arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-07-08 23:58:09 +00:00
Code Issues Releases Wiki Activity

storage: Change secequal32() to use length in bytes instead of length in words.

Browse Source
This commit is contained in:
Andrew Kozlik 2019-10-29 15:55:58 +01:00
parent 1deebf1065
commit b874539e2c
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
storage/storage.c
View File

@ -17,6 +17,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>. * along with this program. If not, see <http://www.gnu.org/licenses/>.
*/ */
#include <assert.h>
#include <string.h> #include <string.h>
#include "chacha20poly1305/rfc7539.h" #include "chacha20poly1305/rfc7539.h"
@ -185,19 +186,22 @@ static secbool secequal(const void *ptr1, const void *ptr2, size_t n) {
return diff ? secfalse : sectrue; return diff ? secfalse : sectrue;
} }
static secbool secequal32(const uint32_t *ptr1, const uint32_t *ptr2, static secbool secequal32(const void *ptr1, const void *ptr2, size_t n) {
size_t n) { assert(n % sizeof(uint32_t) == 0);
size_t wn = n / sizeof(uint32_t);
const uint32_t *p1 = (const uint32_t *)ptr1;
const uint32_t *p2 = (const uint32_t *)ptr2;
uint32_t diff = 0; uint32_t diff = 0;
size_t i = 0; size_t i = 0;
for (i = 0; i < n; ++i) { for (i = 0; i < wn; ++i) {
uint32_t mask = random32(); uint32_t mask = random32();
diff |= (*ptr1 + mask - *ptr2) ^ mask; diff |= (*p1 + mask - *p2) ^ mask;
++ptr1; ++p1;
++ptr2; ++p2;
} }
// Check loop completion in case of a fault injection attack. // Check loop completion in case of a fault injection attack.
if (i != n) { if (i != wn) {
handle_fault("loop completion check"); handle_fault("loop completion check");
} }
@ -922,8 +926,7 @@ static secbool decrypt_dek(const uint8_t *kek, const uint8_t *keiv) {
rfc7539_finish(&ctx, 0, KEYS_SIZE, tag); rfc7539_finish(&ctx, 0, KEYS_SIZE, tag);
memzero(&ctx, sizeof(ctx)); memzero(&ctx, sizeof(ctx));
wait_random(); wait_random();
if (secequal32((const uint32_t *)tag, pvc, PVC_SIZE / sizeof(uint32_t)) != if (secequal32(tag, pvc, PVC_SIZE) != sectrue) {
sectrue) {
memzero(keys, sizeof(keys)); memzero(keys, sizeof(keys));
memzero(tag, sizeof(tag)); memzero(tag, sizeof(tag));
return secfalse; return secfalse;