From 6a1d61e3e507f8f213b7ca6c5c07e3fc87b72d77 Mon Sep 17 00:00:00 2001 From: Vadim Sukhomlinov Date: Wed, 29 Sep 2021 11:41:26 -0700 Subject: cr50: update AES-CMAC implementation Cr50 doesn't use CMAC, it is not even compiled, however during internal review potential issues with branching on key values were spotted. 1) Fix key expansion to be constant time 2) Switch to enum dcrypto_result 3) Test commands updated to be compatible with FIPS build (use .rodata) 4) Clean up computed tag on stack during verification BUG=None TEST=make BOARD=cr50 CRYPTO_TEST=1 CMAC_TEST=1 in ccd: test_cmac 1 2 3 4 test_cmac_ver 1 2 3 4 Signed-off-by: Vadim Sukhomlinov Change-Id: Iff9b84dd8fb2baed9152f1ee5c40ef8e4198edd3 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194972 Reviewed-by: Vadim Sukhomlinov Reviewed-by: Andrey Pronin Tested-by: Vadim Sukhomlinov Commit-Queue: Vadim Sukhomlinov --- board/cr50/build.mk | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'board/cr50/build.mk') diff --git a/board/cr50/build.mk b/board/cr50/build.mk index f644a2c892..3f1c40f9c6 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -24,7 +24,7 @@ ifeq ($(BOARD_MK_INCLUDED_ONCE),) # command line. ENV_VARS := CR50_DEV CRYPTO_TEST H1_RED_BOARD U2F_TEST RND_TEST DRBG_TEST\ ECDSA_TEST DCRYPTO_TEST P256_BIN_TEST SHA1_TEST SHA256_TEST\ - HMAC_SHA256_TEST + HMAC_SHA256_TEST CMAC_TEST ifneq ($(CRYPTO_TEST),) CPPFLAGS += -DCRYPTO_TEST_SETUP @@ -114,6 +114,9 @@ fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_p256.o fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/compare.o fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_runtime.o ifneq ($(CRYPTO_TEST),) +ifneq ($(CMAC_TEST),) +fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/aes_cmac.o +endif fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/gcm.o fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/hkdf.o endif -- cgit v1.2.1