| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The u2f functionality had no unittests at all. This change is more
of a setup (in terms of build dependencies) so that u2f tests can
be easily added in the future. This change comes with a few simple
tests for u2f_generate.
The basic idea here is to use board/host/dcrypto.h to mock the
dcrypto functionalities. Since board/host/dcrypto.h includes an
alternative to cryptoc's sha256 definitions, we need to exclude
cryptoc/sha256.h in the test builds.
BUG=b:172971998
TEST=make -j run-u2f
TEST=make CR50_DEV=1 BOARD=cr50 -j
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Change-Id: Idae6f55f599a017aedcaf0fe4cdb6c0506e72712
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2610133
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: Icbd143b072fdd5df3b67d7e5a09ee6c01a77f6b9
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2622889
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I36656b3a7b6dc3f5cfcce6f93ec6713c504ab8e6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2622888
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It isn't used anywhere, and it has a term we're removing.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I1324a13aa3ca98b5082fea1b2ea5f9efb4c4b2d3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615129
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I17610b1169f2611d89d17218868780bc8b82051e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615128
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I0293c7ba92d05bf0d47a92bcc86c48ac61060f09
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615127
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: If1d3a3e11736bf6da85938a607038a93254e9cc0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615126
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I244ca864dad04f2b4f02bb1be2b482921da2fc88
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615123
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I643605d4ab48c0199e3f48bbc7afefde2c987372
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615122
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ia34cccffdd6a82c25b479bb8d2e6370bbf00baf0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615121
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I79a65f8475e2a764720a1f37a147c3723d34b046
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615120
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ia35d0f2c7bf995eae58dfb255167481ec823af58
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2615119
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Remove coil terms from i2c comments
BUG=b:175244613
TEST=make buildall -j
Change-Id: If056c099304e1fa676991e22ddaa9cb91ccfdeb3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613509
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I5318e7845c7b87a21b1fa9f5e99629513b7fbb80
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613504
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We can't change the register names at this point. We can only change the
gpios. This changes the gpio names.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I0dadd84bbb3d19011e86428b79d0cb08321c35e3
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611762
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename i2cs functionas and variables to i2cp. Change some basic
comments.
I will rework the i2cp comments to stop using controller when referring
to the i2cp, because it's kind of confusing now that master has been
renamed to controller.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I9574e77ab42427ca90d5b8a6421793f52e519f67
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611761
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ifb547770fd829e27437079bee809d07fff90a77a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611760
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I9d5bfc3bb65bb05d1deb1a16838222b93704bf8a
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611759
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I74900cd9113c12e5e08a0770e30f3abf69816302
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611757
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: Icd2d47a031c5132cb9bca618c5c5ed8cd9e80c07
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2611756
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I693fa068dc9bbf4babb1a63e35d4536f5eba1e88
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613460
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:175244613
TEST=make buildall -j
Change-Id: I7ee1b4393039ce84966eaea245e6510f1e570f63
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613459
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ib7db3b37a507a7f8bf43a34d10931f7583784246
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613451
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I505a9f4da600c1bccf3913d7726f84881df56c6e
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613449
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ia5c02c4ba1f81f68a6ab03b9b380143ad8e85330
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613446
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ic2bd31ba28527d6b68016ceae89a93c80827cd27
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613445
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I9f154866d8f57f918188f8ad4f4fabcb051c5c46
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613143
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ie04f2aedadaed49af78f2f9d424333c283b12eca
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613142
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I15ffb2617d2dd4bedb809eeff858dcf0f6c8cf25
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613140
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I6b6004255f951497c5fc3d61e40b67433498a9d6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613139
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I07b33023e96c68480354d89c2d8c5ec824e94b32
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613138
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I4b562b52817493afc123346280c845913be7694b
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613141
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The extra driver code uses coil terms we're removing, but we don't use
it in platform/cr50. Remove the code instead of replacing the terms.
Cr50 boards only use inaxx code. The host uses thermister code. Remove
everythinge else.
We can cleanup the tests that run the thermsiter code later.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I368a6c6ac3b543913225416fbc003c3f52863c22
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613137
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: I909e21693d839cb3769e680c58d9d34017802aa1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613136
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This code uses coil terms we're removing, but we don't use it in
platform/cr50. Remove the code instead of replacing the terms.
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ia64e1ff4df941d2fe19e95e84dee8b743616aa88
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2613135
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace "whitelist" with "allowlist".
BUG=b:175244613
TEST=make buildall -j
Change-Id: Ie0a23cb33722fe27b76d97c2ebdd548c2ecc2aa6
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2600299
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of the btle files use words we are removing from coil. They're not
used by cr50, so this change removes the files
BUG=b:175244613
TEST=make buildall -j ; grep -ri btle ; find -name btle*
Change-Id: If746eaa34e4fa8fefeb2230a6114ee248d38d542
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2600298
Reviewed-by: Namyoon Woo <namyoon@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a vendor command to get the saved AP RO hash, so the factory can
compare the saved hash to the hash they're trying to set.
