From 710de03cadb477ab27389f391058309ba5284c93 Mon Sep 17 00:00:00 2001 From: Charles-Edouard de la Vergne Date: Wed, 13 Mar 2024 12:08:46 +0100 Subject: [PATCH] Replace memset by explicit_bzero --- src/gpg_challenge.c | 2 +- src/gpg_data.c | 4 ++-- src/gpg_gen.c | 2 +- src/gpg_init.c | 4 ++-- src/gpg_io.c | 2 +- src/gpg_ux_nanos.c | 14 +++++++------- src/gpg_ux_nanox.c | 8 ++++---- src/gpg_ux_nbgl.c | 22 +++++++++++----------- 8 files changed, 29 insertions(+), 29 deletions(-) diff --git a/src/gpg_challenge.c b/src/gpg_challenge.c index a8327ee..4ad0889 100644 --- a/src/gpg_challenge.c +++ b/src/gpg_challenge.c @@ -43,7 +43,7 @@ int gpg_apdu_get_challenge() { unsigned int path[2]; unsigned char chain[32] = {0}; - memset(chain, 0, 32); + explicit_bzero(chain, 32); path[0] = 0x80475047; path[1] = 0x0F0F0F0F; CX_CHECK(os_derive_bip32_no_throw(CX_CURVE_SECP256K1, path, 2, Sr, chain)); diff --git a/src/gpg_data.c b/src/gpg_data.c index 6b24683..d795f2c 100644 --- a/src/gpg_data.c +++ b/src/gpg_data.c @@ -460,9 +460,9 @@ int gpg_apdu_put_data(unsigned int ref) { p = G_gpg_vstate.work.io_buffer + G_gpg_vstate.io_offset; q = p + len_p; memmove(pq + ksz - len_p, p, len_p); - memset(pq, 0, ksz - len_p); + explicit_bzero(pq, ksz - len_p); memmove(pq + 2 * ksz - len_q, q, len_q); - memset(pq + ksz, 0, ksz - len_q); + explicit_bzero(pq + ksz, ksz - len_q); // regenerate RSA private key unsigned char _e[4]; diff --git a/src/gpg_gen.c b/src/gpg_gen.c index 9c85e3f..052d3e1 100644 --- a/src/gpg_gen.c +++ b/src/gpg_gen.c @@ -27,7 +27,7 @@ int gpg_pso_derive_slot_seed(int slot, unsigned char *seed) { unsigned char chain[32]; cx_err_t error = CX_INTERNAL_ERROR; - memset(chain, 0, 32); + explicit_bzero(chain, 32); path[0] = 0x80475047; path[1] = slot + 1; CX_CHECK(os_derive_bip32_no_throw(CX_CURVE_SECP256K1, path, 2, seed, chain)); diff --git a/src/gpg_init.c b/src/gpg_init.c index 45b3482..9bc1949 100644 --- a/src/gpg_init.c +++ b/src/gpg_init.c @@ -345,12 +345,12 @@ const unsigned char C_sha256_PW2[] = { /* ----------------------------------------------------------------------- */ void gpg_init() { - memset(&G_gpg_vstate, 0, sizeof(gpg_v_state_t)); + explicit_bzero(&G_gpg_vstate, sizeof(gpg_v_state_t)); // first init ? if (memcmp((void *) (N_gpg_pstate->magic), (void *) C_MAGIC, sizeof(C_MAGIC)) != 0) { gpg_install(STATE_ACTIVATE); nvm_write((void *) (N_gpg_pstate->magic), (void *) C_MAGIC, sizeof(C_MAGIC)); - memset(&G_gpg_vstate, 0, sizeof(gpg_v_state_t)); + explicit_bzero(&G_gpg_vstate, sizeof(gpg_v_state_t)); } // key conf diff --git a/src/gpg_io.c b/src/gpg_io.c index 0d08fee..5ec85ee 100644 --- a/src/gpg_io.c +++ b/src/gpg_io.c @@ -64,7 +64,7 @@ void gpg_io_discard(int clear) { } void gpg_io_clear() { - memset(G_gpg_vstate.work.io_buffer, 0, GPG_IO_BUFFER_LENGTH); + explicit_bzero(G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH); } /* ----------------------------------------------------------------------- */ diff --git a/src/gpg_ux_nanos.c b/src/gpg_ux_nanos.c index a03cde8..1dfd081 100644 --- a/src/gpg_ux_nanos.c +++ b/src/gpg_ux_nanos.c @@ -40,13 +40,13 @@ unsigned int ui_pinentry_action_button(unsigned int button_mask, unsigned int bu /* ------------------------------- Helpers UX ------------------------------- */ void ui_info(const char *msg1, const char *msg2, const void *menu_display, unsigned int value) { - memset(&G_gpg_vstate.ui_dogsays[0], 0, sizeof(ux_menu_entry_t)); + explicit_bzero(&G_gpg_vstate.ui_dogsays[0], sizeof(ux_menu_entry_t)); G_gpg_vstate.ui_dogsays[0].callback = menu_display; G_gpg_vstate.ui_dogsays[0].userid = value; G_gpg_vstate.ui_dogsays[0].line1 = msg1; G_gpg_vstate.ui_dogsays[0].line2 = msg2; - memset(&G_gpg_vstate.ui_dogsays[1], 0, sizeof(ux_menu_entry_t)); + explicit_bzero(&G_gpg_vstate.ui_dogsays[1], sizeof(ux_menu_entry_t)); UX_MENU_DISPLAY(0, G_gpg_vstate.ui_dogsays, NULL); }; @@ -101,7 +101,7 @@ void ui_menu_uifconfirm_display(unsigned int value) { } unsigned int ui_uifconfirm_predisplay(const bagl_element_t *element) { - memset(G_gpg_vstate.menu, 0, sizeof(G_gpg_vstate.menu)); + explicit_bzero(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu)); switch (element->component.userid) { case 1: @@ -370,7 +370,7 @@ unsigned int ui_pinentry_predisplay(const bagl_element_t *element) { void ui_menu_pinentry_display(unsigned int value) { if (value == 0) { - memset(G_gpg_vstate.ux_pinentry, 0, sizeof(G_gpg_vstate.ux_pinentry)); + explicit_bzero(G_gpg_vstate.ux_pinentry, sizeof(G_gpg_vstate.ux_pinentry)); G_gpg_vstate.ux_pinLen = 0; G_gpg_vstate.ux_pinentry[0] = 5; } @@ -600,7 +600,7 @@ void ui_menu_tmpl_set_action(unsigned int value) { const unsigned char *oid; unsigned int oid_len; - memset(&attributes, 0, sizeof(attributes)); + explicit_bzero(&attributes, sizeof(attributes)); switch (G_gpg_vstate.ux_type) { case 2048: case 3072: @@ -999,7 +999,7 @@ const ux_menu_entry_t ui_menu_main[] = { const bagl_element_t *ui_menu_main_predisplay(const ux_menu_entry_t *entry, bagl_element_t *element) { if (entry == &ui_menu_main[0]) { - memset(G_gpg_vstate.menu, 0, sizeof(G_gpg_vstate.menu)); + explicit_bzero(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu)); if (element->component.userid == 0x21) { memmove(G_gpg_vstate.menu, (void *) (N_gpg_pstate->name.value), 12); if (G_gpg_vstate.menu[0] == 0) { @@ -1014,7 +1014,7 @@ const bagl_element_t *ui_menu_main_predisplay(const ux_menu_entry_t *entry, } if (element->component.userid == 0x22) { unsigned int serial = U4BE(G_gpg_vstate.kslot->serial, 0); - memset(G_gpg_vstate.menu, 0, sizeof(G_gpg_vstate.menu)); + explicit_bzero(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu)); snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), "ID: %x", serial); } if (G_gpg_vstate.menu[0] != 0) { diff --git a/src/gpg_ux_nanox.c b/src/gpg_ux_nanox.c index 9cfb6be..97e14bd 100644 --- a/src/gpg_ux_nanox.c +++ b/src/gpg_ux_nanox.c @@ -303,7 +303,7 @@ unsigned int ui_pinentry_predisplay(const bagl_element_t *element) { void ui_menu_pinentry_display(unsigned int value) { if (value == 0) { - memset(G_gpg_vstate.ux_pinentry, 0, sizeof(G_gpg_vstate.ux_pinentry)); + explicit_bzero(G_gpg_vstate.ux_pinentry, sizeof(G_gpg_vstate.ux_pinentry)); G_gpg_vstate.ux_pinLen = 0; G_gpg_vstate.ux_pinentry[0] = 5; } @@ -595,7 +595,7 @@ void ui_menu_tmpl_set_action(unsigned int value) { const unsigned char *oid = NULL; unsigned int oid_len; - memset(&attributes, 0, sizeof(attributes)); + explicit_bzero(&attributes, sizeof(attributes)); switch (G_gpg_vstate.ux_type) { case 2048: case 3072: @@ -1205,7 +1205,7 @@ UX_FLOW(ux_flow_main, &ux_menu_main_5_step); void ui_menu_main_predisplay() { - memset(G_gpg_vstate.ux_buff1, 0, sizeof(G_gpg_vstate.ux_buff1)); + explicit_bzero(G_gpg_vstate.ux_buff1, sizeof(G_gpg_vstate.ux_buff1)); memmove(G_gpg_vstate.ux_buff1, (void *) (N_gpg_pstate->name.value), 20); if (G_gpg_vstate.ux_buff1[0] == 0) { memmove(G_gpg_vstate.ux_buff1, "", 9); @@ -1218,7 +1218,7 @@ void ui_menu_main_predisplay() { } unsigned int serial = U4BE(G_gpg_vstate.kslot->serial, 0); - memset(G_gpg_vstate.ux_buff2, 0, sizeof(G_gpg_vstate.ux_buff2)); + explicit_bzero(G_gpg_vstate.ux_buff2, sizeof(G_gpg_vstate.ux_buff2)); snprintf(G_gpg_vstate.ux_buff2, sizeof(G_gpg_vstate.ux_buff2), "ID: %x / %d", diff --git a/src/gpg_ux_nbgl.c b/src/gpg_ux_nbgl.c index