diff options
Diffstat (limited to 'board/cr50/fips_rand.c')
-rw-r--r-- | board/cr50/fips_rand.c | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/board/cr50/fips_rand.c b/board/cr50/fips_rand.c index 1111e009de..1198c620a5 100644 --- a/board/cr50/fips_rand.c +++ b/board/cr50/fips_rand.c @@ -5,6 +5,7 @@ #include "console.h" #include "cryptoc/util.h" +#include "fips.h" #include "fips_rand.h" #include "flash_log.h" #include "init_chip.h" @@ -38,12 +39,6 @@ static uint32_t entropy_fifo[ENTROPY_SIZE_WORDS]; * at least 2^-50 */ -/* dummy function, will be removed with FIPS framework */ -static int fips_crypto_allowed(void) -{ - return 1; -} - /** * rand() should be able to return error code if reading from TRNG failed * return as struct with 2 params is more efficient as data is passed in @@ -185,6 +180,11 @@ static struct rand_result read_rand(void) { uint32_t empty_count = 0; uint32_t reset_count = 0; + + /* Do we need to simulate error? */ + if (fips_break_cmd == FIPS_BREAK_TRNG) + return (struct rand_result){ .random_value = 0, .valid = true }; + /** * make sure we never hang in the loop - try at max 1 * reset attempt, then return error @@ -217,19 +217,25 @@ static struct rand_result fips_trng32(int power_up) struct rand_result r; /* Continuous health tests should have been initialized by now */ - if (!fips_crypto_allowed() || (!power_up && !fips_powerup_passed())) + if (!(power_up || fips_crypto_allowed())) return (struct rand_result){ .random_value = 0, .valid = false }; /* get noise */ r = read_rand(); - if (r.valid) - /* test #1: Repetition Count Test (a.k.a Stuck-bit) */ - if (!repetition_count_test(r.random_value) || - /* warm-up test #2: Adaptive Proportion Test */ - !adaptive_proportion_test(r.random_value)) - r.valid = false; /* TODO: add FIPS status update */ + if (r.valid) { + if (!repetition_count_test(r.random_value)) { + fips_set_status(FIPS_FATAL_TRNG_RCT); + r.valid = false; + } + if (!adaptive_proportion_test(r.random_value)) { + fips_set_status(FIPS_FATAL_TRNG_APT); + r.valid = false; + } + } else + fips_set_status(FIPS_FATAL_TRNG_OTHER); + return r; } @@ -278,7 +284,7 @@ bool fips_trng_startup(int stage) /* store entropy for further use */ entropy_fifo[i % ARRAY_SIZE(entropy_fifo)] = r.random_value; } - return true; + return fips_powerup_passed(); } bool fips_drbg_init(void) |