Issue metadata
Sign in to add a comment
|
Update cryptohome to support low-entropy credential sign in |
||||||||||||||||||||
Issue descriptionFeature description: Add support to cryptohome to allow sign-in using low entropy credentials, verified by Secure module Cr50 (implementing TPM). This bug tracks the cryptohome side of changes, which includes (but is not limited to): - Implementing a hash tree to store credential metadata. - Define protocol buffer to store credential metadata. - Implementing interface with TPM to calculate / store and retrieve hashes (including root hash, and Credential metadata HMAC). - Implement interface with Chrome OS signin in UI to obtain low-entropy credential. Eng owner: pmalani / mnissler Product owner: mnissler ? Design doc: https://docs.google.com/document/d/15KiB-DA_2eyNF-vEipqmOhTDQ5A4MDDfvJYx9vDileY/edit#heading=h.z706x6nmh6b4 Are you planning on experimenting before launch? Yes Any new strings? No Any implications for Google webservices (i.e. sync, translate)? No Binary size? N/A Do the existing perf tests exercise all aspects of your new feature(s)? No
,
Feb 5 2018
,
Feb 5 2018
,
Feb 5 2018
,
Feb 6 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/3ee31b6a65506500ccbc3b3c42c0ed6dfd03acf6 commit 3ee31b6a65506500ccbc3b3c42c0ed6dfd03acf6 Author: Prashant Malani <pmalani@google.com> Date: Tue Feb 06 03:08:45 2018 cryptohome: Add class for sign-in hash tree This patch introduces a class to handle the storage and management of the low entropy credential metadata. A hash tree is used as the data structure. This class utilizes a PersistentLookupTable as a back-end to store the credential metadata (which occupy the leaf nodes of the hash tree) on disk. This class also uses a file to store the hashes of the inner nodes of the hash tree. This file is called the HashCache file. There is support for the following operations in the SignInHashTree: - GetLabel - StoreLabel - RemoveLabel This patch also adds a PersistentLookupTableMock class which mocks the functionality of the underlying PersistentLookupTable for unit tests. BUG= chromium:794010 TEST=cryptohome unit tests pass Change-Id: I5c43a3d83ac5733ab32114775d3cbf25436d9d33 Reviewed-on: https://chromium-review.googlesource.com/846661 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Mattias Nissler <mnissler@chromium.org> [add] https://crrev.com/3ee31b6a65506500ccbc3b3c42c0ed6dfd03acf6/cryptohome/sign_in_hash_tree.cc [add] https://crrev.com/3ee31b6a65506500ccbc3b3c42c0ed6dfd03acf6/cryptohome/sign_in_hash_tree.h [modify] https://crrev.com/3ee31b6a65506500ccbc3b3c42c0ed6dfd03acf6/cryptohome/cryptohome.gyp [add] https://crrev.com/3ee31b6a65506500ccbc3b3c42c0ed6dfd03acf6/cryptohome/sign_in_hash_tree_unittest.cc
,
Feb 6 2018
,
Feb 6 2018
,
Feb 6 2018
,
Feb 6 2018
,
Feb 6 2018
,
Feb 6 2018
,
Feb 6 2018
,
Feb 6 2018
,
Feb 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/87669ba77a43a6e3f31966b0b43c2429a3d9b66e commit 87669ba77a43a6e3f31966b0b43c2429a3d9b66e Author: Prashant Malani <pmalani@google.com> Date: Fri Feb 09 15:55:37 2018 cryptohome: Add protobuf for hash tree leaf data Instead of writing a raw vector, encapsulate the leaf data into a protobuf before writing it out to the disk. Also, modify the logic of GenerateAndStoreHashCache(), so that all the leaf nodes are first updated in the HashCache file, and then CalculateHash() generates all the inner hashes. Additonally, slightly change the semantics of GetLabelData(); now, if the label doesn't exist in the tree, return an all-zero HMAC. Return false only if we aren't able to read the leaf label value due to an error. Also, change the return types of PersistentLookupTable functions to disambiguate between table storage errors, and keys not being present. Finally, remove some unused code in the unit tests. BUG= chromium:794010 , chromium:809703 TEST=cryptohome unit tests pass Change-Id: I5dd4fe37df8dbd1b34bdc40e2e42a64e96b4233c Reviewed-on: https://chromium-review.googlesource.com/902612 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Prashant Malani <pmalani@google.com> [modify] https://crrev.com/87669ba77a43a6e3f31966b0b43c2429a3d9b66e/cryptohome/sign_in_hash_tree.h [modify] https://crrev.com/87669ba77a43a6e3f31966b0b43c2429a3d9b66e/cryptohome/persistent_lookup_table.h [modify] https://crrev.com/87669ba77a43a6e3f31966b0b43c2429a3d9b66e/cryptohome/persistent_lookup_table.cc [add] https://crrev.com/87669ba77a43a6e3f31966b0b43c2429a3d9b66e/cryptohome/hash_tree_leaf_data.proto [modify] https://crrev.com/87669ba77a43a6e3f31966b0b43c2429a3d9b66e/cryptohome/cryptohome.gyp [modify] https://crrev.com/87669ba77a43a6e3f31966b0b43c2429a3d9b66e/cryptohome/sign_in_hash_tree.cc [modify] https://crrev.com/87669ba77a43a6e3f31966b0b43c2429a3d9b66e/cryptohome/sign_in_hash_tree_unittest.cc [modify] https://crrev.com/87669ba77a43a6e3f31966b0b43c2429a3d9b66e/cryptohome/persistent_lookup_table_unittest.cc
,
