diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-23 18:00:14 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-09-24 20:22:45 +0000 |
commit | 24c5d1beb44ad229e962a9178e98468b8fe9705f (patch) | |
tree | 5dae3e140d140ed30e4e7d3e3da24d54a5b96766 | |
parent | 5044b81a4c797a058a21e95349437f04ab33e2ed (diff) | |
download | chrome-ec-24c5d1beb44ad229e962a9178e98468b8fe9705f.tar.gz |
cr50: Fix sign comparison warnings (-Wsign-compare)
For crypto code we care about possible concerns during review, so add
more strict warnings. Fix all uses int to uint32_t/size_t comparisons,
make consistent use of size_t vs. uint32_t in crypto code.
Update test/tpm_test/bn_test.c to compile for checking big number
functions correctness.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
TCG tests:
---------------------- Test Result Summary -----------------------------
Test executed on: Thu Sep 23 17:45:19 2021
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
========================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I47e5de3d180d3aebb13b3feef4c1da87c9f6a174
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3180279
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
-rw-r--r-- | board/cr50/build.mk | 3 | ||||
-rw-r--r-- | board/cr50/dcrypto/aes.c | 6 | ||||
-rw-r--r-- | board/cr50/dcrypto/bn.c | 80 | ||||
-rw-r--r-- | board/cr50/dcrypto/dcrypto.h | 20 | ||||
-rw-r--r-- | board/cr50/dcrypto/dcrypto_bn.c | 6 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips_rand.c | 4 | ||||
-rw-r--r-- | board/cr50/dcrypto/gcm.c | 4 | ||||
-rw-r--r-- | board/cr50/dcrypto/internal.h | 21 | ||||
-rw-r--r-- | board/cr50/dcrypto/key_ladder.c | 4 | ||||
-rw-r--r-- | board/cr50/dcrypto/rsa.c | 78 | ||||
-rw-r--r-- | board/cr50/dcrypto/trng.c | 4 | ||||
-rw-r--r-- | board/cr50/dcrypto/util.c | 2 | ||||
-rw-r--r-- | board/cr50/dcrypto/x509.c | 2 | ||||
-rw-r--r-- | test/tpm_test/Makefile | 6 | ||||
-rw-r--r-- | test/tpm_test/bn_test.c | 25 |
15 files changed, 143 insertions, 122 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index 61582ed26c..a6abbe2fed 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -175,7 +175,8 @@ RW_BD_OUT=$(out)/RW/$(BDIR) FIPS_MODULE=dcrypto/fips_module.o FIPS_LD_SCRIPT=$(BDIR)/dcrypto/fips_module.ld RW_FIPS_OBJS=$(patsubst %.o, $(RW_BD_OUT)/%.o, $(fips-y)) -$(RW_FIPS_OBJS): CFLAGS += -frandom-seed=0 -fno-fat-lto-objects +$(RW_FIPS_OBJS): CFLAGS += -frandom-seed=0 -fno-fat-lto-objects -Wswitch\ + -Wsign-compare -Wuninitialized # Note, since FIPS object files are compiled with lto, actual compilation # and code optimization take place during link time. diff --git a/board/cr50/dcrypto/aes.c b/board/cr50/dcrypto/aes.c index b1b8021728..327ce67257 100644 --- a/board/cr50/dcrypto/aes.c +++ b/board/cr50/dcrypto/aes.c @@ -38,10 +38,10 @@ static int wait_read_data(volatile uint32_t *addr) return empty ? 