Archives/openpgp-card-app
2
0
Fork 0
mirror of https://github.com/LedgerHQ/openpgp-card-app synced 2024-11-09 07:10:30 +00:00
Code Issues Projects Releases Wiki Activity

Replace memset by explicit_bzero

Browse Source
This commit is contained in:
Charles-Edouard de la Vergne 2024-03-13 12:08:46 +01:00
parent f3070bb886
commit 710de03cad
No known key found for this signature in database
GPG Key ID: F12296941B7BB9C6
8 changed files with 29 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/gpg_challenge.c
View File

@ -43,7 +43,7 @@ int gpg_apdu_get_challenge() {
unsigned int path[2]; unsigned int path[2];
unsigned char chain[32] = {0}; unsigned char chain[32] = {0};
memset(chain, 0, 32); explicit_bzero(chain, 32);
path[0] = 0x80475047; path[0] = 0x80475047;
path[1] = 0x0F0F0F0F; path[1] = 0x0F0F0F0F;
CX_CHECK(os_derive_bip32_no_throw(CX_CURVE_SECP256K1, path, 2, Sr, chain)); CX_CHECK(os_derive_bip32_no_throw(CX_CURVE_SECP256K1, path, 2, Sr, chain));

4
src/gpg_data.c
View File

@ -460,9 +460,9 @@ int gpg_apdu_put_data(unsigned int ref) {
p = G_gpg_vstate.work.io_buffer + G_gpg_vstate.io_offset; p = G_gpg_vstate.work.io_buffer + G_gpg_vstate.io_offset;
q = p + len_p; q = p + len_p;
memmove(pq + ksz - len_p, p, len_p); memmove(pq + ksz - len_p, p, len_p);
memset(pq, 0, ksz - len_p); explicit_bzero(pq, ksz - len_p);
memmove(pq + 2 * ksz - len_q, q, len_q); memmove(pq + 2 * ksz - len_q, q, len_q);
memset(pq + ksz, 0, ksz - len_q); explicit_bzero(pq + ksz, ksz - len_q);
// regenerate RSA private key // regenerate RSA private key
unsigned char _e[4]; unsigned char _e[4];

2
src/gpg_gen.c
View File

@ -27,7 +27,7 @@ int gpg_pso_derive_slot_seed(int slot, unsigned char *seed) {
unsigned char chain[32]; unsigned char chain[32];
cx_err_t error = CX_INTERNAL_ERROR; cx_err_t error = CX_INTERNAL_ERROR;
memset(chain, 0, 32); explicit_bzero(chain, 32);
path[0] = 0x80475047; path[0] = 0x80475047;
path[1] = slot + 1; path[1] = slot + 1;
CX_CHECK(os_derive_bip32_no_throw(CX_CURVE_SECP256K1, path, 2, seed, chain)); CX_CHECK(os_derive_bip32_no_throw(CX_CURVE_SECP256K1, path, 2, seed, chain));

4
src/gpg_init.c
View File

@ -345,12 +345,12 @@ const unsigned char C_sha256_PW2[] = {
/* ----------------------------------------------------------------------- */ /* ----------------------------------------------------------------------- */
void gpg_init() { void gpg_init() {
memset(&G_gpg_vstate, 0, sizeof(gpg_v_state_t)); explicit_bzero(&G_gpg_vstate, sizeof(gpg_v_state_t));
// first init ? // first init ?
if (memcmp((void *) (N_gpg_pstate->magic), (void *) C_MAGIC, sizeof(C_MAGIC)) != 0) { if (memcmp((void *) (N_gpg_pstate->magic), (void *) C_MAGIC, sizeof(C_MAGIC)) != 0) {
gpg_install(STATE_ACTIVATE); gpg_install(STATE_ACTIVATE);
nvm_write((void *) (N_gpg_pstate->magic), (void *) C_MAGIC, sizeof(C_MAGIC)); nvm_write((void *) (N_gpg_pstate->magic), (void *) C_MAGIC, sizeof(C_MAGIC));
memset(&G_gpg_vstate, 0, sizeof(gpg_v_state_t)); explicit_bzero(&G_gpg_vstate, sizeof(gpg_v_state_t));
} }
// key conf // key conf

