diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-10-14 11:40:45 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-10-18 22:28:49 +0000 |
commit | 2bf2051125c993a1bcc5584803ab5f06bd675c93 (patch) | |
tree | abafb0ede3db5a76353ec694068020046d6d046e | |
parent | 69753e1de353c26e047b702a7d360dfc2c2c2521 (diff) | |
download | chrome-ec-2bf2051125c993a1bcc5584803ab5f06bd675c93.tar.gz |
cr50: update ECDSA pair-wise consistency test to alter key, not message
Intent of pair-wise consistency test is to ensure that private key
matches the public key, so update what we change when simulating error.
BUG=b:198219806
TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1;
u2f_test; passes
fips pwct
u2f_test; fails on u2f_generate, u2f_sign and u2f_attest.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I35de5608184fc9f28db4912f2b62795d53d48f43
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3229800
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
-rw-r--r-- | board/cr50/dcrypto/p256_ec.c | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/board/cr50/dcrypto/p256_ec.c b/board/cr50/dcrypto/p256_ec.c index 5924848c23..ac39813abb 100644 --- a/board/cr50/dcrypto/p256_ec.c +++ b/board/cr50/dcrypto/p256_ec.c @@ -97,6 +97,9 @@ enum dcrypto_result dcrypto_p256_key_pwct(struct drbg_ctx *drbg, { p256_int message, r, s; enum dcrypto_result result; +#ifdef CRYPTO_TEST_SETUP + p256_int d_altered; +#endif if (p256_is_zero(d)) return DCRYPTO_FAIL; @@ -104,14 +107,19 @@ enum dcrypto_result dcrypto_p256_key_pwct(struct drbg_ctx *drbg, /* set some pseudo-random message. */ p256_fast_random(&message); +#ifdef CRYPTO_TEST_SETUP + if (fips_break_cmd == FIPS_BREAK_ECDSA_PWCT) { + /* Modify key used for signing. */ + d_altered = *d; + d_altered.a[1] ^= 1; + d = &d_altered; + } +#endif + result = dcrypto_p256_fips_sign_internal(drbg, d, &message, &r, &s); if (result != DCRYPTO_OK) return result; -#ifdef CRYPTO_TEST_SETUP - if (fips_break_cmd == FIPS_BREAK_ECDSA_PWCT) - message.a[0] = ~message.a[0]; -#endif return dcrypto_p256_ecdsa_verify(x, y, &message, &r, &s); } |