From 1485393c069ed6c4b9419154664e7407e7022c2e Mon Sep 17 00:00:00 2001 From: David Stevens Date: Wed, 25 Aug 2021 01:22:24 +0000 Subject: Revert "u2f: refactoring to split command processing and crypto" This reverts commit 5ae1c684271a117539858cb12252959dfe46803c. Reason for revert: breaks chromeos-ec-headers BUG=b:197691499 Original change's description: > u2f: refactoring to split command processing and crypto > > Split U2F crypto from U2F command processing by moving all crypto > code into boards/cr50 (platform hooks). > > U2F state management is part of common code and passed to U2F crypto > as a parameter. > > BUG=b:134594373 > TEST=make BOARD=cr50 CRYPTO_TEST=1 > console: u2f_test > test/tpmtest.py > FAFT U2F tests pass > > Signed-off-by: Vadim Sukhomlinov > Change-Id: I85442cddb2959bd3102f7f6e6047134ede90951b > Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3034852 > Reviewed-by: Vadim Sukhomlinov > Reviewed-by: Andrey Pronin > Tested-by: Vadim Sukhomlinov > Commit-Queue: Vadim Sukhomlinov Bug: b:134594373 Change-Id: I61a965995fcd53b4e155084f5f351574cb84cd1e Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3115930 Bot-Commit: Rubber Stamper Owners-Override: David Stevens --- test/build.mk | 2 -- test/u2f.c | 69 ++++++++++++++++++++++++----------------------------------- 2 files changed, 28 insertions(+), 43 deletions(-) (limited to 'test') diff --git a/test/build.mk b/test/build.mk index 8efc82f5f0..7555778e70 100644 --- a/test/build.mk +++ b/test/build.mk @@ -95,7 +95,6 @@ thermal-y=thermal.o timer_calib-y=timer_calib.o timer_dos-y=timer_dos.o u2f-y=u2f.o -u2f-y+=../board/cr50/u2f.o uptime-y=uptime.o utils-y=utils.o utils_str-y=utils_str.o @@ -108,7 +107,6 @@ TPM2_ROOT := $(CROS_WORKON_SRCROOT)/src/third_party/tpm2 $(out)/RO/common/new_nvmem.o: CFLAGS += -I$(TPM2_ROOT) -I chip/g $(out)/RO/test/nvmem.o: CFLAGS += -I$(TPM2_ROOT) $(out)/RO/test/nvmem_tpm2_mock.o: CFLAGS += -I$(TPM2_ROOT) -$(out)/RO/common/u2f.o: CFLAGS += -DU2F_TEST host-is_enabled_error: TEST_SCRIPT=is_enabled_error.sh is_enabled_error-y=is_enabled_error.o.cmd diff --git a/test/u2f.c b/test/u2f.c index 047c62b7df..c74bc847a3 100644 --- a/test/u2f.c +++ b/test/u2f.c @@ -3,8 +3,6 @@ * found in the LICENSE file. */ -#include "u2f_cmds.h" -#include "physical_presence.h" #include "test_util.h" #include "u2f_impl.h" @@ -26,43 +24,15 @@ int DCRYPTO_ladder_random(void *output) return 1; } -bool fips_rand_bytes(void *buffer, size_t len) -{ - memset(buffer, 1, len); - return true; -} - -bool fips_trng_bytes(void *buffer, size_t len) -{ - memset(buffer, 2, len); - return true; -} - int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x, const p256_int *pk_y, const p256_int *serial, - const char *name, uint8_t *cert, const int n) + const char *name, uint8_t *cert, + const int n) { /* Return the size of certificate, 0 means error. */ return 0; } -int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, - const uint8_t key_bytes[P256_NBYTES]) -{ - p256_int key; - - p256_from_bin(key_bytes, &key); - - if (p256_lt_blinded(&key, &SECP256r1_nMin2) >= 0) - return 0; - p256_add_d(&key, 1, d); - if (x == NULL || y == NULL) - return 1; - memset(x, 0, P256_NBYTES); - memset(y, 0, P256_NBYTES); - return 1; -} - int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, const p256_int *message, p256_int *r, p256_int *s) { @@ -72,7 +42,6 @@ int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, return 1; } - /******************************************************************************/ /* Mock implementations of U2F functionality. */ @@ -80,20 +49,32 @@ static int presence; static struct u2f_state state; -struct u2f_state *u2f_get_state(void) +struct u2f_state *get_state(void) { return &state; } enum touch_state pop_check_presence(int consume) { - enum touch_state ret = presence ? POP_TOUCH_YES : POP_TOUCH_NO; + enum touch_state ret = presence ? + POP_TOUCH_YES : POP_TOUCH_NO; if (consume) presence = 0; return ret; } +int u2f_origin_user_keypair(const uint8_t *key_handle, size_t key_handle_size, + p256_int *d, p256_int *pk_x, p256_int *pk_y) +{ + return EC_SUCCESS; +} + +int g2f_individual_keypair(p256_int *d, p256_int *pk_x, p256_int *pk_y) +{ + return EC_SUCCESS; +} + /******************************************************************************/ /* Tests begin here. */ @@ -108,8 +89,10 @@ test_static int test_u2f_generate_no_require_presence(void) memset(buffer, 0, sizeof(buffer)); req->flags = 0; presence = 0; - ret = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, &buffer, - sizeof(struct u2f_generate_req), &response_size); + ret = u2f_generate( + VENDOR_CC_U2F_GENERATE, &buffer, + sizeof(struct u2f_generate_req), + &response_size); TEST_ASSERT(ret == VENDOR_RC_SUCCESS); return EC_SUCCESS; @@ -124,16 +107,20 @@ test_static int test_u2f_generate_require_presence(void) memset(buffer, 0, sizeof(buffer)); req->flags = U2F_AUTH_FLAG_TUP; presence = 0; - ret = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, &buffer, - sizeof(struct u2f_generate_req), &response_size); + ret = u2f_generate( + VENDOR_CC_U2F_GENERATE, &buffer, + sizeof(struct u2f_generate_req), + &response_size); TEST_ASSERT(ret == VENDOR_RC_NOT_ALLOWED); memset(buffer, 0, sizeof(buffer)); req->flags = U2F_AUTH_FLAG_TUP; response_size = sizeof(struct u2f_generate_resp); presence = 1; - ret = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, &buffer, - sizeof(struct u2f_generate_req), &response_size); + ret = u2f_generate( + VENDOR_CC_U2F_GENERATE, &buffer, + sizeof(struct u2f_generate_req), + &response_size); TEST_ASSERT(ret == VENDOR_RC_SUCCESS); return EC_SUCCESS; -- cgit v1.2.1