diff options
Diffstat (limited to 'board/cr50/tpm2')
| -rw-r--r-- | board/cr50/tpm2/ecc.c | 9 | ||||
| -rw-r--r-- | board/cr50/tpm2/endorsement.c | 14 | ||||
| -rw-r--r-- | board/cr50/tpm2/hash.c | 42 | ||||
| -rw-r--r-- | board/cr50/tpm2/rsa.c | 8 | ||||
| -rw-r--r-- | board/cr50/tpm2/virtual_nvmem.c | 12 |
5 files changed, 42 insertions, 43 deletions
diff --git a/board/cr50/tpm2/ecc.c b/board/cr50/tpm2/ecc.c index 1bcf2d5c5a..5607aaff87 100644 --- a/board/cr50/tpm2/ecc.c +++ b/board/cr50/tpm2/ecc.c @@ -192,7 +192,7 @@ CRYPT_RESULT _cpri__GenerateKeyEcc( TPM2B *local_extra; uint32_t count = 0; uint8_t key_bytes[P256_NBYTES]; - LITE_HMAC_CTX hmac; + struct hmac_sha256_ctx hmac; if (curve_id != TPM_ECC_NIST_P256) return CRYPT_PARAMETER; @@ -208,9 +208,10 @@ CRYPT_RESULT _cpri__GenerateKeyEcc( /* Hash down the primary seed for ECC key generation, so that * the derivation tree is distinct from RSA key derivation. */ - DCRYPTO_HMAC_SHA256_init(&hmac, seed->buffer, seed->size); - HASH_update(&hmac.hash, "ECC", 4); - memcpy(local_seed.t.buffer, DCRYPTO_HMAC_final(&hmac), + HMAC_SHA256_hw_init(&hmac, seed->buffer, + seed->size); + HMAC_SHA256_update(&hmac, "ECC", 4); + memcpy(local_seed.t.buffer, HMAC_SHA256_final(&hmac), local_seed.t.size); always_memset(&hmac, 0, sizeof(hmac)); /* b/35576109: the personalize code uses only the first 4 bytes diff --git a/board/cr50/tpm2/endorsement.c b/board/cr50/tpm2/endorsement.c index 844d07e2a6..49f542f782 100644 --- a/board/cr50/tpm2/endorsement.c +++ b/board/cr50/tpm2/endorsement.c @@ -30,8 +30,6 @@ #include "dcrypto.h" -#include <cryptoc/sha256.h> - #include <endian.h> #include <string.h> @@ -548,7 +546,7 @@ enum manufacturing_status tpm_endorse(void) enum manufacturing_status result; uint8_t eps[PRIMARY_SEED_SIZE]; - LITE_HMAC_CTX hmac; + struct hmac_sha256_ctx hmac; flash_cert_region_enable(); @@ -592,12 +590,12 @@ enum manufacturing_status tpm_endorse(void) * * This will fail if we are not running w/ expected keyladder. */ - DCRYPTO_HMAC_SHA256_init(&hmac, eps, sizeof(eps)); - HASH_update(&hmac.hash, "RSA", 4); - DCRYPTO_HMAC_SHA256_init(&hmac, DCRYPTO_HMAC_final(&hmac), 32); - HASH_update(&hmac.hash, p, RO_CERTS_REGION_SIZE - 32); + HMAC_SHA256_hw_init(&hmac, eps, sizeof(eps)); + HMAC_SHA256_update(&hmac, "RSA", 4); + HMAC_SHA256_hw_init(&hmac, HMAC_SHA256_hw_final(&hmac), 32); + HMAC_SHA256_update(&hmac, p, RO_CERTS_REGION_SIZE - 32); if (!DCRYPTO_equals(p + RO_CERTS_REGION_SIZE - 32, - DCRYPTO_HMAC_final(&hmac), 32)) { + HMAC_SHA256_hw_final(&hmac), 32)) { CPRINTF("%s: bad cert region hmac;", __func__); #ifdef CR50_INCLUDE_FALLBACK_CERT diff --git a/board/cr50/tpm2/hash.c b/board/cr50/tpm2/hash.c index 7774a6f819..4494451844 100644 --- a/board/cr50/tpm2/hash.c +++ b/board/cr50/tpm2/hash.c @@ -42,7 +42,7 @@ uint16_t _cpri__GetHashBlockSize(TPM_ALG_ID alg) return