0 : 1; } -int DCRYPTO_aes_init(const uint8_t *key, uint32_t key_len, const uint8_t *iv, +int DCRYPTO_aes_init(const uint8_t *key, size_t key_len, const uint8_t *iv, enum cipher_mode c_mode, enum encrypt_mode e_mode) { - int i; + size_t i; const struct access_helper *p; uint32_t key_mode; @@ -166,7 +166,7 @@ int DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key, uint32_t key_bits, uint32_t tmpout[4]; const uint8_t *inp; uint8_t *outp; - const size_t count = MIN(in_len, 16); + const size_t count = MIN(in_len, 16U); if (count < 16) { memcpy(tmpin, in, count); diff --git a/board/cr50/dcrypto/bn.c b/board/cr50/dcrypto/bn.c index 4fecca8295..aa676abb78 100644 --- a/board/cr50/dcrypto/bn.c +++ b/board/cr50/dcrypto/bn.c @@ -11,8 +11,6 @@ #include "fips.h" #include "internal.h" -#include "trng.h" - void bn_init(struct LITE_BIGNUM *b, void *buf, size_t len) { DCRYPTO_bn_wrap(b, buf, len); @@ -35,18 +33,20 @@ int bn_eq(const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b) { int i; uint32_t top = 0; + const int a_dmax = (const int)a->dmax; + const int b_dmax = (const int)b->dmax; - for (i = a->dmax - 1; i > b->dmax - 1; --i) + for (i = a_dmax - 1; i > b_dmax - 1; --i) top |= BN_DIGIT(a, i); if (top) return 0; - for (i = b->dmax - 1; i > a->dmax - 1; --i) + for (i = b_dmax - 1; i > a_dmax - 1; --i) top |= BN_DIGIT(b, i); if (top) return 0; - for (i = MIN(a->dmax, b->dmax) - 1; i >= 0; --i) + for (i = MIN(a_dmax, b_dmax) - 1; i >= 0; --i) if (BN_DIGIT(a, i) != BN_DIGIT(b, i)) return 0; @@ -65,12 +65,9 @@ int bn_check_topbit(const struct LITE_BIGNUM *N) } /* a[n]. */ -int bn_is_bit_set(const struct LITE_BIGNUM *a, int n) +int bn_is_bit_set(const struct LITE_BIGNUM *a, size_t n) { - int i, j; - - if (n < 0) - return 0; + size_t i, j; i = n / LITE_BN_BITS2; j = n % LITE_BN_BITS2; @@ -80,20 +77,14 @@ int bn_is_bit_set(const struct LITE_BIGNUM *a, int n) return (BN_DIGIT(a, i) >> j) & 1; } -static int bn_set_bit(const struct LITE_BIGNUM *a, int n) +static void bn_set_bit(const struct LITE_BIGNUM *a, size_t n) { - int i, j; - - if (n < 0) - return 0; + size_t i, j; i = n / LITE_BN_BITS2; j = n % LITE_BN_BITS2; - if (a->dmax <= i) - return 0; - - BN_DIGIT(a, i) |= 1 << j; - return 1; + if (i < a->dmax) + BN_DIGIT(a, i) |= 1U << j; } /* a[] >= b[]. */ @@ -102,28 +93,30 @@ static int bn_gte(const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b) { int i; uint32_t top = 0; + const int a_dmax = (const int)a->dmax; + const int b_dmax = (const int)b->dmax; - for (i = a->dmax - 1; i > b->dmax - 1; --i) + for (i = a_dmax - 1; i > b_dmax - 1; --i) top |= BN_DIGIT(a, i); if (top) return 1; - for (i = b->dmax - 1; i > a->dmax - 1; --i) + for (i = b_dmax - 1; i > a_dmax - 1; --i) top |= BN_DIGIT(b, i); if (top) return 0; - for (i = MIN(a->dmax, b->dmax) - 1; + for (i = MIN(a_dmax, b_dmax) - 1; BN_DIGIT(a, i) == BN_DIGIT(b, i) && i > 0; --i) ; return BN_DIGIT(a, i) >= BN_DIGIT(b, i); } /* c[] = c[] - a[], assumes c > a. */ -uint32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a) +int32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a) { int64_t A = 0; - int i; + size_t i; for (i = 0; i < a->dmax; i++) { A += (uint64_t) BN_DIGIT(c, i) - BN_DIGIT(a, i); @@ -137,7 +130,7 @@ uint32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a) A >>= 32; } - return (uint32_t) A; /* 0 or -1. */ + return (int32_t) A; /* 0 or -1. */ } /* c[] = c[] - a[], negative numbers in 2's complement representation. */ @@ -147,7 +140,7 @@ static uint32_t bn_signed_sub(struct LITE_BIGNUM *c, int *c_neg, { uint32_t carry = 0; uint64_t A = 1; - int i; + size_t i; for (i = 0; i < a->dmax; ++i) { A += (uint64_t) BN_DIGIT(c, i) + ~BN_DIGIT(a, i); @@ -163,7 +156,7 @@ static uint32_t bn_signed_sub(struct LITE_BIGNUM *c, int *c_neg, A &= 0x01; carry = (!