From 337aab4ea4f9631885f794db856ae9e68ef617b9 Mon Sep 17 00:00:00 2001 From: nagendra modadugu Date: Thu, 19 Jan 2017 15:34:12 -0800 Subject: [PATCH] g: add application directed wrappers for key-ladder keys Add functions that derive application specific keys based on FRK2. For the moment, derived keys need to be manually copied into the AES engine. Since key-ladder state depends on the code-signer (prod vs. dev), application derived keys are also different in the two modes. Thus ciphertext blobs produced by prod-signed code cannot be decrypted by dev-signed code. To minimize stack requirements on the hook_task, the SHA context in DCRYPTO_appkey_init() is placed in allocated/freed memory. This SHA object will become unnecessary once the AES engine is seeded directly from the key-ladder. BRANCH=none BUG=chrome-os-partner:55331 TEST=pending Change-Id: Ifb274b15e61be317e02ec31fc52f9a41e06dcba3 Signed-off-by: nagendra modadugu Signed-off-by: Marius Schilder Signed-off-by: Vadim Bendebury Reviewed-on: https://chromium-review.googlesource.com/428170 Reviewed-by: Nagendra Modadugu --- chip/g/build.mk | 1 + chip/g/dcrypto/app_key.c | 50 ++++++++++++++++++++++++++++++++++++++++ chip/g/dcrypto/dcrypto.h | 17 +++++++++++--- 3 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 chip/g/dcrypto/app_key.c diff --git a/chip/g/build.mk b/chip/g/build.mk index c6f2f47c96..f5df5069d4 100644 --- a/chip/g/build.mk +++ b/chip/g/build.mk @@ -29,6 +29,7 @@ chip-y += uartn.o endif chip-$(CONFIG_DCRYPTO)+= dcrypto/aes.o +chip-$(CONFIG_DCRYPTO)+= dcrypto/app_key.o chip-$(CONFIG_DCRYPTO)+= dcrypto/bn.o chip-$(CONFIG_DCRYPTO)+= dcrypto/bn_hw.o chip-$(CONFIG_DCRYPTO)+= dcrypto/compare.o diff --git a/chip/g/dcrypto/app_key.c b/chip/g/dcrypto/app_key.c new file mode 100644 index 0000000000..0c560656ef --- /dev/null +++ b/chip/g/dcrypto/app_key.c @@ -0,0 +1,50 @@ +/* Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ +#include "dcrypto.h" +#include "internal.h" +#include "endian.h" +#include "registers.h" +#include "console.h" +#include "shared_mem.h" + +#include "cryptoc/util.h" + +static const char * const dcrypto_app_names[] = { + "NVMEM" +}; + +int DCRYPTO_appkey_init(enum dcrypto_appid appid, struct APPKEY_CTX *ctx) +{ + LITE_HMAC_CTX *hmac_ctx; + + if (appid >= ARRAY_SIZE(dcrypto_app_names)) + return 0; + + memset(ctx, 0, sizeof(ctx)); + + if (!DCRYPTO_ladder_compute_frk2(0, ctx->key)) + return 0; + + if (shared_mem_acquire(sizeof(LITE_HMAC_CTX), + (char **)&hmac_ctx) != EC_SUCCESS) { + return 0; + } + + HMAC_SHA256_init(hmac_ctx, ctx->key, sizeof(ctx->key)); + HMAC_update(hmac_ctx, dcrypto_app_names[appid], + strlen(dcrypto_app_names[appid])); + memcpy(ctx->key, HMAC_final(hmac_ctx), SHA256_DIGEST_SIZE); + + always_memset(hmac_ctx, 0, sizeof(LITE_HMAC_CTX)); + + shared_mem_release(hmac_ctx); + return 1; +} + +void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx) +{ + always_memset(ctx, 0, sizeof(struct APPKEY_CTX)); + GREG32(KEYMGR, AES_WIPE_SECRETS) = 1; +} diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h index a5b38acdbc..3b80f6e6b8 100644 --- a/chip/g/dcrypto/dcrypto.h +++ b/chip/g/dcrypto/dcrypto.h @@ -201,9 +201,20 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len, */ int DCRYPTO_equals(const void *a, const void *b, size_t len); -/* - * Key ladder related functions. - */ int DCRYPTO_ladder_compute_frk2(size_t major_fw_version, uint8_t *frk2); +/* + * Application key related functions. + */ +enum dcrypto_appid { + NVMEM = 0 +}; + +struct APPKEY_CTX { + uint8_t key[SHA256_DIGEST_SIZE]; +}; + +int DCRYPTO_appkey_init(enum dcrypto_appid id, struct APPKEY_CTX *ctx); +void DCRYPTO_appkey_finish(struct APPKEY_CTX *ctx); + #endif /* ! __EC_CHIP_G_DCRYPTO_DCRYPTO_H */