mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-24 15:28:10 +00:00
introduce and use memzero instead of explicit_bzero
This commit is contained in:
parent
b7f73ee3ff
commit
bb4c3d0525
1
Makefile
1
Makefile
@ -50,6 +50,7 @@ SRCS += chacha20poly1305/chacha20poly1305.c chacha20poly1305/chacha_merged.c ch
|
||||
SRCS += rc4.c
|
||||
SRCS += nem.c
|
||||
SRCS += segwit_addr.c
|
||||
SRCS += memzero.c
|
||||
|
||||
OBJS = $(SRCS:.c=.o)
|
||||
|
||||
|
5
base58.c
5
base58.c
@ -27,6 +27,7 @@
|
||||
#include "base58.h"
|
||||
#include "sha2.h"
|
||||
#include "ripemd160.h"
|
||||
#include "memzero.h"
|
||||
|
||||
static const int8_t b58digits_map[] = {
|
||||
-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,
|
||||
@ -199,7 +200,7 @@ int base58_encode_check(const uint8_t *data, int datalen, HasherType hasher_type
|
||||
hasher_Raw(hasher_type, hash, 32, hash);
|
||||
size_t res = strsize;
|
||||
bool success = b58enc(str, &res, buf, datalen + 4);
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
memzero(buf, sizeof(buf));
|
||||
return success ? res : 0;
|
||||
}
|
||||
|
||||
@ -253,7 +254,7 @@ int base58gph_encode_check(const uint8_t *data, int datalen, char *str, int strs
|
||||
ripemd160(data, datalen, hash); // No double SHA256, but a single RIPEMD160
|
||||
size_t res = strsize;
|
||||
bool success = b58enc(str, &res, buf, datalen + 4);
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
memzero(buf, sizeof(buf));
|
||||
return success ? res : 0;
|
||||
}
|
||||
|
||||
|
13
bignum.c
13
bignum.c
@ -27,6 +27,7 @@
|
||||
#include <string.h>
|
||||
#include <assert.h>
|
||||
#include "bignum.h"
|
||||
#include "memzero.h"
|
||||
|
||||
/* big number library */
|
||||
|
||||
@ -489,7 +490,7 @@ void bn_multiply(const bignum256 *k, bignum256 *x, const bignum256 *prime)
|
||||
uint32_t res[18] = {0};
|
||||
bn_multiply_long(k, x, res);
|
||||
bn_multiply_reduce(x, res, prime);
|
||||
explicit_bzero(res, sizeof(res));
|
||||
memzero(res, sizeof(res));
|
||||
}
|
||||
|
||||
// partly reduce x modulo prime
|
||||
@ -551,8 +552,8 @@ void bn_sqrt(bignum256 *x, const bignum256 *prime)
|
||||
}
|
||||
bn_mod(&res, prime);
|
||||
memcpy(x, &res, sizeof(bignum256));
|
||||
explicit_bzero(&res, sizeof(res));
|
||||
explicit_bzero(&p, sizeof(p));
|
||||
memzero(&res, sizeof(res));
|
||||
memzero(&p, sizeof(p));
|
||||
}
|
||||
|
||||
#if ! USE_INVERSE_FAST
|
||||
@ -860,9 +861,9 @@ void bn_inverse(bignum256 *x, const bignum256 *prime)
|
||||
x->val[i] = temp32;
|
||||
|
||||
// let's wipe all temp buffers
|
||||
explicit_bzero(pp, sizeof(pp));
|
||||
explicit_bzero(&us, sizeof(us));
|
||||
explicit_bzero(&vr, sizeof(vr));
|
||||
memzero(pp, sizeof(pp));
|
||||
memzero(&us, sizeof(us));
|
||||
memzero(&vr, sizeof(vr));
|
||||
}
|
||||
#endif
|
||||
|
||||
|
49
bip32.c
49
bip32.c
@ -46,6 +46,7 @@
|
||||
#if USE_NEM
|
||||
#include "nem.h"
|
||||
#endif
|
||||
#include "memzero.h"
|
||||
|
||||
const curve_info ed25519_info = {
|
||||
.bip32_name = "ed25519 seed",
|
||||
@ -86,7 +87,7 @@ int hdnode_from_xpub(uint32_t depth, uint32_t child_num, const uint8_t *chain_co
|
||||
out->depth = depth;
|
||||
out->child_num = child_num;
|
||||
memcpy(out->chain_code, chain_code, 32);
|
||||
explicit_bzero(out->private_key, 32);
|
||||
memzero(out->private_key, 32);
|
||||
memcpy(out->public_key, public_key, 33);
|
||||
return 1;
|
||||
}
|
||||
@ -107,7 +108,7 @@ int hdnode_from_xprv(uint32_t depth, uint32_t child_num, const uint8_t *chain_co
|
||||
failed = true;
|
||||
}
|
||||
}
|
||||
explicit_bzero(&a, sizeof(a));
|
||||
memzero(&a, sizeof(a));
|
||||
}
|
||||
|
||||
if (failed) {
|
||||
@ -119,7 +120,7 @@ int hdnode_from_xprv(uint32_t depth, uint32_t child_num, const uint8_t *chain_co
|
||||
out->child_num = child_num;
|
||||
memcpy(out->chain_code, chain_code, 32);
|
||||
memcpy(out->private_key, private_key, 32);
|
||||
explicit_bzero(out->public_key, sizeof(out->public_key));
|
||||
memzero(out->public_key, sizeof(out->public_key));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -150,12 +151,12 @@ int hdnode_from_seed(const uint8_t *seed, int seed_len, const char* curve, HDNod
|
||||
hmac_sha512_Update(&ctx, I, sizeof(I));
|
||||
hmac_sha512_Final(&ctx, I);
|
||||
}
|
||||
explicit_bzero(&a, sizeof(a));
|
||||
memzero(&a, sizeof(a));
|
||||
}
|
||||
memcpy(out->private_key, I, 32);
|
||||
memcpy(out->chain_code, I + 32, 32);
|
||||
explicit_bzero(out->public_key, sizeof(out->public_key));
|
||||
explicit_bzero(I, sizeof(I));
|
||||
memzero(out->public_key, sizeof(out->public_key));
|
||||
memzero(I, sizeof(I));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -168,7 +169,7 @@ uint32_t hdnode_fingerprint(HDNode *node)
|
||||
hasher_Raw(node->curve->hasher_type, node->public_key, 33, digest);
|
||||
ripemd160(digest, 32, digest);
|
||||
fingerprint = (digest[0] << 24) + (digest[1] << 16) + (digest[2] << 8) + digest[3];
|
||||
explicit_bzero(digest, sizeof(digest));
|
||||
memzero(digest, sizeof(digest));
|
||||
return fingerprint;
|
||||
}
|
||||
|
||||
@ -229,13 +230,13 @@ int hdnode_private_ckd(HDNode *inout, uint32_t i)
|
||||
memcpy(inout->chain_code, I + 32, 32);
|
||||
inout->depth++;
|
||||
inout->child_num = i;
|
||||
explicit_bzero(inout->public_key, sizeof(inout->public_key));
|
||||
memzero(inout->public_key, sizeof(inout->public_key));
|
||||
|
||||
// making sure to wipe our memory
|
||||
explicit_bzero(&a, sizeof(a));
|
||||
explicit_bzero(&b, sizeof(b));
|
||||
explicit_bzero(I, sizeof(I));
|
||||
explicit_bzero(data, sizeof(data));
|
||||
memzero(&a, sizeof(a));
|
||||
memzero(&b, sizeof(b));
|
||||
memzero(I, sizeof(I));
|
||||
memzero(data, sizeof(data));
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -264,9 +265,9 @@ int hdnode_public_ckd_cp(const ecdsa_curve *curve, const curve_point *parent, co
|
||||
}
|
||||
|
||||
// Wipe all stack data.
