| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Presently the CR50_DEV environment variable is overloaded, if its
value is a number exceeding 1, it enables inclusion in the image of
the dcrypto tests.
To make things cleaner let's use a separate environment variable to
add dcrypto tests to the image. Note that the tests still can not be
enabled, as they do not fit into the flash code space.
BRANCH=cr50, cr50-mp
BUG=b:137659935
TEST=verified that image building with CRYPTO_TEST=1 fails due to
exceeded code size.
Change-Id: I550c219c1eefe01fbe035b85a1d5aae88ea439de
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1704607
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG=b:132310780
TEST=flash to soraka, retrieve G2F cert, check CN
retrieve anonymous U2F cert, check CN unchanged
BRANCH=none
Change-Id: Id409ac5d534f2ee9e16376d690f58b184f5ac1a6
Signed-off-by: Louis Collard <louiscollard@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1614581
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Commit-Queue: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function is called from common/nvmem.c, it should be available
when compiling for tests, the stub could be filled up later when new
tests are added.
BRANCH=cr50, cr50-mp
BUG=b:119221935
TEST=make buildall -j still succeeds.
Change-Id: I082292818c7f2b10336c9a7c49e0a9195e25a12b
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1363816
Reviewed-by: Allen Webb <allenwebb@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Disabling TPM will do revoke H1 key laddder.
Querying TPM_MODE or enabling TPM_MODE will fail if H1 Key
Ladder is already revoked.
BUG=b:118504817
BRANCH=cr50
TEST=Manually tested with TPM disabling and Resume or Warm Reboot.
(1) Resume
$ trunks_send --raw 80 01 00 00 00 0c 00 00 01 45 00 01
80010000000A00000000
$ gsctool -a -m disable
TPM Mode: disabled (2)
$ echo mem > /sys/power/state
(press key on chromebook either after three seconds or in a second.)
(2) Warm Reboot
$ gsctool -a -m disable
(press refresh + power button or run kernel command 'reboot')
Check Chrome os boot ok.
No TPM command failures were observed (in CR50 console).
(3) Windows Warm Reboot or Resume are checked.
Change-Id: I32fffc432a9a6068ea324a97225974c581cb9359
Signed-off-by: Namyoon Woo <namyoon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/1312197
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
| |
BRANCH=None
BUG=None
TEST=make -j buildall
Change-Id: Icf2cfb6a2657064c10721c0e527d24fbb3be6ab3
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1330102
Reviewed-by: Mike Frysinger <vapier@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These definitions provide the necessary dcrypto functionality for
fuzzing pinweaver. They can be built out as needed to support
further fuzzing.
BRANCH=none
BUG=chromium:876582
TEST=make -j buildfuzztests &&
./build/host/cr50_fuzz/cr50_fuzz.exe (with the cr50_fuzz CL)
Change-Id: I36ce874efab5dbc59825d126f6079b7b6d0da9ef
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/1180573
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AES-CMAC implementation based on extant 128-bit AES, following closely
to the description in RFC 4493. Timing depends only on the length of the
message, not the content or the keys.
Signed-off-by: Jade Philipoom <jadep@google.com>
BRANCH=cr50
BUG=b:72788497
TEST=Passed the four test vectors provided in the RFC; these tests are defined as commands in aes_cmac.c and can be run with
"test_cmac 1 2 3 4" when CRYPTO_TEST_SETUP is defined.
Change-Id: I96fb4f29927c11970a6a17c0fd583694aa945c91
Reviewed-on: https://chromium-review.googlesource.com/975181
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds some of the ground work for hardware backed brute force
resistance on Cr50. The feature is called Pinweaver. It will
initially be used to enable PIN authentication on CrOS devices
without reducing the security of the platform. A Merkle tree is
used to validate encrypted metadata used to track login attempts.
The metadata tracks counts of failed attempts, a timestamp of the
last failed attempt, the secrets, and any associated parameters.
Instead of storing the metadata on Cr50 an AES-CTR is used with an
HMAC to encrypt the data so it can be stored off-chip and loaded
when needed.
The Merkle tree is used to track the current state of all the
metadata to prevent replay attacks of previously exported copies.
It is a tree of hashes whose root hash is stored on Cr50, and whose
leaves are the HMACs of the encrypted metadata.
BRANCH=none
BUG=chromium:809730, chromium:809741, chromium:809743, chromium:809747
TEST=cd ~/src/platform/ec && V=1 make run-pinweaver -j
Change-Id: Id10bb49d8ebc5a487dd90c6093bc0f51dadbd124
Signed-off-by: Allen Webb <allenwebb@google.com>
Reviewed-on: https://chromium-review.googlesource.com/895395
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some dependent projects need larger than 2K RSA computation.
