diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-16 10:24:17 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-09-17 00:20:47 +0000 |
| commit | 83a5b5bd7f9773a33728b223930a16425f380541 (patch) | |
| tree | 77956e3f6b3906ecb953fe1fdb841a8a07a78393 /test | |
| parent | 539cbdd254c1af84ddee1ac19dc355b42afdc766 (diff) | |
| download | chrome-ec-83a5b5bd7f9773a33728b223930a16425f380541.tar.gz | |
cr50: switch to using DRBG for key generation purposes.
An "Approved" RNG listed in FIPS 140-2 Annex C must be used for the
generation of random data or cryptographic keys used by an approved
security function. Detailed information and guidance on Key Generation
can be found in NIST SP 800-133 and FIPS 140-2 IG 7.8 and D.12.
Many of function use raw entropy from TRNG without any health tests or
even checking returned status, as old API didn't provide any indication
of failure.
With this patch we remove old API: rand() and rand_bytes() and expose
new API:
fips_rand_bytes() - generation of random bits from properly instantiated
and reseeded as needed DRBG.
fips_trng_bytes() - generation of entropy from TRNG with statistical
testing and checking for TRNG failures.
fips_trng_rand32() - generation of 32 bits from TRNG with health check
and indication of status.
ccd, rsa, ecc, pinweaver, rma_auth are updated to use new APIs.
These functions are moved into dcrypto.h which will become "Public API"
for the module.
trng_test vendor command moved to dcrypto/trng.c where it belongs.
BUG=b:138577416
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpmtest.py
TCG tests.
-------------------------- Test Result Summary -------------------------
Test executed on: Thu Sep 16 10:16:59 2021
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
======================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I80d103ead1962ee388df5cabfabe0498d8d06d38
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3165870
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'test')
| -rw-r--r-- | test/pinweaver.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/test/pinweaver.c b/test/pinweaver.c index d6df149135..f755373b76 100644 --- a/test/pinweaver.c +++ b/test/pinweaver.c @@ -867,10 +867,10 @@ int setvar(const uint8_t *key, uint8_t key_len, const uint8_t *val, /* Mock implementations of TRNG functionality. */ -void rand_bytes(void *buffer, size_t len) +bool fips_rand_bytes(void *buffer, size_t len) { if (!MOCK_rand_bytes_src) - return; + return true; TEST_ASRT_NORET(len <= MOCK_rand_bytes_len - MOCK_rand_bytes_offset); @@ -878,6 +878,8 @@ void rand_bytes(void *buffer, size_t len) MOCK_rand_bytes_offset += len; if (MOCK_rand_bytes_len == MOCK_rand_bytes_offset) MOCK_rand_bytes_offset = 0; + + return true; } /******************************************************************************/ |