2
src/gpg_io.c
View File

@ -64,7 +64,7 @@ void gpg_io_discard(int clear) {
} }
void gpg_io_clear() { void gpg_io_clear() {
memset(G_gpg_vstate.work.io_buffer, 0, GPG_IO_BUFFER_LENGTH); explicit_bzero(G_gpg_vstate.work.io_buffer, GPG_IO_BUFFER_LENGTH);
} }
/* ----------------------------------------------------------------------- */ /* ----------------------------------------------------------------------- */

14
src/gpg_ux_nanos.c
View File

@ -40,13 +40,13 @@ unsigned int ui_pinentry_action_button(unsigned int button_mask, unsigned int bu
/* ------------------------------- Helpers UX ------------------------------- */ /* ------------------------------- Helpers UX ------------------------------- */
void ui_info(const char *msg1, const char *msg2, const void *menu_display, unsigned int value) { void ui_info(const char *msg1, const char *msg2, const void *menu_display, unsigned int value) {
memset(&G_gpg_vstate.ui_dogsays[0], 0, sizeof(ux_menu_entry_t)); explicit_bzero(&G_gpg_vstate.ui_dogsays[0], sizeof(ux_menu_entry_t));
G_gpg_vstate.ui_dogsays[0].callback = menu_display; G_gpg_vstate.ui_dogsays[0].callback = menu_display;
G_gpg_vstate.ui_dogsays[0].userid = value; G_gpg_vstate.ui_dogsays[0].userid = value;
G_gpg_vstate.ui_dogsays[0].line1 = msg1; G_gpg_vstate.ui_dogsays[0].line1 = msg1;
G_gpg_vstate.ui_dogsays[0].line2 = msg2; G_gpg_vstate.ui_dogsays[0].line2 = msg2;
memset(&G_gpg_vstate.ui_dogsays[1], 0, sizeof(ux_menu_entry_t)); explicit_bzero(&G_gpg_vstate.ui_dogsays[1], sizeof(ux_menu_entry_t));
UX_MENU_DISPLAY(0, G_gpg_vstate.ui_dogsays, NULL); UX_MENU_DISPLAY(0, G_gpg_vstate.ui_dogsays, NULL);
}; };
@ -101,7 +101,7 @@ void ui_menu_uifconfirm_display(unsigned int value) {
} }
unsigned int ui_uifconfirm_predisplay(const bagl_element_t *element) { unsigned int ui_uifconfirm_predisplay(const bagl_element_t *element) {
memset(G_gpg_vstate.menu, 0, sizeof(G_gpg_vstate.menu)); explicit_bzero(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu));
switch (element->component.userid) { switch (element->component.userid) {
case 1: case 1:
@ -370,7 +370,7 @@ unsigned int ui_pinentry_predisplay(const bagl_element_t *element) {
void ui_menu_pinentry_display(unsigned int value) { void ui_menu_pinentry_display(unsigned int value) {
if (value == 0) { if (value == 0) {
memset(G_gpg_vstate.ux_pinentry, 0, sizeof(G_gpg_vstate.ux_pinentry)); explicit_bzero(G_gpg_vstate.ux_pinentry, sizeof(G_gpg_vstate.ux_pinentry));
G_gpg_vstate.ux_pinLen = 0; G_gpg_vstate.ux_pinLen = 0;
G_gpg_vstate.ux_pinentry[0] = 5; G_gpg_vstate.ux_pinentry[0] = 5;
} }
@ -600,7 +600,7 @@ void ui_menu_tmpl_set_action(unsigned int value) {
const unsigned char *oid; const unsigned char *oid;
unsigned int oid_len; unsigned int oid_len;
memset(&attributes, 0, sizeof(attributes)); explicit_bzero(&attributes, sizeof(attributes));
switch (G_gpg_vstate.ux_type) { switch (G_gpg_vstate.ux_type) {
case 2048: case 2048:
case 3072: case 3072:
@ -999,7 +999,7 @@ const ux_menu_entry_t ui_menu_main[] = {
const bagl_element_t *ui_menu_main_predisplay(const ux_menu_entry_t *entry, const bagl_element_t *ui_menu_main_predisplay(const ux_menu_entry_t *entry,
bagl_element_t *element) { bagl_element_t *element) {
if (entry == &ui_menu_main[0]) { if (entry == &ui_menu_main[0]) {
memset(G_gpg_vstate.menu, 0, sizeof(G_gpg_vstate.menu)); explicit_bzero(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu));
if (element->component.userid == 0x21) { if (element->component.userid == 0x21) {
memmove(G_gpg_vstate.menu, (void *) (N_gpg_pstate->name.value), 12); memmove(G_gpg_vstate.menu, (void *) (N_gpg_pstate->name.value), 12);
if (G_gpg_vstate.menu[0] == 0) { if (G_gpg_vstate.menu[0] == 0) {
@ -1014,7 +1014,7 @@ const bagl_element_t *ui_menu_main_predisplay(const ux_menu_entry_t *entry,
} }
if (element->component.userid == 0x22) { if (element->component.userid == 0x22) {
unsigned int serial = U4BE(G_gpg_vstate.kslot->serial, 0); unsigned int serial = U4BE(G_gpg_vstate.kslot->serial, 0);
memset(G_gpg_vstate.menu, 0, sizeof(G_gpg_vstate.menu)); explicit_bzero(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu));
snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), "ID: %x", serial); snprintf(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu), "ID: %x", serial);
} }
if (G_gpg_vstate.menu[0] != 0) { if (G_gpg_vstate.menu[0] != 0) {

