cr50: Change G2F cert CN to "CrOS"
BUG=b:132310780 TEST=flash to soraka, retrieve G2F cert, check CN retrieve anonymous U2F cert, check CN unchanged BRANCH=none Change-Id: Id409ac5d534f2ee9e16376d690f58b184f5ac1a6 Signed-off-by: Louis Collard <louiscollard@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1614581 Reviewed-by: Andrey Pronin <apronin@chromium.org> Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org> Commit-Queue: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
This commit is contained in:
parent
7ee4215a9f
commit
6072cc9c03
|
@ -278,6 +278,10 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len,
|
|||
int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
|
||||
const p256_int *pk_y, const p256_int *serial,
|
||||
uint8_t *cert, const int n);
|
||||
int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x,
|
||||
const p256_int *pk_y, const p256_int *serial,
|
||||
const char *name, uint8_t *cert,
|
||||
const int n);
|
||||
|
||||
/*
|
||||
* Memory related functions.
|
||||
|
|
|
@ -405,10 +405,8 @@ int DCRYPTO_x509_verify(const uint8_t *cert, size_t len,
|
|||
|
||||
/* ---- Certificate generation ---- */
|
||||
|
||||
static void add_common_name(struct asn1 *ctx, int unique)
|
||||
static void add_common_name(struct asn1 *ctx, const char *cname)
|
||||
{
|
||||
const char *cname = unique ? STRINGIFY(BOARD) : "U2F";
|
||||
|
||||
SEQ_START(*ctx, V_SEQ, SEQ_SMALL) {
|
||||
SEQ_START(*ctx, V_SET, SEQ_SMALL) {
|
||||
SEQ_START(*ctx, V_SEQ, SEQ_SMALL) {
|
||||
|
@ -422,9 +420,9 @@ static void add_common_name(struct asn1 *ctx, int unique)
|
|||
SEQ_END(*ctx);
|
||||
}
|
||||
|
||||
int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
|
||||
const p256_int *pk_y, const p256_int *serial,
|
||||
uint8_t *cert, const int n)
|
||||
int DCRYPTO_x509_gen_u2f_cert_name(const p256_int *d, const p256_int *pk_x,
|
||||
const p256_int *pk_y, const p256_int *serial,
|
||||
const char *name, uint8_t *cert, const int n)
|
||||
{
|
||||
struct asn1 ctx = {cert, 0};
|
||||
HASH_CTX sha;
|
||||
|
@ -460,7 +458,7 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
|
|||
SEQ_END(ctx);
|
||||
|
||||
/* Issuer */
|
||||
add_common_name(&ctx, !!serial);
|
||||
add_common_name(&ctx, name);
|
||||
|
||||
/* Expiry */
|
||||
SEQ_START(ctx, V_SEQ, SEQ_SMALL) {
|
||||
|
@ -470,7 +468,7 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
|
|||
SEQ_END(ctx);
|
||||
|
||||
/* Subject */
|
||||
add_common_name(&ctx, !!serial);
|
||||
add_common_name(&ctx, name);
|
||||
|
||||
/* Subject pk */
|
||||
SEQ_START(ctx, V_SEQ, SEQ_SMALL) {
|
||||
|
@ -536,3 +534,12 @@ int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
|
|||
|
||||
return ctx.n;
|
||||
}
|
||||
|
||||
int DCRYPTO_x509_gen_u2f_cert(const p256_int *d, const p256_int *pk_x,
|
||||
const p256_int *pk_y, const p256_int *serial,
|
||||
uint8_t *cert, const int n)
|
||||
{
|
||||
return DCRYPTO_x509_gen_u2f_cert_name(d, pk_x, pk_y, serial,
|
||||
serial ? STRINGIFY(BOARD) : "U2F",
|
||||
cert, n);
|
||||
}
|
||||
|
|
|
@ -16,6 +16,8 @@
|
|||
#include "u2f.h"
|
||||
#include "util.h"
|
||||
|
||||
#define G2F_CERT_NAME "CrOS"
|
||||
|
||||
#define CPRINTF(format, args...) cprintf(CC_EXTENSION, format, ##args)
|
||||
|
||||
/* Crypto parameters */
|
||||
|
@ -79,7 +81,8 @@ static int individual_cert(const p256_int *d, const p256_int *pk_x,
|
|||
if (system_get_chip_unique_id((uint8_t **)&serial) != P256_NBYTES)
|
||||
return 0;
|
||||
|
||||
return DCRYPTO_x509_gen_u2f_cert(d, pk_x, pk_y, serial, cert, n);
|
||||
return DCRYPTO_x509_gen_u2f_cert_name(d, pk_x, pk_y, serial,
|
||||
G2F_CERT_NAME, cert, n);
|
||||
}
|
||||
|
||||
int g2f_attestation_cert(uint8_t *buf)
|
||||
|
|
Loading…
Reference in New Issue