diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2019-11-15 11:37:08 -0800 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-11-19 20:35:30 +0000 |
commit | 8190be1a6fef4203d743825d7afe74b5ec1fc083 (patch) | |
tree | ab821d6962572ea7c6476ac17d47f85f3de3919e /chip | |
parent | e9bc15a9ac68e3b28e68c0191794e842927622ee (diff) | |
download | chrome-ec-8190be1a6fef4203d743825d7afe74b5ec1fc083.tar.gz |
cr50: Add TRNG_TEST command to download entropy samples for NIST tests
NIST 800-90B Entropy assesment tests requires 1M of 8-bit samples for
statistical tests. While it's possible to use TPM2_GetRandom command
to get entropy on cr50 (there is no software postprocessing), this
command is not available when compiled with CRYPTO_TEST=1 due to lack
of space in firmware. Adding vendor command which is available with
CRYPTO_TEST=1 to get raw entropy from TRNG. Added support script
to save entropy in file for further analysis. Since downloading
entropy takes a long time, new option'-t' added to tpmtest.py
which only invokes download of TRNG samples
BUG=b:138577834
BRANCH=cr50
TEST=make BOARD=cr50 CRYPTO_TEST=1 && test/tpm_test/tpmtest.py -t
To run NIST tests: nist_entropy.sh
Change-Id: I237a4581332a6e2c0332fe6ecf40731ab0be3355
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1919640
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'chip')
-rw-r--r-- | chip/g/trng.c | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/chip/g/trng.c b/chip/g/trng.c index 69e4ce1d87..afd9fa86e3 100644 --- a/chip/g/trng.c +++ b/chip/g/trng.c @@ -132,3 +132,39 @@ static int command_rand(int argc, char **argv) } DECLARE_CONSOLE_COMMAND(rand, command_rand, NULL, NULL); #endif /* !defined(SECTION_IS_RO) && defined(TEST_TRNG) */ + +#ifdef CRYPTO_TEST_SETUP +#include "extension.h" +/* + * This extension command is similar to TPM2_GetRandom, but made + * available for CRYPTO_TEST = 1 which disables TPM + * Command structure, shared out of band with the test driver running + * on the host: + * + * field | size | note + * =================================================================== + * text_len | 2 | size of the text to process, big endian + */ +static enum vendor_cmd_rc trng_test(enum vendor_cmd_cc code, void *buf, + size_t input_size, size_t *response_size) +{ + uint16_t text_len; + uint8_t *cmd; + size_t response_room = *response_size; + + if (input_size != sizeof(text_len)) { + *response_size = 0; + return VENDOR_RC_BOGUS_ARGS; + } + cmd = buf; + text_len = *cmd++; + text_len = text_len * 256 + *cmd++; + text_len = MIN(text_len, response_room); + rand_bytes(buf, text_len); + *response_size = text_len; + return VENDOR_RC_SUCCESS; +} + +DECLARE_VENDOR_COMMAND(VENDOR_CC_TRNG_TEST, trng_test); + +#endif /* CRYPTO_TEST_SETUP */ |