CINXE.COM

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>device/fido/pin_internal.cc - chromium/src - Git at Google</title><link rel="stylesheet" type="text/css" href="/+static/base.css"><link rel="stylesheet" type="text/css" href="/+static/prettify/prettify.css"></head><body class="Site"><header class="Site-header"><div class="Header"><a class="Header-image" href="/"><img src="//www.gstatic.com/images/branding/lockups/2x/lockup_git_color_108x24dp.png" width="108" height="24" alt="Google Git"></a><div class="Header-menu"> <a class="Header-menuItem" href="https://accounts.google.com/AccountChooser?faa=1&service=gerritcodereview&continue=https://chromium.googlesource.com/login/chromium/src/%2B/refs/tags/130.0.6723.141/device/fido/pin_internal.cc">Sign in</a> </div></div></header><div class="Site-content"><div class="Container "><div class="Breadcrumbs"><a class="Breadcrumbs-crumb" href="/?format=HTML">chromium</a> / <a class="Breadcrumbs-crumb" href="/chromium/">chromium</a> / <a class="Breadcrumbs-crumb" href="/chromium/src/">src</a> / <a class="Breadcrumbs-crumb" href="/chromium/src/+/refs/tags/130.0.6723.141">refs/tags/130.0.6723.141</a> / <a class="Breadcrumbs-crumb" href="/chromium/src/+/refs/tags/130.0.6723.141/">.</a> / <a class="Breadcrumbs-crumb" href="/chromium/src/+/refs/tags/130.0.6723.141/device">device</a> / <a class="Breadcrumbs-crumb" href="/chromium/src/+/refs/tags/130.0.6723.141/device/fido">fido</a> / pin_internal.cc</div><div class="u-sha1 u-monospace BlobSha1">blob: ba6aff600d7c89e33befc012a9ad4884da5f9652 [<a href="/chromium/src/+/refs/tags/130.0.6723.141/device/fido/pin_internal.cc">file</a>] [<a href="/chromium/src/+log/refs/tags/130.0.6723.141/device/fido/pin_internal.cc">log</a>] [<a href="/chromium/src/+blame/refs/tags/130.0.6723.141/device/fido/pin_internal.cc">blame</a>]</div><table class="FileContents"><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="1"></td><td class="FileContents-lineContents" id="1">// Copyright 2019 The Chromium Authors</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="2"></td><td class="FileContents-lineContents" id="2">// Use of this source code is governed by a BSD-style license that can be</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="3"></td><td class="FileContents-lineContents" id="3">// found in the LICENSE file.</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="4"></td><td class="FileContents-lineContents" id="4"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="5"></td><td class="FileContents-lineContents" id="5">#ifdef UNSAFE_BUFFERS_BUILD</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="6"></td><td class="FileContents-lineContents" id="6">// TODO(crbug.com/351564777): Remove this and convert code to safer constructs.</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="7"></td><td class="FileContents-lineContents" id="7">#pragma allow_unsafe_buffers</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="8"></td><td class="FileContents-lineContents" id="8">#endif</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="9"></td><td class="FileContents-lineContents" id="9"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="10"></td><td class="FileContents-lineContents" id="10">#include "device/fido/pin_internal.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="11"></td><td class="FileContents-lineContents" id="11"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="12"></td><td class="FileContents-lineContents" id="12">#include <string></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="13"></td><td class="FileContents-lineContents" id="13">#include <utility></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="14"></td><td class="FileContents-lineContents" id="14"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="15"></td><td class="FileContents-lineContents" id="15">#include "base/i18n/char_iterator.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="16"></td><td class="FileContents-lineContents" id="16">#include "base/no_destructor.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="17"></td><td class="FileContents-lineContents" id="17">#include "base/strings/string_util.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="18"></td><td class="FileContents-lineContents" id="18">#include "crypto/random.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="19"></td><td class="FileContents-lineContents" id="19">#include "third_party/boringssl/src/include/openssl/aes.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="20"></td><td class="FileContents-lineContents" id="20">#include "third_party/boringssl/src/include/openssl/bn.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="21"></td><td class="FileContents-lineContents" id="21">#include "third_party/boringssl/src/include/openssl/ec.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="22"></td><td class="FileContents-lineContents" id="22">#include "third_party/boringssl/src/include/openssl/ec_key.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="23"></td><td class="FileContents-lineContents" id="23">#include "third_party/boringssl/src/include/openssl/ecdh.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="24"></td><td class="FileContents-lineContents" id="24">#include "third_party/boringssl/src/include/openssl/evp.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="25"></td><td class="FileContents-lineContents" id="25">#include "third_party/boringssl/src/include/openssl/hkdf.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="26"></td><td class="FileContents-lineContents" id="26">#include "third_party/boringssl/src/include/openssl/hmac.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="27"></td><td class="FileContents-lineContents" id="27">#include "third_party/boringssl/src/include/openssl/mem.