|
||||
explicit_bzero(data, sizeof(data));
|
||||
explicit_bzero(I, sizeof(I));
|
||||
explicit_bzero(&c, sizeof(c));
|
||||
memzero(data, sizeof(data));
|
||||
memzero(I, sizeof(I));
|
||||
memzero(&c, sizeof(c));
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
@ -286,15 +287,15 @@ int hdnode_public_ckd(HDNode *inout, uint32_t i)
|
||||
if (!hdnode_public_ckd_cp(inout->curve->params, &parent, inout->chain_code, i, &child, inout->chain_code)) {
|
||||
return 0;
|
||||
}
|
||||
explicit_bzero(inout->private_key, 32);
|
||||
memzero(inout->private_key, 32);
|
||||
inout->depth++;
|
||||
inout->child_num = i;
|
||||
inout->public_key[0] = 0x02 | (child.y.val[0] & 0x01);
|
||||
bn_write_be(&child.x, inout->public_key + 1);
|
||||
|
||||
// Wipe all stack data.
|
||||
explicit_bzero(&parent, sizeof(parent));
|
||||
explicit_bzero(&child, sizeof(child));
|
||||
memzero(&parent, sizeof(parent));
|
||||
memzero(&child, sizeof(child));
|
||||
|
||||
return 1;
|
||||
}
|
||||
@ -349,7 +350,7 @@ int hdnode_private_ckd_cached(HDNode *inout, const uint32_t *i, size_t i_count,
|
||||
if (!private_ckd_cache_root_set || memcmp(&private_ckd_cache_root, inout, sizeof(HDNode)) != 0) {
|
||||
// clear the cache
|
||||
private_ckd_cache_index = 0;
|
||||
explicit_bzero(private_ckd_cache, sizeof(private_ckd_cache));
|
||||
memzero(private_ckd_cache, sizeof(private_ckd_cache));
|
||||
// setup new root
|
||||
memcpy(&private_ckd_cache_root, inout, sizeof(HDNode));
|
||||
private_ckd_cache_root_set = true;
|
||||
@ -496,7 +497,7 @@ int hdnode_nem_encrypt(const HDNode *node, const ed25519_public_key public_key,
|
||||
aes_encrypt_ctx ctx;
|
||||
|
||||
int ret = aes_encrypt_key256(shared_key, &ctx);
|
||||
explicit_bzero(shared_key, sizeof(shared_key));
|
||||
memzero(shared_key, sizeof(shared_key));
|
||||
|
||||
if (ret != EXIT_SUCCESS) {
|
||||
return 0;
|
||||
@ -523,7 +524,7 @@ int hdnode_nem_decrypt(const HDNode *node, const ed25519_public_key public_key,
|
||||
aes_decrypt_ctx ctx;
|
||||
|
||||
int ret = aes_decrypt_key256(shared_key, &ctx);
|
||||
explicit_bzero(shared_key, sizeof(shared_key));
|
||||
memzero(shared_key, sizeof(shared_key));
|
||||
|
||||
if (ret != EXIT_SUCCESS) {
|
||||
return 0;
|
||||
@ -609,7 +610,7 @@ static int hdnode_serialize(const HDNode *node, uint32_t fingerprint, uint32_t v
|
||||
memcpy(node_data + 46, node->private_key, 32);
|
||||
}
|
||||
int ret = base58_encode_check(node_data, sizeof(node_data), node->curve->hasher_type, str, strsize);
|
||||
explicit_bzero(node_data, sizeof(node_data));
|
||||
memzero(node_data, sizeof(node_data));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -634,14 +635,14 @@ int hdnode_deserialize(const char *str, uint32_t version_public, uint32_t versio
|
||||
}
|
||||
uint32_t version = read_be(node_data);
|
||||
if (version == version_public) {
|
||||
explicit_bzero(node->private_key, sizeof(node->private_key));
|
||||
memzero(node->private_key, sizeof(node->private_key));
|
||||
memcpy(node->public_key, node_data + 45, 33);
|
||||
} else if (version == version_private) { // private node
|
||||
if (node_data[45]) { // invalid data
|
||||
return -2;
|
||||
}
|
||||
memcpy(node->private_key, node_data + 46, 32);
|
||||
explicit_bzero(node->public_key, sizeof(node->public_key));
|
||||
memzero(node->public_key, sizeof(node->public_key));
|
||||
} else {
|
||||
return -3; // invalid version
|
||||
}
|
||||
|
13
bip39.c
13
bip39.c
@ -31,6 +31,7 @@
|
||||
#include "pbkdf2.h"
|
||||
#include "bip39_english.h"
|
||||
#include "options.h"
|
||||
#include "memzero.h"
|
||||
|
||||
#if USE_BIP39_CACHE
|
||||
|
||||
@ -53,7 +54,7 @@ const char *mnemonic_generate(int strength)
|
||||
uint8_t data[32];
|
||||
random_buffer(data, 32);
|
||||
const char *r = mnemonic_from_data(data, strength / 8);
|
||||
explicit_bzero(data, sizeof(data));
|
||||
memzero(data, sizeof(data));
|
||||
return r;
|
||||
}
|
||||
|
||||
@ -65,7 +66,7 @@ const uint16_t *mnemonic_generate_indexes(int strength)
|
||||
uint8_t data[32];
|
||||
random_buffer(data, 32);
|
||||
const uint16_t *r = mnemonic_from_data_indexes(data, strength / 8);
|
||||
explicit_bzero(data, sizeof(data));
|
||||
memzero(data, sizeof(data));
|
||||
return r;
|
||||
}
|
||||
|
||||
@ -99,7 +100,7 @@ const char *mnemonic_from_data(const uint8_t *data, int len)
|
||||
*p = (i < mlen - 1) ? ' ' : 0;
|
||||
p++;
|
||||
}
|
||||
explicit_bzero(bits, sizeof(bits));
|
||||
memzero(bits, sizeof(bits));
|
||||
|
||||
return mnemo;
|
||||
}
|
||||
@ -130,7 +131,7 @@ const uint16_t *mnemonic_from_data_indexes(const uint8_t *data, int len)
|
||||
}
|
||||
mnemo[i] = idx;
|
||||
}
|
||||
