Implement tropic provisioning #5525
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
| model | device_test | click_test | persistence_test |
|---|---|---|---|
| T2T1 |  test(all)  main(all)  |
 test(all)  main(all)  |
 test(all)  main(all)  |
| T3B1 |  test(all)  main(all)  |
 test(all)  main(all)  |
 test(all)  main(all)  |
| T3T1 |  test(all)  main(all)  |
 test(all)  main(all)  |
 test(all)  main(all)  |
| T3W1 |  test(all)  main(all)  |
 test(all)  main(all)  |
 test(all)  main(all)  |
Latest CI run: 17072904578
onvej-sl
force-pushed
the
onvej-sl/prodtest-tropic
branch
from
ad989b9 to
e29ef7b
Compare
onvej-sl
requested review from
TychoVrahe,
vdovhanych,
mmilata and
obrusvit
as code owners
Comment on lines
1392
to
1480
| lt_handle_t* tropic_handle = tropic_get_handle(); | ||
| lt_ret_t ret = LT_FAIL; | ||
|
|
||
| systick_delay_ms(80); | ||
| curve25519_key tropic_public = {0}; | ||
| if (secret_key_tropic_public(tropic_public) != sectrue) { | ||
| cli_error(cli, CLI_ERROR, "`secret_key_tropic_public()` failed."); | ||
| goto cleanup; | ||
| } | ||
|
|
||
| curve25519_key privileged_private = {0}; | ||
| if (secret_key_tropic_pairing_privileged(privileged_private) != sectrue) { | ||
| cli_error(cli, CLI_ERROR, | ||
| "`secret_key_tropic_pairing_privileged()` failed."); | ||
| goto cleanup; | ||
| } | ||
| curve25519_key privileged_public = {0}; | ||
| curve25519_scalarmult_basepoint(privileged_public, privileged_private); | ||
|
|
||
| ret = | ||
| lt_session_start(tropic_handle, tropic_public, PRIVILEGED_PAIRING_KEYSLOT, | ||
| privileged_private, privileged_public); | ||
| if (ret != LT_OK) { | ||
| cli_error(cli, CLI_ERROR, | ||
| "`lt_session_start()` for privileged key failed with error %d", | ||
| ret); | ||
| goto cleanup; | ||
| } |
There was a problem hiding this comment.
This code is duplicated across cert_write(), read_cert() and twice in is_paired(). We can define a function like this:
static bool tropic_handshake(int key_slot) {
tropic_handshake_state = TROPIC_HANDSHAKE_STATE_0;
lt_handle_t* tropic_handle = tropic_get_handle();
curve25519_key tropic_public = {0};
if (secret_key_tropic_public(tropic_public) != sectrue) {
cli_error(cli, CLI_ERROR, "`secret_key_tropic_public()` failed.");
goto cleanup;
}
curve25519_key private = {0};
if (key_slot == PRIVILEGED_PAIRING_KEY_SLOT) {
if (secret_key_tropic_pairing_privileged(private) != sectrue) {
cli_error(cli, CLI_ERROR,
"`secret_key_tropic_pairing_privileged()` failed.");
goto cleanup;
}
} else if (key_slot == UNPRIVILEGED_PAIRING_KEY_SLOT) {
if (secret_key_tropic_pairing_unprivileged(private) != sectrue) {
cli_error(cli, CLI_ERROR,
"`secret_key_tropic_pairing_unprivileged()` failed.");
goto cleanup;
}
} else {
cli_error(cli, CLI_ERROR,
"Unknown key_slot.");
goto cleanup;
}
curve25519_key public = {0};
curve25519_scalarmult_basepoint(public, private);
lt_ret_t ret =
lt_session_start(tropic_handle, tropic_public, key_slot,
private, public);
if (ret != LT_OK) {
cli_error(cli, CLI_ERROR,
"`lt_session_start()` for privileged key failed with error %d",
ret);
goto cleanup;
}
cleanup:
memzero(private, sizeof(private));
return ret == LT_OK; // TODO set ret correctly above
}- Maybe we can reuse/replace
tropic_init()from embed/sec/tropic/tropic.c? I didn't look closely enough. The error handling would probably complicate things. - Probably makes sense to add
FACTORY_PAIRING_KEY_SLOTto the if-else, so that it can be used inprodtest_tropic_pair(), again I didn't look close enough.
There was a problem hiding this comment.
Also, I don't know how long the handshake takes, but we could optimize this, so that if the handshake is already active we don't repeat it. For example replace TROPIC_HANDSHAKE_STATE_1 with different states for each key:
TROPIC_HANDSHAKE_STATE_FACTORY
TROPIC_HANDSHAKE_STATE_PRIVILEGED
TROPIC_HANDSHAKE_STATE_UNPRIVILEGED
TROPIC_HANDSHAKE_STATE_HSM
There was a problem hiding this comment.
I agree with you, and I wanted to refactor it exactly as you suggested, but I considered it a low priority.
Merged
onvej-sl
force-pushed
the
onvej-sl/prodtest-tropic
branch
from
0723387 to
695cd1a
Compare
|
I squashed all the fix-up commits, reordered the commits, and changed the commit messages. The diff between the old branch and the new branch is empty. |
onvej-sl
force-pushed
the
onvej-sl/prodtest-tropic
branch
from
15934d0 to
6099c3a
Compare
|
@andrewkozlik Could you please review 01675e0? |
[no changelog]
[no changelog]
[no changelog]
onvej-sl
force-pushed
the
onvej-sl/prodtest-tropic
branch
from
04488d9 to
f1bff16
Compare
onvej-sl
force-pushed
the
onvej-sl/prodtest-tropic
branch
from
f1bff16 to
3d04afe
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.