Feb 14 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/9280fec475d5501b616f170a2442588fea2bd4fa commit 9280fec475d5501b616f170a2442588fea2bd4fa Author: Prashant Malani <pmalani@google.com> Date: Wed Feb 14 05:16:19 2018 cryptohome: Update hash tree HashCache path on insert/remove This patch updates the HashCache when a label is inserted or removed from the SignInHashTree. A unit test is also added to verify this functionality. BUG= chromium:794010 , chromium:809703 TEST=cryptohome unit tests pass Change-Id: Ib479634da788f82f3db1110ccce71feb9bfa8a28 Reviewed-on: https://chromium-review.googlesource.com/912193 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Greg Kerr <kerrnel@chromium.org> [modify] https://crrev.com/9280fec475d5501b616f170a2442588fea2bd4fa/cryptohome/sign_in_hash_tree.cc [modify] https://crrev.com/9280fec475d5501b616f170a2442588fea2bd4fa/cryptohome/sign_in_hash_tree.h [modify] https://crrev.com/9280fec475d5501b616f170a2442588fea2bd4fa/cryptohome/sign_in_hash_tree_unittest.cc
,
Feb 18 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/9f9b8992273f746f8e57f66c1c6c5fb0380c0165 commit 9f9b8992273f746f8e57f66c1c6c5fb0380c0165 Author: Prashant Malani <pmalani@google.com> Date: Sun Feb 18 01:59:02 2018 cryptohome: Add TPM stubs for Low Entropy sign in operations This patch adds a LECredentialBackend interface for the various operations required for Low Entropy(LE) Credential sign in protection. TPM 1.2 won't support LE Credentials, so the GetLECredentialBackend() function for it will return a nullptr. TPM 2.0 does return a pointer to an implementation of the interface. The implementation currently only contains stubs which will eventually call the corresponding trunks functions. BUG= chromium:794010 , chromium:809713, chromium:809718, chromium:809720 TEST=cros_run_unit_tests --board=kevin --packages cryptohome passes. Change-Id: I057b4e2347426e34717bb9174c1b9fee93f696fc Reviewed-on: https://chromium-review.googlesource.com/914961 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Mattias Nissler <mnissler@chromium.org> [modify] https://crrev.com/9f9b8992273f746f8e57f66c1c6c5fb0380c0165/cryptohome/tpm2_impl.cc [modify] https://crrev.com/9f9b8992273f746f8e57f66c1c6c5fb0380c0165/cryptohome/mock_tpm.cc [modify] https://crrev.com/9f9b8992273f746f8e57f66c1c6c5fb0380c0165/cryptohome/tpm_impl.cc [add] https://crrev.com/9f9b8992273f746f8e57f66c1c6c5fb0380c0165/cryptohome/le_credential_backend.h [modify] https://crrev.com/9f9b8992273f746f8e57f66c1c6c5fb0380c0165/cryptohome/tpm2_impl.h [modify] https://crrev.com/9f9b8992273f746f8e57f66c1c6c5fb0380c0165/cryptohome/tpm_impl.h [modify] https://crrev.com/9f9b8992273f746f8e57f66c1c6c5fb0380c0165/cryptohome/stub_tpm.h [modify] https://crrev.com/9f9b8992273f746f8e57f66c1c6c5fb0380c0165/cryptohome/mock_tpm.h [modify] https://crrev.com/9f9b8992273f746f8e57f66c1c6c5fb0380c0165/cryptohome/tpm.h
,
Feb 19 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/1bb2a575daeccf99769de5fd1b31db2438ad4cb8 commit 1bb2a575daeccf99769de5fd1b31db2438ad4cb8 Author: Prashant Malani <pmalani@google.com> Date: Mon Feb 19 17:27:18 2018 cryptohome: Add isValid() function for SignInHashTree BUG=chromium:809703, chromium: 794010 TEST=cros_run_unit_tests Change-Id: Ie84f27fcbea42357275c80e45440d8c89f76aa86 Reviewed-on: https://chromium-review.googlesource.com/925081 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Mattias Nissler <mnissler@chromium.org> [modify] https://crrev.com/1bb2a575daeccf99769de5fd1b31db2438ad4cb8/cryptohome/sign_in_hash_tree.h
,
Feb 22 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/system_api/+/7d15090bd03615b00e6ad070da5e85c0aa76aa13 commit 7d15090bd03615b00e6ad070da5e85c0aa76aa13 Author: Jacob Dufault <jdufault@google.com> Date: Thu Feb 22 03:52:02 2018 cryptohome: support key policies and LE credentials This CL adds new functionality to cryptohome API: 1) Specifying policies for keys. 2) Requesting info on the supported key policies. 3) Key policy for low entropy credentials. BUG= chromium:794010 TEST=emerge system_api Change-Id: I86f111291366fa6b88632b8ba919183b644fc76b Reviewed-on: https://chromium-review.googlesource.com/448976 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/7d15090bd03615b00e6ad070da5e85c0aa76aa13/dbus/cryptohome/key.proto [modify] https://crrev.com/7d15090bd03615b00e6ad070da5e85c0aa76aa13/dbus/cryptohome/rpc.proto [modify] https://crrev.com/7d15090bd03615b00e6ad070da5e85c0aa76aa13/dbus/cryptohome/dbus-constants.h
,
Feb 22 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc commit d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc Author: Andrey Pronin <apronin@chromium.org> Date: Thu Feb 22 03:52:03 2018 cryptohome: API stubs for key policies Implements stubs for the key policies API and basic wiring for LECredentials policy. Implements cryptohome CLI API for checking supported key policies and adding keys with LECredential policy. CQ-DEPEND=CL:448976 BUG= chromium:794010 TEST=1)emerge, unit tests 2) cryptohome --action=get_supported_key_policies succeeds and "reports low_entropy_credentials: false" 3) cryptohome --action=add_key_ex --key_policy=le --user=<user> --new_key_label=<label> returns an error and prints "Low entropy credentials are not supported." in the log. 4) cryptohome --action=add_key_ex --user=<user> --new_key_label=<label> (without new policies) succeeds. Change-Id: Ib5bf6d98ac1b45d55c8e03ad8b8ffacca0be73e8 Reviewed-on: https://chromium-review.googlesource.com/923416 Commit-Ready: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/vault_keyset.proto [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/interface.h [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/etc/Cryptohome.conf [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/cryptohome.cc [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/vault_keyset.h [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/service.h [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/vault_keyset.cc [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/crypto.h [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/interface.cc [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/crypto.cc [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/service.cc [modify] https://crrev.com/d4a5c81bd618e2ec50b4d0a71d26ddcc7654f9bc/cryptohome/dbus_bindings/org.chromium.CryptohomeInterface.xml
