trezor.crypto: put back vstr where it makes sense (= user controlled input)

7 years ago · 981ec87877
parent 26ac0b6e52
commit 981ec87877
3 changed files with 23 additions and 19 deletions
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h
@ -101,7 +101,8 @@ STATIC mp_obj_t mod_trezorcrypto_AES_update(mp_obj_t self, mp_obj_t data) {
    if (buf.len == 0) {
        return mp_const_empty_bytes;
    }
-    uint8_t out[buf.len];
+    vstr_t vstr;
+    vstr_init_len(&vstr, buf.len);
    mp_obj_AES_t *o = MP_OBJ_TO_PTR(self);
    switch (o->mode & AESModeMask) {
        case ECB:
@ -109,9 +110,9 @@ STATIC mp_obj_t mod_trezorcrypto_AES_update(mp_obj_t self, mp_obj_t data) {
                mp_raise_ValueError("Invalid data length");
            }
            if ((o->mode & AESDirMask) == Encrypt) {
-                aes_ecb_encrypt(buf.buf, out, buf.len, &(o->ctx.encrypt_ctx));
+                aes_ecb_encrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, &(o->ctx.encrypt_ctx));
            } else {
-                aes_ecb_decrypt(buf.buf, out, buf.len, &(o->ctx.decrypt_ctx));
+                aes_ecb_decrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, &(o->ctx.decrypt_ctx));
            }
            break;
        case CBC:
@ -119,26 +120,26 @@ STATIC mp_obj_t mod_trezorcrypto_AES_update(mp_obj_t self, mp_obj_t data) {
                mp_raise_ValueError("Invalid data length");
            }
            if ((o->mode & AESDirMask) == Encrypt) {
-                aes_cbc_encrypt(buf.buf, out, buf.len, o->iv, &(o->ctx.encrypt_ctx));
+                aes_cbc_encrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.encrypt_ctx));
            } else {
-                aes_cbc_decrypt(buf.buf, out, buf.len, o->iv, &(o->ctx.decrypt_ctx));
+                aes_cbc_decrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.decrypt_ctx));
            }
            break;
        case CFB:
            if ((o->mode & AESDirMask) == Encrypt) {
-                aes_cfb_encrypt(buf.buf, out, buf.len, o->iv, &(o->ctx.encrypt_ctx));
+                aes_cfb_encrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.encrypt_ctx));
            } else {
-                aes_cfb_decrypt(buf.buf, out, buf.len, o->iv, &(o->ctx.encrypt_ctx));
+                aes_cfb_decrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.encrypt_ctx));
            }
            break;
        case OFB: // (encrypt == decrypt)
-            aes_ofb_crypt(buf.buf, out, buf.len, o->iv, &(o->ctx.encrypt_ctx));
+            aes_ofb_crypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.encrypt_ctx));
            break;
        case CTR: // (encrypt == decrypt)
-            aes_ctr_crypt(buf.buf, out, buf.len, o->ctr, aes_ctr_cbuf_inc, &(o->ctx.encrypt_ctx));
+            aes_ctr_crypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->ctr, aes_ctr_cbuf_inc, &(o->ctx.encrypt_ctx));
            break;
    }
-    return mp_obj_new_bytes(out, sizeof(out));
+    return mp_obj_new_bytes((uint8_t *)vstr.buf, vstr.len);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_AES_update_obj, mod_trezorcrypto_AES_update);

--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h
@ -51,10 +51,11 @@ STATIC mp_obj_t mod_trezorcrypto_ChaCha20Poly1305_encrypt(mp_obj_t self, mp_obj_
    mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self);
    mp_buffer_info_t in;
    mp_get_buffer_raise(data, &in, MP_BUFFER_READ);
-    uint8_t out[in.len];
-    chacha20poly1305_encrypt(&(o->ctx), in.buf, out, in.len);
+    vstr_t vstr;
+    vstr_init_len(&vstr, in.len);
+    chacha20poly1305_encrypt(&(o->ctx), in.buf, (uint8_t *)vstr.buf, in.len);
    o->plen += in.len;
-    return mp_obj_new_bytes(out, sizeof(out));
+    return mp_obj_new_bytes((uint8_t *)vstr.buf, vstr.len);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_ChaCha20Poly1305_encrypt_obj, mod_trezorcrypto_ChaCha20Poly1305_encrypt);

@ -66,10 +67,11 @@ STATIC mp_obj_t mod_trezorcrypto_ChaCha20Poly1305_decrypt(mp_obj_t self, mp_obj_
    mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self);
    mp_buffer_info_t in;
    mp_get_buffer_raise(data, &in, MP_BUFFER_READ);
-    uint8_t out[in.len];
-    chacha20poly1305_decrypt(&(o->ctx), in.buf, out, in.len);
+    vstr_t vstr;
+    vstr_init_len(&vstr, in.len);
+    chacha20poly1305_decrypt(&(o->ctx), in.buf, (uint8_t *)vstr.buf, in.len);
    o->plen += in.len;
-    return mp_obj_new_bytes(out, sizeof(out));
+    return mp_obj_new_bytes((uint8_t *)vstr.buf, vstr.len);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_ChaCha20Poly1305_decrypt_obj, mod_trezorcrypto_ChaCha20Poly1305_decrypt);

--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-random.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-random.h
@ -31,9 +31,10 @@ STATIC mp_obj_t mod_trezorcrypto_random_bytes(mp_obj_t len) {
    if (l > 1024) {
        mp_raise_ValueError("Maximum requested size is 1024");
    }
-    uint8_t out[l];
-    random_buffer(out, l);
-    return mp_obj_new_bytes(out, sizeof(out));
+    vstr_t vstr;
+    vstr_init_len(&vstr, l);
+    random_buffer((uint8_t *)vstr.buf, l);
+    return mp_obj_new_bytes((uint8_t *)vstr.buf, vstr.len);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_random_bytes_obj, mod_trezorcrypto_random_bytes);