cr50: Revert U2F_Sign back to not checking authorization

In crrev.com/c/3221264 we uncommented the code that starts checking
auth_hmac for v1 key handles, but u2fd is not ready to provide the auth
secret yet. Comment the code back and put NULL for authTimeSecret for v1
key handles before secret enforement is implemented in u2fd.

BUG=b:210366574, b:172971998
TEST=make buildall -j

Change-Id: I8cf008213c88b8c88ab91f0601c319aea7ebfde0
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3337970
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>

1 files changed, 4 insertions, 3 deletions

diff --git a/common/u2f.c b/common/u2f.c
index d164c49b2f..d446887423 100644
--- a/common/u2f.c
+++ b/common/u2f.c
@@ -190,10 +190,11 @@ enum vendor_cmd_rc u2f_sign_cmd(enum vendor_cmd_cc code, void *buf,
 		origin = req->v1.appId;
 		/**
 		 * TODO(b/184393647): Enforce user verification if no user
-		 * presence check is requested.
+		 * presence check is requested. Set
+		 *    authTimeSecret = req->v1.authTimeSecret;
+		 * unconditionally or if (flags & U2F_AUTH_FLAG_TUP) == 0
 		 */
-		if ((flags & U2F_AUTH_FLAG_TUP) == 0)
-			authTimeSecret = (uint8_t *)req->v1.authTimeSecret;
+		authTimeSecret = NULL;
 	} else if (input_size == sizeof(struct u2f_sign_versioned_req_v2)) {
 		kh = (union u2f_key_handle_variant *)&req->v2.keyHandle;
 		kh_version = U2F_KH_VERSION_2;