A couple of bugs have crept in with the latest series of patches:
- the board ID value endianness does not have to be changed
- the test RMA server public key value is wrong
BRANCH=cr50
BUG=b:67007905
TEST=the generated challenge is now accepted by the server, and the
generated auth code matches between the server and the Cr50.
Change-Id: I18f413ab0bcc14d9cc50b115ac3784fdfcd5851c
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/700798
Reviewed-by: Michael Tang <ntang@chromium.org>
Different devices could have different sized unique device IDs. Let's
just use the IDs as is if they are no larger than the
rma_challenge:device_id field, or the first 8 bytes of the HMAC_sha256
value of the unique device ID, where the unique device ID is used both
as the key and the payload.
The server expects the board ID field in big endian format, let's swap
it before calculating the RMA auth challenge.
The test's server side implementation needs to be also adjusted.
BRANCH=cr50
BUG=b:37952913
TEST=make buildall -j passes. With the rest of the patches applied RMA
authentication process generates sensible values.
Change-Id: Ia1fbf9161e01de30a2da8214258008f6e5f7d915
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/690991
Reviewed-by: Michael Tang <ntang@chromium.org>
RMA auth uses X25519 to generate a relatively small challenge and
response.
Currently, nothing calls the rma_auth code. We'll need console and
TPM vendor commands to do so.
BUG=b:37952913
BRANCH=none
TEST=make buildall
Change-Id: Iec7f2d0e3dc8243f79b009ead16bb3ba9f1bef9d
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/544184
