From 339b2361910e02d2522021d4895b7aa501fdf36c Mon Sep 17 00:00:00 2001
From: Vadim Sukhomlinov <sukhomlinov@google.com>
Date: Fri, 17 Sep 2021 08:22:31 -0700
Subject: cr50: block access to U2F functions in case of FIPS errors

All public functionality of FIPS module should be disabled in case
of FIPS errors.

BUG=b:197893750
TEST=make BOARD=cr50 CRYPTO_TEST=1;
ccd:
fips sha
fips test
u2f_test - should fail

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ice8a0ab6535fcb0bd426ebbe969db1859cbd3ae8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3169097
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
---
 board/cr50/dcrypto/u2f.c | 11 +++++++++++
 board/host/dcrypto.h     |  2 ++
 test/u2f.c               |  5 +++++
 3 files changed, 18 insertions(+)

diff --git a/board/cr50/dcrypto/u2f.c b/board/cr50/dcrypto/u2f.c
index 92b74b002f..21997f07fc 100644
--- a/board/cr50/dcrypto/u2f.c
+++ b/board/cr50/dcrypto/u2f.c
@@ -8,6 +8,7 @@
 #endif
 
 #include "dcrypto.h"
+#include "fips.h"
 #include "fips_rand.h"
 
 #include "u2f_cmds.h"
@@ -233,6 +234,9 @@ enum ec_error_list u2f_generate(const struct u2f_state *state,
 	/* Generated public keys associated with key handle. */
 	p256_int opk_x, opk_y;
 
+	if (!fips_crypto_allowed())
+		return EC_ERROR_HW_INTERNAL;
+
 	/* Compute constants for request key handler version. */
 	if (kh_version == 0) {
 		kh_hmac = kh->v0.hmac;
@@ -298,6 +302,9 @@ enum ec_error_list u2f_authorize_keyhandle(
 	const uint8_t *origin_seed, *kh_hmac;
 	int result = 0;
 
+	if (!fips_crypto_allowed())
+		return EC_ERROR_HW_INTERNAL;
+
 	/*
 	 * Re-create the key handle and compare against that which
 	 * was provided. This allows us to verify that the key handle
@@ -392,6 +399,7 @@ enum ec_error_list u2f_sign(const struct u2f_state *state,
 	struct drbg_ctx ctx;
 	enum ec_error_list result;
 
+	/* u2f_authorize_keyhandle() checks for FIPS errors. */
 	result = u2f_authorize_keyhandle(state, kh, kh_version, user, origin,
 					 authTimeSecretHash);
 
@@ -519,6 +527,9 @@ enum ec_error_list u2f_attest(const struct u2f_state *state,
 
 	enum ec_error_list result;
 
+	if (!fips_crypto_allowed())
+		return EC_ERROR_HW_INTERNAL;
+
 	result = u2f_attest_keyhandle_pubkey(state, kh, kh_version, user,
 					     origin, authTimeSecretHash,
 					     public_key);
diff --git a/board/host/dcrypto.h b/board/host/dcrypto.h
index 6950740f93..481d724986 100644
--- a/board/host/dcrypto.h
+++ b/board/host/dcrypto.h
@@ -82,6 +82,8 @@ void hmac_drbg_init_rfc6979(struct drbg_ctx *ctx, const p256_int *key,
 
 bool fips_rand_bytes(void *buffer, size_t len);
 
+bool fips_crypto_allowed(void);
+
 #endif  /* CONFIG_DCRYPTO_MOCK */
 
 #endif  /* __CROS_EC_HOST_DCRYPTO_H */
diff --git a/test/u2f.c b/test/u2f.c
index 0ef0d55f42..ddaba0e8dd 100644
--- a/test/u2f.c
+++ b/test/u2f.c
@@ -38,6 +38,11 @@ bool fips_trng_bytes(void *buffer, size_t len)
 	return true;
 }
 
+bool fips_crypto_allowed(void)
+{
+	return true;
+}
+
 int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x,
 				   const p256_int *pk_y, const p256_int *serial,
 				   const char *name, uint8_t *cert, const int n)
-- 
cgit v1.2.1