The TPM test directory has bitrotted and does not compile any more,
leave alone pass tests. This patch updates the tests to match changed
EC codebase:
test/tpm_test/Makefile - look for include files in more directories
test/tpm_test/bn_test.c - add implementation of always_memset() which
for the EC tree now comes from a different tree and provide a plug
for watchdog_reload() which is no used by dcrypto code (which in
fact is not a good idea, but an issue for another day).
test/tpm_test/hash_test.py - update to match new format of return messages
test/tpm_test/upgrade_test.py - update to match the new format of
return messages and limit the test to installing just 2K worth of
data
BRANCH=cr50
BUG=none
TEST=./test/tpmtest/tpmtest.py now passes
Change-Id: Ibcd7fcfba06cd83023e35a2ac4f37ec896492ad4
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/665322
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Add support for verifying messages signed
with 4096-bit RSA keys. Such messages may
be generated by host side applications.
Also update tpmtest.py to test 4k verification.
BRANCH=none
BUG=none
TEST=added new tests to tpmtest.py; TCG tests pass
Change-Id: I7450bd710c154c68c030ce176bfe7becbfbcb729
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/428220
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Update tpmtest.py to handle a success command code
(i.e. return value of 0) as per change
12da6c23fb
This change makes the test suite runnable (not all
tests pass though - sha and upgrade tests are broken).
Also rename local variable subcmd to avoid a name collision.
BUG=none
BRANCH=none
TEST=tpmtest.py passes, except for sha & upgrade
Change-Id: I927ead775a1e41b9abf9f905b9f191e8bd5e108b
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/411535
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Use the 'echo' command to suppress unwanted build output when V=0.
Signed-off-by: Simon Glass <sjg@chromium.org>
BUG=chromium:680243
BRANCH=none
TEST=V=0 emerge-reef chromeos-ec; See that the tpm output is gone
Change-Id: Ia742b0b5270b969ec4f51967810e616348e39dbd
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/427365
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This change introduces a larger range of tests
for bn_modinv_vartime. The tests are designed
to run on a host, and compare results against
openssl.
BRANCH=none
BUG=chrome-os-partner:47524
TEST=bn_test passes
Change-Id: I2d6ea4824fa82f78f8797c0cfc2cf0dce03e8923
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/365232
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Add tests for CBC, CFB and OFB AES modes.
Also convert tests to use word unligned
input parameters, to ensure that the api's
are unalignment agnostic.
Also add the program used for generating
test vectors.
BRANCH=none
BUG=chrome-os-partner:56413
TEST=tpmtest.py passes
Change-Id: I92c9ffece797aa7134d9cdad6ea32e6fe50feef1
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/374663
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
I keep thinking this refers to "Embedded Controller" instead of
"Elliptic Curve Cryptography". Make it clearer.
There's no functional change, I'm just renaming a constant.
BUG=none
BRANCH=none
TEST=make buildall; run tests on Cr50 dev board
make -C test/tpm_test && sudo ./test/tpm_test/tpmtest.py
Change-Id: Iaf2e2839e88fdbbcb1a712934be56a0dd47e4a70
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/366752
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The chip revision and board version show up on the second line of
the returned string, immediately before the build info.
BRANCH=none
BUG=chrome-os-partner:55558
TEST=Queried version string using tpm_test
make -C test/tpm_test && sudo ./test/tpm_test/tpmtest.py
Starting MPSSE at 800 kHz
Connected to device vid:did:rid of 1ae0:0028:00
RO_A:* 0.0.2/d0c9abe3 RO_B: 0.0.2/13eda43f RW_A: cr50_ [...]
B2:0 cr50_v1.1.5013-ab0e228+ [...]
^^^^
Change-Id: Iaa1efe5dca441aca24f281f76c1f218e24c844be
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/365421
Reviewed-by: Vadim Bendebury <vbendeb@google.com>
The SoC looks for two RO images at reset, and is typically
configured for two RW images as well. This CL reports version
strings for all those images, as well as identifying the active
RO and RW copies.
Since the RO image doesn't contain a version string, we create
one using the epoch_, major_, minor_, and img_chk_ members of its
signed header.
