From ba78fa41735f90ddab0f6a519e13f16d02187f1c Mon Sep 17 00:00:00 2001
From: Nicolas Boichat <drinkcat@google.com>
Date: Wed, 24 May 2017 15:12:18 +0800
Subject: [PATCH] usb_update: Add support for INJECT_ENTROPY command

As part of the pairing process, AP needs to be able to inject
some entropy into the base.

Let's also define PAIR_CHALLENGE, which will be implemented in
a later CL.

BRANCH=none
BUG=b:38487027
TEST=Flash hammer. On host, reboot hammer to RO:
     usb_updater2 -r; sleep 0.5; usb_updater2 -s
     usb_updater2 -e (adds entropy)
     EC console: check that rollbackinfo shows secret is updated

Change-Id: I964bb578c6bfbb1ab5105a70b43682d51df4ed47
Reviewed-on: https://chromium-review.googlesource.com/513807
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
---
 common/usb_update.c | 24 ++++++++++++++++++++++++
 include/update_fw.h |  2 ++
 2 files changed, 26 insertions(+)

diff --git a/common/usb_update.c b/common/usb_update.c
index 0c14d8dfbf..153411b5e0 100644
--- a/common/usb_update.c
+++ b/common/usb_update.c
@@ -11,6 +11,7 @@
 #include "flash.h"
 #include "queue_policies.h"
 #include "host_command.h"
+#include "rollback.h"
 #include "rwsig.h"
 #include "system.h"
 #include "update_fw.h"
@@ -201,7 +202,30 @@ static int try_vendor_command(struct consumer const *consumer, size_t count)
 			flash_set_protect(EC_FLASH_PROTECT_ROLLBACK_AT_BOOT, 0);
 			response = EC_RES_SUCCESS;
 			break;
+#ifdef CONFIG_ROLLBACK_SECRET_SIZE
+#ifdef CONFIG_ROLLBACK_UPDATE
+		case UPDATE_EXTRA_CMD_INJECT_ENTROPY: {
+			/*
+			 * Check that we are provided enough data (header +
+			 * 2 bytes subcommand + secret length).
+			 */
+			int header_size = sizeof(*cmd_buffer) + 2;
+			int entropy_count = count-header_size;
+
+			if (entropy_count < CONFIG_ROLLBACK_SECRET_SIZE) {
+				CPRINTS("Entropy too short");
+				response = EC_RES_INVALID_PARAM;
+				break;
+			}
+
+			CPRINTS("Adding %db of entropy", entropy_count);
+			/* Add the whole buffer to entropy. */
+			rollback_add_entropy(buffer+header_size, entropy_count);
+			break;
+		}
 #endif
+#endif /* CONFIG_ROLLBACK_SECRET_SIZE */
+#endif /* CONFIG_ROLLBACK */
 		default:
 			response = EC_RES_INVALID_COMMAND;
 		}
diff --git a/include/update_fw.h b/include/update_fw.h
index a5fb27ed22..72e278fcc6 100644
--- a/include/update_fw.h
+++ b/include/update_fw.h
@@ -162,6 +162,8 @@ enum update_extra_command {
 	UPDATE_EXTRA_CMD_STAY_IN_RO = 2,
 	UPDATE_EXTRA_CMD_UNLOCK_RW = 3,
 	UPDATE_EXTRA_CMD_UNLOCK_ROLLBACK = 4,
+	UPDATE_EXTRA_CMD_INJECT_ENTROPY = 5,
+	UPDATE_EXTRA_CMD_PAIR_CHALLENGE = 6,
 };
 
 void fw_update_command_handler(void *body,