1
0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-01-24 22:31:35 +00:00

trezor.crypto: put back vstr where it makes sense (= user controlled input)

This commit is contained in:
Pavol Rusnak 2018-01-05 13:13:20 +01:00
parent 26ac0b6e52
commit 981ec87877
No known key found for this signature in database
GPG Key ID: 91F3B339B9A02A3D
3 changed files with 23 additions and 19 deletions

View File

@ -101,7 +101,8 @@ STATIC mp_obj_t mod_trezorcrypto_AES_update(mp_obj_t self, mp_obj_t data) {
if (buf.len == 0) { if (buf.len == 0) {
return mp_const_empty_bytes; return mp_const_empty_bytes;
} }
uint8_t out[buf.len]; vstr_t vstr;
vstr_init_len(&vstr, buf.len);
mp_obj_AES_t *o = MP_OBJ_TO_PTR(self); mp_obj_AES_t *o = MP_OBJ_TO_PTR(self);
switch (o->mode & AESModeMask) { switch (o->mode & AESModeMask) {
case ECB: case ECB:
@ -109,9 +110,9 @@ STATIC mp_obj_t mod_trezorcrypto_AES_update(mp_obj_t self, mp_obj_t data) {
mp_raise_ValueError("Invalid data length"); mp_raise_ValueError("Invalid data length");
} }
if ((o->mode & AESDirMask) == Encrypt) { if ((o->mode & AESDirMask) == Encrypt) {
aes_ecb_encrypt(buf.buf, out, buf.len, &(o->ctx.encrypt_ctx)); aes_ecb_encrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, &(o->ctx.encrypt_ctx));
} else { } else {
aes_ecb_decrypt(buf.buf, out, buf.len, &(o->ctx.decrypt_ctx)); aes_ecb_decrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, &(o->ctx.decrypt_ctx));
} }
break; break;
case CBC: case CBC:
@ -119,26 +120,26 @@ STATIC mp_obj_t mod_trezorcrypto_AES_update(mp_obj_t self, mp_obj_t data) {
mp_raise_ValueError("Invalid data length"); mp_raise_ValueError("Invalid data length");
} }
if ((o->mode & AESDirMask) == Encrypt) { if ((o->mode & AESDirMask) == Encrypt) {
aes_cbc_encrypt(buf.buf, out, buf.len, o->iv, &(o->ctx.encrypt_ctx)); aes_cbc_encrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.encrypt_ctx));
} else { } else {
aes_cbc_decrypt(buf.buf, out, buf.len, o->iv, &(o->ctx.decrypt_ctx)); aes_cbc_decrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.decrypt_ctx));
} }
break; break;
case CFB: case CFB:
if ((o->mode & AESDirMask) == Encrypt) { if ((o->mode & AESDirMask) == Encrypt) {
aes_cfb_encrypt(buf.buf, out, buf.len, o->iv, &(o->ctx.encrypt_ctx)); aes_cfb_encrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.encrypt_ctx));
} else { } else {
aes_cfb_decrypt(buf.buf, out, buf.len, o->iv, &(o->ctx.encrypt_ctx)); aes_cfb_decrypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.encrypt_ctx));
} }
break; break;
case OFB: // (encrypt == decrypt) case OFB: // (encrypt == decrypt)
aes_ofb_crypt(buf.buf, out, buf.len, o->iv, &(o->ctx.encrypt_ctx)); aes_ofb_crypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->iv, &(o->ctx.encrypt_ctx));
break; break;
case CTR: // (encrypt == decrypt) case CTR: // (encrypt == decrypt)
aes_ctr_crypt(buf.buf, out, buf.len, o->ctr, aes_ctr_cbuf_inc, &(o->ctx.encrypt_ctx)); aes_ctr_crypt(buf.buf, (uint8_t *)vstr.buf, buf.len, o->ctr, aes_ctr_cbuf_inc, &(o->ctx.encrypt_ctx));
break; break;
} }
return mp_obj_new_bytes(out, sizeof(out)); return mp_obj_new_bytes((uint8_t *)vstr.buf, vstr.len);
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_AES_update_obj, mod_trezorcrypto_AES_update); STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_AES_update_obj, mod_trezorcrypto_AES_update);

View File

@ -51,10 +51,11 @@ STATIC mp_obj_t mod_trezorcrypto_ChaCha20Poly1305_encrypt(mp_obj_t self, mp_obj_
mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self); mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self);
mp_buffer_info_t in; mp_buffer_info_t in;
mp_get_buffer_raise(data, &in, MP_BUFFER_READ); mp_get_buffer_raise(data, &in, MP_BUFFER_READ);
uint8_t out[in.len]; vstr_t vstr;
chacha20poly1305_encrypt(&(o->ctx), in.buf, out, in.len); vstr_init_len(&vstr, in.len);
chacha20poly1305_encrypt(&(o->ctx), in.buf, (uint8_t *)vstr.buf, in.len);
o->plen += in.len; o->plen += in.len;
return mp_obj_new_bytes(out, sizeof(out)); return mp_obj_new_bytes((uint8_t *)vstr.buf, vstr.len);
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_ChaCha20Poly1305_encrypt_obj, mod_trezorcrypto_ChaCha20Poly1305_encrypt); STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_ChaCha20Poly1305_encrypt_obj, mod_trezorcrypto_ChaCha20Poly1305_encrypt);
@ -66,10 +67,11 @@ STATIC mp_obj_t mod_trezorcrypto_ChaCha20Poly1305_decrypt(mp_obj_t self, mp_obj_
mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self); mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self);
mp_buffer_info_t in; mp_buffer_info_t in;
mp_get_buffer_raise(data, &in, MP_BUFFER_READ); mp_get_buffer_raise(data, &in, MP_BUFFER_READ);
uint8_t out[in.len]; vstr_t vstr;
chacha20poly1305_decrypt(&(o->ctx), in.buf, out, in.len); vstr_init_len(&vstr, in.len);
chacha20poly1305_decrypt(&(o->ctx), in.buf, (uint8_t *)vstr.buf, in.len);
o->plen += in.len; o->plen += in.len;
return mp_obj_new_bytes(out, sizeof(out)); return mp_obj_new_bytes((uint8_t *)vstr.buf, vstr.len);
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_ChaCha20Poly1305_decrypt_obj, mod_trezorcrypto_ChaCha20Poly1305_decrypt); STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_ChaCha20Poly1305_decrypt_obj, mod_trezorcrypto_ChaCha20Poly1305_decrypt);

View File

@ -31,9 +31,10 @@ STATIC mp_obj_t mod_trezorcrypto_random_bytes(mp_obj_t len) {
if (l > 1024) { if (l > 1024) {
mp_raise_ValueError("Maximum requested size is 1024"); mp_raise_ValueError("Maximum requested size is 1024");
} }
uint8_t out[l]; vstr_t vstr;
random_buffer(out, l); vstr_init_len(&vstr, l);
return mp_obj_new_bytes(out, sizeof(out)); random_buffer((uint8_t *)vstr.buf, l);
return mp_obj_new_bytes((uint8_t *)vstr.buf, vstr.len);
} }
STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_random_bytes_obj, mod_trezorcrypto_random_bytes); STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_random_bytes_obj, mod_trezorcrypto_random_bytes);