diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-02 08:55:45 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-09-15 03:13:08 +0000 |
| commit | 4ad2fe9ff8dd7088050c8b8aa3ddcd722bcfaf4f (patch) | |
| tree | cf0dc64e0db26d90a33fe6b9ba6ac5e60968ea64 /board/cr50/dcrypto/dcrypto.h | |
| parent | e33cd20b6898e8a8896795425dc4e9c7c51d12be (diff) | |
| download | chrome-ec-4ad2fe9ff8dd7088050c8b8aa3ddcd722bcfaf4f.tar.gz | |
cr50: update FIPS known-answer tests
1. KAT tests should check that result doesn't match expectation for
modified input, not just failing on request. Added modification of input
data in case test break is needed (during module validation).
2. For ECDSA added pair-wise consistency test with known key pair.
However, this test adds roughly 40ms, so disable it and use sign test
with fixed nonce instead.
3. Some internal changes to support functionality - internally provided
dcrypto_p256_ecdsa_sign_raw() which takes precomputed nonce vs. drbg.
This allows generation of nonce with reseeding of DRBG if needed.
Also added dcrypto_p256_fips_sign_internal() which does same as
dcrypto_p256_ecdsa_sign() except that it reseeds DRBG with entropy if
needed.
4. Implemented ECDSA sign test with fixed nonce, and combined with
verify test. This allows to free some space for test vectors.
Also, store SHA256 of message as SHA256 is already tested. This saves
another 96 bytes.
5. KAT test time increased 2X from ~40ms to 60ms due to ECDSA sign test.
5. Run SHA2-256 KAT before self-integrity test, as it is used for
self-integrity.
BUG=b:138577539
TEST=make BOARD=cr50
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I1cbd470bc64ef3eb50e9a28055404fb998c65b61
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3144376
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/dcrypto/dcrypto.h')
| -rw-r--r-- | board/cr50/dcrypto/dcrypto.h | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/board/cr50/dcrypto/dcrypto.h b/board/cr50/dcrypto/dcrypto.h index 318a58e4e7..accb2f3a43 100644 --- a/board/cr50/dcrypto/dcrypto.h +++ b/board/cr50/dcrypto/dcrypto.h @@ -259,12 +259,14 @@ int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, /** * Pair-wise consistency test for private and public key. * + * @param drbg - DRBG to use for nonce generation * @param d - private key (scalar) * @param x - public key part * @param y - public key part * @return !0 on success */ -int DCRYPTO_p256_key_pwct(p256_int *d, p256_int *x, p256_int *y); +int DCRYPTO_p256_key_pwct(struct drbg_ctx *drbg, const p256_int *d, + const p256_int *x, const p256_int *y); /* P256 based integration encryption (DH+AES128+SHA256). * Not FIPS 140-2 compliant, not used other than for tests |