diff options
author | Louis Collard <louiscollard@chromium.org> | 2019-01-28 21:07:10 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-01-31 18:18:49 -0800 |
commit | 5dedcb076082293782b0d720886d709150dfef2d (patch) | |
tree | fbd291d9bce0033eb9c2c9fac18c358a6d864ed8 /board/cr50/u2f.c | |
parent | c758f2f435a54615507319200615a2a35a088100 (diff) | |
download | chrome-ec-5dedcb076082293782b0d720886d709150dfef2d.tar.gz |
cr50: Change U2F key derivation to include user secrets.
Currently it is assumed that the user secret is passed to
cr50 in plaintext for each command. A future CL will change
this so that the user secret is sent once per 'session', but
this will not impact key derivation.
BUG=b:112603199
BRANCH=none
TEST=manual tests on local device
Change-Id: I25bc8986a25defbc60ac32311c8747db3071e469
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1436975
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'board/cr50/u2f.c')
-rw-r--r-- | board/cr50/u2f.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/board/cr50/u2f.c b/board/cr50/u2f.c index 0d474ef33d..16960812ea 100644 --- a/board/cr50/u2f.c +++ b/board/cr50/u2f.c @@ -208,6 +208,52 @@ int u2f_origin_key(const uint8_t *seed, p256_int *d) (const uint8_t *)tmp) == 0; } +int u2f_origin_user_keyhandle(const uint8_t *origin, + const uint8_t *user, + const uint8_t *origin_seed, + uint8_t *key_handle) +{ + LITE_HMAC_CTX ctx; + + memcpy(key_handle, origin_seed, P256_NBYTES); + + DCRYPTO_HMAC_SHA256_init(&ctx, salt_kek, SHA256_DIGEST_SIZE); + HASH_update(&ctx.hash, origin, P256_NBYTES); + HASH_update(&ctx.hash, user, P256_NBYTES); + HASH_update(&ctx.hash, origin_seed, P256_NBYTES); + + memcpy(key_handle + P256_NBYTES, + DCRYPTO_HMAC_final(&ctx), SHA256_DIGEST_SIZE); + + return EC_SUCCESS; +} + +int u2f_origin_user_keypair(const uint8_t *key_handle, + p256_int *d, + p256_int *pk_x, + p256_int *pk_y) +{ + uint32_t dev_salt[P256_NDIGITS]; + uint8_t key_seed[P256_NBYTES]; + + struct drbg_ctx drbg; + + if (!_derive_key(U2F_ORIGIN, salt_kek, dev_salt)) + return EC_ERROR_UNKNOWN; + + hmac_drbg_init(&drbg, + dev_salt, P256_NBYTES, + key_handle, P256_NBYTES * 2, + NULL, 0); + + hmac_drbg_generate(&drbg, + key_seed, sizeof(key_seed), + NULL, 0); + + return DCRYPTO_p256_key_from_bytes( + pk_x, pk_y, d, key_seed) == 0; +} + int u2f_gen_kek(const uint8_t *origin, uint8_t *kek, size_t key_len) { uint32_t buf[P256_NDIGITS]; |