taescbc: more sensible behavior for invalid input, wrong password - plan9port - [fork] Plan 9 from user space
(HTM) git clone git://src.adamsgaard.dk/plan9port
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
(DIR) commit 35625b3f1a128fb03a457d8e511e2c74addf5660
(DIR) parent 5bc64a9422e798b202f04c6b6e6d41a09b73c19a
(HTM) Author: Russ Cox <rsc@swtch.com>
Date: Mon, 22 Feb 2010 17:02:26 -0800
aescbc: more sensible behavior for invalid input, wrong password
R=rsc
http://codereview.appspot.com/221041
Diffstat:
M src/cmd/auth/secstore/aescbc.c | 68 ++++++++++++++++---------------
1 file changed, 35 insertions(+), 33 deletions(-)
---
(DIR) diff --git a/src/cmd/auth/secstore/aescbc.c b/src/cmd/auth/secstore/aescbc.c
t@@ -40,6 +40,21 @@ saferead(uchar *buf, int n)
exits("read error");
}
+uchar *copy;
+int ncopy;
+
+void
+safecopy(uchar *buf, int n)
+{
+ copy = realloc(copy, ncopy+n);
+ if(copy == nil) {
+ fprint(2, "out of memory\n");
+ exits("memory");
+ }
+ memmove(copy+ncopy, buf, n);
+ ncopy += n;
+}
+
int
main(int argc, char **argv)
{
t@@ -116,40 +131,27 @@ main(int argc, char **argv)
safewrite(buf, SHA1dlen);
}else{ /* decrypt */
saferead(buf, AESbsize);
- if(memcmp(buf, v2hdr, AESbsize) == 0){
- saferead(buf, 2*AESbsize); /* read IV and random initial plaintext */
- setupAESstate(&aes, key, nkey, buf);
- dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
- aesCBCdecrypt(buf+AESbsize, AESbsize, &aes);
- saferead(buf, SHA1dlen);
- while((n = Bread(&bin, buf+SHA1dlen, BUF)) > 0){
- dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate);
- aesCBCdecrypt(buf, n, &aes);
- safewrite(buf, n);
- memmove(buf, buf+n, SHA1dlen); /* these bytes are not yet decrypted */
- }
- hmac_sha1(0, 0, key2, MD5dlen, buf+SHA1dlen, dstate);
- if(memcmp(buf, buf+SHA1dlen, SHA1dlen) != 0){
- fprint(2,"decrypted file failed to authenticate\n");
- exits("decrypted file failed to authenticate");
- }
- }else{ /* compatibility with past mistake */
- /* if file was encrypted with bad aescbc use this: */
- /* memset(key, 0, AESmaxkey); */
- /* else assume we're decrypting secstore files */
- setupAESstate(&aes, key, AESbsize, buf);
- saferead(buf, CHK);
- aesCBCdecrypt(buf, CHK, &aes);
- while((n = Bread(&bin, buf+CHK, BUF)) > 0){
- aesCBCdecrypt(buf+CHK, n, &aes);
- safewrite(buf, n);
- memmove(buf, buf+n, CHK);
- }
- if(memcmp(buf, "XXXXXXXXXXXXXXXX", CHK) != 0){
- fprint(2,"decrypted file failed to authenticate\n");
- exits("decrypted file failed to authenticate");
- }
+ if(memcmp(buf, v2hdr, AESbsize) != 0){
+ fprint(2, "not an aescbc file\n");
+ exits("aescbc file");
+ }
+ saferead(buf, 2*AESbsize); /* read IV and random initial plaintext */
+ setupAESstate(&aes, key, nkey, buf);
+ dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
+ aesCBCdecrypt(buf+AESbsize, AESbsize, &aes);
+ saferead(buf, SHA1dlen);
+ while((n = Bread(&bin, buf+SHA1dlen, BUF)) > 0){
+ dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate);
+ aesCBCdecrypt(buf, n, &aes);
+ safecopy(buf, n);
+ memmove(buf, buf+n, SHA1dlen); /* these bytes are not yet decrypted */
+ }
+ hmac_sha1(0, 0, key2, MD5dlen, buf+SHA1dlen, dstate);
+ if(memcmp(buf, buf+SHA1dlen, SHA1dlen) != 0){
+ fprint(2,"decrypted file failed to authenticate\n");
+ exits("decrypted file failed to authenticate");
}
+ safewrite(copy, ncopy);
}
exits("");
return 1; /* gcc */