diff options
| author | Vadim Bendebury <vbendeb@chromium.org> | 2017-09-27 16:07:21 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-10-02 23:28:23 -0700 |
| commit | 5ee37253d7213964c8a19129932fc68d30f10aae (patch) | |
| tree | f1d78034a00485244a877a9dde6d4b5a4c418e78 | |
| parent | 97c2ae1138fb6370d4b45d1ba9251c95e26a685e (diff) | |
| download | chrome-ec-5ee37253d7213964c8a19129932fc68d30f10aae.tar.gz | |
common: allow rma_auth to work with both crypto and dcrypto
On Cr50 the crypto library has a slightly different API, as indicated
by the presence of the CONFIG_DCRYPTO configuration option.
This patch provides a wrapper which allows to calculate a SHA256 HMAC
hash using either underlying crypto API.
BRANCH=cr50
BUG=b:37952913
TEST=make buildall -j
Change-Id: Ibb8c60e50139fd5506a4dd5f2ed19653c68af8cb
Signed-off-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/690440
Reviewed-by: Randall Spangler <rspangler@chromium.org>
| -rw-r--r-- | common/rma_auth.c | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/common/rma_auth.c b/common/rma_auth.c index f178524927..5b932235c9 100644 --- a/common/rma_auth.c +++ b/common/rma_auth.c @@ -10,11 +10,15 @@ #include "chip/g/board_id.h" #include "curve25519.h" #include "rma_auth.h" -#include "sha256.h" #include "system.h" #include "timer.h" #include "util.h" +#ifdef CONFIG_DCRYPTO +#include "dcrypto.h" +#else +#include "sha256.h" +#endif /* Minimum time since system boot or last challenge before making a new one */ #define CHALLENGE_INTERVAL (10 * SECOND) @@ -30,6 +34,21 @@ static char authcode[RMA_AUTHCODE_BUF_SIZE]; static int tries_left; static uint64_t last_challenge_time; +static void get_hmac_sha256(void *hmac_out, const uint8_t *secret, + size_t secret_size, const void *ch_ptr, + size_t ch_size) +{ +#ifdef CONFIG_DCRYPTO + LITE_HMAC_CTX hmac; + + DCRYPTO_HMAC_SHA256_init(&hmac, secret, secret_size); + HASH_update(&hmac.hash, ch_ptr, ch_size); + memcpy(hmac_out, DCRYPTO_HMAC_final(&hmac), 32); +#else + hmac_SHA256(hmac_out, secret, secret_size, ch_ptr, ch_size); +#endif +} + /** * Create a new RMA challenge/response * @@ -83,7 +102,7 @@ int rma_create_challenge(void) * and DeviceID. Those are all in the right order in the challenge * struct, after the version/key id byte. */ - hmac_SHA256(temp, secret, sizeof(secret), cptr + 1, sizeof(c) - 1); + get_hmac_sha256(temp, secret, sizeof(secret), cptr + 1, sizeof(c) - 1); if (base32_encode(authcode, sizeof(authcode), temp, RMA_AUTHCODE_CHARS * 5, 0)) return EC_ERROR_UNKNOWN; |