| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixing build error arm-eabi/bin/ld: Not enough space for shared memory.
collect2: error: ld returned 1 exit status
make: *** [Makefile.rules:472: build/cr50/RW/ec.RW.elf] Error 1
Crypto tests doesn't use much shared memory, but allocate more data
statically.
BUG=None
TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Id0e01481c9fd481955c11b5d7ef63251585cfe48
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3251702
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The decision of when to refuse to boot the device needs to be refined.
We should never allow booting a device which ever passed a V2
verification. To reliably keep track of successful V2 validations in
the past let's allocate a word in the INFO space which is write only,
once written to 0 it will never change, value of 0 will be the
indication of previous V2 verification success.
The below table describes when booting should be allowed or blocked.
Cache GSCVD Verification |
version present Info result | Block boot
--------- --------- ------ --------------|------------------
none no 0 n/a | yes
none no 1 n/a | no
none yes n/a fail | yes
none yes n/a pass | no, update cache, info
v1 n/a n/a pass | no
v1 n/a n/a fail | check v2
v2 n/a n/a fail | yes
v2 yes n/a pass | no
This patch implements the above table, fixing the case where Cr50 was
refusing to boot if neither local cache nor AP flash structures were
present.
BUG=b:203212461, b:141191727
TEST=tried running AP RO verification on a device without local cache
and RO_GSCVD not in AP flash. The device booted successfully.
Verified that both V1 and V2 validation works as expected, and
fallback from V1 to V2 happens if V1 fails and RO_GSCVD is found
in AP flash.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I1f64123a3631932d142662a76deaf6ef6fee47fa
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3229981
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a ccd capability to restrict the VENDOR_CC_AP_RO_VALIDATE vendor
command from the AP. The AP should not be able to trigger the AP RO
check in normal mode. Restrict the command, so it's only available when
cr50 is in factory mode or the ccd capability is available.
This doesn't restrict VENDOR_CC_AP_RO_VALIDATE when it's called from the
ALT_IF interface. The button combo uses the ALT_IF interface, so it
always needs to be available.
If the command is from usb, it's still rejected in extension.c
BUG=b:141191727
TEST=manual
trigger from usb verify extension.c rejects the command
[3364.881973 extension_route_command: ignore 58: usb]
trigger with the button combo. Verify it's allowed even when
the ccd capability is not enabled.
Lock ccd. Verify the command from the AP is rejected
Error 7 trigger ap ro validate
Open ccd. Verify the command from the AP works
Change-Id: I3f644698deed38779e5fee82156e5077290c7d4f
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3237200
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 is getting new CCD capabilities. The GUC image won't have them.
This change adds 0.3.22 to the versions, so cr50 will set all
capabilities including the new ones to Always after the first update in
the factory.
BUG=none
TEST=cr50 prints the GUC message if 0.0.22, 0.0.13, or 0.3.22 are in the
inactive region. It doesn't with 0.5.51
Change-Id: Idc8d7b8a0687d36f59aaad31cd5ce026ab351a7d
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3237199
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The INFO_BOARD_ID_OFFSET value includes the offset of the board ID
field, there is no need to add the field offset again.
This incorrect calculation is not a problem, because the offset of the
'bid' field is zero, but the logic is wrong.
BUG=none
TEST=board ID value is still reported properly.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I3e7061a930d751d2cf13113b1e519e8f976195bc
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3236754
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Certain test configurations present a problem for the raiden protocol
V2 implementation on the Cr50 side, which result in random SPI read
failures.
While the issue is still being investigated this patch offers a
workaround, where SPI and USB transactions are not overlaid, the
driver first reads the entire requested number of bytes into a buffer,
and then sends them to the host in multiple USB packets.
Since buffer memory can not be permanently dedicated to the driver, it
uses dynamic allocation to acquire the buffer. The allocation could
fail, for instance when the flashrom operation is requested soon after
startup and heap memory is used for NVMEM compaction. If the
allocation fails, the driver sends an error packet to the host, and
the host requests to restart the response. To be able to restart the
response the driver now stores the request.
With some instrumentation, measurements taken on reading of 200 2040
byte blocks have shown that memory was held by this driver for 94% of
the duration.
