diff options
author | Joseph Jang <josephjang@google.com> | 2022-04-26 19:34:19 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-04-26 19:34:19 +0000 |
commit | dec0d32d50388e69065589b37558d9fbc1d7d3b1 (patch) | |
tree | d8e2465533f6e2a174bd42675987fbd88a1f7ac1 | |
parent | 20f2d2ee27362e5bb5fa95d675f32f749892ec86 (diff) | |
parent | d36a738233db06ba165243048fbea39f96abd81d (diff) | |
download | generic-dec0d32d50388e69065589b37558d9fbc1d7d3b1.tar.gz |
Merge remote-tracking branch 'goog/upstream-master' into D2-TM-007 am: d36a738233
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/nos/host/generic/+/17631528
Change-Id: Ic216a943210cab7df73335eb6bc268ac50476fb7
Ignore-AOSP-First: this is an automerge
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | nugget/include/app_nugget.h | 78 | ||||
-rw-r--r-- | nugget/include/citadel_events.h | 4 |
2 files changed, 82 insertions, 0 deletions
diff --git a/nugget/include/app_nugget.h b/nugget/include/app_nugget.h index fbf5ddd..f713299 100644 --- a/nugget/include/app_nugget.h +++ b/nugget/include/app_nugget.h @@ -467,6 +467,84 @@ struct gsa_gsc_psk_persist_storage { * @param reply_len 64 + 32 */ +/** + * enum gsa_gsc_psk_state - GSA-GSC PSK state + * @GSA_GSC_PSK_STATE_UNKNOWN: Unknown state (initial state) + * @GSA_GSC_PSK_STATE_KEY_VERIFY_SUCCESS: GSA and GSC PSK match + * @GSA_GSC_PSK_STATE_KEY_MISMATCH: GSA and GSC PSK mismatch + * @GSA_GSC_PSK_STATE_GSA_INTERNAL_ERROR: GSA has internal error + * @GSA_GSC_PSK_STATE_GSA_HAS_NO_KEY: GSA has no PSK + * @GSA_GSC_PSK_STATE_GSA_CRYPTO_PRNG_FAIL: GSA crypto prng function fail + * @GSA_GSC_PSK_STATE_GSA_CRYPTO_HKDF_FAIL: GSA crypto HKDF function fail + * @GSA_GSC_PSK_STATE_GSA_CRYPTO_HMAC_FAIL: GSA crypto HMAC function fail + * @GSA_GSC_PSK_STATE_GSA_CRYPTO_DONE: GSA crypto operations complete + * @GSA_GSC_PSK_STATE_GSC_HAS_NO_KEY: GSC has no PSK + * @GSA_GSC_PSK_STATE_GSC_NOT_IN_BOOTLOADER: GSC is not in bootloader + * @GSA_GSC_PSK_STATE_GSC_INVALID_PARAMETER: GSC received invalid request data + * @GSA_GSC_PSK_STATE_GSC_INTERNAL_ERROR: GSC has internal error + * @GSA_GSC_PSK_STATE_GSC_CRYPTO_HKDF_FAIL: GSC crypto HKDF function fail + * @GSA_GSC_PSK_STATE_GSC_CRYPTO_HMAC_FAIL: GSC crypto HMAC function fail + * @GSA_GSC_PSK_STATE_GSC_EXCEED_MAX_RETRY_COUNT: exceed max psk verification retry count (100) + * @GSA_GSA_PSK_STATE_GSC_NOS_CALL_FAIL: GSC nos call fail + */ +enum gsa_gsc_psk_state { + GSA_GSC_PSK_STATE_UNKNOWN, + GSA_GSC_PSK_STATE_KEY_VERIFY_SUCCESS, + GSA_GSC_PSK_STATE_KEY_MISMATCH, + GSA_GSC_PSK_STATE_GSA_INTERNAL_ERROR, + GSA_GSC_PSK_STATE_GSA_HAS_NO_KEY, + GSA_GSC_PSK_STATE_GSA_CRYPTO_PRNG_FAIL, + GSA_GSC_PSK_STATE_GSA_CRYPTO_HKDF_FAIL, + GSA_GSC_PSK_STATE_GSA_CRYPTO_HMAC_FAIL, + GSA_GSC_PSK_STATE_GSA_CRYPTO_DONE, + GSA_GSC_PSK_STATE_GSC_HAS_NO_KEY, + GSA_GSC_PSK_STATE_GSC_NOT_IN_BOOTLOADER, + GSA_GSC_PSK_STATE_GSC_INVALID_PARAMETER, + GSA_GSC_PSK_STATE_GSC_INTERNAL_ERROR, + GSA_GSC_PSK_STATE_GSC_CRYPTO_HKDF_FAIL, + GSA_GSC_PSK_STATE_GSC_CRYPTO_HMAC_FAIL, + GSA_GSC_PSK_STATE_GSC_EXCEED_MAX_RETRY_COUNT, + GSA_GSA_PSK_STATE_GSC_NOS_CALL_FAIL, +}; + +#define VERIFY_PSK_REQ_HEADER_SIZE 17 +#define VERIFY_PSK_REQ_VERSION 0 +#define VERIFY_PSK_NONCE_SIZE 32 +#define VERIFY_PSK_HMAC_SIZE 32 +/** + * struct verify_psk_request - verify gsa-gsc pre-shared key request + * @version: struct verify_psk_request version + * @header: header of verify_psk_request + * @nonce: 12 bytes random number + * @gsa_psk_state: GSA pre-shared key state + * @hmac: hmac = HMAC-SHA256(key = derived-psk, data = version || header || + * nonce || gsa_psk_state) + */ +struct verify_psk_request { + char header[VERIFY_PSK_REQ_HEADER_SIZE]; + uint8_t version; + uint8_t nonce[VERIFY_PSK_NONCE_SIZE]; + uint8_t gsa_psk_state; + uint8_t hmac[VERIFY_PSK_HMAC_SIZE]; +}; + +#define VERIFY_SECURE_CHANNEL_RETRY_COUNT_VERSION 0 +struct secure_channel_retry_count_persist_storage { + uint8_t version; + uint8_t verify_psk_retry_count; + uint8_t reserved[2]; +}; + +#define NUGGET_PARAM_VERIFY_GSA_GSC_PSK 0x0018 +/* + * Verify GSA GSC pre-shared key command + * + * @param args struct verify_psk_request + * @param arg_len 63 bytes + * @param reply psk verification result + * @param reply_len 1 bytes + */ + /****************************************************************************/ /* Test related commands */ diff --git a/nugget/include/citadel_events.h b/nugget/include/citadel_events.h index 3e3a33e..24babee 100644 --- a/nugget/include/citadel_events.h +++ b/nugget/include/citadel_events.h @@ -64,6 +64,7 @@ enum event_id { EVENT_REBOOTED = 2, // Device rebooted. EVENT_UPGRADED = 3, // Device has upgraded. EVENT_ALERT_V2 = 4, // Globalsec Alertv2 fired + EVENT_SEC_CH_STATE = 5, // Update GSA-GSC secure channel state. }; /* @@ -103,6 +104,9 @@ struct event_record { uint16_t temp_max; uint32_t bus_err; } alert_v2; + struct { + uint32_t state; + } sec_ch_state; /* uninterpreted */ union { |