*c_neg && a_neg && A) || (*c_neg && !a_neg && !A); - *c_neg = carry ? *c_neg : (*c_neg + !a_neg + A) & 0x01; + *c_neg = carry ? *c_neg : (*c_neg + !a_neg + (int)A) & 0x01; return carry; } @@ -171,7 +164,7 @@ static uint32_t bn_signed_sub(struct LITE_BIGNUM *c, int *c_neg, uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a) { uint64_t A = 0; - int i; + size_t i; for (i = 0; i < a->dmax; ++i) { A += (uint64_t) BN_DIGIT(c, i) + BN_DIGIT(a, i); @@ -193,7 +186,7 @@ uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a) static uint32_t bn_signed_add(struct LITE_BIGNUM *c, int *c_neg, const struct LITE_BIGNUM *a, int a_neg) { - uint32_t A = bn_add(c, a); + int A = (int)bn_add(c, a); uint32_t carry; carry = (!*c_neg && !a_neg && A) || (*c_neg && a_neg && !A); @@ -204,7 +197,7 @@ static uint32_t bn_signed_add(struct LITE_BIGNUM *c, int *c_neg, /* r[] <<= 1. */ static uint32_t bn_lshift(struct LITE_BIGNUM *r) { - int i; + size_t i; uint32_t w; uint32_t carry = 0; @@ -219,7 +212,7 @@ static uint32_t bn_lshift(struct LITE_BIGNUM *r) /* r[] >>= 1. Handles 2's complement negative numbers. */ static void bn_rshift(struct LITE_BIGNUM *r, uint32_t carry, uint32_t neg) { - int i; + size_t i; uint32_t ones = ~0; uint32_t highbit = (!carry && neg) || (carry && !neg); @@ -235,7 +228,7 @@ static void bn_rshift(struct LITE_BIGNUM *r, uint32_t carry, uint32_t neg) BN_DIGIT(r, i) = (BN_DIGIT(r, i) >> 1) | (highbit << (LITE_BN_BITS2 - 1)); - if (ones == ~0 && highbit && neg) + if (ones == ~0U && highbit && neg) memset(r->d, 0x00, bn_size(r)); /* -1 >> 1 = 0. */ } @@ -246,7 +239,7 @@ static void bn_mont_mul_add(struct LITE_BIGNUM *c, const uint32_t a, const struct LITE_BIGNUM *N) { uint32_t A, B, d0; - int i; + size_t i; { register uint64_t tmp; @@ -285,7 +278,7 @@ static void bn_mont_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b, const uint32_t nprime, const struct LITE_BIGNUM *N) { - int i; + size_t i; for (i = 0; i < N->dmax; i++) BN_DIGIT(c, i) = 0; @@ -299,7 +292,7 @@ static void bn_mont_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a, /* TODO(ngm): constant time. */ static void bn_compute_RR(struct LITE_BIGNUM *RR, const struct LITE_BIGNUM *N) { - int i; + size_t i; bn_sub(RR, N); /* R - N = R % N since R < 2N */ @@ -457,7 +450,7 @@ int bn_modexp_blinded(struct LITE_BIGNUM *output, static uint32_t bn_mul_add(struct LITE_BIGNUM *c, uint32_t a, const struct LITE_BIGNUM *b, uint32_t offset) { - int i; + size_t i; uint64_t carry = 0; for (i = 0; i < b->dmax; i++) { @@ -474,7 +467,7 @@ static uint32_t bn_mul_add(struct LITE_BIGNUM *c, uint32_t a, void DCRYPTO_bn_mul(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b) { - int i; + size_t i; uint32_t carry = 0; memset(c->d, 0, bn_size(c)); @@ -761,7 +754,8 @@ int DCRYPTO_bn_div(struct LITE_BIGNUM *quotient, { int src_len = bn_digits(src); int div_len = bn_digits(divisor); - int i, result; + int result; + size_t i; if (src_len < div_len) return 0; @@ -883,7 +877,7 @@ int bn_modinv_vartime(struct LITE_BIGNUM *dst, const struct LITE_BIGNUM *src, */ bn_mul_ex(&tmp, &Q, q_len, pnT); } else { - int nt_len = bn_digits(pnT); + size_t nt_len = bn_digits(pnT); if (q_len < nt_len) bn_mul_ex(&tmp, &Q, q_len, pnT); @@ -1120,7 +1114,7 @@ static uint32_t bn_mod_word16(const struct LITE_BIGNUM *p, uint16_t