diff --git a/chip/g/build.mk b/chip/g/build.mk index c6f2f47c96..f5df5069d4 100644 --- a/chip/g/build.mk +++ b/chip/g/build.mk @@ -29,6 +29,7 @@ chip-y += uartn.o endif chip-$(CONFIG_DCRYPTO)+= dcrypto/aes.o +chip-$(CONFIG_DCRYPTO)+= dcrypto/app_key.o chip-$(CONFIG_DCRYPTO)+= dcrypto/bn.o chip-$(CONFIG_DCRYPTO)+= dcrypto/bn_hw.o chip-$(CONFIG_DCRYPTO)+= dcrypto/compare.o diff --git a/chip/g/dcrypto/app_key.c b/chip/g/dcrypto/app_key.c new file mode 100644 index 0000000000..0c560656ef --- /dev/null +++ b/chip/g/dcrypto/app_key.c @@ -0,0 +1,50 @@ +/* Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ +#include "dcrypto.h" +#include "internal.h" +#include "endian.h" +#include "registers.h" +#include "console.h" +#include "shared_mem.h" + +#include "cryptoc/util.h" + +static const char * const dcrypto_app_names[] = { + "NVMEM" +}; + +int DCRYPTO_appkey_init(enum dcrypto_appid appid, struct APPKEY_CTX *ctx) +{ + LITE_HMAC_CTX *hmac_ctx; + + if (appid >= ARRAY_SIZE(dcrypto_app_names)) + return 0; + + memset(ctx, 0, sizeof(ctx)); + + if (!DCRYPTO_ladder_compute_frk2(0, ctx->key)) + return 0; + + if (shared_mem_acquire(sizeof(LITE_HMAC_CTX), + (char **)&hmac_ctx) != EC_SUCCESS) { + return 0; + } + + HMAC_SHA256_init(hmac_ctx, ctx->key, sizeof(ctx->key)); + HMAC_update(hmac_ctx, dcrypto_app_names[appid], + strlen(dcrypto_app_names[appid])); + memcpy(ctx->key, HMAC_final(hmac_ctx), SHA256_DIGEST_SIZE); + + always_memset(hmac_ctx, 0, sizeof(LITE_HMAC_CTX)); + + shared_mem_release(hmac_ctx); + return 1; +} + +void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx) +{ + always_memset(ctx, 0, sizeof(struct APPKEY_CTX)); + GREG32(KEYMGR, AES_WIPE_SECRETS) = 1; +} diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h index a5b38acdbc..3b80f6e6b8 100644 --- a/chip/g/dcrypto/dcrypto.h +++ b/chip/g/dcrypto/dcrypto.h @@ -201,9 +201,20 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len, */ int DCRYPTO_equals(const void *a, const void *b, size_t len); -/* - * Key ladder related functions. - */ int DCRYPTO_ladder_compute_frk2(size_t major_fw_version, uint8_t *frk2); +/* + * Application key related functions. + */ +enum dcrypto_appid { + NVMEM = 0 +}; + +struct APPKEY_CTX { + uint8_t key[SHA256_DIGEST_SIZE]; +}; + +int DCRYPTO_appkey_init(enum dcrypto_appid id, struct APPKEY_CTX *ctx); +void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx); + #endif /* ! __EC_CHIP_G_DCRYPTO_DCRYPTO_H */