diff options
-rw-r--r-- | board/cr50/dcrypto/fips.c | 2 | ||||
-rw-r--r-- | board/cr50/dcrypto/u2f.c | 6 | ||||
-rw-r--r-- | board/cr50/fips_cmd.c | 10 |
3 files changed, 14 insertions, 4 deletions
diff --git a/board/cr50/dcrypto/fips.c b/board/cr50/dcrypto/fips.c index 2ea98187c4..5fd1327aee 100644 --- a/board/cr50/dcrypto/fips.c +++ b/board/cr50/dcrypto/fips.c @@ -185,7 +185,7 @@ static bool fips_hmac_sha256_kat(void) HMAC_SHA256_hw_init(&ctx, k, sizeof(k)); memcpy(in_mem, in, sizeof(in)); - if (fips_break_cmd == FIPS_BREAK_SHA256) + if (fips_break_cmd == FIPS_BREAK_HMAC_SHA256) in_mem[0] ^= 1; HMAC_SHA256_update(&ctx, in_mem, sizeof(in_mem)); return DCRYPTO_equals(HMAC_SHA256_hw_final(&ctx), ans, diff --git a/board/cr50/dcrypto/u2f.c b/board/cr50/dcrypto/u2f.c index 1b2fc4f17c..f8d4eb997f 100644 --- a/board/cr50/dcrypto/u2f.c +++ b/board/cr50/dcrypto/u2f.c @@ -212,7 +212,7 @@ static enum ec_error_list u2f_origin_user_key_pair( */ hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, dev_salt, P256_NBYTES, - NULL, 0, HMAC_DRBG_DO_NOT_AUTO_RESEED); + NULL, 0, 16); result = hmac_drbg_generate(&drbg, key_seed, sizeof(key_seed), key_handle, key_handle_size); } else { @@ -228,7 +228,7 @@ static enum ec_error_list u2f_origin_user_key_pair( hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, key_handle, key_handle_size, NULL, 0, - HMAC_DRBG_DO_NOT_AUTO_RESEED); + 16); /** * Additional data = Device_ID (constant coming from HW). @@ -563,7 +563,7 @@ static bool g2f_individual_key_pair(const struct u2f_state *state, p256_int *d, hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, state->salt, sizeof(state->salt), NULL, 0, - HMAC_DRBG_DO_NOT_AUTO_RESEED); + 16); do { /** diff --git a/board/cr50/fips_cmd.c b/board/cr50/fips_cmd.c index 5dbe19a291..816e5280d6 100644 --- a/board/cr50/fips_cmd.c +++ b/board/cr50/fips_cmd.c @@ -146,6 +146,16 @@ static int cmd_fips_status(int argc, char **argv) fips_break_cmd = FIPS_BREAK_TRNG; else if (!strncmp(argv[1], "sha", 3)) fips_break_cmd = FIPS_BREAK_SHA256; + else if (!strncmp(argv[1], "hmac", 4)) + fips_break_cmd = FIPS_BREAK_HMAC_SHA256; + else if (!strncmp(argv[1], "drbg", 4)) + fips_break_cmd = FIPS_BREAK_HMAC_DRBG; + else if (!strncmp(argv[1], "ecdsa", 5)) + fips_break_cmd = FIPS_BREAK_ECDSA; + else if (!strncmp(argv[1], "pwct", 4)) + fips_break_cmd = FIPS_BREAK_ECDSA_PWCT; + else if (!strncmp(argv[1], "none", 4)) + fips_break_cmd = FIPS_NO_BREAK; #endif } return 0; |