cr50: add derivation functions using the key-ladder

Add functions to do key derivation for the U2F code,
using the hardware key-ladder.

Signed-off-by: Vincent Palatin <vpalatin@chromium.org>

BRANCH=cr50
BUG=b:35545754
TEST=with follow-up CLs, run U2FTest on Eve

Change-Id: I5960fb9baa7ca555423a956fb97ef2bdee82feee
Reviewed-on: https://chromium-review.googlesource.com/525539
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>

1 files changed, 29 insertions, 1 deletions

diff --git a/chip/g/dcrypto/app_key.c b/chip/g/dcrypto/app_key.c
index b471a4f714..e2b709f3c0 100644
--- a/chip/g/dcrypto/app_key.c
+++ b/chip/g/dcrypto/app_key.c
@@ -11,7 +11,7 @@
 
 const struct {
 	const char *name;
-	/* SHA256(name, strlen(name)) */
+	/* SHA256(name) */
 	const uint32_t digest[SHA256_DIGEST_WORDS];
 } dcrypto_app_names[] = {
 	{
@@ -28,6 +28,27 @@ const struct {
 			0x5801c4ce,  0x8e7c7654,  0xa2a13c85,  0x875779b6
 		}
 	},
+	{
+		"U2F_ATTEST",
+		{
+			0xe108bde1,  0xb87820a9,  0x8b4b943a,  0xc7c1dbc4,
+			0xa027d3f1,  0x96538c5f,  0x49a07d16,  0xd0c8e1da
+		}
+	},
+	{
+		"U2F_ORIGIN",
+		{
+			0xeb4ba9f1,  0x12b0ec6c,  0xd0791cd4,  0x4a1f4e6d,
+			0x51e60c00,  0xad84c2c0,  0x38b78b24,  0x1ded57ea
+		}
+	},
+	{
+		"U2F_WRAP",
+		{
+			0xa013e112,  0x4cb0134c,  0x1cab1edf,  0xbd741b61,
+			0xcd375bcd,  0x8065e8cc,  0xc892ed69,  0x72436c7d
+		}
+	},
 };
 
 int DCRYPTO_appkey_init(enum dcrypto_appid appid, struct APPKEY_CTX *ctx)
@@ -46,3 +67,10 @@ void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx)
 	always_memset(ctx, 0, sizeof(struct APPKEY_CTX));
 	GREG32(KEYMGR, AES_WIPE_SECRETS) = 1;
 }
+
+int DCRYPTO_appkey_derive(enum dcrypto_appid appid, const uint32_t input[8],
+			  uint32_t output[8])
+{
+	return !!dcrypto_ladder_derive(appid, dcrypto_app_names[appid].digest,
+				       input, output);
+}