,
Feb 22 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/74783da92e1d2b28c3eb6325a5e7b63b39d348dd commit 74783da92e1d2b28c3eb6325a5e7b63b39d348dd Author: Prashant Malani <pmalani@google.com> Date: Thu Feb 22 06:26:42 2018 cryptohome: Add Low Entropy credential manager class This class deals with managing and authenticating low entropy(LE) credentials for the system. Functionality currently provided includes: - Adding an LE secret - Authenticating an LE secret. - Removing an LE secret. This class relies on the LECredentialBackend interface to communicate with the Cr50 (TPM) for the Cr50-side of the above mentioned operations. BUG= chromium:794010 , chromium:809718, chromium:809720, chromium:809713 TEST=cros_run_unit_tests passes on kevin and eve. Change-Id: I803ab10c5031a1dcf080890a4e3536b315e572fb Reviewed-on: https://chromium-review.googlesource.com/925042 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org> [add] https://crrev.com/74783da92e1d2b28c3eb6325a5e7b63b39d348dd/cryptohome/le_credential_manager.h [add] https://crrev.com/74783da92e1d2b28c3eb6325a5e7b63b39d348dd/cryptohome/le_credential_manager.cc [modify] https://crrev.com/74783da92e1d2b28c3eb6325a5e7b63b39d348dd/cryptohome/cryptohome.gyp [modify] https://crrev.com/74783da92e1d2b28c3eb6325a5e7b63b39d348dd/cryptohome/le_credential_backend.h
,
Feb 28 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/ee7ade30f447d01bac853a7a81bf5c6d5d777fe3 commit ee7ade30f447d01bac853a7a81bf5c6d5d777fe3 Author: Prashant Malani <pmalani@google.com> Date: Wed Feb 28 08:44:11 2018 cryptohome: Add unit tests for LECredentialManager Add a few unit tests for the LECredentialManager class. In order to meaningfully verify class behaviour, we introduce a FakeLECredentialBackend implementation of the LECredentialBackend interface, which mimics the expected behaviour on the Cr50 side. A few things are missing in the fake implementation, which will be added in subsequent CLs: - Time stamp support - Delay schedule support. Still, this serves as a functioning baseline, from which we can modify both the unit tests and the FakeLECredentialBackend, as the corresponding behaviour in the real Cr50 implementation gets finalized. BUG= chromium:794010 , chromium:809718, chromium:809720, chromium:809713 TEST=cros_run_unit_tests passes on eve. Change-Id: I12ceeff46ed9beba283ce78b43ec971e07430854 Reviewed-on: https://chromium-review.googlesource.com/933081 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org> [add] https://crrev.com/ee7ade30f447d01bac853a7a81bf5c6d5d777fe3/cryptohome/fake_le_credential_backend.cc [add] https://crrev.com/ee7ade30f447d01bac853a7a81bf5c6d5d777fe3/cryptohome/fake_le_credential_metadata.proto [modify] https://crrev.com/ee7ade30f447d01bac853a7a81bf5c6d5d777fe3/cryptohome/le_credential_backend.h [add] https://crrev.com/ee7ade30f447d01bac853a7a81bf5c6d5d777fe3/cryptohome/le_credential_manager_unittest.cc [modify] https://crrev.com/ee7ade30f447d01bac853a7a81bf5c6d5d777fe3/cryptohome/le_credential_manager.cc [add] https://crrev.com/ee7ade30f447d01bac853a7a81bf5c6d5d777fe3/cryptohome/fake_le_credential_backend.h [modify] https://crrev.com/ee7ade30f447d01bac853a7a81bf5c6d5d777fe3/cryptohome/le_credential_manager.h [modify] https://crrev.com/ee7ade30f447d01bac853a7a81bf5c6d5d777fe3/cryptohome/cryptohome.gyp
,
Mar 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/153eb2ac60cef3b644b8abe41bca9a8845149559 commit 153eb2ac60cef3b644b8abe41bca9a8845149559 Author: Prashant Malani <pmalani@google.com> Date: Fri Mar 02 03:13:28 2018 cryptohome: Add IsSupported function to LECredentialBackend This will enable callers to explicitly query whether the Backend does indeed support Low Entropy (LE) Credential protection. BUG= chromium:794010 TEST=cros_run_unit_tests for eve passes. Change-Id: Ic20a4af87ef5049e6426e48247478de8ce3da401 Reviewed-on: https://chromium-review.googlesource.com/942384 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Mattias Nissler <mnissler@chromium.org> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/153eb2ac60cef3b644b8abe41bca9a8845149559/cryptohome/fake_le_credential_backend.h [modify] https://crrev.com/153eb2ac60cef3b644b8abe41bca9a8845149559/cryptohome/le_credential_backend.h [modify] https://crrev.com/153eb2ac60cef3b644b8abe41bca9a8845149559/cryptohome/tpm2_impl.h
,
