1 files changed, 28 insertions, 5 deletions

diff --git a/board/cr50/u2f.c b/board/cr50/u2f.c
index 7c6273823c..7fe1f6484f 100644
--- a/board/cr50/u2f.c
+++ b/board/cr50/u2f.c
@@ -201,7 +201,8 @@ int u2f_origin_user_keyhandle(const uint8_t *origin, const uint8_t *user,
 
 int u2f_origin_user_versioned_keyhandle(
 	const uint8_t *origin, const uint8_t *user, const uint8_t *origin_seed,
-	uint8_t version, struct u2f_versioned_key_handle *key_handle)
+	uint8_t version,
+	struct u2f_versioned_key_handle_header *key_handle_header)
 {
 	LITE_HMAC_CTX ctx;
 	struct u2f_state *state = get_state();
@@ -209,16 +210,17 @@ int u2f_origin_user_versioned_keyhandle(
 	if (!state)
 		return EC_ERROR_UNKNOWN;
 
-	key_handle->version = version;
-	memcpy(key_handle->origin_seed, origin_seed, P256_NBYTES);
+	key_handle_header->version = version;
+	memcpy(key_handle_header->origin_seed, origin_seed, P256_NBYTES);
 
 	DCRYPTO_HMAC_SHA256_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE);
 	HASH_update(&ctx.hash, origin, P256_NBYTES);
 	HASH_update(&ctx.hash, user, P256_NBYTES);
 	HASH_update(&ctx.hash, origin_seed, P256_NBYTES);
-	HASH_update(&ctx.hash, &version, sizeof(key_handle->version));
+	HASH_update(&ctx.hash, &version, sizeof(key_handle_header->version));
 
-	memcpy(key_handle->hmac, DCRYPTO_HMAC_final(&ctx), SHA256_DIGEST_SIZE);
+	memcpy(key_handle_header->kh_hmac, DCRYPTO_HMAC_final(&ctx),
+	       SHA256_DIGEST_SIZE);
 
 	return EC_SUCCESS;
 }
@@ -250,6 +252,27 @@ int u2f_origin_user_keypair(const uint8_t *key_handle, size_t key_handle_size,
 	return EC_SUCCESS;
 }
 
+int u2f_authorization_hmac(const uint8_t *authorization_salt,
+			   const struct u2f_versioned_key_handle_header *header,
+			   const uint8_t *auth_time_secret_hash, uint8_t *hmac)
+{
+	LITE_HMAC_CTX ctx;
+	struct u2f_state *state = get_state();
+
+	if (!state)
+		return EC_ERROR_UNKNOWN;
+
+	DCRYPTO_HMAC_SHA256_init(&ctx, state->salt_kek, SHA256_DIGEST_SIZE);
+	HASH_update(&ctx.hash, authorization_salt, U2F_AUTHORIZATION_SALT_SIZE);
+	HASH_update(&ctx.hash, (uint8_t *)header,
+		    sizeof(struct u2f_versioned_key_handle_header));
+	HASH_update(&ctx.hash, auth_time_secret_hash, SHA256_DIGEST_SIZE);
+
+	memcpy(hmac, DCRYPTO_HMAC_final(&ctx), SHA256_DIGEST_SIZE);
+
+	return EC_SUCCESS;
+}
+
 int u2f_gen_kek(const uint8_t *origin, uint8_t *kek, size_t key_len)
 {
 	uint32_t buf[P256_NDIGITS];