mirror of
https://github.com/Telecominfraproject/OpenCellular.git
synced 2025-12-29 10:00:51 +00:00
282765fdd4
RMA auth uses X25519 to generate a relatively small challenge and response. Currently, nothing calls the rma_auth code. We'll need console and TPM vendor commands to do so. BUG=b:37952913 BRANCH=none TEST=make buildall Change-Id: Iec7f2d0e3dc8243f79b009ead16bb3ba9f1bef9d Signed-off-by: Randall Spangler <rspangler@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/544184
81 lines
2.3 KiB
C
81 lines
2.3 KiB
C
/* Copyright 2017 The Chromium OS Authors. All rights reserved.
|
|
* Use of this source code is governed by a BSD-style license that can be
|
|
* found in the LICENSE file.
|
|
*/
|
|
|
|
/* RMA challenge-response */
|
|
|
|
#ifndef __CROS_EC_RMA_AUTH_H
|
|
#define __CROS_EC_RMA_AUTH_H
|
|
|
|
#include <stdint.h>
|
|
|
|
/* Test server public and private keys */
|
|
#define RMA_TEST_SERVER_PUBLIC_KEY { \
|
|
0x03, 0xae, 0x2d, 0x2c, 0x06, 0x23, 0xe0, 0x73, \
|
|
0x0d, 0xd3, 0xb7, 0x92, 0xac, 0x54, 0xc5, 0xfd, \
|
|
0x7e, 0x9c, 0xf0, 0xa8, 0xeb, 0x7e, 0x2a, 0xb5, \
|
|
0xdb, 0xf4, 0x79, 0x5f, 0x8a, 0x0f, 0x28, 0x3f}
|
|
#define RMA_TEST_SERVER_PRIVATE_KEY { \
|
|
0x47, 0x3b, 0xa5, 0xdb, 0xc4, 0xbb, 0xd6, 0x77, \
|
|
0x20, 0xbd, 0xd8, 0xbd, 0xc8, 0x7a, 0xbb, 0x07, \
|
|
0x03, 0x79, 0xba, 0x7b, 0x52, 0x8c, 0xec, 0xb3, \
|
|
0x4d, 0xaa, 0x69, 0xf5, 0x65, 0xb4, 0x31, 0xad}
|
|
#define RMA_TEST_SERVER_KEY_ID 0x10
|
|
|
|
/* Current challenge protocol version */
|
|
#define RMA_CHALLENGE_VERSION 0
|
|
|
|
/* Getters and setters for version_key_id byte */
|
|
#define RMA_CHALLENGE_VKID_BYTE(version, keyid) \
|
|
(((version) << 6) | ((keyid) & 0x3f))
|
|
#define RMA_CHALLENGE_GET_VERSION(vkidbyte) ((vkidbyte) >> 6)
|
|
#define RMA_CHALLENGE_GET_KEY_ID(vkidbyte) ((vkidbyte) & 0x3f)
|
|
|
|
struct __packed rma_challenge {
|
|
/* Top 2 bits are protocol version; bottom 6 are server KeyID */
|
|
uint8_t version_key_id;
|
|
|
|
/* Ephemeral public key from device */
|
|
uint8_t device_pub_key[32];
|
|
|
|
/* Board ID (.type) */
|
|
uint8_t board_id[4];
|
|
|
|
/* Device ID */
|
|
uint8_t device_id[8];
|
|
};
|
|
|
|
/* Size of encoded challenge and response, and buffer sizes to hold them */
|
|
#define RMA_CHALLENGE_CHARS 80
|
|
#define RMA_CHALLENGE_BUF_SIZE (RMA_CHALLENGE_CHARS + 1)
|
|
|
|
#define RMA_AUTHCODE_CHARS 8
|
|
#define RMA_AUTHCODE_BUF_SIZE (RMA_AUTHCODE_CHARS + 1)
|
|
|
|
/**
|
|
* Create a new RMA challenge/response
|
|
*
|
|
* @return EC_SUCCESS, EC_ERROR_TIMEOUT if too soon since the last challenge,
|
|
* or other non-zero error code.
|
|
*/
|
|
int rma_create_challenge(void);
|
|
|
|
/**
|
|
* Get the current challenge string
|
|
*
|
|
* @return a pointer to the challenge string. String will be empty if there
|
|
* is no active challenge.
|
|
*/
|
|
const char *rma_get_challenge(void);
|
|
|
|
/**
|
|
* Try a RMA authorization code
|
|
*
|
|
* @param code Authorization code to try
|
|
* @return EC_SUCCESS if the response was correct, or non-zero error code.
|
|
*/
|
|
int rma_try_authcode(const char *code);
|
|
|
|
#endif
|