To address the case when flashrom session is interrupted mid PDU
transfer, do not wait for the transmit queue to become available for
more than 500 ms. In case the queue gets stuck return without waiting
any more, this will make sure the allocated buffer is freed.
BUG=b:196820680
TEST=successfully ran hundreds of cycles of read, and read and write
on the setup which exhibits the problem without this patch on
pretty much every read attempt.
The slow down caused by this change is pretty small: average of
five attempts to read 16MB of SPI flash on guybrush device take
50.560s before this change and 51.267s after this change, which
is a 1.7% slowdown.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I82c98f912a8763b7e242dad48997a8d2ffbaf29a
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3188568
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
u2f_generate() may return partially initialized key handle in case of
ECDSA error, and u2f_sign() and u2f_attest() may return garbage in the
signature. While error codes are properly handled by the callers, it
is better to implement defense in depth and clean all residual data.
This is also helpful for FIPS testing demo when actual zeroes are more
convincing than just error codes. Example is proposed method for ECDSA
pair-wise consistency testing, when injection of error in PWCT should
result in clearly visible error status.
BUG=b:198219806
TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1
fips pwct
u2f_test - should return zero in key handle, public key and signatures.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I7ad0c69563a215aade00d495c0623f6c6e00b755
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3224360
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To prevent denial of service attack when a fake FMAP structure is
placed somewhere in the AP flash, then detected by the GSC and
rejected as corrupted, do not stop after finding an FMAP which
includes a pointer to a GVD which fails to verify.
This means the entire flash needs to be scanned, so this patch
eliminates the approach where the flash is scanned at decreasing
intervals until an FMAP section is found. Check all locations at 4K
aligned addresses instead and keep looking until a valid GVD is
located or the entire flash is scanned.
Also fixed some comments and simplified code: there is no need for
looking for the FMAP area entry in the FMAP, the offset of FMAP is
already known.
BUG=b:141191727
TEST=created a fake FMAP entry placed into the RW_A space of a
guybrush image, with a corrupted GVD, programmed the modified
image on a guybrush and attempted AP RO verification.
Observed the GSC report the inconsistent GVD contents and then
find the proper GVD structure in a different FMAP structure, and
successfully validate the GVD structure.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ic8a930af63e1b90343d8cae6a86e65b06decebfb
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3224810
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As a result of further discussion GVD layout has been changed to
include signature and root key headers in the GVD header. This patch
makes modification to accommodate the new header structure.
BUG=b:141191727
TEST=A guybrush RO image created in vboot reference tree as follows:
build/futility/futility vbutil_keyblock --pack ~/tmp/packed \
--datapubkey tests/devkeys/firmware_data_key.vbpubk \
--signprivate tests/devkeys/kernel_subkey.vbprivk
build/futility/futility gscvd --outfile ~/tmp/guybrush-signed \
-R 818100:10000,f00000:100,f80000:2000,f8c000:1000 \
-k ~/tmp/packed -p tests/devkeys/firmware_data_key.vbprivk \
-b 5a5a4352 -r tests/devkeys/kernel_subkey.vbpubk \
~/tmp/image-guybrush.serial.bin
A guybrush device was programmed with ~/tmp/guybrush-signed, and AP
RO verification was attempted by pressing the appropriate button
combination, GVD verification succeeded.
Generate a signed image again, using an incorrect Board ID value, try
verification, observe failure due to incorrect Board ID.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I4da753649eef6e10353619e0f7af19d2f6846b75
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3224808
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Intent of pair-wise consistency test is to ensure that private key
matches the public key, so update what we change when simulating error.
BUG=b:198219806
TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1;
u2f_test; passes
fips pwct
u2f_test; fails on u2f_generate, u2f_sign and u2f_attest.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I35de5608184fc9f28db4912f2b62795d53d48f43
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3229800
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Once all H1 Entropy tests completed at different environmental points
our entropy estimate changed to value 0.77. Also we decided to use
alpha = 2^-39 vs. 2^-40. This requires change of RCT and APT cutoff
values.
RCT cutoff value changed to compile-time constant computation, added
static asserts to make sure it is valid and matches known values.
APT cutoff can't be computed at compile time and updated to values
matching entropy and alpha.
