diff options
Diffstat (limited to 'board/cr50/dcrypto/p256_ec.c')
-rw-r--r-- | board/cr50/dcrypto/p256_ec.c | 86 |
1 files changed, 58 insertions, 28 deletions
diff --git a/board/cr50/dcrypto/p256_ec.c b/board/cr50/dcrypto/p256_ec.c index 5c7f355a67..d9e87b699a 100644 --- a/board/cr50/dcrypto/p256_ec.c +++ b/board/cr50/dcrypto/p256_ec.c @@ -4,15 +4,38 @@ */ #include "internal.h" +enum dcrypto_result DCRYPTO_p256_ecdsa_verify(const p256_int *key_x, + const p256_int *key_y, + const p256_int *message, + const p256_int *r, + const p256_int *s) +{ + if (!fips_crypto_allowed()) + return DCRYPTO_FAIL; + + return dcrypto_p256_ecdsa_verify(key_x, key_y, message, r, s); +} + +/* return codes match dcrypto_p256_ecdsa_sign */ +enum dcrypto_result DCRYPTO_p256_ecdsa_sign(const p256_int *key, + const p256_int *message, + p256_int *r, p256_int *s) +{ + if (!fips_drbg_init()) /* Also check for fips_crypto_allowed(). */ + return DCRYPTO_FAIL; + + return dcrypto_p256_fips_sign_internal(&fips_drbg, key, message, r, s); +} + /* p256_base_point_mul sets {out_x,out_y} = nG, where n is < the * order of the group. */ -int DCRYPTO_p256_base_point_mul(p256_int *out_x, p256_int *out_y, - const p256_int *n) +enum dcrypto_result DCRYPTO_p256_base_point_mul(p256_int *out_x, + p256_int *out_y, const p256_int *n) { - if (p256_is_zero(n) != 0) { + if (!fips_crypto_allowed() || p256_is_zero(n)) { p256_clear(out_x); p256_clear(out_y); - return 0; + return DCRYPTO_FAIL; } return dcrypto_p256_base_point_mul(n, out_x, out_y); @@ -21,27 +44,29 @@ int DCRYPTO_p256_base_point_mul(p256_int *out_x, p256_int *out_y, enum dcrypto_result DCRYPTO_p256_is_valid_point(const p256_int *x, const p256_int *y) { + if (!fips_crypto_allowed()) + return DCRYPTO_FAIL; return dcrypto_p256_is_valid_point(x, y); } /* DCRYPTO_p256_point_mul sets {out_x,out_y} = n*{in_x,in_y}, where n is < * the order of the group. */ -int DCRYPTO_p256_point_mul(p256_int *out_x, p256_int *out_y, const p256_int *n, - const p256_int *in_x, const p256_int *in_y) +enum dcrypto_result DCRYPTO_p256_point_mul(p256_int *out_x, p256_int *out_y, + const p256_int *n, const p256_int *in_x, const p256_int *in_y) { - if (p256_is_zero(n) != 0 || + if (!fips_crypto_allowed() || p256_is_zero(n) || (dcrypto_p256_is_valid_point(in_x, in_y) != DCRYPTO_OK)) { p256_clear(out_x); p256_clear(out_y); - return 0; + return DCRYPTO_FAIL; } return dcrypto_p256_point_mul(n, in_x, in_y, out_x, out_y); } - -int dcrypto_p256_fips_sign_internal(struct drbg_ctx *drbg, const p256_int *key, - const p256_int *message, p256_int *r, - p256_int *s) +enum dcrypto_result dcrypto_p256_fips_sign_internal(struct drbg_ctx *drbg, + const p256_int *key, + const p256_int *message, + p256_int *r, p256_int *s) { int result; p256_int k; @@ -49,47 +74,52 @@ int dcrypto_p256_fips_sign_internal(struct drbg_ctx *drbg, const p256_int *key, /* Pick uniform 0 < k < R */ result = fips_p256_hmac_drbg_generate(drbg, &k) - HMAC_DRBG_SUCCESS; - result |= dcrypto_p256_ecdsa_sign_raw(&k, key, message, r, s) - 1; + result |= dcrypto_p256_ecdsa_sign_raw(&k, key, message, r, s) - + DCRYPTO_OK; /* Wipe temp k */ p256_clear(&k); - return result == 0; + return dcrypto_ok_if_zero(result); } -int DCRYPTO_p256_key_pwct(struct drbg_ctx *drbg, const p256_int *d, - const p256_int *x, const p256_int *y) +enum dcrypto_result dcrypto_p256_key_pwct(struct drbg_ctx *drbg, + const p256_int *d, const p256_int *x, + const p256_int *y) { p256_int message, r, s; - int result; + enum dcrypto_result result; if (p256_is_zero(d)) - return 0; + return DCRYPTO_FAIL; /* set some pseudo-random message. */ p256_fast_random(&message); - if (dcrypto_p256_fips_sign_internal(drbg, d, &message, &r, &s) == 0) - return 0; + result = dcrypto_p256_fips_sign_internal(drbg, d, &message, &r, &s); + if (result != DCRYPTO_OK) + return result; #ifdef CRYPTO_TEST_SETUP if (fips_break_cmd == FIPS_BREAK_ECDSA_PWCT) message.a[0] = ~message.a[0]; #endif - result = dcrypto_p256_ecdsa_verify(x, y, &message, &r, &s); - return result; + return dcrypto_p256_ecdsa_verify(x, y, &message, &r, &s); } /** * Key selection based on FIPS-186-4, section B.4.2 (Key Pair * Generation by Testing Candidates). */ -int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, - const uint8_t key_bytes[P256_NBYTES]) +enum dcrypto_result DCRYPTO_p256_key_from_bytes(p256_int *x, + p256_int *y, p256_int *d, const uint8_t key_bytes[P256_NBYTES]) { p256_int key; p256_int tx, ty; + if (!fips_crypto_allowed()) + return DCRYPTO_FAIL; + p256_from_bin(key_bytes, &key); /** @@ -99,7 +129,7 @@ int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, * bring key in proper range. */ if (p256_lt_blinded(&key, &SECP256r1_nMin2) >= 0) - return 0; + return DCRYPTO_RETRY; p256_add_d(&key, 1, d); always_memset(&key, 0, sizeof(key)); @@ -110,8 +140,8 @@ int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, y = &ty; /* Compute public key (x,y) = d * G */ - if (dcrypto_p256_base_point_mul(d, x, y) == 0) - return 0; + if (dcrypto_p256_base_point_mul(d, x, y) != DCRYPTO_OK) + return DCRYPTO_FAIL; - return DCRYPTO_p256_key_pwct(&fips_drbg, d, x, y); + return dcrypto_p256_key_pwct(&fips_drbg, d, x, y); } |