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="28"></td><td class="FileContents-lineContents" id="28">#include "third_party/boringssl/src/include/openssl/sha.h"</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="29"></td><td class="FileContents-lineContents" id="29"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="30"></td><td class="FileContents-lineContents" id="30">namespace device {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="31"></td><td class="FileContents-lineContents" id="31">namespace pin {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="32"></td><td class="FileContents-lineContents" id="32"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="33"></td><td class="FileContents-lineContents" id="33">std::optional<bssl::UniquePtr<EC_POINT>> PointFromKeyAgreementResponse(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="34"></td><td class="FileContents-lineContents" id="34"> const EC_GROUP* group,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="35"></td><td class="FileContents-lineContents" id="35"> const KeyAgreementResponse& response) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="36"></td><td class="FileContents-lineContents" id="36"> bssl::UniquePtr<EC_POINT> ret(EC_POINT_new(group));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="37"></td><td class="FileContents-lineContents" id="37"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="38"></td><td class="FileContents-lineContents" id="38"> bssl::UniquePtr<BIGNUM> x_bn(BN_new()), y_bn(BN_new());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="39"></td><td class="FileContents-lineContents" id="39"> BN_bin2bn(response.x, sizeof(response.x), x_bn.get());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="40"></td><td class="FileContents-lineContents" id="40"> BN_bin2bn(response.y, sizeof(response.y), y_bn.get());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="41"></td><td class="FileContents-lineContents" id="41"> const bool on_curve =</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="42"></td><td class="FileContents-lineContents" id="42"> EC_POINT_set_affine_coordinates_GFp(group, ret.get(), x_bn.get(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="43"></td><td class="FileContents-lineContents" id="43"> y_bn.get(), nullptr /* ctx */) == 1;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="44"></td><td class="FileContents-lineContents" id="44"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="45"></td><td class="FileContents-lineContents" id="45"> if (!on_curve) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="46"></td><td class="FileContents-lineContents" id="46"> return std::nullopt;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="47"></td><td class="FileContents-lineContents" id="47"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="48"></td><td class="FileContents-lineContents" id="48"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="49"></td><td class="FileContents-lineContents" id="49"> return ret;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="50"></td><td class="FileContents-lineContents" id="50">}</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="51"></td><td class="FileContents-lineContents" id="51"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="52"></td><td class="FileContents-lineContents" id="52">// ProtocolV1 implements CTAP2.1 PIN/UV Auth Protocol One (6.5.10).</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="53"></td><td class="FileContents-lineContents" id="53">class ProtocolV1 : public Protocol {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="54"></td><td class="FileContents-lineContents" id="54"> private:</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="55"></td><td class="FileContents-lineContents" id="55"> static constexpr size_t kSharedKeySize = 32u;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="56"></td><td class="FileContents-lineContents" id="56"> static constexpr size_t kSignatureSize = 16u;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="57"></td><td class="FileContents-lineContents" id="57"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="58"></td><td class="FileContents-lineContents" id="58"> std::array<uint8_t, kP256X962Length> Encapsulate(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="59"></td><td class="FileContents-lineContents" id="59"> const KeyAgreementResponse& peers_key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="60"></td><td class="FileContents-lineContents" id="60"> std::vector<uint8_t>* out_shared_key) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="61"></td><td class="FileContents-lineContents" id="61"> bssl::UniquePtr<EC_KEY> key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="62"></td><td class="FileContents-lineContents" id="62"> CHECK(EC_KEY_generate_key(key.get()));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="63"></td><td class="FileContents-lineContents" id="63"> std::optional<bssl::UniquePtr<EC_POINT>> peers_point =</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="64"></td><td class="FileContents-lineContents" id="64"> PointFromKeyAgreementResponse(EC_KEY_get0_group(key.get()), peers_key);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="65"></td><td class="FileContents-lineContents" id="65"> *out_shared_key = CalculateSharedKey(key.get(), peers_point->get());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="66"></td><td class="FileContents-lineContents" id="66"> // KeyAgreementResponse parsing ensures that the point is on the curve.</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="67"></td><td class="FileContents-lineContents" id="67"> DCHECK(peers_point);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="68"></td><td class="FileContents-lineContents" id="68"> std::array<uint8_t, kP256X962Length> x962;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="69"></td><td class="FileContents-lineContents" id="69"> CHECK_EQ(x962.size(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="70"></td><td class="FileContents-lineContents" id="70"> EC_POINT_point2oct(EC_KEY_get0_group(key.get()),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="71"></td><td class="FileContents-lineContents" id="71"> EC_KEY_get0_public_key(key.get()),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="72"></td><td class="FileContents-lineContents" id="72"> POINT_CONVERSION_UNCOMPRESSED, x962.data(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="73"></td><td class="FileContents-lineContents" id="73"> x962.size(), nullptr /* BN_CTX */));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="74"></td><td