diff options
| author | Archie Pusaka <apusaka@chromium.org> | 2020-07-30 03:10:06 +0000 |
|---|---|---|
| committer | Archie Pusaka <apusaka@chromium.org> | 2020-07-30 03:20:25 +0000 |
| commit | 7db60152e13aea29b04b2f9a1e16abbc89d2010a (patch) | |
| tree | 9416281449431960e18165457b0f825ac9f20c69 /board | |
| parent | d2627d12bb21308f49a72cadaf47a0a86730a960 (diff) | |
| download | chrome-ec-7db60152e13aea29b04b2f9a1e16abbc89d2010a.tar.gz | |
Revert "u2f: Append hmac of auth time secret to versioned KH"
This reverts commit d2627d12bb21308f49a72cadaf47a0a86730a960.
Reason for revert: Causing crbug.com/1111182
Original change's description:
> u2f: Append hmac of auth time secret to versioned KH
>
> When generating versioned KHs, u2fd should send a public derivative
> (sha256) of the user's auth time secret to cr50. Cr50 derives an
> hmac of it and appends this authorization_hmac to the KH.
>
> When signing versioned KHs, u2fd may supply the unhashed auth time
> secret. Cr50 will check the authorization_hmac if no power button press.
> If the reconstructed hmac matches authorization_hmac, power button press
> is waived.
>
> Currently for v1, we will just prepare the authorization_hmac but not
> enforce it. This is because fingerprint and PIN are unable to unlock
> the same secret.
>
> While we waive power button press for v1, we can enforce
> authorization_hmac whenever auth-time secrets is ready.
>
> BUG=b:144861739
> TEST=- Use a known 32-byte "auth-time secret"
> - Compute the sha256 of the auth-time secret (this is public)
> - u2f_generate with the computed "authTimeSecretHash"
> - Add code to u2f_sign command handler such that cr50 computes
> the sha256 of the supplied auth-time secret at u2f_sign time
> and require power button press if the hmac doesn't match.
> - u2f_sign with the true auth-time secret -> observe in logging
> that hmac matches, and no power button press required.
> - u2f_sign with a wrong auth-time secret -> observe in logging
> that hmac doesn't match, and power button press is required
> for signing.
>
> Cq-Depend: chromium:2321731
> Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
> Signed-off-by: Yicheng Li <yichengli@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Bug: b:144861739
Cq-Depend: chromium:2327779
Exempt-From-Owner-Approval: Causing crbug.com/1111182
Change-Id: I8c8a594d148b92556b20a2753aa1007cf2c1676b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2327358
Tested-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Yicheng Li <yichengli@chromium.org>
Reviewed-by: Archie Pusaka <apusaka@chromium.org>
Commit-Queue: Archie Pusaka <apusaka@chromium.org>
Diffstat (limited to 'board')
| -rw-r--r-- | board/cr50/u2f.c | 30 |
1 files changed, 5 insertions, 25 deletions
diff --git a/board/cr50/u2f.c b/board/cr50/u2f.c index 8bca1d8271..7c6273823c 100644 --- a/board/cr50/u2f.c +++ b/board/cr50/u2f.c @@ -201,8 +201,7 @@ int u2f_origin_user_keyhandle(const uint8_t *origin, const uint8_t *user, int u2f_origin_user_versioned_keyhandle( const uint8_t *origin, const uint8_t *user, const uint8_t *origin_seed, - uint8_t version, - struct u2f_versioned_key_handle_header *key_handle_header) + uint8_t version, struct u2f_versioned_key_handle *key_handle) { LITE_HMAC_CTX ctx; struct u2f_state *state = get_state(); @@ -210,17 +209,16 @@ int u2f_origin_user_versioned_keyhandle( if (!state) return EC_ERROR_UNKNOWN; - key_handle_header->version = version; - memcpy(key_handle_header->origin_seed, origin_seed, P256_NBYTES); + key_handle->version = version; + memcpy(key_handle->origin_seed, origin_seed, P256_NBYTES); DCRYPTO_HMAC_SHA256_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE); HASH_update(&ctx.hash, origin, P256_NBYTES); HASH_update(&ctx.hash, user, P256_NBYTES); HASH_update(&ctx.hash, origin_seed, P256_NBYTES); - HASH_update(&ctx.hash, &version, sizeof(key_handle_header->version)); + HASH_update(&ctx.hash, &version, sizeof(key_handle->version)); - memcpy(key_handle_header->kh_hmac, DCRYPTO_HMAC_final(&ctx), - SHA256_DIGEST_SIZE); + memcpy(key_handle->hmac, DCRYPTO_HMAC_final(&ctx), SHA256_DIGEST_SIZE); return EC_SUCCESS; } @@ -252,24 +250,6 @@ int u2f_origin_user_keypair(const uint8_t *key_handle, size_t key_handle_size, return EC_SUCCESS; } -int u2f_authorization_hmac(const uint8_t *authorization_salt, - const uint8_t *auth_time_secret_hash, uint8_t *hmac) -{ - LITE_HMAC_CTX ctx; - struct u2f_state *state = get_state(); - - if (!state) - return EC_ERROR_UNKNOWN; - - DCRYPTO_HMAC_SHA256_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE); - HASH_update(&ctx.hash, authorization_salt, U2F_AUTHORIZATION_SALT_SIZE); - HASH_update(&ctx.hash, auth_time_secret_hash, P256_NBYTES); - - memcpy(hmac, DCRYPTO_HMAC_final(&ctx), SHA256_DIGEST_SIZE); - - return EC_SUCCESS; -} - int u2f_gen_kek(const uint8_t *origin, uint8_t *kek, size_t key_len) { uint32_t buf[P256_NDIGITS]; |