explicit_bzero(bits, sizeof(bits));
|
||||
memzero(bits, sizeof(bits));
|
||||
|
||||
return mnemo;
|
||||
}
|
||||
@ -160,7 +161,7 @@ int mnemonic_check(const char *mnemonic)
|
||||
uint32_t j, k, ki, bi;
|
||||
uint8_t bits[32 + 1];
|
||||
|
||||
explicit_bzero(bits, sizeof(bits));
|
||||
memzero(bits, sizeof(bits));
|
||||
i = 0; bi = 0;
|
||||
while (mnemonic[i]) {
|
||||
j = 0;
|
||||
@ -240,7 +241,7 @@ void mnemonic_to_seed(const char *mnemonic, const char *passphrase, uint8_t seed
|
||||
}
|
||||
}
|
||||
pbkdf2_hmac_sha512_Final(&pctx, seed);
|
||||
explicit_bzero(salt, sizeof(salt));
|
||||
memzero(salt, sizeof(salt));
|
||||
#if USE_BIP39_CACHE
|
||||
// store to cache
|
||||
if (mnemoniclen < 256 && passphraselen < 64) {
|
||||
|
@ -17,6 +17,7 @@
|
||||
|
||||
#include "blake2b.h"
|
||||
#include "blake2_common.h"
|
||||
#include "memzero.h"
|
||||
|
||||
typedef struct blake2b_param__
|
||||
{
|
||||
@ -159,7 +160,7 @@ int blake2b_InitKey( blake2b_state *S, size_t outlen, const void *key, size_t ke
|
||||
memset( block, 0, BLAKE2B_BLOCKBYTES );
|
||||
memcpy( block, key, keylen );
|
||||
blake2b_Update( S, block, BLAKE2B_BLOCKBYTES );
|
||||
explicit_bzero( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
|
||||
memzero( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from stack */
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@ -279,7 +280,7 @@ int blake2b_Final( blake2b_state *S, void *out, size_t outlen )
|
||||
store64( buffer + sizeof( S->h[i] ) * i, S->h[i] );
|
||||
|
||||
memcpy( out, buffer, S->outlen );
|
||||
explicit_bzero(buffer, sizeof(buffer));
|
||||
memzero(buffer, sizeof(buffer));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -17,6 +17,7 @@
|
||||
|
||||
#include "blake2s.h"
|
||||
#include "blake2_common.h"
|
||||
#include "memzero.h"
|
||||
|
||||
typedef struct blake2s_param__
|
||||
{
|
||||
@ -153,7 +154,7 @@ int blake2s_InitKey( blake2s_state *S, size_t outlen, const void *key, size_t ke
|
||||
memset( block, 0, BLAKE2S_BLOCKBYTES );
|
||||
memcpy( block, key, keylen );
|
||||
blake2s_Update( S, block, BLAKE2S_BLOCKBYTES );
|
||||
explicit_bzero( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
|
||||
memzero( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from stack */
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
@ -271,7 +272,7 @@ int blake2s_Final( blake2s_state *S, void *out, size_t outlen )
|
||||
store32( buffer + sizeof( S->h[i] ) * i, S->h[i] );
|
||||
|
||||
memcpy( out, buffer, outlen );
|
||||
explicit_bzero(buffer, sizeof(buffer));
|
||||
memzero(buffer, sizeof(buffer));
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
67
ecdsa.c
67
ecdsa.c
@ -37,6 +37,7 @@
|
||||
#include "base58.h"
|
||||
#include "secp256k1.h"
|
||||
#include "rfc6979.h"
|
||||
#include "memzero.h"
|
||||
|
||||
// Set cp2 = cp1
|
||||
void point_copy(const curve_point *cp1, curve_point *cp2)
|
||||
@ -541,8 +542,8 @@ void point_multiply(const ecdsa_curve *curve, const bignum256 *k, const curve_po
|
||||
}
|
||||
conditional_negate(sign, &jres.z, prime);
|
||||
jacobian_to_curve(&jres, res, prime);
|
||||
explicit_bzero(&a, sizeof(a));
|
||||
explicit_bzero(&jres, sizeof(jres));
|
||||
memzero(&a, sizeof(a));
|
||||
memzero(&jres, sizeof(jres));
|
||||
}
|
||||
|
||||
#if USE_PRECOMPUTED_CP
|
||||
@ -629,8 +630,8 @@ void scalar_multiply(const ecdsa_curve *curve, const bignum256 *k, curve_point *
|
||||
}
|
||||
conditional_negate(((a.val[0] >> 4) & 1) - 1, &jres.y, prime);
|
||||
jacobian_to_curve(&jres, res, prime);
|
||||
explicit_bzero(&a, sizeof(a));
|
||||
explicit_bzero(&jres, sizeof(jres));
|
||||
memzero(&a, sizeof(a));
|
||||
memzero(&jres, sizeof(jres));
|
||||
}
|
||||
|
||||
#else
|
||||
@ -652,12 +653,12 @@ int ecdh_multiply(const ecdsa_curve *curve, const uint8_t *priv_key, const uint8
|
||||
bignum256 k;
|
||||
bn_read_be(priv_key, &k);
|
||||
point_multiply(curve, &k, &point, &point);
|
||||
explicit_bzero(&k, sizeof(k));
|
||||
memzero(&k, sizeof(k));
|
||||
|
||||
session_key[0] = 0x04;
|
||||
bn_write_be(&point.x, session_key + 1);
|
||||
bn_write_be(&point.y, session_key + 33);
|
||||
explicit_bzero(&point, sizeof(point));
|
||||
memzero(&point, sizeof(point));
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -684,8 +685,8 @@ void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash, rfc6979_state *s
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
|
||||
explicit_bzero(bx, sizeof(bx));
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
memzero(bx, sizeof(bx));
|
||||
memzero(buf, sizeof(buf));
|
||||
}
|
||||
|
||||
// generate next number from deterministic random number generator
|
||||