BUG=chrome-os-partner:55558
BRANCH=none
TEST=make buildall; run on Cr50 hardware
The "version" command now includes information like this:
RO_A: * 0.0.2/a3c3d5ea
RO_B: 0.0.2/8895c9eb
RW_A: cr50_v1.1.4965-a6c1c73-dirty
RW_B: * cr50_v1.1.4959-2f49d5c
The '*' indicates the active image.
The test/tpm_test/tpmtest.py program has been updated to request
the version information at startup, and it also now reports
similar information, just all on one line:
RO_A:* 0.0.2/a3c3d5ea RO_B: 0.0.2/8895c9eb RW_A: cr50_v1.1 ...
The active images are marked with a '*' following the ':', so
that the same regexp can match either format:
($ro, $rw) = m/RO_[AB]:\s*\*\s+(\S+).*RW_[AB]:\s*\*\s+(\S+)/s;
Change-Id: Ic27e295d9122045b2ec5a638933924b65ecc8e43
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/362861
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The fix for SPI bus base address missed the tpm test driver, this patch
fixes the issue.
BRANCH=none
BUG=chrome-os-partner:54720
TEST=tpmtest.py connects over ftdi & tests pass
Change-Id: I5a59a6e089aee5a7c25466e0d183f3647c67343a
Signed-off-by: nagendra modadugu <ngm@google.com>
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/356556
Add a test that verifies RSA keygen from a fixed seed and
template from the TCG EK Credential Profile spec.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests under test/tpmtest pass
Change-Id: I2f1cfb8460a0497c93079b89b9ff4e031eaff358
Reviewed-on: https://chromium-review.googlesource.com/356561
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Add a certificate verifier, so that endorsement
certificates may be verified upon installation.
Doing so allows for catching certificate errors early.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=all tests in test/tpm_test/tpmtest.py pass
Change-Id: I9339a6bc36e4d82ae875ce774e31848ae983fa1f
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/351031
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Add tests for RSA-1024, and created partner CRBUG/53893
to track issue discovered with 1024-bit modinv.
1024-bit RSA support being added in preparation
for a forthcoming hardware based implementation.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524,chrome-os-partner:53893
TEST=all tests in test/tpm_test/tpmtest.py pass
Change-Id: I6b5aaeffc9df1cbbe403535fd21cdd377b42c38e
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/348490
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
The counter used for prime generation should be
incremented after each success / failure. Not doing
so results in duplicate primes being picked when
a label is explicitly specified.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=all tests in test/tpm_test/tpmtest.py pass
Change-Id: Ib2fd0e7fa6255b04946e6d2808e8c67a2199fb55
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/346056
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Prime generation uses a sieve to amortize division
with small primes. Otherwise this a standard
Miller-Rabin implementation.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests under test/tpm2 pass
Change-Id: I9f84d1f9c911f6146e4bd80296f75157a191552d
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/335222
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
Implement _cpri__TestKeyRSA, which computes
the modulus and private exponent given a
pair of primes, or computes the second prime
and private exponent given the modulus and
one prime.
The _cpri__TestKeyRSA call is used to determine
whether the components of an RSA key match each other.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests in test/tpm/tpmtest.py pass
Change-Id: I2c68d844f4bab207588cbda5c962b09078519a1a
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/330466
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Add support for SHA256 based HKDF key
derivation as specified in RFC 5869. This
change includes test vectors from the RFC.
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests under test/tpm2 pass
Change-Id: I7d0e4e92775b74c41643f45587fc08f56d8916aa
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/336091
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
The new debug board presents itself as a yet another USB device, it
uses interface 1 for SPI.
Add it to the table of devices we try to use.
BRANCH=none
BUG=none
TEST=./test/tpm_test/tpm_test.py now succeeds again.
Change-Id: Id14f17de6eff081bebed49d22ddc4b19cd39c2b0
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/338862
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
If the Cr50 is in deep sleep, it does a full warm boot when it
sees the SPS_CS_L assert. The master doesn't wait for it to
boot (because it doesn't know it has to) and starts clocking in
data bits right away. The Cr50 can't set up the SPS controller
quickly enough to capture those bits, so the first N bits/bytes
are lost and the master keeps clocking, waiting for the SPI
response which it will never get.
