diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2020-06-12 15:54:34 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2020-06-15 17:58:57 +0000 |
commit | a80fb0e310e1b5e9436707d0a928212a47aa21b9 (patch) | |
tree | ee6239fbc46c5bbef1df5ce71ff08b24a7d23639 | |
parent | af8c38689179bb4dfe15dfb98b7de429fe08cf52 (diff) | |
download | chrome-ec-a80fb0e310e1b5e9436707d0a928212a47aa21b9.tar.gz |
hmac_drbg: define error codes, add parameter check
Added check for output len as defined by NIST for HMAC_DRBG and
define error codes instead of constants.
Propagate status for hmac_drbg_generate_p256
BUG=b:138578157
TEST=make buildall ; make BOARD=cr50 ; tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I16a1eac51ca11a6419a86922cfe59c13d9c703a0
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2243762
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
-rw-r--r-- | chip/g/dcrypto/hmac_drbg.c | 22 | ||||
-rw-r--r-- | chip/g/dcrypto/internal.h | 13 |
2 files changed, 21 insertions, 14 deletions
diff --git a/chip/g/dcrypto/hmac_drbg.c b/chip/g/dcrypto/hmac_drbg.c index 0643c9bf84..73df952a67 100644 --- a/chip/g/dcrypto/hmac_drbg.c +++ b/chip/g/dcrypto/hmac_drbg.c @@ -107,14 +107,19 @@ void hmac_drbg_reseed(struct drbg_ctx *ctx, ctx->reseed_counter = 1; } -int hmac_drbg_generate(struct drbg_ctx *ctx, +enum hmac_result hmac_drbg_generate(struct drbg_ctx *ctx, void *out, size_t out_len, const void *input, size_t input_len) { - /* TODO(louiscollard): Assert maximum output length? */ + /* According to NIST SP 800-90A rev 1 B.2 + * Maximum number of bits per request = 7500 bits + * Reseed_interval = 10 000 requests. + */ + if (out_len > 7500 / 8) + return HMAC_DRBG_INVALID_PARAM; - if (ctx->reseed_counter >= 10000) - return 2; + if (ctx->reseed_counter++ >= 10000) + return HMAC_DRBG_RESEED_REQUIRED; if (input_len) update(ctx, input, input_len, NULL, 0, NULL, 0); @@ -130,16 +135,13 @@ int hmac_drbg_generate(struct drbg_ctx *ctx, } update(ctx, input, input_len, NULL, 0, NULL, 0); - ctx->reseed_counter++; - return 0; + return HMAC_DRBG_SUCCESS; } -void hmac_drbg_generate_p256(struct drbg_ctx *ctx, p256_int *k_out) +enum hmac_result hmac_drbg_generate_p256(struct drbg_ctx *ctx, p256_int *k_out) { - hmac_drbg_generate(ctx, - k_out->a, sizeof(k_out->a), - NULL, 0); + return hmac_drbg_generate(ctx, k_out->a, sizeof(k_out->a), NULL, 0); } void drbg_exit(struct drbg_ctx *ctx) diff --git a/chip/g/dcrypto/internal.h b/chip/g/dcrypto/internal.h index 69c54da4d4..26bac1c73f 100644 --- a/chip/g/dcrypto/internal.h +++ b/chip/g/dcrypto/internal.h @@ -130,6 +130,11 @@ struct drbg_ctx { /* * NIST SP 800-90A HMAC DRBG. */ +enum hmac_result { + HMAC_DRBG_SUCCESS = 0, + HMAC_DRBG_INVALID_PARAM = 1, + HMAC_DRBG_RESEED_REQUIRED = 2 +}; /* Standard initialization. */ void hmac_drbg_init(struct drbg_ctx *ctx, @@ -146,11 +151,11 @@ void hmac_drbg_reseed(struct drbg_ctx *ctx, const void *p0, size_t p0_len, const void *p1, size_t p1_len, const void *p2, size_t p2_len); -int hmac_drbg_generate(struct drbg_ctx *ctx, - void *out, size_t out_len, - const void *input, size_t input_len); +enum hmac_result hmac_drbg_generate(struct drbg_ctx *ctx, void *out, + size_t out_len, const void *input, + size_t input_len); /* Generate p256, with no additional input. */ -void hmac_drbg_generate_p256(struct drbg_ctx *ctx, p256_int *k_out); +enum hmac_result hmac_drbg_generate_p256(struct drbg_ctx *ctx, p256_int *k_out); void drbg_exit(struct drbg_ctx *ctx); /* |