diff options
-rw-r--r-- | board/cr50/tpm2/ecc.c | 17 | ||||
-rw-r--r-- | board/cr50/tpm2/rsa.c | 22 |
2 files changed, 35 insertions, 4 deletions
diff --git a/board/cr50/tpm2/ecc.c b/board/cr50/tpm2/ecc.c index e54a74dee7..d6f73c0cf1 100644 --- a/board/cr50/tpm2/ecc.c +++ b/board/cr50/tpm2/ecc.c @@ -22,6 +22,7 @@ static void reverse_tpm2b(TPM2B *b) } TPM2B_BYTE_VALUE(4); +TPM2B_BYTE_VALUE(32); static int check_p256_param(const TPM2B_ECC_PARAMETER *a) { @@ -135,8 +136,10 @@ CRYPT_RESULT _cpri__GenerateKeyEcc( TPM2B *seed, const char *label, TPM2B *extra, UINT32 *counter) { TPM2B_4_BYTE_VALUE marshaled_counter = { .t = {4} }; + TPM2B_32_BYTE_VALUE local_seed = { .t = {32} }; uint32_t count = 0; uint8_t key_bytes[P256_NBYTES]; + LITE_HMAC_CTX hmac; if (curve_id != TPM_ECC_NIST_P256) return CRYPT_PARAMETER; @@ -150,10 +153,18 @@ CRYPT_RESULT _cpri__GenerateKeyEcc( if (count == 0) count++; + /* Hash down the primary seed for ECC key generation, so that + * the derivation tree is distinct from RSA key derivation. */ + DCRYPTO_HMAC_SHA256_init(&hmac, seed->buffer, seed->size); + HASH_update(&hmac.hash, "ECC", 4); + memcpy(local_seed.t.buffer, DCRYPTO_HMAC_final(&hmac), + local_seed.t.size); + for (; count != 0; count++) { memcpy(marshaled_counter.t.buffer, &count, sizeof(count)); - _cpri__KDFa(hash_alg, seed, label, extra, &marshaled_counter.b, - sizeof(key_bytes) * 8, key_bytes, NULL, FALSE); + _cpri__KDFa(hash_alg, &local_seed.b, label, extra, + &marshaled_counter.b, sizeof(key_bytes) * 8, key_bytes, + NULL, FALSE); if (DCRYPTO_p256_key_from_bytes( (p256_int *) q->x.b.buffer, (p256_int *) q->y.b.buffer, @@ -169,6 +180,8 @@ CRYPT_RESULT _cpri__GenerateKeyEcc( break; } } + /* TODO(ngm): implement secure memset. */ + memset(local_seed.t.buffer, 0, local_seed.t.size); if (count == 0) FAIL(FATAL_ERROR_INTERNAL); diff --git a/board/cr50/tpm2/rsa.c b/board/cr50/tpm2/rsa.c index 985bbd58a0..d578a5eb06 100644 --- a/board/cr50/tpm2/rsa.c +++ b/board/cr50/tpm2/rsa.c @@ -278,6 +278,8 @@ static int generate_prime(struct BIGNUM *b, TPM_ALG_ID hashing, TPM2B *seed, return 0; } +TPM2B_BYTE_VALUE(32); + CRYPT_RESULT _cpri__GenerateKeyRSA( TPM2B *N_buf, TPM2B *p_buf, uint16_t num_bits, uint32_t e_buf, TPM_ALG_ID hashing, TPM2B *seed, @@ -301,6 +303,8 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( struct BIGNUM N; uint32_t counter; + TPM2B_32_BYTE_VALUE local_seed = { .t = {32} }; + LITE_HMAC_CTX hmac; if (num_bits & 0xF) return CRYPT_FAIL; @@ -310,6 +314,13 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( if (seed == NULL || seed->size * 8 < 2 * security_strength) return CRYPT_FAIL; + /* Hash down the primary seed for RSA key generation, so that + * the derivation tree is distinct from ECC key derivation. */ + DCRYPTO_HMAC_SHA256_init(&hmac, seed->buffer, seed->size); + HASH_update(&hmac.hash, "RSA", 4); + memcpy(local_seed.t.buffer, DCRYPTO_HMAC_final(&hmac), + local_seed.t.size); + if (e_buf == 0) e_buf = RSA_F4; @@ -323,17 +334,23 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( counter = *counter_in; else counter = 1; - if (!generate_prime(&p, hashing, seed, label, extra, &counter)) { + if (!generate_prime(&p, hashing, &local_seed.b, label, extra, + &counter)) { if (counter_in != NULL) *counter_in = counter; + /* TODO(ngm): implement secure memset. */ + memset(local_seed.t.buffer, 0, local_seed.t.size); return CRYPT_FAIL; } if (label == label_p) label = label_q; - if (!generate_prime(&q, hashing, seed, label, extra, &counter)) { + if (!generate_prime(&q, hashing, &local_seed.b, label, extra, + &counter)) { if (counter_in != NULL) *counter_in = counter; + /* TODO(ngm): implement secure memset. */ + memset(local_seed.t.buffer, 0, local_seed.t.size); return CRYPT_FAIL; } @@ -347,6 +364,7 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( reverse_tpm2b(p_buf); /* TODO(ngm): replace with secure memset. */ memset(q_buf, 0, sizeof(q_buf)); + memset(local_seed.t.buffer, 0, local_seed.t.size); return CRYPT_SUCCESS; } |