diff options
-rw-r--r-- | board/cr50/dcrypto/dcrypto_p256.c | 9 | ||||
-rw-r--r-- | board/cr50/dcrypto/dcrypto_runtime.c | 2 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips.c | 16 | ||||
-rw-r--r-- | board/cr50/dcrypto/fips_rand.c | 29 | ||||
-rw-r--r-- | board/cr50/dcrypto/hmac_drbg.c | 10 | ||||
-rw-r--r-- | board/cr50/dcrypto/internal.h | 44 | ||||
-rw-r--r-- | board/cr50/dcrypto/p256.c | 6 | ||||
-rw-r--r-- | board/cr50/dcrypto/p256_ec.c | 9 |
8 files changed, 57 insertions, 68 deletions
diff --git a/board/cr50/dcrypto/dcrypto_p256.c b/board/cr50/dcrypto/dcrypto_p256.c index bb9aff456c..858d0ce53c 100644 --- a/board/cr50/dcrypto/dcrypto_p256.c +++ b/board/cr50/dcrypto/dcrypto_p256.c @@ -139,19 +139,18 @@ enum dcrypto_result dcrypto_p256_ecdsa_sign(struct drbg_ctx *drbg, const p256_int *message, p256_int *r, p256_int *s) { - int result; + enum dcrypto_result result; p256_int nonce; /* Pick uniform 0 < k < R */ - result = (p256_hmac_drbg_generate(drbg, &nonce) != HMAC_DRBG_SUCCESS); + result = p256_hmac_drbg_generate(drbg, &nonce); - result |= dcrypto_p256_ecdsa_sign_raw(&nonce, key, message, r, s) - - DCRYPTO_OK; + result |= dcrypto_p256_ecdsa_sign_raw(&nonce, key, message, r, s); /* Wipe temp nonce */ p256_clear(&nonce); - return dcrypto_ok_if_zero(result); + return dcrypto_ok_if_zero(result - DCRYPTO_OK); } enum dcrypto_result dcrypto_p256_ecdsa_sign_raw(const p256_int *nonce, diff --git a/board/cr50/dcrypto/dcrypto_runtime.c b/board/cr50/dcrypto/dcrypto_runtime.c index 0c79d34310..b6dfac8a88 100644 --- a/board/cr50/dcrypto/dcrypto_runtime.c +++ b/board/cr50/dcrypto/dcrypto_runtime.c @@ -405,7 +405,7 @@ static enum dcrypto_result ecdsa_sign_go(p256_int *r, p256_int *s) hmac_drbg_init(&drbg, r->a, sizeof(r->a), NULL, 0, NULL, 0); /* pick a key */ - if (p256_hmac_drbg_generate(&drbg, &d) != HMAC_DRBG_SUCCESS) { + if (p256_hmac_drbg_generate(&drbg, &d) != DCRYPTO_OK) { /* to be consistent with ecdsa_sign error return */ drbg_exit(&drbg); return DCRYPTO_FAIL; diff --git a/board/cr50/dcrypto/fips.c b/board/cr50/dcrypto/fips.c index 391fee5657..d6c1912029 100644 --- a/board/cr50/dcrypto/fips.c +++ b/board/cr50/dcrypto/fips.c @@ -332,14 +332,13 @@ static bool fips_hmac_drbg_generate_kat(struct drbg_ctx *ctx) 0xf1, 0x32, 0xf6, 0x86, 0xb7, 0x60, 0xf0, 0x12 }; uint8_t buf[128]; - int passed; + enum dcrypto_result passed; - passed = hmac_drbg_generate(ctx, buf, sizeof(buf), NULL, 0) - - HMAC_DRBG_SUCCESS; + passed = hmac_drbg_generate(ctx, buf, sizeof(buf), NULL, 0); /* Verify internal drbg state */ - passed |= DCRYPTO_equals(ctx->v, V2, sizeof(V2)) - DCRYPTO_OK; - passed |= DCRYPTO_equals(ctx->k, K2, sizeof(K2)) - DCRYPTO_OK; + passed |= DCRYPTO_equals(ctx->v, V2, sizeof(V2)); + passed |= DCRYPTO_equals(ctx->k, K2, sizeof(K2)); memcpy(buf, drbg_entropy2, sizeof(drbg_entropy2)); if (fips_break_cmd == FIPS_BREAK_HMAC_DRBG) @@ -348,10 +347,9 @@ static bool fips_hmac_drbg_generate_kat(struct drbg_ctx *ctx) hmac_drbg_reseed(ctx, buf, sizeof(drbg_entropy2), drbg_addtl_input2, sizeof(drbg_addtl_input2), NULL, 0); - passed |= hmac_drbg_generate(ctx, buf, sizeof(buf), NULL, 0) - - HMAC_DRBG_SUCCESS; - passed |= DCRYPTO_equals(buf, KA, sizeof(KA)) - DCRYPTO_OK; - return passed == 0; + passed |= hmac_drbg_generate(ctx, buf, sizeof(buf), NULL, 0); + passed |= DCRYPTO_equals(buf, KA, sizeof(KA)); + return passed == DCRYPTO_OK; } /* Known-answer test for HMAC_DRBG SHA256. */ diff --git a/board/cr50/dcrypto/fips_rand.c b/board/cr50/dcrypto/fips_rand.c index f50d6300fc..fe352a1f1a 100644 --- a/board/cr50/dcrypto/fips_rand.c +++ b/board/cr50/dcrypto/fips_rand.c @@ -306,17 +306,17 @@ static bool fips_drbg_reseed_with_entropy(struct drbg_ctx *ctx) return true; } -enum hmac_result fips_hmac_drbg_generate_reseed(struct drbg_ctx *ctx, void *out, - size_t out_len, - const void *input, - size_t input_len) +enum dcrypto_result fips_hmac_drbg_generate_reseed(struct drbg_ctx *ctx, + void *out, size_t out_len, + const void *input, + size_t input_len) { - enum hmac_result err = + enum dcrypto_result err = hmac_drbg_generate(ctx, out, out_len, input, input_len); - while (err == HMAC_DRBG_RESEED_REQUIRED) { + while (err == DCRYPTO_RESEED_NEEDED) { if (!fips_drbg_reseed_with_entropy(ctx)) - return HMAC_DRBG_RESEED_REQUIRED; + return DCRYPTO_FAIL; err = hmac_drbg_generate(ctx, out, out_len, input, input_len); } return err; @@ -338,8 +338,7 @@ bool fips_rand_bytes(void *buffer, size_t len) size_t request = (len > (7500 / 8)) ? (7500 / 8) : len; if (fips_hmac_drbg_generate_reseed(&fips_drbg, buffer, request, - NULL, - 0) != HMAC_DRBG_SUCCESS) + NULL, 0) != DCRYPTO_OK) return false; len -= request; buffer += request; @@ -347,18 +346,18 @@ bool fips_rand_bytes(void *buffer, size_t len) return true; } -enum hmac_result fips_p256_hmac_drbg_generate(struct drbg_ctx *drbg, - p256_int *out) +enum dcrypto_result fips_p256_hmac_drbg_generate(struct drbg_ctx *drbg, + p256_int *out) { - enum hmac_result err; + enum dcrypto_result err; if (!fips_crypto_allowed()) - return HMAC_DRBG_INVALID_PARAM; + return DCRYPTO_FAIL; err = p256_hmac_drbg_generate(drbg, out); - while (err == HMAC_DRBG_RESEED_REQUIRED) { + while (err == DCRYPTO_RESEED_NEEDED) { if (!fips_drbg_reseed_with_entropy(drbg)) - return HMAC_DRBG_RESEED_REQUIRED; + return DCRYPTO_FAIL; err = p256_hmac_drbg_generate(drbg, out); } return err; diff --git a/board/cr50/dcrypto/hmac_drbg.c b/board/cr50/dcrypto/hmac_drbg.c index e3c7e68212..e39e7754bc 100644 --- a/board/cr50/dcrypto/hmac_drbg.c +++ b/board/cr50/dcrypto/hmac_drbg.c @@ -93,7 +93,7 @@ void hmac_drbg_reseed(struct drbg_ctx *ctx, ctx->reseed_counter = 1; } -enum hmac_result hmac_drbg_generate(struct drbg_ctx *ctx, +enum dcrypto_result hmac_drbg_generate(struct drbg_ctx *ctx, void *out, size_t out_len, const void *input, size_t input_len) { @@ -102,10 +102,10 @@ enum hmac_result hmac_drbg_generate(struct drbg_ctx *ctx, * Reseed_interval = 10 000 requests. */ if (out_len > 7500 / 8) - return HMAC_DRBG_INVALID_PARAM; + return DCRYPTO_FAIL; if (ctx->reseed_counter++ >= 10000) - return HMAC_DRBG_RESEED_REQUIRED; + return DCRYPTO_RESEED_NEEDED; if (input_len) update(ctx, input, input_len, NULL, 0, NULL, 0); @@ -122,7 +122,7 @@ enum hmac_result hmac_drbg_generate(struct drbg_ctx *ctx, update(ctx, input, input_len, NULL, 0, NULL, 0); - return HMAC_DRBG_SUCCESS; + return DCRYPTO_OK; } void drbg_exit(struct drbg_ctx *ctx) @@ -451,7 +451,7 @@ static enum vendor_cmd_rc drbg_test(enum vendor_cmd_cc code, void *buf, return VENDOR_RC_BOGUS_ARGS; if (hmac_drbg_generate(&drbg_ctx, output, p1_len, p0, p0_len) != - HMAC_DRBG_SUCCESS) + DCRYPTO_OK) return VENDOR_RC_INTERNAL_ERROR; memcpy(buf, output, p1_len); diff --git a/board/cr50/dcrypto/internal.h b/board/cr50/dcrypto/internal.h index 7e1ea40384..0967c50845 100644 --- a/board/cr50/dcrypto/internal.h +++ b/board/cr50/dcrypto/internal.h @@ -99,25 +99,18 @@ struct drbg_ctx { /* * NIST SP 800-90A HMAC DRBG. */ -enum hmac_result { - HMAC_DRBG_SUCCESS = 0, - HMAC_DRBG_INVALID_PARAM = 1, - HMAC_DRBG_RESEED_REQUIRED = 2 -}; /* Standard initialization. */ -void hmac_drbg_init(struct drbg_ctx *ctx, - const void *p0, size_t p0_len, - const void *p1, size_t p1_len, - const void *p2, size_t p2_len); - -void hmac_drbg_reseed(struct drbg_ctx *ctx, - const void *p0, size_t p0_len, - const void *p1, size_t p1_len, - const void *p2, size_t p2_len); -enum hmac_result hmac_drbg_generate(struct drbg_ctx *ctx, void *out, - size_t out_len, const void *input, - size_t input_len); +void hmac_drbg_init(struct drbg_ctx *ctx, const void *p0, size_t p0_len, + const void *p1, size_t p1_len, const void *p2, + size_t p2_len); + +void hmac_drbg_reseed(struct drbg_ctx *ctx, const void *p0, size_t p0_len, + const void *p1, size_t p1_len, const void *p2, + size_t p2_len); +enum dcrypto_result hmac_drbg_generate(struct drbg_ctx *ctx, void *out, + size_t out_len, const void *input, + size_t input_len); void drbg_exit(struct drbg_ctx *ctx); /** @@ -162,19 +155,19 @@ extern struct drbg_ctx fips_drbg; * * @param drbg DRBG to use * @param out output value - * @return HMAC_DRBG_SUCCESS if out contains random. + * @return DCRYPTO_OK if out contains random. */ -enum hmac_result fips_p256_hmac_drbg_generate(struct drbg_ctx *drbg, - p256_int *out); +enum dcrypto_result fips_p256_hmac_drbg_generate(struct drbg_ctx *drbg, + p256_int *out); /** * wrapper around hmac_drbg_generate to automatically reseed drbg * when needed. */ -enum hmac_result fips_hmac_drbg_generate_reseed(struct drbg_ctx *ctx, void *out, - size_t out_len, - const void *input, - size_t input_len); +enum dcrypto_result fips_hmac_drbg_generate_reseed(struct drbg_ctx *ctx, + void *out, size_t out_len, + const void *input, + size_t input_len); /* Set seed for fast random number generator using LFSR. */ void set_fast_random_seed(uint32_t seed); @@ -311,7 +304,8 @@ enum dcrypto_result dcrypto_p256_key_pwct( void p256_fast_random(p256_int *rnd); /* Generate a p256 number between 1 < k < |p256| using provided DRBG. */ -enum hmac_result p256_hmac_drbg_generate(struct drbg_ctx *ctx, p256_int *k_out); +enum dcrypto_result p256_hmac_drbg_generate(struct drbg_ctx *ctx, + p256_int *k_out); /** * Sign using provided DRBG. Reseed DRBG with entropy from verified TRNG if diff --git a/board/cr50/dcrypto/p256.c b/board/cr50/dcrypto/p256.c index 52d65fbaae..dd21dac5e9 100644 --- a/board/cr50/dcrypto/p256.c +++ b/board/cr50/dcrypto/p256.c @@ -191,9 +191,9 @@ void p256_fast_random(p256_int *rnd) } /* B.5.2 Per-Message Secret Number Generation by Testing Candidates */ -enum hmac_result p256_hmac_drbg_generate(struct drbg_ctx *ctx, p256_int *rnd) +enum dcrypto_result p256_hmac_drbg_generate(struct drbg_ctx *ctx, p256_int *rnd) { - enum hmac_result result; + enum dcrypto_result result; /* Generate p256 candidates from DRBG until valid is found. */ do { @@ -217,7 +217,7 @@ enum hmac_result p256_hmac_drbg_generate(struct drbg_ctx *ctx, p256_int *rnd) * Key comes from DRBG, it is ensured to be in valid * range for the P-256 curve. */ - } while ((result == HMAC_DRBG_SUCCESS) && + } while ((result == DCRYPTO_OK) && (p256_lt_blinded(rnd, &SECP256r1_nMin2) >= 0)); p256_add_d(rnd, 1, rnd); diff --git a/board/cr50/dcrypto/p256_ec.c b/board/cr50/dcrypto/p256_ec.c index d9e87b699a..2f458080ce 100644 --- a/board/cr50/dcrypto/p256_ec.c +++ b/board/cr50/dcrypto/p256_ec.c @@ -68,19 +68,18 @@ enum dcrypto_result dcrypto_p256_fips_sign_internal(struct drbg_ctx *drbg, const p256_int *message, p256_int *r, p256_int *s) { - int result; + enum dcrypto_result result; p256_int k; /* Pick uniform 0 < k < R */ - result = fips_p256_hmac_drbg_generate(drbg, &k) - HMAC_DRBG_SUCCESS; + result = fips_p256_hmac_drbg_generate(drbg, &k); - result |= dcrypto_p256_ecdsa_sign_raw(&k, key, message, r, s) - - DCRYPTO_OK; + result |= dcrypto_p256_ecdsa_sign_raw(&k, key, message, r, s); /* Wipe temp k */ p256_clear(&k); - return dcrypto_ok_if_zero(result); + return dcrypto_ok_if_zero(result - DCRYPTO_OK); } enum dcrypto_result dcrypto_p256_key_pwct(struct drbg_ctx *drbg, |