diff options
| author | Louis Collard <louiscollard@chromium.org> | 2019-03-07 18:20:10 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2019-03-11 23:52:18 -0700 |
| commit | d97034c715fd536e2f4ab64f7c54aba53d4afa50 (patch) | |
| tree | e20a9a34b50b6c47081d103735572958a60d4a8c /common/u2f.c | |
| parent | 8b0974714e4de0ef3be0435804f91e157c348dcb (diff) | |
| download | chrome-ec-d97034c715fd536e2f4ab64f7c54aba53d4afa50.tar.gz | |
ec: U2F: Verify key handles before user presence
The 'check-only' variant of the U2F_AUTHENTICATE
command requires us to check the validity of the
key handle before asserting user presence, this
change does that.
This 'check-only' variant of the command does not
need to actually sign anything, so whilst not
necessary for a functioning U2F implementation in
u2fd, this change also adds functionality to return
early without signing, to simplify usage in u2fd.
Note that this change also changes the error code
returned when a normal 'enforce-presence-and-sign'
command is issued with an invalid key handle, and
there is no user presence. This change will be
passed back up the stack to the U2F client; this
is ok as the U2F spec does not specify which error
should take precedence in this situation.
BUG=b:123161715
TEST=test_that .. firmware_Cr50U2fCommands, manual tests with g2ftool
BRANCH=none
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Change-Id: I7146f4687d0f6e6f69d266b9ca337ad37c00fc2c
Reviewed-on: https://chromium-review.googlesource.com/1508132
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Diffstat (limited to 'common/u2f.c')
| -rw-r--r-- | common/u2f.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/common/u2f.c b/common/u2f.c index 2066e64b6a..8ae8402c8c 100644 --- a/common/u2f.c +++ b/common/u2f.c @@ -498,13 +498,17 @@ static enum vendor_cmd_rc u2f_sign(enum vendor_cmd_cc code, if (input_size != sizeof(U2F_SIGN_REQ)) return VENDOR_RC_BOGUS_ARGS; + if (!verify_kh_owned(req->userSecret, req->appId, req->keyHandle)) + return VENDOR_RC_PASSWORD_REQUIRED; + + /* We might not actually need to sign anything. */ + if (req->flags == U2F_AUTH_CHECK_ONLY) + return VENDOR_RC_SUCCESS; + /* Always enforce user presence, with optional consume. */ if (pop_check_presence(req->flags & G2F_CONSUME) != POP_TOUCH_YES) return VENDOR_RC_NOT_ALLOWED; - if (!verify_kh_owned(req->userSecret, req->appId, req->keyHandle)) - return VENDOR_RC_PASSWORD_REQUIRED; - /* Re-create origin-specific key. */ if (u2f_origin_user_keypair( req->keyHandle, &origin_d, NULL, NULL) != EC_SUCCESS) |