Mar 2 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/22c3d29b97607157d3aa4077b812ddf66f5d3783 commit 22c3d29b97607157d3aa4077b812ddf66f5d3783 Author: Prashant Malani <pmalani@google.com> Date: Fri Mar 02 03:13:38 2018 cryptohome: Minor cleanup in LECredentialManager unittest This patch removes some setup code in the BasicInsertRemove test which is no longer required. BUG= chromium:794010 TEST=cros_run_unit_tests passes on eve. Change-Id: Iaac462feee7f25a3c6f2e7225a23a7dd715d8b1a Reviewed-on: https://chromium-review.googlesource.com/944103 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/22c3d29b97607157d3aa4077b812ddf66f5d3783/cryptohome/le_credential_manager_unittest.cc
,
Mar 6 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/6719bdf3edef357c1a81e8ed48728b68e0ec0431 commit 6719bdf3edef357c1a81e8ed48728b68e0ec0431 Author: Allen Webb <allenwebb@google.com> Date: Tue Mar 06 02:34:40 2018 Cr50: Add LLSR (long long shift right) support. Cr50 lacks native instructions for 64-bit integers and an ABI function can be used by the compiler to take the place of the needed instructions. This CL adds support for a right bitwise shift of 64-bit integers. BRANCH=none BUG= chromium:794010 TEST=Set CONFIG_LLSR_TEST, build, update cr50, and run llsrtest on the console. Change-Id: Iae66c86720c531454ba29f15b3cc6a07959f5ef2 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/931932 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> [modify] https://crrev.com/6719bdf3edef357c1a81e8ed48728b68e0ec0431/core/cortex-m/build.mk [add] https://crrev.com/6719bdf3edef357c1a81e8ed48728b68e0ec0431/core/cortex-m/llsr.c [modify] https://crrev.com/6719bdf3edef357c1a81e8ed48728b68e0ec0431/include/config.h
,
Mar 7 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/511629baa0a6dec75a5fd8f44b5ba43b0e8ed10d commit 511629baa0a6dec75a5fd8f44b5ba43b0e8ed10d Author: Allen Webb <allenwebb@google.com> Date: Wed Mar 07 22:26:08 2018 Cr50: Add LLSR (long long shift right) support. Cr50 lacks native instructions for 64-bit integers and an ABI function can be used by the compiler to take the place of the needed instructions. This CL adds support for a right bitwise shift of 64-bit integers. BRANCH=none BUG= chromium:794010 TEST=Set CONFIG_LLSR_TEST, build, update cr50, and run llsrtest on the console. Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/931932 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit 6719bdf3edef357c1a81e8ed48728b68e0ec0431) Change-Id: Iae66c86720c531454ba29f15b3cc6a07959f5ef2 Reviewed-on: https://chromium-review.googlesource.com/953782 Reviewed-by: Furquan Shaikh <furquan@chromium.org> Reviewed-by: Allen Webb <allenwebb@google.com> Commit-Queue: Furquan Shaikh <furquan@chromium.org> Tested-by: Furquan Shaikh <furquan@chromium.org> Trybot-Ready: Furquan Shaikh <furquan@chromium.org> [modify] https://crrev.com/511629baa0a6dec75a5fd8f44b5ba43b0e8ed10d/core/cortex-m/build.mk [add] https://crrev.com/511629baa0a6dec75a5fd8f44b5ba43b0e8ed10d/core/cortex-m/llsr.c [modify] https://crrev.com/511629baa0a6dec75a5fd8f44b5ba43b0e8ed10d/include/config.h
,
Mar 8 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/e36493690ca81d64d2cea131c50e2a8a025860df commit e36493690ca81d64d2cea131c50e2a8a025860df Author: Prashant Malani <pmalani@google.com> Date: Thu Mar 08 03:47:02 2018 cryptohome: Add ResetCredential for LECredentialManager Add functionality to reset a potentially locked out Low Entropy credential. This CL also adds a unit test, and adds the corresponding stub for TPM2. BUG=chromium:809723, chromium:794010 TEST=cros_run_unit_tests passes on eve. Change-Id: Iba126e1b7bf69463538a130ccb6058d7a3d90ba7 Reviewed-on: https://chromium-review.googlesource.com/941604 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Prashant Malani <pmalani@google.com> [modify] https://crrev.com/e36493690ca81d64d2cea131c50e2a8a025860df/cryptohome/fake_le_credential_backend.cc [modify] https://crrev.com/e36493690ca81d64d2cea131c50e2a8a025860df/cryptohome/tpm2_impl.cc [modify] https://crrev.com/e36493690ca81d64d2cea131c50e2a8a025860df/cryptohome/le_credential_backend.h [modify] https://crrev.com/e36493690ca81d64d2cea131c50e2a8a025860df/cryptohome/tpm2_impl.h [modify] https://crrev.com/e36493690ca81d64d2cea131c50e2a8a025860df/cryptohome/le_credential_manager_unittest.cc [modify] https://crrev.com/e36493690ca81d64d2cea131c50e2a8a025860df/cryptohome/le_credential_manager.cc [modify] https://crrev.com/e36493690ca81d64d2cea131c50e2a8a025860df/cryptohome/fake_le_credential_backend.h [modify] https://crrev.com/e36493690ca81d64d2cea131c50e2a8a025860df/cryptohome/le_credential_manager.h
,
Mar 18 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/4f6af78e1aa75696e53c496be5ffbc5d0f706ade commit 4f6af78e1aa75696e53c496be5ffbc5d0f706ade Author: Prashant Malani <pmalani@google.com> Date: Sun Mar 18 06:41:45 2018 cryptohome: Add README for LE Credentials BUG= chromium:794010 TEST=None Change-Id: I9c9d6af93bf5b4b565ca34b68b963225b137a55b Reviewed-on: https://chromium-review.googlesource.com/961723 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org> [add] https://crrev.com/4f6af78e1aa75696e53c496be5ffbc5d0f706ade/cryptohome/README.le_credentials.md
,