8
src/gpg_ux_nanox.c
View File

@ -303,7 +303,7 @@ unsigned int ui_pinentry_predisplay(const bagl_element_t *element) {
void ui_menu_pinentry_display(unsigned int value) { void ui_menu_pinentry_display(unsigned int value) {
if (value == 0) { if (value == 0) {
memset(G_gpg_vstate.ux_pinentry, 0, sizeof(G_gpg_vstate.ux_pinentry)); explicit_bzero(G_gpg_vstate.ux_pinentry, sizeof(G_gpg_vstate.ux_pinentry));
G_gpg_vstate.ux_pinLen = 0; G_gpg_vstate.ux_pinLen = 0;
G_gpg_vstate.ux_pinentry[0] = 5; G_gpg_vstate.ux_pinentry[0] = 5;
} }
@ -595,7 +595,7 @@ void ui_menu_tmpl_set_action(unsigned int value) {
const unsigned char *oid = NULL; const unsigned char *oid = NULL;
unsigned int oid_len; unsigned int oid_len;
memset(&attributes, 0, sizeof(attributes)); explicit_bzero(&attributes, sizeof(attributes));
switch (G_gpg_vstate.ux_type) { switch (G_gpg_vstate.ux_type) {
case 2048: case 2048:
case 3072: case 3072:
@ -1205,7 +1205,7 @@ UX_FLOW(ux_flow_main,
&ux_menu_main_5_step); &ux_menu_main_5_step);
void ui_menu_main_predisplay() { void ui_menu_main_predisplay() {
memset(G_gpg_vstate.ux_buff1, 0, sizeof(G_gpg_vstate.ux_buff1)); explicit_bzero(G_gpg_vstate.ux_buff1, sizeof(G_gpg_vstate.ux_buff1));
memmove(G_gpg_vstate.ux_buff1, (void *) (N_gpg_pstate->name.value), 20); memmove(G_gpg_vstate.ux_buff1, (void *) (N_gpg_pstate->name.value), 20);
if (G_gpg_vstate.ux_buff1[0] == 0) { if (G_gpg_vstate.ux_buff1[0] == 0) {
memmove(G_gpg_vstate.ux_buff1, "<No Name>", 9); memmove(G_gpg_vstate.ux_buff1, "<No Name>", 9);
@ -1218,7 +1218,7 @@ void ui_menu_main_predisplay() {
} }
unsigned int serial = U4BE(G_gpg_vstate.kslot->serial, 0); unsigned int serial = U4BE(G_gpg_vstate.kslot->serial, 0);
memset(G_gpg_vstate.ux_buff2, 0, sizeof(G_gpg_vstate.ux_buff2)); explicit_bzero(G_gpg_vstate.ux_buff2, sizeof(G_gpg_vstate.ux_buff2));
snprintf(G_gpg_vstate.ux_buff2, snprintf(G_gpg_vstate.ux_buff2,
sizeof(G_gpg_vstate.ux_buff2), sizeof(G_gpg_vstate.ux_buff2),
"ID: %x / %d", "ID: %x / %d",