Updated entropy size for instantiation of FIPS DRBG.
Reseeding interval is reduced to 1000 from 10000 to make it more
non-deterministic. Performance impact is very low - can't even measure
it precisely.
BUG=b:138577834
TEST=make BOARD=cr50 CRYPTO_TEST=1; tpm_test.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I38735492d072b3d4445fca926524ef1c159627a5
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3223967
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
| |
BUG=b:203205487
TEST=none
Change-Id: I90ef2a52a40ceef6de930df2acb635cdc0b3d014
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3227259
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cap the number of I2C flog errors at 2 per boot. The timestamps of the
two events can indicate if the unwedge issues happen successively or if
there is a large gap between events. Many events with a short gap are
likely benign and due to i2c not being terminated correctly. Inidividual
I2C errors are likely caused by some other issue.
BUG=b:146067724
TEST=check the number of i2c log messages on coral in s0ix
Change-Id: I3f04c85e6233bf0c790db0d40a85aab3c927b9b8
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3225996
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shimless RMA needs to know if the button combo triggered AP RO
verification even if AP RO verification isn't supported. This change
adds two new responses AP_RO_UNSUPPORTED_TRIGGERED(5) and
AP_RO_UNSUPPORTED_NOT_TRIGGERED(4) to tell if the button combo was
pressed on a board that doesn't support AP RO verification.
The old AP_RO_UNSUPPORTED value, 3, isn't returned by cr50 anymore.
AP_RO_PASS(1) and AP_RO_FAIL(2) are still used. They both mean the combo
was triggered.
AP_RO_NOT_RUN(0) is still used. It still means the combo wasn't
triggered.
Summary of the states
- pressed - AP_RO_PASS(1), AP_RO_FAIL(2), AP_RO_UNSUPPORTED_TRIGGERED(5)
- not pressed - AP_RO_NOT_RUN(0) and AP_RO_UNSUPPORTED_NOT_TRIGGERED(4)
- unknown - AP_RO_UNSUPPORTED_UNKNOWN(3)
BUG=b:181000999
TEST=use gsctool to get the AP RO verification status on cr50 images
with the new and old version of the get AP RO status vendor command.
Change-Id: Ib2b33e69a4d4165fc2c13437a919b8f2a83c1bba
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3213112
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the IGNORE_SERVO warning to the end of ccdblock output, so it
doesn't break up the ports blocked.
BUG=none
TEST=enable ccdblock EC_CR50_COMM and IGNORE_SERVO. Verify EC_CR50_COMM
shows up in the port blocked field.
> ccdblock
CCD ports blocked: EC_CR50_COMM IGNORE_SERVO
WARNING: enabling UART while servo is connected may damage hardware
Change-Id: I423f05d3d4c097c2e2fc2fd6db83a8d1f6b410a0
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3219761
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CQ for cr50 doesn't cover all targets of interest.
Borrow script from /platform/ec and adjust it a bit to cr50 targets.
BUG=b:202192433
TEST=./firmware_builder.py --metrics m.pb build
./firmware_builder.py --metrics m.pb test
./firmware_builder.py --metrics m.pb bundle
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I77ab1134fb2b7df1e16314068dac05ba8ef49094
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3224365
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To implement CQ make a copy of firmware_builder.py script into cr50
as a first step.
BUG=b:202192433
TEST=N/A
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I9d4354242e49e0e1e4029c773fe291fab92d62df
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3224376
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=None
TEST=make buildall -j
Change-Id: Ief14c16e37842794a60c7d10e068db94083aa359
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3221960
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Howard Yang <hcyang@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It should not be possible to trigger AP RO verification by sending the
vendor command over the USB interface, it should be triggered only
when the user enters the existing key sequence, or when coming from
the AP as a TPM command.
When verification is triggered by the key sequence the verification
function is still invoked as a TPM vendor command, because a context
switch into TPM task is required to be able to use its large stack.
The problem is that when TPM task processes context switching
commands, it unconditionally sets the bit indicating that they come
from USB. This is required for some CCD commands, but not for the AP
RO verification request.
Let's introduce a new flag to be able to tell between commands coming
from USB and from alternative sources, and allow AP RO verification be
triggered by alternative sources but not from USB.
