[crypto/entropy] Set FIPS thresholds

Set the entropy source driver to align with certified
NIST SP 800-90B requirements.

Specific changes include:

- NIST 800-90B Health Test Thresholds: Increased the `fips_test_window_size` to 2048 bits to comply with
        FIPS standards for binary noise sources.
- Bypass Register Configuration: Updated the `SET_FIPS_THRESH` and `VERIFY_FIPS_THRESH` macros to
        write and verify both the `FIPS_THRESH` and `BYPASS_THRESH` fields
        simultaneously.

Note: CSRNG `FIPS_FORCE_ENABLE` and EDN continuous polling rates remain at
their defaults to ensure the FIFO does not run empty with, for exmaple, the OTBN during the initial TRNG FIPS warm-up phase.

Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>

Author: siemen11

sw/device/lib/crypto/drivers/entropy.c

@@ -36,7 +36,7 @@ enum {
   kEntropyCsrngBitsBufferNumWords = 4,
 
   // Fast timeout for checking if hardware is ready to accept a command word
-  kEntropyPollReadyTimeout = 100,
+  kEntropyPollReadyTimeout = 1000000,
   // Longer timeout for waiting for a command to finish executing
   kEntropyPollCmdDoneTimeout = 1000000,
   // Timeout for waiting for GenBits to become valid
@@ -237,16 +237,15 @@ static const entropy_complex_config_t
                         .route_to_firmware = kMultiBitBool4False,
                         .bypass_conditioner = kMultiBitBool4False,
                         .single_bit_mode = kMultiBitBool4False,
-                        .fips_test_window_size = 0x200,
-                        .alert_threshold = 2,
-                        // TODO(#19392): Figure out appropriate thresholds.
-                        .repcnt_threshold = 0xffff,
-                        .repcnts_threshold = 0xffff,
-                        .adaptp_hi_threshold = 0xffff,
-                        .adaptp_lo_threshold = 0x0,
-                        .bucket_threshold = 0xffff,
-                        .markov_hi_threshold = 0xffff,
-                        .markov_lo_threshold = 0x0,
+                        .fips_test_window_size = 2048,
+                        .alert_threshold = 4,
+                        .repcnt_threshold = 81,
+                        .repcnts_threshold = 21,
+                        .adaptp_hi_threshold = 1591,
+                        .adaptp_lo_threshold = 2048 - 1591,  // 457
+                        .bucket_threshold = 201,
+                        .markov_hi_threshold = 824,
+                        .markov_lo_threshold = 1024 - 824,  // 200
                         .extht_hi_threshold = 0xffff,
                         .extht_lo_threshold = 0x0,
                     },
@@ -464,9 +463,7 @@ static status_t csrng_send_app_cmd(uint32_t base_address,
       // The non-Generate commands complete earlier, so poll the "command
       // request done" interrupt bit.  Once it is set, the "status" bit is
       // updated.
-      uint32_t timeout = (cmd.id == kEntropyDrbgOpInstantiate)
-                             ? kEntropyPollCmdDoneTimeout
-                             : kEntropyPollReadyTimeout;
+      uint32_t timeout = kEntropyPollCmdDoneTimeout;
       do {
         reg = abs_mmio_read32(kBaseCsrng + CSRNG_INTR_STATE_REG_OFFSET);
       } while (
@@ -668,19 +665,19 @@ static void entropy_complex_stop_all(void) {
 /**
  * Set the value of an entropy_src threshold register.
  *
- * Only sets the FIPS threshold value, not the bypass threshold field; for the
- * bypass threshold we use the reset value, which is ignored if looser than the
- * thresholds already set.
+ * Sets both the FIPS and BYPASS threshold fields to the same value.
  *
  * @param name Name of register (e.g. REPCNT, BUCKET).
- * @param value Value to set for the FIPS_THRESH field.
+ * @param value Value to set for the FIPS_THRESH and BYPASS_THRESH fields.
  */
-#define SET_FIPS_THRESH(name, value)                                \
-  abs_mmio_write32(                                                 \
-      kBaseEntropySrc + ENTROPY_SRC_##name##_THRESHOLDS_REG_OFFSET, \
-      bitfield_field32_write(                                       \
-          ENTROPY_SRC_##name##_THRESHOLDS_REG_RESVAL,               \
-          ENTROPY_SRC_##name##_THRESHOLDS_FIPS_THRESH_FIELD, value));
+#define SET_FIPS_THRESH(name, value)                                     \
+  abs_mmio_write32(                                                      \
+      kBaseEntropySrc + ENTROPY_SRC_##name##_THRESHOLDS_REG_OFFSET,      \
+      bitfield_field32_write(                                            \
+          bitfield_field32_write(                                        \
+              ENTROPY_SRC_##name##_THRESHOLDS_REG_RESVAL,                \
+              ENTROPY_SRC_##name##_THRESHOLDS_FIPS_THRESH_FIELD, value), \
+          ENTROPY_SRC_##name##_THRESHOLDS_BYPASS_THRESH_FIELD, value));
 
