From 2bf2051125c993a1bcc5584803ab5f06bd675c93 Mon Sep 17 00:00:00 2001 From: Vadim Sukhomlinov Date: Thu, 14 Oct 2021 11:40:45 -0700 Subject: cr50: update ECDSA pair-wise consistency test to alter key, not message Intent of pair-wise consistency test is to ensure that private key matches the public key, so update what we change when simulating error. BUG=b:198219806 TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1; u2f_test; passes fips pwct u2f_test; fails on u2f_generate, u2f_sign and u2f_attest. Signed-off-by: Vadim Sukhomlinov Change-Id: I35de5608184fc9f28db4912f2b62795d53d48f43 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3229800 Reviewed-by: Vadim Sukhomlinov Reviewed-by: Vadim Bendebury Reviewed-by: Andrey Pronin Tested-by: Vadim Sukhomlinov Commit-Queue: Vadim Sukhomlinov --- board/cr50/dcrypto/p256_ec.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/board/cr50/dcrypto/p256_ec.c b/board/cr50/dcrypto/p256_ec.c index 5924848c23..ac39813abb 100644 --- a/board/cr50/dcrypto/p256_ec.c +++ b/board/cr50/dcrypto/p256_ec.c @@ -97,6 +97,9 @@ enum dcrypto_result dcrypto_p256_key_pwct(struct drbg_ctx *drbg, { p256_int message, r, s; enum dcrypto_result result; +#ifdef CRYPTO_TEST_SETUP + p256_int d_altered; +#endif if (p256_is_zero(d)) return DCRYPTO_FAIL; @@ -104,14 +107,19 @@ enum dcrypto_result dcrypto_p256_key_pwct(struct drbg_ctx *drbg, /* set some pseudo-random message. */ p256_fast_random(&message); +#ifdef CRYPTO_TEST_SETUP + if (fips_break_cmd == FIPS_BREAK_ECDSA_PWCT) { + /* Modify key used for signing. */ + d_altered = *d; + d_altered.a[1] ^= 1; + d = &d_altered; + } +#endif + result = dcrypto_p256_fips_sign_internal(drbg, d, &message, &r, &s); if (result != DCRYPTO_OK) return result; -#ifdef CRYPTO_TEST_SETUP - if (fips_break_cmd == FIPS_BREAK_ECDSA_PWCT) - message.a[0] = ~message.a[0]; -#endif return dcrypto_p256_ecdsa_verify(x, y, &message, &r, &s); } -- cgit v1.2.1