diff options
| author | Mary Ruthven <mruthven@google.com> | 2018-06-07 16:29:56 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-06-08 19:24:30 -0700 |
| commit | d30c60b08152176f4eb78eb812ec3070070f8640 (patch) | |
| tree | b6e343fb7c99dfc77bd338a308885ce346507cee | |
| parent | ce437ad4860e7b457c31c4d91df5be7d0777a2b3 (diff) | |
| download | chrome-ec-d30c60b08152176f4eb78eb812ec3070070f8640.tar.gz | |
rma_reset: print authcode even after key mismatch
The point of rma_reset is to test cr50 authcode stuff. We want to make
sure that cr50 doesn't accept test key authcodes when it is using prod
keys. To test this we need to know the authcode that would be generated
with test keys. When there is a unsupported keyid print the authcode so
we can use that authcode to verify prod key cr50 wont accept test key
authcodes.
BUG=none
BRANCH=none
TEST=run rma_reset with a prod key challenge and make sure rma_reset
still prints the authcode.
Change-Id: Id1b0025ff7ab165d26be2b4e1503df7dee1d5ec7
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1091972
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
| -rw-r--r-- | extra/rma_reset/rma_reset.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/extra/rma_reset/rma_reset.c b/extra/rma_reset/rma_reset.c index 396e5cded7..fe1eb5e909 100644 --- a/extra/rma_reset/rma_reset.c +++ b/extra/rma_reset/rma_reset.c @@ -48,6 +48,7 @@ static const uint8_t rma_test_server_x25519_private_key[] = { }; #define RMA_TEST_SERVER_X25519_KEY_ID 0x10 +#define RMA_PROD_SERVER_X25519_KEY_ID 0 /* * P256 curve keys, generated using openssl as follows: @@ -79,6 +80,7 @@ static const uint8_t rma_test_server_p256_public_key[] = { }; #define RMA_TEST_SERVER_P256_KEY_ID 0x20 +#define RMA_PROD_SERVER_P256_KEY_ID 0x01 /* Default values which can change based on command line arguments. */ static uint8_t server_key_id = RMA_TEST_SERVER_X25519_KEY_ID; @@ -288,15 +290,19 @@ static int rma_server_side(const char *generated_challenge) /* Calculate the shared secret, use curve based on the key ID. */ switch (key_id) { + case RMA_PROD_SERVER_X25519_KEY_ID: + printf("Unsupported Prod KeyID %d\n", key_id); case RMA_TEST_SERVER_X25519_KEY_ID: X25519(secret, rma_test_server_x25519_private_key, c.device_pub_key); break; + case RMA_PROD_SERVER_P256_KEY_ID: + printf("Unsupported Prod KeyID %d\n", key_id); case RMA_TEST_SERVER_P256_KEY_ID: p256_calculate_secret(secret, c.device_pub_key); break; default: - printf("Unsupported KeyID %d\n", key_id); + printf("Unknown KeyID %d\n", key_id); return 1; } |