diff options
-rw-r--r-- | chip/g/dcrypto/hmac_drbg.c | 22 | ||||
-rw-r--r-- | chip/g/dcrypto/internal.h | 13 |
2 files changed, 21 insertions, 14 deletions
diff --git a/chip/g/dcrypto/hmac_drbg.c b/chip/g/dcrypto/hmac_drbg.c index 0643c9bf84..73df952a67 100644 --- a/chip/g/dcrypto/hmac_drbg.c +++ b/chip/g/dcrypto/hmac_drbg.c @@ -107,14 +107,19 @@ void hmac_drbg_reseed(struct drbg_ctx *ctx, ctx->reseed_counter = 1; } -int hmac_drbg_generate(struct drbg_ctx *ctx, +enum hmac_result hmac_drbg_generate(struct drbg_ctx *ctx, void *out, size_t out_len, const void *input, size_t input_len) { - /* TODO(louiscollard): Assert maximum output length? */ + /* According to NIST SP 800-90A rev 1 B.2 + * Maximum number of bits per request = 7500 bits + * Reseed_interval = 10 000 requests. + */ + if (out_len > 7500 / 8) + return HMAC_DRBG_INVALID_PARAM; - if (ctx->reseed_counter >= 10000) - return 2; + if (ctx->reseed_counter++ >= 10000) + return HMAC_DRBG_RESEED_REQUIRED; if (input_len) update(ctx, input, input_len, NULL, 0, NULL, 0); @@ -130,16 +135,13 @@ int hmac_drbg_generate(struct drbg_ctx *ctx, } update(ctx, input, input_len, NULL, 0, NULL, 0); - ctx->reseed_counter++; - return 0; + return HMAC_DRBG_SUCCESS; } -void hmac_drbg_generate_p256(struct drbg_ctx *ctx, p256_int *k_out) +enum hmac_result hmac_drbg_generate_p256(struct drbg_ctx *ctx, p256_int *k_out) { - hmac_drbg_generate(ctx, - k_out->a, sizeof(k_out->a), - NULL, 0); + return hmac_drbg_generate(ctx, k_out->a, sizeof(k_out->a), NULL, 0); } void drbg_exit(struct drbg_ctx *ctx) diff --git a/chip/g/dcrypto/internal.h b/chip/g/dcrypto/internal.h index 69c54da4d4..26bac1c73f 100644 --- a/chip/g/dcrypto/internal.h +++ b/chip/g/dcrypto/internal.h @@ -130,6 +130,11 @@ struct drbg_ctx { /* * NIST SP 800-90A HMAC DRBG. */ +enum hmac_result { + HMAC_DRBG_SUCCESS = 0, + HMAC_DRBG_INVALID_PARAM = 1, + HMAC_DRBG_RESEED_REQUIRED = 2 +}; /* Standard initialization. */ void hmac_drbg_init(struct drbg_ctx *ctx, @@ -146,11 +151,11 @@ void hmac_drbg_reseed(struct drbg_ctx *ctx, const void *p0, size_t p0_len, const void *p1, size_t p1_len, const void *p2, size_t p2_len); -int hmac_drbg_generate(struct drbg_ctx *ctx, - void *out, size_t out_len, - const void *input, size_t input_len); +enum hmac_result hmac_drbg_generate(struct drbg_ctx *ctx, void *out, + size_t out_len, const void *input, + size_t input_len); /* Generate p256, with no additional input. */ -void hmac_drbg_generate_p256(struct drbg_ctx *ctx, p256_int *k_out); +enum hmac_result hmac_drbg_generate_p256(struct drbg_ctx *ctx, p256_int *k_out); void drbg_exit(struct drbg_ctx *ctx); /* |