22
src/gpg_ux_nbgl.c
View File

@ -67,7 +67,7 @@ static void ui_setting_header(const char* title,
layoutDescription.modal = false; layoutDescription.modal = false;
layoutCtx = nbgl_layoutGet(&layoutDescription); layoutCtx = nbgl_layoutGet(&layoutDescription);
memset(&bar, 0, sizeof(nbgl_layoutBar_t)); explicit_bzero(&bar, sizeof(nbgl_layoutBar_t));
bar.text = PIC(title); bar.text = PIC(title);
bar.iconLeft = &C_leftArrow32px; bar.iconLeft = &C_leftArrow32px;
bar.token = back_token; bar.token = back_token;
@ -92,7 +92,7 @@ void ui_init(void) {
char name[32]; char name[32];
unsigned int serial = U4BE(G_gpg_vstate.kslot->serial, 0); unsigned int serial = U4BE(G_gpg_vstate.kslot->serial, 0);
memset(name, 0, sizeof(name)); explicit_bzero(name, sizeof(name));
memmove(name, (void*) (N_gpg_pstate->name.value), 20); memmove(name, (void*) (N_gpg_pstate->name.value), 20);
if (name[0] != 0) { if (name[0] != 0) {
for (int i = 0; i < 12; i++) { for (int i = 0; i < 12; i++) {
@ -101,7 +101,7 @@ void ui_init(void) {
} }
} }
} }
memset(G_gpg_vstate.menu, 0, sizeof(G_gpg_vstate.menu)); explicit_bzero(G_gpg_vstate.menu, sizeof(G_gpg_vstate.menu));
snprintf(G_gpg_vstate.menu, snprintf(G_gpg_vstate.menu,
sizeof(G_gpg_vstate.menu), sizeof(G_gpg_vstate.menu),
"%s\nID: %x / %d", "%s\nID: %x / %d",
@ -286,7 +286,7 @@ static void template_key_cb(int token, uint8_t index) {
uint8_t key_type = index + FIRST_USER_TOKEN; uint8_t key_type = index + FIRST_USER_TOKEN;
if (token != TOKEN_TYPE_BACK) { if (token != TOKEN_TYPE_BACK) {
memset(&attributes, 0, sizeof(attributes)); explicit_bzero(&attributes, sizeof(attributes));
switch (key_type) { switch (key_type) {
case TOKEN_TYPE_RSA2048: case TOKEN_TYPE_RSA2048:
case TOKEN_TYPE_RSA3072: case TOKEN_TYPE_RSA3072:
@ -396,7 +396,7 @@ static void ui_settings_template(void) {
ui_setting_header("Keys templates", TOKEN_TEMPLATE_BACK, template_cb); ui_setting_header("Keys templates", TOKEN_TEMPLATE_BACK, template_cb);
for (i = 0; i < KEY_NB; i++) { for (i = 0; i < KEY_NB; i++) {
memset(&bar, 0, sizeof(nbgl_layoutBar_t)); explicit_bzero(&bar, sizeof(nbgl_layoutBar_t));
switch (_getKeyType(TOKEN_TEMPLATE_SIG + i)) { switch (_getKeyType(TOKEN_TEMPLATE_SIG + i)) {
case TOKEN_TYPE_RSA2048: case TOKEN_TYPE_RSA2048:
bar.subText = PIC(LABEL_RSA2048); bar.subText = PIC(LABEL_RSA2048);
@ -637,7 +637,7 @@ static void ui_settings_uif(void) {
ui_setting_header("User Interaction Flags", TOKEN_UIF_BACK, uif_cb); ui_setting_header("User Interaction Flags", TOKEN_UIF_BACK, uif_cb);
if (G_gpg_vstate.kslot->sig.UIF[0] != 2) { if (G_gpg_vstate.kslot->sig.UIF[0] != 2) {
memset(&option, 0, sizeof(nbgl_layoutSwitch_t)); explicit_bzero(&option, sizeof(nbgl_layoutSwitch_t));
