diff options
author | Allen Webb <allenwebb@google.com> | 2018-01-31 11:21:20 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-04-27 12:22:25 -0700 |
commit | c61479bbd82bc33c159d09958d79d633755f8735 (patch) | |
tree | 192c37e31a277b5971aeab498387022cbd1c1be9 /board/host | |
parent | 6e7193c4587c13d69e8f4990252623284e84893f (diff) | |
download | chrome-ec-c61479bbd82bc33c159d09958d79d633755f8735.tar.gz |
Cr50: Added Pinweaver base implementation.
This adds some of the ground work for hardware backed brute force
resistance on Cr50. The feature is called Pinweaver. It will
initially be used to enable PIN authentication on CrOS devices
without reducing the security of the platform. A Merkle tree is
used to validate encrypted metadata used to track login attempts.
The metadata tracks counts of failed attempts, a timestamp of the
last failed attempt, the secrets, and any associated parameters.
Instead of storing the metadata on Cr50 an AES-CTR is used with an
HMAC to encrypt the data so it can be stored off-chip and loaded
when needed.
The Merkle tree is used to track the current state of all the
metadata to prevent replay attacks of previously exported copies.
It is a tree of hashes whose root hash is stored on Cr50, and whose
leaves are the HMACs of the encrypted metadata.
BRANCH=none
BUG=chromium:809730, chromium:809741, chromium:809743, chromium:809747
TEST=cd ~/src/platform/ec && V=1 make run-pinweaver -j
Change-Id: Id10bb49d8ebc5a487dd90c6093bc0f51dadbd124
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/895395
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'board/host')
-rw-r--r-- | board/host/dcrypto.h | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/board/host/dcrypto.h b/board/host/dcrypto.h new file mode 100644 index 0000000000..f949ef4352 --- /dev/null +++ b/board/host/dcrypto.h @@ -0,0 +1,61 @@ +/* Copyright 2018 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +/* Provides the minimal declarations needed by pinweaver to build on + * CHIP_HOST. + */ + +#ifndef __CROS_EC_DCRYPTO_HOST_H +#define __CROS_EC_DCRYPTO_HOST_H + +#include <sha256.h> +#include <stdint.h> +#include <string.h> + +#define AES256_BLOCK_CIPHER_KEY_SIZE 32 +#define SHA256_DIGEST_SIZE 32 + +#define HASH_CTX sha256_ctx + +enum dcrypto_appid { + RESERVED = 0, + NVMEM = 1, + U2F_ATTEST = 2, + U2F_ORIGIN = 3, + U2F_WRAP = 4, + PERSO_AUTH = 5, + PINWEAVER = 6, + /* This enum value should not exceed 7. */ +}; + +struct dcrypto_mock_ctx_t { + struct HASH_CTX hash; +}; +#define LITE_HMAC_CTX struct dcrypto_mock_ctx_t +#define LITE_SHA256_CTX struct HASH_CTX + +void HASH_update(struct HASH_CTX *ctx, const void *data, size_t len); + +uint8_t *HASH_final(struct HASH_CTX *ctx); + +void DCRYPTO_SHA256_init(LITE_SHA256_CTX *ctx, uint32_t sw_required); + +void DCRYPTO_HMAC_SHA256_init(LITE_HMAC_CTX *ctx, const void *key, + unsigned int len); +const uint8_t *DCRYPTO_HMAC_final(LITE_HMAC_CTX *ctx); + +int DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key, uint32_t key_bits, + const uint8_t *iv, const uint8_t *in, size_t in_len); + +struct APPKEY_CTX {}; + +int DCRYPTO_appkey_init(enum dcrypto_appid appid, struct APPKEY_CTX *ctx); + +void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx); + +int DCRYPTO_appkey_derive(enum dcrypto_appid appid, const uint32_t input[8], + uint32_t output[8]); + +#endif /* __CROS_EC_HOST_DCRYPTO_H */ |