File: sec_review.txt

package info (click to toggle)
canlock 3.2.2-1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 2,944 kB
  • sloc: sh: 4,561; ansic: 4,308; yacc: 643; lex: 226; makefile: 94
file content (62 lines) | stat: -rw-r--r-- 1,336 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
Security review for libcanlock 3.0.0pre27
=========================================
(2018-01-05 by Michael Baeuerle)

This review should identify places where libcanlock will copy the secret from
the caller to different memory locations. These places (marked "Lx" below) are
candidates for calling "cl_clear_secret()" internally.

Note:
A patch to overwrite locations Lx after use is included in version 3.0.0rc1.

Note2:
Since version 3.2.2 the internal API hmac* was renamed to RFC2104Hmac*.


canlock.c
=========

sha_lock() -> cl_get_lock()
                |
 sha_key() -----+-> cl_get_key() -> hmac()


hmac.c
======

hmac() -+-> hmacReset() -+-> USHAInput() -> tcontext        ; Location L2
        |                |
        |                +----------------> k_ipad[]        ; Location L3
        |
        +----------------------------------> context        ; Location L1


usha.c
======

USHAInput() -> SHA<xxx>Input()  ; With "xxx" as listed below


sha1.c
======

SHA1Input() -> SHA1ProcessMessageBlock() -> W[]             ; Location L4


sha224-256.c
============

SHA224Input() -+
               |
SHA256Input() -+-> SHA224_256ProcessMessageBlock() -> W[]   ; Location L5


sha384-512.c
============

SHA384Input() -+
               |
SHA512Input() -+-> SHA384_512ProcessMessageBlock() -> W[]   ; Location L6a/L6b


EOF