usb_update: Add handler for pairing challenge command

Handle UPDATE_EXTRA_CMD_PAIR_CHALLENGE command, where the
lid sends a random x25519 public key, and nonce, and the base
replies with its own (stable) x25519 public key, and computes
a shared secret using its private key to verify its identity.

BRANCH=none
BUG=b:38486828
TEST=Flash hammer, ./usb_updater2 -c always reports the same
     device public key, and authenticator is correct.

Change-Id: Ida60ffa7476794ee92669951c740dbe35950fb9c
Reviewed-on: https://chromium-review.googlesource.com/532475
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>

1 files changed, 22 insertions, 0 deletions

diff --git a/include/update_fw.h b/include/update_fw.h
index 72e278fcc6..5218d07bdf 100644
--- a/include/update_fw.h
+++ b/include/update_fw.h
@@ -166,6 +166,28 @@ enum update_extra_command {
 	UPDATE_EXTRA_CMD_PAIR_CHALLENGE = 6,
 };
 
+/*
+ * Pair challenge (from host), note that the packet, with header, must fit
+ * in a single USB packet (64 bytes), so its maximum length is 50 bytes.
+ */
+struct pair_challenge {
+	uint8_t host_public[32]; /* X22519 public key from host */
+	uint8_t nonce[16]; /* nonce to be used for HMAC */
+};
+
+/*
+ * Pair challenge response (from device).
+ */
+struct pair_challenge_response {
+	uint8_t status; /* = EC_RES_SUCCESS */
+	uint8_t device_public[32]; /* X22519 device public key of device */
+	/*
+	 * Truncated output of
+	 * HMAC_SHA256(x25519(device_private, host_public), nonce)
+	 */
+	uint8_t authenticator[16];
+} __packed;
+
 void fw_update_command_handler(void *body,
 			       size_t cmd_size,
 			       size_t *response_size);