word) int i; uint32_t rem = 0; - for (i = p->dmax - 1; i >= 0; i--) { + for (i = (int)p->dmax - 1; i >= 0; i--) { rem = ((rem << 16) | ((BN_DIGIT(p, i) >> 16) & 0xFFFFUL)) % word; rem = ((rem << 16) | (BN_DIGIT(p, i) & 0xFFFFUL)) % word; @@ -1273,8 +1267,8 @@ static void print_primes(uint16_t prime) int DCRYPTO_bn_generate_prime(struct LITE_BIGNUM *p) { - int i; - int j; + size_t i; + size_t j; /* Using a sieve size of 2048-bits results in a failure rate * of ~0.5% @ 1024-bit candidates. The failure rate rises to ~6% * if the sieve size is halved. */ diff --git a/board/cr50/dcrypto/dcrypto.h b/board/cr50/dcrypto/dcrypto.h index d7ce9ebc8c..035ce9b18c 100644 --- a/board/cr50/dcrypto/dcrypto.h +++ b/board/cr50/dcrypto/dcrypto.h @@ -56,7 +56,7 @@ enum hashing_mode { */ #define AES256_BLOCK_CIPHER_KEY_SIZE 32 -int DCRYPTO_aes_init(const uint8_t *key, uint32_t key_len, const uint8_t *iv, +int DCRYPTO_aes_init(const uint8_t *key, size_t key_len, const uint8_t *iv, enum cipher_mode c_mode, enum encrypt_mode e_mode); int DCRYPTO_aes_block(const uint8_t *in, uint8_t *out); @@ -196,7 +196,7 @@ void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len); * @param b pointer to big number * @return length in bits */ -static inline uint32_t bn_bits(const struct LITE_BIGNUM *b) +static inline size_t bn_bits(const struct LITE_BIGNUM *b) { return b->dmax * sizeof(*b->d) * 8; } @@ -249,32 +249,32 @@ enum padding_mode { /* RSA support, FIPS PUB 186-4 * * Calculate r = m ^ e mod N */ -int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len, - const uint8_t *in, uint32_t in_len, +int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, size_t *out_len, + const uint8_t *in, size_t in_len, enum padding_mode padding, enum hashing_mode hashing, const char *label); /* Calculate r = m ^ d mod N * return 0 if error */ -int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len, - const uint8_t *in, const uint32_t in_len, +int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, size_t *out_len, + const uint8_t *in, const size_t in_len, enum padding_mode padding, enum hashing_mode hashing, const char *label); /* Calculate r = m ^ d mod N * return 0 if error */ -int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len, - const uint8_t *in, const uint32_t in_len, +int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, size_t *out_len, + const uint8_t *in, const size_t in_len, enum padding_mode padding, enum hashing_mode hashing); /* Calculate r = m ^ e mod N * return 0 if error */ int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest, - uint32_t digest_len, const uint8_t *sig, - const uint32_t sig_len, enum padding_mode padding, + size_t digest_len, const uint8_t *sig, + const size_t sig_len, enum padding_mode padding, enum hashing_mode hashing); /* Calculate n = p * q, d = e ^ -1 mod phi. */ diff --git a/board/cr50/dcrypto/dcrypto_bn.c b/board/cr50/dcrypto/dcrypto_bn.c index a943899d6f..36a9f3303c 100644 --- a/board/cr50/dcrypto/dcrypto_bn.c +++ b/board/cr50/dcrypto/dcrypto_bn.c @@ -1286,7 +1286,8 @@ int dcrypto_modexp_blinded(struct LITE_BIGNUM *output, const struct LITE_BIGNUM *exp, const struct LITE_BIGNUM *N, uint32_t pubexp) { - int i, result; + int result; + size_t i; struct DMEM_ctx *ctx = (struct DMEM_ctx *)GREG32_ADDR(CRYPTO, DMEM_DUMMY); @@ -1360,7 +1361,8 @@ int dcrypto_modexp_blinded(struct LITE_BIGNUM *output, int dcrypto_modexp(struct LITE_BIGNUM *output, const struct LITE_BIGNUM *input, const struct LITE_BIGNUM *exp, const struct LITE_BIGNUM *N) { - int i, result; + int result; + size_t i; struct DMEM_ctx *ctx = (struct DMEM_ctx *)GREG32_ADDR(CRYPTO, DMEM_DUMMY); diff --git a/board/cr50/dcrypto/fips_rand.c b/board/cr50/dcrypto/fips_rand.c index 0a0609b0cd..e9a7fe7ac7 100644 --- a/board/cr50/dcrypto/fips_rand.c +++ b/board/cr50/dcrypto/fips_rand.c @@ -85,10 +85,10 @@ static bool repetition_count_test(uint32_t rnd) * counter of zeros to current number which will be 32, * otherwise (we had 1s) - just use current value. Same for 1s */ - if (rnd == 0) /* if all 32 samples are 0s */ + if (rnd == 0U) /* if all 32 samples are 0s */ clz += rand_state.last_clz; - if (rnd == ~0) /* if all 32 samples are 1s */ + if (rnd == ~0U) /* if all 32 samples are 1s */ clo += rand_state.last_clo; rand_state.last_clz = clz; rand_state.last_clo = clo; diff --git a/board/cr50/dcrypto/gcm.c b/board/cr50/dcrypto/gcm.c index a490a4e079..ff57a1e635 100644 --- a/board/cr50/dcrypto/gcm.c +++ b/board/cr50/dcrypto/gcm.c @@ -141,7 +141,7 @@ void DCRYPTO_gcm_aad(struct GCM_CTX *ctx, const uint8_t *aad_data, size_t len) size_t count; memset(block, 0, sizeof(block)); - count = MIN(16, len); + count = MIN(16U, len); memcpy(block, aad_data, count); gcm_aad_block(ctx, block); @@ -164,7 +164,7 @@ int DCRYPTO_gcm_encrypt(struct GCM_CTX *ctx, uint8_t *out, size_t out_len, /* Process a previous partial block, if any. */ if (ctx->remainder) { - size_t count = MIN(in_len, 16 - ctx->remainder); + size_t count = MIN(in_len, 16U - ctx->remainder); memcpy(ctx->block.c + ctx->remainder, in, count); ctx->remainder += count; diff --git a/board/cr50/dcrypto/internal.h b/board/cr50/dcrypto/internal.h index cd5e351dbd..7e1ea40384 100644 --- a/board/cr50/dcrypto/internal.h +++ b/board/cr50/dcrypto/internal.h @@ -63,18 +63,15 @@ int bn_modexp_word(struct LITE_BIGNUM *output, uint32_t pubexp, const struct LITE_BIGNUM *N); int bn_modexp_blinded(struct LITE_BIGNUM *output, - const struct LITE_BIGNUM *input, - const struct LITE_BIGNUM *exp, - const struct LITE_BIGNUM *N, - uint32_t pubexp); -uint32_t bn_add(struct LITE_BIGNUM *c, - const struct LITE_BIGNUM *a); -uint32_t bn_sub(struct LITE_BIGNUM *c, - const struct LITE_BIGNUM *a); -int bn_modinv_vartime(struct LITE_BIGNUM *r, - const struct LITE_BIGNUM *e, - const struct LITE_BIGNUM *MOD); -int bn_is_bit_set(const struct LITE_BIGNUM *a, int n); + const struct LITE_BIGNUM *input, + const struct LITE_BIGNUM *exp, + const struct LITE_BIGNUM *N, + uint32_t pubexp); +uint32_t bn_add(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a); +int32_t bn_sub(struct LITE_BIGNUM *c, const struct LITE_BIGNUM *a); +int bn_modinv_vartime(struct LITE_BIGNUM *r, const struct LITE_BIGNUM *e, + const struct LITE_BIGNUM *MOD); +int bn_is_bit_set(const struct LITE_BIGNUM *a, size_t n); /* * Accelerated bn. diff --git a/board/cr50/dcrypto/key_ladder.c b/board/cr50/dcrypto/key_ladder.c index 31844736bc..a334f7e0e1 100644 --- a/board/cr50/dcrypto/key_ladder.c +++ b/board/cr50/dcrypto/key_ladder.c @@ -70,7 +70,7 @@ static int ladder_step(uint32_t cert, const uint32_t input[8]) static int compute_certs(const uint32_t *certs, size_t