5 files changed, 203 insertions, 0 deletions

diff --git a/firmware/bdb/bdb.h b/firmware/bdb/bdb.h
index 5163401d..bf421afb 100644
--- a/firmware/bdb/bdb.h
+++ b/firmware/bdb/bdb.h
@@ -91,6 +91,12 @@ enum bdb_return_code {
 	BDB_ERROR_DECRYPT_BUC,
 	BDB_ERROR_ENCRYPT_BUC,
 	BDB_ERROR_WRITE_BUC,
+
+	BDB_ERROR_SECRET_TYPE,
+	BDB_ERROR_SECRET_BUC,
+	BDB_ERROR_SECRET_BOOT_VERIFIED,
+	BDB_ERROR_SECRET_BOOT_PATH,
+	BDB_ERROR_SECRET_BDB,
 };
 
 /*****************************************************************************/
diff --git a/firmware/bdb/bdb_api.h b/firmware/bdb/bdb_api.h
index 7ef935c0..6c2e2a46 100644
--- a/firmware/bdb/bdb_api.h
+++ b/firmware/bdb/bdb_api.h
@@ -10,11 +10,15 @@
 #include "vboot_register.h"
 #include "nvm.h"
 #include "secrets.h"
+#include "bdb_flag.h"
 
 struct vba_context {
 	/* Indicate which slot is being tried: 0 - primary, 1 - secondary */
 	uint8_t slot;
 
+	/* Defined by VBA_CONTEXT_FLAG_* in bdb_flag.h */
+	uint32_t flags;
+
 	/* BDB */
 	uint8_t *bdb;
 
@@ -77,6 +81,29 @@ int vba_update_kernel_version(struct vba_context *ctx,
 int vba_update_buc(struct vba_context *ctx, uint8_t *new_buc);
 
 /**
+ * Derive a secret
+ *
+ * This derives a new secret from a secret passed from SP-RO.
+ *
+ * @param ctx
+ * @param type		Type of secret to derive
+ * @param buf		Buffer containing data to derive secret from
+ * @param buf_size	Size of <buf>
+ * @return		BDB_SUCCESS or BDB_ERROR_*
+ */
+int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type,
+		      const uint8_t *buf, uint32_t buf_size);
+
+/**
+ * Clear a secret
+ *
+ * @param ctx
+ * @param type		Type of secret to clear
+ * @return		BDB_SUCCESS or BDB_ERROR_*
+ */
+int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type);
+
+/**
  * Get vboot register value
  *
  * Implemented by each chip
diff --git a/firmware/bdb/bdb_flag.h b/firmware/bdb/bdb_flag.h
new file mode 100644
index 00000000..45f57567
--- /dev/null
+++ b/firmware/bdb/bdb_flag.h
@@ -0,0 +1,12 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef VBOOT_REFERENCE_FIRMWARE_BDB_BDB_FLAG_H
+#define VBOOT_REFERENCE_FIRMWARE_BDB_BDB_FLAG_H
+
+/* Indicate whether kernel data key is verified */
+#define VBA_CONTEXT_FLAG_KERNEL_DATA_KEY_VERIFIED	(1 << 0)
+
+#endif
diff --git a/firmware/bdb/secrets.c b/firmware/bdb/secrets.c
new file mode 100644
index 00000000..08bca5f5
--- /dev/null
+++ b/firmware/bdb/secrets.c
@@ -0,0 +1,101 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#include "2sysincludes.h"
+#include "2hmac.h"
+#include "2sha.h"
+#include "bdb_api.h"
+#include "bdb_struct.h"
+#include "bdb.h"
+#include "secrets.h"
+
+static int get_constant(const uint8_t *buf, uint32_t buf_size,
+			const uint8_t *constant, uint8_t *out)
+{
+	int digest_size = vb2_digest_size(VB2_HASH_SHA256);
+	const struct bdb_key *key = (const struct bdb_key *)buf;
+
+	if (!buf)
+		return !BDB_SUCCESS;
+
+	if (bdb_check_key(key, buf_size))
+		return !BDB_SUCCESS;
+
+	if (vb2_digest_buffer(buf, buf_size, VB2_HASH_SHA256, out, digest_size))
+		return !BDB_SUCCESS;
+
+	memcpy(out + digest_size, constant,
+	       BDB_CONSTANT_BLOCK_SIZE - digest_size);
+
+	return BDB_SUCCESS;
+}
+
+int vba_derive_secret(struct vba_context *ctx, enum bdb_secret_type type,
+		      const uint8_t *buf, uint32_t buf_size)
+{
+	uint8_t c[BDB_CONSTANT_BLOCK_SIZE];
+	const uint8_t *b = (const uint8_t *)c;
+	uint8_t *s;
+	uint8_t *o;
+
+	switch (type) {
+	case BDB_SECRET_TYPE_BDB:
+		s = o = ctx->ro_secrets->bdb;
+		if (get_constant(buf, buf_size, secret_constant_q, c))
+			return BDB_ERROR_SECRET_BDB;
+		break;
+	case BDB_SECRET_TYPE_BOOT_PATH:
+		s = o = ctx->ro_secrets->boot_path;
+		if (get_constant(buf, buf_size, secret_constant_l, c))
+			return BDB_ERROR_SECRET_BOOT_PATH;
+		break;
+	case BDB_SECRET_TYPE_BOOT_VERIFIED:
+		s = o = ctx->ro_secrets->boot_verified;
+		if (ctx->flags & VBA_CONTEXT_FLAG_KERNEL_DATA_KEY_VERIFIED)
+			b = secret_constant_kv1;
+		else
+			b = secret_constant_kv0;
+		break;
+	case BDB_SECRET_TYPE_BUC:
+		s = ctx->ro_secrets->boot_verified;
+		b = secret_constant_c;
+		o = ctx->rw_secrets->buc;
+		break;
+	default:
+		return BDB_ERROR_SECRET_TYPE;
+	}
+
+	vb2_sha256_extend(s, b, o);
+
+	return BDB_SUCCESS;
+}
+
+int vba_clear_secret(struct vba_context *ctx, enum bdb_secret_type type)
+{
+	uint8_t *s;
+
+	switch (type) {
+	case BDB_SECRET_TYPE_NVM_RW:
+		s = ctx->ro_secrets->nvm_rw;
+		break;
+	case BDB_SECRET_TYPE_BDB:
+		s = ctx->ro_secrets->bdb;
+		break;
+	case BDB_SECRET_TYPE_BOOT_PATH:
+		s = ctx->ro_secrets->boot_path;
+		break;
+	case BDB_SECRET_TYPE_BOOT_VERIFIED:
+		s = ctx->ro_secrets->boot_verified;
+		break;
+	case BDB_SECRET_TYPE_BUC:
+		s = ctx->rw_secrets->buc;
+		break;
+	default:
+		return BDB_ERROR_SECRET_TYPE;
+	}
+
+	memset(s, 0, BDB_SECRET_SIZE);
+	return BDB_SUCCESS;
+}
diff --git a/firmware/bdb/secrets.h b/firmware/bdb/secrets.h
index e26e97cf..ed8973f2 100644
--- a/firmware/bdb/secrets.h
+++ b/firmware/bdb/secrets.h
@@ -7,6 +7,63 @@
 #define VBOOT_REFERENCE_FIRMWARE_BDB_SECRETS_H_
 