class="FileContents-lineContents" id="74"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="75"></td><td class="FileContents-lineContents" id="75"> return x962;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="76"></td><td class="FileContents-lineContents" id="76"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="77"></td><td class="FileContents-lineContents" id="77"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="78"></td><td class="FileContents-lineContents" id="78"> std::vector<uint8_t> Encrypt(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="79"></td><td class="FileContents-lineContents" id="79"> base::span<const uint8_t> shared_key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="80"></td><td class="FileContents-lineContents" id="80"> base::span<const uint8_t> plaintext) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="81"></td><td class="FileContents-lineContents" id="81"> DCHECK_EQ(plaintext.size() % AES_BLOCK_SIZE, 0u);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="82"></td><td class="FileContents-lineContents" id="82"> DCHECK_EQ(shared_key.size(), kSharedKeySize);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="83"></td><td class="FileContents-lineContents" id="83"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="84"></td><td class="FileContents-lineContents" id="84"> std::vector<uint8_t> ciphertext(plaintext.size());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="85"></td><td class="FileContents-lineContents" id="85"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="86"></td><td class="FileContents-lineContents" id="86"> EVP_CIPHER_CTX aes_ctx;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="87"></td><td class="FileContents-lineContents" id="87"> EVP_CIPHER_CTX_init(&aes_ctx);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="88"></td><td class="FileContents-lineContents" id="88"> const uint8_t kZeroIV[AES_BLOCK_SIZE] = {};</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="89"></td><td class="FileContents-lineContents" id="89"> CHECK(EVP_EncryptInit_ex(&aes_ctx, EVP_aes_256_cbc(), nullptr,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="90"></td><td class="FileContents-lineContents" id="90"> shared_key.data(), kZeroIV));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="91"></td><td class="FileContents-lineContents" id="91"> CHECK(EVP_CIPHER_CTX_set_padding(&aes_ctx, 0 /* no padding */));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="92"></td><td class="FileContents-lineContents" id="92"> CHECK(EVP_Cipher(&aes_ctx, ciphertext.data(), plaintext.data(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="93"></td><td class="FileContents-lineContents" id="93"> plaintext.size()));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="94"></td><td class="FileContents-lineContents" id="94"> EVP_CIPHER_CTX_cleanup(&aes_ctx);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="95"></td><td class="FileContents-lineContents" id="95"> return ciphertext;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="96"></td><td class="FileContents-lineContents" id="96"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="97"></td><td class="FileContents-lineContents" id="97"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="98"></td><td class="FileContents-lineContents" id="98"> std::vector<uint8_t> Decrypt(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="99"></td><td class="FileContents-lineContents" id="99"> base::span<const uint8_t> shared_key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="100"></td><td class="FileContents-lineContents" id="100"> base::span<const uint8_t> ciphertext) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="101"></td><td class="FileContents-lineContents" id="101"> DCHECK_EQ(ciphertext.size() % AES_BLOCK_SIZE, 0u);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="102"></td><td class="FileContents-lineContents" id="102"> DCHECK_EQ(shared_key.size(), kSharedKeySize);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="103"></td><td class="FileContents-lineContents" id="103"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="104"></td><td class="FileContents-lineContents" id="104"> std::vector<uint8_t> plaintext(ciphertext.size());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="105"></td><td class="FileContents-lineContents" id="105"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="106"></td><td class="FileContents-lineContents" id="106"> EVP_CIPHER_CTX aes_ctx;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="107"></td><td class="FileContents-lineContents" id="107"> EVP_CIPHER_CTX_init(&aes_ctx);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="108"></td><td class="FileContents-lineContents" id="108"> const uint8_t kZeroIV[AES_BLOCK_SIZE] = {};</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="109"></td><td class="FileContents-lineContents" id="109"> CHECK(EVP_DecryptInit_ex(&aes_ctx, EVP_aes_256_cbc(), nullptr,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="110"></td><td class="FileContents-lineContents" id="110"> shared_key.data(), kZeroIV));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="111"></td><td class="FileContents-lineContents" id="111"> CHECK(EVP_CIPHER_CTX_set_padding(&aes_ctx, 0 /* no padding */));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="112"></td><td class="FileContents-lineContents" id="112"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="113"></td><td class="FileContents-lineContents" id="113"> CHECK(EVP_Cipher(&aes_ctx, plaintext.data(), ciphertext.data(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="114"></td><td class="FileContents-lineContents" id="114"> ciphertext.size()));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="115"></td><td class="FileContents-lineContents" id="115"> EVP_CIPHER_CTX_cleanup(&aes_ctx);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="116"></td><td class="FileContents-lineContents" id="116"> return plaintext;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="117"></td><td class="FileContents-lineContents" id="117"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="118"></td><td