Skip to content

Commit 99fbb3f

Browse files
siemen11nasahlpa
siemen11
authored and
nasahlpa
committed
[crypto/hmac] Create secure buffer in _redundant
There was a bug where in the _redundant call, the OTCRYPTO_MAKE_BUF macro was not used, hence hmac on high security failed on an integrity check. Also fix the redundant_tag_data size to be the max size avoiding a VLA. Signed-off-by: Siemen Dhooghe <sdhooghe@google.com>
1 parent 8c33145 commit 99fbb3f

2 files changed

Lines changed: 12 additions & 18 deletions

File tree

sw/device/lib/crypto/drivers/hmac.c

Lines changed: 6 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -538,10 +538,8 @@ status_t hmac_hmac_sha256_redundant(const hmac_key_t *key,
538538

539539
uint32_t h_i_key_pad_msg[kHmacSha256DigestWords];
540540
memset(h_i_key_pad_msg, 0, sizeof(h_i_key_pad_msg));
541-
otcrypto_word32_buf_t inner_digest = {
542-
.data = h_i_key_pad_msg,
543-
.len = kHmacSha256DigestWords,
544-
};
541+
otcrypto_word32_buf_t inner_digest = OTCRYPTO_MAKE_BUF(
542+
otcrypto_word32_buf_t, h_i_key_pad_msg, kHmacSha256DigestWords);
545543
HARDENED_TRY(hmac_final(&ctx, &inner_digest));
546544

547545
// hmac = H(o_key_pad || h_i_key_pad_msg).
@@ -594,10 +592,8 @@ status_t hmac_hmac_sha384_redundant(const hmac_key_t *key,
594592

595593
uint32_t h_i_key_pad_msg[kHmacSha384DigestWords];
596594
memset(h_i_key_pad_msg, 0, sizeof(h_i_key_pad_msg));
597-
otcrypto_word32_buf_t inner_digest = {
598-
.data = h_i_key_pad_msg,
599-
.len = kHmacSha384DigestWords,
600-
};
595+
otcrypto_word32_buf_t inner_digest = OTCRYPTO_MAKE_BUF(
596+
otcrypto_word32_buf_t, h_i_key_pad_msg, kHmacSha384DigestWords);
601597
HARDENED_TRY(hmac_final(&ctx, &inner_digest));
602598

603599
// hmac = H(o_key_pad || h_i_key_pad_msg).
@@ -650,10 +646,8 @@ status_t hmac_hmac_sha512_redundant(const hmac_key_t *key,
650646

651647
uint32_t h_i_key_pad_msg[kHmacSha512DigestWords];
652648
memset(h_i_key_pad_msg, 0, sizeof(h_i_key_pad_msg));
653-
otcrypto_word32_buf_t inner_digest = {
654-
.data = h_i_key_pad_msg,
655-
.len = kHmacSha512DigestWords,
656-
};
649+
otcrypto_word32_buf_t inner_digest = OTCRYPTO_MAKE_BUF(
650+
otcrypto_word32_buf_t, h_i_key_pad_msg, kHmacSha512DigestWords);
657651
HARDENED_TRY(hmac_final(&ctx, &inner_digest));
658652

659653
// hmac = H(o_key_pad || h_i_key_pad_msg).

sw/device/lib/crypto/impl/hmac.c

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -254,7 +254,7 @@ otcrypto_status_t otcrypto_hmac(const otcrypto_blinded_key_t *key,
254254
kOtcryptoKeySecurityLevelMedium);
255255
HARDENED_TRY(hmac_hmac_sha256_cl(&hmac_key, input_message, tag));
256256
// Second HMAC computation using the HMAC core.
257-
uint32_t tag_redundant_data[tag->len];
257+
uint32_t tag_redundant_data[kHmacSha256DigestWords];
258258
otcrypto_word32_buf_t tag_redundant = OTCRYPTO_MAKE_BUF(
259259
otcrypto_word32_buf_t, tag_redundant_data, tag->len);
260260
hmac_key_t hmac_key_redundant;
@@ -276,7 +276,7 @@ otcrypto_status_t otcrypto_hmac(const otcrypto_blinded_key_t *key,
276276
// First HMAC computation using the HMAC core.
277277
HARDENED_TRY(hmac_hmac_sha256_cl(&hmac_key, input_message, tag));
278278
// Second HMAC computation without using the HMAC core.
279-
uint32_t tag_redundant_data[tag->len];
279+
uint32_t tag_redundant_data[kHmacSha256DigestWords];
280280
otcrypto_word32_buf_t tag_redundant = OTCRYPTO_MAKE_BUF(
281281
otcrypto_word32_buf_t, tag_redundant_data, tag->len);
282282
hmac_key_t hmac_key_redundant;
@@ -308,7 +308,7 @@ otcrypto_status_t otcrypto_hmac(const otcrypto_blinded_key_t *key,
308308
kOtcryptoKeySecurityLevelMedium);
309309
HARDENED_TRY(hmac_hmac_sha384(&hmac_key, input_message, tag));
310310
// Second HMAC computation using the HMAC core.
311-
uint32_t tag_redundant_data[tag->len];
311+
uint32_t tag_redundant_data[kHmacSha384DigestWords];
312312
otcrypto_word32_buf_t tag_redundant = OTCRYPTO_MAKE_BUF(
313313
otcrypto_word32_buf_t, tag_redundant_data, tag->len);
314314
hmac_key_t hmac_key_redundant;
@@ -330,7 +330,7 @@ otcrypto_status_t otcrypto_hmac(const otcrypto_blinded_key_t *key,
330330
// First HMAC computation using the HMAC core.
331331
HARDENED_TRY(hmac_hmac_sha384(&hmac_key, input_message, tag));
332332
// Second HMAC computation without using the HMAC core.
333-
uint32_t tag_redundant_data[tag->len];
333+
uint32_t tag_redundant_data[kHmacSha384DigestWords];
334334
otcrypto_word32_buf_t tag_redundant = OTCRYPTO_MAKE_BUF(
335335
otcrypto_word32_buf_t, tag_redundant_data, tag->len);
336336
hmac_key_t hmac_key_redundant;
@@ -362,7 +362,7 @@ otcrypto_status_t otcrypto_hmac(const otcrypto_blinded_key_t *key,
362362
kOtcryptoKeySecurityLevelMedium);
363363
HARDENED_TRY(hmac_hmac_sha512(&hmac_key, input_message, tag));
364364
// Second HMAC computation using the HMAC core.
365-
uint32_t tag_redundant_data[tag->len];
365+
uint32_t tag_redundant_data[kHmacSha512DigestWords];
366366
otcrypto_word32_buf_t tag_redundant = OTCRYPTO_MAKE_BUF(
367367
otcrypto_word32_buf_t, tag_redundant_data, tag->len);
368368
hmac_key_t hmac_key_redundant;
@@ -384,7 +384,7 @@ otcrypto_status_t otcrypto_hmac(const otcrypto_blinded_key_t *key,
384384
// First HMAC computation using the HMAC core.
385385
HARDENED_TRY(hmac_hmac_sha512(&hmac_key, input_message, tag));
386386
// Second HMAC computation without using the HMAC core.
387-
uint32_t tag_redundant_data[tag->len];
387+
uint32_t tag_redundant_data[kHmacSha512DigestWords];
388388
otcrypto_word32_buf_t tag_redundant = OTCRYPTO_MAKE_BUF(
389389
otcrypto_word32_buf_t, tag_redundant_data, tag->len);
390390
hmac_key_t hmac_key_redundant;

0 commit comments

Comments
 (0)