Skip to content

Commit 32db788

Browse files
de-nordicde-nordic
committed
bootutil: Fix X25519 HMAC-SHA512
The MAC tag of encryption key has been incorrectly using only 32 bytes of HKDF for HMAC-SHA512 keyword. Signed-off-by: Dominik Ermel <[email protected]>
1 parent 2bc36d0 commit 32db788

File tree

1 file changed

+5
-1
lines changed

1 file changed

+5
-1
lines changed

boot/bootutil/src/encrypted_psa.c

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,11 @@ static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_ISO_IDENTIFIED_ORG \
4343
#define HKDF_AES_KEY_SIZE (BOOT_ENC_KEY_SIZE)
4444
/* MAC feed */
4545
#define HKDF_MAC_FEED_INDEX (HKDF_AES_KEY_INDEX + HKDF_AES_KEY_SIZE)
46-
#define HKDF_MAC_FEED_SIZE (32) /* This is SHA independent */
46+
#if !defined(MCUBOOT_HMAC_SHA512)
47+
#define HKDF_MAC_FEED_SIZE (32)
48+
#else
49+
#define HKDF_MAC_FEED_SIZE (64)
50+
#endif
4751
/* Total size */
4852
#define HKDF_SIZE (HKDF_AES_KEY_SIZE + HKDF_MAC_FEED_SIZE)
4953

0 commit comments

Comments
 (0)