diff options
Diffstat (limited to 'board/cr50/dcrypto/u2f.c')
-rw-r--r-- | board/cr50/dcrypto/u2f.c | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/board/cr50/dcrypto/u2f.c b/board/cr50/dcrypto/u2f.c index 414a8fe41a..76be43285d 100644 --- a/board/cr50/dcrypto/u2f.c +++ b/board/cr50/dcrypto/u2f.c @@ -183,9 +183,11 @@ static enum ec_error_list u2f_origin_user_key_pair( */ hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, dev_salt, P256_NBYTES, - NULL, 0); - hmac_drbg_generate(&drbg, key_seed, sizeof(key_seed), - key_handle, key_handle_size); + NULL, 0, HMAC_DRBG_DO_NOT_AUTO_RESEED); + if (hmac_drbg_generate(&drbg, key_seed, sizeof(key_seed), + key_handle, + key_handle_size) != DCRYPTO_OK) + return EC_ERROR_HW_INTERNAL; } else { /** * FIPS-compliant path. @@ -198,15 +200,18 @@ static enum ec_error_list u2f_origin_user_key_pair( */ hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, key_handle, - key_handle_size, NULL, 0); + key_handle_size, NULL, 0, + HMAC_DRBG_DO_NOT_AUTO_RESEED); /** * Additional data = Device_ID (constant coming from HW). */ - hmac_drbg_generate(&drbg, key_seed, sizeof(key_seed), dev_salt, - P256_NBYTES); + if (hmac_drbg_generate(&drbg, key_seed, sizeof(key_seed), + dev_salt, P256_NBYTES) != DCRYPTO_OK) + return EC_ERROR_HW_INTERNAL; } result = DCRYPTO_p256_key_from_bytes(pk_x, pk_y, d, key_seed); + drbg_exit(&drbg); if (result == DCRYPTO_RETRY) return EC_ERROR_TRY_AGAIN; @@ -427,7 +432,7 @@ enum ec_error_list u2f_sign(const struct u2f_state *state, DCRYPTO_OK) ? EC_SUCCESS : EC_ERROR_HW_INTERNAL; - + drbg_exit(&ctx); p256_clear(&origin_d); p256_to_bin(&r, sig->sig_r); @@ -485,19 +490,21 @@ static bool g2f_individual_key_pair(const struct u2f_state *state, p256_int *d, */ hmac_drbg_init(&drbg, state->drbg_entropy, state->drbg_entropy_size, state->salt, - sizeof(state->salt), NULL, 0); + sizeof(state->salt), NULL, 0, + HMAC_DRBG_DO_NOT_AUTO_RESEED); do { /** * Additional data = constant coming from HW. */ - hmac_drbg_generate(&drbg, key_candidate, - sizeof(key_candidate), buf.b32, - sizeof(buf)); + if (hmac_drbg_generate(&drbg, key_candidate, + sizeof(key_candidate), buf.b32, + sizeof(buf)) != DCRYPTO_OK) + return false; result = DCRYPTO_p256_key_from_bytes(pk_x, pk_y, d, key_candidate); } while (result == DCRYPTO_RETRY); - + drbg_exit(&drbg); if (result != DCRYPTO_OK) return false; } |