diff options
author | Vadim Bendebury <vbendeb@chromium.org> | 2018-03-30 12:06:47 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-04-02 22:42:48 -0700 |
commit | 8131eea9a73cccead6d7a26dbde64c41288a59a0 (patch) | |
tree | 6cad7889fdc9b1ee9f8e67ff804f102c48ec8848 /common/rma_auth.c | |
parent | 94eaba49b0166f7d1d7f5356f4b5c21468f419f1 (diff) | |
download | chrome-ec-8131eea9a73cccead6d7a26dbde64c41288a59a0.tar.gz |
cr50: bundle together RMA key and key ID
We want to be able to replace RMA public key and its key ID in the elf
module before signing. Let's make sure they are packed together for
ease of find and replace operation.
BRANCH=cr50, cr50-mp
BUG=b:73296144
TEST=built an image, verified that RMA unlock still works.
Change-Id: I1a8e155391421f32b7422f11ab2a5f53d1ddd0ac
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/990781
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Diffstat (limited to 'common/rma_auth.c')
-rw-r--r-- | common/rma_auth.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/common/rma_auth.c b/common/rma_auth.c index 1c361622b8..9d137b6b25 100644 --- a/common/rma_auth.c +++ b/common/rma_auth.c @@ -37,8 +37,15 @@ #define MAX_AUTHCODE_TRIES 3 /* Server public key and key ID */ -static const uint8_t server_pub_key[32] = CONFIG_RMA_AUTH_SERVER_PUBLIC_KEY; -static const uint8_t server_key_id = CONFIG_RMA_AUTH_SERVER_KEY_ID; +static const struct { + uint8_t server_pub_key[32]; + uint8_t server_key_id; +} __packed rma_key_blob = { + CONFIG_RMA_AUTH_SERVER_PUBLIC_KEY, + CONFIG_RMA_AUTH_SERVER_KEY_ID +}; + +BUILD_ASSERT(sizeof(rma_key_blob) == 33); static char challenge[RMA_CHALLENGE_BUF_SIZE]; static char authcode[RMA_AUTHCODE_BUF_SIZE]; @@ -101,7 +108,7 @@ int rma_create_challenge(void) memset(&c, 0, sizeof(c)); c.version_key_id = RMA_CHALLENGE_VKID_BYTE( - RMA_CHALLENGE_VERSION, server_key_id); + RMA_CHALLENGE_VERSION, rma_key_blob.server_key_id); if (read_board_id(&bid)) return EC_ERROR_UNKNOWN; @@ -132,7 +139,7 @@ int rma_create_challenge(void) return EC_ERROR_UNKNOWN; /* Calculate the shared secret */ - X25519(secret, temp, server_pub_key); + X25519(secret, temp, rma_key_blob.server_pub_key); /* * Auth code is a truncated HMAC of the ephemeral public key, BoardID, |