diff options
| author | Andrey Pronin <apronin@chromium.org> | 2019-06-26 10:15:47 -0700 |
|---|---|---|
| committer | Vadim Bendebury <vbendeb@chromium.org> | 2019-09-21 19:11:25 -0700 |
| commit | db8c2aa8aa6a1a42fe31154d4d874f94bf474ff1 (patch) | |
| tree | f0d69ff4783d3b9b987ba22cf66ff2200faf60b9 | |
| parent | 2e1ea85ab7391e610f9685905e8ace95af54a0b3 (diff) | |
| download | chrome-ec-db8c2aa8aa6a1a42fe31154d4d874f94bf474ff1.tar.gz | |
rma: extract getting RMA Dev ID into a separate method
This CL extracts get_rma_device_id() that can be used by rma_auth and
other cr50 components.
BRANCH=none
BUG=b:136091350
TEST=Verify that RSU Device ID reported through vNVRAM that uses this
new method mathes the same ID calculated from device ID in G2FA
certificate. See CL:1677238 for the exact method.
Change-Id: I08f58dbd8f838f1e595601ec4532792acda62428
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1677237
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit b7aba9d023d3c7273904860cb81bd7d3bd12e47f)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1684233
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit 0b8bdaa0836febcdfdd2165cdca5114a9127bd6a)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1705742
(cherry picked from commit 2a555934de5c7927dce413d05c2f3b3e4dbbac70)
| -rw-r--r-- | common/rma_auth.c | 39 | ||||
| -rw-r--r-- | include/rma_auth.h | 12 |
2 files changed, 32 insertions, 19 deletions
diff --git a/common/rma_auth.c b/common/rma_auth.c index 60089bef6a..6a4430f8b8 100644 --- a/common/rma_auth.c +++ b/common/rma_auth.c @@ -167,6 +167,26 @@ static void p256_get_pub_key_and_secret(uint8_t pub_key[P256_NBYTES], } #endif +void get_rma_device_id(uint8_t rma_device_id[RMA_DEVICE_ID_SIZE]) +{ + uint8_t *chip_unique_id; + int chip_unique_id_size = system_get_chip_unique_id(&chip_unique_id); + + /* Smaller unique chip IDs will fill rma_device_id only partially. */ + if (chip_unique_id_size <= RMA_DEVICE_ID_SIZE) { + /* The size matches, let's just copy it as is. */ + memcpy(rma_device_id, chip_unique_id, chip_unique_id_size); + } else { + /* + * The unique chip ID size exceeds space allotted in + * rma_challenge:device_id, let's use first few bytes of + * its hash. + */ + hash_buffer(rma_device_id, RMA_DEVICE_ID_SIZE, + chip_unique_id, chip_unique_id_size); + } +} + /** * Create a new RMA challenge/response * @@ -179,10 +199,8 @@ int rma_create_challenge(void) uint8_t secret[32]; struct rma_challenge c; struct board_id bid; - uint8_t *device_id; uint8_t *cptr = (uint8_t *)&c; uint64_t t; - int unique_device_id_size; /* Clear the current challenge and authcode, if any */ memset(challenge, 0, sizeof(challenge)); @@ -202,22 +220,7 @@ int rma_create_challenge(void) return EC_ERROR_UNKNOWN; memcpy(c.board_id, &bid.type, sizeof(c.board_id)); - - unique_device_id_size = system_get_chip_unique_id(&device_id); - - /* Smaller unique device IDs will fill c.device_id only partially. */ - if (unique_device_id_size <= sizeof(c.device_id)) { - /* The size matches, let's just copy it as is. */ - memcpy(c.device_id, device_id, unique_device_id_size); - } else { - /* - * The unique device ID size exceeds space allotted in - * rma_challenge:device_id, let's use first few bytes of - * its hash. - */ - hash_buffer(c.device_id, sizeof(c.device_id), - device_id, unique_device_id_size); - } + get_rma_device_id(c.device_id); /* Calculate a new ephemeral key pair and the shared secret. */ #ifdef CONFIG_RMA_AUTH_USE_P256 diff --git a/include/rma_auth.h b/include/rma_auth.h index 698f4a71e9..0a4d7c7e71 100644 --- a/include/rma_auth.h +++ b/include/rma_auth.h @@ -21,6 +21,8 @@ #define RMA_CHALLENGE_GET_VERSION(vkidbyte) ((vkidbyte) >> 6) #define RMA_CHALLENGE_GET_KEY_ID(vkidbyte) ((vkidbyte) & 0x3f) +#define RMA_DEVICE_ID_SIZE 8 + struct __packed rma_challenge { /* Top 2 bits are protocol version; bottom 6 are server KeyID */ uint8_t version_key_id; @@ -32,7 +34,7 @@ struct __packed rma_challenge { uint8_t board_id[4]; /* Device ID */ - uint8_t device_id[8]; + uint8_t device_id[RMA_DEVICE_ID_SIZE]; }; /* Size of encoded challenge and response, and buffer sizes to hold them */ @@ -68,4 +70,12 @@ const char *rma_get_challenge(void); */ int rma_try_authcode(const char *code); +/** + * Get the device ID returned in RMA response. + * + * @param rma_device_id Pointer to the buffer that will be filled with + * the ID. The buffer must be of size RMA_DEVICE_ID_SIZE. + */ +void get_rma_device_id(uint8_t rma_device_id[RMA_DEVICE_ID_SIZE]); + #endif |