Mar 19 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/79adbe8d41d8065858bb6f2597236cde34938fcf commit 79adbe8d41d8065858bb6f2597236cde34938fcf Author: Allen Webb <allenwebb@google.com> Date: Mon Mar 19 22:04:13 2018 Cr50: Add LLSR (long long shift right) support. Cr50 lacks native instructions for 64-bit integers and an ABI function can be used by the compiler to take the place of the needed instructions. This CL adds support for a right bitwise shift of 64-bit integers. BRANCH=none BUG= chromium:794010 TEST=Set CONFIG_LLSR_TEST, build, update cr50, and run llsrtest on the console. Change-Id: Iae66c86720c531454ba29f15b3cc6a07959f5ef2 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/931932 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit 6719bdf3edef357c1a81e8ed48728b68e0ec0431) Reviewed-on: https://chromium-review.googlesource.com/969632 Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Bendebury <vbendeb@chromium.org> [modify] https://crrev.com/79adbe8d41d8065858bb6f2597236cde34938fcf/core/cortex-m/build.mk [add] https://crrev.com/79adbe8d41d8065858bb6f2597236cde34938fcf/core/cortex-m/llsr.c [modify] https://crrev.com/79adbe8d41d8065858bb6f2597236cde34938fcf/include/config.h
,
Mar 28 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/74db158d7a44d9c667d4f948636c6e85e653a453 commit 74db158d7a44d9c667d4f948636c6e85e653a453 Author: Prashant Malani <pmalani@google.com> Date: Wed Mar 28 01:01:46 2018 cryptohome: Generate reset seed for Credentials This patch generates a reset seed in a VaultKeyset. This reset seed is then used to generate a reset secret which can be used to unlock a Low Entropy (LE) credential that has been locked out. The reset seed is generated as follows: During Homedirs::AddKeyset() we check if the existing VaultKeyset has a wrapped_reset_seed(). If it doesn't, we generate a random 32-byte reset seed in the VaultKeyset, and then re-encrypt the same credential, so that it is persisted to disk, and made part of the SerializedVaultKeyset. If a reset seed is already present, we don't do anything. The rest of the AddKeyset() function proceeds as before. The reset_seed will then be used by EncryptLECredential() to generate a reset_secret with which the LE credential is stored. BUG= chromium:794010 ,chromium:809723 TEST=cros_run_unit_tests passes. Change-Id: I2bd025ef672294381cc7baf7503caaddb2bd68d7 Reviewed-on: https://chromium-review.googlesource.com/955283 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/74db158d7a44d9c667d4f948636c6e85e653a453/cryptohome/vault_keyset.h [modify] https://crrev.com/74db158d7a44d9c667d4f948636c6e85e653a453/cryptohome/mount.cc [modify] https://crrev.com/74db158d7a44d9c667d4f948636c6e85e653a453/cryptohome/vault_keyset.proto [modify] https://crrev.com/74db158d7a44d9c667d4f948636c6e85e653a453/cryptohome/vault_keyset.cc [modify] https://crrev.com/74db158d7a44d9c667d4f948636c6e85e653a453/cryptohome/crypto.h [modify] https://crrev.com/74db158d7a44d9c667d4f948636c6e85e653a453/cryptohome/crypto.cc [modify] https://crrev.com/74db158d7a44d9c667d4f948636c6e85e653a453/cryptohome/homedirs_unittest.cc [modify] https://crrev.com/74db158d7a44d9c667d4f948636c6e85e653a453/cryptohome/cryptohome_common.h [modify] https://crrev.com/74db158d7a44d9c667d4f948636c6e85e653a453/cryptohome/homedirs.cc
,
Apr 4 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/64fccc22f651ffab9c0ef0e20519e00b254962a4 commit 64fccc22f651ffab9c0ef0e20519e00b254962a4 Author: Prashant Malani <pmalani@google.com> Date: Wed Apr 04 04:40:55 2018 cryptohome: Hook up Crypto class to LECredentialManager This patch connects the Crypto stub functions for Low Entropy (LE) credential encryption and decryption to the LECredentialManager. It also adds the following fields to SerializedVaultKeyset: - le_label: Used tostore the label returned by LECredentialManager on a successful insert. - le_fek_iv, le_chaps_iv: Randomly generated IVs used to perform AES encryption of the chaps key and FEKs - reset_salt: Randomly generated salt used to generate the reset secret from the VaultKeyset's reset seed. BUG= chromium:794010 ,chromium:809713,chromium:809718 TEST=1. cros_run_unit_tests pass. 2. cryptohome --action=add_key_ex --key_policy=le --user=<user> --new_key_label=<label> succeeds. 3. cryptohome --action=mount_ex --user=<user> succeeds. 4. cryptohome --action=get_supported_key_policies succeeds and reports "low_entropy_credentials: true" NOTE: The CLI tests are run with a stub implementation. Change-Id: Ife201740e1bc3f3e97e6e2b7274d3f73eb21e13f Reviewed-on: https://chromium-review.googlesource.com/947843 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/64fccc22f651ffab9c0ef0e20519e00b254962a4/cryptohome/cryptohome-libs.gypi [modify] https://crrev.com/64fccc22f651ffab9c0ef0e20519e00b254962a4/cryptohome/le_credential_manager_unittest.cc [modify] https://crrev.com/64fccc22f651ffab9c0ef0e20519e00b254962a4/cryptohome/mount.cc [modify] https://crrev.com/64fccc22f651ffab9c0ef0e20519e00b254962a4/cryptohome/vault_keyset.proto [modify] https://crrev.com/64fccc22f651ffab9c0ef0e20519e00b254962a4/cryptohome/le_credential_manager.cc [modify] https://crrev.com/64fccc22f651ffab9c0ef0e20519e00b254962a4/cryptohome/crypto.cc [modify] https://crrev.com/64fccc22f651ffab9c0ef0e20519e00b254962a4/cryptohome/service_unittest.cc [modify] https://crrev.com/64fccc22f651ffab9c0ef0e20519e00b254962a4/cryptohome/crypto.h [modify] https://crrev.com/64fccc22f651ffab9c0ef0e20519e00b254962a4/cryptohome/service.cc
,
May 25 2018
Issue 767616 has been merged into this issue.
