arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2024-12-16 11:28:14 +00:00
Code Issues Releases Wiki Activity

Change encrypted entry format to (IV || tag || ciphertext).

Browse Source
This commit is contained in:
Andrew Kozlik 2019-02-21 15:22:46 +01:00
parent 9100a3ee64
commit e55737c4b1
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
storage.c
View File

@ -863,8 +863,8 @@ static secbool storage_get_encrypted(const uint16_t key, void *val_dest, const u
} }
const uint8_t *iv = (const uint8_t*) val_stored; const uint8_t *iv = (const uint8_t*) val_stored;
const uint8_t *ciphertext = (const uint8_t*) val_stored + CHACHA20_IV_SIZE; const uint8_t *tag_stored = (const uint8_t*) val_stored + CHACHA20_IV_SIZE;
const uint8_t *tag_stored = (const uint8_t*) val_stored + CHACHA20_IV_SIZE + *len; const uint8_t *ciphertext = (const uint8_t*) val_stored + CHACHA20_IV_SIZE + POLY1305_TAG_SIZE;
uint8_t tag_computed[POLY1305_TAG_SIZE]; uint8_t tag_computed[POLY1305_TAG_SIZE];
chacha20poly1305_ctx ctx; chacha20poly1305_ctx ctx;
rfc7539_init(&ctx, cached_dek, iv); rfc7539_init(&ctx, cached_dek, iv);
@ -932,18 +932,18 @@ static secbool storage_set_encrypted(const uint16_t key, const void *val, const
} }
// Preallocate space on the flash storage. // Preallocate space on the flash storage.
if (sectrue != auth_set(key, NULL, CHACHA20_IV_SIZE + len + POLY1305_TAG_SIZE)) { if (sectrue != auth_set(key, NULL, CHACHA20_IV_SIZE + POLY1305_TAG_SIZE + len)) {
return secfalse; return secfalse;
} }
// Write the IV to the flash. // Write the IV to the flash.
uint8_t buffer[CHACHA20_BLOCK_SIZE + POLY1305_TAG_SIZE]; uint8_t buffer[CHACHA20_BLOCK_SIZE];
random_buffer(buffer, CHACHA20_IV_SIZE); random_buffer(buffer, CHACHA20_IV_SIZE);
uint16_t offset = 0; uint16_t offset = 0;
if (sectrue != norcow_update_bytes(key, offset, buffer, CHACHA20_IV_SIZE)) { if (sectrue != norcow_update_bytes(key, offset, buffer, CHACHA20_IV_SIZE)) {
return secfalse; return secfalse;
} }
offset += CHACHA20_IV_SIZE; offset += CHACHA20_IV_SIZE + POLY1305_TAG_SIZE;
// Encrypt all blocks except for the last one. // Encrypt all blocks except for the last one.
chacha20poly1305_ctx ctx; chacha20poly1305_ctx ctx;
@ -961,8 +961,11 @@ static secbool storage_set_encrypted(const uint16_t key, const void *val, const
// Encrypt final block and compute message authentication tag. // Encrypt final block and compute message authentication tag.
chacha20poly1305_encrypt(&ctx, ((const uint8_t*) val) + i, buffer, len - i); chacha20poly1305_encrypt(&ctx, ((const uint8_t*) val) + i, buffer, len - i);
rfc7539_finish(&ctx, sizeof(key), len, buffer + len - i); secbool ret = norcow_update_bytes(key, offset, buffer, len - i);
secbool ret = norcow_update_bytes(key, offset, buffer, len - i + POLY1305_TAG_SIZE); if (sectrue == ret) {
rfc7539_finish(&ctx, sizeof(key), len, buffer);
ret = norcow_update_bytes(key, CHACHA20_IV_SIZE, buffer, POLY1305_TAG_SIZE);
}
memzero(&ctx, sizeof(ctx)); memzero(&ctx, sizeof(ctx));
memzero(buffer, sizeof(buffer)); memzero(buffer, sizeof(buffer));
return ret; return ret;