| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=none
CQ-DEPEND=CL:*664115
BUG=chromium:876582
TEST=make -j buildall && make -j buildfuzztests
Change-Id: Iade5e5138f495e6b3b99ec16f1a467861ade5537
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1180179
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Nicolas Boichat <drinkcat@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The point of rma_reset is to test cr50 authcode stuff. We want to make
sure that cr50 doesn't accept test key authcodes when it is using prod
keys. To test this we need to know the authcode that would be generated
with test keys. When there is a unsupported keyid print the authcode so
we can use that authcode to verify prod key cr50 wont accept test key
authcodes.
BUG=none
BRANCH=none
TEST=run rma_reset with a prod key challenge and make sure rma_reset
still prints the authcode.
Change-Id: Id1b0025ff7ab165d26be2b4e1503df7dee1d5ec7
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1091972
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds RMA shared secret generation support using the p256
curve. It is not a simple shoe in replacement for the x25519 because
of a different key representations. This new code uses openssl library
for all calculations.
A new option is being added to indicate that p256 is supposed to be
used, the new server Key ID value is used for p256, which allows to
pick the correct curve when parsing the previously generated
challenge.
BRANCH=none
BUG=b:73296606
TEST=verified that the same secret value is generated on the client
and server side when using either x25519 or p256 curves.
./rma_reset -t
./rma_reset -c <challenge generated by the previous command>
./rma_reset -t -p
./rma_reset -c <challenge generated by the previous command>
Change-Id: I9b21b5ae389480d92f0f663fbb846b0f27b15de1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1073757
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is mostly a clean up and refactoring change, which will make it
easier to extend rma_reset to supporting more EC curves.
BRANCH=none
BUG=b:73296606
TEST=verified that the same secret value is generated on the client
and server side by running
./rma_reset -t
./rma_reset -c <challenge generated by the previous command>
Change-Id: I15c010a4a62306bfaa56b97936318854b28a4945
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1073756
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When invoking make with DEBUG=1 add '-g -O0' to the compiler
invocation to facilitate debugging with gdb.
BRANCH=none
BUG=b:73296606
TEST=verified that building with DEBUG=1 adds '-g -O0' to the compiler
invocation.
Change-Id: Idd80bd481091b91683200c78fe49dc7e9783a730
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1073755
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The fread return value was ignored in rma_reset.c. This caused clang
compilation to fail.
This change checks the return value.
BUG=b:76105747
BRANCH=none
TEST=clang compilation no longer fails
Change-Id: I710b367008b2e17a94c875ea3eae92bcc75546b0
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/976555
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:76105747
BRANCH=none
TEST=compile for bob and reef. make sure it runs on both
Change-Id: I30004c9794c9619698889fecbf8746778ebbb48c
Signed-off-by: Mary Ruthven <mruthven@google.com>
Reviewed-on: https://chromium-review.googlesource.com/976554
Commit-Ready: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for generating the authcode from cr50's challenge.
BUG=b:74019846
BRANCH=none
TEST=create a cr50 image with test keys. Verify that the output from
rma_reset -c opens cr50.
Change-Id: I85a209e55dc23daa118e0071e868878b6fbfcb69
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/945419
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various parts of Cr50 code and Cr50 related utilities duplicate
definition of __packed available in include/common.h. Let's use the
same definition everywhere.
BRANCH=cr50, cr50-mp
BUG=none
TEST=make buildall succeeds
verified that linker generated map files for Cr50 RW are the same
before and after this change.
built and used gsctoo and rma_reset
Change-Id: Ib91f9bbad1f6822b347f32b393630f592df80d60
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/931929
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable necessary flags for the Cr50 to start supporting RMA
authentication. This also requires that the RMA server public key
definition is split between the actual and test. Even though they are
the same at this time, the actual public key would be defined in the
new future and it would be different from the test key.
BRANCH=cr50
BUG=b:65253310
TEST=make buildall -j passes. More tests were conducted on the full
patchset.
Change-Id: I5a3f9d8c71374d78192e3f0a2752391b842da962
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/691554
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The Board ID is stored in Cr50 in reversed byte order, make sure it is
used in the challenge calculation in the same form.
BRANCH=none
BUG=b:37952913
TEST=verified that the proper byte order is used when challenge source
is created.
Change-Id: I6c6b46431005ce9438a4be9aa43aafed30a645aa
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/693615
Reviewed-by: Michael Tang <ntang@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Usage: rma_reset --key_id <arg> --board_id <arg> --device_id <arg>
--hw_id <arg> | --auth_code <arg>
These value are used for generating the challenge response and all are
mandatory.
-k,--key_id Index of the server private key
-b,--board_id BoardID type field
-d,--device_id Device-unique identifier
-w,--hw_id Hardware id
The -t parameter, not listed, will use the default values to generate
the challenge response
This value is the authorization code and any other parameters are ignored
-a,--auth_code Reset authorization code
BUG=b:37952913
BRANCH=none
TEST=make buildall
Signed-off-by: Sam Hurst <shurst@chromium.org>
Change-Id: Idc916b123928328a3425fa4eee22afc2ec179fc1
Reviewed-on: https://chromium-review.googlesource.com/665388
Commit-Ready: Sam Hurst <shurst@google.com>
Commit-Ready: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-by: Michael Tang <ntang@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This prevents the files from showing in 'git status' output.
BRANCH=none
BUG=none
TEST=verify that the running the following does not show any generated
files:
make -C extra/rma_reset; git status
Change-Id: Ib3ff7772cf4a66e4a0d23ed859c30ac05c2e507d
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/691016
Reviewed-by: Michael Tang <ntang@chromium.org>
|
|
Dummy RMA reset application that's used by the RMA Server
Side implementer. Currently everything is hard coded in the app.
This application will be replaced when the actual app is ready.
BUG=b:37952913
BRANCH=none
TEST=make buildall -j
./rma_test
Board Id:
Z Z C R
Device Id:
T H X 01 01 03 08 fe
Server Key Id:
10
Server Private Key:
47 3b a5 db c4 bb d6 77
20 bd d8 bd c8 7a bb 07
03 79 ba 7b 52 8c ec b3
4d aa 69 f5 65 b4 31 ad
Server Public Key:
03 ae 2d 2c 06 23 e0 73
0d d3 b7 92 ac 54 c5 fd
7e 9c f0 a8 eb 7e 2a b5
db f4 79 5f 8a 0f 28 3f
Challenge:
CC5QQ LALUS BUPJC TWSYN PAPPN AUEVZ HEMUD GD5DK
DSM5C VH4SZ LJAZL GDUYM U4JPK FJUCA 2AEAS GCH8W
Authorization Code:
P5PSCTS6
Challenge String:
https://www.google.com/chromeos/partner/console/cr50reset/request?challenge=CC5QQLALUSBUPJCTWSYNPAPPNAUEVZHEMUDGD5DKDSM5CVH4SZLJAZLGDUYMU4JPKFJUCA2AEASGCH8W&hwid=HWIDTEST2082
Enter Authorization Code: abcd
Code is invalid
Enter Authorization Code: P5PSCTS6
Code Accepted
Change-Id: Id4141861b53745cf7bb67a885fa01dd6f4b4cd04
Signed-off-by: Sam Hurst <shurst@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/622283
Commit-Ready: Sam Hurst <shurst@google.com>
Tested-by: Sam Hurst <shurst@google.com>
Reviewed-by: Michael Tang <ntang@chromium.org>
|