diff options
Diffstat (limited to 'board/cr50/dcrypto/p256_ec.c')
-rw-r--r-- | board/cr50/dcrypto/p256_ec.c | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/board/cr50/dcrypto/p256_ec.c b/board/cr50/dcrypto/p256_ec.c index 4c97c521fc..fe0f69c92b 100644 --- a/board/cr50/dcrypto/p256_ec.c +++ b/board/cr50/dcrypto/p256_ec.c @@ -38,7 +38,27 @@ int DCRYPTO_p256_point_mul(p256_int *out_x, p256_int *out_y, return dcrypto_p256_point_mul(n, in_x, in_y, out_x, out_y); } -int DCRYPTO_p256_key_pwct(p256_int *d, p256_int *x, p256_int *y) + +int dcrypto_p256_fips_sign_internal(struct drbg_ctx *drbg, const p256_int *key, + const p256_int *message, p256_int *r, + p256_int *s) +{ + int result; + p256_int k; + + /* Pick uniform 0 < k < R */ + result = fips_p256_hmac_drbg_generate(drbg, &k) - HMAC_DRBG_SUCCESS; + + result |= dcrypto_p256_ecdsa_sign_raw(&k, key, message, r, s) - 1; + + /* Wipe temp k */ + p256_clear(&k); + + return result == 0; +} + +int DCRYPTO_p256_key_pwct(struct drbg_ctx *drbg, const p256_int *d, + const p256_int *x, const p256_int *y) { p256_int message, r, s; int result; @@ -49,7 +69,7 @@ int DCRYPTO_p256_key_pwct(p256_int *d, p256_int *x, p256_int *y) /* set some pseudo-random message. */ p256_fast_random(&message); - if (fips_p256_ecdsa_sign(d, &message, &r, &s) == 0) + if (dcrypto_p256_fips_sign_internal(drbg, d, &message, &r, &s) == 0) return 0; #ifdef CRYPTO_TEST_SETUP @@ -93,5 +113,5 @@ int DCRYPTO_p256_key_from_bytes(p256_int *x, p256_int *y, p256_int *d, if (dcrypto_p256_base_point_mul(d, x, y) == 0) return 0; - return DCRYPTO_p256_key_pwct(d, x, y); + return DCRYPTO_p256_key_pwct(&fips_drbg, d, x, y); } |