g: add application directed wrappers for key-ladder keys

Add functions that derive application specific keys based on FRK2. For the moment, derived keys need to be manually copied into the AES engine. Since key-ladder state depends on the code-signer (prod vs. dev), application derived keys are also different in the two modes. Thus ciphertext blobs produced by prod-signed code cannot be decrypted by dev-signed code. To minimize stack requirements on the hook_task, the SHA context in DCRYPTO_appkey_init() is placed in allocated/freed memory. This SHA object will become unnecessary once the AES engine is seeded directly from the key-ladder. BRANCH=none BUG=chrome-os-partner:55331 TEST=pending Change-Id: Ifb274b15e61be317e02ec31fc52f9a41e06dcba3 Signed-off-by: nagendra modadugu <ngm@google.com> Signed-off-by: Marius Schilder <mschilder@chromium.org> Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/428170 Reviewed-by: Nagendra Modadugu <ngm@google.com>
2026-01-10 17:41:54 +00:00 · 2017-01-19 15:34:12 -08:00
parent 6550e44ed7
commit 337aab4ea4
3 changed files with 65 additions and 3 deletions
--- a/chip/g/build.mk
+++ b/chip/g/build.mk
@@ -29,6 +29,7 @@ chip-y += uartn.o
 endif

 chip-$(CONFIG_DCRYPTO)+= dcrypto/aes.o
+chip-$(CONFIG_DCRYPTO)+= dcrypto/app_key.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/bn.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/bn_hw.o
 chip-$(CONFIG_DCRYPTO)+= dcrypto/compare.o
--- a/chip/g/dcrypto/app_key.c
+++ b/chip/g/dcrypto/app_key.c
@@ -0,0 +1,50 @@
+/* Copyright 2016 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+#include "dcrypto.h"
+#include "internal.h"
+#include "endian.h"
+#include "registers.h"
+#include "console.h"
+#include "shared_mem.h"
+
+#include "cryptoc/util.h"
+
+static const char * const dcrypto_app_names[] = {
+	"NVMEM"
+};
+
+int DCRYPTO_appkey_init(enum dcrypto_appid appid, struct APPKEY_CTX *ctx)
+{
+	LITE_HMAC_CTX *hmac_ctx;
+
+	if (appid >= ARRAY_SIZE(dcrypto_app_names))
+		return 0;
+
+	memset(ctx, 0, sizeof(ctx));
+
+	if (!DCRYPTO_ladder_compute_frk2(0, ctx->key))
+		return 0;
+
+	if (shared_mem_acquire(sizeof(LITE_HMAC_CTX),
+			       (char **)&hmac_ctx) != EC_SUCCESS) {
+		return 0;
+	}
+
+	HMAC_SHA256_init(hmac_ctx, ctx->key, sizeof(ctx->key));
+	HMAC_update(hmac_ctx, dcrypto_app_names[appid],
+		strlen(dcrypto_app_names[appid]));
+	memcpy(ctx->key, HMAC_final(hmac_ctx), SHA256_DIGEST_SIZE);
+
+	always_memset(hmac_ctx, 0, sizeof(LITE_HMAC_CTX));
+
+	shared_mem_release(hmac_ctx);
+	return 1;
+}
+
+void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx)
+{
+	always_memset(ctx, 0, sizeof(struct APPKEY_CTX));
+	GREG32(KEYMGR, AES_WIPE_SECRETS) = 1;
+}
--- a/chip/g/dcrypto/dcrypto.h
+++ b/chip/g/dcrypto/dcrypto.h
@@ -201,9 +201,20 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len,
 */
 int DCRYPTO_equals(const void *a, const void *b, size_t len);

-/*
- * Key ladder related functions.
- */
 int DCRYPTO_ladder_compute_frk2(size_t major_fw_version, uint8_t *frk2);

+/*
+ * Application key related functions.
+ */
+enum dcrypto_appid {
+	NVMEM = 0
+};
+
+struct APPKEY_CTX {
+	uint8_t key[SHA256_DIGEST_SIZE];
+};
+
+int DCRYPTO_appkey_init(enum dcrypto_appid id, struct APPKEY_CTX *ctx);
+void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx);
+
 #endif  /* ! __EC_CHIP_G_DCRYPTO_DCRYPTO_H */