diff options
| -rw-r--r-- | chip/g/dcrypto/dcrypto.h | 4 | ||||
| -rw-r--r-- | chip/g/dcrypto/x509.c | 23 | ||||
| -rw-r--r-- | common/u2f.c | 5 |
3 files changed, 23 insertions, 9 deletions
diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h index bd81b322ac..bf3333e883 100644 --- a/chip/g/dcrypto/dcrypto.h +++ b/chip/g/dcrypto/dcrypto.h @@ -278,6 +278,10 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len, int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x, const p256_int *pk_y, const p256_int *serial, uint8_t *cert, const int n); +int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x, + const p256_int *pk_y, const p256_int *serial, + const char *name, uint8_t *cert, + const int n); /* * Memory related functions. diff --git a/chip/g/dcrypto/x509.c b/chip/g/dcrypto/x509.c index 06d8efdabf..81f1674db1 100644 --- a/chip/g/dcrypto/x509.c +++ b/chip/g/dcrypto/x509.c @@ -405,10 +405,8 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len, /* ---- Certificate generation ---- */ -static void add_common_name(struct asn1 *ctx, int unique) +static void add_common_name(struct asn1 *ctx, const char *cname) { - const char *cname = unique ? STRINGIFY(BOARD) : "U2F"; - SEQ_START(*ctx, V_SEQ, SEQ_SMALL) { SEQ_START(*ctx, V_SET, SEQ_SMALL) { SEQ_START(*ctx, V_SEQ, SEQ_SMALL) { @@ -422,9 +420,9 @@ static void add_common_name(struct asn1 *ctx, int unique) SEQ_END(*ctx); } -int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x, - const p256_int *pk_y, const p256_int *serial, - uint8_t *cert, const int n) +int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x, + const p256_int *pk_y, const p256_int *serial, + const char *name, uint8_t *cert, const int n) { struct asn1 ctx = {cert, 0}; HASH_CTX sha; @@ -460,7 +458,7 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x, SEQ_END(ctx); /* Issuer */ - add_common_name(&ctx, !!serial); + add_common_name(&ctx, name); /* Expiry */ SEQ_START(ctx, V_SEQ, SEQ_SMALL) { @@ -470,7 +468,7 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x, SEQ_END(ctx); /* Subject */ - add_common_name(&ctx, !!serial); + add_common_name(&ctx, name); /* Subject pk */ SEQ_START(ctx, V_SEQ, SEQ_SMALL) { @@ -536,3 +534,12 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x, return ctx.n; } + +int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x, + const p256_int *pk_y, const p256_int *serial, + uint8_t *cert, const int n) +{ + return DCRYPTO_x509_gen_u2f_cert_name(d, pk_x, pk_y, serial, + serial ? STRINGIFY(BOARD) : "U2F", + cert, n); +} diff --git a/common/u2f.c b/common/u2f.c index 282d59808b..c5114431fd 100644 --- a/common/u2f.c +++ b/common/u2f.c @@ -16,6 +16,8 @@ #include "u2f.h" #include "util.h" +#define G2F_CERT_NAME "CrOS" + #define CPRINTF(format, args...) cprintf(CC_EXTENSION, format, ##args) /* Crypto parameters */ @@ -79,7 +81,8 @@ static int individual_cert(const p256_int *d, const p256_int *pk_x, if (system_get_chip_unique_id((uint8_t **)&serial) != P256_NBYTES) return 0; - return DCRYPTO_x509_gen_u2f_cert(d, pk_x, pk_y, serial, cert, n); + return DCRYPTO_x509_gen_u2f_cert_name(d, pk_x, pk_y, serial, + G2F_CERT_NAME, cert, n); } int g2f_attestation_cert(uint8_t *buf) |