,
May 30 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/151b20313da6362cd754f967256ee2a2c6c6f040 commit 151b20313da6362cd754f967256ee2a2c6c6f040 Author: Prashant Malani <pmalani@google.com> Date: Wed May 30 00:15:26 2018 cryptohome: Split LE hash cache To facilitate a clean Log replay functionality in the case of the on-disk Low Entropy (LE) credentials state being out of sync with Cr50, this CL splits the HashCache into two parts: - LeafCache: A memory mapped persistent file which stores the MAC values for all leaf labels. - InnerHashArray: An in-memory array storing the hash values of all inner nodes of the Hash Tree. This way, the InnerHashArray will always be generated from the LeafCache on the first operation (or during LE initialization after boot). If any discrepancies are there, we will know for sure that the LeafCache (and concordantly, our on-disk tree state) is erroneous and we can begin a recovery operation to fix it. BUG= chromium:794010 , chromium:809710 TEST=cryptohome unit tests pass. Change-Id: I3678d41268c4789e88fd2b44e838b2d001c154af Reviewed-on: https://chromium-review.googlesource.com/1069838 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Prashant Malani <pmalani@google.com> [modify] https://crrev.com/151b20313da6362cd754f967256ee2a2c6c6f040/cryptohome/sign_in_hash_tree.cc [modify] https://crrev.com/151b20313da6362cd754f967256ee2a2c6c6f040/cryptohome/sign_in_hash_tree.h [modify] https://crrev.com/151b20313da6362cd754f967256ee2a2c6c6f040/cryptohome/sign_in_hash_tree_unittest.cc
,
May 31 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/837ae443219b274c8f452e16d109432a0a674bcc commit 837ae443219b274c8f452e16d109432a0a674bcc Author: Allen Webb <allenwebb@google.com> Date: Thu May 31 00:48:21 2018 Cr50: Add LLSR (long long shift right) support. Cr50 lacks native instructions for 64-bit integers and an ABI function can be used by the compiler to take the place of the needed instructions. This CL adds support for a right bitwise shift of 64-bit integers. BRANCH=none BUG= chromium:794010 TEST=Set CONFIG_LLSR_TEST, build, update cr50, and run llsrtest on the console. Change-Id: Iae66c86720c531454ba29f15b3cc6a07959f5ef2 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/931932 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit 6719bdf3edef357c1a81e8ed48728b68e0ec0431) Reviewed-on: https://chromium-review.googlesource.com/969632 Commit-Queue: Vadim Bendebury <vbendeb@chromium.org> Tested-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit 79adbe8d41d8065858bb6f2597236cde34938fcf) Reviewed-on: https://chromium-review.googlesource.com/1080240 [modify] https://crrev.com/837ae443219b274c8f452e16d109432a0a674bcc/core/cortex-m/build.mk [add] https://crrev.com/837ae443219b274c8f452e16d109432a0a674bcc/core/cortex-m/llsr.c [modify] https://crrev.com/837ae443219b274c8f452e16d109432a0a674bcc/include/config.h
,
Jun 5 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/70676f6a4884206721c017d8fa22db87d758ee37 commit 70676f6a4884206721c017d8fa22db87d758ee37 Author: Prashant Malani <pmalani@google.com> Date: Tue Jun 05 19:06:59 2018 cryptohome: Split LE hash cache To facilitate a clean Log replay functionality in the case of the on-disk Low Entropy (LE) credentials state being out of sync with Cr50, this CL splits the HashCache into two parts: - LeafCache: A memory mapped persistent file which stores the MAC values for all leaf labels. - InnerHashArray: An in-memory array storing the hash values of all inner nodes of the Hash Tree. This way, the InnerHashArray will always be generated from the LeafCache on the first operation (or during LE initialization after boot). If any discrepancies are there, we will know for sure that the LeafCache (and concordantly, our on-disk tree state) is erroneous and we can begin a recovery operation to fix it. BUG= chromium:794010 , chromium:809710 TEST=cryptohome unit tests pass. Change-Id: I3678d41268c4789e88fd2b44e838b2d001c154af Reviewed-on: https://chromium-review.googlesource.com/1069838 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Prashant Malani <pmalani@google.com> (cherry picked from commit 151b20313da6362cd754f967256ee2a2c6c6f040) Reviewed-on: https://chromium-review.googlesource.com/1081029 Reviewed-by: Mattias Nissler <mnissler@chromium.org> Commit-Queue: Prashant Malani <pmalani@google.com> Trybot-Ready: Prashant Malani <pmalani@google.com> [modify] https://crrev.com/70676f6a4884206721c017d8fa22db87d758ee37/cryptohome/sign_in_hash_tree.cc [modify] https://crrev.com/70676f6a4884206721c017d8fa22db87d758ee37/cryptohome/sign_in_hash_tree.h [modify] https://crrev.com/70676f6a4884206721c017d8fa22db87d758ee37/cryptohome/sign_in_hash_tree_unittest.cc
,
Jun 7 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/59336008f63e0a3f0fc05d3cb9b940af3ff33066 commit 59336008f63e0a3f0fc05d3cb9b940af3ff33066 Author: Prashant Malani <pmalani@google.com> Date: Thu Jun 07 20:11:42 2018 cryptohome: Wire up Pinweaver root hash to LECredentialManager The Pinweaver LE credential backend reports the current root hash after every operation. This value is useful to keep track of in cryptohome. So, we modify the LECredentialBackend interface to also receive the new root hash reported by the LE Backend. This CL also updates the fake LE backend to return the most recent root hash. BUG=chromium:809710, chromium:794010 TEST=cros_run_unit_tests Change-Id: Ie8f5c566dbeaf6d6176ab21023d823655897c8d7 Reviewed-on: https://chromium-review.googlesource.com/1085867 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Mattias Nissler <mnissler@chromium.org> [modify] https://crrev.com/59336008f63e0a3f0fc05d3cb9b940af3ff33066/cryptohome/fake_le_credential_backend.cc [modify] https://crrev.com/59336008f63e0a3f0fc05d3cb9b940af3ff33066/cryptohome/pinweaver_le_credential_backend.cc [modify] https://crrev.com/59336008f63e0a3f0fc05d3cb9b940af3ff33066/cryptohome/le_credential_backend.h [modify] https://crrev.com/59336008f63e0a3f0fc05d3cb9b940af3ff33066/cryptohome/le_credential_manager.cc [modify] https://crrev.com/59336008f63e0a3f0fc05d3cb9b940af3ff33066/cryptohome/fake_le_credential_backend.h [modify] https://crrev.com/59336008f63e0a3f0fc05d3cb9b940af3ff33066/cryptohome/le_credential_manager.h [modify] https://crrev.com/59336008f63e0a3f0fc05d3cb9b940af3ff33066/cryptohome/pinweaver_le_credential_backend.h
