diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-14 13:52:26 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-09-14 23:21:22 +0000 |
| commit | 404fbff010c86aa27ec1d6ed3d030e71c1536ba7 (patch) | |
| tree | 9b4b4071374d97ee137e4bed49893e77dcd737d5 | |
| parent | bcb5a1c84ae6a3de5eab04d5dd2567291fb2739d (diff) | |
| download | chrome-ec-404fbff010c86aa27ec1d6ed3d030e71c1536ba7.tar.gz | |
cr50: fix RSA dcrypto DMEM layout to avoid conflict with P256
Dcrypto p256 microcode in https://crrev.com/c/3133625 introduced shift
in DMEM layout which started to corrupt mod & RR values, so alternating
RSA and P256 led to potential errors in dcrypto_modexp_blinded().
This fix updates layout to move input in the place of mod and thus
preserve mod & RR.
BUG=none
TEST=make BOARD=cr50; TCG tests
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ic949147f43dfc210ed499c91c70e1ed186670afc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3160503
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
| -rw-r--r-- | board/cr50/dcrypto/dcrypto_bn.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/board/cr50/dcrypto/dcrypto_bn.c b/board/cr50/dcrypto/dcrypto_bn.c index 5e60e2aea3..6d18a1c520 100644 --- a/board/cr50/dcrypto/dcrypto_bn.c +++ b/board/cr50/dcrypto/dcrypto_bn.c @@ -1131,20 +1131,27 @@ struct DMEM_ctx { struct DMEM_ctx_ptrs sqr_ptrs; struct DMEM_ctx_ptrs mul_ptrs; struct DMEM_ctx_ptrs out_ptrs; - uint32_t mod[RSA_WORDS_4K]; + uint32_t in[RSA_WORDS_4K]; uint32_t dInv[8]; uint32_t pubexp; uint32_t _pad1[3]; uint32_t rnd[2]; uint32_t _pad2[2]; + uint32_t mod[RSA_WORDS_4K]; uint32_t RR[RSA_WORDS_4K]; - uint32_t in[RSA_WORDS_4K]; uint32_t exp[RSA_WORDS_4K + 8]; /* extra word for randomization */ uint32_t out[RSA_WORDS_4K]; uint32_t bin[RSA_WORDS_4K]; uint32_t bout[RSA_WORDS_4K]; }; +BUILD_ASSERT(sizeof(struct DMEM_ctx) <= 4096); +/* Check for 256-bit alignment. */ +BUILD_ASSERT((offsetof(struct DMEM_ctx, in) & 31) == 0); +BUILD_ASSERT((offsetof(struct DMEM_ctx, mod) & 31) == 0); +BUILD_ASSERT((offsetof(struct DMEM_ctx, dInv) & 31) == 0); +BUILD_ASSERT((offsetof(struct DMEM_ctx, RR) & 31) == 0); + #define DMEM_CELL_SIZE 32 #define DMEM_INDEX(p, f) \ (((const uint8_t *)&(p)->f - (const uint8_t *)(p)) / DMEM_CELL_SIZE) |