BUG=b:202902506
TEST=AP RO verification still could be triggered by key presses and
through a TPM command coming from the AP, but is rejected if sent
over USB by the host.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: Ib3b5bd9867cc3038d9123b23c7a25886331a179c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3221776
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With planned upgrade to gcc 11.2 we need to make sure it will not fail
cr50 build as it will be a reason to revert. gcc 11.2 gives us 1768 b
back after TPM2 LTO, but it changes default linker behavior and produce
LTO object file during partial link unless -flinker-output=nolto-rel is
used. This option however fail 8.3 build.
Also, gcc 11.2 introduced new optimization path IPA modref which doesn't
play nice with LTO and partial link used together, causing gcc crash.
To overcome this issue add -fno-ipa-modref when gcc 11.2 is used. This
results in almost no impact on code size.
BUG=none
TEST=make BOARD=cr50 tested with gcc 8.3 and gcc 11.2
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I78a3b3403e84dc4a426dede02b399d9d249ece81
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3218577
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Patrick Georgi <pgeorgi@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
U2F_Sign is expected to receive pre-hashed version of user credentials
so should apply SHA2-256 to the value before key handle verification.
Also, enforce user verification with authentication time secret if no
user presence (power button press) is requested.
test/tpm_test/tpmtest.py updated to apply SHA256 in U2F_Generate to
match expected u2fd behavior.
BUG=b:172971998
TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1;
test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I92d73cd1fc0d962fefe11faeb4ce0ed68c798aa7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3221264
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Howard Yang <hcyang@google.com>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Introduced AES register structure and replaced register access with
accesses to fields. In many cases it reduce code size and number of
instructions.
2. Deduplication between AES implementation and App Cipher which use
AES engine with key coming from key ladder. Added internal function
dcrypto_aes_process() which applies current AES configuration to
aligned data in highly optimized manner, same as previous outer_loop
and inner_loop() functions.
Overall it saves 322 bytes with gcc 8.3
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpm_test.py
In ccd: cipher [to test app_cipher];
TCG Tests.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I6551e21e5e8798aa4691cb6ba476d565778cea3d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3213610
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move declarations of AES-GCM, AES-CMAC, ECIES, HKDF and few other
functions from dcrypto.h into internal.h.
Merge tpm2/hkdf.c into dcrypto/hkdf.c. It contains only function used
for testing and HKDF itself is only used for CRYPTO_TEST=1.
BUG=b:134594373
TEST=make buildall -j; make BOARD=cr50 CRYPTO_TEST=1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I56c03ff4e8838871cdb28c0d9946c39754d9e054
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3219576
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Add test commands to break all KAT tests [fips hmac/drbg/ecdsa/pwct]
2) To support PWCT demo reduced number of attempts to retrieve valid
p256 key candidate to 16. Probability of false negative would be less
than 2^-4080 (255*16), but will prevent DoS attack if it consistently
fails for real reasons.
3) Fixed HMAC KAT test failure (was bound SHA failure earlier).
BUG=b:138576604
TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1
In ccd:
fips
fips hmac
fips test - see FIPS error
reboot
fips drbg
fips test - see FIPS error
reboot
fips ecdsa
fips test - see FIPS error
reboot
fips pwct
u2f_test - see NOT PASSED of u2f_generate/u2f_sign
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I0a812075bb2436f5823eff446b725f19974a2a31
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3221770
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Block EC UART output and EC COMM with 'ccdblock TRISTATE_EC enable'.
This removes the EC UART output, prevents EC-EFS2, and removes the
pulldown from the EC RX signal.
This is used for flashing the EC with c2d2. It's only available when CCD
is enabled.
BUG=b:202464674
TEST=manual
# Disconnect servo. Verify EC tx is disabled and there's no pull
# down after tristating the EC
> ccdblock TRISTATE_EC enable
CCD ports blocked: EC IGNORE_SERVO
WARNING: enabling UART while servo is connected may damage
hardware EC_CR50_COMM TRISTATE_EC
> pinmux
...
400600c8: DIOB5 0 IN
400600d0: DIOB6 16 IN GPIO0_GPIO15
...
> ccdstate
...
State flags: UARTAP USBEC+TX
CCD ports blocked: EC EC_CR50_COMM TRISTATE_EC
...