@ -699,7 +700,7 @@ void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state)
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(state->v) + 1, state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
memcpy(rnd, buf, 32);
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
memzero(buf, sizeof(buf));
|
||||
}
|
||||
|
||||
// generate K in a deterministic way, according to RFC6979
|
||||
@ -709,7 +710,7 @@ void generate_k_rfc6979(bignum256 *k, rfc6979_state *state)
|
||||
uint8_t buf[32];
|
||||
generate_rfc6979(buf, state);
|
||||
bn_read_be(buf, k);
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
memzero(buf, sizeof(buf));
|
||||
}
|
||||
|
||||
// msg is a data to be signed
|
||||
@ -719,7 +720,7 @@ int ecdsa_sign(const ecdsa_curve *curve, HasherType hasher_type, const uint8_t *
|
||||
uint8_t hash[32];
|
||||
hasher_Raw(hasher_type, msg, msg_len, hash);
|
||||
int res = ecdsa_sign_digest(curve, priv_key, hash, sig, pby, is_canonical);
|
||||
explicit_bzero(hash, sizeof(hash));
|
||||
memzero(hash, sizeof(hash));
|
||||
return res;
|
||||
|
||||
}
|
||||
@ -732,7 +733,7 @@ int ecdsa_sign_double(const ecdsa_curve *curve, HasherType hasher_type, const ui
|
||||
hasher_Raw(hasher_type, msg, msg_len, hash);
|
||||
hasher_Raw(hasher_type, hash, 32, hash);
|
||||
int res = ecdsa_sign_digest(curve, priv_key, hash, sig, pby, is_canonical);
|
||||
explicit_bzero(hash, sizeof(hash));
|
||||
memzero(hash, sizeof(hash));
|
||||
return res;
|
||||
}
|
||||
|
||||
@ -817,20 +818,20 @@ int ecdsa_sign_digest(const ecdsa_curve *curve, const uint8_t *priv_key, const u
|
||||
*pby = by;
|
||||
}
|
||||
|
||||
explicit_bzero(&k, sizeof(k));
|
||||
explicit_bzero(&randk, sizeof(randk));
|
||||
memzero(&k, sizeof(k));
|
||||
memzero(&randk, sizeof(randk));
|
||||
#if USE_RFC6979
|
||||
explicit_bzero(&rng, sizeof(rng));
|
||||
memzero(&rng, sizeof(rng));
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Too many retries without a valid signature
|
||||
// -> fail with an error
|
||||
explicit_bzero(&k, sizeof(k));
|
||||
explicit_bzero(&randk, sizeof(randk));
|
||||
memzero(&k, sizeof(k));
|
||||
memzero(&randk, sizeof(randk));
|
||||
#if USE_RFC6979
|
||||
explicit_bzero(&rng, sizeof(rng));
|
||||
memzero(&rng, sizeof(rng));
|
||||
#endif
|
||||
return -1;
|
||||
}
|
||||
@ -845,8 +846,8 @@ void ecdsa_get_public_key33(const ecdsa_curve *curve, const uint8_t *priv_key, u
|
||||
scalar_multiply(curve, &k, &R);
|
||||
pub_key[0] = 0x02 | (R.y.val[0] & 0x01);
|
||||
bn_write_be(&R.x, pub_key + 1);
|
||||
explicit_bzero(&R, sizeof(R));
|
||||
explicit_bzero(&k, sizeof(k));
|
||||
memzero(&R, sizeof(R));
|
||||
memzero(&k, sizeof(k));
|
||||
}
|
||||
|
||||
void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key, uint8_t *pub_key)
|
||||
@ -860,8 +861,8 @@ void ecdsa_get_public_key65(const ecdsa_curve *curve, const uint8_t *priv_key, u
|
||||
pub_key[0] = 0x04;
|
||||
bn_write_be(&R.x, pub_key + 1);
|
||||
bn_write_be(&R.y, pub_key + 33);
|
||||
explicit_bzero(&R, sizeof(R));
|
||||
explicit_bzero(&k, sizeof(k));
|
||||
memzero(&R, sizeof(R));
|
||||
memzero(&k, sizeof(k));
|
||||
}
|
||||
|
||||
int ecdsa_uncompress_pubkey(const ecdsa_curve *curve, const uint8_t *pub_key, uint8_t *uncompressed)
|
||||
@ -890,7 +891,7 @@ void ecdsa_get_pubkeyhash(const uint8_t *pub_key, HasherType hasher_type, uint8_
|
||||
hasher_Raw(hasher_type, pub_key, 33, h);
|
||||
}
|
||||
ripemd160(h, HASHER_DIGEST_LENGTH, pubkeyhash);
|
||||
explicit_bzero(h, sizeof(h));
|
||||
memzero(h, sizeof(h));
|
||||
}
|
||||
|
||||
void ecdsa_get_address_raw(const uint8_t *pub_key, uint32_t version, HasherType hasher_type, uint8_t *addr_raw)
|
||||
@ -907,7 +908,7 @@ void ecdsa_get_address(const uint8_t *pub_key, uint32_t version, HasherType hash
|
||||
ecdsa_get_address_raw(pub_key, version, hasher_type, raw);
|
||||
base58_encode_check(raw, 20 + prefix_len, hasher_type, addr, addrsize);
|
||||
// not as important to clear this one, but we might as well
|
||||
explicit_bzero(raw, sizeof(raw));
|
||||
memzero(raw, sizeof(raw));
|
||||
}
|
||||
|
||||
void ecdsa_get_address_segwit_p2sh_raw(const uint8_t *pub_key, uint32_t version, HasherType hasher_type, uint8_t *addr_raw)
|
||||
@ -928,7 +929,7 @@ void ecdsa_get_address_segwit_p2sh(const uint8_t *pub_key, uint32_t version, Has
|
||||
size_t prefix_len = address_prefix_bytes_len(version);
|
||||
ecdsa_get_address_segwit_p2sh_raw(pub_key, version, hasher_type, raw);
|
||||
base58_encode_check(raw, prefix_len + 20, hasher_type, addr, addrsize);
|
||||
explicit_bzero(raw, sizeof(raw));
|
||||
memzero(raw, sizeof(raw));
|
||||
}
|
||||
|
||||
