diff options
| -rw-r--r-- | board/cr50/dcrypto/u2f_impl.h | 7 | ||||
| -rw-r--r-- | board/cr50/fips_cmd.c | 2 | ||||
| -rw-r--r-- | board/cr50/tpm2/platform.c | 9 | ||||
| -rw-r--r-- | board/cr50/u2f_state_load.c | 27 |
4 files changed, 31 insertions, 14 deletions
diff --git a/board/cr50/dcrypto/u2f_impl.h b/board/cr50/dcrypto/u2f_impl.h index be3fbd6b76..9003db4a03 100644 --- a/board/cr50/dcrypto/u2f_impl.h +++ b/board/cr50/dcrypto/u2f_impl.h @@ -201,14 +201,13 @@ struct u2f_state *u2f_get_state(void); bool u2f_load_or_create_state(struct u2f_state *state, bool force_create); /*** - * Generates and persists to nvram a new seed that will be used to - * derive kek in future calls to u2f_gen_kek(). + * Generates and persists to nvram a new key that will be used to + * sign U2F key handles and check they were created on this device. * - * @param commit whether to commit nvram changes before returning. * @return EC_SUCCESS if seed was successfully created * (and persisted if requested). */ -enum ec_error_list u2f_gen_kek_seed(int commit); +enum ec_error_list u2f_gen_kek_seed(void); /** * Zeroize U2F keys. Can be used to switch to FIPS-compliant path by diff --git a/board/cr50/fips_cmd.c b/board/cr50/fips_cmd.c index 8ed25914e8..c37766eba9 100644 --- a/board/cr50/fips_cmd.c +++ b/board/cr50/fips_cmd.c @@ -140,6 +140,8 @@ static int cmd_fips_status(int argc, char **argv) u2f_zeroize_keys()); else if (!strncmp(argv[1], "old", 3)) return fips_set_old_u2f_keys(); + else if (!strncmp(argv[1], "kek", 3)) + return u2f_gen_kek_seed(); else if (!strncmp(argv[1], "u2f", 3)) print_u2f_keys_status(); else if (!strncmp(argv[1], "gen", 3)) diff --git a/board/cr50/tpm2/platform.c b/board/cr50/tpm2/platform.c index 25d7bffcc5..42e3a95b53 100644 --- a/board/cr50/tpm2/platform.c +++ b/board/cr50/tpm2/platform.c @@ -7,6 +7,7 @@ #include "TPM_Types.h" #include "ccd_config.h" +#include "console.h" #include "pinweaver.h" #include "tpm_nvmem.h" #include "dcrypto.h" @@ -14,6 +15,8 @@ #include "util.h" #include "version.h" +#define CPRINTF(format, args...) cprintf(CC_EXTENSION, format, ## args) + uint16_t _cpri__GenerateRandom(size_t random_size, uint8_t *buffer) { @@ -94,6 +97,10 @@ BOOL _plat__ShallSurviveOwnerClear(uint32_t index) void _plat__OwnerClearCallback(void) { + enum ec_error_list rv; + /* Invalidate existing u2f registrations. */ - u2f_gen_kek_seed(0 /* commit */); + rv = u2f_gen_kek_seed(); + if (rv != EC_SUCCESS) + CPRINTF("%s: failed (%d)\n", __func__, rv); } diff --git a/board/cr50/u2f_state_load.c b/board/cr50/u2f_state_load.c index a1c8927dab..8e92199bb7 100644 --- a/board/cr50/u2f_state_load.c +++ b/board/cr50/u2f_state_load.c @@ -134,19 +134,28 @@ struct u2f_state *u2f_get_state(void) return u2f_state_loaded ? &u2f_state : NULL; } -enum ec_error_list u2f_gen_kek_seed(int commit) +enum ec_error_list u2f_gen_kek_seed(void) { - struct u2f_state *state = u2f_get_state(); - - if (!state) - return EC_ERROR_UNKNOWN; - - if (!u2f_generate_hmac_key(state)) + /** + * If U2F state is loaded, update HMAC key in memory, otherwise this + * is just temporary storage and will be updated (to the same value) + * in u2f_load_or_create_state() when u2f_get_state() will be called + * upon use of U2F. + */ + if (u2f_generate_hmac_key(&u2f_state) != EC_SUCCESS) return EC_ERROR_HW_INTERNAL; - if (write_tpm_nvmem_hidden(TPM_HIDDEN_U2F_KEK, sizeof(state->hmac_key), - state->hmac_key, commit) == TPM_WRITE_FAIL) + /* Store new U2F HMAC key in nvmem */ + if (write_tpm_nvmem_hidden(TPM_HIDDEN_U2F_KEK, + sizeof(u2f_state.hmac_key), + u2f_state.hmac_key, 0) == TPM_WRITE_FAIL) { + /** + * Failure to write means we now have inconsistent state + * between u2f_state and nvmem, so mark it as not loaded. + */ + u2f_state_loaded = false; return EC_ERROR_UNKNOWN; + } return EC_SUCCESS; } |