To be certain that the Cr50 is awake, this CL causes the
test (master) to assert SPS_CS_L briefly, then wait a little bit
for the Cr50 to wake up from deep sleep (50ms should be plenty),
and THEN it can send the rest of the SPI traffic.
The Cr50 won't enter deep sleep until it's been at least a second
since the last SPI activity, so we don't have to worry about it
going to sleep between SPI commands as long as they're not
terribly far apart.
The kernel driver will have to implement this same hack too,
since the SPI bus doesn't have a suspend/resume protocol like the
USB does. We've known this for some time. It would be nice if
this weren't needed, but it's a hardware constraint.
BUG=chrome-os-partner:49955, chrome-os-partner:52019, b:28018682
BRANCH=none
TEST=make buildall; test on Cr50
Ensure that the Cr50 invokes sleep or deep sleep when idle (refer
to previous commit messages for the setup required), then
cd test/tpm_test
make
./tpmtest.py
Before this CL, the test hung or failed because it couldn't get a
quick response from the Cr50. With this CL, the Cr50 wakes up and
the test passes.
Change-Id: I581475726313981a780beaaa37638e9c3b9ebec5
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/336837
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
NULL padding (aka vanilla RSA) support is required by
the TPM2 test suite (referred to as TPM_ALG_NULL in the
tpm2 source).
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests under test/tpm2 pass
Change-Id: I9848fad3b44add05a04810ecd178fbad20ae92cc
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/328830
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Nagendra Modadugu <ngm@google.com>
It was observed that the b1 test board falls into bootstrap mode once
the reset button is pressed after a firmware upgrade.
The reason turns out to be that the wrong lead was considered to be
the reset pin, the BIO4, responsible for bootstrapping, was used
instead of the reset pin.
Come to think of it, there is no need to reset the device each time
the FTDI SPI interface is initialized. Let's just drive the bootsrtap
pin to the correct level and not generate the reset pulse at all.
BRANCH=none
BUG=chrome-os-partner:37754
TEST=pressing the reset button on the b1 board now properly restarts
the device.
Change-Id: I123dad8043807c8ff01e12254f9efc2f0d1aaa13
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/328811
Reviewed-by: Marius Schilder <mschilder@chromium.org>
This extends the test harness with a test verifying firmware upgrade.
The test in fact just determines the area available for upgrade, picks
the appropriate image and sends it to the device, 1K at a time.
The test does not verify that the device in fact switched to the new
image, the test succeeds if the device accepts all update messages.
BRANCH=none
BUG=chrome-os-partner:37774
TEST=verified that all tests still pass:
$ ./test/tpm_test/tpmtest.py
Starting MPSSE at 800 kHz
Connected to device vid:did:rid of 1ae0:0028:00
SUCCESS: AES:ECB common
SUCCESS: AES:ECB128 1
SUCCESS: AES:ECB192 1
SUCCESS: AES:ECB256 1
SUCCESS: AES:ECB256 2
SUCCESS: AES:CTR128I 1
SUCCESS: AES:CTR256I 1
SUCCESS: EC-SIGN:NIST-P256:ECDSA
New max timeout: 1 s
SUCCESS: EC-KEYGEN:NIST-P256
SUCCESS: EC-KEYDERIVE:NIST-P256
SUCCESS: sha1:single:0
SUCCESS: sha256:single:0
SUCCESS: sha1:single:3
SUCCESS: sha256:single:3
SUCCESS: sha256:finish:1
SUCCESS: sha1:finish:3
SUCCESS: sha256:finish:2
-New max timeout: 3 s
SUCCESS: RSA-ENC:OAEP:SHA1:768
SUCCESS: RSA-ENC:OAEP:SHA256:768
SUCCESS: RSA-ENC:PKCS1-ES:NONE:768
New max timeout: 49 s
SUCCESS: RSA-ENC:PKCS1-ES:NONE:2048
SUCCESS: RSA-SIGN:PKCS1-SSA:SHA1:768
SUCCESS: RSA-SIGN:PKCS1-SSA:SHA256:768
SUCCESS: Firmware upgrade
Change-Id: I49052feb8e97a3e281bb20b7fddc359a55e96ae3
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/327416
Reviewed-by: Nagendra Modadugu <ngm@google.com>
The ultra debug board uses a different FTDI chip (vid:did 0403:6010),
which has two ports.
