diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2018-05-26 21:01:12 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2018-05-30 20:38:52 -0700 |
| commit | 7b0018521683070cfa5beda948a8ea5278d802cc (patch) | |
| tree | 4da96a4d1b0f9091f1f63079d37e407b13a1f8ce /board/cr50 | |
| parent | 815251b070b5ab2d0c9a78ab659e02ce69ec50e8 (diff) | |
| download | chrome-ec-7b0018521683070cfa5beda948a8ea5278d802cc.tar.gz | |
cr50: move RMA challenge-response to P256
Using the p256 curve is beneficial, because RMA feature is currently
the only user of the x25519 curve in Cr50, whereas p256 support is
required by other subsystems and its implementation is based on
dcrypto.
The p256 public key is 65 bytes in size, appropriate adjustments are
being made for the structure storing the server public key and the key
ID.
The compact representation of the p256 public key requires 33 bytes,
including the X coordinate and one extra byte used to communicate if
the omitted Y coordinate is odd or even.
The challenge structure communicated to the RMA server allows exactly
32 bytes for the public key. To comply, the generated ephemeral public
key is used in compressed form (only the X coordinate is used).
For the server to properly uncompress the public key one extra bit is
required, to indicate if the original key's Y coordinate is odd or
even. Since there is no room for the extra bit in the challenge
structure, a convention is used where the generated ephemeral public
key is guaranteed to have an odd Y coordinate.
When generating the ephemeral key, the Y coordinate is checked, and if
it is even, generation attempt is repeated.
Some clean up is also included: even with debug enabled, generated
challenge is displayed only once as a long string, convenient for
copying and pasting.
The new feature is not yet enabled, p256 support on the RMA server
side is not yet available.
Enabling p256 curve for RMA authentication saves 5336 bytes of the
flash space.
BRANCH=cr50, cr50-mp
BUG=b:73296606
TEST=enabled CONFIG_RMA_AUTH_USE_P256 in board.h, generated challenge
and verified matching auth code generated by the rma_reset
utility.
Change-Id: I857543c89a7c33c6fc2dc00e142fe9fa6fc642cf
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1074743
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'board/cr50')
| -rw-r--r-- | board/cr50/board.h | 9 | ||||
| -rw-r--r-- | board/cr50/rma_key_blob.p256.test | bin | 0 -> 66 bytes |
2 files changed, 8 insertions, 1 deletions
diff --git a/board/cr50/board.h b/board/cr50/board.h index e0c38c6b2e..58d8faeb65 100644 --- a/board/cr50/board.h +++ b/board/cr50/board.h @@ -349,7 +349,6 @@ enum nvmem_users { #define I2C_PORT_MASTER 0 #define CONFIG_BASE32 -#define CONFIG_CURVE25519 #define CONFIG_RMA_AUTH #define CONFIG_RNG @@ -358,4 +357,12 @@ enum nvmem_users { /* Enable hardware backed brute force resistance feature */ #define CONFIG_PINWEAVER +/* + * While RMA server support is not ready keep using x25519. Switching to P256 + * saves 5336 bytes of flash space. + */ +/* #define CONFIG_RMA_AUTH_USE_P256 */ +#ifndef CONFIG_RMA_AUTH_USE_P256 +#define CONFIG_CURVE25519 +#endif #endif /* __CROS_EC_BOARD_H */ diff --git a/board/cr50/rma_key_blob.p256.test b/board/cr50/rma_key_blob.p256.test Binary files differnew file mode 100644 index 0000000000..0e5cba1a6c --- /dev/null +++ b/board/cr50/rma_key_blob.p256.test |