diff options
Diffstat (limited to 'board/cr50/fips.c')
-rw-r--r-- | board/cr50/fips.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/board/cr50/fips.c b/board/cr50/fips.c index 19cb78ff69..349117d49b 100644 --- a/board/cr50/fips.c +++ b/board/cr50/fips.c @@ -154,7 +154,8 @@ static bool fips_sha256_kat(void) SHA256_hw_init(&ctx); SHA256_update(&ctx, in, sizeof(in)); return !(fips_break_cmd == FIPS_BREAK_SHA256) && - (memcmp(SHA256_final(&ctx), ans, SHA256_DIGEST_SIZE) == 0); + (DCRYPTO_equals(SHA256_final(&ctx), ans, SHA256_DIGEST_SIZE) == + DCRYPTO_OK); } /* KAT for HMAC-SHA256, test values from OpenSSL. */ @@ -180,8 +181,8 @@ static bool fips_hmac_sha256_kat(void) HMAC_SHA256_hw_init(&ctx, k, sizeof(k)); HMAC_SHA256_update(&ctx, in, sizeof(in)); return !(fips_break_cmd == FIPS_BREAK_HMAC_SHA256) && - (memcmp(HMAC_SHA256_hw_final(&ctx), ans, SHA256_DIGEST_SIZE) == - 0); + (DCRYPTO_equals(HMAC_SHA256_hw_final(&ctx), ans, + SHA256_DIGEST_SIZE) == DCRYPTO_OK); } /** @@ -275,8 +276,8 @@ static bool fips_hmac_drbg_instantiate_kat(struct drbg_ctx *ctx) drbg_nonce0, sizeof(drbg_nonce0), drbg_perso0, sizeof(drbg_perso0)); - return (memcmp(ctx->v, V0, sizeof(V0)) == 0) && - (memcmp(ctx->k, K0, sizeof(K0)) == 0); + return (DCRYPTO_equals(ctx->v, V0, sizeof(V0)) == DCRYPTO_OK) && + (DCRYPTO_equals(ctx->k, K0, sizeof(K0)) == DCRYPTO_OK); } /* Known-answer test for HMAC_DRBG SHA256 reseed. */ @@ -293,8 +294,8 @@ static bool fips_hmac_drbg_reseed_kat(struct drbg_ctx *ctx) hmac_drbg_reseed(ctx, drbg_entropy1, sizeof(drbg_entropy1), drbg_addtl_input1, sizeof(drbg_addtl_input1), NULL, 0); - return (memcmp(ctx->v, V1, sizeof(V1)) == 0) && - (memcmp(ctx->k, K1, sizeof(K1)) == 0); + return (DCRYPTO_equals(ctx->v, V1, sizeof(V1)) == DCRYPTO_OK) && + (DCRYPTO_equals(ctx->k, K1, sizeof(K1)) == DCRYPTO_OK); } /* Known-answer test for HMAC_DRBG SHA256 generate. */ @@ -327,8 +328,8 @@ static bool fips_hmac_drbg_generate_kat(struct drbg_ctx *ctx) hmac_drbg_generate(ctx, buf, sizeof(buf), NULL, 0); /* Verify internal drbg state */ - if (memcmp(ctx->v, V2, sizeof(V2)) || - memcmp(ctx->k, K2, sizeof(K2))) { + if (DCRYPTO_equals(ctx->v, V2, sizeof(V2)) != DCRYPTO_OK || + DCRYPTO_equals(ctx->k, K2, sizeof(K2)) != DCRYPTO_OK) { return false; } @@ -340,7 +341,7 @@ static bool fips_hmac_drbg_generate_kat(struct drbg_ctx *ctx) */ hmac_drbg_generate(ctx, buf, sizeof(buf), NULL, 0); return !(fips_break_cmd == FIPS_BREAK_HMAC_DRBG) && - (memcmp(buf, KA, sizeof(KA)) == 0); + DCRYPTO_equals(buf, KA, sizeof(KA) == DCRYPTO_OK); } /* Known-answer test for HMAC_DRBG SHA256. */ @@ -573,7 +574,7 @@ static bool call_on_stack(void *new_stack, bool (*func)(void)) const struct sha256_digest fips_integrity __attribute__((section(".rodata.fips.checksum"))); -static bool fips_self_integrity(void) +static enum dcrypto_result fips_self_integrity(void) { struct sha256_digest digest; size_t module_length = &__fips_module_end - &__fips_module_start; @@ -606,7 +607,7 @@ void fips_power_up_tests(void) starttime = fips_vtable->get_time().val; - if (!fips_self_integrity()) + if (fips_self_integrity() != DCRYPTO_OK) _fips_status |= FIPS_FATAL_SELF_INTEGRITY; /* Make sure hardware is properly configured. */ |