diff options
author | Nicolas Boichat <drinkcat@google.com> | 2017-06-13 10:29:06 +0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2017-06-15 07:07:40 -0700 |
commit | 77e7913b696e16b7fae72e5210f940f8213ff1b5 (patch) | |
tree | 318738eb321302dd2a0e04a51c279729cbc4badd /include/update_fw.h | |
parent | 7bfbedc2662dcab49d072db9885304df483de37c (diff) | |
download | chrome-ec-77e7913b696e16b7fae72e5210f940f8213ff1b5.tar.gz |
usb_update: Add handler for pairing challenge command
Handle UPDATE_EXTRA_CMD_PAIR_CHALLENGE command, where the
lid sends a random x25519 public key, and nonce, and the base
replies with its own (stable) x25519 public key, and computes
a shared secret using its private key to verify its identity.
BRANCH=none
BUG=b:38486828
TEST=Flash hammer, ./usb_updater2 -c always reports the same
device public key, and authenticator is correct.
Change-Id: Ida60ffa7476794ee92669951c740dbe35950fb9c
Reviewed-on: https://chromium-review.googlesource.com/532475
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'include/update_fw.h')
-rw-r--r-- | include/update_fw.h | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/include/update_fw.h b/include/update_fw.h index 72e278fcc6..5218d07bdf 100644 --- a/include/update_fw.h +++ b/include/update_fw.h @@ -166,6 +166,28 @@ enum update_extra_command { UPDATE_EXTRA_CMD_PAIR_CHALLENGE = 6, }; +/* + * Pair challenge (from host), note that the packet, with header, must fit + * in a single USB packet (64 bytes), so its maximum length is 50 bytes. + */ +struct pair_challenge { + uint8_t host_public[32]; /* X22519 public key from host */ + uint8_t nonce[16]; /* nonce to be used for HMAC */ +}; + +/* + * Pair challenge response (from device). + */ +struct pair_challenge_response { + uint8_t status; /* = EC_RES_SUCCESS */ + uint8_t device_public[32]; /* X22519 device public key of device */ + /* + * Truncated output of + * HMAC_SHA256(x25519(device_private, host_public), nonce) + */ + uint8_t authenticator[16]; +} __packed; + void fw_update_command_handler(void *body, size_t cmd_size, size_t *response_size); |