# Check UART TX is re-enabled after disabling TRISTATE_EC
> ccdblock TRISTATE_EC disable
CCD ports blocked: (none)
> ccdstate
...
State flags: UARTAP+TX UARTEC+TX I2C SPI USBEC+TX
CCD ports blocked: (none)
...
> pinmux
...
400600c8: DIOB5 78 IN UART2_TX
400600d0: DIOB6 16 IN GPIO0_GPIO15
...
# Connect servo, so cr50 disables the EC UART on it's own.
# Verify the pulldown is removed after tristating the EC.
> ccdstate
...
State flags: UARTAP UARTEC USBEC+TX
CCD ports blocked: (none)
> pinmux
...
400600c8: DIOB5 0 IN PD
400600d0: DIOB6 16 IN GPIO0_GPIO15
...
> ccdblock TRISTATE_EC enable
CCD ports blocked: EC EC_CR50_COMM TRISTATE_EC
> ccdstate
...
State flags: UARTAP USBEC+TX
CCD ports blocked: EC EC_CR50_COMM TRISTATE_EC
# Check PD is removed from DIOB5
> pinmux
...
400600c8: DIOB5 0 IN
400600d0: DIOB6 16 IN GPIO0_GPIO15
...
# Check PD is re-enabled after disabling TRISTATE_EC
> ccdblock TRISTATE_EC disable
CCD ports blocked: (none)
> ccdstate
...
State flags: UARTAP UARTEC USBEC+TX
CCD ports blocked: (none)
> pinmux
...
400600c8: DIOB5 0 IN PD
400600d0: DIOB6 16 IN GPIO0_GPIO15
Change-Id: I7bde996be3914bd5d625ad99e418f9bd2c0f41d1
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3219760
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the AP is off, cr50 doesn't need to enable the AP UART. Having it
enabled could cause power leakage if the signals aren't terminated
correctly. Check ap_is_on and ap_uart_is_on before enabling the AP
UART.
BUG=b:136602563
TEST=firmware_Cr50DeviceState
Change-Id: I192bdc4caef8cfa0ce6d8a3ca181b16388e35cd4
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3219756
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
FE_TPM_I2C_ERROR events don't mean much and it's not a big deal if cr50
needs to recover the I2C bus. Remove FE_TPM_I2C_ERROR logging from
chip/i2cp.
BUG=b:146067724
TEST=make buildall -j
Change-Id: I2bdce35fc794559c8236b1c14d87fa4372ffafa4
Signed-off-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3219755
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a reland of 3cac98670745fc5ca82a058fab512567f8444759
The structure of u2f command related types are updated before the
original CL lands. Update the fuzzer to correctly fuzz the new code, and
ignore the profdata generated by fuzzers in .gitignore.
Original change's description:
> cr50_fuzz: Add fuzzer for u2f commands
>
> Currently there's only one fuzzer for Pinweaver and one for host
> commands in cr50. Add a fuzzer for the u2f commands (generate, sign,
> attest) used in the WebAuthn flow to ensure its security. Most regions
> of the concerning functions are covered except for pure error code
> returns and unreachable regions (currently auth secret is not used in
> sign and attest command yet).
>
> Rename old cr50_fuzz namings to pinweaver_fuzz, since they only cover
> Pinweaver commands.
>
> BUG=b:172367435
> TEST=make buildall -j
> TEST=make host-u2f_fuzz && \
> ./build/host/u2f_fuzz/u2f_fuzz.exe -timeout=10 \
> -ignore_ooms=false -ignore_timeouts=false -fork=71; \
> llvm-profdata merge -sparse default.profraw -o default.profdata; \
> llvm-cov show ./build/host/u2f_fuzz/u2f_fuzz.exe \
> -object ./build/host/u2f_fuzz/RO/board/cr50/dcrypto/u2f.o \
> --instr-profile default.profdata \
> board/cr50/dcrypto/u2f.c common/u2f.c > report
>
> Cq-Depend: chromium:3162473
> Change-Id: I02b820cf03f7b46ccad7c3bc7b82e73ff45217c6
> Signed-off-by: Howard Yang <hcyang@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162469
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
> Reviewed-by: Leo Lai <cylai@google.com>
Bug: b:172367435
Change-Id: I279e20b21a11e0ec957b6a5c3e95bc9a3b9df196
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3217474
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Howard Yang <hcyang@google.com>
Commit-Queue: Howard Yang <hcyang@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
.text.fips_checksum section was placed after .text which resulted in
different address for it. Since address of this section is used in FIPS
module it resulted in different digest computed.