 /**
  * Configures the entropy_src with based on `config` options.
@@ -727,6 +724,10 @@ static status_t entropy_src_configure(const entropy_src_config_t *config) {
       bitfield_field32_write(ENTROPY_SRC_HEALTH_TEST_WINDOWS_REG_RESVAL,
                              ENTROPY_SRC_HEALTH_TEST_WINDOWS_FIPS_WINDOW_FIELD,
                              config->fips_test_window_size);
+  health_test_windows = bitfield_field32_write(
+      health_test_windows, ENTROPY_SRC_HEALTH_TEST_WINDOWS_BYPASS_WINDOW_FIELD,
+      0x60);
+
   abs_mmio_write32(kBaseEntropySrc + ENTROPY_SRC_HEALTH_TEST_WINDOWS_REG_OFFSET,
                    health_test_windows);
 
@@ -777,18 +778,20 @@ static status_t entropy_src_configure(const entropy_src_config_t *config) {
 /**
  * Verify the value of an entropy_src threshold register.
  *
- * Only checks the FIPS threshold value, not the bypass threshold field.
+ * Checks both the FIPS and BYPASS threshold values.
  *
  * @param name Name of register (e.g. REPCNT, BUCKET).
- * @param exp Expected value of the FIPS_THRESH field.
+ * @param exp Expected value of the FIPS_THRESH and BYPASS_THRESH fields.
  */
 #define VERIFY_FIPS_THRESH(name, exp)                                  \
   do {                                                                 \
     uint32_t reg = abs_mmio_read32(                                    \
         kBaseEntropySrc + ENTROPY_SRC_##name##_THRESHOLDS_REG_OFFSET); \
-    uint32_t act = bitfield_field32_read(                              \
+    uint32_t act_fips = bitfield_field32_read(                         \
         reg, ENTROPY_SRC_##name##_THRESHOLDS_FIPS_THRESH_FIELD);       \
-    if (act != exp) {                                                  \
+    uint32_t act_bypass = bitfield_field32_read(                       \
+        reg, ENTROPY_SRC_##name##_THRESHOLDS_BYPASS_THRESH_FIELD);     \
+    if (act_fips != exp || act_bypass != exp) {                        \
       return OTCRYPTO_RECOV_ERR;                                       \
     }                                                                  \
   } while (false);
@@ -847,12 +850,16 @@ static status_t entropy_src_check(const entropy_src_config_t *config) {
     return OTCRYPTO_RECOV_ERR;
   }
 
-  // Check health test window register.
+  // Check health test window register for fips and bypass.
   reg = abs_mmio_read32(kBaseEntropySrc +
                         ENTROPY_SRC_HEALTH_TEST_WINDOWS_REG_OFFSET);
-  if (bitfield_field32_read(
-          reg, ENTROPY_SRC_HEALTH_TEST_WINDOWS_FIPS_WINDOW_FIELD) !=
-      config->fips_test_window_size) {
+  uint32_t act_fips_window = bitfield_field32_read(
+      reg, ENTROPY_SRC_HEALTH_TEST_WINDOWS_FIPS_WINDOW_FIELD);
+  uint32_t act_bypass_window = bitfield_field32_read(
+      reg, ENTROPY_SRC_HEALTH_TEST_WINDOWS_BYPASS_WINDOW_FIELD);
+
+  if (act_fips_window != config->fips_test_window_size ||
+      act_bypass_window != 0x60) {
     return OTCRYPTO_RECOV_ERR;
   }
 

