From ea116d742ade46d10bc6e948078ace4edab5b703 Mon Sep 17 00:00:00 2001 From: Pavol Rusnak Date: Tue, 16 Jan 2018 20:44:03 +0100 Subject: [PATCH] use explicit_bzero where possible; update trezor-crypto --- embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h | 3 ++- embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h | 10 +++++----- .../extmod/modtrezorcrypto/modtrezorcrypto-blake256.h | 2 +- embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h | 2 +- embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h | 2 +- .../modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h | 2 +- embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h | 4 ++-- .../extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h | 2 +- embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h | 2 +- embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h | 2 +- .../extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h | 2 +- .../extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h | 2 +- embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h | 2 +- vendor/trezor-crypto | 2 +- 14 files changed, 20 insertions(+), 19 deletions(-) diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h index 8b1904ae05..e9c74ff8f1 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h @@ -145,7 +145,8 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_AES_update_obj, mod_trezorcryp STATIC mp_obj_t mod_trezorcrypto_AES___del__(mp_obj_t self) { mp_obj_AES_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(aes_encrypt_ctx)); + explicit_bzero(&(o->ctx), sizeof(aes_encrypt_ctx)); + explicit_bzero(o->iv, AES_BLOCK_SIZE); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_AES___del___obj, mod_trezorcrypto_AES___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h index d32883c82d..7b327a8031 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h @@ -93,17 +93,17 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_make_new(const mp_obj_type_t *type, size if (NULL != chain_code.buf && 32 == chain_code.len) { memcpy(o->hdnode.chain_code, chain_code.buf, 32); } else { - memset(o->hdnode.chain_code, 0, 32); + explicit_bzero(o->hdnode.chain_code, 32); } if (NULL != private_key.buf && 32 == private_key.len) { memcpy(o->hdnode.private_key, private_key.buf, 32); } else { - memset(o->hdnode.private_key, 0, 32); + explicit_bzero(o->hdnode.private_key, 32); } if (NULL != public_key.buf && 33 == public_key.len) { memcpy(o->hdnode.public_key, public_key.buf, 33); } else { - memset(o->hdnode.public_key, 0, 33); + explicit_bzero(o->hdnode.public_key, 33); } o->hdnode.curve = curve; @@ -120,7 +120,7 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_derive(mp_obj_t self, mp_obj_t index) { uint32_t fp = hdnode_fingerprint(&o->hdnode); if (!hdnode_private_ckd(&o->hdnode, i)) { - memset(&o->hdnode, 0, sizeof(o->hdnode)); + explicit_bzero(&o->hdnode, sizeof(o->hdnode)); mp_raise_ValueError("Failed to derive"); } o->fingerprint = fp; @@ -157,7 +157,7 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_derive_path(mp_obj_t self, mp_obj_t path if (!hdnode_private_ckd_cached(&o->hdnode, pints, plen, &o->fingerprint)) { // derivation failed, reset the state and raise o->fingerprint = 0; - memset(&o->hdnode, 0, sizeof(o->hdnode)); + explicit_bzero(&o->hdnode, sizeof(o->hdnode)); mp_raise_ValueError("Failed to derive path"); } diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h index dc1ae15e5e..e60668b05c 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h @@ -68,7 +68,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake256_digest_obj, mod_trezo STATIC mp_obj_t mod_trezorcrypto_Blake256___del__(mp_obj_t self) { mp_obj_Blake256_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(BLAKE256_CTX)); + explicit_bzero(&(o->ctx), sizeof(BLAKE256_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake256___del___obj, mod_trezorcrypto_Blake256___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h index b3b298aef3..fd02af69d7 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h @@ -75,7 +75,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2b_digest_obj, mod_trezor STATIC mp_obj_t mod_trezorcrypto_Blake2b___del__(mp_obj_t self) { mp_obj_Blake2b_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(BLAKE2B_CTX)); + explicit_bzero(&(o->ctx), sizeof(BLAKE2B_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2b___del___obj, mod_trezorcrypto_Blake2b___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h index 5806e38c99..2c277c716d 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h @@ -75,7 +75,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2s_digest_obj, mod_trezor STATIC mp_obj_t mod_trezorcrypto_Blake2s___del__(mp_obj_t