aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Schanzenbach <schanzen@gnunet.org>2024-06-17 13:19:56 +0200
committerMartin Schanzenbach <schanzen@gnunet.org>2024-06-17 13:19:56 +0200
commit604b2d10b0ea0d83de8431e0eb3f60211368d572 (patch)
treefd20ffb404b1b688f9025e4c6b5bebddfa5c91b1
parentf065f7819563e37959d23b27758101fe4e505cf9 (diff)
downloadgnunet-604b2d10b0ea0d83de8431e0eb3f60211368d572.tar.gz
gnunet-604b2d10b0ea0d83de8431e0eb3f60211368d572.zip
transport(tcp): update hkdf usage
-rw-r--r--src/service/transport/gnunet-communicator-tcp.c64
1 files changed, 34 insertions, 30 deletions
diff --git a/src/service/transport/gnunet-communicator-tcp.c b/src/service/transport/gnunet-communicator-tcp.c
index a29dad6e3..ac59b1368 100644
--- a/src/service/transport/gnunet-communicator-tcp.c
+++ b/src/service/transport/gnunet-communicator-tcp.c
@@ -1221,45 +1221,49 @@ setup_cipher (const struct GNUNET_HashCode *dh,
1221{ 1221{
1222 char key[256 / 8]; 1222 char key[256 / 8];
1223 char ctr[128 / 8]; 1223 char ctr[128 / 8];
1224 char ikm[sizeof (*pid) + sizeof (*dh)];
1225 struct GNUNET_ShortHashCode prk;
1224 1226
1225 GNUNET_assert (0 == gcry_cipher_open (cipher, 1227 GNUNET_assert (0 == gcry_cipher_open (cipher,
1226 GCRY_CIPHER_AES256 /* low level: go for speed */ 1228 GCRY_CIPHER_AES256 /* low level: go for speed */
1227 , 1229 ,
1228 GCRY_CIPHER_MODE_CTR, 1230 GCRY_CIPHER_MODE_CTR,
1229 0 /* flags */)); 1231 0 /* flags */));
1230 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (key, 1232 memcpy (ikm, pid, sizeof (*pid));
1231 sizeof(key), 1233 memcpy (ikm + sizeof (*pid), dh, sizeof (*dh));
1232 "TCP-key", 1234 GNUNET_assert (GNUNET_CRYPTO_hkdf_extract (&prk,
1233 strlen ("TCP-key"), 1235 NULL, 0,
1234 dh, 1236 ikm, sizeof (ikm)));
1235 sizeof(*dh), 1237 GNUNET_assert (GNUNET_YES ==
1236 pid, 1238 GNUNET_CRYPTO_hkdf_expand (key,
1237 sizeof(*pid), 1239 sizeof(key),
1238 NULL, 1240 &prk,
1239 0)); 1241 "gnunet-communicator-tcp-key",
1242 strlen (
1243 "gnunet-communicator-tcp-key"),
1244 pid,
1245 sizeof(*pid),
1246 NULL,
1247 0));
1240 GNUNET_assert (0 == gcry_cipher_setkey (*cipher, key, sizeof(key))); 1248 GNUNET_assert (0 == gcry_cipher_setkey (*cipher, key, sizeof(key)));
1241 GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (ctr, 1249 GNUNET_assert (GNUNET_YES ==
1242 sizeof(ctr), 1250 GNUNET_CRYPTO_hkdf_expand (ctr,
1243 "TCP-ctr", 1251 sizeof(ctr),
1244 strlen ("TCP-ctr"), 1252 &prk,
1245 dh, 1253 "gnunet-communicator-tcp-ctr",
1246 sizeof(*dh), 1254 strlen (
1247 pid, 1255 "gnunet-communicator-tcp-ctr"),
1248 sizeof(*pid), 1256 NULL,
1249 NULL, 1257 0));
1250 0));
1251 gcry_cipher_setctr (*cipher, ctr, sizeof(ctr)); 1258 gcry_cipher_setctr (*cipher, ctr, sizeof(ctr));
1252 GNUNET_assert (GNUNET_YES == 1259 GNUNET_assert (GNUNET_YES ==
1253 GNUNET_CRYPTO_kdf (hmac_key, 1260 GNUNET_CRYPTO_hkdf_expand (hmac_key,
1254 sizeof(struct GNUNET_HashCode), 1261 sizeof(struct GNUNET_HashCode),
1255 "TCP-hmac", 1262 &prk,
1256 strlen ("TCP-hmac"), 1263 "gnunet-communicator-hmac",
1257 dh, 1264 strlen ("gnunet-communicator-hmac"),
1258 sizeof(*dh), 1265 NULL,
1259 pid, 1266 0));
1260 sizeof(*pid),
1261 NULL,
1262 0));
1263} 1267}
1264 1268
1265 1269