diff options
author | Yicheng Li <yichengli@chromium.org> | 2020-09-18 11:16:31 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-09-18 21:59:04 +0000 |
commit | 79d75dccecc66b067b1c0d6ef0ff7d69d01c2b5d (patch) | |
tree | 25df89506f0624f5ee267483a103c428c4607be4 | |
parent | edd831155f8b6827365d6186c0a4de0947c286f4 (diff) | |
download | chrome-ec-stabilize-rust-13514.B-cr50_stab.tar.gz |
u2f: Switch FIPS call back to DCRYPTO for 5.7/6.7stabilize-rust-13555.B-cr50_stabstabilize-rust-13514.B-cr50_stabstabilize-13532.B-cr50_stabstabilize-13525.B-cr50_stabstabilize-13505.85.B-cr50_stabstabilize-13505.73.B-cr50_stabstabilize-13505.65.B-cr50_stabstabilize-13505.63.B-cr50_stabstabilize-13505.111.B-cr50_stabstabilize-13505.100.B-cr50_stabstabilize-13505.1.B-cr50_stabstabilize-13482.B-cr50_stabrelease-R87-13505.B-cr50_stab
There is a fips_rand_bytes() call in u2f. Since 5.7/6.7 will be
released without FIPS support (and the plan is to move u2f to FIPS
later), change that call back to DCRYPTO_ladder_random.
This does not affect the canonical (non-versioned) u2f. This only
affects the generation of versioned KHs for WebAuthn purposes.
BUG=none
TEST=make -j BOARD=cr50
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Change-Id: I78142efd1b3a8339cce44adc4d3f8e26151b30ce
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2419178
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
-rw-r--r-- | common/u2f.c | 20 |
1 files changed, 12 insertions, 8 deletions
diff --git a/common/u2f.c b/common/u2f.c index 8e625c7ff5..5205809379 100644 --- a/common/u2f.c +++ b/common/u2f.c @@ -10,7 +10,6 @@ #include "cryptoc/sha256.h" #include "dcrypto.h" #include "extension.h" -#include "fips_rand.h" #include "system.h" #include "u2f_impl.h" #include "u2f.h" @@ -108,6 +107,9 @@ static enum vendor_cmd_rc u2f_generate(enum vendor_cmd_cc code, void *buf, size_t response_buf_size = *response_size; + /* Authorization salt for versioned KHs */ + uint8_t *authorization_salt; + *response_size = 0; if (input_size != sizeof(struct u2f_generate_req)) @@ -160,17 +162,19 @@ static enum vendor_cmd_rc u2f_generate(enum vendor_cmd_cc code, void *buf, copy_kh_pubkey_out(&opk_x, &opk_y, &kh_buf.kh, buf); *response_size = sizeof(struct u2f_generate_resp); } else { - if (!fips_rand_bytes(kh_buf.vkh.authorization_salt, - U2F_AUTHORIZATION_SALT_SIZE)) + authorization_salt = od_seed; + /* Generate in word-aligned array so that TRNG doesn't crash */ + if (!DCRYPTO_ladder_random(authorization_salt)) return VENDOR_RC_INTERNAL_ERROR; - if (u2f_authorization_hmac(kh_buf.vkh.authorization_salt, - &kh_buf.vkh.header, - req->authTimeSecretHash, - kh_buf.vkh.authorization_hmac) != - EC_SUCCESS) + if (u2f_authorization_hmac( + authorization_salt, &kh_buf.vkh.header, + req->authTimeSecretHash, + kh_buf.vkh.authorization_hmac) != EC_SUCCESS) return VENDOR_RC_INTERNAL_ERROR; + memcpy(&kh_buf.vkh.authorization_salt, authorization_salt, + U2F_AUTHORIZATION_SALT_SIZE); copy_versioned_kh_pubkey_out(&opk_x, &opk_y, &kh_buf.vkh, buf); *response_size = sizeof(struct u2f_generate_versioned_resp); } |