self) { mp_obj_Blake2s_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(BLAKE2S_CTX)); + explicit_bzero(&(o->ctx), sizeof(BLAKE2S_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2s___del___obj, mod_trezorcrypto_Blake2s___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h index 1779b0cc9d..2be22902be 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h @@ -105,7 +105,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_ChaCha20Poly1305_finish_obj, m STATIC mp_obj_t mod_trezorcrypto_ChaCha20Poly1305___del__(mp_obj_t self) { mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(chacha20poly1305_ctx)); + explicit_bzero(&(o->ctx), sizeof(chacha20poly1305_ctx)); o->alen = 0; o->plen = 0; return mp_const_none; diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h index e626ee4854..4c551fa3db 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h @@ -111,8 +111,8 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Pbkdf2_key_obj, mod_trezorcryp STATIC mp_obj_t mod_trezorcrypto_Pbkdf2___del__(mp_obj_t self) { mp_obj_Pbkdf2_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx256), 0, sizeof(PBKDF2_HMAC_SHA256_CTX)); - memset(&(o->ctx512), 0, sizeof(PBKDF2_HMAC_SHA512_CTX)); + explicit_bzero(&(o->ctx256), sizeof(PBKDF2_HMAC_SHA256_CTX)); + explicit_bzero(&(o->ctx512), sizeof(PBKDF2_HMAC_SHA512_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Pbkdf2___del___obj, mod_trezorcrypto_Pbkdf2___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h index 5dd22956aa..5b54aca730 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h @@ -68,7 +68,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Ripemd160_digest_obj, mod_trez STATIC mp_obj_t mod_trezorcrypto_Ripemd160___del__(mp_obj_t self) { mp_obj_Ripemd160_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(RIPEMD160_CTX)); + explicit_bzero(&(o->ctx), sizeof(RIPEMD160_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Ripemd160___del___obj, mod_trezorcrypto_Ripemd160___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h index b6dd24614c..49f51285c8 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h @@ -68,7 +68,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha1_digest_obj, mod_trezorcry STATIC mp_obj_t mod_trezorcrypto_Sha1___del__(mp_obj_t self) { mp_obj_Sha1_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(SHA1_CTX)); + explicit_bzero(&(o->ctx), sizeof(SHA1_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha1___del___obj, mod_trezorcrypto_Sha1___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h index a7bb8a86bd..da26a63a98 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h @@ -68,7 +68,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha256_digest_obj, mod_trezorc STATIC mp_obj_t mod_trezorcrypto_Sha256___del__(mp_obj_t self) { mp_obj_Sha256_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(SHA256_CTX)); + explicit_bzero(&(o->ctx), sizeof(SHA256_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha256___del___obj, mod_trezorcrypto_Sha256___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h index f5815d99c6..92d92a7e29 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h @@ -72,7 +72,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_Sha3_256_digest_obj, STATIC mp_obj_t mod_trezorcrypto_Sha3_256___del__(mp_obj_t self) { mp_obj_Sha3_256_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(SHA3_CTX)); + explicit_bzero(&(o->ctx), sizeof(SHA3_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_256___del___obj, mod_trezorcrypto_Sha3_256___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h index 5e720f591b..a0f366964e 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h @@ -72,7 +72,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_Sha3_512_digest_obj, STATIC mp_obj_t mod_trezorcrypto_Sha3_512___del__(mp_obj_t self) { mp_obj_Sha3_512_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(SHA3_CTX)); + explicit_bzero(&(o->ctx), sizeof(SHA3_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_512___del___obj, mod_trezorcrypto_Sha3_512___del__); diff --git a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h index 1098a4185c..27ea40cd61 100644 --- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h +++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h @@ -67,7 +67,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha512_digest_obj, mod_trezorc STATIC mp_obj_t mod_trezorcrypto_Sha512___del__(mp_obj_t self) { mp_obj_Sha512_t *o = MP_OBJ_TO_PTR(self); - memset(&(o->ctx), 0, sizeof(SHA512_CTX)); + explicit_bzero(&(o->ctx), sizeof(SHA512_CTX)); return mp_const_none; } STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha512___del___obj, mod_trezorcrypto_Sha512___del__); diff --git a/vendor/trezor-crypto b/vendor/trezor-crypto index 0d8a3beeaf..b7f73ee3ff 160000 --- a/vendor/trezor-crypto +++ b/vendor/trezor-crypto @@ -1 +1 @@ -Subproject commit 0d8a3beeaf22af837f558a5b5e9ae98cdd47a767 +Subproject commit b7f73ee3ff78e09c266a30dbc31407558d471615