diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-10-14 13:48:33 -0700 |
---|---|---|
committer | Commit Bot <commit-bot@chromium.org> | 2021-10-19 05:49:13 +0000 |
commit | 0e1a9e1988c0892971313eff6bc34803e9e8b026 (patch) | |
tree | e6f9dbcd2c17d1cb6f800b1296cc612b338afbbb /navbar.md | |
parent | 6bf3837d7e6d2610e4a8a1fbeb10e934320160f9 (diff) | |
download | chrome-ec-0e1a9e1988c0892971313eff6bc34803e9e8b026.tar.gz |
cr50: better cleaning of residual data in case of U2F failures
u2f_generate() may return partially initialized key handle in case of
ECDSA error, and u2f_sign() and u2f_attest() may return garbage in the
signature. While error codes are properly handled by the callers, it
is better to implement defense in depth and clean all residual data.
This is also helpful for FIPS testing demo when actual zeroes are more
convincing than just error codes. Example is proposed method for ECDSA
pair-wise consistency testing, when injection of error in PWCT should
result in clearly visible error status.
BUG=b:198219806
TEST=make BOARD=cr50 CRYPTO_TEST=1 U2F_TEST=1
fips pwct
u2f_test - should return zero in key handle, public key and signatures.
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I7ad0c69563a215aade00d495c0623f6c6e00b755
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3224360
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'navbar.md')
0 files changed, 0 insertions, 0 deletions