diff options
-rw-r--r-- | board/cr50/dcrypto/app_cipher.c | 2 | ||||
-rw-r--r-- | board/cr50/dcrypto/compare.c | 2 | ||||
-rw-r--r-- | board/cr50/dcrypto/crypto_common.h | 34 | ||||
-rw-r--r-- | board/cr50/dcrypto/dcrypto.h | 145 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips.c | 4 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips_rand.c | 3 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips_rand.h | 61 | ||||
-rw-r--r-- | board/cr50/dcrypto/hmacsha2.h | 9 | ||||
-rw-r--r-- | board/cr50/dcrypto/internal.h | 148 | ||||
-rw-r--r-- | board/cr50/dcrypto/p256.c | 2 | ||||
-rw-r--r-- | board/cr50/dcrypto/p256_ec.c | 7 | ||||
-rw-r--r-- | board/cr50/dcrypto/u2f.c | 4 | ||||
-rw-r--r-- | board/cr50/dcrypto/x509.c | 4 | ||||
-rw-r--r-- | board/cr50/tpm2/aes.c | 2 | ||||
-rw-r--r-- | board/cr50/tpm2/hkdf.c | 1 | ||||
-rw-r--r-- | board/cr50/tpm2/rsa.c | 3 | ||||
-rw-r--r-- | common/ccd_config.c | 1 | ||||
-rw-r--r-- | test/u2f.c | 3 |
18 files changed, 231 insertions, 204 deletions
diff --git a/board/cr50/dcrypto/app_cipher.c b/board/cr50/dcrypto/app_cipher.c index 6bbcfdab11..004db6bd6c 100644 --- a/board/cr50/dcrypto/app_cipher.c +++ b/board/cr50/dcrypto/app_cipher.c @@ -4,7 +4,7 @@ * found in the LICENSE file. */ #include "crypto_api.h" -#include "dcrypto.h" +#include "internal.h" #include "registers.h" /* The default build options compile for size (-Os); instruct the diff --git a/board/cr50/dcrypto/compare.c b/board/cr50/dcrypto/compare.c index 494e26617e..baf37927b0 100644 --- a/board/cr50/dcrypto/compare.c +++ b/board/cr50/dcrypto/compare.c @@ -3,7 +3,7 @@ * found in the LICENSE file. */ -#include "dcrypto.h" +#include "internal.h" /** * CRYPTO_FAST_COMPARE = 1 will enable machine word reads if performance diff --git a/board/cr50/dcrypto/crypto_common.h b/board/cr50/dcrypto/crypto_common.h deleted file mode 100644 index 36e5ebe9b7..0000000000 --- a/board/cr50/dcrypto/crypto_common.h +++ /dev/null @@ -1,34 +0,0 @@ -/* Copyright 2021 The Chromium OS Authors. All rights reserved. - * Use of this source code is governed by a BSD-style license that can be - * found in the LICENSE file. - */ -#ifndef __EC_FIPS_MODULE_COMMON_H -#define __EC_FIPS_MODULE_COMMON_H - -/** - * This header file contains types shared between public API in dcrypto.h and - * internal functions in internal.h. - */ - -#include "common.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Result codes for crypto operations, targeting - * high Hamming distance from each other. - */ -enum dcrypto_result { - DCRYPTO_OK = 0xAA33AAFF, /* Success. */ - DCRYPTO_FAIL = 0x55665501, /* Failure. */ - DCRYPTO_RETRY = 0xA5775A33, - DCRYPTO_RESEED_NEEDED = 0x36AA6355, -}; - -#ifdef __cplusplus -} -#endif - -#endif /* __EC_FIPS_MODULE_COMMON_H */ diff --git a/board/cr50/dcrypto/dcrypto.h b/board/cr50/dcrypto/dcrypto.h index 50285286d9..36f2c40fee 100644 --- a/board/cr50/dcrypto/dcrypto.h +++ b/board/cr50/dcrypto/dcrypto.h @@ -13,11 +13,22 @@ extern "C" { #endif -#include "crypto_common.h" -#include "internal.h" - +#include <stdbool.h> #include <stddef.h> +#include "hmacsha2.h" + +/** + * Result codes for crypto operations, targeting + * high Hamming distance from each