,
Jun 9 2018
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/a8fc6e1701c1df200c35cd1eb97c748919e464a9 commit a8fc6e1701c1df200c35cd1eb97c748919e464a9 Author: Prashant Malani <pmalani@google.com> Date: Sat Jun 09 09:19:26 2018 cryptohome: LE Credential sync - Part 1 This is the first of a two-part change to add support for Log Replay functionality for Low Entropy (LE) credentials when the on-disk state and LE Backend state have gone out of sync. This CL adds support to verify the hash cache state, and possibly rebuild it if it's detected to be stale. This functionality is added in the Sync() function of LECredentialManager(). It is expected that Sync() will be called before every LECredentialManager public operation. BUG=chromium:809710, chromium:794010 TEST=1. cros_run_unit_tests 2. Run following operations on eve (with a PinWeaver Cr50) a. Create an LE Credential. b. Check LE credential. c. Corrupt the leafcache using hexedit and then reboot. d. Make sure we can perform further LE operations, including checking the same LE credential, and removing it. Change-Id: Iab5844dfb10f3e880d6b4fbd1160af245d206963 Reviewed-on: https://chromium-review.googlesource.com/1056400 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Prashant Malani <pmalani@google.com> [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/sign_in_hash_tree.h [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/fake_le_credential_backend.cc [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/pinweaver_le_credential_backend.cc [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/le_credential_backend.h [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/le_credential_manager_unittest.cc [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/le_credential_manager.cc [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/fake_le_credential_backend.h [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/le_credential_manager.h [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/sign_in_hash_tree.cc [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/sign_in_hash_tree_unittest.cc [modify] https://crrev.com/a8fc6e1701c1df200c35cd1eb97c748919e464a9/cryptohome/pinweaver_le_credential_backend.h
,
Jul 19
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/b279f950844c8ceb4fcd4bb5df063bf95926b0cf commit b279f950844c8ceb4fcd4bb5df063bf95926b0cf Author: Prashant Malani <pmalani@google.com> Date: Thu Jul 19 22:49:09 2018 cryptohome: Wire up Pinweaver root hash to LECredentialManager The Pinweaver LE credential backend reports the current root hash after every operation. This value is useful to keep track of in cryptohome. So, we modify the LECredentialBackend interface to also receive the new root hash reported by the LE Backend. This CL also updates the fake LE backend to return the most recent root hash. BUG=chromium:809710, chromium:794010 , chromium:865252 TEST=cros_run_unit_tests Reviewed-on: https://chromium-review.googlesource.com/1085867 Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Mattias Nissler <mnissler@chromium.org> Change-Id: Ie8f5c566dbeaf6d6176ab21023d823655897c8d7 Reviewed-on: https://chromium-review.googlesource.com/1143007 Reviewed-by: Prashant Malani <pmalani@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/b279f950844c8ceb4fcd4bb5df063bf95926b0cf/cryptohome/fake_le_credential_backend.cc [modify] https://crrev.com/b279f950844c8ceb4fcd4bb5df063bf95926b0cf/cryptohome/pinweaver_le_credential_backend.cc [modify] https://crrev.com/b279f950844c8ceb4fcd4bb5df063bf95926b0cf/cryptohome/le_credential_backend.h [modify] https://crrev.com/b279f950844c8ceb4fcd4bb5df063bf95926b0cf/cryptohome/le_credential_manager.cc [modify] https://crrev.com/b279f950844c8ceb4fcd4bb5df063bf95926b0cf/cryptohome/fake_le_credential_backend.h [modify] https://crrev.com/b279f950844c8ceb4fcd4bb5df063bf95926b0cf/cryptohome/le_credential_manager.h [modify] https://crrev.com/b279f950844c8ceb4fcd4bb5df063bf95926b0cf/cryptohome/pinweaver_le_credential_backend.h
,
Jul 19
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform2/+/e52c7e941120c0914007702f17a544820c3531a8 commit e52c7e941120c0914007702f17a544820c3531a8 Author: Prashant Malani <pmalani@google.com> Date: Thu Jul 19 22:49:10 2018 cryptohome: LE Credential sync - Part 1 This is the first of a two-part change to add support for Log Replay functionality for Low Entropy (LE) credentials when the on-disk state and LE Backend state have gone out of sync. This CL adds support to verify the hash cache state, and possibly rebuild it if it's detected to be stale. This functionality is added in the Sync() function of LECredentialManager(). It is expected that Sync() will be called before every LECredentialManager public operation. BUG=chromium:809710, chromium:794010 , chromium:865252 TEST=1. cros_run_unit_tests 2. Run following operations on eve (with a PinWeaver Cr50) a. Create an LE Credential. b. Check LE credential. c. Corrupt the leafcache using hexedit and then reboot. d. Make sure we can perform further LE operations, including checking the same LE credential, and removing it. Reviewed-on: https://chromium-review.googlesource.com/1056400 Commit-Ready: Prashant Malani <pmalani@google.com> Tested-by: Prashant Malani <pmalani@google.com> Reviewed-by: Prashant Malani <pmalani@google.com> Change-Id: Iab5844dfb10f3e880d6b4fbd1160af245d206963 Reviewed-on: https://chromium-review.googlesource.com/1143008 Reviewed-by: Allen Webb <allenwebb@google.com> Reviewed-by: Andrey Pronin <apronin@chromium.org> Tested-by: Andrey Pronin <apronin@chromium.org> Commit-Queue: Andrey Pronin <apronin@chromium.org> [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/sign_in_hash_tree.h [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/fake_le_credential_backend.cc [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/pinweaver_le_credential_backend.cc [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/le_credential_backend.h [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/le_credential_manager_unittest.cc [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/le_credential_manager.cc [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/fake_le_credential_backend.h [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/le_credential_manager.h [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/sign_in_hash_tree.cc [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/sign_in_hash_tree_unittest.cc [modify] https://crrev.com/e52c7e941120c0914007702f17a544820c3531a8/cryptohome/pinweaver_le_credential_backend.h
