summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYicheng Li <yichengli@chromium.org>2020-09-18 11:16:31 -0700
committerCommit Bot <commit-bot@chromium.org>2020-09-18 21:59:04 +0000
commit79d75dccecc66b067b1c0d6ef0ff7d69d01c2b5d (patch)
tree25df89506f0624f5ee267483a103c428c4607be4
parentedd831155f8b6827365d6186c0a4de0947c286f4 (diff)
downloadchrome-ec-stabilize-rust-13514.B-cr50_stab.tar.gz
There is a fips_rand_bytes() call in u2f. Since 5.7/6.7 will be released without FIPS support (and the plan is to move u2f to FIPS later), change that call back to DCRYPTO_ladder_random. This does not affect the canonical (non-versioned) u2f. This only affects the generation of versioned KHs for WebAuthn purposes. BUG=none TEST=make -j BOARD=cr50 Signed-off-by: Yicheng Li <yichengli@chromium.org> Change-Id: I78142efd1b3a8339cce44adc4d3f8e26151b30ce Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2419178 Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
-rw-r--r--common/u2f.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/common/u2f.c b/common/u2f.c
index 8e625c7ff5..5205809379 100644
--- a/common/u2f.c
+++ b/common/u2f.c
@@ -10,7 +10,6 @@
#include "cryptoc/sha256.h"
#include "dcrypto.h"
#include "extension.h"
-#include "fips_rand.h"
#include "system.h"
#include "u2f_impl.h"
#include "u2f.h"
@@ -108,6 +107,9 @@ static enum vendor_cmd_rc u2f_generate(enum vendor_cmd_cc code, void *buf,
size_t response_buf_size = *response_size;
+ /* Authorization salt for versioned KHs */
+ uint8_t *authorization_salt;
+
*response_size = 0;
if (input_size != sizeof(struct u2f_generate_req))
@@ -160,17 +162,19 @@ static enum vendor_cmd_rc u2f_generate(enum vendor_cmd_cc code, void *buf,
copy_kh_pubkey_out(&opk_x, &opk_y, &kh_buf.kh, buf);
*response_size = sizeof(struct u2f_generate_resp);
} else {
- if (!fips_rand_bytes(kh_buf.vkh.authorization_salt,
- U2F_AUTHORIZATION_SALT_SIZE))
+ authorization_salt = od_seed;
+ /* Generate in word-aligned array so that TRNG doesn't crash */
+ if (!DCRYPTO_ladder_random(authorization_salt))
return VENDOR_RC_INTERNAL_ERROR;
- if (u2f_authorization_hmac(kh_buf.vkh.authorization_salt,
- &kh_buf.vkh.header,
- req->authTimeSecretHash,
- kh_buf.vkh.authorization_hmac) !=
- EC_SUCCESS)
+ if (u2f_authorization_hmac(
+ authorization_salt, &kh_buf.vkh.header,
+ req->authTimeSecretHash,
+ kh_buf.vkh.authorization_hmac) != EC_SUCCESS)
return VENDOR_RC_INTERNAL_ERROR;
+ memcpy(&kh_buf.vkh.authorization_salt, authorization_salt,
+ U2F_AUTHORIZATION_SALT_SIZE);
copy_versioned_kh_pubkey_out(&opk_x, &opk_y, &kh_buf.vkh, buf);
*response_size = sizeof(struct u2f_generate_versioned_resp);
}