void ecdsa_get_wif(const uint8_t *priv_key, uint32_t version, HasherType hasher_type, char *wif, int wifsize)
|
||||
@ -940,7 +941,7 @@ void ecdsa_get_wif(const uint8_t *priv_key, uint32_t version, HasherType hasher_
|
||||
wif_raw[prefix_len + 32] = 0x01;
|
||||
base58_encode_check(wif_raw, prefix_len + 32 + 1, hasher_type, wif, wifsize);
|
||||
// private keys running around our stack can cause trouble
|
||||
explicit_bzero(wif_raw, sizeof(wif_raw));
|
||||
memzero(wif_raw, sizeof(wif_raw));
|
||||
}
|
||||
|
||||
int ecdsa_address_decode(const char *addr, uint32_t version, HasherType hasher_type, uint8_t *out)
|
||||
@ -1033,7 +1034,7 @@ int ecdsa_verify(const ecdsa_curve *curve, HasherType hasher_type, const uint8_t
|
||||
uint8_t hash[32];
|
||||
hasher_Raw(hasher_type, msg, msg_len, hash);
|
||||
int res = ecdsa_verify_digest(curve, pub_key, sig, hash);
|
||||
explicit_bzero(hash, sizeof(hash));
|
||||
memzero(hash, sizeof(hash));
|
||||
return res;
|
||||
}
|
||||
|
||||
@ -1043,7 +1044,7 @@ int ecdsa_verify_double(const ecdsa_curve *curve, HasherType hasher_type, const
|
||||
hasher_Raw(hasher_type, msg, msg_len, hash);
|
||||
hasher_Raw(hasher_type, hash, 32, hash);
|
||||
int res = ecdsa_verify_digest(curve, pub_key, sig, hash);
|
||||
explicit_bzero(hash, sizeof(hash));
|
||||
memzero(hash, sizeof(hash));
|
||||
return res;
|
||||
}
|
||||
|
||||
@ -1142,11 +1143,11 @@ int ecdsa_verify_digest(const ecdsa_curve *curve, const uint8_t *pub_key, const
|
||||
}
|
||||
}
|
||||
|
||||
explicit_bzero(&pub, sizeof(pub));
|
||||
explicit_bzero(&res, sizeof(res));
|
||||
explicit_bzero(&r, sizeof(r));
|
||||
explicit_bzero(&s, sizeof(s));
|
||||
explicit_bzero(&z, sizeof(z));
|
||||
memzero(&pub, sizeof(pub));
|
||||
memzero(&res, sizeof(res));
|
||||
memzero(&r, sizeof(r));
|
||||
memzero(&s, sizeof(s));
|
||||
memzero(&z, sizeof(z));
|
||||
|
||||
// all OK
|
||||
return result;
|
||||
|
17
hmac.c
17
hmac.c
@ -25,6 +25,7 @@
|
||||
|
||||
#include "hmac.h"
|
||||
#include "options.h"
|
||||
#include "memzero.h"
|
||||
|
||||
void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, const uint32_t keylen)
|
||||
{
|
||||
@ -41,7 +42,7 @@ void hmac_sha256_Init(HMAC_SHA256_CTX *hctx, const uint8_t *key, const uint32_t
|
||||
}
|
||||
sha256_Init(&(hctx->ctx));
|
||||
sha256_Update(&(hctx->ctx), i_key_pad, SHA256_BLOCK_LENGTH);
|
||||
explicit_bzero(i_key_pad, sizeof(i_key_pad));
|
||||
memzero(i_key_pad, sizeof(i_key_pad));
|
||||
}
|
||||
|
||||
void hmac_sha256_Update(HMAC_SHA256_CTX *hctx, const uint8_t *msg, const uint32_t msglen)
|
||||
@ -56,7 +57,7 @@ void hmac_sha256_Final(HMAC_SHA256_CTX *hctx, uint8_t *hmac)
|
||||
sha256_Update(&(hctx->ctx), hctx->o_key_pad, SHA256_BLOCK_LENGTH);
|
||||
sha256_Update(&(hctx->ctx), hmac, SHA256_DIGEST_LENGTH);
|
||||
sha256_Final(&(hctx->ctx), hmac);
|
||||
explicit_bzero(hctx, sizeof(HMAC_SHA256_CTX));
|
||||
memzero(hctx, sizeof(HMAC_SHA256_CTX));
|
||||
}
|
||||
|
||||
void hmac_sha256(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
|
||||
@ -71,7 +72,7 @@ void hmac_sha256_prepare(const uint8_t *key, const uint32_t keylen, uint32_t *op
|
||||
{
|
||||
static CONFIDENTIAL uint32_t key_pad[SHA256_BLOCK_LENGTH/sizeof(uint32_t)];
|
||||
|
||||
explicit_bzero(key_pad, sizeof(key_pad));
|
||||
memzero(key_pad, sizeof(key_pad));
|
||||
if (keylen > SHA256_BLOCK_LENGTH) {
|
||||
static CONFIDENTIAL SHA256_CTX context;
|
||||
sha256_Init(&context);
|
||||
@ -98,7 +99,7 @@ void hmac_sha256_prepare(const uint8_t *key, const uint32_t keylen, uint32_t *op
|
||||
key_pad[i] = key_pad[i] ^ 0x5c5c5c5c ^ 0x36363636;
|
||||
}
|
||||
sha256_Transform(sha256_initial_hash_value, key_pad, ipad_digest);
|
||||
explicit_bzero(key_pad, sizeof(key_pad));
|
||||
memzero(key_pad, sizeof(key_pad));
|
||||
}
|
||||
|
||||
void hmac_sha512_Init(HMAC_SHA512_CTX *hctx, const uint8_t *key, const uint32_t keylen)
|
||||
@ -116,7 +117,7 @@ void hmac_sha512_Init(HMAC_SHA512_CTX *hctx, const uint8_t *key, const uint32_t
|
||||
}
|
||||
sha512_Init(&(hctx->ctx));
|
||||
sha512_Update(&(hctx->ctx), i_key_pad, SHA512_BLOCK_LENGTH);
|
||||
explicit_bzero(i_key_pad, sizeof(i_key_pad));
|
||||
memzero(i_key_pad, sizeof(i_key_pad));
|
||||
}
|
||||
|
||||
void hmac_sha512_Update(HMAC_SHA512_CTX *hctx, const uint8_t *msg, const uint32_t msglen)
|
||||
@ -131,7 +132,7 @@ void hmac_sha512_Final(HMAC_SHA512_CTX *hctx, uint8_t *hmac)
|
||||
sha512_Update(&(hctx->ctx), hctx->o_key_pad, SHA512_BLOCK_LENGTH);
|
||||
sha512_Update(&(hctx->ctx), hmac, SHA512_DIGEST_LENGTH);
|
||||
sha512_Final(&(hctx->ctx), hmac);
|
||||
explicit_bzero(hctx, sizeof(HMAC_SHA512_CTX));
|
||||
memzero(hctx, sizeof(HMAC_SHA512_CTX));
|
||||
