diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2020-06-17 21:46:00 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-06-24 20:56:01 +0000 |
| commit | 2d7cdfffa2fec56805406c50e8c3b58b6d0b617c (patch) | |
| tree | a13a0970d6a3f221186ae25150cac189cdcc0146 /board/cr50/tpm2/trng.c | |
| parent | 66bf0868e8bd55ba9e0d04671d164cfa1072173b (diff) | |
| download | chrome-ec-2d7cdfffa2fec56805406c50e8c3b58b6d0b617c.tar.gz | |
fips_rand: FIPS-compliant way to generate randoms
Add proper TRNG health tests and CR50-wide DRBG with reseeding
BUG=b:138578157
TEST=tpmtest.py -t1 fails after cr50 reboot.
rand_perf in console (kick-off FIPS TRNG test) and then
tpmtest.py -t1 and tpmtest.py -t2 should succeed.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I94c2dbd7a00dedcf1a0f318539a3c73c0c8076ef
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2251381
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board/cr50/tpm2/trng.c')
| -rw-r--r-- | board/cr50/tpm2/trng.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/board/cr50/tpm2/trng.c b/board/cr50/tpm2/trng.c index ae4312be2c..87519b0e85 100644 --- a/board/cr50/tpm2/trng.c +++ b/board/cr50/tpm2/trng.c @@ -13,6 +13,7 @@ CRYPT_RESULT _cpri__StirRandom(int32_t num, uint8_t *entropy) #ifdef CRYPTO_TEST_SETUP #include "endian.h" #include "extension.h" +#include "fips_rand.h" #include "trng.h" /* * This extension command is similar to TPM2_GetRandom, but made @@ -23,7 +24,8 @@ CRYPT_RESULT _cpri__StirRandom(int32_t num, uint8_t *entropy) * field | size | note * ========================================================================= * text_len | 2 | the number of random bytes to generate, big endian - * type | 1 | 0 = TRNG, other values reserved for extensions + * type | 1 | 0 = TRNG, 1 = FIPS TRNG, 2 = FIPS DRBG + * | | other values reserved for extensions */ static enum vendor_cmd_rc trng_test(enum vendor_cmd_cc code, void *buf, size_t input_size, size_t *response_size) @@ -49,6 +51,15 @@ static enum vendor_cmd_rc trng_test(enum vendor_cmd_cc code, void *buf, case 0: rand_bytes(buf, text_len); break; + case 1: + if (!fips_trng_bytes(buf, text_len)) + return VENDOR_RC_INTERNAL_ERROR; + break; + case 2: + if (!fips_rand_bytes(buf, text_len)) + return VENDOR_RC_INTERNAL_ERROR; + break; + default: return VENDOR_RC_BOGUS_ARGS; } |