diff options
| author | Nicolas Boichat <drinkcat@google.com> | 2017-06-13 10:29:06 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-06-15 07:07:40 -0700 |
| commit | 77e7913b696e16b7fae72e5210f940f8213ff1b5 (patch) | |
| tree | 318738eb321302dd2a0e04a51c279729cbc4badd /include | |
| parent | 7bfbedc2662dcab49d072db9885304df483de37c (diff) | |
| download | chrome-ec-77e7913b696e16b7fae72e5210f940f8213ff1b5.tar.gz | |
usb_update: Add handler for pairing challenge command
Handle UPDATE_EXTRA_CMD_PAIR_CHALLENGE command, where the
lid sends a random x25519 public key, and nonce, and the base
replies with its own (stable) x25519 public key, and computes
a shared secret using its private key to verify its identity.
BRANCH=none
BUG=b:38486828
TEST=Flash hammer, ./usb_updater2 -c always reports the same
device public key, and authenticator is correct.
Change-Id: Ida60ffa7476794ee92669951c740dbe35950fb9c
Reviewed-on: https://chromium-review.googlesource.com/532475
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/compile_time_macros.h | 2 | ||||
| -rw-r--r-- | include/config.h | 3 | ||||
| -rw-r--r-- | include/update_fw.h | 22 |
3 files changed, 27 insertions, 0 deletions
diff --git a/include/compile_time_macros.h b/include/compile_time_macros.h index f25ffd8407..b1e627d617 100644 --- a/include/compile_time_macros.h +++ b/include/compile_time_macros.h @@ -27,6 +27,8 @@ #define offsetof(type, member) __builtin_offsetof(type, member) #endif +#define member_size(type, member) sizeof(((type *)0)->member) + #define __visible __attribute__((externally_visible)) #endif /* __CROS_EC_COMPILE_TIME_MACROS_H */ diff --git a/include/config.h b/include/config.h index 619cc53e3d..6ec29586cd 100644 --- a/include/config.h +++ b/include/config.h @@ -2762,6 +2762,9 @@ /* A different config for the same update. TODO(vbendeb): dedup these */ #undef CONFIG_USB_UPDATE +/* Add support for pairing over the USB update interface. */ +#undef CONFIG_USB_PAIRING + /* PDU size for fw update over USB (or TPM). */ #define CONFIG_UPDATE_PDU_SIZE 1024 diff --git a/include/update_fw.h b/include/update_fw.h index 72e278fcc6..5218d07bdf 100644 --- a/include/update_fw.h +++ b/include/update_fw.h @@ -166,6 +166,28 @@ enum update_extra_command { UPDATE_EXTRA_CMD_PAIR_CHALLENGE = 6, }; +/* + * Pair challenge (from host), note that the packet, with header, must fit + * in a single USB packet (64 bytes), so its maximum length is 50 bytes. + */ +struct pair_challenge { + uint8_t host_public[32]; /* X22519 public key from host */ + uint8_t nonce[16]; /* nonce to be used for HMAC */ +}; + +/* + * Pair challenge response (from device). + */ +struct pair_challenge_response { + uint8_t status; /* = EC_RES_SUCCESS */ + uint8_t device_public[32]; /* X22519 device public key of device */ + /* + * Truncated output of + * HMAC_SHA256(x25519(device_private, host_public), nonce) + */ + uint8_t authenticator[16]; +} __packed; + void fw_update_command_handler(void *body, size_t cmd_size, size_t *response_size); |