use explicit_bzero where possible; update trezor-crypto

2024-11-22 07:28:10 +00:00 · 2018-01-16 20:44:03 +01:00 · 2018-01-16 20:44:03 +01:00 · ea116d742a
commit ea116d742a
parent 1357ba7202
14 changed files with 20 additions and 19 deletions
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-aes.h
@ -145,7 +145,8 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_trezorcrypto_AES_update_obj, mod_trezorcryp

 STATIC mp_obj_t mod_trezorcrypto_AES___del__(mp_obj_t self) {
    mp_obj_AES_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(aes_encrypt_ctx));
+    explicit_bzero(&(o->ctx), sizeof(aes_encrypt_ctx));
+    explicit_bzero(o->iv, AES_BLOCK_SIZE);
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_AES___del___obj, mod_trezorcrypto_AES___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-bip32.h
@ -93,17 +93,17 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_make_new(const mp_obj_type_t *type, size
    if (NULL != chain_code.buf && 32 == chain_code.len) {
        memcpy(o->hdnode.chain_code, chain_code.buf, 32);
    } else {
-        memset(o->hdnode.chain_code, 0, 32);
+        explicit_bzero(o->hdnode.chain_code, 32);
    }
    if (NULL != private_key.buf && 32 == private_key.len) {
        memcpy(o->hdnode.private_key, private_key.buf, 32);
    } else {
-        memset(o->hdnode.private_key, 0, 32);
+        explicit_bzero(o->hdnode.private_key, 32);
    }
    if (NULL != public_key.buf && 33 == public_key.len) {
        memcpy(o->hdnode.public_key, public_key.buf, 33);
    } else {
-        memset(o->hdnode.public_key, 0, 33);
+        explicit_bzero(o->hdnode.public_key, 33);
    }
    o->hdnode.curve = curve;

@ -120,7 +120,7 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_derive(mp_obj_t self, mp_obj_t index) {
    uint32_t fp = hdnode_fingerprint(&o->hdnode);

    if (!hdnode_private_ckd(&o->hdnode, i)) {
-        memset(&o->hdnode, 0, sizeof(o->hdnode));
+        explicit_bzero(&o->hdnode, sizeof(o->hdnode));
        mp_raise_ValueError("Failed to derive");
    }
    o->fingerprint = fp;
@ -157,7 +157,7 @@ STATIC mp_obj_t mod_trezorcrypto_HDNode_derive_path(mp_obj_t self, mp_obj_t path
    if (!hdnode_private_ckd_cached(&o->hdnode, pints, plen, &o->fingerprint)) {
        // derivation failed, reset the state and raise
        o->fingerprint = 0;
-        memset(&o->hdnode, 0, sizeof(o->hdnode));
+        explicit_bzero(&o->hdnode, sizeof(o->hdnode));
        mp_raise_ValueError("Failed to derive path");
    }

--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake256.h
@ -68,7 +68,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake256_digest_obj, mod_trezo

 STATIC mp_obj_t mod_trezorcrypto_Blake256___del__(mp_obj_t self) {
    mp_obj_Blake256_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(BLAKE256_CTX));
+    explicit_bzero(&(o->ctx), sizeof(BLAKE256_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake256___del___obj, mod_trezorcrypto_Blake256___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2b.h
@ -75,7 +75,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2b_digest_obj, mod_trezor

 STATIC mp_obj_t mod_trezorcrypto_Blake2b___del__(mp_obj_t self) {
    mp_obj_Blake2b_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(BLAKE2B_CTX));
+    explicit_bzero(&(o->ctx), sizeof(BLAKE2B_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2b___del___obj, mod_trezorcrypto_Blake2b___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-blake2s.h
@ -75,7 +75,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2s_digest_obj, mod_trezor

 STATIC mp_obj_t mod_trezorcrypto_Blake2s___del__(mp_obj_t self) {
    mp_obj_Blake2s_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(BLAKE2S_CTX));
+    explicit_bzero(&(o->ctx), sizeof(BLAKE2S_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Blake2s___del___obj, mod_trezorcrypto_Blake2s___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-chacha20poly1305.h
@ -105,7 +105,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_ChaCha20Poly1305_finish_obj, m

