diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2019-11-20 09:50:40 -0800 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2020-06-17 22:30:57 +0000 |
| commit | 32730b21cfd504438d6a711834b445c68ec19ae5 (patch) | |
| tree | 592c1eb4de6cf12f85921bd2e8e4cead92869c4a /board | |
| parent | d61ca497127ee518d65b26975cf3fadd62bc0a9a (diff) | |
| download | chrome-ec-32730b21cfd504438d6a711834b445c68ec19ae5.tar.gz | |
cr50: use NIST-compliant configuration of TRNG
According to NIST SP 800-90B only vetted conditioning mechanism should
be used for post-processing raw entropy. See SP 800-90B, 3.1.5.1 Using
Vetted Conditioning Components. Use of non-vetted algorithms is governed
in 3.1.5.2, but assumes conservative coefficient 0.85 for entropy estimate,
which increase number of requests to TRNG to get desirable entropy.
More details on entropy estimate tests are in associated bug.
Entropy measurements using NIST assessment tool didn't report noticeable
change in entropy estimate. However, more changes are needed to use
DRBG instead of raw TRNG for all purposes.
TRNG changes reviewed also at https://crrev.com/c/1926384
BUG=b:138577834
TEST=test/tpm_test/nist_entropy.sh
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I5a578b90b8b7a77fae6a218eec48e87e7644ab44
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2240519
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board')
| -rw-r--r-- | board/cr50/tpm2/trng.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/board/cr50/tpm2/trng.c b/board/cr50/tpm2/trng.c index 7cce13ff1c..ae4312be2c 100644 --- a/board/cr50/tpm2/trng.c +++ b/board/cr50/tpm2/trng.c @@ -9,3 +9,52 @@ CRYPT_RESULT _cpri__StirRandom(int32_t num, uint8_t *entropy) { return CRYPT_SUCCESS; /* NO-OP on CR50. */ } + +#ifdef CRYPTO_TEST_SETUP +#include "endian.h" +#include "extension.h" +#include "trng.h" +/* + * This extension command is similar to TPM2_GetRandom, but made + * available for CRYPTO_TEST = 1 which disables TPM. + * Command structure, shared out of band with the test driver running + * on the host: + * + * field | size | note + * ========================================================================= + * text_len | 2 | the number of random bytes to generate, big endian + * type | 1 | 0 = TRNG, other values reserved for extensions + */ +static enum vendor_cmd_rc trng_test(enum vendor_cmd_cc code, void *buf, + size_t input_size, size_t *response_size) +{ + uint16_t text_len; + uint8_t *cmd = buf; + uint8_t op_type = 0; + + if (input_size != sizeof(text_len) + 1) { + *response_size = 0; + return VENDOR_RC_BOGUS_ARGS; + } + + text_len = be16toh(*(uint16_t *)cmd); + op_type = cmd[sizeof(text_len)]; + + if (text_len > *response_size) { + *response_size = 0; + return VENDOR_RC_BOGUS_ARGS; + } + + switch (op_type) { + case 0: + rand_bytes(buf, text_len); + break; + default: + return VENDOR_RC_BOGUS_ARGS; + } + *response_size = text_len; + return VENDOR_RC_SUCCESS; +} + +DECLARE_VENDOR_COMMAND(VENDOR_CC_TRNG_TEST, trng_test); +#endif /* CRYPTO_TEST_SETUP */ |