diff options
author | Bobby Casey <bobbycasey@google.com> | 2022-08-17 22:02:29 -0400 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2022-08-30 15:09:02 +0000 |
commit | 233e6bbd0837f0dd5008f6115d17cf726d24c72d (patch) | |
tree | 8fd6c5ab6f6f4cd9e4575749d4165584d3b08123 | |
parent | 3889c96f16bb7acce7117e35e64b1807b080c52f (diff) | |
download | chrome-ec-233e6bbd0837f0dd5008f6115d17cf726d24c72d.tar.gz |
fpsensor_crypto: Abstract calls to hmac_SHA256
For testing purposes it is desirable to have a single location where all
calls to hmac_SHA256 are called. Doing so makes mocking or replacing
calls much easier.
BRANCH=none
BUG=b:242720910
TEST=make run-fpsensor_crypto
Signed-off-by: Bobby Casey <bobbycasey@google.com>
Change-Id: Icc158b3e895da11d072c65a19a36f3e1b29bca14
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3838934
Reviewed-by: Tom Hughes <tomhughes@chromium.org>
-rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 14 |
1 files changed, 10 insertions, 4 deletions
diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index c4e79e9495..ad1de6eeeb 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -44,6 +44,12 @@ static int get_ikm(uint8_t *ikm) return EC_SUCCESS; } +void compute_hmac_sha256(uint8_t *output, const uint8_t *key, const int key_len, + const uint8_t *message, const int message_len) +{ + hmac_SHA256(output, key, key_len, message, message_len); +} + static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size, const uint8_t *ikm, size_t ikm_size) { @@ -51,7 +57,7 @@ static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size, * Derive a key with the "extract" step of HKDF * https://tools.ietf.org/html/rfc5869#section-2.2 */ - hmac_SHA256(prk, salt, salt_size, ikm, ikm_size); + compute_hmac_sha256(prk, salt, salt_size, ikm, ikm_size); } static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, @@ -75,7 +81,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, memcpy(message_buf, info, info_size); /* 1 step, set the counter byte to 1. */ message_buf[info_size] = 0x01; - hmac_SHA256(key_buf, prk, prk_size, message_buf, info_size + 1); + compute_hmac_sha256(key_buf, prk, prk_size, message_buf, info_size + 1); memcpy(out_key, key_buf, out_key_size); always_memset(key_buf, 0, sizeof(key_buf)); @@ -123,8 +129,8 @@ int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, size_t prk_size, memcpy(info_buffer, T, T_len); memcpy(info_buffer + T_len, info, info_size); info_buffer[T_len + info_size] = count; - hmac_SHA256(T_buffer, prk, prk_size, info_buffer, - T_len + info_size + sizeof(count)); + compute_hmac_sha256(T_buffer, prk, prk_size, info_buffer, + T_len + info_size + sizeof(count)); memcpy(out_key, T_buffer, block_size); T += T_len; |