BUG=b:168634745
TEST=none
Change-Id: Icf644d66f978709e777372f2fe1d80094f60b3e0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547197
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's unlikely any factory process will try to use more than 32 ranges.
This change adds a hard limit to ensure they don't.
BUG=none
TEST=none
Change-Id: I411777c15e52c0af7a59e717bdacbae092dad3ab
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2547196
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
U2f key handles generated before January 2019 do not mix in user
secrets. These legacy key handles should no longer be in use since
it's been > 10 releases.
Another change will remove this concept on u2fd side.
BUG=b:165018526
TEST=build cr50
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Change-Id: I57a6a77e512591f14ef8c818ec6027a6ae21189d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2358425
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of d2627d12bb21308f49a72cadaf47a0a86730a960 with one
modification: The versioned key handle header (the old "key handle"
concept) is now used in the derivation of authorization_hmac. This is
to tie the key handle to the authorization secret.
Original change's description:
> u2f: Append hmac of auth time secret to versioned KH
>
> When generating versioned KHs, u2fd should send a public derivative
> (sha256) of the user's auth time secret to cr50. Cr50 derives an
> hmac of it and appends this authorization_hmac to the KH.
>
> When signing versioned KHs, u2fd may supply the unhashed auth time
> secret. Cr50 will check the authorization_hmac if no power button press.
> If the reconstructed hmac matches authorization_hmac, power button press
> is waived.
>
> Currently for v1, we will just prepare the authorization_hmac but not
> enforce it. This is because fingerprint and PIN are unable to unlock
> the same secret.
>
> While we waive power button press for v1, we can enforce
> authorization_hmac whenever auth-time secrets is ready.
>
> BUG=b:144861739
> TEST=- Use a known 32-byte "auth-time secret"
> - Compute the sha256 of the auth-time secret (this is public)
> - u2f_generate with the computed "authTimeSecretHash"
> - Add code to u2f_sign command handler such that cr50 computes
> the sha256 of the supplied auth-time secret at u2f_sign time
> and require power button press if the hmac doesn't match.
> - u2f_sign with the true auth-time secret -> observe in logging
> that hmac matches, and no power button press required.
> - u2f_sign with a wrong auth-time secret -> observe in logging
> that hmac doesn't match, and power button press is required
> for signing.
>
> Cq-Depend: chromium:2321731
> Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
> Signed-off-by: Yicheng Li <yichengli@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
BUG=b:144861739
TEST=See original CL's TEST above
Cq-Depend: chromium:2327865
Change-Id: Ia1b0b4a585ec604398cfa730354ae1a91e7bc00b
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2355177
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d2627d12bb21308f49a72cadaf47a0a86730a960.
Reason for revert: Causing crbug.com/1111182
Original change's description:
> u2f: Append hmac of auth time secret to versioned KH
>
> When generating versioned KHs, u2fd should send a public derivative
> (sha256) of the user's auth time secret to cr50. Cr50 derives an
> hmac of it and appends this authorization_hmac to the KH.
>
> When signing versioned KHs, u2fd may supply the unhashed auth time
> secret. Cr50 will check the authorization_hmac if no power button press.
> If the reconstructed hmac matches authorization_hmac, power button press
> is waived.
>
> Currently for v1, we will just prepare the authorization_hmac but not
> enforce it. This is because fingerprint and PIN are unable to unlock
> the same secret.
>
> While we waive power button press for v1, we can enforce
> authorization_hmac whenever auth-time secrets is ready.
>
> BUG=b:144861739
> TEST=- Use a known 32-byte "auth-time secret"
> - Compute the sha256 of the auth-time secret (this is public)
> - u2f_generate with the computed "authTimeSecretHash"
> - Add code to u2f_sign command handler such that cr50 computes
> the sha256 of the supplied auth-time secret at u2f_sign time
> and require power button press if the hmac doesn't match.
> - u2f_sign with the true auth-time secret -> observe in logging
> that hmac matches, and no power button press required.
> - u2f_sign with a wrong auth-time secret -> observe in logging
> that hmac doesn't match, and power button press is required
> for signing.
>
> Cq-Depend: chromium:2321731
> Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
> Signed-off-by: Yicheng Li <yichengli@chromium.org>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Bug: b:144861739
Cq-Depend: chromium:2327779
Exempt-From-Owner-Approval: Causing crbug.com/1111182
Change-Id: I8c8a594d148b92556b20a2753aa1007cf2c1676b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2327358
Tested-by: Archie Pusaka <apusaka@chromium.org>
Reviewed-by: Yicheng Li <yichengli@chromium.org>
Reviewed-by: Archie Pusaka <apusaka@chromium.org>
Commit-Queue: Archie Pusaka <apusaka@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When generating versioned KHs, u2fd should send a public derivative
(sha256) of the user's auth time secret to cr50. Cr50 derives an
hmac of it and appends this authorization_hmac to the KH.