 #define BDB_SECRET_SIZE		32
+#define BDB_CONSTANT_BLOCK_SIZE	64
+
+const uint8_t secret_constant_c[] = {
+	0x46, 0xda, 0x52, 0x8d, 0x08, 0x56, 0x14, 0xde, 0x75, 0x9c,
+	0x9a, 0xeb, 0x08, 0x93, 0x3d, 0xd6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0x0b};
+
+const uint8_t secret_constant_kv1[] = {
+	0x0a, 0x9e, 0xc9, 0x20, 0x29, 0xa3, 0x5d, 0xd7, 0x27, 0x55,
+	0xb6, 0xa6, 0xb4, 0x80, 0x7c, 0x73, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0x08};
+
+const uint8_t secret_constant_kv0[] = {
+	0x46, 0x6d, 0xef, 0x2c, 0x05, 0xc9, 0xbf, 0xa9, 0x6b, 0xee,
+	0xaa, 0x6c, 0xb9, 0xb4, 0x6d, 0x37, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0x07};
+
+const uint8_t secret_constant_l[] = {
+	/*
+	 * Digest of kernel data key struct fills first 32 bytes
+	 */
+	            0x9b, 0xc0, 0x29, 0xd3, 0xc3, 0x90, 0x7f, 0x82,
+	0x56, 0xe2, 0x67, 0x79, 0x11, 0x74, 0xbe, 0xd0, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0x04};
+
+const uint8_t secret_constant_q[] = {
+	/*
+	 * Digest of KDB key struct fills first 32 bytes
+	 */
+	            0xc7, 0x60, 0x83, 0x0f, 0x20, 0x44, 0x5d, 0x9c,
+	0x70, 0x96, 0x05, 0x2d, 0x51, 0x4b, 0x15, 0x99, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6, 0xc6,
+	0xc6, 0xc6, 0xc6, 0x0d};
+
+enum bdb_secret_type {
+	BDB_SECRET_TYPE_WSR,
+	BDB_SECRET_TYPE_NVM_WP,
+	BDB_SECRET_TYPE_NVM_RW,
+	BDB_SECRET_TYPE_BDB,
+	BDB_SECRET_TYPE_BOOT_VERIFIED,
+	BDB_SECRET_TYPE_BOOT_PATH,
+	BDB_SECRET_TYPE_BUC,
+	BDB_SECRET_TYPE_COUNT,	/* Last entry. Add new secrets before this. */
+};
 
 /*
  * Secrets passed to SP-RW by SP-RO. How it's passed depends on chips.