taescbc: more sensible behavior for invalid input, wrong password - plan9port - [fork] Plan 9 from user space (HTM) git clone git://src.adamsgaard.dk/plan9port (DIR) Log (DIR) Files (DIR) Refs (DIR) README (DIR) LICENSE --- (DIR) commit 35625b3f1a128fb03a457d8e511e2c74addf5660 (DIR) parent 5bc64a9422e798b202f04c6b6e6d41a09b73c19a (HTM) Author: Russ Cox <rsc@swtch.com> Date: Mon, 22 Feb 2010 17:02:26 -0800 aescbc: more sensible behavior for invalid input, wrong password R=rsc http://codereview.appspot.com/221041 Diffstat: M src/cmd/auth/secstore/aescbc.c | 68 ++++++++++++++++--------------- 1 file changed, 35 insertions(+), 33 deletions(-) --- (DIR) diff --git a/src/cmd/auth/secstore/aescbc.c b/src/cmd/auth/secstore/aescbc.c t@@ -40,6 +40,21 @@ saferead(uchar *buf, int n) exits("read error"); } +uchar *copy; +int ncopy; + +void +safecopy(uchar *buf, int n) +{ + copy = realloc(copy, ncopy+n); + if(copy == nil) { + fprint(2, "out of memory\n"); + exits("memory"); + } + memmove(copy+ncopy, buf, n); + ncopy += n; +} + int main(int argc, char **argv) { t@@ -116,40 +131,27 @@ main(int argc, char **argv) safewrite(buf, SHA1dlen); }else{ /* decrypt */ saferead(buf, AESbsize); - if(memcmp(buf, v2hdr, AESbsize) == 0){ - saferead(buf, 2*AESbsize); /* read IV and random initial plaintext */ - setupAESstate(&aes, key, nkey, buf); - dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0); - aesCBCdecrypt(buf+AESbsize, AESbsize, &aes); - saferead(buf, SHA1dlen); - while((n = Bread(&bin, buf+SHA1dlen, BUF)) > 0){ - dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate); - aesCBCdecrypt(buf, n, &aes); - safewrite(buf, n); - memmove(buf, buf+n, SHA1dlen); /* these bytes are not yet decrypted */ - } - hmac_sha1(0, 0, key2, MD5dlen, buf+SHA1dlen, dstate); - if(memcmp(buf, buf+SHA1dlen, SHA1dlen) != 0){ - fprint(2,"decrypted file failed to authenticate\n"); - exits("decrypted file failed to authenticate"); - } - }else{ /* compatibility with past mistake */ - /* if file was encrypted with bad aescbc use this: */ - /* memset(key, 0, AESmaxkey); */ - /* else assume we're decrypting secstore files */ - setupAESstate(&aes, key, AESbsize, buf); - saferead(buf, CHK); - aesCBCdecrypt(buf, CHK, &aes); - while((n = Bread(&bin, buf+CHK, BUF)) > 0){ - aesCBCdecrypt(buf+CHK, n, &aes); - safewrite(buf, n); - memmove(buf, buf+n, CHK); - } - if(memcmp(buf, "XXXXXXXXXXXXXXXX", CHK) != 0){ - fprint(2,"decrypted file failed to authenticate\n"); - exits("decrypted file failed to authenticate"); - } + if(memcmp(buf, v2hdr, AESbsize) != 0){ + fprint(2, "not an aescbc file\n"); + exits("aescbc file"); + } + saferead(buf, 2*AESbsize); /* read IV and random initial plaintext */ + setupAESstate(&aes, key, nkey, buf); + dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0); + aesCBCdecrypt(buf+AESbsize, AESbsize, &aes); + saferead(buf, SHA1dlen); + while((n = Bread(&bin, buf+SHA1dlen, BUF)) > 0){ + dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate); + aesCBCdecrypt(buf, n, &aes); + safecopy(buf, n); + memmove(buf, buf+n, SHA1dlen); /* these bytes are not yet decrypted */ + } + hmac_sha1(0, 0, key2, MD5dlen, buf+SHA1dlen, dstate); + if(memcmp(buf, buf+SHA1dlen, SHA1dlen) != 0){ + fprint(2,"decrypted file failed to authenticate\n"); + exits("decrypted file failed to authenticate"); } + safewrite(copy, ncopy); } exits(""); return 1; /* gcc */