BUG=b:138578318
TEST=make BOARD=cr50, check map file to ensure .text.fips_checksum is
just after FIPS module.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ia054fec9191eac8818dcde139320eddbd7c8085b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3218580
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Script inserting FIPS checksum into the image uses the dd utility
which generates stderr output even when there is no errors.
This patch adds code which captures the dd stderr output and prints it
out only if there is an actual error. stdout output of the script is
suppressed unless make was invoked with V=1.
Also made a few modifications as requested by shellcheck.
BUG=none
TEST=make output does not have extra lines.
built and ran a Cr50 image, it reports successful FIPS integrity
self check.
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I9121bc5a9a40633b9a3d18ea5766bc1ed274a9c2
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3210946
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to reduce code footprint, do not link TPM2 library modules,
instead build TPM2 as a single relocatable object module, a collection
of library sources compiled and linked with LTO enabled.
BUG=b:65253310
TEST=observed code space reduced by 1428 bytes, the bss_libtpm2
section remained practically unchanged:
before:
*** 5548 bytes in flash and 5652 bytes in RAM still ...
000104d0 B __bss_libtpm2_start
000155d7 B __bss_libtpm2_end
after:
*** 6976 bytes in flash and 5652 bytes in RAM still ...
000104d0 B __bss_libtpm2_start
000155d4 B __bss_libtpm2_end
Verified that the new Cr50 image allows a Chrome OS to successfully
boot and restart.
Cq-Depend: chromium:3210050
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Change-Id: I32335df29a332da115d8af56c157d5ad4189e9b0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3210510
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently tpmtest.py fails to connect to H1 red board first time after
it is flashed, which is not convenient. It looks like the workaround is
to try to read any TPM register. So, implement a workaround.
Frequency of FTDI can be safely increased to 2000Khz.
Reduced delay to start transaction from 10ms to 200us which greatly
improve overall testing (except for RSA which actually runs noticeable
time).
Overall time to run tests decreased from 165s to about 120s, but take
into account RSA key gen tests alone are about 100s.
BUG=none
TEST=testtpm.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ib67b71b36457b33f38135f9cec269dcf35881f54
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3214771
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
test/tpm_test Makefile doesn't build bn_test properly. Need to add
handling of difference between Cr50 and Chip/g dcrypto.
Also, Cr50 code use __always_inline for some functions which itself
requires compiler optimization to turn on. Adding -O2 to CFLAGS.
BUG=None
TEST=make -C test/tpm_test clean
make -C test/tpm_test
make -C test/tpm_test clean
make -C test/tpm_test CR50=1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I08749ebaa930fd4f71d7406ed289bf480b5a8510
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3215057
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
make runfuzztests started to fail once both:
https://crrev.com/c/3162473 and https://crrev.com/c/3208916 landed.
Clang seems to incorrectly discarding sections it generated for
profiling, resulting in:
__profc_DCRYPTO_hw_sha256_init' referenced in section .text.compute_hash[compute_hash]' of build/host/cr50_fuzz/libec.a(libec.a.2.o): defined in discarded section `__llvm_prf_cnts[__profd_DCRYPTO_hw_sha256_init]' of build/host/cr50_fuzz/libec.a(libec.a.2.o)
__profc_DCRYPTO_hw_sha256_init' referenced in section .text.create_merkle_tree[create_merkle_tree]' of build/host/cr50_fuzz/libec.a(libec.a.2.o): defined in discarded section `__llvm_prf_cnts[__profd_DCRYPTO_hw_sha256_init]' of build/host/cr50_fuzz/libec.a(libec.a.2.o)
clang-13: error: linker command failed with exit code 1 (use -v to see invocation)
This definition of __always_inline should be useful in other cases, so
moving it into common.h.
Note, we have to #undef it first, as it is previously defined in system
headers.
