2B_4_BYTE_VALUE marshaled_counter = { .t = {4} }; TPM2B_32_BYTE_VALUE local_seed = { .t = {32} }; + TPM2B_4_BYTE_VALUE truncated_extra = { .t = {4} }; + TPM2B *local_extra; uint32_t count = 0; uint8_t key_bytes[P256_NBYTES]; LITE_HMAC_CTX hmac; @@ -159,10 +171,22 @@ CRYPT_RESULT _cpri__GenerateKeyEcc( HASH_update(&hmac.hash, "ECC", 4); memcpy(local_seed.t.buffer, DCRYPTO_HMAC_final(&hmac), local_seed.t.size); + /* TODO(ngm): CRBUG/P/55260: the personalize code uses only + * the first 4 bytes of extra. + */ + if (extra && extra->size == ECC_TEMPLATE_EK_EXTRA.b.size && + memcmp(extra->buffer, + ECC_TEMPLATE_EK_EXTRA.b.buffer, + ECC_TEMPLATE_EK_EXTRA.b.size) == 0) { + memcpy(truncated_extra.b.buffer, extra->buffer, 4); + local_extra = &truncated_extra.b; + } else { + local_extra = extra; + } for (; count != 0; count++) { memcpy(marshaled_counter.t.buffer, &count, sizeof(count)); - _cpri__KDFa(hash_alg, &local_seed.b, label, extra, + _cpri__KDFa(hash_alg, &local_seed.b, label, local_extra, &marshaled_counter.b, sizeof(key_bytes) * 8, key_bytes, NULL, FALSE); if (DCRYPTO_p256_key_from_bytes( diff --git a/board/cr50/tpm2/rsa.c b/board/cr50/tpm2/rsa.c index 6ee310dbce..f01024fd7e 100644 --- a/board/cr50/tpm2/rsa.c +++ b/board/cr50/tpm2/rsa.c @@ -283,6 +283,15 @@ static int generate_prime(struct LITE_BIGNUM *b, TPM_ALG_ID hashing, return 0; } +#ifdef CRYPTO_TEST_SETUP +static const uint8_t VERIFY_SEED[32] = { + 0x54, 0xef, 0xe3, 0xe9, 0x1e, 0xfa, 0xad, 0x9b, + 0x18, 0x3f, 0x27, 0x12, 0xfd, 0xe7, 0xfb, 0xc6, + 0x60, 0xcc, 0x34, 0x05, 0x00, 0x7d, 0x21, 0x6e, + 0xc2, 0x1e, 0x78, 0xbe, 0x61, 0xc8, 0x41, 0x99 +}; +#endif + CRYPT_RESULT _cpri__GenerateKeyRSA( TPM2B *N_buf, TPM2B *p_buf, uint16_t num_bits, uint32_t e_buf, TPM_ALG_ID hashing, TPM2B *seed, @@ -317,11 +326,15 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( return CRYPT_FAIL; /* Hash down the primary seed for RSA key generation, so that - * the derivation tree is distinct from ECC key derivation. */ + * the derivation tree is distinct from ECC key derivation. + */ #ifdef CRYPTO_TEST_SETUP - /* Test seed has already been hashed down. */ - memcpy(local_seed.t.buffer, seed->buffer, seed->size); -#else + if (seed->size == sizeof(VERIFY_SEED) && + memcmp(seed->buffer, VERIFY_SEED, seed->size) == 0) { + /* Test seed has already been hashed down. */ + memcpy(local_seed.t.buffer, seed->buffer, seed->size); + } else +#endif { LITE_HMAC_CTX hmac; @@ -330,7 +343,6 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( memcpy(local_seed.t.buffer, DCRYPTO_HMAC_final(&hmac), local_seed.t.size); } -#endif if (e_buf == 0) e_buf = RSA_F4; @@ -758,13 +770,6 @@ static const TPM2B_PUBLIC_KEY_RSA RSA_2048_Q = { } }; -static const uint8_t VERIFY_SEED[32] = { - 0x54, 0xef, 0xe3, 0xe9, 0x1e, 0xfa, 0xad, 0x9b, - 0x18, 0x3f, 0x27, 0x12, 0xfd, 0xe7, 0xfb, 0xc6, - 0x60, 0xcc, 0x34, 0x05, 0x00, 0x7d, 0x21, 0x6e, - 0xc2, 0x1e, 0x78, 0xbe, 0x61, 0xc8, 0x41, 0x99 -}; - #define MAX_MSG_BYTES RSA_MAX_BYTES #define MAX_LABEL_LEN 32 |