mirror/rpcs3
1
0
Fork 0
mirror of https://github.com/RPCS3/rpcs3.git synced 2025-03-29 22:20:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

crypto light refactoring.

Browse Source 
using volatile f/p guaranting assembly will generate call* instruction on memset for secure buffer zeroing. usage in sha1 api as well.
This commit is contained in:
David Carlier 2021-04-18 19:33:38 +01:00 committed by Ivan
parent c646476ca8
commit 1f93fc902b
5 changed files with 13 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
rpcs3/Crypto/md5.cpp
View File

@ -27,19 +27,12 @@
*/ */
#include "md5.h" #include "md5.h"
#include "utils.h"
#include <string.h> #include <string.h>
#if !defined(MBEDTLS_MD5_ALT) #if !defined(MBEDTLS_MD5_ALT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize(void* v, size_t n)
{
auto p = const_cast<volatile char*>(static_cast<char*>(v));
while (n--)
*p++ = 0;
}
/* /*
* 32-bit integer manipulation macros (little endian) * 32-bit integer manipulation macros (little endian)
*/ */

5
rpcs3/Crypto/sha1.cpp
View File

@ -29,6 +29,7 @@
*/ */
#include "sha1.h" #include "sha1.h"
#include "utils.h"
/* /*
* 32-bit integer manipulation macros (big endian) * 32-bit integer manipulation macros (big endian)
@ -313,7 +314,7 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] )
sha1_update( &ctx, input, ilen ); sha1_update( &ctx, input, ilen );
sha1_finish( &ctx, output ); sha1_finish( &ctx, output );
memset( &ctx, 0, sizeof( sha1_context ) ); mbedtls_zeroize( &ctx, sizeof( sha1_context ) );
} }
/* /*
@ -343,7 +344,7 @@ void sha1_hmac_starts( sha1_context *ctx, const unsigned char *key, size_t keyle
sha1_starts( ctx ); sha1_starts( ctx );
sha1_update( ctx, ctx->ipad, 64 ); sha1_update( ctx, ctx->ipad, 64 );
memset( sum, 0, sizeof( sum ) ); mbedtls_zeroize( sum, sizeof( sum ) );
} }
/* /*

11
rpcs3/Crypto/sha256.cpp
View File

@ -27,6 +27,7 @@
*/ */
#include "sha256.h" #include "sha256.h"
#include "utils.h"
#include <string.h> #include <string.h>
@ -70,14 +71,6 @@ do { \
} while( 0 ) } while( 0 )
#endif #endif
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize_sha256(void* v, size_t n)
{
auto p = const_cast<volatile char*>(static_cast<char*>(v));
while (n--)
*p++ = 0;
}
void mbedtls_sha256_init( mbedtls_sha256_context *ctx ) void mbedtls_sha256_init( mbedtls_sha256_context *ctx )
{ {
SHA256_VALIDATE( ctx != NULL ); SHA256_VALIDATE( ctx != NULL );
@ -90,7 +83,7 @@ void mbedtls_sha256_free( mbedtls_sha256_context *ctx )
if( ctx == NULL ) if( ctx == NULL )
return; return;
mbedtls_zeroize_sha256(ctx, sizeof(mbedtls_sha256_context)); mbedtls_zeroize(ctx, sizeof(mbedtls_sha256_context));
} }
void mbedtls_sha256_clone( mbedtls_sha256_context *dst, void mbedtls_sha256_clone( mbedtls_sha256_context *dst,

6
rpcs3/Crypto/utils.cpp
View File

@ -136,3 +136,9 @@ char* extract_file_name(const char* file_path, char real_file_name[CRYPTO_MAX_PA
strcpy_trunc(r, v); strcpy_trunc(r, v);
return real_file_name; return real_file_name;
} }
void mbedtls_zeroize(void *v, size_t n)
{
static void *(*const volatile unop_memset)(void *, int, size_t) = &memset;
(void)unop_memset(v, 0, n);
}

1
rpcs3/Crypto/utils.h
View File

@ -52,3 +52,4 @@ bool hmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int i
void hmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash); void hmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash, int hash_len); bool cmac_hash_compare(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash, int hash_len);
void cmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash); void cmac_hash_forge(unsigned char *key, int key_len, unsigned char *in, int in_len, unsigned char *hash);
void mbedtls_zeroize(void *v, size_t n);