class="FileContents-lineContents" id="118"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="119"></td><td class="FileContents-lineContents" id="119"> std::vector<uint8_t> Authenticate(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="120"></td><td class="FileContents-lineContents" id="120"> base::span<const uint8_t> key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="121"></td><td class="FileContents-lineContents" id="121"> base::span<const uint8_t> data) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="122"></td><td class="FileContents-lineContents" id="122"> // Authenticate can be invoked with the shared secret or with a PIN/UV Auth</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="123"></td><td class="FileContents-lineContents" id="123"> // Token. In CTAP2.1, V1 tokens are fixed at 16 or 32 bytes. But in CTAP2.0</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="124"></td><td class="FileContents-lineContents" id="124"> // they may be any multiple of 16 bytes. We don't know the CTAP version, so</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="125"></td><td class="FileContents-lineContents" id="125"> // only enforce the latter.</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="126"></td><td class="FileContents-lineContents" id="126"> static_assert(kSharedKeySize == 32u, "");</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="127"></td><td class="FileContents-lineContents" id="127"> DCHECK_EQ(key.size() % AES_BLOCK_SIZE, 0u);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="128"></td><td class="FileContents-lineContents" id="128"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="129"></td><td class="FileContents-lineContents" id="129"> std::vector<uint8_t> pin_auth(SHA256_DIGEST_LENGTH);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="130"></td><td class="FileContents-lineContents" id="130"> unsigned hmac_bytes;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="131"></td><td class="FileContents-lineContents" id="131"> CHECK(HMAC(EVP_sha256(), key.data(), key.size(), data.data(), data.size(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="132"></td><td class="FileContents-lineContents" id="132"> pin_auth.data(), &hmac_bytes));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="133"></td><td class="FileContents-lineContents" id="133"> DCHECK_EQ(pin_auth.size(), static_cast<size_t>(hmac_bytes));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="134"></td><td class="FileContents-lineContents" id="134"> pin_auth.resize(kSignatureSize);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="135"></td><td class="FileContents-lineContents" id="135"> return pin_auth;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="136"></td><td class="FileContents-lineContents" id="136"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="137"></td><td class="FileContents-lineContents" id="137"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="138"></td><td class="FileContents-lineContents" id="138"> bool Verify(base::span<const uint8_t> key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="139"></td><td class="FileContents-lineContents" id="139"> base::span<const uint8_t> data,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="140"></td><td class="FileContents-lineContents" id="140"> base::span<const uint8_t> signature) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="141"></td><td class="FileContents-lineContents" id="141"> if (signature.size() != kSignatureSize) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="142"></td><td class="FileContents-lineContents" id="142"> return false;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="143"></td><td class="FileContents-lineContents" id="143"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="144"></td><td class="FileContents-lineContents" id="144"> const std::vector<uint8_t> computed_signature = Authenticate(key, data);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="145"></td><td class="FileContents-lineContents" id="145"> CHECK_EQ(computed_signature.size(), kSignatureSize);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="146"></td><td class="FileContents-lineContents" id="146"> return CRYPTO_memcmp(signature.data(), computed_signature.data(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="147"></td><td class="FileContents-lineContents" id="147"> kSignatureSize) == 0;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="148"></td><td class="FileContents-lineContents" id="148"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="149"></td><td class="FileContents-lineContents" id="149"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="150"></td><td class="FileContents-lineContents" id="150"> std::vector<uint8_t> CalculateSharedKey(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="151"></td><td class="FileContents-lineContents" id="151"> const EC_KEY* key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="152"></td><td class="FileContents-lineContents" id="152"> const EC_POINT* peers_key) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="153"></td><td class="FileContents-lineContents" id="153"> std::vector<uint8_t> shared_key(SHA256_DIGEST_LENGTH);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="154"></td><td class="FileContents-lineContents" id="154"> CHECK_EQ(static_cast<int>(SHA256_DIGEST_LENGTH),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="155"></td><td class="FileContents-lineContents" id="155"> ECDH_compute_key(shared_key.data(), shared_key.size(), peers_key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="156"></td><td class="FileContents-lineContents" id="156"> key, SHA256KDF));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="157"></td><td class="FileContents-lineContents" id="157"> return shared_key;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="158"></td><td class="FileContents-lineContents" id="158"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="159"></td><td class="FileContents-lineContents" id="159"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="160"></td><td class="FileContents-lineContents" id="160"> static void* SHA256KDF(const void* in,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="161"></td><td class="FileContents-lineContents" id="161"> size_t