diff options
| author | Vincent Palatin <vpalatin@chromium.org> | 2017-06-30 14:40:38 +0200 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2017-07-03 02:39:31 -0700 |
| commit | 1ce98319dddf7706bdf76c0a85075b1289d1766c (patch) | |
| tree | fe536a6cbb25f54fe8bea667ec66f274cb4acc1b /board/cr50/u2f.c | |
| parent | a26ab019b05f6da69f671da7c93ed6dae467aa21 (diff) | |
| download | chrome-ec-1ce98319dddf7706bdf76c0a85075b1289d1766c.tar.gz | |
cr50: ensure the hash sizes are correct in U2F code
cr50 has CONFIG_UPTO_SHA512 defined, so the SHA digest size might be
larger than one might think ;-)
Set the right size for the operations using SHA-256 in the u2f code.
Signed-off-by: Vincent Palatin <vpalatin@chromium.org>
BRANCH=cr50
BUG=b:35545754
TEST=pass U2FTest.
Change-Id: Ica71da5b9b61f324ce3af3652e9ff7a17fac3432
Reviewed-on: https://chromium-review.googlesource.com/558087
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Diffstat (limited to 'board/cr50/u2f.c')
| -rw-r--r-- | board/cr50/u2f.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/board/cr50/u2f.c b/board/cr50/u2f.c index e6f4861e1d..26fc3c10ce 100644 --- a/board/cr50/u2f.c +++ b/board/cr50/u2f.c @@ -143,7 +143,7 @@ static int _derive_key(enum dcrypto_appid appid, const uint32_t input[8], int u2f_origin_keypair(uint8_t *seed, p256_int *d, p256_int *pk_x, p256_int *pk_y) { - uint32_t tmp[8]; + uint32_t tmp[P256_NDIGITS]; do { if (!DCRYPTO_ladder_random(seed)) @@ -159,7 +159,7 @@ int u2f_origin_keypair(uint8_t *seed, p256_int *d, int u2f_origin_key(const uint8_t *seed, p256_int *d) { - uint32_t tmp[8]; + uint32_t tmp[P256_NDIGITS]; memcpy(tmp, seed, sizeof(tmp)); if (!_derive_key(U2F_ORIGIN, tmp, tmp)) @@ -170,7 +170,7 @@ int u2f_origin_key(const uint8_t *seed, p256_int *d) int u2f_gen_kek(const uint8_t *origin, uint8_t *kek, size_t key_len) { - uint32_t buf[8]; + uint32_t buf[P256_NDIGITS]; if (key_len != sizeof(buf)) return EC_ERROR_UNKNOWN; @@ -183,7 +183,7 @@ int u2f_gen_kek(const uint8_t *origin, uint8_t *kek, size_t key_len) int g2f_individual_keypair(p256_int *d, p256_int *pk_x, p256_int *pk_y) { - uint8_t buf[32]; + uint8_t buf[SHA256_DIGEST_SIZE]; /* Incorporate HIK & diversification constant */ if (!_derive_key(U2F_ATTEST, salt, (uint32_t *)buf)) @@ -195,7 +195,7 @@ int g2f_individual_keypair(p256_int *d, p256_int *pk_x, p256_int *pk_y) DCRYPTO_SHA256_init(&sha, 0); HASH_update(&sha, buf, sizeof(buf)); - memcpy(buf, HASH_final(&sha), SHA_DIGEST_MAX_BYTES); + memcpy(buf, HASH_final(&sha), sizeof(buf)); } return EC_SUCCESS; |