diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-23 14:26:42 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-09-23 23:10:28 +0000 |
commit | 78d460f72b65a2a01f81c2bc115da96bc331f5df (patch) | |
tree | efd5819b3dd120fcc14a5641bf32c280b0f4690e | |
parent | 0fddca859765b416ea658195447ba8741f1e1cc0 (diff) | |
download | chrome-ec-78d460f72b65a2a01f81c2bc115da96bc331f5df.tar.gz |
cr50: move FIPS DRBG initialization check into fips_drbg_init()
To drop dependency on internal rand_state.drbg_initialized in functions
located in other sources, slightly change fips_drbg_init() logic to
avoid initialization if already initialized.
Also update 0/1 to false/true as rand_state.drbg_initialized is bool.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_tests
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Ia541266c36793c65dffce27a60a20ae25e10f92c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3179316
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
-rw-r--r-- | board/cr50/dcrypto/fips_rand.c | 17 |
1 files changed, 9 insertions, 8 deletions
diff --git a/board/cr50/dcrypto/fips_rand.c b/board/cr50/dcrypto/fips_rand.c index e3dcf4d298..3c3b4bbfb6 100644 --- a/board/cr50/dcrypto/fips_rand.c +++ b/board/cr50/dcrypto/fips_rand.c @@ -248,6 +248,8 @@ bool fips_drbg_init(void) if (!fips_crypto_allowed()) return false; + if (rand_state.drbg_initialized) + return true; /** * initialize DRBG with 440 bits of entropy as required * by NIST SP 800-90A 10.1. Includes entropy and nonce, @@ -270,7 +272,7 @@ bool fips_drbg_init(void) 0); set_fast_random_seed((uint32_t)fips_trng32(0)); - rand_state.drbg_initialized = 1; + rand_state.drbg_initialized = true; return true; } @@ -278,7 +280,7 @@ bool fips_drbg_init(void) void fips_drbg_clear(void) { drbg_exit(&fips_drbg); - rand_state.drbg_initialized = 0; + rand_state.drbg_initialized = false; } static bool fips_drbg_reseed_with_entropy(struct drbg_ctx *ctx) @@ -310,13 +312,13 @@ enum hmac_result fips_hmac_drbg_generate_reseed(struct drbg_ctx *ctx, void *out, bool fips_rand_bytes(void *buffer, size_t len) { - if (!fips_crypto_allowed()) - return false; /** * make sure cr50 DRBG is initialized after power-on or resume, * but do it on first use to minimize latency of board_init() + * + * fips_drbg_init() also checks for fips_crypto_allowed(). */ - if (!rand_state.drbg_initialized && !fips_drbg_init()) + if (!fips_drbg_init()) return false; /* HMAC_DRBG can only return up to 7500 bits in a single request */ @@ -354,10 +356,9 @@ enum hmac_result fips_p256_hmac_drbg_generate(struct drbg_ctx *drbg, int fips_p256_ecdsa_sign(const p256_int *key, const p256_int *message, p256_int *r, p256_int *s) { - if (!fips_crypto_allowed()) + /* Also check for fips_crypto_allowed(). */ + if (!fips_drbg_init()) return 0; - if (!rand_state.drbg_initialized && !fips_drbg_init()) - return false; return dcrypto_p256_fips_sign_internal(&fips_drbg, key, message, r, s); } |