in_len,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="162"></td><td class="FileContents-lineContents" id="162"> void* out,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="163"></td><td class="FileContents-lineContents" id="163"> size_t* out_len) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="164"></td><td class="FileContents-lineContents" id="164"> DCHECK_GE(*out_len, static_cast<size_t>(SHA256_DIGEST_LENGTH));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="165"></td><td class="FileContents-lineContents" id="165"> SHA256(reinterpret_cast<const uint8_t*>(in), in_len,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="166"></td><td class="FileContents-lineContents" id="166"> reinterpret_cast<uint8_t*>(out));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="167"></td><td class="FileContents-lineContents" id="167"> *out_len = SHA256_DIGEST_LENGTH;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="168"></td><td class="FileContents-lineContents" id="168"> return out;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="169"></td><td class="FileContents-lineContents" id="169"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="170"></td><td class="FileContents-lineContents" id="170">};</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="171"></td><td class="FileContents-lineContents" id="171"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="172"></td><td class="FileContents-lineContents" id="172">// ProtocolV2 implements CTAP2.1 PIN/UV Auth Protocol Two (6.5.11).</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="173"></td><td class="FileContents-lineContents" id="173">class ProtocolV2 : public ProtocolV1 {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="174"></td><td class="FileContents-lineContents" id="174"> private:</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="175"></td><td class="FileContents-lineContents" id="175"> static constexpr size_t kAESKeyLength = 32;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="176"></td><td class="FileContents-lineContents" id="176"> static constexpr size_t kHMACKeyLength = 32;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="177"></td><td class="FileContents-lineContents" id="177"> static constexpr size_t kSharedKeyLength = kAESKeyLength + kHMACKeyLength;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="178"></td><td class="FileContents-lineContents" id="178"> static constexpr size_t kPINUVAuthTokenLength = 32;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="179"></td><td class="FileContents-lineContents" id="179"> static constexpr size_t kSignatureSize = SHA256_DIGEST_LENGTH;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="180"></td><td class="FileContents-lineContents" id="180"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="181"></td><td class="FileContents-lineContents" id="181"> // GetHMACSubKey returns the HMAC-key portion of the shared secret.</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="182"></td><td class="FileContents-lineContents" id="182"> static base::span<const uint8_t, kHMACKeyLength> GetHMACSubKey(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="183"></td><td class="FileContents-lineContents" id="183"> base::span<const uint8_t, kSharedKeyLength> shared_key) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="184"></td><td class="FileContents-lineContents" id="184"> return shared_key.first<kHMACKeyLength>();</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="185"></td><td class="FileContents-lineContents" id="185"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="186"></td><td class="FileContents-lineContents" id="186"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="187"></td><td class="FileContents-lineContents" id="187"> // GetAESSubKey returns the HMAC-key portion of the shared secret.</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="188"></td><td class="FileContents-lineContents" id="188"> static base::span<const uint8_t, kAESKeyLength> GetAESSubKey(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="189"></td><td class="FileContents-lineContents" id="189"> base::span<const uint8_t, kSharedKeyLength> shared_key) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="190"></td><td class="FileContents-lineContents" id="190"> return shared_key.last<kAESKeyLength>();</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="191"></td><td class="FileContents-lineContents" id="191"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="192"></td><td class="FileContents-lineContents" id="192"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="193"></td><td class="FileContents-lineContents" id="193"> std::vector<uint8_t> Encrypt(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="194"></td><td class="FileContents-lineContents" id="194"> base::span<const uint8_t> shared_key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="195"></td><td class="FileContents-lineContents" id="195"> base::span<const uint8_t> plaintext) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="196"></td><td class="FileContents-lineContents" id="196"> DCHECK_EQ(plaintext.size() % AES_BLOCK_SIZE, 0u);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="197"></td><td class="FileContents-lineContents" id="197"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="198"></td><td class="FileContents-lineContents" id="198"> const base::span<const uint8_t, kAESKeyLength> aes_key =</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="199"></td><td class="FileContents-lineContents" id="199"> GetAESSubKey(*shared_key.to_fixed_extent<kSharedKeyLength>());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="200"></td><td class="FileContents-lineContents" id="200"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="201"></td><td class="FileContents-lineContents" id="201"> std::vector<uint8_t> result(AES_BLOCK_SIZE + plaintext.size());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="202"></td><td class="FileContents-lineContents" id="202"> const base::span<uint8_t> iv =</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="203"></td><td class="FileContents-lineContents" id="203"> base::make_span(result).first<AES_BLOCK_SIZE>();</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="204"></td><td