diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-16 10:24:17 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-09-17 00:20:47 +0000 |
| commit | 83a5b5bd7f9773a33728b223930a16425f380541 (patch) | |
| tree | 77956e3f6b3906ecb953fe1fdb841a8a07a78393 /common/ccd_config.c | |
| parent | 539cbdd254c1af84ddee1ac19dc355b42afdc766 (diff) | |
| download | chrome-ec-83a5b5bd7f9773a33728b223930a16425f380541.tar.gz | |
cr50: switch to using DRBG for key generation purposes.
An "Approved" RNG listed in FIPS 140-2 Annex C must be used for the
generation of random data or cryptographic keys used by an approved
security function. Detailed information and guidance on Key Generation
can be found in NIST SP 800-133 and FIPS 140-2 IG 7.8 and D.12.
Many of function use raw entropy from TRNG without any health tests or
even checking returned status, as old API didn't provide any indication
of failure.
With this patch we remove old API: rand() and rand_bytes() and expose
new API:
fips_rand_bytes() - generation of random bits from properly instantiated
and reseeded as needed DRBG.
fips_trng_bytes() - generation of entropy from TRNG with statistical
testing and checking for TRNG failures.
fips_trng_rand32() - generation of 32 bits from TRNG with health check
and indication of status.
ccd, rsa, ecc, pinweaver, rma_auth are updated to use new APIs.
These functions are moved into dcrypto.h which will become "Public API"
for the module.
trng_test vendor command moved to dcrypto/trng.c where it belongs.
BUG=b:138577416
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpmtest.py
TCG tests.
-------------------------- Test Result Summary -------------------------
Test executed on: Thu Sep 16 10:16:59 2021
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
======================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I80d103ead1962ee388df5cabfabe0498d8d06d38
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3165870
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'common/ccd_config.c')
| -rw-r--r-- | common/ccd_config.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/common/ccd_config.c b/common/ccd_config.c index b3b12e12a7..d009acfd92 100644 --- a/common/ccd_config.c +++ b/common/ccd_config.c @@ -20,7 +20,6 @@ #include "timer.h" #include "tpm_registers.h" #include "tpm_vendor_cmds.h" -#include "trng.h" #include "wp.h" #define CPRINTS(format, args...) cprints(CC_CCD, format, ## args) @@ -310,11 +309,14 @@ static void raw_reset_password(void) * Set the password. * * @param password New password; must be non-empty + * @return EC_SUCCESS if successful */ -static void raw_set_password(const char *password) +static int raw_set_password(const char *password) { /* Get a new salt */ - rand_bytes(config.password_salt, sizeof(config.password_salt)); + if (!fips_rand_bytes(config.password_salt, + sizeof(config.password_salt))) + return EC_ERROR_HW_INTERNAL; /* Update the password digest */ ccd_password_digest(config.password_digest, password); @@ -322,6 +324,8 @@ static void raw_set_password(const char *password) /* Track whether we were opened when we set the password */ raw_set_flag(CCD_FLAG_PASSWORD_SET_WHEN_UNLOCKED, ccd_state == CCD_STATE_UNLOCKED); + + return EC_SUCCESS; } /******************************************************************************/ @@ -540,10 +544,15 @@ static int ccd_reset_password(void) */ static int ccd_set_password(const char *password) { + int result; + mutex_lock(&ccd_config_mutex); - raw_set_password(password); + result = raw_set_password(password); mutex_unlock(&ccd_config_mutex); + if (!result) + return result; + return ccd_save_config(); } |