The SPI interface on this chip is hooked up to the second port, but
the code indiscriminately uses the first port when trying to open the
SPI channel, on all devices known to it.
Adding a new field in the supported_devices table allows to keep
default behavior, but use port B (the second port) when required.
Also, fix printout formatting problem.
BRANCH=none
BUG=chrome-os-partner:37754
TEST=tpmtest succeeds with the new board
Change-Id: I01f7937444c8df61d7439a66d9da89fb2cac5372
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/327232
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
There is no point in defining tpm test exception classes per test
type, one common class is enough, especially if the source module of
the exception is reported.
BRANCH=none
BUG=none
TEST=tried running the test without the USB FTDI cable plugged in, got
the following error message:
$ ./test/tpm_test/tpmtest.py
Starting MPSSE at 800 kHz
Error in tpmtest.py:54: Failed to connect
$
Change-Id: I5642aa70c8a581099887b58e3a436d7f8d7608a1
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/327300
Reviewed-by: Nagendra Modadugu <ngm@google.com>
For some reason the default linker does not find libftdi1 anymore.
Other Chrome OS packages linking to this library still build just
fine, it turns out they are using the default gcc for linking.
Let's do the same for building tpmtest library.
BRANCH=none
BUG=none
TEST=the following sequence now works fine:
cd test/tmp_test
touch *
make
and the resulting library allows to successfully run TPM tests on
the b1 board.
Change-Id: I10fe51a4747a3527b500d3255d8347e6a689c345
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/327065
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
The implementation for sha256_hash() copied
and incorrect number of bytes to the output.
This change provides a fix and a test.
TEST=added test case
BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
Change-Id: I74e98c6f5005a14dd5c0ca19ea7540622dd6c7d7
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/324391
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Includes support for encrypt / decrypt,
and sign / verify; padding schemes OAEP /
PKCS1; supporting bignum library.
RSA key sizes must be a multiple of 32-bits
(with the top bit set). Keying material,
input and output buffers are required to be
word-aligned.
BRANCH=none
TEST=added encrypt/decrypt sign/verify tests, compatibility with openssl tested
BUG=chrome-os-partner:43025,chrome-os-partner:47524
Change-Id: I6bc324c651e3178bb45bb75ab5935d9bc07efbce
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/316942
Commit-Ready: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
The new module generates hash test extension subcommands, driven by
the 'test_inputs' table.
Each table entry is a tuple, including the test name and the data to
be hashed. The test name determines the hash type (sha1 or sha256) and
the test mode (single or spread over several messages). The last
element of the name is the context number (ignored in single message
mode).
The hash extended command payload looks as follows:
field | size | note
===================================================================
hash_cmd | 1 | 0 - start, 1 - cont., 2 - finish, 4 - single
hash_mode | 1 | 0 - sha1, 1 - sha256
handle | 1 | session handle, ignored in 'single' mode
text_len | 2 | size of the text to process, big endian
text | text_len | text to hash
BRANCH=none
BUG=chrome-os-partner:43025
TEST=currently failing, a couple of hash code tweaks needed, see
upcoming patches.
Change-Id: Ie992bf01cae3c5278110357b482370b2fc11c70f
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/314693
Reviewed-by: Randall Spangler <rspangler@chromium.org>
This is a no-op change moving some common code out of tpmtest.py,
preparing it to support different testing modes.
BRANCH=none
BUG=chrome-os-partner:43025
TEST=the AES test still succeeds:
$ test/tpm_test/tpmtest.py
Starting MPSSE at 800 kHz
Connected to device vid:did:rid of 1ae0:0028:00
SUCCESS: AES:ECB common
SUCCESS: AES:ECB128 1
SUCCESS: AES:ECB192 1
SUCCESS: AES:ECB256 1
SUCCESS: AES:ECB256 2
SUCCESS: AES:CTR128I 1
SUCCESS: AES:CTR256I 1
Change-Id: Ia6e0e3e89f99875297da0a4f6137de5901c8ca08
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/314691
Reviewed-by: Randall Spangler <rspangler@chromium.org>
The extended command code is fixed, there is no need to pass it as a
parameter when calling functions wrapping and unwrapping extended
commands.
