factotum: replace custom hex parsing code with dec16() avoding timing side channels
This commit is contained in:
cinap_lenrek
parent
5cf5f6e9ac
commit
f7b0cc7a64
2 changed files with 5 additions and 54 deletions
|
|
@ -506,33 +506,6 @@ p9skclose(Fsstate *fss)
|
|||
free(s);
|
||||
}
|
||||
|
||||
static int
|
||||
unhex(char c)
|
||||
{
|
||||
if('0' <= c && c <= '9')
|
||||
return c-'0';
|
||||
if('a' <= c && c <= 'f')
|
||||
return c-'a'+10;
|
||||
if('A' <= c && c <= 'F')
|
||||
return c-'A'+10;
|
||||
abort();
|
||||
return -1;
|
||||
}
|
||||
|
||||
static int
|
||||
hexparse(char *hex, uchar *dat, int ndat)
|
||||
{
|
||||
int i;
|
||||
|
||||
if(strlen(hex) != 2*ndat)
|
||||
return -1;
|
||||
if(hex[strspn(hex, "0123456789abcdefABCDEF")] != '\0')
|
||||
return -1;
|
||||
for(i=0; i<ndat; i++)
|
||||
dat[i] = (unhex(hex[2*i])<<4)|unhex(hex[2*i+1]);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
p9skaddkey(Key *k, int before)
|
||||
{
|
||||
|
|
@ -547,13 +520,13 @@ p9skaddkey(Key *k, int before)
|
|||
akey = emalloc(sizeof(Authkey));
|
||||
if(s = _strfindattr(k->privattr, "!hex")){
|
||||
if(k->proto == &dp9ik){
|
||||
if(hexparse(s, akey->aes, AESKEYLEN) < 0){
|
||||
if(dec16(akey->aes, AESKEYLEN, s, strlen(s)) != AESKEYLEN){
|
||||
free(akey);
|
||||
werrstr("malformed key data");
|
||||
return -1;
|
||||
}
|
||||
} else {
|
||||
if(hexparse(s, (uchar*)akey->des, DESKEYLEN) < 0){
|
||||
if(dec16((uchar*)akey->des, DESKEYLEN, s, strlen(s)) != DESKEYLEN){
|
||||
free(akey);
|
||||
werrstr("malformed key data");
|
||||
return -1;
|
||||
|
|
|
|||
|
|
@ -35,35 +35,13 @@ struct State
|
|||
uchar resp[PTKlen];
|
||||
};
|
||||
|
||||
static int
|
||||
hextob(char *s, char **sp, uchar *b, int n)
|
||||
{
|
||||
int r;
|
||||
|
||||
n <<= 1;
|
||||
for(r = 0; r < n && *s; s++){
|
||||
*b <<= 4;
|
||||
if(*s >= '0' && *s <= '9')
|
||||
*b |= (*s - '0');
|
||||
else if(*s >= 'a' && *s <= 'f')
|
||||
*b |= 10+(*s - 'a');
|
||||
else if(*s >= 'A' && *s <= 'F')
|
||||
*b |= 10+(*s - 'A');
|
||||
else break;
|
||||
if((++r & 1) == 0)
|
||||
b++;
|
||||
}
|
||||
if(sp != nil)
|
||||
*sp = s;
|
||||
return r >> 1;
|
||||
}
|
||||
|
||||
static void
|
||||
pass2pmk(char *pass, char *ssid, uchar pmk[PMKlen])
|
||||
{
|
||||
if(hextob(pass, nil, pmk, PMKlen) == PMKlen)
|
||||
int npass = strlen(pass);
|
||||
if(npass == 2*PMKlen && dec16(pmk, PMKlen, pass, npass) == PMKlen)
|
||||
return;
|
||||
pbkdf2_x((uchar*)pass, strlen(pass), (uchar*)ssid, strlen(ssid), 4096, pmk, PMKlen, hmac_sha1, SHA1dlen);
|
||||
pbkdf2_x((uchar*)pass, npass, (uchar*)ssid, strlen(ssid), 4096, pmk, PMKlen, hmac_sha1, SHA1dlen);
|
||||
}
|
||||
|
||||
static void
|
||||
|
|
|
|||
Loading…
Reference in a new issue