Merge pull request #4 from fixbitnote/master

CRITICAL: Fix to the Uninitialized Data Access Bug in the Updated Cryptonight Dark Algorithm
xcn-project · Mar 6, 2018 · 91fdf28 · 91fdf28
2 parents b689dba + db6fa2e
commit 91fdf28
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 5 deletions.
diff --git a/src/crypto/slow-hash.c b/src/crypto/slow-hash.c
@@ -69,6 +69,8 @@
 #define AES_KEY_SIZE    32
 #define INIT_SIZE_BLK   8
 #define INIT_SIZE_BYTE (INIT_SIZE_BLK * AES_BLOCK_SIZE)
+#define TOTALBLOCKS (MEMORY / AES_BLOCK_SIZE)
+#define state_index(x,div) (((*((uint64_t *)x) >> 4) & (TOTALBLOCKS /(div) - 1)) << 4)
 
 #define U64(x) ((uint64_t *) (x))
 #define R128(x) ((__m128i *) (x))
@@ -234,11 +236,10 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int dark)
 
     for(i = 0; i < ITER / 2; i++)
     {
-				#define TOTALBLOCKS (MEMORY / AES_BLOCK_SIZE)
-				#define state_index(x) (((*((uint64_t *)x) >> 4) & (TOTALBLOCKS - 1)) << 4)
+
 
         // Iteration 1
-        p = &long_state[state_index(a)];
+        p = &long_state[state_index(a, (dark?4:1))];
 
         if(useAes)
             _mm_storeu_si128(R128(p), _mm_aesenc_si128(_mm_loadu_si128(R128(p)), _mm_loadu_si128(R128(a))));
@@ -250,7 +251,7 @@ void cn_slow_hash(const void *data, size_t length, char *hash, int dark)
         swap_blocks(a, b);
 
         // Iteration 2
-        p = &long_state[state_index(a)];
+        p = &long_state[state_index(a, (dark?4:1))];
 
         mul(a, p, d);
         sum_half_blocks(b, d);

diff --git a/tests/hash/tests-slow1m.txt b/tests/hash/tests-slow1m.txt
@@ -0,0 +1,5 @@
+98c48cda9ab5d26ef2717e7375f665fc18b703aac6c059bb814685f21946647f 63617665617420656d70746f72
+04d2b27b1595ddaa6286aa2e2933f7ae9d7f41ceaf94fb3cf16e46a926f0e1ba 6465206f6d6e69627573206475626974616e64756d
+1d6fcfc843cee5070b140f72278082c89e57fb2d9f050fd04b380702672e77ab 6162756e64616e732063617574656c61206e6f6e206e6f636574
+98c48cda9ab5d26ef2717e7375f665fc18b703aac6c059bb814685f21946647f 63617665617420656d70746f72
+63711b8f6ba33da18059d5ab808df6138f6492e1b9565042bd018dbeeac45afa 6578206e6968696c6f206e6968696c20666974
diff --git a/tests/hash/tests-slow.txt → tests/hash/tests-slow2m.txt b/tests/hash/tests-slow.txt → tests/hash/tests-slow2m.txt
@@ -1,3 +1,4 @@
+bbec2cacf69866a8e740380fe7b818fc78f8571221742d729d9d02d7f8989b87 63617665617420656d70746f72
 2f8e3df40bd11f9ac90c743ca8e32bb391da4fb98612aa3b6cdc639ee00b31f5 6465206f6d6e69627573206475626974616e64756d
 722fa8ccd594d40e4a41f3822734304c8d5eff7e1b528408e2229da38ba553c4 6162756e64616e732063617574656c61206e6f6e206e6f636574
 bbec2cacf69866a8e740380fe7b818fc78f8571221742d729d9d02d7f8989b87 63617665617420656d70746f72

diff --git a/tests/performance_tests/cn_slow_hash.h b/tests/performance_tests/cn_slow_hash.h
@@ -54,17 +54,25 @@ class test_cn_slow_hash
     if (!epee::string_tools::hex_to_pod("bbec2cacf69866a8e740380fe7b818fc78f8571221742d729d9d02d7f8989b87", m_expected_hash))
       return false;
 
+    if (!epee::string_tools::hex_to_pod("98c48cda9ab5d26ef2717e7375f665fc18b703aac6c059bb814685f21946647f", m_expected_hash_dark))
+      return false;
+
+
     return true;
   }
 
   bool test()
   {
     crypto::hash hash;
+    crypto::hash hash_dark;
+
     crypto::cn_slow_hash(&m_data, sizeof(m_data), hash, 0);
-    return hash == m_expected_hash;
+    crypto::cn_slow_hash(&m_data, sizeof(m_data), hash_dark, 1);
+    return (hash == m_expected_hash) && (hash_dark == m_expected_hash_dark);
   }
 
 private:
   data_t m_data;
   crypto::hash m_expected_hash;
+  crypto::hash m_expected_hash_dark;
 };