mn50: add data signing capability

Add a PERSO_AUTH appid to sign data passed through the
AUTH mn50.

Add a signer command to start and generate signatures.

Clean UART init to avoid spurious nonprinting characters
that will contaminate the siugnature.

BUG=b:36910757
BRANCH=None
TEST=generates signature for uart and spi

Signed-off-by: Nick Sanders <nsanders@chromium.org>
Change-Id: I5fc3c4ee34898421060b57b774a09734f6a1bae5
Reviewed-on: https://chromium-review.googlesource.com/670984
Reviewed-by: Marius Schilder <mschilder@chromium.org>

5 files changed, 71 insertions, 3 deletions

diff --git a/chip/g/dcrypto/app_key.c b/chip/g/dcrypto/app_key.c
index e2b709f3c0..173bc9d214 100644
--- a/chip/g/dcrypto/app_key.c
+++ b/chip/g/dcrypto/app_key.c
@@ -49,6 +49,16 @@ const struct {
 			0xcd375bcd,  0x8065e8cc,  0xc892ed69,  0x72436c7d
 		}
 	},
+#ifdef CONFIG_STREAM_SIGNATURE
+	{
+		/* This key signs data from H1's configured by mn50/scribe. */
+		"PERSO_AUTH",
+		{
+			0x2019da34,  0xf1a01a13,  0x0fb9f73f,  0xf2e85f76,
+			0x5ecb7690,  0x09f732c9,  0xe540bf14,  0xcc46799a
+		}
+	},
+#endif
 };
 
 int DCRYPTO_appkey_init(enum dcrypto_appid appid, struct APPKEY_CTX *ctx)
diff --git a/chip/g/dcrypto/dcrypto.h b/chip/g/dcrypto/dcrypto.h
index 5c643382c6..e964288f84 100644
--- a/chip/g/dcrypto/dcrypto.h
+++ b/chip/g/dcrypto/dcrypto.h
@@ -271,6 +271,7 @@ enum dcrypto_appid {
 	U2F_ATTEST = 2,
 	U2F_ORIGIN = 3,
 	U2F_WRAP = 4,
+	PERSO_AUTH = 5,
 	/* This enum value should not exceed 7. */
 };
 
diff --git a/chip/g/usart.c b/chip/g/usart.c
index 3e5493c579..598b4d4ed9 100644
--- a/chip/g/usart.c
+++ b/chip/g/usart.c
@@ -8,25 +8,63 @@
 #include "uartn.h"
 #include "usart.h"
 #include "usb-stream.h"
+#ifdef CONFIG_STREAM_SIGNATURE
+#include "signing.h"
+#endif
 
 #define USE_UART_INTERRUPTS (!(defined(CONFIG_CUSTOMIZED_RO) && \
 defined(SECTION_IS_RO)))
 #define QUEUE_SIZE 64
 
+
 #ifdef CONFIG_STREAM_USART1
 struct usb_stream_config const ap_usb;
 struct usart_config const ap_uart;
 
-static struct queue const ap_uart_to_usb =
+#ifdef CONFIG_STREAM_SIGNATURE
+/*
+ * This code adds the ability to capture UART data received, and
+ * sign it with H1's key. This allows the log output to be verified
+ * as actual UART output from this board.
+ *
+ * This functionality is enabled by redirecting the UART receive queue
+ * to feed into the signing module rather than the usb tx. After being
+ * added to the running hash, the data is then pushed by the signer
+ * into the usb tx queue.
+ */
+struct signer_config const sig;
+static struct queue const ap_uart_output =
+	QUEUE_DIRECT(QUEUE_SIZE, uint8_t, ap_uart.producer, sig.consumer);
+static struct queue const sig_to_usb =
+	QUEUE_DIRECT(QUEUE_SIZE, uint8_t, sig.producer, ap_usb.consumer);
+
+SIGNER_CONFIG(sig, stream_uart, sig_to_usb, ap_uart_output);
+
+#else  /* Not CONFIG_STREAM_SIGNATURE */
+static struct queue const ap_uart_output =
 	QUEUE_DIRECT(QUEUE_SIZE, uint8_t, ap_uart.producer, ap_usb.consumer);
+#endif
+
 static struct queue const ap_usb_to_uart =
 	QUEUE_DIRECT(QUEUE_SIZE, uint8_t, ap_usb.producer, ap_uart.consumer);
 
+/*
+ * AP UART data is sent to the ap_uart_output queue, and received from
+ * the ap_usb_to_uart queue. The ap_uart_output queue is received by the
+ * USB bridge, or if a signer is enabled, received by the signer, which then
+ * passes the data to the USB bridge after processing it.
+ */
 USART_CONFIG(ap_uart,
 	     UART_AP,
-	     ap_uart_to_usb,
+	     ap_uart_output,
 	     ap_usb_to_uart);
 
+/*
+ * The UART USB bridge receives character data from the UART's queue,
+ * unless signing is enabled, in which case it receives data from the
+ * signer's queue, after the signer has received it from the UART and
+ * processed it.
+ */
 USB_STREAM_CONFIG(ap_usb,
 		  USB_IFACE_AP,
 		  USB_STR_AP_NAME,
@@ -34,8 +72,12 @@ USB_STREAM_CONFIG(ap_usb,
 		  USB_MAX_PACKET_SIZE,
 		  USB_MAX_PACKET_SIZE,
 		  ap_usb_to_uart,
-		  ap_uart_to_usb)
+#ifdef CONFIG_STREAM_SIGNATURE
+		  sig_to_usb)
+#else
+		  ap_uart_output)
 #endif
+#endif  /* CONFIG_STREAM_USART1 */
 
 #ifdef CONFIG_STREAM_USART2
 struct usb_stream_config const ec_usb;
diff --git a/chip/g/usb_spi.c b/chip/g/usb_spi.c
index 34e23bc4c5..a5f6ddd175 100644
--- a/chip/g/usb_spi.c
+++ b/chip/g/usb_spi.c
@@ -14,6 +14,10 @@
 #include "usb_spi.h"
 #include "util.h"
 
+#ifdef CONFIG_STREAM_SIGNATURE
+#include "signing.h"
+#endif
+
 #define CPUTS(outstr) cputs(CC_USB, outstr)
 #define CPRINTS(format, args...) cprints(CC_USB, format, ## args)
 
@@ -40,6 +44,15 @@ static uint16_t usb_spi_read_packet(struct usb_spi_config const *config)
 static void usb_spi_write_packet(struct usb_spi_config const *config,
 				 uint8_t count)
 {
+#ifdef CONFIG_STREAM_SIGNATURE
+	/*
+	 * This hook allows mn50 to sign SPI data read from newly
+	 * manufactured H1 devieces. The data is added to a running
+	 * hash until a completion message is received.
+	 */
+	sig_append(stream_spi, config->buffer, count);
+#endif
+
 	QUEUE_ADD_UNITS(config->tx_queue, config->buffer, count);
 }
 
diff --git a/chip/g/usb_spi.h b/chip/g/usb_spi.h
index b852310f1e..72364ab469 100644
--- a/chip/g/usb_spi.h
+++ b/chip/g/usb_spi.h
@@ -70,6 +70,8 @@ enum usb_spi_request {
 	USB_SPI_REQ_RESET           = 0x0005,
 	USB_SPI_REQ_BOOT_CFG        = 0x0006,
 	USB_SPI_REQ_SOCKET          = 0x0007,
+	USB_SPI_REQ_SIGNING_START   = 0x0008,
+	USB_SPI_REQ_SIGNING_SIGN    = 0x0009,
 };
 
 /* USB SPI device bitmasks */