From f7b0cc7a64b4d2df64c666cdc9740a1aceb7aa9d Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Mon, 1 Jan 2018 21:14:39 +0100
Subject: factotum: replace custom hex parsing code with dec16() avoding timing
 side channels

---
 sys/src/cmd/auth/factotum/p9sk1.c  | 31 ++-----------------------------
 sys/src/cmd/auth/factotum/wpapsk.c | 28 +++-------------------------
 2 files changed, 5 insertions(+), 54 deletions(-)

(limited to 'sys/src/cmd/auth')

diff --git a/sys/src/cmd/auth/factotum/p9sk1.c b/sys/src/cmd/auth/factotum/p9sk1.c
index c0abb37cf..dd231b951 100644
--- a/sys/src/cmd/auth/factotum/p9sk1.c
+++ b/sys/src/cmd/auth/factotum/p9sk1.c
@@ -506,33 +506,6 @@ p9skclose(Fsstate *fss)
 	free(s);
 }
 
-static int
-unhex(char c)
-{
-	if('0' <= c && c <= '9')
-		return c-'0';
-	if('a' <= c && c <= 'f')
-		return c-'a'+10;
-	if('A' <= c && c <= 'F')
-		return c-'A'+10;
-	abort();
-	return -1;
-}
-
-static int
-hexparse(char *hex, uchar *dat, int ndat)
-{
-	int i;
-
-	if(strlen(hex) != 2*ndat)
-		return -1;
-	if(hex[strspn(hex, "0123456789abcdefABCDEF")] != '\0')
-		return -1;
-	for(i=0; i<ndat; i++)
-		dat[i] = (unhex(hex[2*i])<<4)|unhex(hex[2*i+1]);
-	return 0;
-}
-
 static int
 p9skaddkey(Key *k, int before)
 {
@@ -547,13 +520,13 @@ p9skaddkey(Key *k, int before)
 	akey = emalloc(sizeof(Authkey));
 	if(s = _strfindattr(k->privattr, "!hex")){
 		if(k->proto == &dp9ik){
-			if(hexparse(s, akey->aes, AESKEYLEN) < 0){
+			if(dec16(akey->aes, AESKEYLEN, s, strlen(s)) != AESKEYLEN){
 				free(akey);
 				werrstr("malformed key data");
 				return -1;
 			}
 		} else {
-			if(hexparse(s, (uchar*)akey->des, DESKEYLEN) < 0){
+			if(dec16((uchar*)akey->des, DESKEYLEN, s, strlen(s)) != DESKEYLEN){
 				free(akey);
 				werrstr("malformed key data");
 				return -1;
diff --git a/sys/src/cmd/auth/factotum/wpapsk.c b/sys/src/cmd/auth/factotum/wpapsk.c
index 42e72f08a..ee8dd805d 100644
--- a/sys/src/cmd/auth/factotum/wpapsk.c
+++ b/sys/src/cmd/auth/factotum/wpapsk.c
@@ -35,35 +35,13 @@ struct State
 	uchar	resp[PTKlen];
 };
 
-static int
-hextob(char *s, char **sp, uchar *b, int n)
-{
-	int r;
-
-	n <<= 1;
-	for(r = 0; r < n && *s; s++){
-		*b <<= 4;
-		if(*s >= '0' && *s <= '9')
-			*b |= (*s - '0');
-		else if(*s >= 'a' && *s <= 'f')
-			*b |= 10+(*s - 'a');
-		else if(*s >= 'A' && *s <= 'F')
-			*b |= 10+(*s - 'A');
-		else break;
-		if((++r & 1) == 0)
-			b++;
-	}
-	if(sp != nil)
-		*sp = s;
-	return r >> 1;
-}
-
 static void
 pass2pmk(char *pass, char *ssid, uchar pmk[PMKlen])
 {
-	if(hextob(pass, nil, pmk, PMKlen) == PMKlen)
+	int npass = strlen(pass);
+	if(npass == 2*PMKlen && dec16(pmk, PMKlen, pass, npass) == PMKlen)
 		return;
-	pbkdf2_x((uchar*)pass, strlen(pass), (uchar*)ssid, strlen(ssid), 4096, pmk, PMKlen, hmac_sha1, SHA1dlen);
+	pbkdf2_x((uchar*)pass, npass, (uchar*)ssid, strlen(ssid), 4096, pmk, PMKlen, hmac_sha1, SHA1dlen);
 }
 
 static void
-- 
cgit v1.2.3