From db8c2aa8aa6a1a42fe31154d4d874f94bf474ff1 Mon Sep 17 00:00:00 2001 From: Andrey Pronin Date: Wed, 26 Jun 2019 10:15:47 -0700 Subject: rma: extract getting RMA Dev ID into a separate method This CL extracts get_rma_device_id() that can be used by rma_auth and other cr50 components. BRANCH=none BUG=b:136091350 TEST=Verify that RSU Device ID reported through vNVRAM that uses this new method mathes the same ID calculated from device ID in G2FA certificate. See CL:1677238 for the exact method. Change-Id: I08f58dbd8f838f1e595601ec4532792acda62428 Signed-off-by: Andrey Pronin Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1677237 Reviewed-by: Vadim Bendebury (cherry picked from commit b7aba9d023d3c7273904860cb81bd7d3bd12e47f) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1684233 Tested-by: Vadim Bendebury Commit-Queue: Vadim Bendebury (cherry picked from commit 0b8bdaa0836febcdfdd2165cdca5114a9127bd6a) Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1705742 (cherry picked from commit 2a555934de5c7927dce413d05c2f3b3e4dbbac70) --- common/rma_auth.c | 39 +++++++++++++++++++++------------------ include/rma_auth.h | 12 +++++++++++- 2 files changed, 32 insertions(+), 19 deletions(-) diff --git a/common/rma_auth.c b/common/rma_auth.c index 60089bef6a..6a4430f8b8 100644 --- a/common/rma_auth.c +++ b/common/rma_auth.c @@ -167,6 +167,26 @@ static void p256_get_pub_key_and_secret(uint8_t pub_key[P256_NBYTES], } #endif +void get_rma_device_id(uint8_t rma_device_id[RMA_DEVICE_ID_SIZE]) +{ + uint8_t *chip_unique_id; + int chip_unique_id_size = system_get_chip_unique_id(&chip_unique_id); + + /* Smaller unique chip IDs will fill rma_device_id only partially. */ + if (chip_unique_id_size <= RMA_DEVICE_ID_SIZE) { + /* The size matches, let's just copy it as is. */ + memcpy(rma_device_id, chip_unique_id, chip_unique_id_size); + } else { + /* + * The unique chip ID size exceeds space allotted in + * rma_challenge:device_id, let's use first few bytes of + * its hash. + */ + hash_buffer(rma_device_id, RMA_DEVICE_ID_SIZE, + chip_unique_id, chip_unique_id_size); + } +} + /** * Create a new RMA challenge/response * @@ -179,10 +199,8 @@ int rma_create_challenge(void) uint8_t secret[32]; struct rma_challenge c; struct board_id bid; - uint8_t *device_id; uint8_t *cptr = (uint8_t *)&c; uint64_t t; - int unique_device_id_size; /* Clear the current challenge and authcode, if any */ memset(challenge, 0, sizeof(challenge)); @@ -202,22 +220,7 @@ int rma_create_challenge(void) return EC_ERROR_UNKNOWN; memcpy(c.board_id, &bid.type, sizeof(c.board_id)); - - unique_device_id_size = system_get_chip_unique_id(&device_id); - - /* Smaller unique device IDs will fill c.device_id only partially. */ - if (unique_device_id_size <= sizeof(c.device_id)) { - /* The size matches, let's just copy it as is. */ - memcpy(c.device_id, device_id, unique_device_id_size); - } else { - /* - * The unique device ID size exceeds space allotted in - * rma_challenge:device_id, let's use first few bytes of - * its hash. - */ - hash_buffer(c.device_id, sizeof(c.device_id), - device_id, unique_device_id_size); - } + get_rma_device_id(c.device_id); /* Calculate a new ephemeral key pair and the shared secret. */ #ifdef CONFIG_RMA_AUTH_USE_P256 diff --git a/include/rma_auth.h b/include/rma_auth.h index 698f4a71e9..0a4d7c7e71 100644 --- a/include/rma_auth.h +++ b/include/rma_auth.h @@ -21,6 +21,8 @@ #define RMA_CHALLENGE_GET_VERSION(vkidbyte) ((vkidbyte) >> 6) #define RMA_CHALLENGE_GET_KEY_ID(vkidbyte) ((vkidbyte) & 0x3f) +#define RMA_DEVICE_ID_SIZE 8 + struct __packed rma_challenge { /* Top 2 bits are protocol version; bottom 6 are server KeyID */ uint8_t version_key_id; @@ -32,7 +34,7 @@ struct __packed rma_challenge { uint8_t board_id[4]; /* Device ID */ - uint8_t device_id[8]; + uint8_t device_id[RMA_DEVICE_ID_SIZE]; }; /* Size of encoded challenge and response, and buffer sizes to hold them */ @@ -68,4 +70,12 @@ const char *rma_get_challenge(void); */ int rma_try_authcode(const char *code); +/** + * Get the device ID returned in RMA response. + * + * @param rma_device_id Pointer to the buffer that will be filled with + * the ID. The buffer must be of size RMA_DEVICE_ID_SIZE. + */ +void get_rma_device_id(uint8_t rma_device_id[RMA_DEVICE_ID_SIZE]); + #endif -- cgit v1.2.1