Skip to content

Commit

Permalink
Fix information leakage in key generator
Browse files Browse the repository at this point in the history 
When generating keys we are using the RNG available for the particular
platform in use. For some reason we always or'ed a bit in the last byte,
which means that we leak information. Leaking information like this is
considered as a security flaw and therefore we have removed the line
setting this bit.

Fix OP-TEE#178

Signed-off-by: Joakim Bech <joakim.bech@linaro.org>
Tested-by: Joakim Bech <joakim.bech@linaro.org> (QEMU)
Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
  • Loading branch information
@jbech-linaro
jbech-linaro authored and Pascal Brand committed Feb 12, 2015
1 parent c84d070 commit db5f4ae
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions core/tee/tee_svc_cryp.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1462,8 +1462,6 @@ TEE_Result tee_svc_obj_generate_key(
if (res != TEE_SUCCESS)
return res;

/* Force the last bit to have exactly a value on byte_size */
((char *)key)[sizeof(key->key_size) + byte_size - 1] |= 0x80;
key->key_size = byte_size;

/* Set bits for all known attributes for this object type */
Expand Down

0 comments on commit db5f4ae

Please sign in to comment.