From 307b3dc3c0a294d2245ea7e9475f548077a98c3b Mon Sep 17 00:00:00 2001 From: Vadim Sukhomlinov Date: Wed, 13 Oct 2021 12:30:48 -0700 Subject: cr50: add functionality to support FIPS testing by lab 1) Add test commands to break all KAT tests [fips hmac/drbg/ecdsa/pwct] 2) To support PWCT demo reduced number of attempts to retrieve valid p256 key candidate to 16. Probability of false negative would be less than 2^-4080 (255*16), but will prevent DoS attack if it consistently fails for real reasons. 3) Fixed HMAC KAT test failure (was bound SHA failure earlier). BUG=b:138576604 TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1 In ccd: fips fips hmac fips test - see FIPS error reboot fips drbg fips test - see FIPS error reboot fips ecdsa fips test - see FIPS error reboot fips pwct u2f_test - see NOT PASSED of u2f_generate/u2f_sign Signed-off-by: Vadim Sukhomlinov Change-Id: I0a812075bb2436f5823eff446b725f19974a2a31 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3221770 Reviewed-by: Vadim Sukhomlinov Reviewed-by: Andrey Pronin Tested-by: Vadim Sukhomlinov Auto-Submit: Vadim Sukhomlinov Commit-Queue: Andrey Pronin --- board/cr50/dcrypto/fips.c | 2 +- board/cr50/dcrypto/u2f.c | 6 +++--- board/cr50/fips_cmd.c | 10 ++++++++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/board/cr50/dcrypto/fips.c b/board/cr50/dcrypto/fips.c index 2ea98187c4..5fd1327aee 100644 --- a/board/cr50/dcrypto/fips.c +++ b/board/cr50/dcrypto/fips.c @@ -185,7 +185,7 @@ static bool fips_hmac_sha256_kat(void) HMAC_SHA256_hw_init(&ctx, k, sizeof(k)); memcpy(in_mem, in, sizeof(in)); - if (fips_break_cmd == FIPS_BREAK_SHA256) + if (fips_break_cmd == FIPS_BREAK_HMAC_SHA256) in_mem[0] ^= 1; HMAC_SHA256_update(&ctx, in_mem, sizeof(in_mem)); return DCRYPTO_equals(HMAC_SHA256_hw_final(&ctx), ans, diff --git a/board/cr50/dcrypto/u2f.c b/board/cr50/dcrypto/u2f.c index 1b2fc4f17c..f8d4eb997f 100644 --- a/board/cr50/dcrypto/u2f.c +++ b/board/cr50/dcrypto/u2f.c @@ -212,7 +212,7 @@ static enum ec_error_list u2f_origin_user_key_pair( */ hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, dev_salt, P256_NBYTES, - NULL, 0, HMAC_DRBG_DO_NOT_AUTO_RESEED); + NULL, 0, 16); result = hmac_drbg_generate(&drbg, key_seed, sizeof(key_seed), key_handle, key_handle_size); } else { @@ -228,7 +228,7 @@ static enum ec_error_list u2f_origin_user_key_pair( hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, key_handle, key_handle_size, NULL, 0, - HMAC_DRBG_DO_NOT_AUTO_RESEED); + 16); /** * Additional data = Device_ID (constant coming from HW). @@ -563,7 +563,7 @@ static bool g2f_individual_key_pair(const struct u2f_state *state, p256_int *d, hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, state->salt, sizeof(state->salt), NULL, 0, - HMAC_DRBG_DO_NOT_AUTO_RESEED); + 16); do { /** diff --git a/board/cr50/fips_cmd.c b/board/cr50/fips_cmd.c index 5dbe19a291..816e5280d6 100644 --- a/board/cr50/fips_cmd.c +++ b/board/cr50/fips_cmd.c @@ -146,6 +146,16 @@ static int cmd_fips_status(int argc, char **argv) fips_break_cmd = FIPS_BREAK_TRNG; else if (!strncmp(argv[1], "sha", 3)) fips_break_cmd = FIPS_BREAK_SHA256; + else if (!strncmp(argv[1], "hmac", 4)) + fips_break_cmd = FIPS_BREAK_HMAC_SHA256; + else if (!strncmp(argv[1], "drbg", 4)) + fips_break_cmd = FIPS_BREAK_HMAC_DRBG; + else if (!strncmp(argv[1], "ecdsa", 5)) + fips_break_cmd = FIPS_BREAK_ECDSA; + else if (!strncmp(argv[1], "pwct", 4)) + fips_break_cmd = FIPS_BREAK_ECDSA_PWCT; + else if (!strncmp(argv[1], "none", 4)) + fips_break_cmd = FIPS_NO_BREAK; #endif } return 0; -- cgit v1.2.1