diff options
Diffstat (limited to 'common/u2f.c')
-rw-r--r-- | common/u2f.c | 76 |
1 files changed, 25 insertions, 51 deletions
diff --git a/common/u2f.c b/common/u2f.c index 3f21187781..eaeb38b08c 100644 --- a/common/u2f.c +++ b/common/u2f.c @@ -10,7 +10,6 @@ #include "cryptoc/sha256.h" #include "dcrypto.h" #include "extension.h" -#include "fips_rand.h" #include "system.h" #include "u2f_impl.h" #include "u2f.h" @@ -128,10 +127,8 @@ static enum vendor_cmd_rc u2f_generate(enum vendor_cmd_cc code, void *buf, struct u2f_key_handle kh; struct u2f_versioned_key_handle vkh; } kh_buf; - size_t keypair_input_size = - (kh_version == 0) ? - sizeof(kh_buf.kh) : - sizeof(struct u2f_versioned_key_handle_header); + size_t kh_size = (kh_version == 0) ? sizeof(kh_buf.kh) : + sizeof(kh_buf.vkh); /* Whether key handle generation succeeded */ int generate_kh_rc; @@ -171,14 +168,13 @@ static enum vendor_cmd_rc u2f_generate(enum vendor_cmd_cc code, void *buf, else generate_kh_rc = u2f_origin_user_versioned_keyhandle( req->appId, req->userSecret, od_seed, - kh_version, &kh_buf.vkh.header); + kh_version, &kh_buf.vkh); if (generate_kh_rc != EC_SUCCESS) return VENDOR_RC_INTERNAL_ERROR; generate_keypair_rc = u2f_origin_user_keypair( - (uint8_t *)&kh_buf, keypair_input_size, &od, &opk_x, - &opk_y); + (uint8_t *)&kh_buf, kh_size, &od, &opk_x, &opk_y); } while (generate_keypair_rc == EC_ERROR_TRY_AGAIN); if (generate_keypair_rc != EC_SUCCESS) @@ -192,16 +188,6 @@ static enum vendor_cmd_rc u2f_generate(enum vendor_cmd_cc code, void *buf, copy_kh_pubkey_out(&opk_x, &opk_y, &kh_buf.kh, buf); *response_size = sizeof(struct u2f_generate_resp); } else { - if (!fips_rand_bytes(kh_buf.vkh.authorization_salt, - U2F_AUTHORIZATION_SALT_SIZE)) - return VENDOR_RC_INTERNAL_ERROR; - - if (u2f_authorization_hmac(kh_buf.vkh.authorization_salt, - req->authTimeSecretHash, - kh_buf.vkh.authorization_hmac) != - EC_SUCCESS) - return VENDOR_RC_INTERNAL_ERROR; - copy_versioned_kh_pubkey_out(&opk_x, &opk_y, &kh_buf.vkh, buf); *response_size = sizeof(struct u2f_generate_versioned_resp); } @@ -256,14 +242,14 @@ static int verify_kh_owned(const uint8_t *user_secret, const uint8_t *app_id, return rc; } -static int verify_versioned_kh_owned( - const uint8_t *user_secret, const uint8_t *app_id, - const struct u2f_versioned_key_handle_header *key_handle_header, - int *owned) +static int +verify_versioned_kh_owned(const uint8_t *user_secret, const uint8_t *app_id, + const struct u2f_versioned_key_handle *key_handle, + int *owned) { int rc; /* Re-created key handle. */ - struct u2f_versioned_key_handle_header recreated_kh_header; + struct u2f_versioned_key_handle recreated_kh; /* * Re-create the key handle and compare against that which @@ -272,13 +258,13 @@ static int verify_versioned_kh_owned( */ rc = u2f_origin_user_versioned_keyhandle(app_id, user_secret, - key_handle_header->origin_seed, - key_handle_header->version, - &recreated_kh_header); + key_handle->origin_seed, + key_handle->version, + &recreated_kh); if (rc == EC_SUCCESS) - *owned = safe_memcmp(&recreated_kh_header, key_handle_header, - sizeof(recreated_kh_header)) == 0; + *owned = safe_memcmp(&recreated_kh, key_handle, + sizeof(recreated_kh)) == 0; return rc; } @@ -335,8 +321,8 @@ static enum vendor_cmd_rc u2f_sign(enum vendor_cmd_cc code, void *buf, /* Version of KH; 0 if KH is not versioned. */ uint8_t version; - /* Size of the part of KH used to derive keypair, in bytes. */ - size_t keypair_input_size; + /* Size of KH in bytes. */ + size_t kh_size; int verify_owned_rc; @@ -348,19 +334,18 @@ static enum vendor_cmd_rc u2f_sign(enum vendor_cmd_cc code, void *buf, key_handle = (uint8_t *)&req->keyHandle; hash = req->hash; flags = req->flags; - keypair_input_size = sizeof(struct u2f_key_handle); + kh_size = sizeof(struct u2f_key_handle); verify_owned_rc = verify_kh_owned(req->userSecret, req->appId, &req->keyHandle, &kh_owned); } else if (input_size == sizeof(struct u2f_sign_versioned_req)) { - version = req_versioned->keyHandle.header.version; + version = req_versioned->keyHandle.version; key_handle = (uint8_t *)&req_versioned->keyHandle; hash = req_versioned->hash; flags = req_versioned->flags; - keypair_input_size = - sizeof(struct u2f_versioned_key_handle_header); + kh_size = sizeof(struct u2f_versioned_key_handle); verify_owned_rc = verify_versioned_kh_owned( req_versioned->userSecret, req_versioned->appId, - &req_versioned->keyHandle.header, &kh_owned); + &req_versioned->keyHandle, &kh_owned); } else { return VENDOR_RC_BOGUS_ARGS; } @@ -393,28 +378,17 @@ static enum vendor_cmd_rc u2f_sign(enum vendor_cmd_cc code, void *buf, if ((flags & U2F_AUTH_CHECK_ONLY) == U2F_AUTH_CHECK_ONLY) return VENDOR_RC_SUCCESS; - /* - * Enforce user presence for version 0 KHs, with optional consume. - */ - if (pop_check_presence(flags & G2F_CONSUME) != POP_TOUCH_YES) { - if (version != U2F_KH_VERSION_1) - return VENDOR_RC_NOT_ALLOWED; - if ((flags & U2F_AUTH_FLAG_TUP) != 0) - return VENDOR_RC_NOT_ALLOWED; - /* - * TODO(yichengli): When auth-time secrets is ready, enforce - * authorization hmac when no power button press. - */ - } + /* Always enforce user presence, with optional consume. */ + if (pop_check_presence(flags & G2F_CONSUME) != POP_TOUCH_YES) + return VENDOR_RC_NOT_ALLOWED; /* Re-create origin-specific key. */ if (legacy_kh) { if (u2f_origin_key(legacy_origin_seed, &origin_d) != EC_SUCCESS) return VENDOR_RC_INTERNAL_ERROR; } else { - if (u2f_origin_user_keypair(key_handle, keypair_input_size, - &origin_d, NULL, - NULL) != EC_SUCCESS) + if (u2f_origin_user_keypair(key_handle, kh_size, &origin_d, + NULL, NULL) != EC_SUCCESS) return VENDOR_RC_INTERNAL_ERROR; } |