diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-07 19:28:33 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-09-08 17:06:44 +0000 |
| commit | 2cb1847d5c0b53abe4aaa346ddc12ffe17e16006 (patch) | |
| tree | b9d5a24e05f205a72ae19858e06197794dfdc262 | |
| parent | 961fed4862bc8acc55530ef11e4da55dcd792738 (diff) | |
| download | chrome-ec-2cb1847d5c0b53abe4aaa346ddc12ffe17e16006.tar.gz | |
cr50: fix u2f after cl:3125994
Since https://crrev.com/c/3125994 and https://crrev.com/c/3119223 were
in review at the same time and landed one after another, check for
result of DCRYPTO_equals() wasn't properly updated.
This is a fix addressing that DCRYPTO_equals() now returns DCRYPTO_OK
instead of 1 in case of matching values.
BUG=none
TEST=make BOARD=cr50 CRYPTO_TEST=1; ccd - u2f_test
test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I582906f9a6be57e1d645370377caa5e5ab3e2481
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3146593
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
| -rw-r--r-- | board/cr50/u2f.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/board/cr50/u2f.c b/board/cr50/u2f.c index 78bc25c01f..04a0ab7963 100644 --- a/board/cr50/u2f.c +++ b/board/cr50/u2f.c @@ -294,8 +294,7 @@ enum ec_error_list u2f_authorize_keyhandle( * zero, and other results - zero or non-zero will be detected. */ result |= DCRYPTO_equals(&recreated_hmac, kh_hmac, - sizeof(recreated_hmac)) - - 1; + sizeof(recreated_hmac)) - DCRYPTO_OK; always_memset(recreated_hmac, 0, sizeof(recreated_hmac)); @@ -304,8 +303,7 @@ enum ec_error_list u2f_authorize_keyhandle( recreated_hmac); result |= DCRYPTO_equals(&recreated_hmac, kh->v1.authorization_hmac, - sizeof(recreated_hmac)) - - 1; + sizeof(recreated_hmac)) - DCRYPTO_OK; always_memset(recreated_hmac, 0, sizeof(recreated_hmac)); } @@ -348,7 +346,7 @@ u2f_attest_keyhandle_pubkey(const struct u2f_state *state, ccprintf("provided key %ph\n", HEX_BUF(public_key, sizeof(kh_pubkey))); #endif return (DCRYPTO_equals(&kh_pubkey, public_key, - sizeof(struct u2f_ec_point)) == 1) ? + sizeof(struct u2f_ec_point)) == DCRYPTO_OK) ? EC_SUCCESS : EC_ERROR_ACCESS_DENIED; } |