other. + */ +enum dcrypto_result { + DCRYPTO_OK = 0xAA33AAFF, /* Success. */ + DCRYPTO_FAIL = 0x55665501, /* Failure. */ + DCRYPTO_RETRY = 0xA5775A33, + DCRYPTO_RESEED_NEEDED = 0x36AA6355, +}; + enum cipher_mode { CIPHER_MODE_ECB = 0, /* NIST SP 800-38A */ CIPHER_MODE_CTR = 1, /* NIST SP 800-38A */ @@ -158,8 +169,44 @@ const struct sha256_digest *HMAC_SHA256_hw_final(struct hmac_sha256_ctx *ctx); /* * BIGNUM utility methods. */ + +/* + * Use this structure to avoid alignment problems with input and output + * pointers. + */ +struct access_helper { + uint32_t udata; +} __packed; + + +struct LITE_BIGNUM { + uint32_t dmax; /* Size of d, in 32-bit words. */ + struct access_helper *d; /* Word array, little endian format ... */ +}; + + void DCRYPTO_bn_wrap(struct LITE_BIGNUM *b, void *buf, size_t len); +/** + * Return number of bits in big number. + * @param b pointer to big number + * @return length in bits + */ +static inline uint32_t bn_bits(const struct LITE_BIGNUM *b) +{ + return b->dmax * sizeof(*b->d) * 8; +} + +/** + * Return number of bytes in big number. + * @param b pointer to big number + * @return length in bits + */ +static inline size_t bn_size(const struct LITE_BIGNUM *b) +{ + return b->dmax * sizeof(*b->d); +} + /* * RSA. */ @@ -235,6 +282,52 @@ int DCRYPTO_rsa_key_compute(struct LITE_BIGNUM *N, struct LITE_BIGNUM *d, * EC. */ +/* + * Accelerated p256. FIPS PUB 186-4 + */ +#define P256_BITSPERDIGIT 32 +#define P256_NDIGITS 8 +#define P256_NBYTES 32 + +typedef uint32_t p256_digit; +/** + * P-256 integers internally represented as little-endian 32-bit integer + * digits in platform-specific format. On little-endian platform this would + * be regular 256-bit little-endian unsigned integer. On big-endian platform + * it would big-endian 32-bit digits in little-endian order. + * + * Defining p256_int as struct to leverage struct assignment. + */ +typedef struct p256_int { + union { + p256_digit a[P256_NDIGITS]; + uint8_t b8[P256_NBYTES]; + }; +} p256_int; + +/* Clear a p256_int to zero. */ +void p256_clear(p256_int *a); + +/* Check p256 is odd. */ +int p256_is_odd(const p256_int *a); + +/* Outputs big-endian binary form. No leading zero skips. */ +void p256_to_bin(const p256_int *src, uint8_t dst[P256_NBYTES]); + +/** + * Reads from big-endian binary form, thus pre-pad with leading + * zeros if short. Input length is assumed P256_NBYTES bytes. + */ +void p256_from_bin(const uint8_t src[P256_NBYTES], p256_int *dst); + +/** + * Reads from big-endian binary form of given size, add padding with + * zeros if short. Check that leading digits beyond P256_NBYTES are zeroes. + * + * @return true if provided big-endian fits into p256. + */ +bool p256_from_be_bin_size(const uint8_t *src, size_t len, p256_int *dst); + /** * Check if point is on NIST P-256 curve * @@ -276,16 +369,19 @@ int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, const uint8_t bytes[P256_NBYTES]); /** - * Pair-wise consistency test for private and public key. - * - * @param drbg - DRBG to use for nonce generation - * @param d - private key (scalar) - * @param x - public key part - * @param y - public key part - * @return !0 on success + * TODO: Provide provide