cr50: refactor HMAC_DRBG to simplify reseeding and initialization logicstabilize-14249.B-cr50_stab

1) Move DRBG initialization flag inside DRBG context to prevent use of
DRBG which is not properly initialized.

2) Add configurable reseed threshold to cover both deterministic key gen
and non-deterministic randoms. Simplify reseeding logic, remove
similar code snippets. Also, can support NDRBG with reseed threshold
equal to 0, which will result in reseeding each time.

3) Adjust parameter names to match NIST SP 800-90A specification.

4) Enforce checking result of hmac_drbg_generate(), update call sites
   to check for errors.

5) Reseeding in generate function consumes additional data as per
   NIST SP 800-90Ar1 9.3.1

BUG=b:138577416
TEST=make BOARD=cr50 CRYPTO_TEST=1 DRBG_TEST=1;
test/tpm_test/tpm_test.py

in ccd:
hmac_drbg
rand_perf

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I0e780b5c237d7fbc64e8b0e74d12559a1f40f84c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3183397
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>

1 files changed, 6 insertions, 0 deletions

diff --git a/chip/host/trng.c b/chip/host/trng.c
index ccb7a68983..80b52ce452 100644
--- a/chip/host/trng.c
+++ b/chip/host/trng.c
@@ -40,6 +40,12 @@ test_mockable void rand_bytes(void *buffer, size_t len)
 		*b = (uint8_t)rand_r(&seed);
 }
 
+test_mockable bool fips_trng_bytes(void *buffer, size_t len)
+{
+	rand_bytes(buffer, len);
+	return true;
+}
+
 test_mockable bool fips_rand_bytes(void *buffer, size_t len)
 {
 	rand_bytes(buffer, len);