BUG=none
TEST=make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I073b38a68fd43a14dbe92063011c95758030b225
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3213113
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dependencies for FIPS module were incorrectly set as actual dependency
on $(out)/ec_version.h and $(out)/env_config.h instead of order-only
dependency, causing rebuild on any change in repository.
BUG=b:202225290
TEST=make BOARD=cr50
echo ' ' >> board/cr50/tpm2/rsa.c
make BOARD=cr50
should only rebuild tpm2/rsa.c and not dcrypto/*
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I4d2e8e4a2182ddf850ccfad18e9b517f41594d55
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3208539
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
gcc 11.2 changes semantic of how 'static inline' works with LTO, which
causes either ODR or missing symbol issues during linking when several
objects created by LTO.
After several experiments with
inline
extern inline
It seems that using __inline __attribute__(always_inline) is most
reliable method.
BUG=None
TEST=make buildall -j
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I4d0e8bed00bbc3b3e580c4c610a2f733f2525973
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3208916
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 3cac98670745fc5ca82a058fab512567f8444759.
Reason for revert:
This patch breaks building of 'make buildall' and seems to be leaving some generated files in the root directory.
Original change's description:
> cr50_fuzz: Add fuzzer for u2f commands
>
> Currently there's only one fuzzer for Pinweaver and one for host
> commands in cr50. Add a fuzzer for the u2f commands (generate, sign,
> attest) used in the WebAuthn flow to ensure its security. Most regions
> of the concerning functions are covered except for pure error code
> returns and unreachable regions (currently auth secret is not used in
> sign and attest command yet).
>
> Rename old cr50_fuzz namings to pinweaver_fuzz, since they only cover
> Pinweaver commands.
>
> BUG=b:172367435
> TEST=make buildall -j
> TEST=make host-u2f_fuzz && \
> ./build/host/u2f_fuzz/u2f_fuzz.exe -timeout=10 \
> -ignore_ooms=false -ignore_timeouts=false -fork=71; \
> llvm-profdata merge -sparse default.profraw -o default.profdata; \
> llvm-cov show ./build/host/u2f_fuzz/u2f_fuzz.exe \
> -object ./build/host/u2f_fuzz/RO/board/cr50/dcrypto/u2f.o \
> --instr-profile default.profdata \
> board/cr50/dcrypto/u2f.c common/u2f.c > report
>
> Cq-Depend: chromium:3162473
> Change-Id: I02b820cf03f7b46ccad7c3bc7b82e73ff45217c6
> Signed-off-by: Howard Yang <hcyang@google.com>
> Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162469
> Reviewed-by: Andrey Pronin <apronin@chromium.org>
> Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
> Reviewed-by: Leo Lai <cylai@google.com>
Bug: b:172367435
Change-Id: Ie844e44e0cd6254553694c23a535f18329cef77d
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3212497
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there's only one fuzzer for Pinweaver and one for host
commands in cr50. Add a fuzzer for the u2f commands (generate, sign,
attest) used in the WebAuthn flow to ensure its security. Most regions
of the concerning functions are covered except for pure error code
returns and unreachable regions (currently auth secret is not used in
sign and attest command yet).
Rename old cr50_fuzz namings to pinweaver_fuzz, since they only cover
Pinweaver commands.
BUG=b:172367435
TEST=make buildall -j
TEST=make host-u2f_fuzz && \
./build/host/u2f_fuzz/u2f_fuzz.exe -timeout=10 \
-ignore_ooms=false -ignore_timeouts=false -fork=71; \
llvm-profdata merge -sparse default.profraw -o default.profdata; \
llvm-cov show ./build/host/u2f_fuzz/u2f_fuzz.exe \
-object ./build/host/u2f_fuzz/RO/board/cr50/dcrypto/u2f.o \
--instr-profile default.profdata \
board/cr50/dcrypto/u2f.c common/u2f.c > report
Cq-Depend: chromium:3162473
Change-Id: I02b820cf03f7b46ccad7c3bc7b82e73ff45217c6
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162469
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Leo Lai <cylai@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust Makefile toolchain setting so that fuzzers can generate coverage
mapping correctly and generate debug symbols for source-based coverage
report. Also, update gitignore to ignore local vscode settings.
