New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 639915 link

Starred by 2 users
Status: Verified
Owner:
drcrash@chromium.org
Closed: Aug 2016
Cc:
dkrahn@chromium.org
minz@google.com
dkalin@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 2
Type: Bug

Blocking:
issue 624187



Sign in to add a comment

Cryptohome should sign challenges with a 20-bytes nonce for all TPM versions

Project Member Reported by drcrash@chromium.org, Aug 22 2016 
As part of the support for TPM 2.0, different values for the kNonceSize constant in Attestation have been assigned depending on whether the code is compiled with USE_TPM2 or not.

This affected the signing code for enterprise and simple challenges by making it so they would incorrectly use a 32 bytes nonce with TPM 2.0.

The size of the nonces used for signing challenges should not change depending on the version of the TPM and should always be 20 bytes. This is expected by DRM servers and other servers (e.g. DM server).
Project Member

Comment 1 by bugdroid1@chromium.org, Aug 23 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/c387d681c3e22b710ff5089048f5703effd1fe07

commit c387d681c3e22b710ff5089048f5703effd1fe07
Author: Yves Arrouye <drcrash@google.com>
Date: Mon Aug 22 19:00:51 2016

cryptohome: Use fixed size nonces for signing challenges.

Use the same size nonce for signing challenges for all versions of the
TPM. The 20 bytes nonce is an expectation from DRM servers and should
not be changed.

BUG= chromium:639915 
TEST=unit tests

Change-Id: I1083c97744e9795acfa4ce0fba7547a2584e298a
Reviewed-on: https://chromium-review.googlesource.com/373878
Commit-Ready: Yves Arrouye <drcrash@chromium.org>
Tested-by: Yves Arrouye <drcrash@chromium.org>
Reviewed-by: Darren Krahn <dkrahn@chromium.org>

[modify] https://crrev.com/c387d681c3e22b710ff5089048f5703effd1fe07/cryptohome/attestation.cc
[modify] https://crrev.com/c387d681c3e22b710ff5089048f5703effd1fe07/cryptohome/attestation.h

Comment 2 by drcrash@chromium.org, Aug 25 2016

Status: Verified (was: Started)

Sign in to add a comment