diff options
author | nagendra modadugu <ngm@google.com> | 2016-04-18 22:51:00 -0700 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2016-04-19 22:47:36 -0700 |
commit | ee5d09823f3f26ab5d31a32c96d550bb28ace808 (patch) | |
tree | f7a9d711de3d6a8ef7862dea9e52489229caec62 /board | |
parent | acc92269109222fea82f196ff52e50914e6723d8 (diff) | |
download | chrome-ec-ee5d09823f3f26ab5d31a32c96d550bb28ace808.tar.gz |
CR50: add support for P256-ECIES (hybrid encryption)
Add support for P256 based hybrid encryption, and
corresponding tests. Where hybrid encryption is:
P256 based DH + AES128 + HMAC-SHA256.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
CQ-DEPEND=CL:336091,CL:339561
TEST=ECIES tests in test/tpm/tpmtest.py pass
Change-Id: Ie091e278df72185a6896af0e498925e56404f87e
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/337340
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Diffstat (limited to 'board')
-rw-r--r-- | board/cr50/build.mk | 1 | ||||
-rw-r--r-- | board/cr50/tpm2/ecies.c | 126 |
2 files changed, 127 insertions, 0 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index 7232785edf..bd70e19e81 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -34,6 +34,7 @@ board-${CONFIG_RDD} += rdd.o board-y += tpm2/NVMem.o board-y += tpm2/aes.o board-y += tpm2/ecc.o +board-y += tpm2/ecies.o board-y += tpm2/hash.o board-y += tpm2/hash_data.o board-y += tpm2/hkdf.o diff --git a/board/cr50/tpm2/ecies.c b/board/cr50/tpm2/ecies.c new file mode 100644 index 0000000000..6f89d79396 --- /dev/null +++ b/board/cr50/tpm2/ecies.c @@ -0,0 +1,126 @@ +/* Copyright 2016 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#include "dcrypto.h" + +#ifdef CRYPTO_TEST_SETUP + +#include "extension.h" + +enum { + TEST_ENCRYPT = 0, + TEST_DECRYPT = 1, +}; + +#define MAX_OUT_BYTES 256 + +#define AES_BLOCK_BYTES 16 + +static void ecies_command_handler(void *cmd_body, size_t cmd_size, + size_t *response_size) +{ + uint8_t *cmd = cmd_body; + uint8_t *out = cmd_body; + + uint8_t op; + uint8_t *in; + size_t in_len; + size_t auth_data_len; + const uint8_t *iv; + size_t iv_len = AES_BLOCK_BYTES; + p256_int pub_x; + size_t pub_x_len; + p256_int pub_y; + size_t pub_y_len; + p256_int *d = &pub_x; + const uint8_t *salt; + size_t salt_len; + const uint8_t *info; + size_t info_len; + + /* Command format. + * + * WIDTH FIELD + * 1 OP + * 1 MSB IN LEN + * 1 LSB IN LEN + * IN_LEN IN + * 1 MSB AUTH_DATA LEN + * 1 LSB AUTH_DATA LEN + * 16 IV + * 1 MSB PUB_X LEN + * 1 LSB PUB_X LEN + * PUB_X_LEN PUB_X + * 1 MSB PUB_Y LEN + * 1 LSB PUB_Y LEN + * PUB_Y_LEN PUB_Y + * 1 MSB SALT LEN + * 1 LSB SALT LEN + * SALT_LEN SALT + * 1 MSB INFO LEN + * 1 LSB INFO LEN + * INFO_LEN INFO + */ + + op = *cmd++; + in_len = ((size_t) cmd[0]) << 8 | cmd[1]; + cmd += 2; + in = cmd; + cmd += in_len; + + auth_data_len = ((size_t) cmd[0]) << 8 | cmd[1]; + cmd += 2; + + iv = cmd; + cmd += iv_len; + + pub_x_len = ((size_t) cmd[0]) << 8 | cmd[1]; + cmd += 2; + p256_from_bin(cmd, &pub_x); + cmd += pub_x_len; + + pub_y_len = ((size_t) cmd[0]) << 8 | cmd[1]; + cmd += 2; + if (pub_y_len) + p256_from_bin(cmd, &pub_y); + cmd += pub_y_len; + + salt_len = ((size_t) cmd[0]) << 8 | cmd[1]; + cmd += 2; + salt = cmd; + cmd += salt_len; + + info_len = ((size_t) cmd[0]) << 8 | cmd[1]; + cmd += 2; + info = cmd; + cmd += info_len; + + switch (op) { + case TEST_ENCRYPT: + *response_size = DCRYPTO_ecies_encrypt( + in, MAX_OUT_BYTES, in, in_len, + auth_data_len, iv, + &pub_x, &pub_y, salt, salt_len, + info, info_len); + break; + case TEST_DECRYPT: + *response_size = DCRYPTO_ecies_decrypt( + in, MAX_OUT_BYTES, in, in_len, + auth_data_len, iv, + d, salt, salt_len, + info, info_len); + break; + default: + *response_size = 0; + } + + if (*response_size > 0) + memmove(out, in, *response_size); +} + +DECLARE_EXTENSION_COMMAND(EXTENSION_ECIES, ecies_command_handler); + +#endif /* CRYPTO_TEST_SETUP */ + |