Allow their board.h to pre-define RSA_MAX_BYTES to suit their needs.
BRANCH=none
TEST=make buildall
Change-Id: Ia00def60ea359e150285e7851a462531f40f5b18
Reviewed-on: https://chromium-review.googlesource.com/849756
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a PERSO_AUTH appid to sign data passed through the
AUTH mn50.
Add a signer command to start and generate signatures.
Clean UART init to avoid spurious nonprinting characters
that will contaminate the siugnature.
BUG=b:36910757
BRANCH=None
TEST=generates signature for uart and spi
Signed-off-by: Nick Sanders <nsanders@chromium.org>
Change-Id: I5fc3c4ee34898421060b57b774a09734f6a1bae5
Reviewed-on: https://chromium-review.googlesource.com/670984
Reviewed-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To aid with severe flash space shortage, let's enable
CRYPTO_TEST_SETUP only if CR50_DEV is set to a value exceeding 1.
board/mn50/board.h used to define CR50_DEV without any value assigned
to it, correct this so that the check in dcrypto.h works when mn50 is
built.
BRANCH=cr50
BUG=b:65253310
TEST=compiling with CR50-DEV=1 vs CR50_DEV=2 saves more than
17.5 Kbytes per RW image.
Change-Id: Ic77fa45b1a8f7631efa91c08e63438d412196eed
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/690993
Reviewed-by: Randall Spangler <rspangler@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add functions to do key derivation for the U2F code,
using the hardware key-ladder.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:35545754
TEST=with follow-up CLs, run U2FTest on Eve
Change-Id: I5960fb9baa7ca555423a956fb97ef2bdee82feee
Reviewed-on: https://chromium-review.googlesource.com/525539
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add primitives to build x.509 certificates encoded in ASN.1 DER,
as a building block for the U2F feature.
Mostly copied over from the cr52 code-base.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:35545754
TEST=with follow-up CLs, run U2FTest on Eve
and manually verify the individual attestation certificate with an ASN.1
parser.
Change-Id: Ie90730d8c401c661c8ab3b1b19631337b7390e9c
Reviewed-on: https://chromium-review.googlesource.com/518134
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous implementation of DCRYPTO_app_cipher
consumed roughly 16ms to cipher a 16kB buffer
(i.e. performance that is far worse than the
hardware is capable of).
This change speeds up the implementation by about
85%, to the tune of roughly 2.2ms for a 16kB buffer.
The gains originate from various sources: loop
unrolling, data-pipelining, eliminating local
variables (to reduce register pressure), eliminating
support for unaligned input/output data, compiling
hot code with -O (rather the default -Os), and
using the hidden key-ladder, which need only be
setup once per reset.
This change also switches from AES-128 to AES-256.
BRANCH=none
BUG=chrome-os-partner:62260
TEST=make buildall succeeds;
cipher command succeeds;
TCG tests pass
Change-Id: I133741be6d9f1353d6ae732d0e863b4b18cc8c9e
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/433359
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for verifying messages signed
with 4096-bit RSA keys. Such messages may
be generated by host side applications.
Also update tpmtest.py to test 4k verification.
BRANCH=none
BUG=none
TEST=added new tests to tpmtest.py; TCG tests pass
Change-Id: I7450bd710c154c68c030ce176bfe7becbfbcb729
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/428220
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds hardware support for AES128-GCM
along with a subset of NIST test vectors.
BRANCH=none
BUG=chrome-os-partner:60833
CQ-DEPEND=CL:411535
TEST=tpmtest.py passes
Change-Id: I93445684f6a910c35a9117eac6cb19d28067a021
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/425002
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On boards based on the g chip cryptographic functions come from
hardware, they should be implemented in chip/g as opposed to a
particular board.
The common modules (like nvmem) should be using some generic API,
which hopefully will be implemented by other chips, or could be
replaced by a purely software implementation where crypto hardware
support is not available.
Crypto API definition is being added in include/ and the g chip
implementation (a wrapper around dcrypto functions) is being added in
chip/g.
test/nvmem_vars.h needed to be edited to avoid conflict with
<string.h>.
BRANCH=none
BUG=chrome-os-partner:62260
TEST=make buildall -j still passes. Booting reef with the new image
works fine too.
