cr50: Change G2F cert CN to "CrOS"

BUG=b:132310780
TEST=flash to soraka, retrieve G2F cert, check CN
     retrieve anonymous U2F cert, check CN unchanged
BRANCH=none

Change-Id: Id409ac5d534f2ee9e16376d690f58b184f5ac1a6
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1614581
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Commit-Queue: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>

3 files changed, 23 insertions, 9 deletions

diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h
index bd81b322ac..bf3333e883 100644
--- a/chip/g/dcrypto/dcrypto.h
+++ b/chip/g/dcrypto/dcrypto.h
@@ -278,6 +278,10 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len,
 int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
 			const p256_int *pk_y, const p256_int *serial,
 			uint8_t *cert, const int n);
+int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x,
+				   const p256_int *pk_y, const p256_int *serial,
+				   const char *name, uint8_t *cert,
+				   const int n);
 
 /*
  * Memory related functions.
diff --git a/chip/g/dcrypto/x509.c b/chip/g/dcrypto/x509.c
index 06d8efdabf..81f1674db1 100644
--- a/chip/g/dcrypto/x509.c
+++ b/chip/g/dcrypto/x509.c
@@ -405,10 +405,8 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len,
 
 /* ---- Certificate generation ---- */
 
-static void add_common_name(struct asn1 *ctx, int unique)
+static void add_common_name(struct asn1 *ctx, const char *cname)
 {
-	const char *cname = unique ? STRINGIFY(BOARD) : "U2F";
-
 	SEQ_START(*ctx, V_SEQ, SEQ_SMALL) {
 		SEQ_START(*ctx, V_SET, SEQ_SMALL) {
 			SEQ_START(*ctx, V_SEQ, SEQ_SMALL) {
@@ -422,9 +420,9 @@ static void add_common_name(struct asn1 *ctx, int unique)
 	SEQ_END(*ctx);
 }
 
-int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
-			const p256_int *pk_y, const p256_int *serial,
-			uint8_t *cert, const int n)
+int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x,
+				   const p256_int *pk_y, const p256_int *serial,
+				   const char *name, uint8_t *cert, const int n)
 {
 	struct asn1 ctx = {cert, 0};
 	HASH_CTX sha;
@@ -460,7 +458,7 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
 		SEQ_END(ctx);
 
 		/* Issuer */
-		add_common_name(&ctx, !!serial);
+		add_common_name(&ctx, name);
 
 		/* Expiry */
 		SEQ_START(ctx, V_SEQ, SEQ_SMALL) {
@@ -470,7 +468,7 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
 		SEQ_END(ctx);
 
 		/* Subject */
-		add_common_name(&ctx, !!serial);
+		add_common_name(&ctx, name);
 
 		/* Subject pk */
 		SEQ_START(ctx, V_SEQ, SEQ_SMALL) {
@@ -536,3 +534,12 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
 
 	return ctx.n;
 }
+
+int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
+			      const p256_int *pk_y, const p256_int *serial,
+			      uint8_t *cert, const int n)
+{
+	return DCRYPTO_x509_gen_u2f_cert_name(d, pk_x, pk_y, serial,
+					      serial ? STRINGIFY(BOARD) : "U2F",
+					      cert, n);
+}
diff --git a/common/u2f.c b/common/u2f.c
index 282d59808b..c5114431fd 100644
--- a/common/u2f.c
+++ b/common/u2f.c
@@ -16,6 +16,8 @@
 #include "u2f.h"
 #include "util.h"
 
+#define G2F_CERT_NAME "CrOS"
+
 #define CPRINTF(format, args...) cprintf(CC_EXTENSION, format, ##args)
 
 /* Crypto parameters */
@@ -79,7 +81,8 @@ static int individual_cert(const p256_int *d, const p256_int *pk_x,
 	if (system_get_chip_unique_id((uint8_t **)&serial) != P256_NBYTES)
 		return 0;
 
-	return DCRYPTO_x509_gen_u2f_cert(d, pk_x, pk_y, serial, cert, n);
+	return DCRYPTO_x509_gen_u2f_cert_name(d, pk_x, pk_y, serial,
+					      G2F_CERT_NAME, cert, n);
 }
 
 int g2f_attestation_cert(uint8_t *buf)