cirno/plan9port
1
0
Fork 0
mirror of https://github.com/9fans/plan9port.git synced 2025-01-12 11:10:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

aescbc: more sensible behavior for invalid input, wrong password

Browse source 
R=rsc
http://codereview.appspot.com/221041
This commit is contained in:
Russ Cox 2010-02-22 17:02:26 -08:00
parent 5bc64a9422
commit 35625b3f1a
1 changed files with 35 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
src/cmd/auth/secstore/aescbc.c
View file

@ -40,6 +40,21 @@ saferead(uchar *buf, int n)
exits("read error"); exits("read error");
} }
uchar *copy;
int ncopy;
void
safecopy(uchar *buf, int n)
{
copy = realloc(copy, ncopy+n);
if(copy == nil) {
fprint(2, "out of memory\n");
exits("memory");
}
memmove(copy+ncopy, buf, n);
ncopy += n;
}
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
@ -116,7 +131,10 @@ main(int argc, char **argv)
safewrite(buf, SHA1dlen); safewrite(buf, SHA1dlen);
}else{ /* decrypt */ }else{ /* decrypt */
saferead(buf, AESbsize); saferead(buf, AESbsize);
if(memcmp(buf, v2hdr, AESbsize) == 0){ if(memcmp(buf, v2hdr, AESbsize) != 0){
fprint(2, "not an aescbc file\n");
exits("aescbc file");
}
saferead(buf, 2*AESbsize); /* read IV and random initial plaintext */ saferead(buf, 2*AESbsize); /* read IV and random initial plaintext */
setupAESstate(&aes, key, nkey, buf); setupAESstate(&aes, key, nkey, buf);
dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0); dstate = hmac_sha1(buf+AESbsize, AESbsize, key2, MD5dlen, 0, 0);
@ -125,7 +143,7 @@ main(int argc, char **argv)
while((n = Bread(&bin, buf+SHA1dlen, BUF)) > 0){ while((n = Bread(&bin, buf+SHA1dlen, BUF)) > 0){
dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate); dstate = hmac_sha1(buf, n, key2, MD5dlen, 0, dstate);
aesCBCdecrypt(buf, n, &aes); aesCBCdecrypt(buf, n, &aes);
safewrite(buf, n); safecopy(buf, n);
memmove(buf, buf+n, SHA1dlen); /* these bytes are not yet decrypted */ memmove(buf, buf+n, SHA1dlen); /* these bytes are not yet decrypted */
} }
hmac_sha1(0, 0, key2, MD5dlen, buf+SHA1dlen, dstate); hmac_sha1(0, 0, key2, MD5dlen, buf+SHA1dlen, dstate);
@ -133,23 +151,7 @@ main(int argc, char **argv)
fprint(2,"decrypted file failed to authenticate\n"); fprint(2,"decrypted file failed to authenticate\n");
exits("decrypted file failed to authenticate"); exits("decrypted file failed to authenticate");
} }
}else{ /* compatibility with past mistake */ safewrite(copy, ncopy);
/* if file was encrypted with bad aescbc use this: */
/* memset(key, 0, AESmaxkey); */
/* else assume we're decrypting secstore files */
setupAESstate(&aes, key, AESbsize, buf);
saferead(buf, CHK);
aesCBCdecrypt(buf, CHK, &aes);
while((n = Bread(&bin, buf+CHK, BUF)) > 0){
aesCBCdecrypt(buf+CHK, n, &aes);
safewrite(buf, n);
memmove(buf, buf+n, CHK);
}
if(memcmp(buf, "XXXXXXXXXXXXXXXX", CHK) != 0){
fprint(2,"decrypted file failed to authenticate\n");
exits("decrypted file failed to authenticate");
}
}
} }
exits(""); exits("");
return 1; /* gcc */ return 1; /* gcc */