Change-Id: Ifef281215f89239966882ecbe3e90c8351b9b91a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/431313
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change introduces DCRYPTO_app_cipher(), an encrypt/decrypt
function that accepts an IV and corresponding data. Typical
restrictions on IV reuse apply. The key is derived from the hardware
based on the type of the RW image signature (dev vs prod).
A console command is added to exercise the cipher function.
Since stack requirements of the dcrypto code exceed the console task
allowance, the actual command is executed on the HOOKs task context.
BRANCH=none
BUG=chrome-os-partner:55331
TEST=make buildall -j passes. Running the cipher command from the
console succeeds:
> cipher
original data ad67d44cb4feffff6b3b334635eb9612
rv 0x01, out data 861dc395a2fc745ca886a703cb02a897, time 16636 us
rv 0x01, orig. data ad67d44cb4feffff6b3b334635eb9612, time 17004 us
sha1 before and after match!
>
Change-Id: I7686d8c8489c1b8a984859c3be4f82c338573c6f
Signed-off-by: nagendra modadugu <ngm@google.com>
Signed-off-by: Marius Schilder <mschilder@chromium.org>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/428171
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add functions that derive application specific keys based
on FRK2. For the moment, derived keys need to be manually
copied into the AES engine. Since key-ladder state depends
on the code-signer (prod vs. dev), application derived keys
are also different in the two modes. Thus ciphertext blobs
produced by prod-signed code cannot be decrypted by dev-signed
code.
To minimize stack requirements on the hook_task, the SHA
context in DCRYPTO_appkey_init() is placed in allocated/freed
memory. This SHA object will become unnecessary once the
AES engine is seeded directly from the key-ladder.
BRANCH=none
BUG=chrome-os-partner:55331
TEST=pending
Change-Id: Ifb274b15e61be317e02ec31fc52f9a41e06dcba3
Signed-off-by: nagendra modadugu <ngm@google.com>
Signed-off-by: Marius Schilder <mschilder@chromium.org>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/428170
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function belongs in dcrypto as it relies heavily on the crypto
hardware; also, it will be handy to be able to use this function in
other cases.
BRANCH=none
BUG=chrome-os-partner:55331
TEST=buildall still builds. TPM manufacturing still works too.
Change-Id: If2e70eaa71a76e8374b98f4667cb54ea6253b760
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/428169
Reviewed-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Callers may not need computation of the public key.
Making this optional speeds this routine up.
Cr50 never passes in NULL for any argument, so is not affected.
BUG=none
TEST=build
BRANCH=none
Change-Id: Ia0077a35064f53b53f51867254aaa51eac6c55d8
Reviewed-on: https://chromium-review.googlesource.com/427058
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Perform PKCS1-padding-only signing for RSASSA if hashing algorithm is
TPM_ALG_NULL.
This feature is guarded by SUPPORT_PADDING_ONLY_RSASSA macro in
tpm2/Implementation.h.
BUG=chrome-os-partner:60967
BRANCH=none
TEST=On a unowned machine with TPM2: corp enroll, login, install
a network certificate (gECC or GMC), then:
a) retrieve the public key from the installed certificate
LIBCHAPS=`ls /usr/lib**/libchaps.so`
CERTID=`pkcs11-tool --module=$LIBCHAPS --slot=1 --type=cert \
-O | grep "ID:" | awk '{print $2}'`
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID \
--type=cert -r > /tmp/cert
openssl x509 -inform der -pubkey -noout -in /tmp/cert > /tmp/pub.key
b) sign a sample text using the private key for the certificate and
MD5-RSA-PKCS mechanism, not supported by TPM2_Sign command:
echo "ABCDEF" > /tmp/1.txt
pkcs11-tool --module=$LIBCHAPS --slot=1 --id=$CERTID --sign \
-i /tmp/1.txt -o /tmp/1.sig -m MD5-RSA-PKCS
c) verify signature:
openssl dgst -md5 -verify /tmp/pub.key \
-signature /tmp/1.sig /tmp/1.txt
Step (b) should succeed and step (c) should return "Verified OK".
Change-Id: I0d7a11c48cdb04e37748f7255b98e9e023481a96
Signed-off-by: Andrey Pronin <apronin@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/420854
Reviewed-by: Darren Krahn <dkrahn@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid building and including crypto test code in
prod builds: only define CRYPTO_TEST_SETUP when
CR50_DEV is defined.
At HEAD, this change drops the size of prod ec.RW.bin
from 200704 to 188416.