lookup_hash_info(alg)->blockSize; } -BUILD_ASSERT(sizeof(LITE_SHA256_CTX) == USER_MIN_HASH_STATE_SIZE); +BUILD_ASSERT(sizeof(struct sha256_ctx) <= USER_MIN_HASH_STATE_SIZE); BUILD_ASSERT(sizeof(CPRI_HASH_STATE) == sizeof(EXPORT_HASH_STATE)); void _cpri__ImportExportHashState(CPRI_HASH_STATE *osslFmt, EXPORT_HASH_STATE *externalFmt, @@ -57,7 +57,7 @@ void _cpri__ImportExportHashState(CPRI_HASH_STATE *osslFmt, uint16_t _cpri__HashBlock(TPM_ALG_ID alg, uint32_t in_len, uint8_t *in, uint32_t out_len, uint8_t *out) { - uint8_t digest[SHA_DIGEST_MAX_BYTES]; + union sha_digests digest; const uint16_t digest_len = _cpri__GetDigestSize(alg); if (digest_len == 0) @@ -65,17 +65,17 @@ uint16_t _cpri__HashBlock(TPM_ALG_ID alg, uint32_t in_len, uint8_t *in, switch (alg) { case TPM_ALG_SHA1: - DCRYPTO_SHA1_hash(in, in_len, digest); + SHA1_hw_hash(in, in_len, &digest.sha1); break; case TPM_ALG_SHA256: - DCRYPTO_SHA256_hash(in, in_len, digest); + SHA256_hw_hash(in, in_len, &digest.sha256); break; case TPM_ALG_SHA384: - DCRYPTO_SHA384_hash(in, in_len, digest); + SHA384_hw_hash(in, in_len, &digest.sha384); break; case TPM_ALG_SHA512: - DCRYPTO_SHA512_hash(in, in_len, digest); + SHA512_hw_hash(in, in_len, &digest.sha512); break; default: FAIL(FATAL_ERROR_INTERNAL); @@ -83,16 +83,16 @@ uint16_t _cpri__HashBlock(TPM_ALG_ID alg, uint32_t in_len, uint8_t *in, } out_len = MIN(out_len, digest_len); - memcpy(out, digest, out_len); + memcpy(out, digest.b8, out_len); return out_len; } -BUILD_ASSERT(sizeof(struct HASH_CTX) <= +BUILD_ASSERT(sizeof(union hash_ctx) <= sizeof(((CPRI_HASH_STATE *)0)->state)); uint16_t _cpri__StartHash(TPM_ALG_ID alg, BOOL sequence, CPRI_HASH_STATE *state) { - struct HASH_CTX *ctx = (struct HASH_CTX *) state->state; + union hash_ctx *ctx = (union hash_ctx *) state->state; uint16_t result; /* NOTE: as per bug http://crosbug.com/p/55331#26 (NVMEM @@ -103,20 +103,20 @@ uint16_t _cpri__StartHash(TPM_ALG_ID alg, BOOL sequence, */ switch (alg) { case TPM_ALG_SHA1: - DCRYPTO_SHA1_init(ctx, 1); + SHA1_sw_init(&ctx->sha1); result = HASH_size(ctx); break; case TPM_ALG_SHA256: - DCRYPTO_SHA256_init(ctx, 1); + SHA256_sw_init(&ctx->sha256); result = HASH_size(ctx); break; case TPM_ALG_SHA384: - DCRYPTO_SHA384_init(ctx); + SHA384_sw_init(&ctx->sha384); result = HASH_size(ctx); break; case TPM_ALG_SHA512: - DCRYPTO_SHA512_init(ctx); + SHA512_sw_init(&ctx->sha512); result = HASH_size(ctx); break; default: @@ -133,7 +133,7 @@ uint16_t _cpri__StartHash(TPM_ALG_ID alg, BOOL sequence, void _cpri__UpdateHash(CPRI_HASH_STATE *state, uint32_t in_len, BYTE *in) { - struct HASH_CTX *ctx = (struct HASH_CTX *) state->state; + union hash_ctx *ctx = (union hash_ctx *) state->state; HASH_update(ctx, in, in_len); } @@ -141,10 +141,10 @@ void _cpri__UpdateHash(CPRI_HASH_STATE *state, uint32_t in_len, uint16_t _cpri__CompleteHash(CPRI_HASH_STATE *state, uint32_t out_len, uint8_t *out) { - struct HASH_CTX *ctx = (struct HASH_CTX *) state->state; + union hash_ctx *ctx = (union hash_ctx *) state->state; out_len = MIN(HASH_size(ctx), out_len); - memcpy(out, HASH_final(ctx), out_len); + memcpy(out, HASH_final(ctx)->b8, out_len); return out_len; } @@ -294,7 +294,7 @@ static uint16_t do_software_hmac(TPM_ALG_ID alg, uint32_t in_len, uint8_t *in, static uint16_t do_dcrypto_hmac(TPM_ALG_ID alg, uint32_t in_len, uint8_t *in, int32_t out_len, uint8_t *out) { - LITE_HMAC_CTX ctx; + struct hmac_sha256_ctx ctx; uint8_t *key; uint32_t key_len; @@ -304,10 +304,10 @@ static uint16_t do_dcrypto_hmac(TPM_ALG_ID alg, uint32_t in_len, key = in + in_len; key_len = *key++; key_len = key_len * 256 + *key++; - DCRYPTO_HMAC_SHA256_init(&ctx, key, key_len); - HASH_update(&ctx.hash, in, in_len); + HMAC_SHA256_hw_init(&ctx, key, key_len); + HMAC_SHA256_update(&ctx, in, in_len); out_len = MIN(out_len, SHA256_DIGEST_SIZE); - memcpy(out, DCRYPTO_HMAC_final(&ctx), out_len); + memcpy(out, HMAC_SHA256_hw_final(&ctx), out_len); return out_len; } @@ -382,7 +382,7 @@ static void hash_command_handler(void *cmd_body, case HASH_ALG_SHA256: alg = TPM_ALG_SHA256; break; -#ifdef SHA512_SUPPORT +#ifdef CONFIG_UPTO_SHA512 case HASH_ALG_SHA384: alg = TPM_ALG_SHA384; break; diff --git a/board/cr50/tpm2/rsa.c b/board/cr50/tpm2/rsa.c index 70e14fba97..9d15d66823 100644 --- a/board/cr50/tpm2/rsa.c +++ b/board/cr50/tpm2/rsa.c @@ -396,11 +396,11 @@ CRYPT_RESULT _cpri__GenerateKeyRSA( } else #endif { - LITE_HMAC_CTX hmac; + struct hmac_sha256_ctx hmac; - DCRYPTO_HMAC_SHA256_init(&hmac, seed->buffer, seed->size); - HASH_update(&hmac.hash, "RSA", 4); - memcpy(local_seed.t.buffer, DCRYPTO_HMAC_final(&hmac), + HMAC_SHA256_hw_init(&hmac, seed->buffer, seed->size); + HMAC_SHA256_update(&hmac, "RSA", 4); + memcpy(local_seed.t.buffer, HMAC_SHA256_hw_final(&hmac), local_seed.t.size); } diff --git a/board/cr50/tpm2/virtual_nvmem.c b/board/cr50/tpm2/virtual_nvmem.c index ef2bf62300..dc65d75f46 100644 --- a/board/cr50/tpm2/virtual_nvmem.c +++ b/board/cr50/tpm2/virtual_nvmem.c @@ -9,7 +9,7 @@ #include "board_id.h" #include "console.h" -#include "cryptoc/sha256.h" +#include "dcrypto.h" #include "link_defs.h" #include "rma_auth.h" #include "sn_bits.h" @@ -300,16 +300,16 @@ BUILD_ASSERT(VIRTUAL_NV_INDEX_G2F_CERT_SIZE == G2F_ATTESTATION_CERT_MAX_LEN); static void GetRSUDevID(BYTE *to, size_t offset, size_t size) { - LITE_SHA256_CTX ctx; + struct sha256_ctx ctx; uint8_t rma_device_id[RMA_DEVICE_ID_SIZE]; const uint8_t *rsu_device_id; get_rma_device_id(rma_device_id); - SHA256_init(&ctx); - HASH_update(&ctx, rma_device_id, sizeof(rma_device_id)); - HASH_update(&ctx, kRsuSalt, RSU_SALT_SIZE); - rsu_device_id = HASH_final(&ctx); + SHA256_hw_init(&ctx); + SHA256_update(&ctx, rma_device_id, sizeof(rma_device_id)); + SHA256_update(&ctx, kRsuSalt, RSU_SALT_SIZE); + rsu_device_id = SHA256_final(&ctx)->b8; memcpy(to, rsu_device_id + offset, size); } |