num_certs) { - int i; + size_t i; for (i = 0; i < num_certs; i++) { if (ladder_step(certs[i], NULL)) @@ -122,7 +122,7 @@ int DCRYPTO_ladder_compute_frk2(size_t fw_version, uint8_t *frk2) return 0; do { - int i; + size_t i; ladder_init(); diff --git a/board/cr50/dcrypto/rsa.c b/board/cr50/dcrypto/rsa.c index a83b674f59..efdf880f88 100644 --- a/board/cr50/dcrypto/rsa.c +++ b/board/cr50/dcrypto/rsa.c @@ -50,7 +50,7 @@ static void MGF1_xor(uint8_t *dst, uint32_t dst_len, cnt.b0 = cnt.b1 = cnt.b2 = cnt.b3 = 0; while (dst_len) { - int i; + size_t i; if (hashing == HASH_SHA1) SHA1_hw_init(&ctx.sha1); @@ -119,8 +119,8 @@ static int oaep_pad(uint8_t *output, uint32_t output_len, } /* decrypt */ -static int check_oaep_pad(uint8_t *out, uint32_t *out_len, - uint8_t *padded, uint32_t padded_len, +static int check_oaep_pad(uint8_t *out, size_t *out_len, + uint8_t *padded, size_t padded_len, enum hashing_mode hashing, const char *label) { const size_t hash_size = (hashing == HASH_SHA1) ? SHA_DIGEST_SIZE @@ -133,7 +133,7 @@ static int check_oaep_pad(uint8_t *out, uint32_t *out_len, size_t one_index = 0; uint32_t looking_for_one_byte = ~0; int bad; - int i; + size_t i; if (padded_len < 2 + 2 * hash_size) return 0; /* Invalid input size. */ @@ -183,10 +183,10 @@ static int check_oaep_pad(uint8_t *out, uint32_t *out_len, #define RSA_PKCS1_PADDING_SIZE 11 /* encrypt */ -static int pkcs1_type2_pad(uint8_t *padded, uint32_t padded_len, - const uint8_t *in, uint32_t in_len) +static int pkcs1_type2_pad(uint8_t *padded, size_t padded_len, + const uint8_t *in, size_t in_len) { - uint32_t PS_len; + size_t PS_len; if (padded_len < RSA_PKCS1_PADDING_SIZE) return 0; @@ -197,7 +197,7 @@ static int pkcs1_type2_pad(uint8_t *padded, uint32_t padded_len, *(padded++) = 0; *(padded++) = 2; while (PS_len) { - int i; + size_t i; uint8_t r[SHA256_DIGEST_SIZE]; if (!fips_rand_bytes(r, sizeof(r))) @@ -220,10 +220,10 @@ static int pkcs1_type2_pad(uint8_t *padded, uint32_t padded_len, } /* decrypt */ -static int check_pkcs1_type2_pad(uint8_t *out, uint32_t *out_len, - const uint8_t *padded, uint32_t padded_len) +static int check_pkcs1_type2_pad(uint8_t *out, size_t *out_len, + const uint8_t *padded, size_t padded_len) { - int i; + size_t i; int valid; uint32_t zero_index = 0; uint32_t looking_for_index = ~0; @@ -276,7 +276,7 @@ static const uint8_t SHA512_DER[] = { }; static int pkcs1_get_der(enum hashing_mode hashing, const uint8_t **der, - uint32_t *der_size, uint32_t *hash_size) + size_t *der_size, size_t *hash_size) { switch (hashing) { case HASH_SHA1: @@ -312,14 +312,14 @@ static int pkcs1_get_der(enum hashing_mode hashing, const uint8_t **der, } /* sign */ -static int pkcs1_type1_pad(uint8_t *padded, uint32_t padded_len, - const uint8_t *in, uint32_t in_len, +static int pkcs1_type1_pad(uint8_t *padded, size_t padded_len, + const uint8_t *in, size_t in_len, enum hashing_mode hashing) { const uint8_t *der; - uint32_t der_size; - uint32_t hash_size; - uint32_t ps_len; + size_t der_size; + size_t hash_size; + size_t ps_len; if (!pkcs1_get_der(hashing, &der, &der_size, &hash_size)) return 0; @@ -343,15 +343,15 @@ static int pkcs1_type1_pad(uint8_t *padded, uint32_t padded_len, } /* verify */ -static int check_pkcs1_type1_pad(const uint8_t *msg, uint32_t msg_len, - const uint8_t *padded, uint32_t