diff options
author | Louis Collard <louiscollard@chromium.org> | 2019-05-02 16:51:43 +0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-02-25 16:57:44 +0000 |
commit | 59c76a03669cad7a3cfc3c03feba5ea1d02f1347 (patch) | |
tree | 59d5e30e411bba4127a670a93cc078cbdebacbea | |
parent | 59eb75eda66ee16c5c7f8b26634ed50f2a2f82f3 (diff) | |
download | chrome-ec-59c76a03669cad7a3cfc3c03feba5ea1d02f1347.tar.gz |
g: Force word writes for k during ECDSA sign
Functions that take p256_int* parameters may
use byte writes when writing to those parameters.
When writing to DMEM_ecc, we must use word writes;
this change ensures that happens.
BUG=b:131807777
TEST=build and flash to soraka locally,
ensure k is populated successfully
BRANCH=none
Change-Id: I49462b10aa1203fe875417e9526f06b2efc068fb
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1592990
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
(cherry picked from commit dfad1da08151579ef7692e1f860c1cfb480ea24e)
Change-Id: I1bb1191ed512e8e9cd283dbf2ac14e8787a1bcb4
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2510894
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
(cherry picked from commit f21876f73f0dc258522b108fafb4597e7460db55)
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2718416
-rw-r--r-- | chip/g/dcrypto/dcrypto_p256.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/chip/g/dcrypto/dcrypto_p256.c b/chip/g/dcrypto/dcrypto_p256.c index 04b029aacf..7a0f653589 100644 --- a/chip/g/dcrypto/dcrypto_p256.c +++ b/chip/g/dcrypto/dcrypto_p256.c @@ -800,6 +800,13 @@ int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, int i, result; struct DMEM_ecc *pEcc = (struct DMEM_ecc *) GREG32_ADDR(CRYPTO, DMEM_DUMMY); + /* + * We can't allow other functions to write directly into DMEM_ecc, + * as p256_int is a packed struct so those functions may perform + * byte (as opposed to word) writes (in case the ptr operand is + * unaligned), which are not compatible with the peripheral. + */ + p256_int rnd, k; dcrypto_init_and_lock(); dcrypto_ecc_init(); @@ -807,14 +814,16 @@ int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, /* Pick uniform 0 < k < R */ do { - hmac_drbg_generate_p256(drbg, &pEcc->rnd); - } while (p256_cmp(&SECP256r1_nMin2, &pEcc->rnd) < 0); + hmac_drbg_generate_p256(drbg, &rnd); + } while (p256_cmp(&SECP256r1_nMin2, &rnd) < 0); drbg_exit(drbg); - p256_add_d(&pEcc->rnd, 1, &pEcc->k); + p256_add_d(&rnd, 1, &k); + + cp8w(&pEcc->k, &k); for (i = 0; i < 8; ++i) - pEcc->rnd.a[i] = rand(); + rnd.a[i] = k.a[i] = pEcc->rnd.a[i] = rand(); cp8w(&pEcc->msg, message); cp8w(&pEcc->d, key); |