}
|
||||
|
||||
void hmac_sha512(const uint8_t *key, const uint32_t keylen, const uint8_t *msg, const uint32_t msglen, uint8_t *hmac)
|
||||
@ -146,7 +147,7 @@ void hmac_sha512_prepare(const uint8_t *key, const uint32_t keylen, uint64_t *op
|
||||
{
|
||||
static CONFIDENTIAL uint64_t key_pad[SHA512_BLOCK_LENGTH/sizeof(uint64_t)];
|
||||
|
||||
explicit_bzero(key_pad, sizeof(key_pad));
|
||||
memzero(key_pad, sizeof(key_pad));
|
||||
if (keylen > SHA512_BLOCK_LENGTH) {
|
||||
static CONFIDENTIAL SHA512_CTX context;
|
||||
sha512_Init(&context);
|
||||
@ -173,5 +174,5 @@ void hmac_sha512_prepare(const uint8_t *key, const uint32_t keylen, uint64_t *op
|
||||
key_pad[i] = key_pad[i] ^ 0x5c5c5c5c5c5c5c5c ^ 0x3636363636363636;
|
||||
}
|
||||
sha512_Transform(sha512_initial_hash_value, key_pad, ipad_digest);
|
||||
explicit_bzero(key_pad, sizeof(key_pad));
|
||||
memzero(key_pad, sizeof(key_pad));
|
||||
}
|
||||
|
6
memzero.c
Normal file
6
memzero.c
Normal file
@ -0,0 +1,6 @@
|
||||
#include <string.h>
|
||||
|
||||
void memzero(void *s, size_t n)
|
||||
{
|
||||
memset(s, 0, n);
|
||||
}
|
8
memzero.h
Normal file
8
memzero.h
Normal file
@ -0,0 +1,8 @@
|
||||
#ifndef __MEMZERO_H__
|
||||
#define __MEMZERO_H__
|
||||
|
||||
#include <stddef.h>
|
||||
|
||||
void memzero(void *s, size_t n);
|
||||
|
||||
#endif
|
9
nem.c
9
nem.c
@ -28,6 +28,7 @@
|
||||
#include "ed25519-donna/ed25519-keccak.h"
|
||||
#include "ripemd160.h"
|
||||
#include "sha3.h"
|
||||
#include "memzero.h"
|
||||
|
||||
const char *nem_network_name(uint8_t network) {
|
||||
switch (network) {
|
||||
@ -111,7 +112,7 @@ void nem_get_address_raw(const ed25519_public_key public_key, uint8_t version, u
|
||||
/* 5. Concatenate output of step 3 and the checksum from step 4 */
|
||||
memcpy(&address[1 + RIPEMD160_DIGEST_LENGTH], hash, 4);
|
||||
|
||||
explicit_bzero(hash, sizeof(hash));
|
||||
memzero(hash, sizeof(hash));
|
||||
}
|
||||
|
||||
bool nem_get_address(const ed25519_public_key public_key, uint8_t version, char *address) {
|
||||
@ -121,7 +122,7 @@ bool nem_get_address(const ed25519_public_key public_key, uint8_t version, char
|
||||
|
||||
char *ret = base32_encode(pubkeyhash, sizeof(pubkeyhash), address, NEM_ADDRESS_SIZE + 1, BASE32_ALPHABET_RFC4648);
|
||||
|
||||
explicit_bzero(pubkeyhash, sizeof(pubkeyhash));
|
||||
memzero(pubkeyhash, sizeof(pubkeyhash));
|
||||
return (ret != NULL);
|
||||
}
|
||||
|
||||
@ -135,7 +136,7 @@ bool nem_validate_address_raw(const uint8_t *address, uint8_t network) {
|
||||
keccak_256(address, 1 + RIPEMD160_DIGEST_LENGTH, hash);
|
||||
bool valid = (memcmp(&address[1 + RIPEMD160_DIGEST_LENGTH], hash, 4) == 0);
|
||||
|
||||
explicit_bzero(hash, sizeof(hash));
|
||||
memzero(hash, sizeof(hash));
|
||||
return valid;
|
||||
}
|
||||
|
||||
@ -149,7 +150,7 @@ bool nem_validate_address(const char *address, uint8_t network) {
|
||||
uint8_t *ret = base32_decode(address, NEM_ADDRESS_SIZE, pubkeyhash, sizeof(pubkeyhash), BASE32_ALPHABET_RFC4648);
|
||||
bool valid = (ret != NULL) && nem_validate_address_raw(pubkeyhash, network);
|
||||
|
||||
explicit_bzero(pubkeyhash, sizeof(pubkeyhash));
|
||||
memzero(pubkeyhash, sizeof(pubkeyhash));
|
||||
return valid;
|
||||
}
|
||||
|
||||
|
5
pbkdf2.c
5
pbkdf2.c
@ -25,6 +25,7 @@
|
||||
#include "pbkdf2.h"
|
||||
#include "hmac.h"
|
||||
#include "sha2.h"
|
||||
#include "memzero.h"
|
||||
|
||||
void pbkdf2_hmac_sha256_Init(PBKDF2_HMAC_SHA256_CTX *pctx, const uint8_t *pass, int passlen, const uint8_t *salt, int saltlen)
|
||||
{
|
||||
@ -74,7 +75,7 @@ void pbkdf2_hmac_sha256_Final(PBKDF2_HMAC_SHA256_CTX *pctx, uint8_t *key)
|
||||
}
|
||||
#endif
|
||||
memcpy(key, pctx->f, SHA256_DIGEST_LENGTH);
|
||||
explicit_bzero(pctx, sizeof(PBKDF2_HMAC_SHA256_CTX));
|
||||
memzero(pctx, sizeof(PBKDF2_HMAC_SHA256_CTX));
|
||||
}
|
||||
|
||||
void pbkdf2_hmac_sha256(const uint8_t *pass, int passlen, const uint8_t *salt, int saltlen, uint32_t iterations, uint8_t *key)
|
||||
@ -134,7 +135,7 @@ void pbkdf2_hmac_sha512_Final(PBKDF2_HMAC_SHA512_CTX *pctx, uint8_t *key)
|
||||
}
|
||||
#endif
|
||||
memcpy(key, pctx->f, SHA512_DIGEST_LENGTH);
|
||||
explicit_bzero(pctx, sizeof(PBKDF2_HMAC_SHA512_CTX));
|
||||
memzero(pctx, sizeof(PBKDF2_HMAC_SHA512_CTX));
|
||||
}
|
||||
|
||||
void pbkdf2_hmac_sha512(const uint8_t *pass, int passlen, const uint8_t *salt, int saltlen, uint32_t iterations, uint8_t *key)
|
||||
|
@ -25,6 +25,7 @@
|
||||
#include <string.h>
|
||||
#include "rfc6979.h"
|
||||
#include "hmac.h"
|
||||
#include "memzero.h"
|
||||
|
||||
void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash, rfc6979_state *state) {
|
||||
uint8_t bx[2*32];
