From c77f1114a65208be5c28e667ca4addc01471c72a Mon Sep 17 00:00:00 2001 From: Andrew Kozlik Date: Mon, 7 Aug 2023 10:57:09 +0200 Subject: [PATCH] fixup! feat(core): Implement OPTIGA provisioning in prodtest. --- core/embed/prodtest/main.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/core/embed/prodtest/main.c b/core/embed/prodtest/main.c index 156909923..23992b0bc 100644 --- a/core/embed/prodtest/main.c +++ b/core/embed/prodtest/main.c @@ -975,7 +975,10 @@ static void keyfido_write(char *data) { // Decrypt the FIDO attestation key. uint8_t fido_key[32] = {0}; - uint8_t iv[16] = {0}; + + // The IV is intentionally all-zero, which is not a problem, because the + // encryption key is unique for each ciphertext. + uint8_t iv[AES_BLOCK_SIZE] = {0}; aes_ret = aes_cbc_decrypt(&data_bytes[CIPHERTEXT_OFFSET], fido_key, sizeof(fido_key), iv, &ctx); memzero(&ctx, sizeof(ctx));