When signing versioned KHs, u2fd may supply the unhashed auth time
secret. Cr50 will check the authorization_hmac if no power button press.
If the reconstructed hmac matches authorization_hmac, power button press
is waived.
Currently for v1, we will just prepare the authorization_hmac but not
enforce it. This is because fingerprint and PIN are unable to unlock
the same secret.
While we waive power button press for v1, we can enforce
authorization_hmac whenever auth-time secrets is ready.
BUG=b:144861739
TEST=- Use a known 32-byte "auth-time secret"
- Compute the sha256 of the auth-time secret (this is public)
- u2f_generate with the computed "authTimeSecretHash"
- Add code to u2f_sign command handler such that cr50 computes
the sha256 of the supplied auth-time secret at u2f_sign time
and require power button press if the hmac doesn't match.
- u2f_sign with the true auth-time secret -> observe in logging
that hmac matches, and no power button press required.
- u2f_sign with a wrong auth-time secret -> observe in logging
that hmac doesn't match, and power button press is required
for signing.
Cq-Depend: chromium:2321731
Change-Id: Ib9ae913667f8178ac7a4790f861d7dada972c4a0
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2317047
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Support generating and signing versioned key handles in addition
to non-versioned ones.
BUG=b:144861739
TEST=used webauthntool to verify that KH generated by old cr50 firmware
can be signed with this firmware
TEST=used webauthntool to verify that non-versioned KH generated by this
firmware can be signed by old cr50 firmware
(This and the first TEST proves that non-versioned path is the
same as old firmware.)
TEST=used webauthntool to verify that non-versioned KH generated by this
firmware can be signed by this firmware
TEST=used webauthntool to verify that versioned KH generated by this
firmware can be signed by this firmware
TEST=test_that --board=nami <IP> firmware_Cr50U2fCommands
Cq-Depend: chromium:2280394
Change-Id: Idf413a1a3e6c35a3e7e651faaa91fe2894b805db
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2202949
Reviewed-by: Louis Collard <louiscollard@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add invocation of power-up known-answer tests (KATs) on power-on
and after failures, while avoiding power-up tests on wake from sleep.
Added console & vendor commands to report FIPS status, run tests,
simulate errors.
BUG=b:138577539
TEST=manual; check console
fips on, fips test, fips sha, fips trng
will add tpmtest for vendor command
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I58790d0637fda683c4b6187ba091edf08757f8ee
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2262055
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Many source files over time started to respect 'bool' and 'size_t'
types for better code readability. However, these types are defined
in stdbool.h and stddef.h headers, so each time they were used
there was a need to include them. util.h included both, and one option
was to use it, but it conflicts with TPM2 library on definition MAX/MIN
BUG=none
TEST=make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ia0aca578e901c60aeafee5278471c228194d36bf
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2258540
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds another NVMEM API, which allows to erase stored TPM
objects selectively. The list of indices of the objects to be erases
is supplied in a zero terminated array.
The existing nvmem_erase_tpm_data() has been modified to erase only
selected objects, if the list of objects is supplied by the caller.
BUG=b:138578447
TEST=Using tpm_manager_client created a bogus NVMEM object, modified
Cr50 code to provide a CLI command which would invoke the new
NVMEM API function to delete the new object.
Invoked 'dump_nvmem' command before and after deleting the bogus
object. Observed the NVMEM contents compacted and the bogus
object deleted. Rebooted the device, observed proper Chrome OS
start up maintaining the existing user account.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I3e299c8004141fa01ff20c290131b6526575c42e
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2253324
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add proper TRNG health tests and CR50-wide DRBG with reseeding
BUG=b:138578157
TEST=tpmtest.py -t1 fails after cr50 reboot.
rand_perf in console (kick-off FIPS TRNG test) and then
tpmtest.py -t1 and tpmtest.py -t2 should succeed.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I94c2dbd7a00dedcf1a0f318539a3c73c0c8076ef
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2251381
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
FIPS 140-2 certification requires that security related output from
module should be disabled until completion of known-answer tests.
However, it's tricky to justify what output is security related, as
most of output data can be used to track current execution stage which
may be helpful for attacker. So, its safer to disable any output for
a short time once internal testing is done.
Provide console_disable_output() and console_enable_output()
functions which are supposed to be used by board initialization code
driving FIPS mode initialization.
BUG=b:138577539
TEST=manual; make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I42902acef7a5e99142ce2b6517ae511f63206e93
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247103
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add FE_LOG_FIPS_FAILURE event type
BUG=b:138577539
TEST=manual
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I11be32598ddbbb327175a656c21abcb8388246d0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2247106
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|