padded_len, +static int check_pkcs1_type1_pad(const uint8_t *msg, size_t msg_len, + const uint8_t *padded, size_t padded_len, enum hashing_mode hashing) { - int i; + size_t i; const uint8_t *der; - uint32_t der_size; - uint32_t hash_size; - uint32_t ps_len; + size_t der_size; + size_t hash_size; + size_t ps_len; if (!pkcs1_get_der(hashing, &der, &der_size, &hash_size)) return 0; @@ -377,15 +377,15 @@ static int check_pkcs1_type1_pad(const uint8_t *msg, uint32_t msg_len, } /* sign */ -static int pkcs1_pss_pad(uint8_t *padded, uint32_t padded_len, - const uint8_t *in, uint32_t in_len, +static int pkcs1_pss_pad(uint8_t *padded, size_t padded_len, + const uint8_t *in, size_t in_len, enum hashing_mode hashing) { const uint32_t hash_size = (hashing == HASH_SHA1) ? SHA1_DIGEST_SIZE : SHA256_DIGEST_SIZE; const uint32_t salt_len = MIN(padded_len - hash_size - 2, hash_size); - uint32_t db_len; - uint32_t ps_len; + size_t db_len; + size_t ps_len; union hash_ctx ctx; if (in_len != hash_size) @@ -426,8 +426,8 @@ static int pkcs1_pss_pad(uint8_t *padded, uint32_t padded_len, } /* verify */ -static int check_pkcs1_pss_pad(const uint8_t *in, uint32_t in_len, - uint8_t *padded, uint32_t padded_len, +static int check_pkcs1_pss_pad(const uint8_t *in, size_t in_len, + uint8_t *padded, size_t padded_len, enum hashing_mode hashing) { const uint32_t hash_size = (hashing == HASH_SHA1) ? SHA1_DIGEST_SIZE @@ -438,7 +438,7 @@ static int check_pkcs1_pss_pad(const uint8_t *in, uint32_t in_len, uint32_t salt_len; union hash_ctx ctx; int bad = 0; - int i; + size_t i; if (in_len != hash_size) return 0; @@ -480,7 +480,7 @@ static int check_pkcs1_pss_pad(const uint8_t *in, uint32_t in_len, } static int check_modulus_params( - const struct LITE_BIGNUM *N, size_t rsa_max_bytes, uint32_t *out_len) + const struct LITE_BIGNUM *N, size_t rsa_max_bytes, size_t *out_len) { if (bn_size(N) > rsa_max_bytes) return 0; /* Unsupported key size. */ @@ -491,8 +491,8 @@ static int check_modulus_params( return 1; } -int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len, - const uint8_t *in, uint32_t in_len, +int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, size_t *out_len, + const uint8_t *in, size_t in_len, enum padding_mode padding, enum hashing_mode hashing, const char *label) { @@ -550,8 +550,8 @@ int DCRYPTO_rsa_encrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len, return ret; } -int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len, - const uint8_t *in, const uint32_t in_len, +int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, size_t *out_len, + const uint8_t *in, const size_t in_len, enum padding_mode padding, enum hashing_mode hashing, const char *label) { @@ -609,8 +609,8 @@ int DCRYPTO_rsa_decrypt(struct RSA *rsa, uint8_t *out, uint32_t *out_len, return ret; } -int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len, - const uint8_t *in, const uint32_t in_len, +int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, size_t *out_len, + const uint8_t *in, const size_t in_len, enum padding_mode padding, enum hashing_mode hashing) { uint32_t padded_buf[RSA_MAX_WORDS]; @@ -652,8 +652,8 @@ int DCRYPTO_rsa_sign(struct RSA *rsa, uint8_t *out, uint32_t *out_len, } int DCRYPTO_rsa_verify(const struct RSA *rsa, const uint8_t *digest, - uint32_t digest_len, const uint8_t *sig, - const