diff options
author | Gurleen Grewal <gurleengrewal@chromium.org> | 2019-10-17 11:49:48 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2019-10-17 23:18:47 +0000 |
commit | 5a1de9ecdf083576ea72e9cf9200854aaf00fa02 (patch) | |
tree | 3df697d731e7c35a7cd2232281a208ad5a416bb6 | |
parent | f46eefcad2b32a171583c4f566c2efd0c0bd7127 (diff) | |
download | chrome-ec-5a1de9ecdf083576ea72e9cf9200854aaf00fa02.tar.gz |
Cr50: In hash crypto test, return valid hash for empty input.
FIPS ACVP tests require that on an empty input, the result is the
hash of the empty string. In the current implementation, an empty
result is returned. Change the implementation so it matches FIPS
expectations.
Also added two test cases in hash crypto test to check the corner
case of the empty input.
BUG=None
BRANCH=cr50
TEST=test/tpm_test/tpmtest.py
Change-Id: I9f5c3f71e4b10cbce2ea204eeb52e57ef26ad0e7
Signed-off-by: Gurleen Grewal <gurleengrewal@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1866444
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Gurleen Grewal <gurleengrewal@google.com>
-rw-r--r-- | board/cr50/tpm2/hash.c | 2 | ||||
-rw-r--r-- | test/tpm_test/hash_test.py | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/board/cr50/tpm2/hash.c b/board/cr50/tpm2/hash.c index 157100fd96..de4116052b 100644 --- a/board/cr50/tpm2/hash.c +++ b/board/cr50/tpm2/hash.c @@ -352,8 +352,6 @@ static void hash_command_handler(void *cmd_body, break; case 3: /* Process a buffer in a single shot. */ - if (!text_len) - break; /* * Error responses are just 1 byte in size, valid responses * are of various hash sizes. diff --git a/test/tpm_test/hash_test.py b/test/tpm_test/hash_test.py index 8bdfb16bdd..821f79e4a1 100644 --- a/test/tpm_test/hash_test.py +++ b/test/tpm_test/hash_test.py @@ -28,6 +28,8 @@ EMPTY_RESPONSE = ''.join('%c' % x for x in (0x80, 0x01, 0x00, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01)) test_inputs = ( # SHA mode cmd mode handle text + (MODE_SHA1, 'single', 0, ''), + (MODE_SHA256, 'single', 0, ''), (MODE_SHA1, 'single', 0, 'anything really will work here'), (MODE_SHA256, 'single', 0, 'some more text, this time for sha256'), (MODE_SHA256, 'start', 1, 'some more text, this time for sha256'), |