diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-08-09 17:50:21 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-08-12 20:38:26 +0000 |
commit | 2a590e25e8cc41d324abf56894b032ceda028832 (patch) | |
tree | 906739ca85cbbd9197cec0189d2c6b7b1f1a14d8 /board/cr50/dcrypto/p256_ec.c | |
parent | 7ddbd2a9eab0dc54897d6b5bb8ee1d4b3be1fe27 (diff) | |
download | chrome-ec-stabilize-14151.B-cr50_stab.tar.gz |
cr50: drop cryptoc for p256 implementationstabilize-14151.B-cr50_stab
To implement FIPS module we need to bring many crypto functions in the
module boundary. Unfortunately, cryptoc is a third-party library used
by dcrypto code in cr50. Cryptoc is also not well-maintained and shared
with other projects. While just making local copy of cryptoc would
solve an issue, it's suboptimal as prevents from many optimizations and
improvements.
Removed redundant functions (dcrypto_p256_pick and dcrypto_p256_rand).
Another improvement is separation of platform independent code in p256.c
to support better host-side unit tests. For this purpose added fast
random number generator using LFSR to replace use of TRNG for blinding
and wiping secrets where security strength is not required.
BUG=b:138578318
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
in console: dcrypto_ecdsa
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I9bfd13b8006ddca55508635962be4502a56532b5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3087833
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/dcrypto/p256_ec.c')
-rw-r--r-- | board/cr50/dcrypto/p256_ec.c | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/board/cr50/dcrypto/p256_ec.c b/board/cr50/dcrypto/p256_ec.c index cb33a15774..fee1434136 100644 --- a/board/cr50/dcrypto/p256_ec.c +++ b/board/cr50/dcrypto/p256_ec.c @@ -7,8 +7,6 @@ #include <stdint.h> -#include "cryptoc/p256.h" - /* p256_base_point_mul sets {out_x,out_y} = nG, where n is < the * order of the group. */ int DCRYPTO_p256_base_point_mul(p256_int *out_x, p256_int *out_y, @@ -37,3 +35,29 @@ int DCRYPTO_p256_point_mul(p256_int *out_x, p256_int *out_y, return dcrypto_p256_point_mul(n, in_x, in_y, out_x, out_y); } + +/** + * Key selection based on FIPS-186-4, section B.4.2 (Key Pair + * Generation by Testing Candidates). + */ +int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, + const uint8_t key_bytes[P256_NBYTES]) +{ + p256_int key; + + p256_from_bin(key_bytes, &key); + + /** + * We need key to be in the range 0 < key < SECP256r1 - 1. + * To achieve that, first check key < SECP256r1 - 2, and + * then add 1 to key. Since key is unsigned number this will + * bring key in proper range. + */ + if (p256_lt_blinded(&key, &SECP256r1_nMin2) >= 0) + return 0; + p256_add_d(&key, 1, d); + always_memset(&key, 0, sizeof(key)); + if (x == NULL || y == NULL) + return 1; + return dcrypto_p256_base_point_mul(d, x, y); +} |