diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-10-13 12:30:48 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-10-13 23:43:18 +0000 |
commit | 307b3dc3c0a294d2245ea7e9475f548077a98c3b (patch) | |
tree | 000a9abf9b613e3f9508d244a0310108069d04ad | |
parent | 29c152bcf67e09d60d28f519458b7fd7a0e8a1cd (diff) | |
download | chrome-ec-307b3dc3c0a294d2245ea7e9475f548077a98c3b.tar.gz |
cr50: add functionality to support FIPS testing by lab
1) Add test commands to break all KAT tests [fips hmac/drbg/ecdsa/pwct]
2) To support PWCT demo reduced number of attempts to retrieve valid
p256 key candidate to 16. Probability of false negative would be less
than 2^-4080 (255*16), but will prevent DoS attack if it consistently
fails for real reasons.
3) Fixed HMAC KAT test failure (was bound SHA failure earlier).
BUG=b:138576604
TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1
In ccd:
fips
fips hmac
fips test - see FIPS error
reboot
fips drbg
fips test - see FIPS error
reboot
fips ecdsa
fips test - see FIPS error
reboot
fips pwct
u2f_test - see NOT PASSED of u2f_generate/u2f_sign
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I0a812075bb2436f5823eff446b725f19974a2a31
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3221770
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
-rw-r--r-- | board/cr50/dcrypto/fips.c | 2 | ||||
-rw-r--r-- | board/cr50/dcrypto/u2f.c | 6 | ||||
-rw-r--r-- | board/cr50/fips_cmd.c | 10 |
3 files changed, 14 insertions, 4 deletions
diff --git a/board/cr50/dcrypto/fips.c b/board/cr50/dcrypto/fips.c index 2ea98187c4..5fd1327aee 100644 --- a/board/cr50/dcrypto/fips.c +++ b/board/cr50/dcrypto/fips.c @@ -185,7 +185,7 @@ static bool fips_hmac_sha256_kat(void) HMAC_SHA256_hw_init(&ctx, k, sizeof(k)); memcpy(in_mem, in, sizeof(in)); - if (fips_break_cmd == FIPS_BREAK_SHA256) + if (fips_break_cmd == FIPS_BREAK_HMAC_SHA256) in_mem[0] ^= 1; HMAC_SHA256_update(&ctx, in_mem, sizeof(in_mem)); return DCRYPTO_equals(HMAC_SHA256_hw_final(&ctx), ans, diff --git a/board/cr50/dcrypto/u2f.c b/board/cr50/dcrypto/u2f.c index 1b2fc4f17c..f8d4eb997f 100644 --- a/board/cr50/dcrypto/u2f.c +++ b/board/cr50/dcrypto/u2f.c @@ -212,7 +212,7 @@ static enum ec_error_list u2f_origin_user_key_pair( */ hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, dev_salt, P256_NBYTES, - NULL, 0, HMAC_DRBG_DO_NOT_AUTO_RESEED); + NULL, 0, 16); result = hmac_drbg_generate(&drbg, key_seed, sizeof(key_seed), key_handle, key_handle_size); } else { @@ -228,7 +228,7 @@ static enum ec_error_list u2f_origin_user_key_pair( hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, key_handle, key_handle_size, NULL, 0, - HMAC_DRBG_DO_NOT_AUTO_RESEED); + 16); /** * Additional data = Device_ID (constant coming from HW). @@ -563,7 +563,7 @@ static bool g2f_individual_key_pair(const struct u2f_state *state, p256_int *d, hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, state->salt, sizeof(state->salt), NULL, 0, - HMAC_DRBG_DO_NOT_AUTO_RESEED); + 16); do { /** diff --git a/board/cr50/fips_cmd.c b/board/cr50/fips_cmd.c index 5dbe19a291..816e5280d6 100644 --- a/board/cr50/fips_cmd.c +++ b/board/cr50/fips_cmd.c @@ -146,6 +146,16 @@ static int cmd_fips_status(int argc, char **argv) fips_break_cmd = FIPS_BREAK_TRNG; else if (!strncmp(argv[1], "sha", 3)) fips_break_cmd = FIPS_BREAK_SHA256; + else if (!strncmp(argv[1], "hmac", 4)) + fips_break_cmd = FIPS_BREAK_HMAC_SHA256; + else if (!strncmp(argv[1], "drbg", 4)) + fips_break_cmd = FIPS_BREAK_HMAC_DRBG; + else if (!strncmp(argv[1], "ecdsa", 5)) + fips_break_cmd = FIPS_BREAK_ECDSA; + else if (!strncmp(argv[1], "pwct", 4)) + fips_break_cmd = FIPS_BREAK_ECDSA_PWCT; + else if (!strncmp(argv[1], "none", 4)) + fips_break_cmd = FIPS_NO_BREAK; #endif } return 0; |