diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-29 11:41:26 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-10-06 03:51:19 +0000 |
commit | 6a1d61e3e507f8f213b7ca6c5c07e3fc87b72d77 (patch) | |
tree | d423bfc7a7ad8b6f7f5c096076ab45295dac7de2 /board/cr50/build.mk | |
parent | 0fe84e193c648d30a0e45b2332bd4854a3e1d8bb (diff) | |
download | chrome-ec-6a1d61e3e507f8f213b7ca6c5c07e3fc87b72d77.tar.gz |
cr50: update AES-CMAC implementation
Cr50 doesn't use CMAC, it is not even compiled, however during internal
review potential issues with branching on key values were spotted.
1) Fix key expansion to be constant time
2) Switch to enum dcrypto_result
3) Test commands updated to be compatible with FIPS build (use .rodata)
4) Clean up computed tag on stack during verification
BUG=None
TEST=make BOARD=cr50 CRYPTO_TEST=1 CMAC_TEST=1
in ccd: test_cmac 1 2 3 4
test_cmac_ver 1 2 3 4
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Iff9b84dd8fb2baed9152f1ee5c40ef8e4198edd3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194972
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/build.mk')
-rw-r--r-- | board/cr50/build.mk | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index f644a2c892..3f1c40f9c6 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -24,7 +24,7 @@ ifeq ($(BOARD_MK_INCLUDED_ONCE),) # command line. ENV_VARS := CR50_DEV CRYPTO_TEST H1_RED_BOARD U2F_TEST RND_TEST DRBG_TEST\ ECDSA_TEST DCRYPTO_TEST P256_BIN_TEST SHA1_TEST SHA256_TEST\ - HMAC_SHA256_TEST + HMAC_SHA256_TEST CMAC_TEST ifneq ($(CRYPTO_TEST),) CPPFLAGS += -DCRYPTO_TEST_SETUP @@ -114,6 +114,9 @@ fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_p256.o fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/compare.o fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_runtime.o ifneq ($(CRYPTO_TEST),) +ifneq ($(CMAC_TEST),) +fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/aes_cmac.o +endif fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/gcm.o fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/hkdf.o endif |