mirror of
https://github.com/genodelabs/genode.git
synced 2024-12-30 10:38:55 +00:00
vfs/cbe_trust_anchor: use hash of passphrase
Instead of using the user passphrase directly, use its SHA256 hash calculated using libcrypto. The passphrase hash is still stored in the key file to be used as base for the very primitive way of generating the private key. Ref #4032
This commit is contained in:
parent
989b7f39e1
commit
75a55b62a3
@ -1,5 +1,11 @@
|
||||
OPENSSL_DIR = $(call select_from_ports,openssl)
|
||||
|
||||
SRC_CC = vfs.cc
|
||||
|
||||
INC_DIR += $(OPENSSL_DIR)/include
|
||||
|
||||
LIBS += libcrypto
|
||||
|
||||
vpath % $(REP_DIR)/src/lib/vfs/cbe_trust_anchor
|
||||
|
||||
SHARED_LIB := yes
|
||||
|
@ -18,6 +18,9 @@
|
||||
#include <util/arg_string.h>
|
||||
#include <util/xml_generator.h>
|
||||
|
||||
/* OpenSSL includes */
|
||||
#include <openssl/sha.h>
|
||||
|
||||
/* CBE includes */
|
||||
#include <cbe/vfs/io_job.h>
|
||||
|
||||
@ -216,10 +219,10 @@ class Trust_anchor
|
||||
break;
|
||||
}
|
||||
|
||||
if (_key_io_job_buffer.size == _passphrase_buffer.size &&
|
||||
if (_key_io_job_buffer.size == _passphrase_hash_buffer.size &&
|
||||
Genode::memcmp(_key_io_job_buffer.base,
|
||||
_passphrase_buffer.base,
|
||||
_passphrase_buffer.size) == 0) {
|
||||
_passphrase_hash_buffer.base,
|
||||
_passphrase_hash_buffer.size) == 0) {
|
||||
|
||||
Genode::memset(_private_key.value, 0xa5,
|
||||
sizeof (_private_key.value));
|
||||
@ -482,7 +485,7 @@ class Trust_anchor
|
||||
|
||||
struct Key_io_job_buffer : Util::Io_job::Buffer
|
||||
{
|
||||
char buffer[64] { };
|
||||
char buffer[SHA256_DIGEST_LENGTH] { };
|
||||
|
||||
Key_io_job_buffer()
|
||||
{
|
||||
@ -492,7 +495,7 @@ class Trust_anchor
|
||||
};
|
||||
|
||||
Key_io_job_buffer _key_io_job_buffer { };
|
||||
Key_io_job_buffer _passphrase_buffer { };
|
||||
Key_io_job_buffer _passphrase_hash_buffer { };
|
||||
|
||||
bool _check_key_file(Path const &path)
|
||||
{
|
||||
@ -848,15 +851,10 @@ class Trust_anchor
|
||||
if (_state != State::UNINITIALIZED) {
|
||||
return false;
|
||||
}
|
||||
SHA256((unsigned char const *)src, len,
|
||||
(unsigned char *)_key_io_job_buffer.base);
|
||||
|
||||
if (len > _key_io_job_buffer.size) {
|
||||
len = _key_io_job_buffer.size;
|
||||
}
|
||||
|
||||
_key_io_job_buffer.size = len;
|
||||
|
||||
Genode::memcpy(_key_io_job_buffer.buffer, src,
|
||||
_key_io_job_buffer.size);
|
||||
_key_io_job_buffer.size = SHA256_DIGEST_LENGTH;
|
||||
|
||||
_job = Job::INIT;
|
||||
_job_state = Job_state::PENDING;
|
||||
@ -893,14 +891,10 @@ class Trust_anchor
|
||||
return true;
|
||||
}
|
||||
|
||||
if (len > sizeof(_passphrase_buffer.buffer)) {
|
||||
len = sizeof(_passphrase_buffer.buffer);
|
||||
}
|
||||
SHA256((unsigned char const *)src, len,
|
||||
(unsigned char *)_passphrase_hash_buffer.base);
|
||||
|
||||
_passphrase_buffer.size = len;
|
||||
|
||||
Genode::memcpy(_passphrase_buffer.buffer, src,
|
||||
_passphrase_buffer.size);
|
||||
_passphrase_hash_buffer.size = SHA256_DIGEST_LENGTH;
|
||||
|
||||
_job = Job::UNLOCK;
|
||||
_job_state = Job_state::PENDING;
|
||||
|
Loading…
Reference in New Issue
Block a user