From dfad1da08151579ef7692e1f860c1cfb480ea24e Mon Sep 17 00:00:00 2001 From: Louis Collard Date: Thu, 2 May 2019 16:51:43 +0800 Subject: g: Force word writes for k during ECDSA sign Functions that take p256_int* parameters may use byte writes when writing to those parameters. When writing to DMEM_ecc, we must use word writes; this change ensures that happens. BUG=b:131807777 TEST=build and flash to soraka locally, ensure k is populated successfully BRANCH=none Change-Id: I49462b10aa1203fe875417e9526f06b2efc068fb Signed-off-by: Louis Collard Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1592990 Reviewed-by: Vadim Bendebury Reviewed-by: Andrey Pronin --- chip/g/dcrypto/dcrypto_p256.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/chip/g/dcrypto/dcrypto_p256.c b/chip/g/dcrypto/dcrypto_p256.c index 04b029aacf..7a0f653589 100644 --- a/chip/g/dcrypto/dcrypto_p256.c +++ b/chip/g/dcrypto/dcrypto_p256.c @@ -800,6 +800,13 @@ int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, int i, result; struct DMEM_ecc *pEcc = (struct DMEM_ecc *) GREG32_ADDR(CRYPTO, DMEM_DUMMY); + /* + * We can't allow other functions to write directly into DMEM_ecc, + * as p256_int is a packed struct so those functions may perform + * byte (as opposed to word) writes (in case the ptr operand is + * unaligned), which are not compatible with the peripheral. + */ + p256_int rnd, k; dcrypto_init_and_lock(); dcrypto_ecc_init(); @@ -807,14 +814,16 @@ int dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *key, /* Pick uniform 0 < k < R */ do { - hmac_drbg_generate_p256(drbg, &pEcc->rnd); - } while (p256_cmp(&SECP256r1_nMin2, &pEcc->rnd) < 0); + hmac_drbg_generate_p256(drbg, &rnd); + } while (p256_cmp(&SECP256r1_nMin2, &rnd) < 0); drbg_exit(drbg); - p256_add_d(&pEcc->rnd, 1, &pEcc->k); + p256_add_d(&rnd, 1, &k); + + cp8w(&pEcc->k, &k); for (i = 0; i < 8; ++i) - pEcc->rnd.a[i] = rand(); + rnd.a[i] = k.a[i] = pEcc->rnd.a[i] = rand(); cp8w(&pEcc->msg, message); cp8w(&pEcc->d, key); -- cgit v1.2.1