BRANCH=none
BUG=chrome-os-partner:54104
TEST=build succeeds
Change-Id: I1e6018ec917dbe71cb445206ce232b8ea7a46cb1
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/418489
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds the plumbing for SHA-384 & 512.
The actual hash implementation is software only,
and a part of the third_party/cryptoc library.
BRANCH=none
BUG=none
CQ-DEPEND=CL:418263
TEST=TCG tests pass
Change-Id: Iba7e6d420fd7fa0bce4ad9061e00f9275ecf4d72
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/417888
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds support for signing SHA-384 & 512 hashes
when using PKCS#1 padding (CR50 does not support
SHA-384 & 512 at the moment, the actual hashing is to be
done on the host).
BRANCH=none
BUG=chrome-os-partner:59754
TEST=TCG tests pass
Change-Id: I78e774639a7968cbb50e58cdd0bf479e64123630
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/415218
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Various cryptographic operations leak timing
information if comparisons are not executed
in constant time. This change adds DCRYPTO_equals(),
a constant runtime comparator.
Also replace crypto related callsites that used
memcmp() as a binary comparator.
BUG=none
BRANCH=none
TEST=tcg tests pass
Change-Id: I3d3da3c0524c3a349d60675902d1f2d338ad455f
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/410163
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We previously used binary extended Euclid. That does not perform well
when inverting a small public exponent.
We also abused that routine to perform the division of n by one of its
factors. Really did not perform well there either.
This CL introduces a classic Knuth long division and a normal extended
Euclid based on that.
This drops the execution time of the common inversions into the single
msec range (vs. multiple seconds before..)
TEST=tcg_tests pass the usual 381/391; test/tpm_test/bn_test passes.
BUG=chrome-os-partner:57422
BRANCH=none
Change-Id: Ic9b4aecd0356fcab3e823dbd60c5b228a87447d3
Reviewed-on: https://chromium-review.googlesource.com/406940
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The name BIGNUM collides with a namesake struct
in openssl. It would be convenient to write
test code that compares results between openssl
and dcrypto, hence this rename.
Also rename some #defines that conflict with
openssl names.
CQ-DEPEND=CL:*270476
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524,chrome-os-partner:50115
TEST=build succeeds
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/360346
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
(cherry picked from commit a15b495497728a6b212bd87e92f6ba5ba463f985)
Change-Id: Ic53ce805cfcc591c68fbc1ef90ff2f92cec973a6
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/362112
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a certificate verifier, so that endorsement
certificates may be verified upon installation.
Doing so allows for catching certificate errors early.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=all tests in test/tpm_test/tpmtest.py pass
Change-Id: I9339a6bc36e4d82ae875ce774e31848ae983fa1f
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/351031
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Port SHA and P256 code to depend on third_party/cryptoc.
Remove config options CONFIG_SHA1, and CONFIG_SHA256 as
these are provided by third_party/cryptoc.
Also remove unused config options CONFIG_SHA384, CONFIG_SHA512.
Crypto functions prefixed by dcrypto_ (declared in internal.h ),
DCRYPTO_ (declared in dcrypto.h) are implemented under
chip/g/dcrypto, and otherwise are implemented under third_party/cryptoc.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524,chrome-os-partner:53782
TEST=all tests in test/tpm_test/tpmtest.py pass
Change-Id: If7da02849aba9703573559370af5fae721d594fc
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/340853
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prime generation uses a sieve to amortize division
with small primes. Otherwise this a standard
Miller-Rabin implementation.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests under test/tpm2 pass
Change-Id: I9f84d1f9c911f6146e4bd80296f75157a191552d
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/335222
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for P256 based hybrid encryption, and
corresponding tests. Where hybrid encryption is:
P256 based DH + AES128 + HMAC-SHA256.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
CQ-DEPEND=CL:336091,CL:339561
TEST=ECIES tests in test/tpm/tpmtest.py pass
Change-Id: Ie091e278df72185a6896af0e498925e56404f87e
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/337340
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
points_mul (variable time) is only necessary for
ECDSA verification, and is not required as part of
the public dcrypto API. Replaced wih (constant time)
point_mul, and add corresponding parameter checks to
the tpm2 interface call _cpri__EccPointMultiply.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests in test/tpm/tpmtest.py pass
Change-Id: I4ec885c147755e8a645c51b9a461b81c3a3b310f
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/338851
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement _cpri__TestKeyRSA, which computes
the modulus and private exponent given a
pair of primes, or computes the second prime
and private exponent given the modulus and
one prime.
