mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-22 22:38:08 +00:00
fsm: input messages are no longer confidential
This commit is contained in:
parent
19c7c8bc3b
commit
11311da48a
@ -73,7 +73,7 @@ void fsm_msgSignMessage(const SignMessage *msg);
|
||||
void fsm_msgVerifyMessage(const VerifyMessage *msg);
|
||||
|
||||
// crypto
|
||||
void fsm_msgCipherKeyValue(CipherKeyValue *msg); // not const because we mutate msg->iv
|
||||
void fsm_msgCipherKeyValue(const CipherKeyValue *msg);
|
||||
void fsm_msgSignIdentity(const SignIdentity *msg);
|
||||
void fsm_msgGetECDHSessionKey(const GetECDHSessionKey *msg);
|
||||
void fsm_msgCosiCommit(const CosiCommit *msg);
|
||||
@ -92,7 +92,7 @@ void fsm_msgDebugLinkFlashErase(const DebugLinkFlashErase *msg);
|
||||
// ethereum
|
||||
void fsm_msgEthereumGetAddress(const EthereumGetAddress *msg);
|
||||
void fsm_msgEthereumGetPublicKey(const EthereumGetPublicKey *msg);
|
||||
void fsm_msgEthereumSignTx(EthereumSignTx *msg); // not const because we mutate transaction
|
||||
void fsm_msgEthereumSignTx(EthereumSignTx *msg); // not const because we mutate transaction during validation
|
||||
void fsm_msgEthereumTxAck(const EthereumTxAck *msg);
|
||||
void fsm_msgEthereumSignMessage(const EthereumSignMessage *msg);
|
||||
void fsm_msgEthereumVerifyMessage(const EthereumVerifyMessage *msg);
|
||||
@ -102,7 +102,7 @@ void fsm_msgLiskGetAddress(const LiskGetAddress *msg);
|
||||
void fsm_msgLiskGetPublicKey(const LiskGetPublicKey *msg);
|
||||
void fsm_msgLiskSignMessage(const LiskSignMessage *msg);
|
||||
void fsm_msgLiskVerifyMessage(const LiskVerifyMessage *msg);
|
||||
void fsm_msgLiskSignTx(LiskSignTx *msg); // // not const because we mutate transaction
|
||||
void fsm_msgLiskSignTx(LiskSignTx *msg); // not const because we mutate transaction during validation
|
||||
|
||||
// nem
|
||||
void fsm_msgNEMGetAddress(NEMGetAddress *msg); // not const because we mutate msg->network
|
||||
|
@ -17,7 +17,7 @@
|
||||
* along with this library. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
void fsm_msgCipherKeyValue(CipherKeyValue *msg)
|
||||
void fsm_msgCipherKeyValue(const CipherKeyValue *msg)
|
||||
{
|
||||
CHECK_INITIALIZED
|
||||
|
||||
@ -49,15 +49,20 @@ void fsm_msgCipherKeyValue(CipherKeyValue *msg)
|
||||
|
||||
hmac_sha512(node->private_key, 32, data, strlen((char *)data), data);
|
||||
|
||||
if (msg->iv.size == 16) {
|
||||
// override iv if provided
|
||||
memcpy(data + 32, msg->iv.bytes, 16);
|
||||
}
|
||||
|
||||
RESP_INIT(CipheredKeyValue);
|
||||
if (encrypt) {
|
||||
aes_encrypt_ctx ctx;
|
||||
aes_encrypt_key256(data, &ctx);
|
||||
aes_cbc_encrypt(msg->value.bytes, resp->value.bytes, msg->value.size, ((msg->iv.size == 16) ? (msg->iv.bytes) : (data + 32)), &ctx);
|
||||
aes_cbc_encrypt(msg->value.bytes, resp->value.bytes, msg->value.size, data + 32, &ctx);
|
||||
} else {
|
||||
aes_decrypt_ctx ctx;
|
||||
aes_decrypt_key256(data, &ctx);
|
||||
aes_cbc_decrypt(msg->value.bytes, resp->value.bytes, msg->value.size, ((msg->iv.size == 16) ? (msg->iv.bytes) : (data + 32)), &ctx);
|
||||
aes_cbc_decrypt(msg->value.bytes, resp->value.bytes, msg->value.size, data + 32, &ctx);
|
||||
}
|
||||
resp->has_value = true;
|
||||
resp->value.size = msg->value.size;
|
||||
|
@ -36,7 +36,7 @@ struct MessagesMap_t {
|
||||
char dir; // i = in, o = out
|
||||
uint16_t msg_id;
|
||||
const pb_field_t *fields;
|
||||
void (*process_func)(void *ptr);
|
||||
void (*process_func)(const void *ptr);
|
||||
};
|
||||
|
||||
static const struct MessagesMap_t MessagesMap[] = {
|
||||
@ -222,7 +222,7 @@ enum {
|
||||
|
||||
void msg_process(char type, uint16_t msg_id, const pb_field_t *fields, uint8_t *msg_raw, uint32_t msg_size)
|
||||
{
|
||||
static CONFIDENTIAL uint8_t msg_data[MSG_IN_SIZE];
|
||||
static uint8_t msg_data[MSG_IN_SIZE];
|
||||
memzero(msg_data, sizeof(msg_data));
|
||||
pb_istream_t stream = pb_istream_from_buffer(msg_raw, msg_size);
|
||||
bool status = pb_decode(&stream, fields, msg_data);
|
||||
@ -236,7 +236,7 @@ void msg_process(char type, uint16_t msg_id, const pb_field_t *fields, uint8_t *
|
||||
void msg_read_common(char type, const uint8_t *buf, uint32_t len)
|
||||
{
|
||||
static char read_state = READSTATE_IDLE;
|
||||
static CONFIDENTIAL uint8_t msg_in[MSG_IN_SIZE];
|
||||
static uint8_t msg_in[MSG_IN_SIZE];
|
||||
static uint16_t msg_id = 0xFFFF;
|
||||
static uint32_t msg_size = 0;
|
||||
static uint32_t msg_pos = 0;
|
||||
|
@ -48,7 +48,7 @@ def handle_message(fh, fl, skipped, message, extension):
|
||||
return
|
||||
|
||||
if direction == "i":
|
||||
process_func = "(void (*)(void *)) fsm_msg%s" % short_name
|
||||
process_func = "(void (*)(const void *))fsm_msg%s" % short_name
|
||||
else:
|
||||
process_func = "0"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user