 STATIC mp_obj_t mod_trezorcrypto_ChaCha20Poly1305___del__(mp_obj_t self) {
    mp_obj_ChaCha20Poly1305_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(chacha20poly1305_ctx));
+    explicit_bzero(&(o->ctx), sizeof(chacha20poly1305_ctx));
    o->alen = 0;
    o->plen = 0;
    return mp_const_none;
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-pbkdf2.h
@ -111,8 +111,8 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Pbkdf2_key_obj, mod_trezorcryp

 STATIC mp_obj_t mod_trezorcrypto_Pbkdf2___del__(mp_obj_t self) {
    mp_obj_Pbkdf2_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx256), 0, sizeof(PBKDF2_HMAC_SHA256_CTX));
-    memset(&(o->ctx512), 0, sizeof(PBKDF2_HMAC_SHA512_CTX));
+    explicit_bzero(&(o->ctx256), sizeof(PBKDF2_HMAC_SHA256_CTX));
+    explicit_bzero(&(o->ctx512), sizeof(PBKDF2_HMAC_SHA512_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Pbkdf2___del___obj, mod_trezorcrypto_Pbkdf2___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-ripemd160.h
@ -68,7 +68,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Ripemd160_digest_obj, mod_trez

 STATIC mp_obj_t mod_trezorcrypto_Ripemd160___del__(mp_obj_t self) {
    mp_obj_Ripemd160_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(RIPEMD160_CTX));
+    explicit_bzero(&(o->ctx), sizeof(RIPEMD160_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Ripemd160___del___obj, mod_trezorcrypto_Ripemd160___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha1.h
@ -68,7 +68,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha1_digest_obj, mod_trezorcry

 STATIC mp_obj_t mod_trezorcrypto_Sha1___del__(mp_obj_t self) {
    mp_obj_Sha1_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(SHA1_CTX));
+    explicit_bzero(&(o->ctx), sizeof(SHA1_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha1___del___obj, mod_trezorcrypto_Sha1___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha256.h
@ -68,7 +68,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha256_digest_obj, mod_trezorc

 STATIC mp_obj_t mod_trezorcrypto_Sha256___del__(mp_obj_t self) {
    mp_obj_Sha256_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(SHA256_CTX));
+    explicit_bzero(&(o->ctx), sizeof(SHA256_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha256___del___obj, mod_trezorcrypto_Sha256___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-256.h
@ -72,7 +72,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_Sha3_256_digest_obj,

 STATIC mp_obj_t mod_trezorcrypto_Sha3_256___del__(mp_obj_t self) {
    mp_obj_Sha3_256_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(SHA3_CTX));
+    explicit_bzero(&(o->ctx), sizeof(SHA3_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_256___del___obj, mod_trezorcrypto_Sha3_256___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha3-512.h
@ -72,7 +72,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorcrypto_Sha3_512_digest_obj,

 STATIC mp_obj_t mod_trezorcrypto_Sha3_512___del__(mp_obj_t self) {
    mp_obj_Sha3_512_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(SHA3_CTX));
+    explicit_bzero(&(o->ctx), sizeof(SHA3_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha3_512___del___obj, mod_trezorcrypto_Sha3_512___del__);
--- a/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h
+++ b/embed/extmod/modtrezorcrypto/modtrezorcrypto-sha512.h
@ -67,7 +67,7 @@ STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha512_digest_obj, mod_trezorc

 STATIC mp_obj_t mod_trezorcrypto_Sha512___del__(mp_obj_t self) {
    mp_obj_Sha512_t *o = MP_OBJ_TO_PTR(self);
-    memset(&(o->ctx), 0, sizeof(SHA512_CTX));
+    explicit_bzero(&(o->ctx), sizeof(SHA512_CTX));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_trezorcrypto_Sha512___del___obj, mod_trezorcrypto_Sha512___del__);
--- a/vendor/trezor-crypto
+++ b/vendor/trezor-crypto
@ -1 +1 @@
-Subproject commit 0d8a3beeaf22af837f558a5b5e9ae98cdd47a767
+Subproject commit b7f73ee3ff78e09c266a30dbc31407558d471615