diff options
Diffstat (limited to 'common/fpsensor/fpsensor_crypto.c')
-rw-r--r-- | common/fpsensor/fpsensor_crypto.c | 40 |
1 files changed, 23 insertions, 17 deletions
diff --git a/common/fpsensor/fpsensor_crypto.c b/common/fpsensor/fpsensor_crypto.c index 73d7aca681..257042197e 100644 --- a/common/fpsensor/fpsensor_crypto.c +++ b/common/fpsensor/fpsensor_crypto.c @@ -1,4 +1,4 @@ -/* Copyright 2019 The Chromium OS Authors. All rights reserved. +/* Copyright 2019 The ChromiumOS Authors * Use of this source code is governed by a BSD-style license that can be * found in the LICENSE file. */ @@ -17,7 +17,7 @@ #error "fpsensor requires AES, AES_GCM and ROLLBACK_SECRET_SIZE" #endif -static int get_ikm(uint8_t *ikm) +test_export_static int get_ikm(uint8_t *ikm) { int ret; @@ -44,6 +44,14 @@ static int get_ikm(uint8_t *ikm) return EC_SUCCESS; } +test_mockable void compute_hmac_sha256(uint8_t *output, const uint8_t *key, + const int key_len, + const uint8_t *message, + const int message_len) +{ + hmac_SHA256(output, key, key_len, message, message_len); +} + static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size, const uint8_t *ikm, size_t ikm_size) { @@ -51,12 +59,12 @@ static void hkdf_extract(uint8_t *prk, const uint8_t *salt, size_t salt_size, * Derive a key with the "extract" step of HKDF * https://tools.ietf.org/html/rfc5869#section-2.2 */ - hmac_SHA256(prk, salt, salt_size, ikm, ikm_size); + compute_hmac_sha256(prk, salt, salt_size, ikm, ikm_size); } static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, - uint8_t *prk, size_t prk_size, - uint8_t *info, size_t info_size) + uint8_t *prk, size_t prk_size, uint8_t *info, + size_t info_size) { uint8_t key_buf[SHA256_DIGEST_SIZE]; uint8_t message_buf[SHA256_DIGEST_SIZE + 1]; @@ -75,7 +83,7 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, memcpy(message_buf, info, info_size); /* 1 step, set the counter byte to 1. */ message_buf[info_size] = 0x01; - hmac_SHA256(key_buf, prk, prk_size, message_buf, info_size + 1); + compute_hmac_sha256(key_buf, prk, prk_size, message_buf, info_size + 1); memcpy(out_key, key_buf, out_key_size); always_memset(key_buf, 0, sizeof(key_buf)); @@ -83,8 +91,8 @@ static int hkdf_expand_one_step(uint8_t *out_key, size_t out_key_size, return EC_SUCCESS; } -int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, - size_t prk_size, const uint8_t *info, size_t info_size) +int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, size_t prk_size, + const uint8_t *info, size_t info_size) { /* * "Expand" step of HKDF. @@ -123,8 +131,8 @@ int hkdf_expand(uint8_t *out_key, size_t L, const uint8_t *prk, memcpy(info_buffer, T, T_len); memcpy(info_buffer + T_len, info, info_size); info_buffer[T_len + info_size] = count; - hmac_SHA256(T_buffer, prk, prk_size, info_buffer, - T_len + info_size + sizeof(count)); + compute_hmac_sha256(T_buffer, prk, prk_size, info_buffer, + T_len + info_size + sizeof(count)); memcpy(out_key, T_buffer, block_size); T += T_len; @@ -216,11 +224,9 @@ int derive_encryption_key(uint8_t *out_key, const uint8_t *salt) return ret; } -int aes_gcm_encrypt(const uint8_t *key, int key_size, - const uint8_t *plaintext, - uint8_t *ciphertext, int text_size, - const uint8_t *nonce, int nonce_size, - uint8_t *tag, int tag_size) +int aes_gcm_encrypt(const uint8_t *key, int key_size, const uint8_t *plaintext, + uint8_t *ciphertext, int text_size, const uint8_t *nonce, + int nonce_size, uint8_t *tag, int tag_size) { int res; AES_KEY aes_key; @@ -251,8 +257,8 @@ int aes_gcm_encrypt(const uint8_t *key, int key_size, int aes_gcm_decrypt(const uint8_t *key, int key_size, uint8_t *plaintext, const uint8_t *ciphertext, int text_size, - const uint8_t *nonce, int nonce_size, - const uint8_t *tag, int tag_size) + const uint8_t *nonce, int nonce_size, const uint8_t *tag, + int tag_size) { int res; AES_KEY aes_key; |