The _cpri__TestKeyRSA call is used to determine
whether the components of an RSA key match each other.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests in test/tpm/tpmtest.py pass
Change-Id: I2c68d844f4bab207588cbda5c962b09078519a1a
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/330466
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AES CTR will be necessary to implement hybrid encryption
and hence needs to be a part of the dcrypto library.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests in test/tpm/tpmtest.py pass
Change-Id: I5dffe5d3a15748614db36aebdbcd50bde31bfdb2
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/339561
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for SHA256 based HKDF key
derivation as specified in RFC 5869. This
change includes test vectors from the RFC.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests under test/tpm2 pass
Change-Id: I7d0e4e92775b74c41643f45587fc08f56d8916aa
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/336091
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NULL padding (aka vanilla RSA) support is required by
the TPM2 test suite (referred to as TPM_ALG_NULL in the
tpm2 source).
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests under test/tpm2 pass
Change-Id: I9848fad3b44add05a04810ecd178fbad20ae92cc
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/328830
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add support for PSS padding as per RFC 3447.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests under tpm2 pass
Change-Id: I14c58394f742daa5de4ec2fbeb7e7f14e54c9fcc
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/328778
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change adds support for NIST-P256 curve operations.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=new tests under test/tpm2/ pass.
Change-Id: I03a35ff3ab8af3c52282d882937880bfa2bdcd32
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/324540
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes support for encrypt / decrypt,
and sign / verify; padding schemes OAEP /
PKCS1; supporting bignum library.
RSA key sizes must be a multiple of 32-bits
(with the top bit set). Keying material,
input and output buffers are required to be
word-aligned.
BRANCH=none
TEST=added encrypt/decrypt sign/verify tests, compatibility with openssl tested
BUG=chrome-os-partner:43025,chrome-os-partner:47524
Change-Id: I6bc324c651e3178bb45bb75ab5935d9bc07efbce
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/316942
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stack space is pretty tight on cr50, and since there is no need to
support SHA digest sizes in excess of 256 bits, the digest buffer size
should be reduced.
This patch makes the maximum expected digest size dependent on the set
of configured hash algorithms, moves hash size related asserts from
run time to compile time, and passes compile time definition to the
TPM2 library to increase its hash state container (it became too small
when SHA384 was disabled).
The sw context requirements should be reduced, but this is a task for
another day. We also do not have to store a local digest copy if the
API allowed reading a partial digest.
CQ-DEPEND=CL:314883
BRANCH=none
BUG=chrome-os-partner:43025, chromium:564862
TEST=all tests pass:
$ ./test/tpm_test/tpmtest.py
Starting MPSSE at 800 kHz
Connected to device vid:did:rid of 1ae0:0028:00
SUCCESS: AES:ECB common
SUCCESS: AES:ECB128 1
SUCCESS: AES:ECB192 1
SUCCESS: AES:ECB256 1
SUCCESS: AES:ECB256 2
SUCCESS: AES:CTR128I 1
SUCCESS: AES:CTR256I 1
SUCCESS: sha1:single 0
SUCCESS: sha256:single 0
/New max timeout: 1 s
SUCCESS: sha256:finish 1
SUCCESS: sha1:finish 3
SUCCESS: sha256:finish 2
Change-Id: Iaef3a230469de129e72418814e1d113b447c0137
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/314695
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This change includes hardware and software support for SHA1/256 on
CR50. When running in the RO image, only hardware sha256 support is
included. When running in the RW image, the code auto-selects between
the software and hardware implementation. Software implementation path
is taken if the hardware is currently in use by some other context.
Refactor the CR50 loader to use this abstraction.
The existing software implementation for SHA1 and SHA256 is used for
the software path.
CQ-DEPEND=CL:*239385
BRANCH=none
TEST=EC shell boots fine (implies that SHA256 works)
BUG=chrome-os-partner:43025
Change-Id: I7bcefc12fcef869dac2e48793bd0cb5ce8e80d5b
Signed-off-by: nagendra modadugu <ngm@google.com>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/313011
|
|
Dcrypto support is a hardware property, it belongs with the chip
sub-tree, not with the board.
This patch just moves the files and modifies the makefiles to pick up
the files at the right spot.
BRANCH=none
BUG=chrome-os-partner:43025
TEST=the image still builds, the devices still boots, the
test/tmp_test/tpmtest.py still succeeds.
Change-Id: Ie321ac738c11a9f403a7943524c56ec4366db297
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/313655
Reviewed-by: Nagendra Modadugu <ngm@google.com>
|