summaryrefslogtreecommitdiff
path: root/extra
diff options
context:
space:
mode:
authorMary Ruthven <mruthven@google.com>2018-06-07 16:29:56 -0700
committerchrome-bot <chrome-bot@chromium.org>2018-06-08 19:24:30 -0700
commitd30c60b08152176f4eb78eb812ec3070070f8640 (patch)
treeb6e343fb7c99dfc77bd338a308885ce346507cee /extra
parentce437ad4860e7b457c31c4d91df5be7d0777a2b3 (diff)
downloadchrome-ec-d30c60b08152176f4eb78eb812ec3070070f8640.tar.gz
rma_reset: print authcode even after key mismatch
The point of rma_reset is to test cr50 authcode stuff. We want to make sure that cr50 doesn't accept test key authcodes when it is using prod keys. To test this we need to know the authcode that would be generated with test keys. When there is a unsupported keyid print the authcode so we can use that authcode to verify prod key cr50 wont accept test key authcodes. BUG=none BRANCH=none TEST=run rma_reset with a prod key challenge and make sure rma_reset still prints the authcode. Change-Id: Id1b0025ff7ab165d26be2b4e1503df7dee1d5ec7 Signed-off-by: Mary Ruthven <mruthven@google.com> Reviewed-on: https://chromium-review.googlesource.com/1091972 Commit-Ready: Mary Ruthven <mruthven@chromium.org> Tested-by: Mary Ruthven <mruthven@chromium.org> Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Diffstat (limited to 'extra')
-rw-r--r--extra/rma_reset/rma_reset.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/extra/rma_reset/rma_reset.c b/extra/rma_reset/rma_reset.c
index 396e5cded7..fe1eb5e909 100644
--- a/extra/rma_reset/rma_reset.c
+++ b/extra/rma_reset/rma_reset.c
@@ -48,6 +48,7 @@ static const uint8_t rma_test_server_x25519_private_key[] = {
};
#define RMA_TEST_SERVER_X25519_KEY_ID 0x10
+#define RMA_PROD_SERVER_X25519_KEY_ID 0
/*
* P256 curve keys, generated using openssl as follows:
@@ -79,6 +80,7 @@ static const uint8_t rma_test_server_p256_public_key[] = {
};
#define RMA_TEST_SERVER_P256_KEY_ID 0x20
+#define RMA_PROD_SERVER_P256_KEY_ID 0x01
/* Default values which can change based on command line arguments. */
static uint8_t server_key_id = RMA_TEST_SERVER_X25519_KEY_ID;
@@ -288,15 +290,19 @@ static int rma_server_side(const char *generated_challenge)
/* Calculate the shared secret, use curve based on the key ID. */
switch (key_id) {
+ case RMA_PROD_SERVER_X25519_KEY_ID:
+ printf("Unsupported Prod KeyID %d\n", key_id);
case RMA_TEST_SERVER_X25519_KEY_ID:
X25519(secret, rma_test_server_x25519_private_key,
c.device_pub_key);
break;
+ case RMA_PROD_SERVER_P256_KEY_ID:
+ printf("Unsupported Prod KeyID %d\n", key_id);
case RMA_TEST_SERVER_P256_KEY_ID:
p256_calculate_secret(secret, c.device_pub_key);
break;
default:
- printf("Unsupported KeyID %d\n", key_id);
+ printf("Unknown KeyID %d\n", key_id);
return 1;
}