option.initState = G_gpg_vstate.kslot->sig.UIF[0]; option.initState = G_gpg_vstate.kslot->sig.UIF[0];
option.text = "UIF for Signature"; option.text = "UIF for Signature";
option.token = TOKEN_UIF_SIG; option.token = TOKEN_UIF_SIG;
@ -647,7 +647,7 @@ static void ui_settings_uif(void) {
} }
if (G_gpg_vstate.kslot->dec.UIF[0] != 2) { if (G_gpg_vstate.kslot->dec.UIF[0] != 2) {
memset(&option, 0, sizeof(nbgl_layoutSwitch_t)); explicit_bzero(&option, sizeof(nbgl_layoutSwitch_t));
option.initState = G_gpg_vstate.kslot->dec.UIF[0]; option.initState = G_gpg_vstate.kslot->dec.UIF[0];
option.text = "UIF for Decryption"; option.text = "UIF for Decryption";
option.token = TOKEN_UIF_DEC; option.token = TOKEN_UIF_DEC;
@ -657,7 +657,7 @@ static void ui_settings_uif(void) {
} }
if (G_gpg_vstate.kslot->aut.UIF[0] != 2) { if (G_gpg_vstate.kslot->aut.UIF[0] != 2) {
memset(&option, 0, sizeof(nbgl_layoutSwitch_t)); explicit_bzero(&option, sizeof(nbgl_layoutSwitch_t));
option.initState = G_gpg_vstate.kslot->aut.UIF[0]; option.initState = G_gpg_vstate.kslot->aut.UIF[0];
option.text = "UIF for Authentication"; option.text = "UIF for Authentication";
option.token = TOKEN_UIF_AUT; option.token = TOKEN_UIF_AUT;
@ -690,7 +690,7 @@ enum {
static bool reset_nav_cb(uint8_t page, nbgl_pageContent_t* content) { static bool reset_nav_cb(uint8_t page, nbgl_pageContent_t* content) {
UNUSED(page); UNUSED(page);
memset(content, 0, sizeof(nbgl_pageContent_t)); explicit_bzero(content, sizeof(nbgl_pageContent_t));
content->type = INFO_LONG_PRESS; content->type = INFO_LONG_PRESS;
content->infoLongPress.text = content->infoLongPress.text =
"Reset the app to factory default?\nThis will delete ALL the keys!!!"; "Reset the app to factory default?\nThis will delete ALL the keys!!!";
@ -745,7 +745,7 @@ static bool settings_nav_cb(uint8_t page, nbgl_pageContent_t* content) {
TOKEN_SETTINGS_PIN, TOKEN_SETTINGS_PIN,
TOKEN_SETTINGS_UIF, TOKEN_SETTINGS_UIF,
TOKEN_SETTINGS_RESET}; TOKEN_SETTINGS_RESET};
memset(content, 0, sizeof(nbgl_pageContent_t)); explicit_bzero(content, sizeof(nbgl_pageContent_t));
switch (page) { switch (page) {
case SETTINGS_PAGE_INFO: case SETTINGS_PAGE_INFO:
content->type = INFOS_LIST; content->type = INFOS_LIST;
@ -940,7 +940,7 @@ void ui_menu_pinentry_display(unsigned int value) {
char line[10]; char line[10];
// Init the page title // Init the page title
memset(G_gpg_vstate.line, 0, sizeof(G_gpg_vstate.line)); explicit_bzero(G_gpg_vstate.line, sizeof(G_gpg_vstate.line));
if (G_gpg_vstate.io_ins == INS_CHANGE_REFERENCE_DATA) { if (G_gpg_vstate.io_ins == INS_CHANGE_REFERENCE_DATA) {
switch (value) { switch (value) {
case 0: case 0: