From 5ee37253d7213964c8a19129932fc68d30f10aae Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Wed, 27 Sep 2017 16:07:21 -0700 Subject: common: allow rma_auth to work with both crypto and dcrypto On Cr50 the crypto library has a slightly different API, as indicated by the presence of the CONFIG_DCRYPTO configuration option. This patch provides a wrapper which allows to calculate a SHA256 HMAC hash using either underlying crypto API. BRANCH=cr50 BUG=b:37952913 TEST=make buildall -j Change-Id: Ibb8c60e50139fd5506a4dd5f2ed19653c68af8cb Signed-off-by: Vadim Bendebury Reviewed-on: https://chromium-review.googlesource.com/690440 Reviewed-by: Randall Spangler --- common/rma_auth.c | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/common/rma_auth.c b/common/rma_auth.c index f178524927..5b932235c9 100644 --- a/common/rma_auth.c +++ b/common/rma_auth.c @@ -10,11 +10,15 @@ #include "chip/g/board_id.h" #include "curve25519.h" #include "rma_auth.h" -#include "sha256.h" #include "system.h" #include "timer.h" #include "util.h" +#ifdef CONFIG_DCRYPTO +#include "dcrypto.h" +#else +#include "sha256.h" +#endif /* Minimum time since system boot or last challenge before making a new one */ #define CHALLENGE_INTERVAL (10 * SECOND) @@ -30,6 +34,21 @@ static char authcode[RMA_AUTHCODE_BUF_SIZE]; static int tries_left; static uint64_t last_challenge_time; +static void get_hmac_sha256(void *hmac_out, const uint8_t *secret, + size_t secret_size, const void *ch_ptr, + size_t ch_size) +{ +#ifdef CONFIG_DCRYPTO + LITE_HMAC_CTX hmac; + + DCRYPTO_HMAC_SHA256_init(&hmac, secret, secret_size); + HASH_update(&hmac.hash, ch_ptr, ch_size); + memcpy(hmac_out, DCRYPTO_HMAC_final(&hmac), 32); +#else + hmac_SHA256(hmac_out, secret, secret_size, ch_ptr, ch_size); +#endif +} + /** * Create a new RMA challenge/response * @@ -83,7 +102,7 @@ int rma_create_challenge(void) * and DeviceID. Those are all in the right order in the challenge * struct, after the version/key id byte. */ - hmac_SHA256(temp, secret, sizeof(secret), cptr + 1, sizeof(c) - 1); + get_hmac_sha256(temp, secret, sizeof(secret), cptr + 1, sizeof(c) - 1); if (base32_encode(authcode, sizeof(authcode), temp, RMA_AUTHCODE_CHARS * 5, 0)) return EC_ERROR_UNKNOWN; -- cgit v1.2.1