cr50: Change G2F cert CN to "CrOS"

BUG=b:132310780 TEST=flash to soraka, retrieve G2F cert, check CN retrieve anonymous U2F cert, check CN unchanged BRANCH=none Change-Id: Id409ac5d534f2ee9e16376d690f58b184f5ac1a6 Signed-off-by: Louis Collard <louiscollard@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1614581 Reviewed-by: Andrey Pronin <apronin@chromium.org> Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org> Commit-Queue: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
2019-05-16 17:39:44 +08:00 · 2019-05-16 17:39:44 +08:00 · 6072cc9c03
parent 7ee4215a9f
commit 6072cc9c03
3 changed files with 23 additions and 9 deletions
--- a/chip/g/dcrypto/dcrypto.h
+++ b/chip/g/dcrypto/dcrypto.h
@ -278,6 +278,10 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len,
 int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
 			const p256_int *pk_y, const p256_int *serial,
 			uint8_t *cert, const int n);
+int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x,
+				   const p256_int *pk_y, const p256_int *serial,
+				   const char *name, uint8_t *cert,
+				   const int n);

 /*
 * Memory related functions.
--- a/chip/g/dcrypto/x509.c
+++ b/chip/g/dcrypto/x509.c
@ -405,10 +405,8 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len,

 /* ---- Certificate generation ---- */

-static void add_common_name(struct asn1 *ctx, int unique)
+static void add_common_name(struct asn1 *ctx, const char *cname)
 {
-	const char *cname = unique ? STRINGIFY(BOARD) : "U2F";
-
 	SEQ_START(*ctx, V_SEQ, SEQ_SMALL) {
 		SEQ_START(*ctx, V_SET, SEQ_SMALL) {
 			SEQ_START(*ctx, V_SEQ, SEQ_SMALL) {
@ -422,9 +420,9 @@ static void add_common_name(struct asn1 *ctx, int unique)
 	SEQ_END(*ctx);
 }

-int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
-			const p256_int *pk_y, const p256_int *serial,
-			uint8_t *cert, const int n)
+int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x,
+				   const p256_int *pk_y, const p256_int *serial,
+				   const char *name, uint8_t *cert, const int n)
 {
 	struct asn1 ctx = {cert, 0};
 	HASH_CTX sha;
@ -460,7 +458,7 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
 		SEQ_END(ctx);

 		/* Issuer */
-		add_common_name(&ctx, !!serial);
+		add_common_name(&ctx, name);

 		/* Expiry */
 		SEQ_START(ctx, V_SEQ, SEQ_SMALL) {
@ -470,7 +468,7 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
 		SEQ_END(ctx);

 		/* Subject */
-		add_common_name(&ctx, !!serial);
+		add_common_name(&ctx, name);

 		/* Subject pk */
 		SEQ_START(ctx, V_SEQ, SEQ_SMALL) {
@ -536,3 +534,12 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,

 	return ctx.n;
 }
+
+int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
+			      const p256_int *pk_y, const p256_int *serial,
+			      uint8_t *cert, const int n)
+{
+	return DCRYPTO_x509_gen_u2f_cert_name(d, pk_x, pk_y, serial,
+					      serial ? STRINGIFY(BOARD) : "U2F",
+					      cert, n);
+}
--- a/common/u2f.c
+++ b/common/u2f.c
@ -16,6 +16,8 @@
 #include "u2f.h"
 #include "util.h"

+#define G2F_CERT_NAME "CrOS"
+
 #define CPRINTF(format, args...) cprintf(CC_EXTENSION, format, ##args)

 /* Crypto parameters */
@ -79,7 +81,8 @@ static int individual_cert(const p256_int *d, const p256_int *pk_x,
 	if (system_get_chip_unique_id((uint8_t **)&serial) != P256_NBYTES)
 		return 0;

-	return DCRYPTO_x509_gen_u2f_cert(d, pk_x, pk_y, serial, cert, n);
+	return DCRYPTO_x509_gen_u2f_cert_name(d, pk_x, pk_y, serial,
+					      G2F_CERT_NAME, cert, n);
 }

 int g2f_attestation_cert(uint8_t *buf)