class="FileContents-lineContents" id="204"> const base::span<uint8_t> ciphertext =</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="205"></td><td class="FileContents-lineContents" id="205"> base::make_span(result).subspan<AES_BLOCK_SIZE>();</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="206"></td><td class="FileContents-lineContents" id="206"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="207"></td><td class="FileContents-lineContents" id="207"> crypto::RandBytes(iv);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="208"></td><td class="FileContents-lineContents" id="208"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="209"></td><td class="FileContents-lineContents" id="209"> EVP_CIPHER_CTX aes_ctx;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="210"></td><td class="FileContents-lineContents" id="210"> EVP_CIPHER_CTX_init(&aes_ctx);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="211"></td><td class="FileContents-lineContents" id="211"> CHECK(EVP_EncryptInit_ex(&aes_ctx, EVP_aes_256_cbc(), nullptr,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="212"></td><td class="FileContents-lineContents" id="212"> aes_key.data(), iv.data()));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="213"></td><td class="FileContents-lineContents" id="213"> CHECK(EVP_CIPHER_CTX_set_padding(&aes_ctx, 0 /* no padding */));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="214"></td><td class="FileContents-lineContents" id="214"> CHECK(EVP_Cipher(&aes_ctx, ciphertext.data(), plaintext.data(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="215"></td><td class="FileContents-lineContents" id="215"> plaintext.size()));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="216"></td><td class="FileContents-lineContents" id="216"> EVP_CIPHER_CTX_cleanup(&aes_ctx);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="217"></td><td class="FileContents-lineContents" id="217"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="218"></td><td class="FileContents-lineContents" id="218"> return result;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="219"></td><td class="FileContents-lineContents" id="219"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="220"></td><td class="FileContents-lineContents" id="220"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="221"></td><td class="FileContents-lineContents" id="221"> std::vector<uint8_t> Decrypt(base::span<const uint8_t> shared_key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="222"></td><td class="FileContents-lineContents" id="222"> base::span<const uint8_t> input) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="223"></td><td class="FileContents-lineContents" id="223"> DCHECK_EQ(input.size() % AES_BLOCK_SIZE, 0u);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="224"></td><td class="FileContents-lineContents" id="224"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="225"></td><td class="FileContents-lineContents" id="225"> const base::span<const uint8_t, kAESKeyLength> aes_key =</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="226"></td><td class="FileContents-lineContents" id="226"> GetAESSubKey(*shared_key.to_fixed_extent<kSharedKeyLength>());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="227"></td><td class="FileContents-lineContents" id="227"> const base::span<const uint8_t> iv = input.first<AES_BLOCK_SIZE>();</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="228"></td><td class="FileContents-lineContents" id="228"> const base::span<const uint8_t> ciphertext =</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="229"></td><td class="FileContents-lineContents" id="229"> input.subspan<AES_BLOCK_SIZE>();</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="230"></td><td class="FileContents-lineContents" id="230"> std::vector<uint8_t> plaintext(ciphertext.size());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="231"></td><td class="FileContents-lineContents" id="231"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="232"></td><td class="FileContents-lineContents" id="232"> EVP_CIPHER_CTX aes_ctx;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="233"></td><td class="FileContents-lineContents" id="233"> EVP_CIPHER_CTX_init(&aes_ctx);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="234"></td><td class="FileContents-lineContents" id="234"> CHECK(EVP_DecryptInit_ex(&aes_ctx, EVP_aes_256_cbc(), nullptr,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="235"></td><td class="FileContents-lineContents" id="235"> aes_key.data(), iv.data()));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="236"></td><td class="FileContents-lineContents" id="236"> CHECK(EVP_CIPHER_CTX_set_padding(&aes_ctx, 0 /* no padding */));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="237"></td><td class="FileContents-lineContents" id="237"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="238"></td><td class="FileContents-lineContents" id="238"> CHECK(EVP_Cipher(&aes_ctx, plaintext.data(), ciphertext.data(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="239"></td><td class="FileContents-lineContents" id="239"> ciphertext.size()));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="240"></td><td class="FileContents-lineContents" id="240"> EVP_CIPHER_CTX_cleanup(&aes_ctx);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="241"></td><td class="FileContents-lineContents" id="241"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="242"></td><td class="FileContents-lineContents" id="242"> return plaintext;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="243"></td><td class="FileContents-lineContents" id="243"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="244"></td><td class="FileContents-lineContents" id="244"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="245"></td><td class="FileContents-lineContents" id="245"> std::vector<uint8_t> Authenticate(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="246"></td><td class="FileContents-lineContents" id="246"> base::span<const uint8_t> key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="247"></td><td class="FileContents-lineContents" id="247"> base::span<const uint8_t> data) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="248"></td><td class="FileContents-lineContents" id="248"> // Authenticate can be invoked with the shared secret or with a PIN/UV Auth</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="249"></td><td class="FileContents-lineContents" id="249"> // Token, which is fixed at 32 bytes in V2.