uint32_t sig_len, enum padding_mode padding, + size_t digest_len, const uint8_t *sig, + const size_t sig_len, enum padding_mode padding, enum hashing_mode hashing) { uint32_t padded_buf[RSA_WORDS_4K]; diff --git a/board/cr50/dcrypto/trng.c b/board/cr50/dcrypto/trng.c index 5745ec308f..6a419a6756 100644 --- a/board/cr50/dcrypto/trng.c +++ b/board/cr50/dcrypto/trng.c @@ -256,8 +256,8 @@ DECLARE_SAFE_CONSOLE_COMMAND(rand, command_rand, NULL, NULL); /* For testing we need unchecked values from TRNG. */ static bool raw_rand_bytes(void *buffer, size_t len) { - int random_togo = 0; - int buffer_index = 0; + size_t random_togo = 0; + size_t buffer_index = 0; uint32_t random_value; uint8_t *buf = (uint8_t *) buffer; diff --git a/board/cr50/dcrypto/util.c b/board/cr50/dcrypto/util.c index 2529036d4f..bcfa6b4b7c 100644 --- a/board/cr50/dcrypto/util.c +++ b/board/cr50/dcrypto/util.c @@ -180,7 +180,7 @@ __stdlib_compat void *memmove(void *dest, const void *src, size_t len) void reverse(void *dest, size_t len) { - int i; + size_t i; uint8_t *start = dest; uint8_t *end = start + len; diff --git a/board/cr50/dcrypto/x509.c b/board/cr50/dcrypto/x509.c index e8f5220e23..a4bcdf2630 100644 --- a/board/cr50/dcrypto/x509.c +++ b/board/cr50/dcrypto/x509.c @@ -248,7 +248,7 @@ static size_t asn1_parse(const uint8_t **p, size_t available, obj_len = in[1]; obj_len_bytes = 1; } else { - int i; + size_t i; obj_len_bytes = 1 + (in[1] & 127); if (obj_len_bytes > MAX_ASN1_OBJ_LEN_BYTES || diff --git a/test/tpm_test/Makefile b/test/tpm_test/Makefile index 29d3e229bc..985e0fffcb 100644 --- a/test/tpm_test/Makefile +++ b/test/tpm_test/Makefile @@ -37,6 +37,7 @@ CFLAGS += -I ${PYTHON_INCLUDE} CFLAGS += -I../../../../third_party/cryptoc/include CFLAGS += -I../../board/cr50 CFLAGS += -I../../chip/g +CFLAGS += -I../../core/host CFLAGS += -I../../fuzz CFLAGS += -I../../include CFLAGS += -I.. @@ -46,6 +47,8 @@ CFLAGS += -Itestlib CFLAGS += -DLIBFTDI1=1 CFLAGS += -c CFLAGS += -DCR50_NO_BN_ASM +CFLAGS += -DBOARD_HOST +CFLAGS += -DBOARD_TASKFILE="ec.tasklist" CFLAGS += -I../../fuzz TARGET = ftdi_spi_tpm @@ -68,7 +71,8 @@ $(obj)/%.o: $(obj)/%.c $(obj)/%.o: %.c $(call echo," CC $(notdir $@)") - $(Q)gcc $(CFLAGS) -Wall -Werror -MMD -MF $@.d -MT $@ -o $@ $< + $(Q)gcc $(CFLAGS) -Wall -Werror -Wno-error=deprecated-declarations\ + -Wno-error=unused-variable -MMD -MF $@.d -MT $@ -o $@ $< $(obj)/_$(TARGET).so: $(OBJS) $(obj)/$(TARGET).py $(call echo," LD $(notdir $@)") diff --git a/test/tpm_test/bn_test.c b/test/tpm_test/bn_test.c index db06ee93d4..78268d9ba7 100644 --- a/test/tpm_test/bn_test.c +++ b/test/tpm_test/bn_test.c @@ -2,7 +2,7 @@ * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ -#include "dcrypto.h" +#include "internal.h" #include <assert.h> #include <stdio.h> @@ -403,6 +403,29 @@ void watchdog_reload(void) { } +bool fips_rand_bytes(void *buffer, size_t len) +{ + uint8_t *b, *end; + static unsigned int seed = 1; + + for (b = buffer, end = b+len; b != end; b++) + *b = (uint8_t)rand_r(&seed); + return true; +} + +const struct fips_vtable *fips_vtable; + +void fips_throw_err(enum fips_status err) +{ +} + +uint64_t fips_trng_rand32(void) +{ + static unsigned int seed = 100; + + return (uint64_t)(rand_r(&seed) & 0xffffffff) | (1ULL << 32); +} + int main(void) { assert(test_bn_modinv() == 0); |