diff options
| author | Nicolas Boichat <drinkcat@google.com> | 2017-05-31 12:41:01 +0800 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-06-06 08:52:16 -0700 |
| commit | 6d05a31a4442c0475e2bcfc33692089e78c73da2 (patch) | |
| tree | fa4d3314ad290b46bba48a948749e01303af8194 /common | |
| parent | 39db721f9ace13cc210278c88c3f364b5d67b5b8 (diff) | |
| download | chrome-ec-6d05a31a4442c0475e2bcfc33692089e78c73da2.tar.gz | |
rollback: Include board-generated entropy when adding entropy
Mix in board-generated entropy with the externally provided one,
which should help make the per-device secret stronger.
BRANCH=none
BUG=b:38486828
TEST=reboot; rollbackaddent Hello => works fine when USB is connected,
fails otherwise, as board-generated entropy relies on USB timing.
Change-Id: I314f44759c5f8b859913a748db95e9d42b5cdd11
Reviewed-on: https://chromium-review.googlesource.com/518609
Commit-Ready: Nicolas Boichat <drinkcat@chromium.org>
Tested-by: Nicolas Boichat <drinkcat@chromium.org>
Reviewed-by: Mattias Nissler <mnissler@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'common')
| -rw-r--r-- | common/rollback.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/common/rollback.c b/common/rollback.c index a26b22e669..840229c85d 100644 --- a/common/rollback.c +++ b/common/rollback.c @@ -135,24 +135,34 @@ int rollback_lock(void) #ifdef CONFIG_ROLLBACK_UPDATE #ifdef CONFIG_ROLLBACK_SECRET_SIZE -static void add_entropy(uint8_t *dst, const uint8_t *src, +static int add_entropy(uint8_t *dst, const uint8_t *src, uint8_t *add, unsigned int add_len) { #ifdef CONFIG_SHA256 BUILD_ASSERT(SHA256_DIGEST_SIZE == CONFIG_ROLLBACK_SECRET_SIZE); struct sha256_ctx ctx; uint8_t *hash; + uint8_t extra; + int i; SHA256_init(&ctx); SHA256_update(&ctx, src, CONFIG_ROLLBACK_SECRET_SIZE); SHA256_update(&ctx, add, add_len); - /* TODO(b:38486828): Add other sources of entropy (e.g. device id) */ +#ifdef CONFIG_ROLLBACK_SECRET_LOCAL_ENTROPY_SIZE + /* Add some locally produced entropy */ + for (i = 0; i < CONFIG_ROLLBACK_SECRET_LOCAL_ENTROPY_SIZE; i++) { + if (!board_get_entropy(&extra, 1)) + return 0; + SHA256_update(&ctx, &extra, 1); + } +#endif hash = SHA256_final(&ctx); memcpy(dst, hash, CONFIG_ROLLBACK_SECRET_SIZE); #else #error "Adding entropy to secret in rollback region requires SHA256." #endif + return 1; } #endif /* CONFIG_ROLLBACK_SECRET_SIZE */ @@ -212,8 +222,10 @@ static int rollback_update(int32_t next_min_version, * If we are provided with some entropy, add it to secret. Otherwise, * data.secret is left untouched and written back to the other region. */ - if (entropy) - add_entropy(data.secret, data.secret, entropy, length); + if (entropy) { + if (!add_entropy(data.secret, data.secret, entropy, length)) + return EC_ERROR_UNCHANGED; + } #endif data.cookie = CROS_EC_ROLLBACK_COOKIE; |