sw/device/tests/crypto/BUILD

@@ -219,9 +219,9 @@ opentitan_test(
     deps = [
         "//sw/device/lib/crypto/drivers:otbn",
         "//sw/device/lib/crypto/impl:ecc_p256",
+        "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/crypto/include:datatypes",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
 )
@@ -235,11 +235,11 @@ opentitan_test(
     ),
     deps = [
         "//sw/device/lib/crypto/impl:ecc_p256",
+        "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/crypto/impl:keyblob",
         "//sw/device/lib/crypto/impl:sha2",
         "//sw/device/lib/crypto/impl/ecc:p256",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
 )
@@ -254,9 +254,9 @@ opentitan_test(
     deps = [
         "//sw/device/lib/crypto/drivers:otbn",
         "//sw/device/lib/crypto/impl:ecc_p384",
+        "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/crypto/include:datatypes",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
 )
@@ -270,11 +270,11 @@ opentitan_test(
     ),
     deps = [
         "//sw/device/lib/crypto/impl:ecc_p384",
+        "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/crypto/impl:keyblob",
         "//sw/device/lib/crypto/impl:sha2",
         "//sw/device/lib/crypto/impl/ecc:p384",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
 )
@@ -289,8 +289,8 @@ opentitan_test(
     deps = [
         "//sw/device/lib/crypto/drivers:otbn",
         "//sw/device/lib/crypto/impl:ecc_p256",
+        "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
 )
@@ -308,8 +308,8 @@ opentitan_test(
     deps = [
         "//sw/device/lib/crypto/drivers:otbn",
         "//sw/device/lib/crypto/impl:ecc_p384",
+        "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
 )
@@ -330,7 +330,6 @@ opentitan_test(
         "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/crypto/impl:key_transport",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing:keymgr_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
@@ -352,7 +351,6 @@ opentitan_test(
         "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/crypto/impl:key_transport",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing:keymgr_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
@@ -368,11 +366,11 @@ opentitan_test(
     deps = [
         "//sw/device/lib/crypto/drivers:otbn",
         "//sw/device/lib/crypto/impl:ecc_p256",
+        "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/crypto/impl:keyblob",
         "//sw/device/lib/crypto/impl:sha2",
         "//sw/device/lib/crypto/include:datatypes",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
 )
@@ -390,11 +388,11 @@ opentitan_test(
     deps = [
         "//sw/device/lib/crypto/drivers:otbn",
         "//sw/device/lib/crypto/impl:ecc_p384",
+        "//sw/device/lib/crypto/impl:entropy_src",
         "//sw/device/lib/crypto/impl:keyblob",
         "//sw/device/lib/crypto/impl:sha2",
         "//sw/device/lib/crypto/include:datatypes",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
 )
@@ -760,7 +758,6 @@ opentitan_test(
         "//sw/device/lib/crypto/impl:sha2",
         "//sw/device/lib/crypto/impl/rsa:rsa_datatypes",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing:profile",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
@@ -810,7 +807,6 @@ opentitan_test(
         "//sw/device/lib/crypto/impl:sha2",
         "//sw/device/lib/crypto/impl/rsa:rsa_datatypes",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing:profile",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],
@@ -858,7 +854,6 @@ opentitan_test(
         "//sw/device/lib/crypto/impl:sha2",
         "//sw/device/lib/crypto/impl/rsa:rsa_datatypes",
         "//sw/device/lib/runtime:log",
-        "//sw/device/lib/testing:entropy_testutils",
         "//sw/device/lib/testing:profile",
         "//sw/device/lib/testing/test_framework:ottf_main",
     ],

sw/device/tests/crypto/ecc_p256_key_import_export_functest.c

@@ -6,9 +6,9 @@
 #include "sw/device/lib/crypto/impl/keyblob.h"
 #include "sw/device/lib/crypto/include/datatypes.h"
 #include "sw/device/lib/crypto/include/ecc_p256.h"
+#include "sw/device/lib/crypto/include/entropy_src.h"
 #include "sw/device/lib/crypto/include/sha2.h"
 #include "sw/device/lib/runtime/log.h"
-#include "sw/device/lib/testing/entropy_testutils.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"
 
@@ -230,7 +230,7 @@ static status_t ecdh_key_mode_test(void) {
 OTTF_DEFINE_TEST_CONFIG();
 
 bool test_main(void) {
-  CHECK_STATUS_OK(entropy_testutils_auto_mode_init());
+  CHECK_STATUS_OK(otcrypto_entropy_init());
 
   CHECK_STATUS_OK(ecdh_key_mode_test());
 

sw/device/tests/crypto/ecc_p256_point_on_curve_check_functest.c

@@ -5,8 +5,8 @@
 #include "sw/device/lib/crypto/drivers/otbn.h"
 #include "sw/device/lib/crypto/impl/ecc/p256.h"
 #include "sw/device/lib/crypto/include/ecc_p256.h"
+#include "sw/device/lib/crypto/include/entropy_src.h"
 #include "sw/device/lib/runtime/log.h"
-#include "sw/device/lib/testing/entropy_testutils.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"
 
