From cd5745f99c4a2afb8c4b41f97a0852846378e2d8 Mon Sep 17 00:00:00 2001
From: nagendra modadugu <ngm@google.com>
Date: Mon, 8 Feb 2016 21:49:25 -0800
Subject: CR50: Include NUL byte from label for OAEP pad calculation

If a label is specified, then the NUL terminating
character is considered part of the label per the
TPM2 implementation.

BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
TEST=tests under test/tpm2/ pass.

Change-Id: If5fccc293f7ab52fd6c33e2f3c38695c2921d919
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/326910
Commit-Ready: Nagendra Modadugu <ngm@google.com>
Tested-by: Marius Schilder <mschilder@chromium.org>
Tested-by: Nagendra Modadugu <ngm@google.com>
Reviewed-by: Marius Schilder <mschilder@chromium.org>
---
 chip/g/dcrypto/rsa.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/chip/g/dcrypto/rsa.c b/chip/g/dcrypto/rsa.c
index b6128923ef..92e9af4c59 100644
--- a/chip/g/dcrypto/rsa.c
+++ b/chip/g/dcrypto/rsa.c
@@ -91,7 +91,7 @@ static int oaep_pad(uint8_t *output, uint32_t output_len,
 	else
 		DCRYPTO_SHA256_init(&ctx, 0);
 
-	DCRYPTO_HASH_update(&ctx, label, label ? strlen(label) : 0);
+	DCRYPTO_HASH_update(&ctx, label, label ? strlen(label) + 1 : 0);
 	memcpy(phash, DCRYPTO_HASH_final(&ctx), hash_size);
 	*one = 1;
 	memcpy(one + 1, msg, msg_len);
@@ -131,7 +131,7 @@ static int check_oaep_pad(uint8_t *out, uint32_t *out_len,
 		DCRYPTO_SHA1_init(&ctx, 0);
 	else
 		DCRYPTO_SHA256_init(&ctx, 0);
-	DCRYPTO_HASH_update(&ctx, label, label ? strlen(label) : 0);
+	DCRYPTO_HASH_update(&ctx, label, label ? strlen(label) + 1 : 0);
 
 	bad = memcmp(phash, DCRYPTO_HASH_final(&ctx), hash_size);
 	bad |= padded[0];
-- 
cgit v1.2.1