diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-07-16 23:51:06 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-09-02 00:51:52 +0000 |
| commit | 4b109d0b957a66bb9e6726f54db22d55452999b2 (patch) | |
| tree | 7e5bee5162759297d1c0deb1916c1c4ae3d622f0 /test | |
| parent | dc96ffc9dc48af55ba79846cd954ce55821b31eb (diff) | |
| download | chrome-ec-4b109d0b957a66bb9e6726f54db22d55452999b2.tar.gz | |
u2f: refactoring to split command processing and crypto
Split U2F crypto from U2F command processing by moving all crypto
code into boards/cr50 (platform hooks).
U2F state management is part of common code and passed to U2F crypto
as a parameter.
Previously reviewed as https://crrev.com/c/3034852, but reverted due to
ChromeOS dependency on include/u2f.h. In this revision this is addressed
by restoring include/u2f.h with previous content and new additions
and adjusting dependencies in other headers.
BUG=b:134594373
TEST=make BOARD=cr50 CRYPTO_TEST=1
console: u2f_test
test/tpmtest.py
FAFT U2F tests pass
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Iff1973c8e475216b801d7adde23b1ef6c4a6f699
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3119223
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'test')
| -rw-r--r-- | test/build.mk | 2 | ||||
| -rw-r--r-- | test/u2f.c | 69 |
2 files changed, 43 insertions, 28 deletions
diff --git a/test/build.mk b/test/build.mk index 7555778e70..8efc82f5f0 100644 --- a/test/build.mk +++ b/test/build.mk @@ -95,6 +95,7 @@ thermal-y=thermal.o timer_calib-y=timer_calib.o timer_dos-y=timer_dos.o u2f-y=u2f.o +u2f-y+=../board/cr50/u2f.o uptime-y=uptime.o utils-y=utils.o utils_str-y=utils_str.o @@ -107,6 +108,7 @@ TPM2_ROOT := $(CROS_WORKON_SRCROOT)/src/third_party/tpm2 $(out)/RO/common/new_nvmem.o: CFLAGS += -I$(TPM2_ROOT) -I chip/g $(out)/RO/test/nvmem.o: CFLAGS += -I$(TPM2_ROOT) $(out)/RO/test/nvmem_tpm2_mock.o: CFLAGS += -I$(TPM2_ROOT) +$(out)/RO/common/u2f.o: CFLAGS += -DU2F_TEST host-is_enabled_error: TEST_SCRIPT=is_enabled_error.sh is_enabled_error-y=is_enabled_error.o.cmd diff --git a/test/u2f.c b/test/u2f.c index c74bc847a3..047c62b7df 100644 --- a/test/u2f.c +++ b/test/u2f.c @@ -3,6 +3,8 @@ * found in the LICENSE file. */ +#include "u2f_cmds.h" +#include "physical_presence.h" #include "test_util.h" #include "u2f_impl.h" @@ -24,15 +26,43 @@ int DCRYPTO_ladder_random(void *output) return 1; } +bool fips_rand_bytes(void *buffer, size_t len) +{ + memset(buffer, 1, len); + return true; +} + +bool fips_trng_bytes(void *buffer, size_t len) +{ + memset(buffer, 2, len); + return true; +} + int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x, const p256_int *pk_y, const p256_int *serial, - const char *name, uint8_t *cert, - const int n) + const char *name, uint8_t *cert, const int n) { /* Return the size of certificate, 0 means error. */ return 0; } +int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, + const uint8_t key_bytes[P256_NBYTES]) +{ + p256_int key; + + p256_from_bin(key_bytes, &key); + + if (p256_lt_blinded(&key, &SECP256r1_nMin2) >= 0) + return 0; + p256_add_d(&key, 1, d); + if (x == NULL || y == NULL) + return 1; + memset(x, 0, P256_NBYTES); + memset(y, 0, P256_NBYTES); + return 1; +} + int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, const p256_int *message, p256_int *r, p256_int *s) { @@ -42,6 +72,7 @@ int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, return 1; } + /******************************************************************************/ /* Mock implementations of U2F functionality. */ @@ -49,32 +80,20 @@ static int presence; static struct u2f_state state; -struct u2f_state *get_state(void) +struct u2f_state *u2f_get_state(void) { return &state; } enum touch_state pop_check_presence(int consume) { - enum touch_state ret = presence ? - POP_TOUCH_YES : POP_TOUCH_NO; + enum touch_state ret = presence ? POP_TOUCH_YES : POP_TOUCH_NO; if (consume) presence = 0; return ret; } -int u2f_origin_user_keypair(const uint8_t *key_handle, size_t key_handle_size, - p256_int *d, p256_int *pk_x, p256_int *pk_y) -{ - return EC_SUCCESS; -} - -int g2f_individual_keypair(p256_int *d, p256_int *pk_x, p256_int *pk_y) -{ - return EC_SUCCESS; -} - /******************************************************************************/ /* Tests begin here. */ @@ -89,10 +108,8 @@ test_static int test_u2f_generate_no_require_presence(void) memset(buffer, 0, sizeof(buffer)); req->flags = 0; presence = 0; - ret = u2f_generate( - VENDOR_CC_U2F_GENERATE, &buffer, - sizeof(struct u2f_generate_req), - &response_size); + ret = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, &buffer, + sizeof(struct u2f_generate_req), &response_size); TEST_ASSERT(ret == VENDOR_RC_SUCCESS); return EC_SUCCESS; @@ -107,20 +124,16 @@ test_static int test_u2f_generate_require_presence(void) memset(buffer, 0, sizeof(buffer)); req->flags = U2F_AUTH_FLAG_TUP; presence = 0; - ret = u2f_generate( - VENDOR_CC_U2F_GENERATE, &buffer, - sizeof(struct u2f_generate_req), - &response_size); + ret = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, &buffer, + sizeof(struct u2f_generate_req), &response_size); TEST_ASSERT(ret == VENDOR_RC_NOT_ALLOWED); memset(buffer, 0, sizeof(buffer)); req->flags = U2F_AUTH_FLAG_TUP; response_size = sizeof(struct u2f_generate_resp); presence = 1; - ret = u2f_generate( - VENDOR_CC_U2F_GENERATE, &buffer, - sizeof(struct u2f_generate_req), - &response_size); + ret = u2f_generate_cmd(VENDOR_CC_U2F_GENERATE, &buffer, + sizeof(struct u2f_generate_req), &response_size); TEST_ASSERT(ret == VENDOR_RC_SUCCESS); return EC_SUCCESS; |