diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2022-01-28 19:57:45 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2022-01-31 23:21:40 +0000 |
| commit | ff49166b382db46f31b8bf1be12196439bc90d02 (patch) | |
| tree | 80fd99dfc52e8d98f732731a2405062fe9155d56 /board/cr50/fips_cmd.c | |
| parent | 12d62b7996952bb8108af286e312481cecad02a1 (diff) | |
| download | chrome-ec-stabilize-14496.B-cr50_stab.tar.gz | |
cr50: update FIPS module based on operational testing findingsstabilize-14498.B-cr50_stabstabilize-14496.B-cr50_stabfirmware-brya-14505.B-cr50_stabfirmware-brya-14505.71.B-cr50_stab
1. ECDSA pair-wise consistency test failure wasn't updating FIPS status.
Added new failure bit FIPS_FATAL_ECDSA_PWCT.
2. ECDSA KAT was only simulating error in verify, but not in sign.
Split 'fips ecdsa' into 'fips ecver' and 'fips ecsign'.
3. Added a way to introduce self-integrity error by not updating FIPS
module digest with 'FIPS_BREAK=1' during build.
4. Added reporting of FIPS module digest.
BUG=b:134594373
TEST=make CRYPTO_TEST=1;
in ccd test:
fips pwct; tpm_test.py should fail; fips should print error.
-
fips ecver; fips test reports ECDSA error
fips ecsign; fips test reports ECDSA error
-
FIPS module digest is printed
-
FIPS_BREAK=1 make CRYPTO_TEST=1 produce build with zero digest
reporint FIPS self-integrity error.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ib0a92c118f07a76e4b52eaf9b011ff4f73a02c61
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3425998
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/fips_cmd.c')
| -rw-r--r-- | board/cr50/fips_cmd.c | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/board/cr50/fips_cmd.c b/board/cr50/fips_cmd.c index 816e5280d6..8ed25914e8 100644 --- a/board/cr50/fips_cmd.c +++ b/board/cr50/fips_cmd.c @@ -38,6 +38,8 @@ static void fips_print_mode(void) { enum fips_status status = fips_status(); + CPRINTS("FIPS module digest %ph...", + HEX_BUF(&fips_integrity, 8)); if (status == FIPS_UNINITIALIZED) CPRINTS("FIPS mode not initialized"); else if (status & FIPS_ERROR_MASK) @@ -150,8 +152,10 @@ static int cmd_fips_status(int argc, char **argv) fips_break_cmd = FIPS_BREAK_HMAC_SHA256; else if (!strncmp(argv[1], "drbg", 4)) fips_break_cmd = FIPS_BREAK_HMAC_DRBG; - else if (!strncmp(argv[1], "ecdsa", 5)) - fips_break_cmd = FIPS_BREAK_ECDSA; + else if (!strncmp(argv[1], "ecver", 5)) + fips_break_cmd = FIPS_BREAK_ECDSA_VER; + else if (!strncmp(argv[1], "ecsign", 6)) + fips_break_cmd = FIPS_BREAK_ECDSA_SIGN; else if (!strncmp(argv[1], "pwct", 4)) fips_break_cmd = FIPS_BREAK_ECDSA_PWCT; else if (!strncmp(argv[1], "none", 4)) @@ -217,8 +221,11 @@ static enum vendor_cmd_rc fips_cmd(enum vendor_cmd_cc code, void *buf, case FIPS_CMD_BREAK_HMAC_DRBG: fips_break_cmd = FIPS_BREAK_HMAC_DRBG; break; - case FIPS_CMD_BREAK_ECDSA: - fips_break_cmd = FIPS_BREAK_ECDSA; + case FIPS_CMD_BREAK_ECDSA_VER: + fips_break_cmd = FIPS_BREAK_ECDSA_VER; + break; + case FIPS_CMD_BREAK_ECDSA_SIGN: + fips_break_cmd = FIPS_BREAK_ECDSA_SIGN; break; #ifdef CONFIG_FIPS_AES_CBC_256 case FIPS_CMD_BREAK_AES256: |