summaryrefslogtreecommitdiff
path: root/board/cr50/fips_rand.c
diff options
context:
space:
mode:
Diffstat (limited to 'board/cr50/fips_rand.c')
-rw-r--r--board/cr50/fips_rand.c34
1 files changed, 20 insertions, 14 deletions
diff --git a/board/cr50/fips_rand.c b/board/cr50/fips_rand.c
index 1111e009de..1198c620a5 100644
--- a/board/cr50/fips_rand.c
+++ b/board/cr50/fips_rand.c
@@ -5,6 +5,7 @@
#include "console.h"
#include "cryptoc/util.h"
+#include "fips.h"
#include "fips_rand.h"
#include "flash_log.h"
#include "init_chip.h"
@@ -38,12 +39,6 @@ static uint32_t entropy_fifo[ENTROPY_SIZE_WORDS];
* at least 2^-50
*/
-/* dummy function, will be removed with FIPS framework */
-static int fips_crypto_allowed(void)
-{
- return 1;
-}
-
/**
* rand() should be able to return error code if reading from TRNG failed
* return as struct with 2 params is more efficient as data is passed in
@@ -185,6 +180,11 @@ static struct rand_result read_rand(void)
{
uint32_t empty_count = 0;
uint32_t reset_count = 0;
+
+ /* Do we need to simulate error? */
+ if (fips_break_cmd == FIPS_BREAK_TRNG)
+ return (struct rand_result){ .random_value = 0, .valid = true };
+
/**
* make sure we never hang in the loop - try at max 1
* reset attempt, then return error
@@ -217,19 +217,25 @@ static struct rand_result fips_trng32(int power_up)
struct rand_result r;
/* Continuous health tests should have been initialized by now */
- if (!fips_crypto_allowed() || (!power_up && !fips_powerup_passed()))
+ if (!(power_up || fips_crypto_allowed()))
return (struct rand_result){ .random_value = 0,
.valid = false };
/* get noise */
r = read_rand();
- if (r.valid)
- /* test #1: Repetition Count Test (a.k.a Stuck-bit) */
- if (!repetition_count_test(r.random_value) ||
- /* warm-up test #2: Adaptive Proportion Test */
- !adaptive_proportion_test(r.random_value))
- r.valid = false; /* TODO: add FIPS status update */
+ if (r.valid) {
+ if (!repetition_count_test(r.random_value)) {
+ fips_set_status(FIPS_FATAL_TRNG_RCT);
+ r.valid = false;
+ }
+ if (!adaptive_proportion_test(r.random_value)) {
+ fips_set_status(FIPS_FATAL_TRNG_APT);
+ r.valid = false;
+ }
+ } else
+ fips_set_status(FIPS_FATAL_TRNG_OTHER);
+
return r;
}
@@ -278,7 +284,7 @@ bool fips_trng_startup(int stage)
/* store entropy for further use */
entropy_fifo[i % ARRAY_SIZE(entropy_fifo)] = r.random_value;
}
- return true;
+ return fips_powerup_passed();
}
bool fips_drbg_init(void)
View Lorry Controller Status