@@ -74,7 +74,7 @@ status_t point_valid_test(void) {
 OTTF_DEFINE_TEST_CONFIG();
 
 bool test_main(void) {
-  CHECK_STATUS_OK(entropy_testutils_auto_mode_init());
+  CHECK_STATUS_OK(otcrypto_entropy_init());
 
   status_t err = point_valid_test();
   if (!status_ok(err)) {

sw/device/tests/crypto/ecc_p384_key_import_export_functest.c

@@ -6,9 +6,9 @@
 #include "sw/device/lib/crypto/impl/keyblob.h"
 #include "sw/device/lib/crypto/include/datatypes.h"
 #include "sw/device/lib/crypto/include/ecc_p384.h"
+#include "sw/device/lib/crypto/include/entropy_src.h"
 #include "sw/device/lib/crypto/include/sha2.h"
 #include "sw/device/lib/runtime/log.h"
-#include "sw/device/lib/testing/entropy_testutils.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"
 
@@ -230,7 +230,7 @@ static status_t ecdh_key_mode_test(void) {
 OTTF_DEFINE_TEST_CONFIG();
 
 bool test_main(void) {
-  CHECK_STATUS_OK(entropy_testutils_auto_mode_init());
+  CHECK_STATUS_OK(otcrypto_entropy_init());
 
   CHECK_STATUS_OK(ecdh_key_mode_test());
 

sw/device/tests/crypto/ecc_p384_point_on_curve_check_functest.c

@@ -5,8 +5,8 @@
 #include "sw/device/lib/crypto/drivers/otbn.h"
 #include "sw/device/lib/crypto/impl/ecc/p384.h"
 #include "sw/device/lib/crypto/include/ecc_p384.h"
+#include "sw/device/lib/crypto/include/entropy_src.h"
 #include "sw/device/lib/runtime/log.h"
-#include "sw/device/lib/testing/entropy_testutils.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"
 
@@ -82,7 +82,7 @@ status_t point_valid_test(void) {
 OTTF_DEFINE_TEST_CONFIG();
 
 bool test_main(void) {
-  CHECK_STATUS_OK(entropy_testutils_auto_mode_init());
+  CHECK_STATUS_OK(otcrypto_entropy_init());
 
   status_t err = point_valid_test();
   if (!status_ok(err)) {

sw/device/tests/crypto/ecdh_p256_functest.c

@@ -6,8 +6,8 @@
 #include "sw/device/lib/crypto/impl/integrity.h"
 #include "sw/device/lib/crypto/impl/keyblob.h"
 #include "sw/device/lib/crypto/include/ecc_p256.h"
+#include "sw/device/lib/crypto/include/entropy_src.h"
 #include "sw/device/lib/runtime/log.h"
-#include "sw/device/lib/testing/entropy_testutils.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"
 
@@ -256,7 +256,7 @@ static status_t run_ecdh_negative_tests(void) {
 OTTF_DEFINE_TEST_CONFIG();
 
 bool test_main(void) {
-  CHECK_STATUS_OK(entropy_testutils_auto_mode_init());
+  CHECK_STATUS_OK(otcrypto_entropy_init());
 
   status_t err = key_exchange_test();
   if (!status_ok(err)) {

sw/device/tests/crypto/ecdh_p256_sideload_functest.c

@@ -9,7 +9,6 @@
 #include "sw/device/lib/crypto/include/entropy_src.h"
 #include "sw/device/lib/crypto/include/key_transport.h"
 #include "sw/device/lib/runtime/log.h"
-#include "sw/device/lib/testing/entropy_testutils.h"
 #include "sw/device/lib/testing/keymgr_testutils.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"

sw/device/tests/crypto/ecdh_p384_functest.c

@@ -6,8 +6,8 @@
 #include "sw/device/lib/crypto/impl/integrity.h"
 #include "sw/device/lib/crypto/impl/keyblob.h"
 #include "sw/device/lib/crypto/include/ecc_p384.h"
+#include "sw/device/lib/crypto/include/entropy_src.h"
 #include "sw/device/lib/runtime/log.h"
-#include "sw/device/lib/testing/entropy_testutils.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"
 
@@ -250,7 +250,7 @@ static status_t run_ecdh_negative_tests(void) {
 OTTF_DEFINE_TEST_CONFIG();
 
 bool test_main(void) {
-  CHECK_STATUS_OK(entropy_testutils_auto_mode_init());
+  CHECK_STATUS_OK(otcrypto_entropy_init());
 
   status_t err = key_exchange_test();
   if (!status_ok(err)) {

sw/device/tests/crypto/ecdh_p384_sideload_functest.c

@@ -9,7 +9,6 @@
 #include "sw/device/lib/crypto/include/entropy_src.h"
 #include "sw/device/lib/crypto/include/key_transport.h"
 #include "sw/device/lib/runtime/log.h"
-#include "sw/device/lib/testing/entropy_testutils.h"
 #include "sw/device/lib/testing/keymgr_testutils.h"
 #include "sw/device/lib/testing/test_framework/check.h"
 #include "sw/device/lib/testing/test_framework/ottf_main.h"