From 6411a5423abea4651448ef9494e9c31d881bd01f Mon Sep 17 00:00:00 2001 From: Meng-Huan Yu Date: Fri, 9 Nov 2018 21:30:45 +0800 Subject: CR50: Fix ECC key generation to match the code used in factory Fix the workaround of ECC key generation. The workaround crrev.com/c/360441 for b/35576109 use a wrong EK template to generate the hash (object name of publicArea), and the format of that embedded hash is incorrect either. BRANCH=none BUG=b:35576109,b:80207339 TEST=Dump the EK seed from CR50 and verify the public and private key are matched in both cr50-side (also checked returned value of CreatePrimary) and factory-side. Change-Id: Ia53084757d9d848fd92e6ca309de83450cb64309 Signed-off-by: Meng-Huan Yu Reviewed-on: https://chromium-review.googlesource.com/1329261 Reviewed-by: Marius Schilder Reviewed-by: Andrey Pronin --- board/cr50/tpm2/ecc.c | 42 +++++++++++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 15 deletions(-) (limited to 'board/cr50/tpm2/ecc.c') diff --git a/board/cr50/tpm2/ecc.c b/board/cr50/tpm2/ecc.c index 25ed169832..93002a17ee 100644 --- a/board/cr50/tpm2/ecc.c +++ b/board/cr50/tpm2/ecc.c @@ -129,13 +129,27 @@ CRYPT_RESULT _cpri__EccPointMultiply( } } -static const TPM2B_32_BYTE_VALUE ECC_TEMPLATE_EK_EXTRA = { - .t = {32, { - 0xC2, 0xE0, 0x31, 0x93, 0x40, 0xFB, 0x48, 0xF1, - 0x02, 0x53, 0x9E, 0xA9, 0x83, 0x63, 0xF8, 0x1E, - 0x2D, 0x30, 0x6E, 0x91, 0x8D, 0xD7, 0x78, 0xAB, - 0xF0, 0x54, 0x73, 0xA2, 0xA6, 0x0D, 0xAE, 0x09, - } +/* The name field of TPM2B_NAME is a TPMT_HA */ +static const uint8_t TPM2_ECC_EK_NAME_TEMPLATE[] = { + /* TPM_ALG_SHA256 in big endian. */ + 0x00, 0x0b, + /* SHA256 digest of the default template TPMT_PUBLIC. */ + 0x0f, 0x12, 0x77, 0xa2, 0xf3, 0xf3, 0x82, 0xe7, + 0xf7, 0x5d, 0xb4, 0x66, 0xfa, 0xc2, 0x34, 0x18, + 0x2a, 0x8d, 0x62, 0xf9, 0x7d, 0xfb, 0xaa, 0xe7, + 0xb0, 0x6f, 0xdf, 0x52, 0xbd, 0xa5, 0x14, 0x67 +}; +BUILD_ASSERT(sizeof(TPM2_ECC_EK_NAME_TEMPLATE) == 2 + SHA256_DIGEST_SIZE); + +/* The first 4 bytes of the wrong template used in factory + * c2e0319340fb48f102539ea98363f81e2d306e918dd778abf05473a2a60dae09 + */ +static const TPM2B_4_BYTE_VALUE TPM2_ECC_EK_NAME_CR50 = { + .t = { + .size = 4, + .buffer = { + 0xc2, 0xe0, 0x31, 0x93 + }, } }; @@ -148,7 +162,6 @@ CRYPT_RESULT _cpri__GenerateKeyEcc( { TPM2B_4_BYTE_VALUE marshaled_counter = { .t = {4} }; TPM2B_32_BYTE_VALUE local_seed = { .t = {32} }; - TPM2B_4_BYTE_VALUE truncated_extra = { .t = {4} }; TPM2B *local_extra; uint32_t count = 0; uint8_t key_bytes[P256_NBYTES]; @@ -173,15 +186,14 @@ CRYPT_RESULT _cpri__GenerateKeyEcc( memcpy(local_seed.t.buffer, DCRYPTO_HMAC_final(&hmac), local_seed.t.size); always_memset(&hmac, 0, sizeof(hmac)); - /* TODO(ngm): CRBUG/P/55260: the personalize code uses only - * the first 4 bytes of extra. + /* b/35576109: the personalize code uses only the first 4 bytes + * of extra. */ - if (extra && extra->size == ECC_TEMPLATE_EK_EXTRA.b.size && + if (extra && extra->size == sizeof(TPM2_ECC_EK_NAME_TEMPLATE) && memcmp(extra->buffer, - ECC_TEMPLATE_EK_EXTRA.b.buffer, - ECC_TEMPLATE_EK_EXTRA.b.size) == 0) { - memcpy(truncated_extra.b.buffer, extra->buffer, 4); - local_extra = &truncated_extra.b; + TPM2_ECC_EK_NAME_TEMPLATE, + sizeof(TPM2_ECC_EK_NAME_TEMPLATE)) == 0) { + local_extra = (TPM2B *) &TPM2_ECC_EK_NAME_CR50.b; } else { local_extra = extra; } -- cgit v1.2.1