proper wrappers for dcrypto_p256_ecdsa_verify() + * and fips_p256_ecdsa_sign() */ -int DCRYPTO_p256_key_pwct(struct drbg_ctx *drbg, const p256_int *d, - const p256_int *x, const p256_int *y); +int dcrypto_p256_ecdsa_verify(const p256_int *key_x, const p256_int *key_y, + const p256_int *message, const p256_int *r, + const p256_int *s) + __attribute__((warn_unused_result)); + +/* wrapper around dcrypto_p256_ecdsa_sign using FIPS-compliant HMAC_DRBG */ +int fips_p256_ecdsa_sign(const p256_int *key, const p256_int *message, + p256_int *r, p256_int *s); + +/************************************************************/ /* P256 based integration encryption (DH+AES128+SHA256). * Not FIPS 140-2 compliant, not used other than for tests @@ -458,6 +554,15 @@ int DCRYPTO_ladder_is_enabled(void); */ /** + * Initialize the true random number generator (TRNG) in FIPS-compliant + * way: + * 1. Set 1-bit alphabet + * 2. Set maximum possible range for internal ring-oscillator + * 3. Disable any other post-processing beyond #2 + **/ +void fips_init_trng(void); + +/** * Returns random number from TRNG with indication wherever reading is valid. * This is different from rand() which doesn't provide any indication. * High 32-bits set to zero in case of error; otherwise value >> 32 == 1 @@ -504,6 +609,22 @@ bool fips_trng_bytes(void *buffer, size_t len) bool fips_rand_bytes(void *buffer, size_t len) __attribute__((warn_unused_result)); + +/** + * Utility functions. + */ + +/** + * An implementation of memset that ought not to be optimized away; + * useful for scrubbing security sensitive buffers. + * + * @param d destination buffer + * @param c 8-bit value to fill buffer + * @param n size of buffer in bytes + * @return d + */ +void *always_memset(void *d, int c, size_t n); + #ifdef __cplusplus } #endif diff --git a/board/cr50/dcrypto/fips.c b/board/cr50/dcrypto/fips.c index f08b54aea7..b3b401fdfb 100644 --- a/board/cr50/dcrypto/fips.c +++ b/board/cr50/dcrypto/fips.c @@ -5,15 +5,13 @@ #include "builtin/endian.h" #include "console.h" -#include "dcrypto.h" #include "ec_commands.h" #include "extension.h" -#include "fips.h" -#include "fips_rand.h" #include "flash.h" #include "flash_info.h" #include "flash_log.h" #include "hooks.h" +#include "internal.h" #include "new_nvmem.h" #include "nvmem.h" #include "nvmem_vars.h" diff --git a/board/cr50/dcrypto/fips_rand.c b/board/cr50/dcrypto/fips_rand.c index 701fca0a6f..4529a1cfbf 100644 --- a/board/cr50/dcrypto/fips_rand.c +++ b/board/cr50/dcrypto/fips_rand.c @@ -4,8 +4,7 @@ */ #include "console.h" -#include "fips.h" -#include "fips_rand.h" +#include "internal.h" #include "flash_log.h" #include "init_chip.h" #include "registers.h" diff --git a/board/cr50/dcrypto/fips_rand.h b/board/cr50/dcrypto/fips_rand.h index af39269382..10e44c7414 100644 --- a/board/cr50/dcrypto/fips_rand.h +++ b/board/cr50/dcrypto/fips_rand.h @@ -18,22 +18,6 @@ extern "C" { #define TRNG_SAMPLE_BITS 1 -/** - * Initialize the true random number generator (TRNG) in FIPS-compliant - * way: - * 1. Set 1-bit alphabet - * 2. Set maximum possible range for internal ring-oscillator - * 3. Disable any other post-processing beyond #2 - **/ -void