Fix computing HMAC of key path.

Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>

src/fido/cmd_authenticate.c

@@ -53,9 +53,12 @@ int cmd_authenticate() {
         mbedtls_ecdsa_free(&key);
         if (ret != 0)
             return SW_WRONG_DATA();
-        ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), d, 32, req->appId, 32, hmac);
+        uint8_t key_base[U2F_APPID_SIZE + KEY_PATH_LEN];
+        memcpy(key_base, req->appId, U2F_APPID_SIZE);
+        memcpy(key_base + U2F_APPID_SIZE, req->keyHandle, KEY_PATH_LEN);
+        ret = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), d, 32, key_base, sizeof(key_base), hmac);
         mbedtls_platform_zeroize(d, sizeof(d));
-        if (memcmp(req->keyHandle + 32, hmac, sizeof(hmac)) != 0)
+        if (memcmp(req->keyHandle + KEY_HANDLE_LEN, hmac, sizeof(hmac)) != 0)
             return SW_WRONG_DATA();
         return SW_CONDITIONS_NOT_SATISFIED();
     }

src/fido/fido.c

@@ -111,10 +111,15 @@ int derive_key(const uint8_t *app_id, bool new_key, uint8_t *key_handle, mbedtls
             return r;
         }
     }
-    if (new_key == true && (r = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), outk, 32, app_id, 32, key_handle + 32)) != 0)
+    if (new_key == true) {
-    {
+        uint8_t key_base[U2F_APPID_SIZE + KEY_PATH_LEN];
-        mbedtls_platform_zeroize(outk, sizeof(outk));
+        memcpy(key_base, app_id, U2F_APPID_SIZE);
-        return r;
+        memcpy(key_base + U2F_APPID_SIZE, key_handle, KEY_PATH_LEN);
+        if ((r = mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256), outk, 32, key_base, sizeof(key_base), key_handle + 32)) != 0)
+        {
+            mbedtls_platform_zeroize(outk, sizeof(outk));
+            return r;
+        }
     }
     if (key != NULL) {
         mbedtls_ecp_group_load(&key->grp, MBEDTLS_ECP_DP_SECP256R1);