cryptohome: Use point's X coordinate for derivation of recovery secret
Use point's affine X coordinate for HKDF computation to derive the
recovery secret.
BUG=b:194678588
TEST=cros_run_unit_tests --board=${BOARD} --packages cryptohome
Change-Id: I471b026a50056b90da4529b7516729f0e73e159d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/3169653
Tested-by: Anastasiia N <anastasiian@chromium.org>
Commit-Queue: Anastasiia N <anastasiian@chromium.org>
Reviewed-by: Maksim Ivanov <emaxx@chromium.org>
diff --git a/cryptohome/cryptorecovery/recovery_crypto.cc b/cryptohome/cryptorecovery/recovery_crypto.cc
index fc10c5f..3160002 100644
--- a/cryptohome/cryptorecovery/recovery_crypto.cc
+++ b/cryptohome/cryptorecovery/recovery_crypto.cc
@@ -183,9 +183,18 @@
LOG(ERROR) << "Failed to perform point multiplication";
return false;
}
- brillo::SecureBlob recovery_dh;
- if (!ec_.PointToSecureBlob(*point_dh, &recovery_dh, context.get())) {
- LOG(ERROR) << "Failed to convert EC_POINT to SecureBlob";
+ // Get point's affine X coordinate.
+ crypto::ScopedBIGNUM recovery_dh_x =
+ ec_.GetAffineCoordinateX(*point_dh, context.get());
+ if (!recovery_dh_x) {
+ LOG(ERROR) << "Failed to get affine X coordinate of point_dh";
+ return false;
+ }
+ brillo::SecureBlob hkdf_secret;
+ // Convert X coordinate to fixed-size blob.
+ if (!BigNumToSecureBlob(*recovery_dh_x, ec_.FieldElementSizeInBytes(),
+ &hkdf_secret)) {
+ LOG(ERROR) << "Failed to convert recovery_dh_x BIGNUM to SecureBlob";
return false;
}
const EC_POINT* dealer_pub_point =
@@ -196,7 +205,7 @@
LOG(ERROR) << "Failed to convert dealer_pub_key to a SecureBlob";
return false;
}
- if (!ComputeHkdfWithInfoSuffix(recovery_dh, GetRecoveryKeyHkdfInfo(),
+ if (!ComputeHkdfWithInfoSuffix(hkdf_secret, GetRecoveryKeyHkdfInfo(),
dealer_pub_key, /*salt=*/brillo::SecureBlob(),
HkdfHash::kSha256, /*result_len=*/0,
recovery_key)) {
@@ -517,12 +526,21 @@
LOG(ERROR) << "Failed to perform point addition";
return false;
}
- brillo::SecureBlob destination_dh;
- if (!ec_.PointToSecureBlob(*point_dest, &destination_dh, context.get())) {
- LOG(ERROR) << "Failed to convert EC_POINT to SecureBlob";
+ // Get point's affine X coordinate.
+ crypto::ScopedBIGNUM destination_dh_x =
+ ec_.GetAffineCoordinateX(*point_dest, context.get());
+ if (!destination_dh_x) {
+ LOG(ERROR) << "Failed to get affine X coordinate of point_dest";
return false;
}
- if (!ComputeHkdfWithInfoSuffix(destination_dh, GetRecoveryKeyHkdfInfo(),
+ brillo::SecureBlob hkdf_secret;
+ // Convert X coordinate to fixed-size blob.
+ if (!BigNumToSecureBlob(*destination_dh_x, ec_.FieldElementSizeInBytes(),
+ &hkdf_secret)) {
+ LOG(ERROR) << "Failed to convert destination_dh_x BIGNUM to SecureBlob";
+ return false;
+ }
+ if (!ComputeHkdfWithInfoSuffix(hkdf_secret, GetRecoveryKeyHkdfInfo(),
dealer_pub_key, /*salt=*/brillo::SecureBlob(),
HkdfHash::kSha256, /*result_len=*/0,
destination_recovery_key)) {