Skip to content

Commit

Permalink
src: Fix cx call WARN_UNUSED_RESULT warnings
Browse files Browse the repository at this point in the history
  • Loading branch information
Xavier Chapron committed Dec 19, 2023
1 parent 35b2cd6 commit 82281d7
Show file tree
Hide file tree
Showing 4 changed files with 73 additions and 45 deletions.
10 changes: 10 additions & 0 deletions include/crypto.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,16 @@
#ifndef __CRYPTO_H__
#define __CRYPTO_H__

/**
* Wrapper around cx_hash_no_throw with an assert in case of failure
*/
void crypto_hash(cx_hash_t *hash,
uint32_t mode,
const uint8_t *in,
size_t len,
uint8_t *out,
size_t out_len);

/**
* Compare two buffer a and b.
* Return true if they match, else false.
Expand Down
17 changes: 15 additions & 2 deletions src/crypto.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@

#include "os.h"
#include "cx.h"
#include "ledger_assert.h"

#include "config.h"
#include "crypto_data.h"
Expand All @@ -30,6 +31,18 @@
#define ROLE_CRED_RANDOM_KEY_UV 1
#define ROLE_CRED_RANDOM_KEY_NO_UV 2

void crypto_hash(cx_hash_t *hash,
uint32_t mode,
const uint8_t *in,
size_t len,
uint8_t *out,
size_t out_len) {
cx_err_t cx_err;

cx_err = cx_hash_no_throw(hash, mode, in, len, out, out_len);
LEDGER_ASSERT(cx_err == CX_OK, "cx_hash_no_throw fail");
}

bool crypto_compare(const uint8_t *a, const uint8_t *b, uint16_t length) {
uint16_t given_length = length;
uint8_t status = 0;
Expand All @@ -56,8 +69,8 @@ void crypto_compute_sha256(const uint8_t *in1,
cx_sha256_t hash;

cx_sha256_init(&hash);
cx_hash_no_throw(&hash.header, 0, in1, in1_len, NULL, 0);
cx_hash_no_throw(&hash.header, CX_LAST, in2, in2_len, out, CX_SHA256_SIZE);
crypto_hash(&hash.header, 0, in1, in1_len, NULL, 0);
crypto_hash(&hash.header, CX_LAST, in2, in2_len, out, CX_SHA256_SIZE);
}

int crypto_generate_private_key(const uint8_t *nonce,
Expand Down
18 changes: 14 additions & 4 deletions src/ctap2_client_pin.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

#include "os.h"
#include "cx.h"
#include "ledger_assert.h"

#include "ctap2.h"
#include "config.h"
Expand Down Expand Up @@ -177,10 +178,19 @@ bool ctap2_client_pin_verify(int protocol,
cx_hmac_sha256(key, keyLen, msg, msgLength, hmacValue, CX_SHA256_SIZE);
} else {
cx_hmac_sha256_t hmac;

cx_hmac_sha256_init_no_throw(&hmac, key, keyLen);
cx_hmac_no_throw((cx_hmac_t *) &hmac, 0, msg, msgLength, NULL, 0);
cx_hmac_no_throw((cx_hmac_t *) &hmac, CX_LAST, msg2, msg2Len, hmacValue, CX_SHA256_SIZE);
cx_err_t cx_err;

cx_err = cx_hmac_sha256_init_no_throw(&hmac, key, keyLen);
LEDGER_ASSERT(cx_err == CX_OK, "cx_hmac_sha256_init_no_throw fail");
cx_err = cx_hmac_no_throw((cx_hmac_t *) &hmac, 0, msg, msgLength, NULL, 0);
LEDGER_ASSERT(cx_err == CX_OK, "cx_hmac_no_throw fail");
cx_err = cx_hmac_no_throw((cx_hmac_t *) &hmac,
CX_LAST,
msg2,
msg2Len,
hmacValue,
CX_SHA256_SIZE);
LEDGER_ASSERT(cx_err == CX_OK, "cx_hmac_no_throw fail");
}

if (!crypto_compare(signature, hmacValue, signatureLength)) {
Expand Down
73 changes: 34 additions & 39 deletions src/u2f_processing.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -226,26 +226,26 @@ static void u2f_compute_enroll_response_hash(u2f_reg_resp_base_t *reg_resp_base,
cx_sha256_t hash;

cx_sha256_init(&hash);
cx_hash_no_throw(&hash.header, 0, DUMMY_ZERO, 1, NULL, 0);
cx_hash_no_throw(&hash.header,
0,
globals_get_u2f_data()->application_param,
sizeof(globals_get_u2f_data()->application_param),
NULL,
0);
cx_hash_no_throw(&hash.header,
0,
globals_get_u2f_data()->challenge_param,
sizeof(globals_get_u2f_data()->challenge_param),
NULL,
0);
cx_hash_no_throw(&hash.header, 0, reg_resp_base->key_handle, key_handle_length, NULL, 0);
cx_hash_no_throw(&hash.header,
CX_LAST,
reg_resp_base->user_key,
sizeof(reg_resp_base->user_key),
data_hash,
CX_SHA256_SIZE);
crypto_hash(&hash.header, 0, DUMMY_ZERO, 1, NULL, 0);
crypto_hash(&hash.header,
0,
globals_get_u2f_data()->application_param,
sizeof(globals_get_u2f_data()->application_param),
NULL,
0);
crypto_hash(&hash.header,
0,
globals_get_u2f_data()->challenge_param,
sizeof(globals_get_u2f_data()->challenge_param),
NULL,
0);
crypto_hash(&hash.header, 0, reg_resp_base->key_handle, key_handle_length, NULL, 0);
crypto_hash(&hash.header,
CX_LAST,
reg_resp_base->user_key,
sizeof(reg_resp_base->user_key),
data_hash,
CX_SHA256_SIZE);
}

static int u2f_prepare_enroll_response(void) {
Expand Down Expand Up @@ -322,25 +322,20 @@ static void u2f_compute_sign_response_hash(u2f_auth_resp_base_t *auth_resp_base,
cx_sha256_t hash;

cx_sha256_init(&hash);
cx_hash_no_throw(&hash.header,
0,
globals_get_u2f_data()->application_param,
sizeof(globals_get_u2f_data()->application_param),
NULL,
0);
cx_hash_no_throw(&hash.header, 0, DUMMY_USER_PRESENCE, 1, NULL, 0);
cx_hash_no_throw(&hash.header,
0,
auth_resp_base->counter,
sizeof(auth_resp_base->counter),
NULL,
0);
cx_hash_no_throw(&hash.header,
CX_LAST,
globals_get_u2f_data()->challenge_param,
sizeof(globals_get_u2f_data()->challenge_param),
data_hash,
CX_SHA256_SIZE);
crypto_hash(&hash.header,
0,
globals_get_u2f_data()->application_param,
sizeof(globals_get_u2f_data()->application_param),
NULL,
0);
crypto_hash(&hash.header, 0, DUMMY_USER_PRESENCE, 1, NULL, 0);
crypto_hash(&hash.header, 0, auth_resp_base->counter, sizeof(auth_resp_base->counter), NULL, 0);
crypto_hash(&hash.header,
CX_LAST,
globals_get_u2f_data()->challenge_param,
sizeof(globals_get_u2f_data()->challenge_param),
data_hash,
CX_SHA256_SIZE);
}

static int u2f_prepare_sign_response(void) {
Expand Down

0 comments on commit 82281d7

Please sign in to comment.