</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="250"></td><td class="FileContents-lineContents" id="250"> DCHECK(key.size() == kSharedKeyLength ||</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="251"></td><td class="FileContents-lineContents" id="251"> key.size() == kPINUVAuthTokenLength);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="252"></td><td class="FileContents-lineContents" id="252"> const base::span<const uint8_t, kHMACKeyLength> hmac_key =</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="253"></td><td class="FileContents-lineContents" id="253"> (key.size() == kSharedKeyLength</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="254"></td><td class="FileContents-lineContents" id="254"> ? GetHMACSubKey(*key.to_fixed_extent<kSharedKeyLength>())</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="255"></td><td class="FileContents-lineContents" id="255"> : *key.to_fixed_extent<kPINUVAuthTokenLength>());</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="256"></td><td class="FileContents-lineContents" id="256"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="257"></td><td class="FileContents-lineContents" id="257"> std::vector<uint8_t> pin_auth(SHA256_DIGEST_LENGTH);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="258"></td><td class="FileContents-lineContents" id="258"> unsigned hmac_bytes;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="259"></td><td class="FileContents-lineContents" id="259"> CHECK(HMAC(EVP_sha256(), hmac_key.data(), hmac_key.size(), data.data(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="260"></td><td class="FileContents-lineContents" id="260"> data.size(), pin_auth.data(), &hmac_bytes));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="261"></td><td class="FileContents-lineContents" id="261"> DCHECK_EQ(pin_auth.size(), static_cast<size_t>(hmac_bytes));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="262"></td><td class="FileContents-lineContents" id="262"> return pin_auth;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="263"></td><td class="FileContents-lineContents" id="263"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="264"></td><td class="FileContents-lineContents" id="264"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="265"></td><td class="FileContents-lineContents" id="265"> bool Verify(base::span<const uint8_t> key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="266"></td><td class="FileContents-lineContents" id="266"> base::span<const uint8_t> data,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="267"></td><td class="FileContents-lineContents" id="267"> base::span<const uint8_t> signature) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="268"></td><td class="FileContents-lineContents" id="268"> if (signature.size() != kSignatureSize) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="269"></td><td class="FileContents-lineContents" id="269"> return false;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="270"></td><td class="FileContents-lineContents" id="270"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="271"></td><td class="FileContents-lineContents" id="271"> const std::vector<uint8_t> computed_signature = Authenticate(key, data);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="272"></td><td class="FileContents-lineContents" id="272"> CHECK_EQ(computed_signature.size(), kSignatureSize);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="273"></td><td class="FileContents-lineContents" id="273"> return CRYPTO_memcmp(signature.data(), computed_signature.data(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="274"></td><td class="FileContents-lineContents" id="274"> kSignatureSize) == 0;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="275"></td><td class="FileContents-lineContents" id="275"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="276"></td><td class="FileContents-lineContents" id="276"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="277"></td><td class="FileContents-lineContents" id="277"> std::vector<uint8_t> CalculateSharedKey(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="278"></td><td class="FileContents-lineContents" id="278"> const EC_KEY* key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="279"></td><td class="FileContents-lineContents" id="279"> const EC_POINT* peers_key) const override {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="280"></td><td class="FileContents-lineContents" id="280"> std::vector<uint8_t> shared_key(kSharedKeyLength);</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="281"></td><td class="FileContents-lineContents" id="281"> CHECK_EQ(static_cast<int>(kSharedKeyLength),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="282"></td><td class="FileContents-lineContents" id="282"> ECDH_compute_key(shared_key.data(), shared_key.size(), peers_key,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="283"></td><td class="FileContents-lineContents" id="283"> key, KDF));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="284"></td><td class="FileContents-lineContents" id="284"> return shared_key;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="285"></td><td class="FileContents-lineContents" id="285"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="286"></td><td class="FileContents-lineContents" id="286"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="287"></td><td class="FileContents-lineContents" id="287"> static void* KDF(const void* in, size_t in_len, void* out, size_t* out_len) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="288"></td><td class="FileContents-lineContents" id="288"> static_assert(kSharedKeyLength == 2 * SHA256_DIGEST_LENGTH, "");</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="289"></td><td