|
||||
@ -48,8 +49,8 @@ void init_rfc6979(const uint8_t *priv_key, const uint8_t *hash, rfc6979_state *s
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(buf), state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
|
||||
explicit_bzero(bx, sizeof(bx));
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
memzero(bx, sizeof(bx));
|
||||
memzero(buf, sizeof(buf));
|
||||
}
|
||||
|
||||
// generate next number from deterministic random number generator
|
||||
@ -63,7 +64,7 @@ void generate_rfc6979(uint8_t rnd[32], rfc6979_state *state)
|
||||
hmac_sha256(state->k, sizeof(state->k), buf, sizeof(state->v) + 1, state->k);
|
||||
hmac_sha256(state->k, sizeof(state->k), state->v, sizeof(state->v), state->v);
|
||||
memcpy(rnd, buf, 32);
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
memzero(buf, sizeof(buf));
|
||||
}
|
||||
|
||||
// generate K in a deterministic way, according to RFC6979
|
||||
@ -73,5 +74,5 @@ void generate_k_rfc6979(bignum256 *k, rfc6979_state *state)
|
||||
uint8_t buf[32];
|
||||
generate_rfc6979(buf, state);
|
||||
bn_read_be(buf, k);
|
||||
explicit_bzero(buf, sizeof(buf));
|
||||
memzero(buf, sizeof(buf));
|
||||
}
|
||||
|
@ -28,6 +28,7 @@
|
||||
#include <string.h>
|
||||
|
||||
#include "ripemd160.h"
|
||||
#include "memzero.h"
|
||||
|
||||
/*
|
||||
* 32-bit integer manipulation macros (little endian)
|
||||
@ -327,7 +328,7 @@ void ripemd160_Final( RIPEMD160_CTX *ctx, uint8_t output[RIPEMD160_DIGEST_LENGTH
|
||||
PUT_UINT32_LE( ctx->state[3], output, 12 );
|
||||
PUT_UINT32_LE( ctx->state[4], output, 16 );
|
||||
|
||||
explicit_bzero(ctx, sizeof(RIPEMD160_CTX));
|
||||
memzero(ctx, sizeof(RIPEMD160_CTX));
|
||||
}
|
||||
|
||||
/*
|
||||
|
43
sha2.c
43
sha2.c
@ -31,6 +31,7 @@
|
||||
#include <string.h>
|
||||
#include <stdint.h>
|
||||
#include "sha2.h"
|
||||
#include "memzero.h"
|
||||
|
||||
/*
|
||||
* ASSERT NOTE:
|
||||
@ -281,7 +282,7 @@ static const char *sha2_hex_digits = "0123456789abcdef";
|
||||
/*** SHA-1: ***********************************************************/
|
||||
void sha1_Init(SHA1_CTX* context) {
|
||||
MEMCPY_BCOPY(context->state, sha1_initial_hash_value, SHA1_DIGEST_LENGTH);
|
||||
explicit_bzero(context->buffer, SHA1_BLOCK_LENGTH);
|
||||
memzero(context->buffer, SHA1_BLOCK_LENGTH);
|
||||
context->bitcount = 0;
|
||||
}
|
||||
|
||||
@ -591,14 +592,14 @@ void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
|
||||
* No digest buffer, so we can do nothing
|
||||
* except clean up and go home
|
||||
*/
|
||||
explicit_bzero(context, sizeof(SHA1_CTX));
|
||||
memzero(context, sizeof(SHA1_CTX));
|
||||
return;
|
||||
}
|
||||
|
||||
usedspace = (context->bitcount >> 3) % SHA1_BLOCK_LENGTH;
|
||||
if (usedspace == 0) {
|
||||
/* Set-up for the last transform: */
|
||||
explicit_bzero(context->buffer, SHA1_SHORT_BLOCK_LENGTH);
|
||||
memzero(context->buffer, SHA1_SHORT_BLOCK_LENGTH);
|
||||
|
||||
/* Begin padding with a 1 bit: */
|
||||
*context->buffer = 0x80;
|
||||
@ -608,16 +609,16 @@ void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
|
||||
|
||||
if (usedspace <= 56) {
|
||||
/* Set-up for the last transform: */
|
||||
explicit_bzero(((uint8_t*)context->buffer) + usedspace, 56 - usedspace);
|
||||
memzero(((uint8_t*)context->buffer) + usedspace, 56 - usedspace);
|
||||
} else {
|
||||
if (usedspace < 64) {
|
||||
explicit_bzero(((uint8_t*)context->buffer) + usedspace, 64 - usedspace);
|
||||
memzero(((uint8_t*)context->buffer) + usedspace, 64 - usedspace);
|
||||
}
|
||||
/* Do second-to-last transform: */
|
||||
sha1_Transform(context->state, context->buffer, context->state);
|
||||
|
||||
/* And set-up for the last transform: */
|
||||
explicit_bzero(context->buffer, 56);
|
||||
memzero(context->buffer, 56);
|
||||
}
|
||||
/* Clean up: */
|
||||
usedspace = 0;
|
||||
@ -648,7 +649,7 @@ void sha1_Final(SHA1_CTX* context, sha2_byte digest[]) {
|
||||
#endif
|
||||
|
||||
/* Clean up: */
|
||||
explicit_bzero(context, sizeof(SHA1_CTX));
|
||||
memzero(context, sizeof(SHA1_CTX));
|
||||
}
|
||||
|
||||
char *sha1_End(SHA1_CTX* context, char buffer[]) {
|
||||
@ -665,9 +666,9 @@ char *sha1_End(SHA1_CTX* context, char buffer[]) {
|
||||
}
|
||||
*buffer = (char)0;
|
||||
} else {
|
||||
explicit_bzero(context, sizeof(SHA1_CTX));
|
||||
memzero(context, sizeof(SHA1_CTX));
|
||||
}
|
||||
explicit_bzero(digest, SHA1_DIGEST_LENGTH);
|
||||
memzero(digest, SHA1_DIGEST_LENGTH);
|
||||
return buffer;
|
||||
}
|
||||
|
||||
@ -692,7 +693,7 @@ void sha256_Init(SHA256_CTX* context) {
|
||||
return;
|
||||
}
|
||||
MEMCPY_BCOPY(context->state, sha256_initial_hash_value, SHA256_DIGEST_LENGTH);
|
||||