b118995..371025c 100644 --- a/src/gpg_ux_nbgl.c +++ b/src/gpg_ux_nbgl.c @@ -67,7 +67,7 @@ static void ui_setting_header(const char* title, layoutDescription.modal = false; layoutCtx = nbgl_layoutGet(&layoutDescription); - memset(&bar, 0, sizeof(nbgl_layoutBar_t)); + explicit_bzero(&bar, sizeof(nbgl_layoutBar_t)); bar.text = PIC(title); bar.iconLeft = &C_leftArrow32px; bar.token = back_token; @@ -92,7 +92,7 @@ void ui_init(void) { char name[32]; unsigned int serial = U4BE(G_gpg_vstate.kslot->serial, 0); - memset(name, 0, sizeof(name)); + explicit_bzero(name, sizeof(name)); memmove(name, (void*) (N_gpg_pstate->name.value), 20); if (name[0] != 0) { for (int i = 0; i < 12; i++) { @@ -101,7 +101,7 @@ void ui_init(void) { } } } - memset(G_gpg_vstate.menu, 0, sizeof(G_gpg_vstate.menu)); + explicit_bzero(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu)); snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), "%s\nID: %x / %d", @@ -286,7 +286,7 @@ static void template_key_cb(int token, uint8_t index) { uint8_t key_type = index + FIRST_USER_TOKEN; if (token != TOKEN_TYPE_BACK) { - memset(&attributes, 0, sizeof(attributes)); + explicit_bzero(&attributes, sizeof(attributes)); switch (key_type) { case TOKEN_TYPE_RSA2048: case TOKEN_TYPE_RSA3072: @@ -396,7 +396,7 @@ static void ui_settings_template(void) { ui_setting_header("Keys templates", TOKEN_TEMPLATE_BACK, template_cb); for (i = 0; i < KEY_NB; i++) { - memset(&bar, 0, sizeof(nbgl_layoutBar_t)); + explicit_bzero(&bar, sizeof(nbgl_layoutBar_t)); switch (_getKeyType(TOKEN_TEMPLATE_SIG + i)) { case TOKEN_TYPE_RSA2048: bar.subText = PIC(LABEL_RSA2048); @@ -637,7 +637,7 @@ static void ui_settings_uif(void) { ui_setting_header("User Interaction Flags", TOKEN_UIF_BACK, uif_cb); if (G_gpg_vstate.kslot->sig.UIF[0] != 2) { - memset(&option, 0, sizeof(nbgl_layoutSwitch_t)); + explicit_bzero(&option, sizeof(nbgl_layoutSwitch_t)); option.initState = G_gpg_vstate.kslot->sig.UIF[0]; option.text = "UIF for Signature"; option.token = TOKEN_UIF_SIG; @@ -647,7 +647,7 @@ static void ui_settings_uif(void) { } if (G_gpg_vstate.kslot->dec.UIF[0] != 2) { - memset(&option, 0, sizeof(nbgl_layoutSwitch_t)); + explicit_bzero(&option, sizeof(nbgl_layoutSwitch_t)); option.initState = G_gpg_vstate.kslot->dec.UIF[0]; option.text = "UIF for Decryption"; option.token = TOKEN_UIF_DEC; @@ -657,7 +657,7 @@ static void ui_settings_uif(void) { } if (G_gpg_vstate.kslot->aut.UIF[0] != 2) { - memset(&option, 0, sizeof(nbgl_layoutSwitch_t)); + explicit_bzero(&option, sizeof(nbgl_layoutSwitch_t)); option.initState = G_gpg_vstate.kslot->aut.UIF[0]; option.text = "UIF for Authentication"; option.token = TOKEN_UIF_AUT; @@ -690,7 +690,7 @@ enum { static bool reset_nav_cb(uint8_t page, nbgl_pageContent_t* content) { UNUSED(page); - memset(content, 0, sizeof(nbgl_pageContent_t)); + explicit_bzero(content, sizeof(nbgl_pageContent_t)); content->type = INFO_LONG_PRESS; content->infoLongPress.text = "Reset the app to factory default?\nThis will delete ALL the keys!!!"; @@ -745,7 +745,7 @@ static bool settings_nav_cb(uint8_t page, nbgl_pageContent_t* content) { TOKEN_SETTINGS_PIN, TOKEN_SETTINGS_UIF, TOKEN_SETTINGS_RESET}; - memset(content, 0, sizeof(nbgl_pageContent_t)); + explicit_bzero(content, sizeof(nbgl_pageContent_t)); switch (page) { case SETTINGS_PAGE_INFO: content->type = INFOS_LIST; @@ -940,7 +940,7 @@ void ui_menu_pinentry_display(unsigned int value) { char line[10]; // Init the page title - memset(G_gpg_vstate.line, 0, sizeof(G_gpg_vstate.line)); + explicit_bzero(G_gpg_vstate.line, sizeof(G_gpg_vstate.line)); if (G_gpg_vstate.io_ins == INS_CHANGE_REFERENCE_DATA) { switch (value) { case 0: