From 5ae1c684271a117539858cb12252959dfe46803c Mon Sep 17 00:00:00 2001
From: Vadim Sukhomlinov <sukhomlinov@google.com>
Date: Fri, 16 Jul 2021 23:51:06 -0700
Subject: u2f: refactoring to split command processing and crypto

Split U2F crypto from U2F command processing by moving all crypto
code into boards/cr50 (platform hooks).

U2F state management is part of common code and passed to U2F crypto
as a parameter.

BUG=b:134594373
TEST=make BOARD=cr50 CRYPTO_TEST=1
console: u2f_test
test/tpmtest.py
FAFT U2F tests pass

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I85442cddb2959bd3102f7f6e6047134ede90951b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3034852
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
---
 test/build.mk |  2 ++
 test/u2f.c    | 69 +++++++++++++++++++++++++++++++++++------------------------
 2 files changed, 43 insertions(+), 28 deletions(-)

(limited to 'test')

diff --git a/test/build.mk b/test/build.mk
index 7555778e70..8efc82f5f0 100644
--- a/test/build.mk
+++ b/test/build.mk
@@ -95,6 +95,7 @@ thermal-y=thermal.o
 timer_calib-y=timer_calib.o
 timer_dos-y=timer_dos.o
 u2f-y=u2f.o
+u2f-y+=../board/cr50/u2f.o
 uptime-y=uptime.o
 utils-y=utils.o
 utils_str-y=utils_str.o
@@ -107,6 +108,7 @@ TPM2_ROOT := $(CROS_WORKON_SRCROOT)/src/third_party/tpm2
 $(out)/RO/common/new_nvmem.o: CFLAGS += -I$(TPM2_ROOT) -I chip/g
 $(out)/RO/test/nvmem.o: CFLAGS += -I$(TPM2_ROOT)
 $(out)/RO/test/nvmem_tpm2_mock.o: CFLAGS += -I$(TPM2_ROOT)
+$(out)/RO/common/u2f.o: CFLAGS += -DU2F_TEST
 
 host-is_enabled_error: TEST_SCRIPT=is_enabled_error.sh
 is_enabled_error-y=is_enabled_error.o.cmd
diff --git a/test/u2f.c b/test/u2f.c
index c74bc847a3..047c62b7df 100644
--- a/test/u2f.c
+++ b/test/u2f.c
@@ -3,6 +3,8 @@
  * found in the LICENSE file.
  */
 
+#include "u2f_cmds.h"
+#include "physical_presence.h"
 #include "test_util.h"
 #include "u2f_impl.h"
 
@@ -24,15 +26,43 @@ int DCRYPTO_ladder_random(void *output)
 	return 1;
 }
 
+bool fips_rand_bytes(void *buffer, size_t len)
+{
+	memset(buffer, 1, len);
+	return true;
+}
+
+bool fips_trng_bytes(void *buffer, size_t len)
+{
+	memset(buffer, 2, len);
+	return true;
+}
+
 int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x,
 				   const p256_int *pk_y, const p256_int *serial,
-				   const char *name, uint8_t *cert,
-				   const int n)
+				   const char *name, uint8_t *cert, const int n)
 {
 	/* Return the size of certificate, 0 means error. */
 	return 0;
 }
 
+int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d,
+				const uint8_t key_bytes[P256_NBYTES])
+{
+	p256_int key;
+
+	p256_from_bin(key_bytes, &key);
+
+	if (p256_lt_blinded(&key, &SECP256r1_nMin2) >= 0)
+		return 0;
+	p256_add_d(&key, 1, d);
+	if (x == NULL || y == NULL)
+		return 1;
+	memset(x, 0, P256_NBYTES);
+	memset(y, 0, P256_NBYTES);
+	return 1;
+}
+
 int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key,
 			    const p256_int *message, p256_int *r, p256_int *s)
 {
@@ -42,6 +72,7 @@ int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key,
 	return 1;
 }
 
+
 /******************************************************************************/
 /* Mock implementations of U2F functionality.
  */
@@ -49,32 +80,20 @@ static int presence;
 
 static struct u2f_state state;
 
-struct u2f_state *get_state(void)
+struct u2f_state *u2f_get_state(void)
 {
 	return &state;
 }
 
 enum touch_state pop_check_presence(int consume)
 {
-	enum touch_state ret = presence ?
-		POP_TOUCH_YES : POP_TOUCH_NO;
+	enum touch_state ret = presence ? POP_TOUCH_YES : POP_TOUCH_NO;
 
 	if (consume)
 		presence = 0;
 	return ret;
 }
 
-int u2f_origin_user_keypair(const uint8_t *key_handle, size_t key_handle_size,
-			    p256_int *d, p256_int *pk_x, p256_int *pk_y)
-{
-	return EC_SUCCESS;
-}
-
-int g2f_individual_keypair(p256_int *d, p256_int *pk_x, p256_int *pk_y)
-{
-	return EC_SUCCESS;
-}
-
 /******************************************************************************/
 /* Tests begin here.
  */
@@ -89,10 +108,8 @@ test_static int test_u2f_generate_no_require_presence(void)
 	memset(buffer, 0, sizeof(buffer));
 	req->flags = 0;
 	presence = 0;
-	ret = u2f_generate(
-		VENDOR_CC_U2F_GENERATE, &buffer,
-		sizeof(struct u2f_generate_req),
-		&response_size);
+	ret = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, &buffer,
+			       sizeof(struct u2f_generate_req), &response_size);
 
 	TEST_ASSERT(ret == VENDOR_RC_SUCCESS);
 	return EC_SUCCESS;
@@ -107,20 +124,16 @@ test_static int test_u2f_generate_require_presence(void)
 	memset(buffer, 0, sizeof(buffer));
 	req->flags = U2F_AUTH_FLAG_TUP;
 	presence = 0;
-	ret = u2f_generate(
-		VENDOR_CC_U2F_GENERATE, &buffer,
-		sizeof(struct u2f_generate_req),
-		&response_size);
+	ret = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, &buffer,
+			       sizeof(struct u2f_generate_req), &response_size);
 	TEST_ASSERT(ret == VENDOR_RC_NOT_ALLOWED);
 
 	memset(buffer, 0, sizeof(buffer));
 	req->flags = U2F_AUTH_FLAG_TUP;
 	response_size = sizeof(struct u2f_generate_resp);
 	presence = 1;
-	ret = u2f_generate(
-		VENDOR_CC_U2F_GENERATE, &buffer,
-		sizeof(struct u2f_generate_req),
-		&response_size);
+	ret = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, &buffer,
+			       sizeof(struct u2f_generate_req), &response_size);
 	TEST_ASSERT(ret == VENDOR_RC_SUCCESS);
 
 	return EC_SUCCESS;
-- 
cgit v1.2.1