class="FileContents-lineContents" id="289"> DCHECK_GE(*out_len, static_cast<size_t>(kSharedKeyLength));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="290"></td><td class="FileContents-lineContents" id="290"> auto hmac_key_out = base::make_span(</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="291"></td><td class="FileContents-lineContents" id="291"> static_cast<uint8_t*>(out), static_cast<size_t>(SHA256_DIGEST_LENGTH));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="292"></td><td class="FileContents-lineContents" id="292"> auto aes_key_out =</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="293"></td><td class="FileContents-lineContents" id="293"> base::make_span(static_cast<uint8_t*>(out) + SHA256_DIGEST_LENGTH,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="294"></td><td class="FileContents-lineContents" id="294"> static_cast<size_t>(SHA256_DIGEST_LENGTH));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="295"></td><td class="FileContents-lineContents" id="295"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="296"></td><td class="FileContents-lineContents" id="296"> constexpr uint8_t kHMACKeyInfo[] = "CTAP2 HMAC key";</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="297"></td><td class="FileContents-lineContents" id="297"> constexpr uint8_t kAESKeyInfo[] = "CTAP2 AES key";</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="298"></td><td class="FileContents-lineContents" id="298"> constexpr uint8_t kZeroSalt[32] = {};</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="299"></td><td class="FileContents-lineContents" id="299"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="300"></td><td class="FileContents-lineContents" id="300"> CHECK(HKDF(hmac_key_out.data(), hmac_key_out.size(), EVP_sha256(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="301"></td><td class="FileContents-lineContents" id="301"> reinterpret_cast<const uint8_t*>(in), in_len, kZeroSalt,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="302"></td><td class="FileContents-lineContents" id="302"> sizeof(kZeroSalt), kHMACKeyInfo, sizeof(kHMACKeyInfo) - 1));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="303"></td><td class="FileContents-lineContents" id="303"> CHECK(HKDF(aes_key_out.data(), aes_key_out.size(), EVP_sha256(),</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="304"></td><td class="FileContents-lineContents" id="304"> reinterpret_cast<const uint8_t*>(in), in_len, kZeroSalt,</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="305"></td><td class="FileContents-lineContents" id="305"> sizeof(kZeroSalt), kAESKeyInfo, sizeof(kAESKeyInfo) - 1));</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="306"></td><td class="FileContents-lineContents" id="306"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="307"></td><td class="FileContents-lineContents" id="307"> *out_len = kSharedKeyLength;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="308"></td><td class="FileContents-lineContents" id="308"> return out;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="309"></td><td class="FileContents-lineContents" id="309"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="310"></td><td class="FileContents-lineContents" id="310">};</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="311"></td><td class="FileContents-lineContents" id="311"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="312"></td><td class="FileContents-lineContents" id="312">// static</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="313"></td><td class="FileContents-lineContents" id="313">const Protocol& ProtocolVersion(PINUVAuthProtocol protocol) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="314"></td><td class="FileContents-lineContents" id="314"> static const base::NoDestructor<ProtocolV1> kProtocolV1;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="315"></td><td class="FileContents-lineContents" id="315"> static const base::NoDestructor<ProtocolV2> kProtocolV2;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="316"></td><td class="FileContents-lineContents" id="316"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="317"></td><td class="FileContents-lineContents" id="317"> switch (protocol) {</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="318"></td><td class="FileContents-lineContents" id="318"> case PINUVAuthProtocol::kV1:</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="319"></td><td class="FileContents-lineContents" id="319"> return *kProtocolV1;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="320"></td><td class="FileContents-lineContents" id="320"> case PINUVAuthProtocol::kV2:</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="321"></td><td class="FileContents-lineContents" id="321"> return *kProtocolV2;</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="322"></td><td class="FileContents-lineContents" id="322"> }</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="323"></td><td class="FileContents-lineContents" id="323">}</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="324"></td><td class="FileContents-lineContents" id="324"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="325"></td><td class="FileContents-lineContents" id="325">} // namespace pin</td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="326"></td><td class="FileContents-lineContents" id="326"></td></tr><tr class="u-pre u-monospace FileContents-line"><td class="u-lineNum u-noSelect FileContents-lineNum" data-line-number="327"></td><td class="FileContents-lineContents" id="327">} // namespace device</td></tr></table><script nonce="5w345cOzWnUg1VOlVofKrA">for (let lineNumEl of document.querySelectorAll('td.u-lineNum')) {lineNumEl.onclick = () => {window.location.hash = `#${lineNumEl.getAttribute('data-line-number')}`;};}</script></div> </div> <footer class="Site-footer"><div class="Footer">Powered by <a href="https://gerrit.googlesource.com/gitiles/">Gitiles</a>| <a href="https://policies.google.com/privacy">Privacy</a>| <a href="https://policies.google.com/terms">Terms</a><a class="u-monospace Footer-formatsItem" href="?format=TEXT">txt</a> <a class="u-monospace Footer-formatsItem" href="?format=JSON">json</a></div></footer></body></html>