BUG=none
TEST=make buildall -j
Change-Id: I6d5c720895cbb9119c9266df998aa5cc308c1e61
Signed-off-by: Howard Yang <hcyang@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3162473
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to limited space available with CR50_DEV=1, move some of crypto
related functionality which was under CR50_DEV to branches of
CRYPTO_TEST=1, namely:
- SELF_TEST=1 to print self-integrity hashes
- U2F_VERBOSE=1 to print debug information from U2F key generation.
Config options sorted alphabetically in ENV_VARS and in processing
order.
BUG=None
TEST=make BOARD=cr50 CR50_DEV=1
make BOARD=cr50 CRYPTO_TEST=1 SELF_TEST=1
make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1 U2F_VERBOSE=1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I66485b2d1fff8c0947aaf31c93348a16101f14b7
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3209647
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows a bit more efficient code generation.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1 RND_TEST=1
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ia92116a9aa4ac7d9f77d207205e712c03722dd95
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3210238
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify code analysis, move dcrypto's blob into dcrypto_bn.inc
similar to p256 code in dcrypto_p256.inc.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I2ae3a0793bd829c15844d55061952a69a412e2e9
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3210226
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To simplify code analysis, move dcrypto's blob into dcrypto_sha512.inc
similar to p256 code in dcrypto_p256.inc.
In the process fix minor compiler warning on signed/unsigned compare.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I4aac81a3b6fa0c055b83f91575f2d37755845e63
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3210229
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adding v2 of key handle which drops kh_hmac field and use single
authorization code for all relevant fields.
BUG=b:172971998
TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1;
in ccd: u2f_test - unit tests
test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I647ded7a2c157cea91ac48a2ba679def318c1e63
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3199671
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several bn_* function still use static buffer allocation. Switch to
dynamic allocation to enable support for RSA 3K/4K.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
../../build/tpm_test/bn_test
TCG tests
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I150fa99bde89cc486f7ad945b5a312fe7d787fb0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3207349
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cr50 doesn't use CMAC, it is not even compiled, however during internal
review potential issues with branching on key values were spotted.
1) Fix key expansion to be constant time
2) Switch to enum dcrypto_result
3) Test commands updated to be compatible with FIPS build (use .rodata)
4) Clean up computed tag on stack during verification
BUG=None
TEST=make BOARD=cr50 CRYPTO_TEST=1 CMAC_TEST=1
in ccd: test_cmac 1 2 3 4
test_cmac_ver 1 2 3 4
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Iff9b84dd8fb2baed9152f1ee5c40ef8e4198edd3
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194972
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Switched RSA public and internal functions to use enum dcrypto_result
2. Added checks for FIPS errors.
3. Updated call sites to properly handle result values.
BUG=b:197893750
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpm_test.py
TCG tests:
---------------------- Test Result Summary -----------------------------
Test executed on: Mon Oct 5 18:26:07 2021
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
========================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I23d391322e55b541d72388b2a4661991a61dd020
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3207348
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1.Implemented dynamic stack allocation of big number buffers to support
up to RSA 4K for all public APIs.
2. Internal function switched to use enum dcrypto_result
3. Added check that provided exponent is at least odd number (should be
prime / co-prime with N).
4. Saving a bit by reusing zero constant.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
TCG tests
---------------------- Test Result Summary -----------------------------
Test executed on: Mon Oct 4 22:46:07 2021
Performed Tests: 248
Passed Tests: 248
Failed Tests: 0
Errors: 0
Warnings: 0
========================================================================
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Id23ebfdc04132de1f26ee0888b00cacdee2eaf43
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3204566
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To support FIPS mode we need to block access to crypto in case of
errors.
1) Added check for FIPS errors into DCRYPTO_aes_init()
2) Return codes updated to enum dcrypto_result
3) Call sites updated to check for return codes
BUG=b:197893750
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Id614cc346fe22537e9208196bf1322221a253b0c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194985
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New options for gcc 11.2 doesn't work on gcc 8.3 since gcc 11.2 update
was reverted.
BUG=None
TEST=make buildall
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Idf965bab903f2700dd01eb028e2a1aa6dc53e101
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3206474
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
|