,
Jul 30
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/overlays/chromiumos-overlay/+/26ca0dfb6129ea2fe91fdf5a9cfdb8e259eca608 commit 26ca0dfb6129ea2fe91fdf5a9cfdb8e259eca608 Author: Allen Webb <allenwebb@google.com> Date: Mon Jul 30 19:25:30 2018 autotest-tests-cryptohome: added platform_CryptohomeLECredentialManager This adds autotests to verify the functionality of le_credential_manager across reboots. CQ-DEPEND=CL:1145834 BUG= chromium:794010 TEST=test_that -b ${BOARD} ${TEST_HOST} platform_CryptohomeLECredentialManagerServer Change-Id: Idbf7af5db5516d4f97202db74006f7eb47702707 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1145835 Reviewed-by: Mike Frysinger <vapier@chromium.org> [modify] https://crrev.com/26ca0dfb6129ea2fe91fdf5a9cfdb8e259eca608/chromeos-base/autotest-tests-cryptohome/autotest-tests-cryptohome-9999.ebuild
,
Jul 30
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/third_party/autotest/+/8b4eb625f8711f7fbd83348dec4fed98b101e532 commit 8b4eb625f8711f7fbd83348dec4fed98b101e532 Author: Allen Webb <allenwebb@google.com> Date: Mon Jul 30 19:25:30 2018 platform_CryptohomeLECredentialManager: Add new tests. This adds autotests to verify the functionality of le_credential_manager across reboots. BUG= chromium:794010 TEST=test_that -b ${BOARD} ${TEST_HOST} platform_CryptohomeLECredentialManagerServer Change-Id: I8dbfee0d4cc8279a8803b120b9a0703dce6ab30e Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/1145834 Reviewed-by: Andrey Pronin <apronin@chromium.org> [add] https://crrev.com/8b4eb625f8711f7fbd83348dec4fed98b101e532/client/site_tests/platform_CryptohomeLECredentialManager/control [modify] https://crrev.com/8b4eb625f8711f7fbd83348dec4fed98b101e532/client/cros/cryptohome.py [add] https://crrev.com/8b4eb625f8711f7fbd83348dec4fed98b101e532/server/site_tests/platform_CryptohomeLECredentialManagerServer/platform_CryptohomeLECredentialManagerServer.py [modify] https://crrev.com/8b4eb625f8711f7fbd83348dec4fed98b101e532/client/common_lib/cros/pinweaver_client.py [add] https://crrev.com/8b4eb625f8711f7fbd83348dec4fed98b101e532/server/site_tests/platform_CryptohomeLECredentialManagerServer/control [add] https://crrev.com/8b4eb625f8711f7fbd83348dec4fed98b101e532/client/site_tests/platform_CryptohomeLECredentialManager/platform_CryptohomeLECredentialManager.py
,
Sep 10
,
Sep 10
Closing this bug, as there is nothing blocking anymore.
,
Nov 17
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/69647e8792c86308c4a526ec1aaf10228aab933f commit 69647e8792c86308c4a526ec1aaf10228aab933f Author: Allen Webb <allenwebb@google.com> Date: Sat Nov 17 02:12:42 2018 Cr50: Add LLSR (long long shift right) support. Cr50 lacks native instructions for 64-bit integers and an ABI function can be used by the compiler to take the place of the needed instructions. This CL adds support for a right bitwise shift of 64-bit integers. BRANCH=none BUG= chromium:794010 TEST=Set CONFIG_LLSR_TEST, build, update cr50, and run llsrtest on the console. Change-Id: Iae66c86720c531454ba29f15b3cc6a07959f5ef2 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/931932 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit 6719bdf3edef357c1a81e8ed48728b68e0ec0431) Reviewed-on: https://chromium-review.googlesource.com/c/1341160 Reviewed-by: Philip Chen <philipchen@chromium.org> Commit-Queue: Philip Chen <philipchen@chromium.org> Tested-by: Philip Chen <philipchen@chromium.org> Trybot-Ready: Philip Chen <philipchen@chromium.org> [modify] https://crrev.com/69647e8792c86308c4a526ec1aaf10228aab933f/core/cortex-m/build.mk [add] https://crrev.com/69647e8792c86308c4a526ec1aaf10228aab933f/core/cortex-m/llsr.c [modify] https://crrev.com/69647e8792c86308c4a526ec1aaf10228aab933f/include/config.h
,
Jan 3
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/ec/+/ba7df64386d00289f2852954c64aea639afaa512 commit ba7df64386d00289f2852954c64aea639afaa512 Author: Allen Webb <allenwebb@google.com> Date: Thu Jan 03 13:40:57 2019 Cr50: Add LLSR (long long shift right) support. Cr50 lacks native instructions for 64-bit integers and an ABI function can be used by the compiler to take the place of the needed instructions. This CL adds support for a right bitwise shift of 64-bit integers. BRANCH=none BUG= chromium:794010 TEST=Set CONFIG_LLSR_TEST, build, update cr50, and run llsrtest on the console. Change-Id: Iae66c86720c531454ba29f15b3cc6a07959f5ef2 Signed-off-by: Allen Webb <allenwebb@google.com> Reviewed-on: https://chromium-review.googlesource.com/931932 Reviewed-by: Vadim Bendebury <vbendeb@chromium.org> (cherry picked from commit 6719bdf3edef357c1a81e8ed48728b68e0ec0431) Reviewed-on: https://chromium-review.googlesource.com/c/1394605 Reviewed-by: Cheng-Han Yang <chenghan@chromium.org> Commit-Queue: Cheng-Han Yang <chenghan@chromium.org> Tested-by: Cheng-Han Yang <chenghan@chromium.org> [modify] https://crrev.com/ba7df64386d00289f2852954c64aea639afaa512/core/cortex-m/build.mk [add] https://crrev.com/ba7df64386d00289f2852954c64aea639afaa512/core/cortex-m/llsr.c [modify] https://crrev.com/ba7df64386d00289f2852954c64aea639afaa512/include/config.h |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by bugdroid1@chromium.org
, Feb 1 2018