fips_init_trng(void); - -/** - * Returns random number with indication wherever reading is valid. This is - * different from rand() which doesn't provide any indication. - * High 32-bits set to zero in case of error; otherwise value >> 32 == 1 - * Use of uint64_t vs. struct results in more efficient code. - */ -uint64_t read_rand(void); /** * TRNG Health Tests @@ -86,52 +70,7 @@ uint64_t read_rand(void); */ #define APT_CUTOFF_SAMPLES 692 -/** - * FIPS-compliant TRNG startup. - * The entropy source's startup tests shall run the continuous health tests - * over at least 4096 consecutive samples. - * Note: This function can throw FIPS_FATAL_TRNG error - * - * To hide latency of reading TRNG data, this test is executed in 2 stages - * @param stage is 0 or 1, choosing the stage. On each stage 2048 - * samples are processed. Assuming that some other tasks can be executed - * between stages, when TRNG FIFO if filled with samples. - * - * Some number of samples will be available in entropy_fifo - */ -bool fips_trng_startup(int stage); - - -/* initialize cr50-wide DRBG replacing rand */ -bool fips_drbg_init(void); -/* mark cr50-wide DRBG as not initialized */ -void fips_drbg_init_clear(void); - -/* FIPS DRBG initialized at boot time/first use. */ -extern struct drbg_ctx fips_drbg; -/** - * Generate valid P-256 random from FIPS DRBG, reseed DRBG with entropy from - * verified TRNG if needed. - * - * @param drbg DRBG to use - * @param out output value - * @return HMAC_DRBG_SUCCESS if out contains random. - */ -enum hmac_result fips_p256_hmac_drbg_generate(struct drbg_ctx *drbg, - p256_int *out); - -/* wrapper around dcrypto_p256_ecdsa_sign using FIPS-compliant HMAC_DRBG */ -int fips_p256_ecdsa_sign(const p256_int *key, const p256_int *message, - p256_int *r, p256_int *s); -/** - * wrapper around hmac_drbg_generate to automatically reseed drbg - * when needed. - */ -enum hmac_result fips_hmac_drbg_generate_reseed(struct drbg_ctx *ctx, void *out, - size_t out_len, - const void *input, - size_t input_len); #ifdef __cplusplus } #endif diff --git a/board/cr50/dcrypto/hmacsha2.h b/board/cr50/dcrypto/hmacsha2.h index 45e5245a65..5e34b99189 100644 --- a/board/cr50/dcrypto/hmacsha2.h +++ b/board/cr50/dcrypto/hmacsha2.h @@ -23,6 +23,15 @@ #define SHA256_BLOCK_DWORDS (SHA256_BLOCK_SIZE / sizeof(uint64_t)) #define SHA256_DIGEST_WORDS (SHA256_DIGEST_SIZE / sizeof(uint32_t)) +#define SHA_DIGEST_WORDS (SHA_DIGEST_SIZE / sizeof(uint32_t)) +#define SHA256_DIGEST_WORDS (SHA256_DIGEST_SIZE / sizeof(uint32_t)) + +#ifdef CONFIG_UPTO_SHA512 +#define SHA_DIGEST_MAX_BYTES SHA512_DIGEST_SIZE +#else +#define SHA_DIGEST_MAX_BYTES SHA256_DIGEST_SIZE +#endif + /** * Hash contexts. Each context starts with pointer to vtable containing * functions to perform implementation specific operations. diff --git a/board/cr50/dcrypto/internal.h b/board/cr50/dcrypto/internal.h index f2eb267e0f..e07389542c 100644 --- a/board/cr50/dcrypto/internal.h +++ b/board/cr50/dcrypto/internal.h @@ -9,11 +9,11 @@ #include <string.h> #include "common.h" -#include "crypto_common.h" - -#include "util.h" - +#include "dcrypto.h" +#include "fips.h" +#include "fips_rand.h" #include "hmacsha2.h" +#include "util.h" #ifdef __cplusplus extern "C" { @@ -27,26 +27,10 @@ extern "C" { #define CTRL_ENCRYPT 1 #define CTRL_NO_SOFT_RESET 0 -#define SHA_DIGEST_WORDS (SHA_DIGEST_SIZE / sizeof(uint32_t)) -#define SHA256_DIGEST_WORDS (SHA256_DIGEST_SIZE / sizeof(uint32_t)) - -#ifdef CONFIG_UPTO_SHA512 -#define SHA_DIGEST_MAX_BYTES SHA512_DIGEST_SIZE -#else -#define SHA_DIGEST_MAX_BYTES SHA256_DIGEST_SIZE -#endif - #ifndef CHAR_BIT #define CHAR_BIT 8 #endif -/* - * Use this structure to avoid alignment problems with input and output - * pointers. - */ -struct access_helper { - uint32_t udata; -} __packed; #ifndef SECTION_IS_RO int dcrypto_grab_sha_hw(void); @@ -62,17 +46,12 @@ void dcrypto_sha_fifo_load(const void *data, size_t n); #define LITE_BN_BITS2 32 #define LITE_BN_BYTES 4 -struct LITE_BIGNUM { - uint32_t dmax; /* Size of d, in 32-bit words. */ - struct access_helper *d; /* Word array, little endian format ... */ -}; #define BN_DIGIT(b, i) ((b)->d[(i)].udata) void bn_init(struct LITE_BIGNUM *bn, void *buf, size_t len); -#define bn_size(b) ((b)->dmax * LITE_BN_BYTES) #define bn_words(b) ((b)->dmax) -#define bn_bits(b) ((b)->dmax * LITE_BN_BITS2) + int bn_eq(const struct LITE_BIGNUM *a, const struct LITE_BIGNUM *b); int bn_check_topbit(const struct LITE_BIGNUM *N); int bn_modexp(struct LITE_BIGNUM *output, @@ -144,20 +123,69 @@ enum hmac_result hmac_drbg_generate(struct drbg_ctx *ctx, void *out, size_t input_len); void drbg_exit(struct drbg_ctx *ctx); +/** + * TRNG service functions + */ + +/** + * Returns random number with indication wherever reading is valid. This is + * different from rand() which doesn't provide any indication. + * High 32-bits set to zero in case of error; otherwise value >> 32 == 1 + * Use of uint64_t vs. struct results in more efficient code. + */ +uint64_t read_rand(void); + +/** + * FIPS-compliant TRNG startup. + * The entropy source's startup tests shall run the continuous health tests + * over at least 4096 consecutive samples. + * Note: This function can throw FIPS_FATAL_TRNG error + * + * To hide latency of reading TRNG data, this test is executed in 2 stages + * @param stage is 0 or 1, choosing the stage. On each stage 2048 + * samples are processed. Assuming that some other tasks can be executed + * between stages, when TRNG FIFO if filled with samples. + * + * Some number of samples will be available in entropy_fifo + */ +bool fips_trng_startup(int stage); + + +/* initialize cr50-wide DRBG replacing rand */ +bool fips_drbg_init(void); +/* mark cr50-wide DRBG as not initialized */ +void fips_drbg_init_clear(void); + +/* FIPS DRBG initialized at boot time/first use. */ +extern struct drbg_ctx fips_drbg; + +/** + * Generate valid P-256 random from FIPS DRBG, reseed DRBG with entropy from + * verified TRNG if needed. + * + * @param drbg DRBG to use + * @param out output value + * @return HMAC_DRBG_SUCCESS if out contains random. + */ +enum hmac_result fips_p256_hmac_drbg_generate(struct drbg_ctx *drbg, + p256_int *out); + +/** + * wrapper around hmac_drbg_generate to automatically reseed drbg + * when needed. + */ +enum hmac_result fips_hmac_drbg_generate_reseed(struct drbg_ctx *ctx, void *out, + size_t out_len, + const void *input, + size_t input_len); + /* Set seed for fast random number generator using LFSR. */ void set_fast_random_seed(uint32_t seed); /* Generate week pseudorandom using LFSR for blinding purposes. */ uint32_t fast_random(void); -/* - * Accelerated p256. FIPS PUB 186-4 - */ -#define P256_BITSPERDIGIT 32 -#define P256_NDIGITS 8 -#define P256_NBYTES 32 -typedef uint32_t p256_digit; typedef int32_t p256_sdigit; typedef uint64_t p256_ddigit; typedef int64_t p256_sddigit; @@ -165,32 +193,11 @@ typedef int64_t p256_sddigit; #define P256_DIGITS(x) ((x)->a) #define P256_DIGIT(x, y) ((x)->a[y]) -/** - * P-256 integers internally represented as little-endian 32-bit integer - * digits in platform-specific format. On little-endian platform this would - * be regular 256-bit little-endian unsigned integer. On big-endian platform - * it would big-endian 32-bit digits in little-endian order. - * - * Defining p256_int as struct to leverage struct assignment. - */ -typedef struct p256_int { - union { - p256_digit a[P256_NDIGITS]; - uint8_t b8[P256_NBYTES]; - }; -} p256_int; - extern const p256_int SECP256r1_nMin2; -/* Clear a p256_int to zero. */ -void p256_clear(p256_int *a); - /* Check p256 is a zero. */ int p256_is_zero(const p256_int *a); -/* Check p256 is odd. */ -int p256_is_odd(const p256_int *a); - /* c := a + (single digit)b, returns carry 1 on carry. */ int p256_add_d(const p256_int *a, p256_digit b, p256_int *c); @@ -200,22 +207,6 @@ int p256_cmp(const p256_int *a, const p256_int *b); /* Return -1 if a < b. */ int p256_lt_blinded(const p256_int *a, const p256_int *b); -/* Outputs big-endian binary form. No leading zero skips. */ -void p256_to_bin(const p256_int *src, uint8_t dst[P256_NBYTES]); - -/** - * Reads from big-endian binary form, thus pre-pad with leading - * zeros if short. Input length is assumed P256_NBYTES bytes. - */ -void p256_from_bin(const uint8_t src[P256_NBYTES], p256_int *dst); - -/** - * Reads from big-endian binary form of given size, add padding with - * zeros if short. Check that leading digits beyond P256_NBYTES are zeroes. - * - * @return true if provided big-endian fits into p256. - */ -bool p256_from_be_bin_size(const uint8_t *src, size_t len, p256_int *dst); /** * Raw sign with provided nonce (k). Used internally and for testing. @@ -248,6 +239,18 @@ enum dcrypto_result dcrypto_p256_is_valid_point(const p256_int *x, const p256_int *y) __attribute__((warn_unused_result)); +/** + * Pair-wise consistency test for private and public key. + * + * @param drbg - DRBG to use for nonce generation + * @param d - private key (scalar) + * @param x - public key part + * @param y - public key part + * @return !0 on success + */ +int DCRYPTO_p256_key_pwct(struct drbg_ctx *drbg, const p256_int *d, + const p256_int *x, const p256_int *y); + /* Wipe content of rnd with pseudo-random values. */ void p256_fast_random(p256_int *rnd); @@ -291,11 +294,6 @@ void dcrypto_imem_load(size_t offset, const uint32_t *opcodes, */ uint32_t dcrypto_dmem_load(size_t offset, const void *words, size_t n_words); -/** - * An implementation of memset that ought not to be optimized away; - * useful for scrubbing security sensitive buffers. - */ -void *always_memset(void *s, int c, size_t n); #ifndef __alias #define __alias(func) __attribute__((alias(#func))) diff --git a/board/cr50/dcrypto/p256.c b/board/cr50/dcrypto/p256.c index 49c2fe4b2b..cfbf068b7a 100644 --- a/board/cr50/dcrypto/p256.c +++ b/board/cr50/dcrypto/p256.c @@ -3,8 +3,8 @@ * found in the LICENSE file. */ -#include "dcrypto.h" #include "endian.h" +#include "internal.h" const p256_int SECP256r1_nMin2 = /* P-256 curve order - 2 */ { .a = { 0xfc632551 - 2, 0xf3b9cac2, 0xa7179e84, 0xbce6faad, -1, -1, 0, diff --git a/board/cr50/dcrypto/p256_ec.c b/board/cr50/dcrypto/p256_ec.c index b681d7ddef..5c7f355a67 100644 --- a/board/cr50/dcrypto/p256_ec.c +++ b/board/cr50/dcrypto/p256_ec.c @@ -2,12 +2,7 @@ * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ - -#include "dcrypto.h" -#include "fips.h" -#include "fips_rand.h" - -#include <stdint.h> +#include "internal.h" /* p256_base_point_mul sets {out_x,out_y} = nG, where n is < the * order of the group. */ diff --git a/board/cr50/dcrypto/u2f.c b/board/cr50/dcrypto/u2f.c index 21997f07fc..e8f6584c69 100644 --- a/board/cr50/dcrypto/u2f.c +++ b/board/cr50/dcrypto/u2f.c @@ -7,9 +7,7 @@ #include "console.h" #endif -#include "dcrypto.h" -#include "fips.h" -#include "fips_rand.h" +#include "internal.h" #include "u2f_cmds.h" #include "u2f_impl.h" diff --git a/board/cr50/dcrypto/x509.c b/board/cr50/dcrypto/x509.c index 9005325a3e..6c4a8f0b15 100644 --- a/board/cr50/dcrypto/x509.c +++ b/board/cr50/dcrypto/x509.c @@ -3,9 +3,7 @@ * found in the LICENSE file. */ -#include "dcrypto.h" - -#include <stdint.h> +#include "internal.h" /* Limit the size of long form encoded objects to < 64 kB. */ #define MAX_ASN1_OBJ_LEN_BYTES 3 diff --git a/board/cr50/tpm2/aes.c b/board/cr50/tpm2/aes.c index 5fe431222a..7adca75f3b 100644 --- a/board/cr50/tpm2/aes.c +++ b/board/cr50/tpm2/aes.c @@ -4,7 +4,9 @@ */ #include "CryptoEngine.h" +#include "common.h" #include "dcrypto.h" +#include "util.h" #include <assert.h> diff --git a/board/cr50/tpm2/hkdf.c b/board/cr50/tpm2/hkdf.c index dcc494af16..d950d865ab 100644 --- a/board/cr50/tpm2/hkdf.c +++ b/board/cr50/tpm2/hkdf.c @@ -4,6 +4,7 @@ */ #include "dcrypto.h" +#include "util.h" #ifdef CRYPTO_TEST_SETUP diff --git a/board/cr50/tpm2/rsa.c b/board/cr50/tpm2/rsa.c index 0dc0404b79..78cc3562de 100644 --- a/board/cr50/tpm2/rsa.c +++ b/board/cr50/tpm2/rsa.c @@ -8,8 +8,7 @@ #include "Hierarchy_fp.h" #include "dcrypto.h" -#include "trng.h" - +#include "util.h" #include <assert.h> diff --git a/common/ccd_config.c b/common/ccd_config.c index d009acfd92..12e88689ad 100644 --- a/common/ccd_config.c +++ b/common/ccd_config.c @@ -21,6 +21,7 @@ #include "tpm_registers.h" #include "tpm_vendor_cmds.h" #include "wp.h" +#include "util.h" #define CPRINTS(format, args...) cprints(CC_CCD, format, ## args) #define CPRINTF(format, args...) cprintf(CC_CCD, format, ## args) diff --git a/test/u2f.c b/test/u2f.c index ddaba0e8dd..36c1b5a1d4 100644 --- a/test/u2f.c +++ b/test/u2f.c @@ -8,6 +8,9 @@ #include "test_util.h" #include "u2f_impl.h" +#include "internal.h" +#include "util.h" + /******************************************************************************/ /* Mock implementations of cr50 board. */ |