explicit_bzero(context->buffer, SHA256_BLOCK_LENGTH);
|
||||
memzero(context->buffer, SHA256_BLOCK_LENGTH);
|
||||
context->bitcount = 0;
|
||||
}
|
||||
|
||||
@ -929,7 +930,7 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
||||
((uint8_t*)context->buffer)[usedspace++] = 0x80;
|
||||
|
||||
if (usedspace > SHA256_SHORT_BLOCK_LENGTH) {
|
||||
explicit_bzero(((uint8_t*)context->buffer) + usedspace, SHA256_BLOCK_LENGTH - usedspace);
|
||||
memzero(((uint8_t*)context->buffer) + usedspace, SHA256_BLOCK_LENGTH - usedspace);
|
||||
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
/* Convert TO host byte order */
|
||||
@ -944,7 +945,7 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
||||
usedspace = 0;
|
||||
}
|
||||
/* Set-up for the last transform: */
|
||||
explicit_bzero(((uint8_t*)context->buffer) + usedspace, SHA256_SHORT_BLOCK_LENGTH - usedspace);
|
||||
memzero(((uint8_t*)context->buffer) + usedspace, SHA256_SHORT_BLOCK_LENGTH - usedspace);
|
||||
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
/* Convert TO host byte order */
|
||||
@ -969,7 +970,7 @@ void sha256_Final(SHA256_CTX* context, sha2_byte digest[]) {
|
||||
}
|
||||
|
||||
/* Clean up state data: */
|
||||
explicit_bzero(context, sizeof(SHA256_CTX));
|
||||
memzero(context, sizeof(SHA256_CTX));
|
||||
usedspace = 0;
|
||||
}
|
||||
|
||||
@ -987,9 +988,9 @@ char *sha256_End(SHA256_CTX* context, char buffer[]) {
|
||||
}
|
||||
*buffer = (char)0;
|
||||
} else {
|
||||
explicit_bzero(context, sizeof(SHA256_CTX));
|
||||
memzero(context, sizeof(SHA256_CTX));
|
||||
}
|
||||
explicit_bzero(digest, SHA256_DIGEST_LENGTH);
|
||||
memzero(digest, SHA256_DIGEST_LENGTH);
|
||||
return buffer;
|
||||
}
|
||||
|
||||
@ -1015,7 +1016,7 @@ void sha512_Init(SHA512_CTX* context) {
|
||||
return;
|
||||
}
|
||||
MEMCPY_BCOPY(context->state, sha512_initial_hash_value, SHA512_DIGEST_LENGTH);
|
||||
explicit_bzero(context->buffer, SHA512_BLOCK_LENGTH);
|
||||
memzero(context->buffer, SHA512_BLOCK_LENGTH);
|
||||
context->bitcount[0] = context->bitcount[1] = 0;
|
||||
}
|
||||
|
||||
@ -1232,7 +1233,7 @@ static void sha512_Last(SHA512_CTX* context) {
|
||||
((uint8_t*)context->buffer)[usedspace++] = 0x80;
|
||||
|
||||
if (usedspace > SHA512_SHORT_BLOCK_LENGTH) {
|
||||
explicit_bzero(((uint8_t*)context->buffer) + usedspace, SHA512_BLOCK_LENGTH - usedspace);
|
||||
memzero(((uint8_t*)context->buffer) + usedspace, SHA512_BLOCK_LENGTH - usedspace);
|
||||
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
/* Convert TO host byte order */
|
||||
@ -1247,7 +1248,7 @@ static void sha512_Last(SHA512_CTX* context) {
|
||||
usedspace = 0;
|
||||
}
|
||||
/* Set-up for the last transform: */
|
||||
explicit_bzero(((uint8_t*)context->buffer) + usedspace, SHA512_SHORT_BLOCK_LENGTH - usedspace);
|
||||
memzero(((uint8_t*)context->buffer) + usedspace, SHA512_SHORT_BLOCK_LENGTH - usedspace);
|
||||
|
||||
#if BYTE_ORDER == LITTLE_ENDIAN
|
||||
/* Convert TO host byte order */
|
||||
@ -1279,7 +1280,7 @@ void sha512_Final(SHA512_CTX* context, sha2_byte digest[]) {
|
||||
}
|
||||
|
||||
/* Zero out state data */
|
||||
explicit_bzero(context, sizeof(SHA512_CTX));
|
||||
memzero(context, sizeof(SHA512_CTX));
|
||||
}
|
||||
|
||||
char *sha512_End(SHA512_CTX* context, char buffer[]) {
|
||||
@ -1296,9 +1297,9 @@ char *sha512_End(SHA512_CTX* context, char buffer[]) {
|
||||
}
|
||||
*buffer = (char)0;
|
||||
} else {
|
||||
explicit_bzero(context, sizeof(SHA512_CTX));
|
||||
memzero(context, sizeof(SHA512_CTX));
|
||||
}
|
||||
explicit_bzero(digest, SHA512_DIGEST_LENGTH);
|
||||
memzero(digest, SHA512_DIGEST_LENGTH);
|
||||
return buffer;
|
||||
}
|
||||
|
||||
|
5
sha3.c
5
sha3.c
@ -21,6 +21,7 @@
|
||||
#include <string.h>
|
||||
|
||||
#include "sha3.h"
|
||||
#include "memzero.h"
|
||||
|
||||
#define I64(x) x##LL
|
||||
#define ROTL64(qword, n) ((qword) << (n) ^ ((qword) >> (64 - (n))))
|
||||
@ -330,7 +331,7 @@ void sha3_Final(SHA3_CTX *ctx, unsigned char* result)
|
||||
|
||||
assert(block_size > digest_length);
|
||||
if (result) me64_to_le_str(result, ctx->hash, digest_length);
|
||||
explicit_bzero(ctx, sizeof(SHA3_CTX));
|
||||
memzero(ctx, sizeof(SHA3_CTX));
|
||||
}
|
||||
|
||||
#if USE_KECCAK
|
||||
@ -359,7 +360,7 @@ void keccak_Final(SHA3_CTX *ctx, unsigned char* result)
|
||||
|
||||
assert(block_size > digest_length);
|
||||
if (result) me64_to_le_str(result, ctx->hash, digest_length);
|
||||
explicit_bzero(ctx, sizeof(SHA3_CTX));
|
||||
memzero(ctx, sizeof(SHA3_CTX));
|
||||
}
|
||||
|
||||
void keccak_256(const unsigned char* data, size_t len, unsigned char* digest)
|
||||
|
Loading…
Reference in New Issue
Block a user