BRANCH=none
BUG=chrome-os-partner:43025
TEST=AES tests still pass:
$ ./test/tpm_test/tpmtest.py
Starting MPSSE at 800 kHz
Connected to device vid:did:rid of 1ae0:0028:00
SUCCESS: AES:ECB common
SUCCESS: AES:ECB128 1
SUCCESS: AES:ECB192 1
SUCCESS: AES:ECB256 1
SUCCESS: AES:ECB256 2
SUCCESS: AES:CTR128I 1
-New max timeout: 1 s
SUCCESS: AES:CTR256I 1
Change-Id: Ic0c9d7983755de8380b57e841891fd638ef2c62a
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/314690
Reviewed-by: Nagendra Modadugu <ngm@google.com>
The utility builds on the extended command protocol recently
introduced in the EC and allows to test implementation of various
cryptographic primitives available on CR50.
This patch brings in the ftdi_spi_tpm.c and mpsse.c from the AOSP
trunksd package. mpsse.c has been modified to limit its feature set
(no i2c or bigbang support, only SPI0 mode), and ftdit_spi_tpm.c has
been modified to properly present binary strings to the Python swig
wrapper.
The crypro_test.xml file includes descriptions of the tests to perform
on the target. Most of its contents other than the first crypto_test
element are borrowed from NIST AES test vectors set. See file header
for description of the contents format.
The actual test command is the tpmtest.py. When started it establishes
connection with the device, and then reads test vectors from
crypto_test.xml and executes them one at a time.
Starting the test program with the -d command line argument enables
debug output sent to the console.
There are some other programs in ./extras which use the mpsse.c from
AOSP, they will have to be modified to use the local copy.
BRANCH=none
BUG=chrome-os-partner:43025
TEST=ran the following in the directory:
$ make # output suppressed
$ ./tpmtest.py
Starting MPSSE at 800 kHz
Connected to device vid:did:rid of 1ae0:0028:00
\New max timeout: 1 s
SUCCESS: AES:ECB common
SUCCESS: AES:ECB128 1
SUCCESS: AES:ECB192 1
SUCCESS: AES:ECB256 1
SUCCESS: AES:ECB256 2
SUCCESS: AES:CTR128I 1
SUCCESS: AES:CTR256I 1
- temporarily corrupted the contents of the clear_text element of 'AES:ECB common':
$ ./tpmtest.py
Starting MPSSE at 800 kHz
Connected to device vid:did:rid of 1ae0:0028:00
|
Out text mismatch in node AES:ECB common, operation 1:
In text:
74 68 69 73 20 20 69 73 20 74 68 65 20 74 65 78
74 20 77 68 69 63 68 20 77 69 6c 6c 20 62 65 20
65 6e 63 72 79 70 74 65 64 20 69 66 20 65 76 65
72 79 74 68 69 6e 67 20 69 73 20 67 6f 69 6e 67
20 66 69 6e 65 2e 20
Expected out text:
3d e2 0f f9 ee d9 62 ce f0 8a 17 57 c6 04 86 d0
3d ec 44 72 d8 79 18 87 3f 31 81 6d 66 4c bb 10
da 8d e0 9f 63 67 b3 cc 64 b4 e8 bd 12 b0 a9 c9
09 6d f0 9f a4 e2 ae fb 0d fe 1c 90 6c e2 fe f0
68 8f b5 34 07 76 e2 a9 72 8e dd 7b 8b 52 2b 8b
Real out text:
f9 50 fe 93 c9 3f cb e5 9e e0 a4 7e 51 1a bb a0
36 2f d1 d6 5f a8 1d 22 5a 1a bb f7 e6 65 89 55
ad e8 f5 8f 1a 20 ff a5 c4 de 76 3e b8 ef cc 8d
9d 94 b8 89 22 1c c9 2a 43 58 c3 8c 75 9f 9f 56
ab 2f 89 1a f6 a0 36 8b 95 23 91 d6 23 47 77 36
Change-Id: I2687ac03236b528e71b92df7cb35606e473ab2c5
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/313443
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
