dearsky/pico-fido
1
0
Fork 0
Code Issues 46 Pull Requests 1 Actions Packages Projects Releases 22 Wiki Activity

Fix computing HMAC of key path.

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2022-09-06 21:35:23 +02:00
parent 046706058d
commit dda5c25e85
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/fido/cmd_authenticate.c
View File

@@ -53,9 +53,12 @@ int cmd_authenticate() {
mbedtls_ecdsa_free(&key);
if (ret != 0)
return SW_WRONG_DATA();
ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), d, 32, req->appId, 32, hmac);
uint8_t key_base[U2F_APPID_SIZE + KEY_PATH_LEN];
memcpy(key_base, req->appId, U2F_APPID_SIZE);
memcpy(key_base + U2F_APPID_SIZE, req->keyHandle, KEY_PATH_LEN);
ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), d, 32, key_base, sizeof(key_base), hmac);
mbedtls_platform_zeroize(d, sizeof(d));
if (memcmp(req->keyHandle + 32, hmac, sizeof(hmac)) != 0)
if (memcmp(req->keyHandle + KEY_HANDLE_LEN, hmac, sizeof(hmac)) != 0)
return SW_WRONG_DATA();
return SW_CONDITIONS_NOT_SATISFIED();
}