summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVadim Bendebury <vbendeb@chromium.org>2017-09-27 16:07:21 -0700
committerchrome-bot <chrome-bot@chromium.org>2017-10-02 23:28:23 -0700
commit5ee37253d7213964c8a19129932fc68d30f10aae (patch)
treef1d78034a00485244a877a9dde6d4b5a4c418e78
parent97c2ae1138fb6370d4b45d1ba9251c95e26a685e (diff)
downloadchrome-ec-5ee37253d7213964c8a19129932fc68d30f10aae.tar.gz
common: allow rma_auth to work with both crypto and dcrypto
On Cr50 the crypto library has a slightly different API, as indicated by the presence of the CONFIG_DCRYPTO configuration option. This patch provides a wrapper which allows to calculate a SHA256 HMAC hash using either underlying crypto API. BRANCH=cr50 BUG=b:37952913 TEST=make buildall -j Change-Id: Ibb8c60e50139fd5506a4dd5f2ed19653c68af8cb Signed-off-by: Vadim Bendebury <vbendeb@chromium.org> Reviewed-on: https://chromium-review.googlesource.com/690440 Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r--common/rma_auth.c23
1 files changed, 21 insertions, 2 deletions
diff --git a/common/rma_auth.c b/common/rma_auth.c
index f178524927..5b932235c9 100644
--- a/common/rma_auth.c
+++ b/common/rma_auth.c
@@ -10,11 +10,15 @@
#include "chip/g/board_id.h"
#include "curve25519.h"
#include "rma_auth.h"
-#include "sha256.h"
#include "system.h"
#include "timer.h"
#include "util.h"
+#ifdef CONFIG_DCRYPTO
+#include "dcrypto.h"
+#else
+#include "sha256.h"
+#endif
/* Minimum time since system boot or last challenge before making a new one */
#define CHALLENGE_INTERVAL (10 * SECOND)
@@ -30,6 +34,21 @@ static char authcode[RMA_AUTHCODE_BUF_SIZE];
static int tries_left;
static uint64_t last_challenge_time;
+static void get_hmac_sha256(void *hmac_out, const uint8_t *secret,
+ size_t secret_size, const void *ch_ptr,
+ size_t ch_size)
+{
+#ifdef CONFIG_DCRYPTO
+ LITE_HMAC_CTX hmac;
+
+ DCRYPTO_HMAC_SHA256_init(&hmac, secret, secret_size);
+ HASH_update(&hmac.hash, ch_ptr, ch_size);
+ memcpy(hmac_out, DCRYPTO_HMAC_final(&hmac), 32);
+#else
+ hmac_SHA256(hmac_out, secret, secret_size, ch_ptr, ch_size);
+#endif
+}
+
/**
* Create a new RMA challenge/response
*
@@ -83,7 +102,7 @@ int rma_create_challenge(void)
* and DeviceID. Those are all in the right order in the challenge
* struct, after the version/key id byte.
*/
- hmac_SHA256(temp, secret, sizeof(secret), cptr + 1, sizeof(c) - 1);
+ get_hmac_sha256(temp, secret, sizeof(secret), cptr + 1, sizeof(c) - 1);
if (base32_encode(authcode, sizeof(authcode), temp,
RMA_AUTHCODE_CHARS * 5, 0))
return EC_ERROR_UNKNOWN;